Practice Free N10-009 Exam Online Questions
Question #61
Which of the following can also provide a security feature when implemented?
- A . NAT
- B . BGP
- C . FHRP
- D . EIGRP
Correct Answer: A
A
Explanation:
NAT (Network Address Translation) helps hide internal IP addresses from external networks, adding a layer of security by preventing direct access to internal systems from the outside.
A
Explanation:
NAT (Network Address Translation) helps hide internal IP addresses from external networks, adding a layer of security by preventing direct access to internal systems from the outside.
Question #62
A user called the help desk after business hours to complain that files on a device are inaccessible and the wallpaper was changed. The network administrator thinks that this issue is an isolated incident, but the security analyst thinks the issue might be a ransomware attack.
Which of the following troubleshooting steps should be taken first?
- A . Identify the problem
- B . Establish a theory
- C . Document findings
- D . Create a plan of action
Correct Answer: A
A
Explanation:
The first step in any troubleshooting process is to identify the problem. This includes gathering information from the user, reviewing logs, and observing the symptoms. In this case, identifying the scope and nature of the issue (e.g., signs of ransomware) is critical before forming any theories or plans.
From Andrew Ramdayal’s guide:
“The troubleshooting methodology begins with identifying the problem. This step involves questioning users, identifying user changes, and determining the symptoms.”
A
Explanation:
The first step in any troubleshooting process is to identify the problem. This includes gathering information from the user, reviewing logs, and observing the symptoms. In this case, identifying the scope and nature of the issue (e.g., signs of ransomware) is critical before forming any theories or plans.
From Andrew Ramdayal’s guide:
“The troubleshooting methodology begins with identifying the problem. This step involves questioning users, identifying user changes, and determining the symptoms.”
Question #62
A user called the help desk after business hours to complain that files on a device are inaccessible and the wallpaper was changed. The network administrator thinks that this issue is an isolated incident, but the security analyst thinks the issue might be a ransomware attack.
Which of the following troubleshooting steps should be taken first?
- A . Identify the problem
- B . Establish a theory
- C . Document findings
- D . Create a plan of action
Correct Answer: A
A
Explanation:
The first step in any troubleshooting process is to identify the problem. This includes gathering information from the user, reviewing logs, and observing the symptoms. In this case, identifying the scope and nature of the issue (e.g., signs of ransomware) is critical before forming any theories or plans.
From Andrew Ramdayal’s guide:
“The troubleshooting methodology begins with identifying the problem. This step involves questioning users, identifying user changes, and determining the symptoms.”
A
Explanation:
The first step in any troubleshooting process is to identify the problem. This includes gathering information from the user, reviewing logs, and observing the symptoms. In this case, identifying the scope and nature of the issue (e.g., signs of ransomware) is critical before forming any theories or plans.
From Andrew Ramdayal’s guide:
“The troubleshooting methodology begins with identifying the problem. This step involves questioning users, identifying user changes, and determining the symptoms.”
Question #64
A user calls the help desk after business hours to complain that files on a device are inaccessible and the wallpaper was changed. The network administrator thinks that this issue is an isolated incident, but the security analyst thinks the issue might be a ransomware attack.
Which of the following troubleshooting steps should be taken first?
- A . Identify the problem.
- B . Establish a theory.
- C . Document findings.
- D . Create a plan of action.
Correct Answer: A
A
Explanation:
The correct answer is Identify the problem, which is always the first step in the CompTIA Network+ N10-009 troubleshooting methodology. Before forming theories, creating action plans, or documenting outcomes, technicians must clearly understand what is happening, who is affected, and what symptoms are present.
In this scenario, the symptoms―inaccessible files and a changed wallpaper―are serious and potentially indicative of a security incident such as ransomware. However, at this stage, there is disagreement between the network administrator and the security analyst regarding the nature of the issue. That reinforces the need to begin with problem identification, which includes gathering information, determining the scope of impact, identifying recent changes, and assessing whether the incident is isolated or widespread.
Establishing a theory comes after the problem has been clearly defined. Creating a plan of action and documenting findings occur later in the process, once the issue has been confirmed and remediation steps are determined. Jumping ahead without properly identifying the problem could result in delayed containment or an incorrect response―especially critical in potential security incidents.
The Network+ objectives emphasize following the structured troubleshooting process precisely to reduce risk, prevent escalation, and ensure accurate resolution―particularly when malware or ransomware may be involved.
A
Explanation:
The correct answer is Identify the problem, which is always the first step in the CompTIA Network+ N10-009 troubleshooting methodology. Before forming theories, creating action plans, or documenting outcomes, technicians must clearly understand what is happening, who is affected, and what symptoms are present.
In this scenario, the symptoms―inaccessible files and a changed wallpaper―are serious and potentially indicative of a security incident such as ransomware. However, at this stage, there is disagreement between the network administrator and the security analyst regarding the nature of the issue. That reinforces the need to begin with problem identification, which includes gathering information, determining the scope of impact, identifying recent changes, and assessing whether the incident is isolated or widespread.
Establishing a theory comes after the problem has been clearly defined. Creating a plan of action and documenting findings occur later in the process, once the issue has been confirmed and remediation steps are determined. Jumping ahead without properly identifying the problem could result in delayed containment or an incorrect response―especially critical in potential security incidents.
The Network+ objectives emphasize following the structured troubleshooting process precisely to reduce risk, prevent escalation, and ensure accurate resolution―particularly when malware or ransomware may be involved.
Question #65
A network administrator needs to assign IP addresses to a newly installed network. They choose 192.168.1.0/24 as their network address and need to create three subnets with 30 hosts on each subnet.
Which of the following is a valid subnet mask that will meet the requirements?
- A . 255.255.255.128
- B . 255.255.255.192
- C . 255.255.255.224
- D . 255.255.255.240
Correct Answer: C
C
Explanation:
Understanding the Requirements
Network Address: 192.168.1.0/24
The /24 notation means a subnet mask of 255.255.255.0, providing 256 total addresses (192.168.1.0C192.168.1.255).
Usable hosts: 256 C 2 (network and broadcast) = 254.
Goal: Create 3 subnets, each with 30 hosts.
Each subnet needs enough addresses to accommodate 30 hosts, plus 2 reserved addresses (network and broadcast) per subnet.
Total addresses per subnet = 30 (hosts) + 2 (network/broadcast) = 32 addresses.
Subnetting Basics (Networking Fundamentals)
Subnet Mask: Determines how many bits are borrowed from the host portion to create subnets.
Original Mask: /24 (255.255.255.0) = 24 network bits, 8 host bits.
Formulae:
Number of subnets = 2^(number of borrowed bits).
Number of addresses per subnet = 2^(remaining host bits).
Usable hosts per subnet = 2^(remaining host bits) C 2.
We need:
At least 3 subnets.
At least 32 addresses per subnet (to fit 30 hosts + 2 reserved).
Step-by-Step Analysis
Determine Addresses Needed per Subnet:
32 addresses is a power of 2 (2^5 = 32).
This means each subnet requires 5 host bits (since 2^5 = 32 total addresses, and 32 C 2 = 30 usable hosts).
Calculate Remaining Bits:
Original network has 8 host bits (/24).
If 5 bits are left for hosts, we borrow: 8 C 5 = 3 bits for subnetting.
New Subnet Mask:
Original mask: /24 (24 network bits).
Borrow 3 bits: 24 + 3 = /27.
/27 = 255.255.255.224 (binary: 11111111.11111111.11111111.11100000).
Verify Requirements:
Number of Subnets: 2^3 = 8 subnets (meets the requirement of at least 3).
Addresses per Subnet: 2^5 = 32 addresses.
Usable Hosts per Subnet: 32 C 2 = 30 hosts (exactly meets the requirement).
Subnet Breakdown:
Increment: 256 C 224 = 32 (each subnet increments by 32 in the fourth octet).
Subnets:
C
Explanation:
Understanding the Requirements
Network Address: 192.168.1.0/24
The /24 notation means a subnet mask of 255.255.255.0, providing 256 total addresses (192.168.1.0C192.168.1.255).
Usable hosts: 256 C 2 (network and broadcast) = 254.
Goal: Create 3 subnets, each with 30 hosts.
Each subnet needs enough addresses to accommodate 30 hosts, plus 2 reserved addresses (network and broadcast) per subnet.
Total addresses per subnet = 30 (hosts) + 2 (network/broadcast) = 32 addresses.
Subnetting Basics (Networking Fundamentals)
Subnet Mask: Determines how many bits are borrowed from the host portion to create subnets.
Original Mask: /24 (255.255.255.0) = 24 network bits, 8 host bits.
Formulae:
Number of subnets = 2^(number of borrowed bits).
Number of addresses per subnet = 2^(remaining host bits).
Usable hosts per subnet = 2^(remaining host bits) C 2.
We need:
At least 3 subnets.
At least 32 addresses per subnet (to fit 30 hosts + 2 reserved).
Step-by-Step Analysis
Determine Addresses Needed per Subnet:
32 addresses is a power of 2 (2^5 = 32).
This means each subnet requires 5 host bits (since 2^5 = 32 total addresses, and 32 C 2 = 30 usable hosts).
Calculate Remaining Bits:
Original network has 8 host bits (/24).
If 5 bits are left for hosts, we borrow: 8 C 5 = 3 bits for subnetting.
New Subnet Mask:
Original mask: /24 (24 network bits).
Borrow 3 bits: 24 + 3 = /27.
/27 = 255.255.255.224 (binary: 11111111.11111111.11111111.11100000).
Verify Requirements:
Number of Subnets: 2^3 = 8 subnets (meets the requirement of at least 3).
Addresses per Subnet: 2^5 = 32 addresses.
Usable Hosts per Subnet: 32 C 2 = 30 hosts (exactly meets the requirement).
Subnet Breakdown:
Increment: 256 C 224 = 32 (each subnet increments by 32 in the fourth octet).
Subnets:
Question #66
An administrator wants to find the top destination for traffic across the infrastructure on a specific day.
Which of the following should the administrator use?
- A . SNMP
- B . Packet capture
- C . NetFlow
- D . traceroute
Correct Answer: C
C
Explanation:
NetFlow (and similar flow technologies like IPFIX/sFlow in concept) is used to collect traffic-flow metadata such as source/destination IPs, ports, protocols, interfaces, and byte/packet counts over time. In Network+ (N10-009) operations and monitoring objectives, flow data is ideal for identifying top talkers and top destinations across the network on a given day because it provides summarized, queryable information at scale without capturing every packet payload. An administrator can review reports to determine which destination IPs/hosts consumed the most bandwidth, which applications
were most active, and what time ranges saw spikes―perfect for historical analysis.
SNMP is great for polling device counters (interface utilization, errors, CPU) but it does not natively tell you the “top destination” by conversation/flow without additional flow awareness. Packet capture can reveal exact conversations and payloads, but it is heavy, localized, and not efficient for infrastructure-wide daily top-destination reporting. traceroute maps the path to a destination and helps isolate routing/path issues; it does not provide usage statistics. Therefore, NetFlow is the best fit.
C
Explanation:
NetFlow (and similar flow technologies like IPFIX/sFlow in concept) is used to collect traffic-flow metadata such as source/destination IPs, ports, protocols, interfaces, and byte/packet counts over time. In Network+ (N10-009) operations and monitoring objectives, flow data is ideal for identifying top talkers and top destinations across the network on a given day because it provides summarized, queryable information at scale without capturing every packet payload. An administrator can review reports to determine which destination IPs/hosts consumed the most bandwidth, which applications
were most active, and what time ranges saw spikes―perfect for historical analysis.
SNMP is great for polling device counters (interface utilization, errors, CPU) but it does not natively tell you the “top destination” by conversation/flow without additional flow awareness. Packet capture can reveal exact conversations and payloads, but it is heavy, localized, and not efficient for infrastructure-wide daily top-destination reporting. traceroute maps the path to a destination and helps isolate routing/path issues; it does not provide usage statistics. Therefore, NetFlow is the best fit.
Question #67
A network administrator needs to locate a specific AP using a spectrum analyzer to complete an 802.11ax device migration.
Which of the following should display on the analyzer to locate the AP?
- A . SSID
- B . RSSI
- C . Channel number
- D . BSSID
Correct Answer: D
D
Explanation:
To locate a specific access point (AP), the most reliable identifier to view is the BSSID. In 802.11 networks, the BSSID is the radio interface identifier for the AP (typically the AP radio’s MAC address). Unlike an SSID, which can be shared across many APs in the same wireless network (especially in an enterprise deployment using the same SSID across multiple APs), the BSSID uniquely distinguishes one AP radio from another. This is critical during an 802.11ax (Wi-Fi 6) migration, where multiple APs may broadcast identical SSIDs and operate on the same channels in different areas.
While RSSI is useful for physically walking toward the strongest signal (a technique used in locating RF sources), RSSI alone does not confirm you are tracking the correct AP―only that you are near an RF transmitter. Channel number also does not uniquely identify the AP because multiple APs can share the same channel (and channels may overlap depending on band and width). SSID similarly is not unique. Therefore, viewing the BSSID on the analyzer (or Wi-Fi analyzer mode) allows the administrator to confirm the exact AP being measured and located.
D
Explanation:
To locate a specific access point (AP), the most reliable identifier to view is the BSSID. In 802.11 networks, the BSSID is the radio interface identifier for the AP (typically the AP radio’s MAC address). Unlike an SSID, which can be shared across many APs in the same wireless network (especially in an enterprise deployment using the same SSID across multiple APs), the BSSID uniquely distinguishes one AP radio from another. This is critical during an 802.11ax (Wi-Fi 6) migration, where multiple APs may broadcast identical SSIDs and operate on the same channels in different areas.
While RSSI is useful for physically walking toward the strongest signal (a technique used in locating RF sources), RSSI alone does not confirm you are tracking the correct AP―only that you are near an RF transmitter. Channel number also does not uniquely identify the AP because multiple APs can share the same channel (and channels may overlap depending on band and width). SSID similarly is not unique. Therefore, viewing the BSSID on the analyzer (or Wi-Fi analyzer mode) allows the administrator to confirm the exact AP being measured and located.
Question #68
A network administrator’s device is experiencing severe Wi-Fi interference within the corporate headquarters causing the device to constantly drop off the network.
Which of the following is most likely the cause of the issue?
- A . Too much wireless reflection
- B . Too much wireless absorption
- C . Too many wireless repeaters
- D . Too many client connections
Correct Answer: A
A
Explanation:
Reference: CompTIA Network+ Certification Exam Objectives – Wireless Networks section.
A
Explanation:
Reference: CompTIA Network+ Certification Exam Objectives – Wireless Networks section.
Question #69
Which of the following disaster recovery concepts is calculated by dividing the total hours of operation by the total number of units?
- A . MTTR
- B . MTBF
- C . RPO
- D . RTO
Correct Answer: B
B
Explanation:
Introduction to Disaster Recovery Concepts:
Disaster recovery involves strategies and measures to ensure business continuity and data recovery in the event of a disaster.
Mean Time Between Failures (MTBF):
MTBF is a reliability metric used to predict the time between failures of a system during operation. It is calculated by dividing the total operational time by the number of failures.
Formula: MTBF=Total Operational Time Number of Failurestext{MTBF} = frac{text{Total Operational Time}}{text{Number of Failures}}MTBF=Number of Failures Total Operational Time
This metric helps in understanding the reliability and expected lifespan of systems and components.
Example Calculation:
If a server operates for 1000 hours and experiences 2 failures, the MTBF is: MTBF=1000 hours2=500 hourstext{MTBF} = frac{1000 text{ hours}}{2} = 500 text{ hours}MTBF=21000 hours =500 hours
Explanation of the Options:
B
Explanation:
Introduction to Disaster Recovery Concepts:
Disaster recovery involves strategies and measures to ensure business continuity and data recovery in the event of a disaster.
Mean Time Between Failures (MTBF):
MTBF is a reliability metric used to predict the time between failures of a system during operation. It is calculated by dividing the total operational time by the number of failures.
Formula: MTBF=Total Operational Time Number of Failurestext{MTBF} = frac{text{Total Operational Time}}{text{Number of Failures}}MTBF=Number of Failures Total Operational Time
This metric helps in understanding the reliability and expected lifespan of systems and components.
Example Calculation:
If a server operates for 1000 hours and experiences 2 failures, the MTBF is: MTBF=1000 hours2=500 hourstext{MTBF} = frac{1000 text{ hours}}{2} = 500 text{ hours}MTBF=21000 hours =500 hours
Explanation of the Options:
Question #70
A network engineer receives a new router to use for WAN connectivity.
Which of the following best describes the layer the network engineer should connect the new router to?
- A . Access
- B . Core
- C . Leaf
- D . Spine
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):
In a spineCleaf architecture, endpoints (including servers, firewalls, and WAN/edge routers) connect to leaf switches. Leaf switches then uplink to spine switches; spine switches do not have endpoints connected directly to them. Therefore, a WAN router (an external/edge device) should connect to the leaf layer―often specifically to a “border leaf” that handles external connectivity.
Why not B. Core or D. Spine? In spineCleaf, “core” isn’t a formal layer, and spines are designed only to interconnect leafs, not to terminate endpoints.
Why not A. Access? “Access” is a term from the traditional three-tier model (accessCdistributionC core). In modern spineCleaf language, the analogous layer for endpoint attachment is the leaf.
Reference (CompTIA Network+ N10-009):
Domain: Network Infrastructure ― Data center and campus architectures (spineCleaf vs. three-tier), roles of leaf/spine, WAN/edge connectivity points.
C
Explanation:
Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):
In a spineCleaf architecture, endpoints (including servers, firewalls, and WAN/edge routers) connect to leaf switches. Leaf switches then uplink to spine switches; spine switches do not have endpoints connected directly to them. Therefore, a WAN router (an external/edge device) should connect to the leaf layer―often specifically to a “border leaf” that handles external connectivity.
Why not B. Core or D. Spine? In spineCleaf, “core” isn’t a formal layer, and spines are designed only to interconnect leafs, not to terminate endpoints.
Why not A. Access? “Access” is a term from the traditional three-tier model (accessCdistributionC core). In modern spineCleaf language, the analogous layer for endpoint attachment is the leaf.
Reference (CompTIA Network+ N10-009):
Domain: Network Infrastructure ― Data center and campus architectures (spineCleaf vs. three-tier), roles of leaf/spine, WAN/edge connectivity points.