Practice Free N10-009 Exam Online Questions
Question #71
Which of the following source control features allows an administrator to test a new configuration without changing the primary configuration?
- A . Central repository
- B . Conflict identification
- C . Branching
- D . Version control
Correct Answer: C
C
Explanation:
Branching allows developers and administrators to create an isolated copy of the main configuration so they can test changes independently. This avoids impacting the primary environment and allows for safer testing and development.
Reference: Section 3.5 C Network Access and Management Methods C “Source Control: Branching”
C
Explanation:
Branching allows developers and administrators to create an isolated copy of the main configuration so they can test changes independently. This avoids impacting the primary environment and allows for safer testing and development.
Reference: Section 3.5 C Network Access and Management Methods C “Source Control: Branching”
Question #72
Which of the following is the most cost-effective way for a network administrator to establish a
persistent, secure connection between two facilities?
- A . Site-to-site VPN
- B . GRE tunnel
- C . VXLAN
- D . Dedicated line
Correct Answer: A
A
Explanation:
A Site-to-site VPN (Virtual Private Network) is the most cost-effective solution for establishing a persistent, secure connection between two facilities. It uses the public internet to create an encrypted tunnel, leveraging existing internet connections without requiring expensive dedicated infrastructure. This makes it ideal for organizations looking to securely connect remote sites while minimizing costs.
Why not GRE tunnel? Generic Routing Encapsulation (GRE) tunnels encapsulate traffic but do not provide encryption natively, requiring additional protocols (e.g., IPsec) for security. This adds complexity and is less cost-effective than a site-to-site VPN, which integrates encryption.
Why not VXLAN? Virtual Extensible LAN (VXLAN) is used for overlay networks in data centers to extend Layer 2 networks, not for secure site-to-site connectivity.
Why not Dedicated line? A dedicated line (e.g., leased line or MPLS) provides high reliability but is significantly more expensive due to the need for dedicated infrastructure.
Reference: CompTIA Network+ N10-009 Objective 1.7: Explain the use cases for virtual private networks (VPNs) and tunneling protocols. The CompTIA Network+ Study Guide (e.g., Chapter 12: Network Security) explains that site-to-site VPNs are a cost-effective, secure method for connecting geographically separate networks over the internet.
A
Explanation:
A Site-to-site VPN (Virtual Private Network) is the most cost-effective solution for establishing a persistent, secure connection between two facilities. It uses the public internet to create an encrypted tunnel, leveraging existing internet connections without requiring expensive dedicated infrastructure. This makes it ideal for organizations looking to securely connect remote sites while minimizing costs.
Why not GRE tunnel? Generic Routing Encapsulation (GRE) tunnels encapsulate traffic but do not provide encryption natively, requiring additional protocols (e.g., IPsec) for security. This adds complexity and is less cost-effective than a site-to-site VPN, which integrates encryption.
Why not VXLAN? Virtual Extensible LAN (VXLAN) is used for overlay networks in data centers to extend Layer 2 networks, not for secure site-to-site connectivity.
Why not Dedicated line? A dedicated line (e.g., leased line or MPLS) provides high reliability but is significantly more expensive due to the need for dedicated infrastructure.
Reference: CompTIA Network+ N10-009 Objective 1.7: Explain the use cases for virtual private networks (VPNs) and tunneling protocols. The CompTIA Network+ Study Guide (e.g., Chapter 12: Network Security) explains that site-to-site VPNs are a cost-effective, secure method for connecting geographically separate networks over the internet.
Question #73
A network engineer receives a new router to use for WAN connectivity.
Which of the following best describes the layer the network engineer should connect the new router to?
- A . Access
- B . Core
- C . Leaf
- D . Spine
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):
In a spineCleaf architecture, endpoints (including servers, firewalls, and WAN/edge routers) connect to leaf switches. Leaf switches then uplink to spine switches; spine switches do not have endpoints connected directly to them. Therefore, a WAN router (an external/edge device) should connect to the leaf layer―often specifically to a “border leaf” that handles external connectivity.
Why not
B. Core or
D. Spine? In spineCleaf, “core” isn’t a formal layer, and spines are designed only to interconnect leafs, not to terminate endpoints.
Why not
C
Explanation:
Comprehensive and Detailed Explanation (paraphrased, aligned to N10-009):
In a spineCleaf architecture, endpoints (including servers, firewalls, and WAN/edge routers) connect to leaf switches. Leaf switches then uplink to spine switches; spine switches do not have endpoints connected directly to them. Therefore, a WAN router (an external/edge device) should connect to the leaf layer―often specifically to a “border leaf” that handles external connectivity.
Why not
B. Core or
D. Spine? In spineCleaf, “core” isn’t a formal layer, and spines are designed only to interconnect leafs, not to terminate endpoints.
Why not
Question #74
In the troubleshooting methodology, which of the following actions comes after verifying that the initial problem has been resolved?
- A . If necessary, escalating the issue
- B . Attempting to replicate the problem
- C . Documenting findings
- D . Implementing the plan
Correct Answer: C
C
Explanation:
In the CompTIA Network+ (N10-009) troubleshooting methodology, the step that follows verifying full system functionality (confirming the issue is resolved and validating with the user/requirements) is documenting findings, actions, and outcomes. Documentation is a required closing step because it captures what the original symptoms were, what troubleshooting steps were performed, what root cause was identified (if found), what remediation was applied, and what validation confirmed success. This record supports operational continuity by enabling faster resolution if the issue recurs, improving knowledge transfer across teams, and meeting organizational change-control or compliance requirements.
The other options fall in different parts of the methodology. Attempting to replicate the problem is typically performed earlier―after identifying symptoms and before or during isolation―to confirm the issue and help narrow scope. Implementing the plan occurs before verification; you implement the selected solution or escalation plan and then test/verify. Escalating the issue occurs when the technician lacks access, expertise, time, or evidence to proceed, and it can happen during troubleshooting―but it is not the standard step that comes after verifying resolution.
C
Explanation:
In the CompTIA Network+ (N10-009) troubleshooting methodology, the step that follows verifying full system functionality (confirming the issue is resolved and validating with the user/requirements) is documenting findings, actions, and outcomes. Documentation is a required closing step because it captures what the original symptoms were, what troubleshooting steps were performed, what root cause was identified (if found), what remediation was applied, and what validation confirmed success. This record supports operational continuity by enabling faster resolution if the issue recurs, improving knowledge transfer across teams, and meeting organizational change-control or compliance requirements.
The other options fall in different parts of the methodology. Attempting to replicate the problem is typically performed earlier―after identifying symptoms and before or during isolation―to confirm the issue and help narrow scope. Implementing the plan occurs before verification; you implement the selected solution or escalation plan and then test/verify. Escalating the issue occurs when the technician lacks access, expertise, time, or evidence to proceed, and it can happen during troubleshooting―but it is not the standard step that comes after verifying resolution.
Question #75
A small company has the following IP addressing strategy:
A user is unable to connect to the company fileshare server located at 192.168.10.1.
The user’s networking configuration is:
Which of the following will most likely correct the issue?
- A . Changing the IPv4 address to 192.168.10.1
- B . Changing the subnet mask to 255.255.255.0
- C . Changing the DNS servers to internet IPs
- D . Changing the physical address to 7A-01-7A-21-01-50
Correct Answer: B
B
Explanation:
If the user cannot communicate with 192.168.10.1, they might be on a different subnet. Changing the subnet mask to 255.255.255.0 ensures the user and the file server are in the same subnet.
Breakdown of Options:
B
Explanation:
If the user cannot communicate with 192.168.10.1, they might be on a different subnet. Changing the subnet mask to 255.255.255.0 ensures the user and the file server are in the same subnet.
Breakdown of Options:
Question #76
A company is concerned that the public can use network wall jacks in publicly available conference rooms to access company servers.
Which of the following is the best way to mitigate the vulnerability?
- A . Create a trusted zone.
- B . Disable unused services.
- C . Use MAC filtering.
- D . Implement 802.1X.
Correct Answer: D
D
Explanation:
The best mitigation is implementing 802.1X, which provides port-based Network Access Control (NAC). With 802.1X enabled on access switch ports, a device plugged into a wall jack cannot gain normal network access until it successfully authenticates using credentials/certificates via an authentication server (commonly RADIUS). This directly addresses the threat of unauthorized users plugging into publicly accessible conference room jacks, because the switch keeps the port in an unauthenticated state (or places it into a restricted/guest VLAN) until authentication succeeds. This aligns with Network+ security objectives that emphasize controlling access at the edge, enforcing authentication, and reducing the risk of rogue or unmanaged devices on internal networks.
MAC filtering is weaker because MAC addresses can be spoofed and managing allow-lists at scale is error-prone. Creating a trusted zone is vague and does not prevent initial port access; segmentation helps limit blast radius but doesn’t enforce authentication at the jack. Disabling unused services is a general hardening practice, but it does not stop someone from connecting physically to an active switch port and attempting access. 802.1X is purpose-built for this exact scenario.
D
Explanation:
The best mitigation is implementing 802.1X, which provides port-based Network Access Control (NAC). With 802.1X enabled on access switch ports, a device plugged into a wall jack cannot gain normal network access until it successfully authenticates using credentials/certificates via an authentication server (commonly RADIUS). This directly addresses the threat of unauthorized users plugging into publicly accessible conference room jacks, because the switch keeps the port in an unauthenticated state (or places it into a restricted/guest VLAN) until authentication succeeds. This aligns with Network+ security objectives that emphasize controlling access at the edge, enforcing authentication, and reducing the risk of rogue or unmanaged devices on internal networks.
MAC filtering is weaker because MAC addresses can be spoofed and managing allow-lists at scale is error-prone. Creating a trusted zone is vague and does not prevent initial port access; segmentation helps limit blast radius but doesn’t enforce authentication at the jack. Disabling unused services is a general hardening practice, but it does not stop someone from connecting physically to an active switch port and attempting access. 802.1X is purpose-built for this exact scenario.
Question #77
Which of the following must be implemented to securely connect a company’s headquarters with a branch location?
- A . Split-tunnel VPN
- B . Clientless VPN
- C . Full-tunnel VPN
- D . Site-to-site VPN
Correct Answer: D
D
Explanation:
Site-to-Site VPN: A site-to-site VPN is used to securely connect two networks, such as a company’s headquarters and a branch location, over the internet. This type of VPN creates a secure tunnel for data transmission, ensuring confidentiality and integrity.
Split-tunnel VPN (A): Allows some traffic to bypass the VPN tunnel, which may not secure all communications.
Clientless VPN (B): Used for individual users to access the network without VPN client software. Full-tunnel VPN (C): Typically used for individual user traffic rather than connecting two networks.
Reference: CompTIA Network+ Official Study Guide, Domain 1.3 (Secure Network Connections).
D
Explanation:
Site-to-Site VPN: A site-to-site VPN is used to securely connect two networks, such as a company’s headquarters and a branch location, over the internet. This type of VPN creates a secure tunnel for data transmission, ensuring confidentiality and integrity.
Split-tunnel VPN (A): Allows some traffic to bypass the VPN tunnel, which may not secure all communications.
Clientless VPN (B): Used for individual users to access the network without VPN client software. Full-tunnel VPN (C): Typically used for individual user traffic rather than connecting two networks.
Reference: CompTIA Network+ Official Study Guide, Domain 1.3 (Secure Network Connections).
Question #78
A Chief Executive Officer (CEO) of a company purchases a new phone that will be used while traveling to different countries. The CEO needs to be able to place outgoing calls and receive incoming calls on the phone using a SIM card.
Which of the following cellular technologies does the CEO’s phone need?
- A . WDMA
- B . CDMA
- C . GSM
- D . SLA
Correct Answer: C
C
Explanation:
GSM (Global System for Mobile communications) is the international standard that uses SIM cards to authenticate and connect phones to the cellular network. GSM allows users to place and receive calls while traveling globally, provided they have a SIM card. CDMA, on the other hand, does not use SIM cards in the same way and is primarily used in the United States. (Reference: CompTIA Network+ Study Guide, Chapter on Network Fundamentals)
C
Explanation:
GSM (Global System for Mobile communications) is the international standard that uses SIM cards to authenticate and connect phones to the cellular network. GSM allows users to place and receive calls while traveling globally, provided they have a SIM card. CDMA, on the other hand, does not use SIM cards in the same way and is primarily used in the United States. (Reference: CompTIA Network+ Study Guide, Chapter on Network Fundamentals)
Question #79
Which of the following cloud service models most likely requires the greatest up-front expense by the customer when migrating a data center to the cloud?
- A . Infrastructure as a service
- B . Software as a service
- C . Platform as a service
- D . Network as a service
Correct Answer: A
A
Explanation:
Reference: CompTIA Network+ Certification Exam Objectives – Cloud Models section.
A
Explanation:
Reference: CompTIA Network+ Certification Exam Objectives – Cloud Models section.
Question #80
A network administrator wants users to be able to authenticate to the corporate network using a port-based authentication framework when accessing both wired and wireless devices.
Which of the following is the best security feature to accomplish this task?
- A . 802.1X
- B . Access control list
- C . Port security
- D . MAC filtering
Correct Answer: A
A
Explanation:
A
Explanation: