Practice Free N10-009 Exam Online Questions
Question #41
Which of the following tools uses ICMP to help determine whether a network host is reachable?
- A . tcpdump
- B . netstat
- C . nslookup
- D . ping
Correct Answer: D
D
Explanation:
Ping sends ICMP Echo Request packets and waits for Echo Replies to verify host reachability and measure round-trip time.
D
Explanation:
Ping sends ICMP Echo Request packets and waits for Echo Replies to verify host reachability and measure round-trip time.
Question #42
A junior network technician at a large company needs to create networks from a Class C address with 14 hosts per subnet.
Which of the following numbers of host bits is required?
- A . One
- B . Two
- C . Three
- D . Four
Correct Answer: D
Question #43
Which of the following network cables involves bounding light off of protective cladding?
- A . Twinaxial
- B . Coaxial
- C . Single-mode
- D . Multimode
Correct Answer: D
D
Explanation:
Multimode fiber optic cables involve the transmission of light signals that bounce off the core’s cladding as they travel down the fiber. This characteristic differentiates it from single-mode fiber, where the light travels directly down the fiber without reflecting off the cladding.
Here are some detailed points about multimode fiber cables:
Construction: Multimode fibers have a larger core diameter, typically 50 or 62.5 microns, compared to single-mode fibers, which have a core diameter of about 9 microns.
Light Propagation: The larger core of multimode fiber allows multiple light modes to propagate.
These modes travel at different angles, leading to reflections off the core-cladding boundary.
Distance and Bandwidth: Due to modal dispersion, where different light modes arrive at the receiver at different times, multimode fibers are suited for shorter distance applications compared to single-mode fibers. Typical distances are up to 550 meters for 10 Gbps Ethernet using OM4 multimode fiber.
Applications: Multimode fibers are commonly used in LANs (Local Area Networks), data centers, and for shorter distance data transmission due to their cost-effectiveness and ease of installation.
Network
Reference: CompTIA Network+ N10-007 Official Certification Guide, which covers fiber optic technologies, including the differences between multimode and single-mode fibers.
Cisco Networking Academy: Provides training materials and reference guides on the properties of
different fiber optic cables.
Fiber Optic Association (FOA): A professional society dedicated to fiber optics, offering extensive information and certification on fiber optic technologies.
Multimode fibers are specifically designed for short-range communication with higher data rates and are typically used in environments like data centers, where high bandwidth over shorter distances is crucial. The reflections off the cladding, inherent to multimode fiber, facilitate this high-capacity communication.
D
Explanation:
Multimode fiber optic cables involve the transmission of light signals that bounce off the core’s cladding as they travel down the fiber. This characteristic differentiates it from single-mode fiber, where the light travels directly down the fiber without reflecting off the cladding.
Here are some detailed points about multimode fiber cables:
Construction: Multimode fibers have a larger core diameter, typically 50 or 62.5 microns, compared to single-mode fibers, which have a core diameter of about 9 microns.
Light Propagation: The larger core of multimode fiber allows multiple light modes to propagate.
These modes travel at different angles, leading to reflections off the core-cladding boundary.
Distance and Bandwidth: Due to modal dispersion, where different light modes arrive at the receiver at different times, multimode fibers are suited for shorter distance applications compared to single-mode fibers. Typical distances are up to 550 meters for 10 Gbps Ethernet using OM4 multimode fiber.
Applications: Multimode fibers are commonly used in LANs (Local Area Networks), data centers, and for shorter distance data transmission due to their cost-effectiveness and ease of installation.
Network
Reference: CompTIA Network+ N10-007 Official Certification Guide, which covers fiber optic technologies, including the differences between multimode and single-mode fibers.
Cisco Networking Academy: Provides training materials and reference guides on the properties of
different fiber optic cables.
Fiber Optic Association (FOA): A professional society dedicated to fiber optics, offering extensive information and certification on fiber optic technologies.
Multimode fibers are specifically designed for short-range communication with higher data rates and are typically used in environments like data centers, where high bandwidth over shorter distances is crucial. The reflections off the cladding, inherent to multimode fiber, facilitate this high-capacity communication.
Question #44
Which of the following is a company most likely enacting if an accountant for the company can only see the financial department’s shared folders?
- A . General Data Protection Regulation
- B . Least privilege network access
- C . Acceptable use policy
- D . End user license agreement
Correct Answer: B
B
Explanation:
Least privilege network access is a principle that restricts users’ access rights to only what is necessary for them to perform their job functions. In this case, the accountant’s access is limited to only the financial department’s shared folders, ensuring that they cannot access other parts of the network unnecessarily. This reduces the risk of unauthorized access and potential data breaches.
Reference: CompTIA Network+ Exam Objectives and official study guides.
B
Explanation:
Least privilege network access is a principle that restricts users’ access rights to only what is necessary for them to perform their job functions. In this case, the accountant’s access is limited to only the financial department’s shared folders, ensuring that they cannot access other parts of the network unnecessarily. This reduces the risk of unauthorized access and potential data breaches.
Reference: CompTIA Network+ Exam Objectives and official study guides.
Question #45
Which of the following is the most secure way to provide site-to-site connectivity?
- A . VXLAN
- B . IKE
- C . GRE
- D . IPsec
Correct Answer: D
D
Explanation:
IPsec (Internet Protocol Security) is the most secure way to provide site-to-site connectivity. It provides robust security services, such as data integrity, authentication, and encryption, ensuring that data sent across the network is protected from interception and tampering. Unlike other options, IPsec operates at the network layer and can secure all traffic that crosses the IP network, making it the most comprehensive and secure choice for site-to-site VPNs.
Reference: CompTIA Network+ study materials and NIST Special Publication 800-77.
D
Explanation:
IPsec (Internet Protocol Security) is the most secure way to provide site-to-site connectivity. It provides robust security services, such as data integrity, authentication, and encryption, ensuring that data sent across the network is protected from interception and tampering. Unlike other options, IPsec operates at the network layer and can secure all traffic that crosses the IP network, making it the most comprehensive and secure choice for site-to-site VPNs.
Reference: CompTIA Network+ study materials and NIST Special Publication 800-77.
Question #46
Which of the following steps in the troubleshooting methodology comes after using a top-to-top buttom examination of the OSI model to determine cause?
- A . Test in the theory
- B . Establish a plan of action
- C . Verify full system functionality
- D . Identify the problem
Correct Answer: B
Question #47
A new SQL server is identified as allowing FTP access to all users.
Which of the following would a systems administrator most likely do to ensure only the required services are allowed?
- A . Disable unused ports on the server.
- B . Change default passwords on all servers.
- C . Delete the NGFW rules that allow all FTP traffic.
- D . Configure server ACLs on the switches that the SQL traffic traverses.
Correct Answer: A
A
Explanation:
If a SQL server is allowing FTP access to all users, the most direct and best practice action is to disable unused services/ports on the server itself. Network+ (N10-009) security objectives emphasize host hardening and the principle of least functionality: only required services should be running and listening. If FTP is not required for the SQL server’s role, stopping and disabling the FTP service (and closing the associated ports on the host firewall) reduces the attack surface regardless of network firewall rules. This approach ensures the server cannot be reached via FTP even if it is placed on a different network segment or if upstream controls are misconfigured later.
Changing default passwords is important, but it does not address the unnecessary exposure of an unneeded service. Deleting NGFW rules that allow all FTP traffic could help at the perimeter, but it may unintentionally break legitimate FTP usage elsewhere and still doesn’t guarantee the server isn’t reachable from internal networks. Switch ACLs along SQL traffic paths are indirect and easy to misapply; they also add operational complexity and may not cover all access paths. The best “only required services are allowed” control is to disable the unused service/ports on the server.
A
Explanation:
If a SQL server is allowing FTP access to all users, the most direct and best practice action is to disable unused services/ports on the server itself. Network+ (N10-009) security objectives emphasize host hardening and the principle of least functionality: only required services should be running and listening. If FTP is not required for the SQL server’s role, stopping and disabling the FTP service (and closing the associated ports on the host firewall) reduces the attack surface regardless of network firewall rules. This approach ensures the server cannot be reached via FTP even if it is placed on a different network segment or if upstream controls are misconfigured later.
Changing default passwords is important, but it does not address the unnecessary exposure of an unneeded service. Deleting NGFW rules that allow all FTP traffic could help at the perimeter, but it may unintentionally break legitimate FTP usage elsewhere and still doesn’t guarantee the server isn’t reachable from internal networks. Switch ACLs along SQL traffic paths are indirect and easy to misapply; they also add operational complexity and may not cover all access paths. The best “only required services are allowed” control is to disable the unused service/ports on the server.
Question #48
After installing a new wireless access point, an engineer tests the device and sees that it is not performing at the rated speeds.
Which of the following should the engineer do to troubleshoot the issue? (Select two.)
- A . Ensure a bottleneck is not coming from other devices on the network.
- B . Install the latest firmware for the device.
- C . Create a new VLAN for the access point.
- D . Make sure the SSID is not longer than 16 characters.
- E . Configure the AP in autonomous mode.
- F . Install a wireless LAN controller.
Correct Answer: A,B
A,B
Explanation:
Troubleshooting poor performance of a newly installed access point involves multiple steps. Checking for network bottlenecks and ensuring the device firmware is up to date are crucial first steps.
The document confirms:
“Network bottlenecks can severely limit the performance of even the fastest wireless access points, so it’s essential to verify that no other devices are causing a slowdown. In addition, keeping firmware updated ensures optimal performance and security.”
A,B
Explanation:
Troubleshooting poor performance of a newly installed access point involves multiple steps. Checking for network bottlenecks and ensuring the device firmware is up to date are crucial first steps.
The document confirms:
“Network bottlenecks can severely limit the performance of even the fastest wireless access points, so it’s essential to verify that no other devices are causing a slowdown. In addition, keeping firmware updated ensures optimal performance and security.”
Question #49
A company’s marketing team created a new application and would like to create a DNS record for newapplication.comptia.org that always resolves to the same address as www.comptia.org.
Which of the following records should the administrator use?
- A . SOA
- B . MX
- C . CNAME
- D . NS
Correct Answer: C
C
Explanation:
A CNAME (Canonical Name) record is used in DNS to alias one domain name to another. This means that newapplication.comptia.org can be made to resolve to the same IP address as www.comptia.org by creating a CNAME record pointing newapplication.comptia.org to www.comptia.org. SOA (Start of Authority) is used for DNS zone information, MX (Mail Exchange) is for mail server records, and NS (Name Server) is for specifying authoritative DNS servers.
Reference: The DNS section of the CompTIA Network+ materials describes the use of CNAME records for creating domain aliases.
C
Explanation:
A CNAME (Canonical Name) record is used in DNS to alias one domain name to another. This means that newapplication.comptia.org can be made to resolve to the same IP address as www.comptia.org by creating a CNAME record pointing newapplication.comptia.org to www.comptia.org. SOA (Start of Authority) is used for DNS zone information, MX (Mail Exchange) is for mail server records, and NS (Name Server) is for specifying authoritative DNS servers.
Reference: The DNS section of the CompTIA Network+ materials describes the use of CNAME records for creating domain aliases.
Question #50
A customer calls the help desk to report that resources are no longer reachable. The resources were available before network changes were made. The technician verifies the report, investigates, and discovers that a new logical layout is segmenting the network using tagging.
Which of the following appliances most likely needs to be reviewed to restore the connections?
- A . Access point
- B . Firewall
- C . Switch
- D . Load balancer
Correct Answer: C
C
Explanation:
The correct answer is Switch because the question references a new logical layout segmenting the network using tagging, which indicates VLAN (Virtual Local Area Network) configuration. VLAN tagging (IEEE 802.1Q) is performed on switches to logically separate broadcast domains within the same physical infrastructure.
According to CompTIA Network+ (N10-009) objectives under switching technologies, VLANs are used to improve security, reduce broadcast traffic, and logically segment network traffic. When VLAN tagging is misconfigured―such as incorrect trunk ports, access port assignments, or mismatched VLAN IDs―devices may lose connectivity to required network resources.
Since the issue began after changes involving tagging, the most likely cause is an incorrect switch configuration, such as improper VLAN assignments or trunking settings.
An access point (Option A) may use VLANs for SSID segmentation, but core tagging configuration is handled at the switch. A firewall (Option B) filters traffic but does not control VLAN tagging at Layer 2 in typical deployments. A load balancer (Option D) distributes traffic among servers and is unrelated to VLAN segmentation.
Therefore, reviewing the switch configuration is the appropriate action to restore connectivity.
C
Explanation:
The correct answer is Switch because the question references a new logical layout segmenting the network using tagging, which indicates VLAN (Virtual Local Area Network) configuration. VLAN tagging (IEEE 802.1Q) is performed on switches to logically separate broadcast domains within the same physical infrastructure.
According to CompTIA Network+ (N10-009) objectives under switching technologies, VLANs are used to improve security, reduce broadcast traffic, and logically segment network traffic. When VLAN tagging is misconfigured―such as incorrect trunk ports, access port assignments, or mismatched VLAN IDs―devices may lose connectivity to required network resources.
Since the issue began after changes involving tagging, the most likely cause is an incorrect switch configuration, such as improper VLAN assignments or trunking settings.
An access point (Option A) may use VLANs for SSID segmentation, but core tagging configuration is handled at the switch. A firewall (Option B) filters traffic but does not control VLAN tagging at Layer 2 in typical deployments. A load balancer (Option D) distributes traffic among servers and is unrelated to VLAN segmentation.
Therefore, reviewing the switch configuration is the appropriate action to restore connectivity.