CompTIA Network+ Practice Test (N10-009)
Use the form below to configure your CompTIA Network+ Practice Test (N10-009). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA Network+ N10-009 (V9) Information
The CompTIA Network+ N10-009 certification exam is a key credential for IT professionals specializing in network technologies and infrastructure. This exam assesses a candidate's ability to design, configure, manage, and troubleshoot wired and wireless network devices. Unlike more specialized certifications, the Network+ offers a broad foundation, making it ideal for early-career network technicians and administrators. It covers emerging technologies like cloud computing and virtualization, while also emphasizing traditional networking concepts and practices. By passing the N10-009 exam, candidates demonstrate their expertise in these areas, proving their readiness for roles such as network administrator, network field technician, and help desk technician.
The exam's content is divided into several key areas. Network architecture forms a significant part, where candidates must understand the design and implementation of functional networks, including network components and their roles in network services. Network security is also crucial, requiring knowledge of security concepts and protocols, as well as the skills to implement security features on network devices. The exam also tests on network operations and troubleshooting, focusing on monitoring tools, network performance optimization, and problem-solving techniques. Moreover, it includes newer areas like cloud computing and virtualization, reflecting the evolving nature of network technology. This wide-ranging scope ensures that professionals holding the Network+ certification are equipped to support and manage modern network environments effectively.
More reading:

Free CompTIA Network+ N10-009 (V9) Practice Test
- 20 Questions
- Unlimited
- Networking ConceptsNetwork ImplementationNetwork OperationsNetwork SecurityNetwork Troubleshooting
An organization has implemented SD-WAN to enhance network performance among its branch offices. The network administrator wants to ensure that specific types of network traffic are identified and given priority over others to meet performance requirements. Which SD-WAN feature enables this capability?
- You selected this option
Firewall filtering
- You selected this option
Link aggregation
- You selected this option
Application-aware routing
- You selected this option
Traditional static routing
Answer Description
Application-aware routing allows SD-WAN solutions to identify and classify network traffic based on the applications generating it. This enables the network to prioritize critical applications, ensuring they receive optimal bandwidth and low latency paths. Traditional static routing does not adapt to different traffic types dynamically. Link aggregation increases bandwidth by combining connections but doesn't prioritize specific traffic. Firewall filtering controls access based on security policies but doesn't prioritize or route traffic based on its nature.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does application-aware routing work in SD-WAN?
What is the difference between application-aware routing and traditional static routing?
What role does deep packet inspection (DPI) play in SD-WAN?
A network administrator is setting up a new DNS server that must act as the main, writable source for all DNS records within a company's domain. For redundancy, other DNS servers will replicate their zone data from this server. Which type of DNS zone must the administrator configure on this new server?
- You selected this option
Stub zone
- You selected this option
Reverse lookup zone
- You selected this option
Secondary zone
- You selected this option
Primary zone
Answer Description
A primary zone is the correct answer because it contains the master, writable copy of a domain's DNS records. It is the authoritative source from which secondary servers replicate data via zone transfers.
A secondary zone is incorrect because it is a read-only copy of a primary zone. While it provides authoritative answers, it cannot be the original, writable source of the records.
A reverse lookup zone is incorrect because its purpose is to map IP addresses back to domain names, not to serve as the primary source for name-to-IP resolutions.
A stub zone is incorrect because it only contains a partial list of records (NS, SOA, and glue A records) needed to identify the authoritative DNS servers for a zone, not the entire set of records for that zone.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a primary DNS zone and a secondary DNS zone?
What is the purpose of a reverse lookup zone in DNS?
When would you use a stub zone in DNS configurations?
Which of the following best describes the purpose of using a Variable Length Subnet Mask in IP networking?
- You selected this option
To increase the data transmission speed over the network
- You selected this option
To enhance network security by diversifying network broadcast domains
- You selected this option
To create subnets of different sizes based on the requirement of a particular network segment
- You selected this option
To reduce the number of routers needed in an organization
Answer Description
The primary purpose of a Variable Length Subnet Mask (VLSM) is to allow a network administrator to create subnets of varying sizes from a single network address. This flexibility ensures efficient use of the IP address space by tailoring the subnet size to the specific needs of each network segment, thereby minimizing wasted IP addresses. While network segmentation can improve security, it is not the main goal of VLSM. Furthermore, VLSM is a logical addressing scheme and does not affect data transmission speeds or the number of routers required in a network topology.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Variable Length Subnet Mask (VLSM)?
How does VLSM improve IP address efficiency?
What is the difference between VLSM and CIDR?
A company is planning to establish a secure connection between two of their branch offices over the internet. The network administrator has been tasked with choosing a protocol that encrypts and authenticates the data packet for secure transmission. Which protocol should be utilized?
- You selected this option
IPSec
- You selected this option
SSL/TLS
- You selected this option
GRE
- You selected this option
DHCP
Answer Description
IPSec is the correct choice because it is designed to provide security at the network layer. By encrypting and authenticating each IP packet of a communication session, IPSec ensures that the data remains confidential and has not been tampered with during transit. SSL/TLS, while also commonly used for encrypting connections, operates at a higher layer in the OSI model and is generally implemented for securing HTTP connections. GRE is a tunneling protocol used to encapsulate a wide variety of network layer protocols, but it does not inherently provide encryption or authentication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does IPSec do to secure data?
How is IPSec different from SSL/TLS?
Can GRE be used with IPSec for tunneling?
Which network topology combines elements from multiple different topologies to optimize performance and reliability?
- You selected this option
Mesh topology
- You selected this option
Point-to-point topology
- You selected this option
Star topology
- You selected this option
Hybrid topology
Answer Description
A hybrid topology is the combination of two or more different network topologies, such as star, mesh, or bus, into a single network. This approach allows for the benefits of each topology to be utilized, increasing the overall performance and reliability of the network. Star topology refers singularly to networks where each node is connected to a central node, not a combination. Mesh topology involves each node connecting directly to every other node, again not inherently combined with others. Point-to-point topology typically involves direct connections between two nodes, and does not represent a combination of multiple types.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why would someone use a hybrid topology instead of a single topology like star or mesh?
What are some disadvantages of using a hybrid topology?
Can you provide an example of a real-world use case for a hybrid topology?
A network administrator is setting up a server architecture where it is essential to ensure that if a data transmission is interrupted, the process can be resumed from the checkpoint rather than restarting. Which feature of the OSI model's Session layer is particularly useful to achieve this requirement?
- You selected this option
Synchronization
- You selected this option
Token management
- You selected this option
Dialog control
- You selected this option
Connection termination
Answer Description
The correct feature is 'synchronization', which provides a way for a session to insert checkpoints into data streams, thus allowing a restart at the last checkpoint in case of interruptions, without needing to resend all data. This is crucial in saving bandwidth and ensuring efficient communication. 'Dialog control' manages who can transmit data at a given time, and 'token management' mainly concerns with preventing overlap of communication but doesn't ensure data integrity through checkpoints. 'Connection termination' is a routine process to end a session, not related to handling interruptions in data transmission.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of synchronization in the OSI model?
How does the Session layer handle dialog control differently from synchronization?
Can synchronization checkpoints help with error recovery at other OSI layers?
What best describes the role of a Basic Service Set Identifier (BSSID) in a wireless network?
- You selected this option
It acts mainly as a security measure to prevent unauthorized access.
- You selected this option
It uniquely identifies each access point within a wireless network using a MAC-like address.
- You selected this option
It specifies the maximum capacity of connected devices within a network.
- You selected this option
It serves as the network name that is broadcasted by wireless routers.
Answer Description
The BSSID uniquely identifies each access point in a WLAN. It is a 48-bit identifier that follows MAC address conventions and allows client devices and administrators to distinguish between multiple access points broadcasting the same SSID. The SSID, by contrast, is the user-visible network name. While the BSSID is included in beacon and management frames, its primary purpose is identification, not capacity planning or direct security enforcement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a BSSID and an SSID?
How is a BSSID related to MAC addresses?
Why is the BSSID included in beacon and management frames?
A company has recently implemented a new Wi-Fi network in their office. Employees are experiencing intermittent connectivity and slow network performance. Investigation shows that the Wi-Fi access points are broadcasting on overlapping channels. Which of the following would be the best course of action to resolve this issue?
- You selected this option
Change the channels on the access points to non-overlapping settings such as channels 1, 6, and 11
- You selected this option
Change all Wi-Fi passwords to restrict network access
- You selected this option
Increase the signal strength of all access points to maximize coverage
- You selected this option
Reposition all access points to different locations within the office
Answer Description
Changing the channels on the access points to non-overlapping channels (e.g., channels 1, 6, and 11 in a 2.4 GHz band) will reduce interference among the signals, improving connectivity and performance. Channels 1, 6, and 11 do not overlap with each other in the frequency spectrum in the 2.4 GHz band, thereby minimizing the chance of cross-channel interference. Using other channels or repositioning the APs may not necessarily prevent overlap, depending on the other channels in use and physical characteristics of the office.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why do Wi-Fi channels overlap in a 2.4 GHz band?
How do non-overlapping channels improve Wi-Fi performance?
What are some differences between the 2.4 GHz and 5 GHz Wi-Fi bands?
A network administrator needs to configure a DNS record to associate a domain name with a mail server for their organization. Which DNS record type should they use to achieve this?
- You selected this option
CNAME (Canonical Name)
- You selected this option
MX (Mail Exchange)
- You selected this option
A (Address)
- You selected this option
TXT (Text)
Answer Description
The MX (Mail Exchange) record is used in DNS to specify the mail servers responsible for receiving email messages on behalf of a domain. This record is essential for directing email traffic correctly to the organization's mail servers. The A record links a domain to an IP address for general queries but is not specific for mail servers. The CNAME record creates an alias for another domain name, not specifically used for mail servers. Lastly, the TXT record is used for providing arbitrary text about a host, commonly for security data like SPF or DKIM, not for mail server specification.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are MX records used for in DNS?
How do MX records prioritize mail servers?
How are MX records different from A and CNAME records?
A network technician is troubleshooting an Ethernet network where some devices intermittently lose connectivity. After inspecting the network, the technician discovers that termination issues are present. Which of the following is the BEST action the technician should take next?
- You selected this option
Re-terminate all network cable connections correctly
- You selected this option
Inspect the network interface card (NIC) settings on affected devices
- You selected this option
Replace all the network cables with higher category cables
- You selected this option
Adjust the settings on network devices to compensate for connection weaknesses
Answer Description
Re-terminating the cable connections correctly is the most direct and effective way to address problems caused by improper termination. This ensures that the physical connections meet the required standards and can resolve connectivity issues. Changing cables might not solve the issue if the terminations remain incorrect. Adjusting device settings does not address the physical connection problems, and inspecting NIC settings should be considered only if there's evidence pointing specifically to NIC configuration errors after physical issues have been resolved.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'termination issues' mean in networking?
Why is re-terminating cables better than replacing them?
How do termination standards like T568A and T568B help in network cabling?
A network technician suspects issues with domain-name resolution in a client's network. Which software tool should primarily be used to diagnose problems related to DNS resolution?
- You selected this option
nslookup
- You selected this option
ping
- You selected this option
arp
- You selected this option
traceroute
Answer Description
The correct answer is "nslookup." This command-line utility is specifically designed to query the Domain Name System (DNS) for information such as hostname-to-IP mappings and other resource records, making it the most direct tool for troubleshooting DNS issues. "ping" tests basic reachability and measures round-trip time but does not reveal DNS records. "traceroute" (or "tracert" in Windows) maps the path packets take to a destination but likewise provides no detailed DNS record data. "arp" inspects or modifies the Address Resolution Protocol cache, which maps IP addresses to MAC addresses on a local network, and is unrelated to DNS.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNS resolution?
How does the nslookup command help troubleshoot DNS issues?
How is nslookup different from ping for network troubleshooting?
A network manager is setting up automated notifications for certain network events such as unexpected shutdowns or resource threshold breaches on network devices. Which feature should be configured to meet this need for immediate notifications?
- You selected this option
Authentication
- You selected this option
Community strings
- You selected this option
Management information base (MIB)
- You selected this option
Traps
Answer Description
Traps are the best choice because they allow network devices to send unsolicited alerts (or traps) to the network management system (NMS) when specific events occur, such as unexpected shutdowns or high resource usage. While the Management information base (MIB) provides the structure for network data and what can be monitored, it does not by itself enable or trigger alerts. Community strings function as passwords to authenticate access to a device's data and do not deal with alerts. Authentication techniques ensure secure communication in the network but are not directly responsible for triggering event-based notifications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Traps in SNMP?
What is the Management Information Base (MIB) in SNMP?
How do Community Strings work in SNMP?
A technician is replacing legacy wireless access points that were powered by IEEE 802.3af PoE (maximum 12.95 W delivered). The new access points require a minimum of 25 W at the device. Which PoE standard must the access-layer switches support to meet this requirement?
- You selected this option
IEEE 802.3at (PoE+)
- You selected this option
IEEE 802.3af (PoE)
- You selected this option
IEEE 802.3bt Type 3 (PoE++)
- You selected this option
IEEE 802.3ad (Link Aggregation)
Answer Description
IEEE 802.3at-commonly called PoE+-increases the maximum power budget per port to 30 W at the power-sourcing equipment (PSE) and guarantees up to 25.5 W at the powered device (PD). This meets the 25 W requirement. IEEE 802.3af supplies only up to 12.95 W at the PD, which is insufficient. IEEE 802.3bt Type 3 can also meet the need but exceeds it, and IEEE 802.3ad is a link-aggregation standard, not a PoE specification.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between IEEE 802.3af and IEEE 802.3at?
What does IEEE 802.3bt add compared to IEEE 802.3at?
Why is IEEE 802.3ad not relevant in this scenario?
To minimize the impact of malicious redirection of web traffic within a network, which of the following measures would MOST effectively authenticate legitimate responses?
- You selected this option
Regularly update antivirus software on client machines
- You selected this option
Increase the complexity of network passwords
- You selected this option
Implement and configure DNSSEC for servers
- You selected this option
Deploy network firewalls at key perimeter points
Answer Description
Implementing and configuring DNSSEC on servers targets the root cause of malicious traffic redirection by authenticating the origins of the data, ensuring that the data integrity is maintained. This specific alignment with protecting against unauthorized changes and redirection aids in counteracting the effects of malicious web traffic redirection techniques. Other options, while beneficial for overall security, do not specifically authenticate the source of web traffic data, which is crucial in mitigating this type of attack.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DNSSEC and how does it work?
Why don't firewalls or antivirus software prevent DNS-based attacks?
How does DNSSEC differ from regular DNS functionality?
A network administrator is configuring a server that needs to guarantee data delivery without errors, and in the correct order. Which protocol would be the most appropriate to prioritize these needs?
- You selected this option
IPSec
- You selected this option
UDP
- You selected this option
ICMP
- You selected this option
TCP
Answer Description
TCP is the correct answer because it provides features such as sequencing and acknowledgment, error detection and recovery, and flow control mechanisms. These features ensure that data packets are delivered in order and without errors. UDP, while faster due to non-existent overhead for connection setup and error handling, does not guarantee packet delivery or order, making it inappropriate for scenarios requiring reliable data transmission. ICMP, primarily used for diagnostic or control purposes, is not suitable for data transfer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does TCP provide guaranteed data delivery, and how does sequencing and acknowledgment work?
How does TCP compare to UDP in terms of reliability and speed?
What is the primary purpose of ICMP, and why is it unsuitable for reliable data delivery?
A network administrator suspects that a network issue is related to an incorrect configuration on a newly deployed router. After interviewing users and identifying the symptoms, the administrator has established a theory. What is the BEST next step to confirm if their theory about the router's configuration is the cause of the issue?
- You selected this option
Implement the suspected configuration changes on a test router or in a controlled segment of the network.
- You selected this option
Reboot the router to see if the problem persists.
- You selected this option
Replace the router with a different model to determine if the issue resolves.
- You selected this option
Analyze the router's log files for error messages.
Answer Description
The best step after forming a theory is to test the theory to determine the cause. This can be accomplished by implementing the suspected configuration changes in a controlled environment (for example, on a lab or test router) to see if the issue can be replicated and resolved. By validating the hypothesis in isolation, the administrator confirms whether the configuration is truly responsible without impacting production. Rebooting the router, analyzing logs, or replacing the device do not directly test the configuration theory and are therefore not the optimal next step.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a controlled segment of the network?
Why is testing configuration changes in a controlled environment better than rebooting the router?
How can router log files be useful if they don’t directly confirm configuration issues?
Considering a standard Class C network with the address 192.168.15.0, what would be the broadcast address for this network?
- You selected this option
192.168.15.255
- You selected this option
192.168.15.1
- You selected this option
192.168.255.255
- You selected this option
192.168.15.0
Answer Description
The broadcast address for any IPv4 subnet is obtained by setting all host bits to 1. For a standard Class C network, the default subnet mask is 255.255.255.0, so the host portion is the final octet. Setting those eight bits to 1 changes 192.168.15.0 to 192.168.15.255, which is the directed broadcast address for that subnet. The incorrect answers either identify the network address, the first usable host address, or the broadcast for a different subnet size.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a broadcast address and why is it important in networking?
How do you calculate the broadcast address for a subnet?
What is the difference between a network address and a broadcast address?
Which security property is primarily provided when data is encrypted as it traverses an untrusted network such as the internet?
- You selected this option
Integrity - it ensures packets cannot be altered in transit.
- You selected this option
Non-repudiation - it proves the sender cannot deny sending the data.
- You selected this option
Confidentiality - intercepted data remains unreadable without the decryption key.
- You selected this option
Availability - it prevents attackers from delaying or blocking the data.
Answer Description
Encrypting data in transit converts readable plaintext into ciphertext. Anyone who captures the traffic will see only encrypted data, which is unintelligible without the correct decryption key. Thus, encryption safeguards the confidentiality of the information. By itself, encryption does not guarantee availability, non-repudiation, or full integrity-additional mechanisms such as MACs or digital signatures are required for those properties.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between confidentiality and integrity in network security?
What role does a decryption key play in maintaining confidentiality?
How do additional mechanisms like MACs or digital signatures ensure integrity or non-repudiation?
A network administrator has recently applied several configurations to a core router to enhance its security setup. To ensure these configurations are properly applied and active on the router, which command should the administrator use?
- You selected this option
show interface
- You selected this option
show mac-address-table
- You selected this option
show config
- You selected this option
show power
Answer Description
The command show config
is used specifically to display the current configuration of a network device, making it the correct choice for verifying changes. This command outputs the entire or parts of the current running configuration, which is essential in auditing and troubleshooting practices. Alternatives like show interface
or show mac-address-table
target specific data that, while useful for other troubleshooting aspects, do not provide comprehensive configuration details necessary for verifying entire device settings.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the 'show config' command display?
How is 'show interface' different from 'show config'?
When would you use 'show mac-address-table'?
A company is redesigning their data center network architecture to reduce latency and enhance redundancy for handling large volumes of internal traffic. Which topology should they implement to best meet these requirements?
- You selected this option
Mesh
- You selected this option
Spine and leaf
- You selected this option
Point to point
- You selected this option
Star
Answer Description
The spine and leaf topology is ideal for modern data centers because it provides high-capacity, low-latency communication between servers. Each leaf switch connects directly to every spine switch, creating multiple equal-cost paths that minimize bottlenecks and increase fault tolerance compared with traditional three-tier or star designs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main advantage of a spine and leaf topology?
What is east-west traffic in data centers, and why does a spine and leaf topology handle it well?
How does redundancy work in a spine and leaf topology, and why is it important?
Woo!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.