Practice Free N10-009 Exam Online Questions
Question #61
HOTSPOT
Company C is acquiring Company A and Company B. Company C needs to merge all three networks into one Class B network. Additionally, the network capacity of each company needs to grow by 20%. Company C also requires segmentation of Company A and Company B to account for unknown security vulnerabilities within each.
Instructions:
Select the correct subnet range to meet Company C’s requirements.
Correct Answer: A = 192.168.10.0/26
B = 192.168.1.0/23
C = 10.0.0.1/18
Using the choices shown in the screenshot, the best-fit subnet selections are based on host growth requirements first, then segmentation.
For Company A, the current device count is 32. With 20% growth, that becomes about 39 devices. A /27 only supports 30 usable hosts, so it is too small. A /26 supports 62 usable hosts, so 192.168.10.0/26 is the correct choice.
For Company B, the current device count is 100. With 20% growth, that becomes 120 devices. The smallest correct subnet would normally be a /25 with 126 usable hosts, but that option is not shown. From the available choices, 192.168.1.0/23 is the smallest subnet that still supports more than 120 hosts, so that is the best answer.
For Company C, the current device count is 10,000. With 20% growth, it needs space for 12,000 hosts. A /18 provides 16,382 usable hosts, while a /19 is not available and a /21 or /22 would be far too small. Therefore, 10.0.0.1/18 is the correct selection.
One important note: the dropdown choices shown do not actually let all three companies be placed into a single true Class B network block. So these answers are the best valid selections from the provided options.
B = 192.168.1.0/23
C = 10.0.0.1/18
Using the choices shown in the screenshot, the best-fit subnet selections are based on host growth requirements first, then segmentation.
For Company A, the current device count is 32. With 20% growth, that becomes about 39 devices. A /27 only supports 30 usable hosts, so it is too small. A /26 supports 62 usable hosts, so 192.168.10.0/26 is the correct choice.
For Company B, the current device count is 100. With 20% growth, that becomes 120 devices. The smallest correct subnet would normally be a /25 with 126 usable hosts, but that option is not shown. From the available choices, 192.168.1.0/23 is the smallest subnet that still supports more than 120 hosts, so that is the best answer.
For Company C, the current device count is 10,000. With 20% growth, it needs space for 12,000 hosts. A /18 provides 16,382 usable hosts, while a /19 is not available and a /21 or /22 would be far too small. Therefore, 10.0.0.1/18 is the correct selection.
One important note: the dropdown choices shown do not actually let all three companies be placed into a single true Class B network block. So these answers are the best valid selections from the provided options.
Question #62
A network administrator is setting up a firewall to protect the organization’s network from external threats.
Which of the following should the administrator consider first when configuring the firewall?
- A . Required ports, protocols, and services
- B . Inclusion of a deny all rule
- C . VPN access
- D . Outbound access originating from customer-facing servers
Correct Answer: A
A
Explanation:
When configuring a firewall, the first step is identifying which ports, protocols, and services are required for normal business operations. This ensures only legitimate traffic is allowed. After establishing the required rules, a default deny rule is added for security.
B. Deny all rule is important, but it should come after defining required rules.
C. VPN access is a service to configure, but only after determining baseline needs.
D. Outbound traffic policies are part of refinement, not the first consideration.
Reference (CompTIA Network+ N10-009):
Domain: Network Security ― Firewall configuration, rule order, least privilege.
A
Explanation:
When configuring a firewall, the first step is identifying which ports, protocols, and services are required for normal business operations. This ensures only legitimate traffic is allowed. After establishing the required rules, a default deny rule is added for security.
B. Deny all rule is important, but it should come after defining required rules.
C. VPN access is a service to configure, but only after determining baseline needs.
D. Outbound traffic policies are part of refinement, not the first consideration.
Reference (CompTIA Network+ N10-009):
Domain: Network Security ― Firewall configuration, rule order, least privilege.
Question #63
A network engineer receives a new router to use for WAN connectivity.
Which of the following best describes the layer the network engineer should connect the new router to?
- A . Access
- B . Core
- C . Leaf
- D . Spine
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):
In a spineCleaf architecture, endpoints (including servers, firewalls, and WAN/edge routers) connect to leaf switches. Leaf switches then uplink to spine switches; spine switches do not have endpoints connected directly to them. Therefore, a WAN router (an external/edge device) should connect to the leaf layer―often specifically to a “border leaf” that handles external connectivity.
Why not
B. Core or
D. Spine? In spineCleaf, “core” isn’t a formal layer, and spines are designed only to interconnect leafs, not to terminate endpoints.
Why not
C
Explanation:
Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):
In a spineCleaf architecture, endpoints (including servers, firewalls, and WAN/edge routers) connect to leaf switches. Leaf switches then uplink to spine switches; spine switches do not have endpoints connected directly to them. Therefore, a WAN router (an external/edge device) should connect to the leaf layer―often specifically to a “border leaf” that handles external connectivity.
Why not
B. Core or
D. Spine? In spineCleaf, “core” isn’t a formal layer, and spines are designed only to interconnect leafs, not to terminate endpoints.
Why not
Question #64
Which of the following physical installation factors is the most important when a network switch is installed in a sealed enclosure?
- A . Fire suppression
- B . Power budget
- C . Temperature
- D . Humidity
Correct Answer: C
C
Explanation:
The correct answer is Temperature because a sealed enclosure restricts airflow, which can cause heat
to accumulate rapidly. According to CompTIA Network+ (N10-009) objectives under physical installations and environmental factors, maintaining proper temperature control is critical for network equipment reliability and longevity.
Network switches generate heat during operation, particularly models with high port density or Power over Ethernet (PoE) capabilities. In a sealed enclosure without proper ventilation or cooling mechanisms, excessive heat buildup can lead to thermal throttling, unexpected shutdowns, hardware degradation, or permanent equipment failure. Manufacturers specify operating temperature ranges, and exceeding these limits significantly reduces device lifespan and performance.
While humidity (Option D) is important to prevent condensation and corrosion, temperature fluctuations pose a more immediate risk in a sealed environment. Power budget (Option B) is relevant when calculating PoE load capacity but does not directly address environmental installation conditions. Fire suppression (Option A) is important in data centers but is not the primary concern specific to a sealed enclosure scenario.
Therefore, ensuring proper temperature management is the most critical installation factor.
C
Explanation:
The correct answer is Temperature because a sealed enclosure restricts airflow, which can cause heat
to accumulate rapidly. According to CompTIA Network+ (N10-009) objectives under physical installations and environmental factors, maintaining proper temperature control is critical for network equipment reliability and longevity.
Network switches generate heat during operation, particularly models with high port density or Power over Ethernet (PoE) capabilities. In a sealed enclosure without proper ventilation or cooling mechanisms, excessive heat buildup can lead to thermal throttling, unexpected shutdowns, hardware degradation, or permanent equipment failure. Manufacturers specify operating temperature ranges, and exceeding these limits significantly reduces device lifespan and performance.
While humidity (Option D) is important to prevent condensation and corrosion, temperature fluctuations pose a more immediate risk in a sealed environment. Power budget (Option B) is relevant when calculating PoE load capacity but does not directly address environmental installation conditions. Fire suppression (Option A) is important in data centers but is not the primary concern specific to a sealed enclosure scenario.
Therefore, ensuring proper temperature management is the most critical installation factor.
Question #65
Which of the following ports is used to transfer data between mail exchange servers?
- A . 21
- B . 25
- C . 53
- D . 69
Correct Answer: B
B
Explanation:
The correct answer is B. Port 25. In CompTIA Network+ N10-009, candidates are expected to know common networking protocols, their purposes, and their associated port numbers. SMTP, or Simple Mail Transfer Protocol, uses TCP port 25 and is primarily responsible for sending email messages between mail servers. When one organization’s mail server needs to deliver a message to another organization’s mail server, SMTP commonly performs that server-to-server transfer using port 25.
The other options are associated with different services. Port 21 is used by FTP for command/control communication during file transfers. Port 53 is used by DNS for name resolution, translating domain names into IP addresses. Port 69 is used by TFTP, a simplified file transfer protocol often associated with lightweight network device file transfers, such as firmware or configuration files.
For Network+ exam purposes, it is important to distinguish SMTP from email retrieval protocols. POP3 uses port 110, and IMAP uses port 143 for client mail retrieval, while SMTP is used for sending and relaying email. Therefore, the port used to transfer data between mail exchange servers is TCP 25.
B
Explanation:
The correct answer is B. Port 25. In CompTIA Network+ N10-009, candidates are expected to know common networking protocols, their purposes, and their associated port numbers. SMTP, or Simple Mail Transfer Protocol, uses TCP port 25 and is primarily responsible for sending email messages between mail servers. When one organization’s mail server needs to deliver a message to another organization’s mail server, SMTP commonly performs that server-to-server transfer using port 25.
The other options are associated with different services. Port 21 is used by FTP for command/control communication during file transfers. Port 53 is used by DNS for name resolution, translating domain names into IP addresses. Port 69 is used by TFTP, a simplified file transfer protocol often associated with lightweight network device file transfers, such as firmware or configuration files.
For Network+ exam purposes, it is important to distinguish SMTP from email retrieval protocols. POP3 uses port 110, and IMAP uses port 143 for client mail retrieval, while SMTP is used for sending and relaying email. Therefore, the port used to transfer data between mail exchange servers is TCP 25.
Question #66
SIMULATION
A network technician needs to resolve some issues with a customer’s SOHO network.
The customer reports that some of the devices are not connecting to the network, while others appear to work as intended.
INSTRUCTIONS
Troubleshoot all the network components and review the cable test results by Clicking on each device and cable.
Diagnose the appropriate component(s) by identifying any components with a problem and recommend a solution to correct each problem.
Cable Test Results:
Cable 1:
Cable 2:
Cable 3:
Cable 4:
Correct Answer: (Note: Ips will be change on each simulation task, so we have given example answer for the understanding)
To troubleshoot all the network components and review the cable test results, you can use the following steps:
Click on each device and cable to open its information window.
Review the information and identify any problems or errors that may affect the network connectivity or performance.
Diagnose the appropriate component(s) by identifying any components with a problem and recommend a solution to correct each problem.
Fill in the remediation form using the drop-down menus provided.
Here is an example of how to fill in the remediation form for PC1:
The component with a problem is PC1.
The problem is Incorrect IP address.
The solution is Change the IP address to 192.168.1.10.
You can use the same steps to fill in the remediation form for other components.
To enter commands in each device, you can use the following steps:
Click on the device to open its terminal window.
Enter the command ipconfig /all to display the IP configuration of the device, including its IP address, subnet mask, default gateway, and DNS servers.
Enter the command ping <IP address> to test the connectivity and reachability to another device on the network by sending and receiving echo packets. Replace <IP address> with the IP address of the
destination device, such as 192.168.1.1 for Core Switch 1.
Enter the command tracert <IP address> to trace the route and measure the latency of packets from the device to another device on the network by sending and receiving packets with increasing TTL values. Replace <IP address> with the IP address of the destination device, such as 192.168.1.1 for Core Switch 1.
Here is an example of how to enter commands in PC1:
Click on PC1 to open its terminal window.
Enter the command ipconfig /all to display the IP configuration of PC1. You should see that PC1 has an incorrect IP address of 192.168.2.10, which belongs to VLAN 2 instead of VLAN 1.
Enter the command ping 192.168.1.1 to test the connectivity to Core Switch 1. You should see that PC1 is unable to ping Core Switch 1 because they are on different subnets.
Enter the command tracert 192.168.1.1 to trace the route to Core Switch 1. You should see that PC1 is unable to reach Core Switch 1 because there is no route between them.
You can use the same steps to enter commands in other devices, such as PC3, PC4, PC5, and Server 1.
To troubleshoot all the network components and review the cable test results, you can use the following steps:
Click on each device and cable to open its information window.
Review the information and identify any problems or errors that may affect the network connectivity or performance.
Diagnose the appropriate component(s) by identifying any components with a problem and recommend a solution to correct each problem.
Fill in the remediation form using the drop-down menus provided.
Here is an example of how to fill in the remediation form for PC1:
The component with a problem is PC1.
The problem is Incorrect IP address.
The solution is Change the IP address to 192.168.1.10.
You can use the same steps to fill in the remediation form for other components.
To enter commands in each device, you can use the following steps:
Click on the device to open its terminal window.
Enter the command ipconfig /all to display the IP configuration of the device, including its IP address, subnet mask, default gateway, and DNS servers.
Enter the command ping <IP address> to test the connectivity and reachability to another device on the network by sending and receiving echo packets. Replace <IP address> with the IP address of the
destination device, such as 192.168.1.1 for Core Switch 1.
Enter the command tracert <IP address> to trace the route and measure the latency of packets from the device to another device on the network by sending and receiving packets with increasing TTL values. Replace <IP address> with the IP address of the destination device, such as 192.168.1.1 for Core Switch 1.
Here is an example of how to enter commands in PC1:
Click on PC1 to open its terminal window.
Enter the command ipconfig /all to display the IP configuration of PC1. You should see that PC1 has an incorrect IP address of 192.168.2.10, which belongs to VLAN 2 instead of VLAN 1.
Enter the command ping 192.168.1.1 to test the connectivity to Core Switch 1. You should see that PC1 is unable to ping Core Switch 1 because they are on different subnets.
Enter the command tracert 192.168.1.1 to trace the route to Core Switch 1. You should see that PC1 is unable to reach Core Switch 1 because there is no route between them.
You can use the same steps to enter commands in other devices, such as PC3, PC4, PC5, and Server 1.
Question #67
Users usually use RDP to connect to a terminal server with hostname TS19 that points to 10.0.100.19. However, users recently have been unable to connect to TS19. The technician pings 10.0.100.19 and gets an unreachable error.
Which of the following is the most likely cause?
- A . The users are on the wrong subnet.
- B . The DHCP server renewed the lease.
- C . The IP address was not reserved.
- D . The hostname was changed.
Correct Answer: A
A
Explanation:
If a ping to 10.0.100.19 is unreachable, the most likely issue is that users are on the wrong subnet and cannot communicate with the server.
Breakdown of Options:
A
Explanation:
If a ping to 10.0.100.19 is unreachable, the most likely issue is that users are on the wrong subnet and cannot communicate with the server.
Breakdown of Options:
Question #68
A university is implementing a new campus wireless network. A network administrator needs to configure the network to support a large number of devices and high-bandwidth demands from students.
Which of the following wireless technologies should the administrator consider for this scenario?
- A . Bluetooth
- B . Wi-Fi 6E
- C . 5G
- D . LTE
Correct Answer: B
B
Explanation:
Wi-Fi 6E is the best choice for high-density environments, such as a university campus. It:
Supports more devices with OFDMA (Orthogonal Frequency-Division Multiple Access)
Uses the 6GHz band, reducing congestion
Provides faster speeds and lower latency
This makes Wi-Fi 6E ideal for large networks with high-bandwidth demands, like those in a university setting.
Breakdown of Options:
B
Explanation:
Wi-Fi 6E is the best choice for high-density environments, such as a university campus. It:
Supports more devices with OFDMA (Orthogonal Frequency-Division Multiple Access)
Uses the 6GHz band, reducing congestion
Provides faster speeds and lower latency
This makes Wi-Fi 6E ideal for large networks with high-bandwidth demands, like those in a university setting.
Breakdown of Options:
Question #69
A small business is deploying new phones, and some of the phones have full HD videoconferencing features. The Chief Information Officer (CIO) is concerned that the network might not be able to handle the traffic if it reaches a certain threshold.
Which of the following can the network engineer configure to help ease these concerns?
- A . A VLAN with 100Mbps speed limits
- B . An IP helper to direct VoIP traffic
- C . A smaller subnet mask
- D . Full duplex on all user ports
Correct Answer: D
D
Explanation:
Full duplex mode allows devices to send and receive data simultaneously, improving network performance and reducing congestion, which is critical for VoIP and video conferencing.
Breakdown of Options:
D
Explanation:
Full duplex mode allows devices to send and receive data simultaneously, improving network performance and reducing congestion, which is critical for VoIP and video conferencing.
Breakdown of Options:
Question #70
Which of the following types of routes takes precedence when building a routing table for a given subnet?
- A . Static
- B . BGP
- C . OSPF
- D . Default
Correct Answer: A
A
Explanation:
The correct answer is Static because static routes have a lower administrative distance (AD) than most dynamic routing protocols, giving them higher priority when a router selects routes for the same destination network. According to CompTIA Network+ (N10-009) routing objectives, administrative distance is used to determine the trustworthiness of a route source when multiple routing protocols provide a path to the same subnet. The lower the administrative distance, the more preferred the route.
By default, a static route has an administrative distance of 1, which is lower than OSPF (110) and BGP (20 for eBGP, 200 for iBGP). Because of this, when identical routes to a subnet exist from both static and dynamic sources, the router installs the static route in the routing table.
A default route (0.0.0.0/0) is only used when no more specific route exists and does not take precedence over specific static or dynamic routes.
Therefore, when building the routing table for a given subnet and comparing route sources, static routes take precedence due to their lower administrative distance.
A
Explanation:
The correct answer is Static because static routes have a lower administrative distance (AD) than most dynamic routing protocols, giving them higher priority when a router selects routes for the same destination network. According to CompTIA Network+ (N10-009) routing objectives, administrative distance is used to determine the trustworthiness of a route source when multiple routing protocols provide a path to the same subnet. The lower the administrative distance, the more preferred the route.
By default, a static route has an administrative distance of 1, which is lower than OSPF (110) and BGP (20 for eBGP, 200 for iBGP). Because of this, when identical routes to a subnet exist from both static and dynamic sources, the router installs the static route in the routing table.
A default route (0.0.0.0/0) is only used when no more specific route exists and does not take precedence over specific static or dynamic routes.
Therefore, when building the routing table for a given subnet and comparing route sources, static routes take precedence due to their lower administrative distance.