CompTIA Network+ Practice Test (N10-009)

Before making any significant changes to a network's infrastructure, the first step under the change management process should always start with submitting a change request. This action ensures that all necessary approvals are obtained, and all impacts are assessed before any changes are implemented, minimizing potential disruptions. Just discussing potential changes informally does not provide proper documentation or authorization. Implementing changes directly or beginning with a risk assessment, though important, skips the initial necessary step of formally recording and initiating the process through an official change request.

This scenario describes a tabletop exercise, which is a discussion-based session where team members meet to discuss their roles and walk through the steps of a disaster recovery plan in response to a simulated event. It does not involve physical relocation or actual system recovery. A full-scale exercise would involve a hands-on, physical run-through. A hot site cutover is the actual process of switching to a live backup site. RPO (Recovery Point Objective) is a metric that defines the acceptable amount of data loss, not a type of exercise.

The correct answer is 'Baseline/golden configuration' because this refers to a benchmark configuration set that is known to work well under tested conditions and is used as a standard template to build new systems or restore existing systems after an outage. 'Development configuration' and 'Trial configuration' are not standard established terms in network management. 'Backup configuration' is used for recovery purposes and may not prescriptively be set as a standard template that is optimized and tested.

The CompTIA troubleshooting methodology emphasizes identifying what has changed as an early step. A server update is a significant change that can alter various configurations. Host-based firewall rules are frequently modified during operating system or application updates to enhance security, which can inadvertently block legitimate traffic. Therefore, checking for changes in the firewall configuration is the most logical first step. While other options could potentially cause connectivity issues, they are less directly associated with a recent server update compared to a firewall rule modification.

Network Address Translation (NAT) allows multiple devices on a private network to access the internet using a single public IP address. This is crucial for conserving IP addresses and for allowing an entire network to communicate to the outside world using a simple, singular address. NAT modifies the IP addresses of outgoing packets from a private network to appear as though they are originating from the router’s public IP address to external hosts. The other options describe different technologies or concepts that are not directly related to the specific function of NAT.

The Transport layer (Layer 4 of the OSI model) is responsible for providing mechanisms for data transfer sessions between hosts. It provides services such as connection-oriented data stream support, reliability, flow control, and error correction, all of which are essential for ensuring that data packets are transmitted reliably and in sequence. The Network layer primarily deals with logical addressing and routing, while the Data Link layer handles physical addressing, error notification, and ordered delivery of frames. The Physical layer deals with the transmission and reception of unstructured raw data over a network medium.

Ethernet can operate in either half-duplex or full-duplex mode. In half-duplex, a device can transmit or receive at any one time and relies on CSMA/CD to handle possible collisions. Full-duplex provides separate transmit and receive paths so both ends can send and receive simultaneously, eliminating collisions and effectively doubling the link's usable bandwidth. Because collisions cannot occur, CSMA/CD is disabled in full-duplex operation.

Twinaxial cables are typically used for short-distance connections between switches and servers within the same data center. This is because they provide high-speed data transmission with low latency and low interference, which is ideal for environments requiring high bandwidth over short distances. Fiber optic cables, though capable of high-speed data transmission, are generally used for longer distances due to their ability to transmit data over kilometers without significant loss. Coaxial cables are more commonly used in broadband connections, like cable internet services, not within data centers for connecting switches and servers. UTP cables are used widely in local area networks but do not match the speed and shielding advantages of twinaxial cables for data center applications.

LDAP (Lightweight Directory Access Protocol) is the correct answer because it is designed specifically for providing access to directory services over IP networks, making it a key tool in network administration for managing user identities and relations. LDAP typically operates on TCP port 389. DNS (Domain Name System), which operates on port 53, is primarily used for translating domain names into IP addresses. SSH (Secure Shell), which utilizes port 22, is used for secure remote logins and file transfers. HTTP (Hypertext Transfer Protocol), on port 80, is the foundation of data communication for the World Wide Web.

The Multi-fiber Push On (MPO) connector is the best choice for the scenario because it can combine up to 12 or more fibers in a single rectangular interface and is particularly designed for high-density and high-speed fiber optic connections, such as in data centers. Other connectors mentioned, like LC and SC, are typically used for single or dual fiber connections and would not offer the same level of density or simplified cable management as MPO in a data center environment.

Before deploying any patch, you must verify that it is compatible with the exact router model and operating-system version in use. Applying an incompatible image can corrupt the device, cause unexpected reboots, or introduce new faults, negating the security benefit and creating downtime. Reading release notes, rebooting after installation, and choosing an appropriate maintenance window are all good practices, but they come after you have confirmed that the patch will work on the target hardware and software.

A tabletop exercise is the correct answer because it involves a comprehensive review of the disaster recovery plan with the key personnel without causing any operational disruptions. This type of test uses simulations presented to the staff to walk through the steps theoretically. It is useful for examining the theoretical response of a team to a disaster in a controlled setting. Full-scale tests, while thorough, involve a real-world application that can affect actual operations, making them unsuitable for scenarios where disruption is a concern. Technical review typically involves checking the technical aspects of a DR plan rather than a functional test of the plan. Documentation review alone, which focuses only on verifying the documents, does not provide a simulation of disaster response.

An NS record designates the authoritative servers responsible for a domain's configurations, directing queries to the appropriate sources where detailed mappings are maintained. This facilitates domain management and ensures consistency in resolving queries. MX records direct mail traffic, CNAME records link an alias to a true name, and SRV records locate services — all these are important but functionally different from NS records.

The correct answer is '5 GHz'. In a crowded wireless environment where the 2.4 GHz band is saturated with signals from other networks and devices like microwaves and Bluetooth, the 5 GHz band is the best choice for deploying a new network. The 5 GHz band offers significantly more non-overlapping channels than the 2.4 GHz band, which drastically reduces co-channel and adjacent-channel interference, leading to better performance and stability. While the 6 GHz band (used by Wi-Fi 6E/7) offers even more channels and less congestion, it requires newer, more expensive client devices and access points, making 5 GHz the most practical and widely-supported choice for an immediate performance boost over 2.4 GHz. The 3.6 GHz frequency is not a standard band for IEEE 802.11 Wi-Fi networks.

An extended ACL entry must include the protocol keyword followed by the source and destination networks with their wildcard masks. The line "permit ip 10.10.10.0 0.0.0.255 192.168.5.0 0.0.0.255" allows any IP traffic originating from the 10.10.10.0/24 subnet to reach any host on the 192.168.5.0/24 subnet. Because an implicit "deny ip any any" follows the ACL, all other source networks are automatically blocked from reaching the server subnet. The other options either reverse the source and destination fields, permit all sources, or fail to limit the destination network, so they do not meet the requirement.

Industry and vendor guidance recommends capturing an automatic, event-driven backup immediately after each authorized configuration change. Doing so guarantees that the latest known-good state is available if a device fails, simplifies troubleshooting by providing a complete change history, and meets compliance requirements that mandate accurate configuration records. Periodic monthly backups, manual post-failure backups, or rarely updated baseline files leave significant gaps and may violate policy.

Secure Shell (SSH) creates an encrypted tunnel between the management workstation and the network device. This protects login credentials and subsequent command traffic from eavesdropping or tampering. Telnet sends data in plaintext, the console port does not traverse the IP network, and a browser-based GUI may or may not encrypt traffic depending on configuration but is not inherently command-line oriented.

The MX (Mail Exchange) record is used in DNS to specify the mail servers responsible for receiving email messages on behalf of a domain. This record is essential for directing email traffic correctly to the organization's mail servers. The A record links a domain to an IP address for general queries but is not specific for mail servers. The CNAME record creates an alias for another domain name, not specifically used for mail servers. Lastly, the TXT record is used for providing arbitrary text about a host, commonly for security data like SPF or DKIM, not for mail server specification.

TACACS+ provides granular control over individual commands, allowing network administrators to grant specific rights to users, making it distinct from other protocols that may only authenticate user access levels without such detailed control. This feature is particularly beneficial in environments that require precise user permissions or restrictions.

WPA-Personal, also called Pre-Shared Key (PSK) mode, relies on a single password that every authorized device must know. Because the passphrase is shared among all users, it is easy to deploy in homes and very small offices but offers weaker accountability and revocation than WPA/WPA2/WPA3-Enterprise, which authenticates each user individually through 802.1X and a RADIUS server. Open networks have no authentication at all, and 802.1X with EAP-TLS uses certificates per device rather than a shared secret.