CompTIA Network+ Practice Test (N10-009)
Use the form below to configure your CompTIA Network+ Practice Test (N10-009). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA Network+ N10-009 (V9) Information
The CompTIA Network+ N10-009 certification exam is a key credential for IT professionals specializing in network technologies and infrastructure. This exam assesses a candidate's ability to design, configure, manage, and troubleshoot wired and wireless network devices. Unlike more specialized certifications, the Network+ offers a broad foundation, making it ideal for early-career network technicians and administrators. It covers emerging technologies like cloud computing and virtualization, while also emphasizing traditional networking concepts and practices. By passing the N10-009 exam, candidates demonstrate their expertise in these areas, proving their readiness for roles such as network administrator, network field technician, and help desk technician.
The exam's content is divided into several key areas. Network architecture forms a significant part, where candidates must understand the design and implementation of functional networks, including network components and their roles in network services. Network security is also crucial, requiring knowledge of security concepts and protocols, as well as the skills to implement security features on network devices. The exam also tests on network operations and troubleshooting, focusing on monitoring tools, network performance optimization, and problem-solving techniques. Moreover, it includes newer areas like cloud computing and virtualization, reflecting the evolving nature of network technology. This wide-ranging scope ensures that professionals holding the Network+ certification are equipped to support and manage modern network environments effectively.
More reading:

Free CompTIA Network+ N10-009 (V9) Practice Test
- 20 Questions
- Unlimited
- Networking ConceptsNetwork ImplementationNetwork OperationsNetwork SecurityNetwork Troubleshooting
Which of the following measures best supports the integrity component of the CIA triad, ensuring that data remains unaltered during transmission?
Implementing robust firewall rules to regulate network traffic
Encrypting data using robust encryption algorithms
Using hash functions to verify the data integrity
Enforcing multi-factor authentication for data access
Answer Description
Using hash functions is the best measure to support integrity as they generate a fixed-size string (hash) based on the data input. If even a single bit of the data changes, the resulting hash will change significantly. This allows any alterations in data to be easily detected, thus maintaining integrity. Encrypting data, while crucial for confidentiality, does not primarily ensure integrity as it does not necessarily reveal data modifications. Enforcing strong authentication measures mainly enhances security by verifying user identity, addressing access control more squarely than data integrity itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the CIA triad in cybersecurity?
How do hash functions ensure data integrity?
Why is encryption not sufficient to guarantee data integrity?
Which feature best identifies the principal function of the Authentication Header (AH) in IPsec?
It provides high-speed transmission of IP packets.
It ensures integrity and authentication of IP packets.
It encrypts data payload in each IP packet.
It optimizes network traffic by prioritizing data packets.
Answer Description
The Authentication Header primarily provides integrity and authentication of IP packets. It does this by appending a header to each packet, which ensures that the packet has not been altered during transit and that the source is authenticated. While encryption might secure a packet's content, AH does not provide encryption services; that is a function of the Encapsulating Security Payload (ESP). Similarly, AH does not specifically optimize network traffic or enhance transmission speed; these are not functions of the IPsec Authentication Header.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between the Authentication Header (AH) and Encapsulating Security Payload (ESP)?
How does the Authentication Header (AH) ensure integrity of IP packets?
In which scenarios would you use AH instead of ESP in IPsec?
Your company is expanding its internal data center setup, which includes multiple servers that handle sensitive information. These servers require configuration to ensure they are isolated from direct internet access. What type of network address should be assigned to maintain their inaccessibility from the global web?
APIPA addresses
Externally routable RFC 1918 addresses
Public network addresses
Private network addresses
Answer Description
Private network addresses, as defined by RFC 1918, are used for internal networks and are not routable on the public internet. Assigning these addresses ensures the servers are isolated from direct external connections, enhancing security. Public network addresses are globally routable and would expose the servers to the internet. APIPA addresses are used as a fallback when a DHCP server is unavailable and are not suitable for a planned data center configuration. The term "Externally routable RFC 1918 addresses" is a contradiction, as these address ranges are specifically designated as non-routable on the global internet.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are private network addresses and why are they important?
What is RFC 1918, and how does it relate to private IPs?
How does Network Address Translation (NAT) work with private IPs?
A network administrator at a large organization notices a rapid increase in the number of devices needing network access, pushing the network's capacity limits. Which solution best addresses this scenario to prevent running out of network addresses?
Applying more stringent subnetting strategies
Using Network Address Translation
Assigning only private address ranges within the network
Implementing IPv6 addressing to expand the network address space
Answer Description
Implementing IPv6 addressing provides a massively larger address space (128-bit) compared to IPv4's 32-bit space, eliminating the risk of address exhaustion.
Why other answers are incorrect:
- Network Address Translation (NAT) conserves public IPv4 addresses by letting many hosts share one public address, but it does not create additional addresses.
- More stringent subnetting can allocate the existing space more efficiently but cannot increase the total number of addresses.
- Assigning only private address ranges avoids using public addresses on internal networks but still depends on a limited pool of public IPv4 addresses for external communication.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does IPv6 have a much larger address space than IPv4?
What are the advantages of IPv6 over IPv4 besides the larger address space?
How does Network Address Translation (NAT) differ from IPv6 addressing as a solution for address exhaustion?
A network engineer needs to update the firmware of several low-storage network devices in a resource-constrained environment. The devices do not require secure file transfers. Which protocol is the most suitable for performing these updates?
Secure File Transfer Protocol (SFTP)
File Transfer Protocol (FTP)
Hypertext Transfer Protocol (HTTP)
Trivial File Transfer Protocol (TFTP)
Answer Description
TFTP is most suitable for this scenario because it uses minimal network traffic for file transfers, which is ideal for environments with limited resources and devices with low storage. It provides a straightforward method without the complexity and overhead associated with more robust file transfer protocols, making it suitable for simple tasks like firmware updates where security is not a concern.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is TFTP, and how does it differ from FTP?
Why is TFTP suitable for resource-constrained environments?
What are the limitations of using TFTP compared to other protocols like SFTP or HTTP?
Your company recently implemented a new network monitoring system. As the network administrator, you are responsible for establishing baseline metrics for network performance. Which of the following metrics would be MOST appropriate to use as a baseline metric?
Network uptime percentage
Packet loss percentage
Average CPU usage of network devices
Number of active user connections
Answer Description
Packet loss percentage is the correct answer because it provides a direct indication of network quality and efficiency, crucial for establishing a performance baseline. High packet loss can significantly affect the quality of service, making it a vital metric for alarm thresholds and troubleshooting. Network uptime, while important, is more of a reliability or availability metric, not a baseline metric used for performance anomalies. The number of active connections can vary greatly and does not necessarily indicate performance issues. Average CPU usage is a device health metric, not a direct measure of network traffic performance, although it can be a cause of performance degradation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is packet loss percentage considered a critical baseline metric?
How does packet loss differ from latency in network performance monitoring?
What tools can be used to monitor and measure packet loss on a network?
A company is negotiating a new contract with an Internet Service Provider (ISP) for increased bandwidth and improved uptime. What aspect of the service-level agreement (SLA) should be prioritized to ensure that network downtime impacts are minimized?
Early termination rights
24/7 customer support
Disaster recovery options
Network uptime commitment
Answer Description
The correct answer is 'Network uptime commitment', as it specifies the amount of time the network should be operational and accessible, which is critical for maintaining business operations. An SLA that includes a substantial uptime guarantee reduces potential disruptions caused by network outages. The option '24/7 customer support' is helpful but does not directly mitigate downtime impact, as support responsiveness does not govern the actual operational performance of the network. 'Disaster recovery options' are crucial in a broader context but pertain more to recovery post-incident rather than preventing downtime. 'Early termination rights' relate to contract flexibility rather than operational performance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an SLA in networking?
What does 'network uptime commitment' mean?
How is downtime calculated in an SLA?
What is the primary purpose of implementing link aggregation in a network environment?
To increase bandwidth and provide redundancy by combining multiple network links into a single logical link
To prevent IP address conflicts between devices on the same network
To segment network traffic for security and performance enhancement
To act as a traffic handler that determines the most efficient data paths
Answer Description
Link aggregation allows multiple network connections to be combined into a single group, providing increased data rates and redundancy to improve network performance and reliability. This technique does not primarily focus on resolving IP conflicts which is typically handled by network protocols and subnetting strategies, nor does it segment a network like VLANs or directly manage traffic as a router does.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is link aggregation?
How does link aggregation increase redundancy?
What is LACP, and how does it relate to link aggregation?
What best describes static routing in network configurations?
Routes are automatically updated based on network traffic and topology changes
Routes are manually configured and updated by a network administrator
Routes use bandwidth and delay statistics among other factors to determine the best path
Routing decisions are made based on the real-time analysis of the network’s state
Answer Description
Static routing involves manual entry of routes into a network router's routing table by the network administrator. This method depends on pre-determined paths set by the admin and does not change unless manually updated. This contrasts with dynamic routing where routes are automatically updated based on changes in the network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the main advantages and disadvantages of static routing?
How does static routing differ from dynamic routing in practical scenarios?
What tools or commands are used to configure static routing on a router?
What is typically the goal of an unauthorized server that assigns network configurations to clients?
To increase network efficiency by providing backup configuration services
To filter and secure network traffic
To disrupt network operations by issuing incorrect network information
To monitor network performance and traffic
Answer Description
An unauthorized server that assigns network configurations, such as a rogue DHCP server, often intercepts or disrupts network traffic by providing incorrect configurations to clients. This misdirection can lead to man-in-the-middle attacks or other security breaches, highlighting why understanding this threat is crucial. The incorrect answers do not accurately describe the primary malicious intent of such a server.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a rogue DHCP server?
What is a man-in-the-middle attack?
How can network administrators detect and prevent rogue DHCP servers?
Which network topology combines elements from multiple different topologies to optimize performance and reliability?
Star topology
Hybrid topology
Mesh topology
Point-to-point topology
Answer Description
A hybrid topology is the combination of two or more different network topologies, such as star, mesh, or bus, into a single network. This approach allows for the benefits of each topology to be utilized, increasing the overall performance and reliability of the network. Star topology refers singularly to networks where each node is connected to a central node, not a combination. Mesh topology involves each node connecting directly to every other node, again not inherently combined with others. Point-to-point topology typically involves direct connections between two nodes, and does not represent a combination of multiple types.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why would someone use a hybrid topology instead of a single topology like star or mesh?
What are some disadvantages of using a hybrid topology?
Can you provide an example of a real-world use case for a hybrid topology?
A company's website suddenly experiences an inordinate amount of traffic, causing it to respond exceedingly slowly or go offline entirely. What type of attack is most likely occurring?
MAC flooding
ARP poisoning
Denial-of-Service (DoS) attack
Rogue AP
Answer Description
A Denial-of-Service (DoS) attack is intended to make a server or network resource unavailable to users, typically by overwhelming it with excessive requests until it can no longer respond effectively. The sudden spike in traffic and degradation of service mentioned in the scenario is characteristic of a DoS attack. ARP poisoning is a threat that affects data integrity by redirecting network traffic to an attacker, which is different from overwhelming a service with traffic. MAC flooding aims to saturate a switch's MAC address table, forcing it to broadcast traffic to all ports, which is a different mechanism and goal than the one described. A Rogue AP is an unauthorized access point that provides a vector for various other attacks but does not in itself cause a massive flood of traffic to a specific web server.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different types of DoS attacks?
How does a DoS attack differ from a DDoS attack?
What are some common tools used to detect and prevent DoS attacks?
A network administrator needs to integrate several third-party monitoring tools with the company's proprietary network management system to enable automated data exchange and control. Which of the following would be the BEST option to accomplish this deep integration?
Utilizing the APIs provided by the network management system
Using a standard GUI for manual data entry
Establishing a Syslog server to collect network logs
Configuring SNMP traps on network devices
Answer Description
Using APIs (Application Programming Interfaces) provided by the network management system allows for seamless integration between third-party tools and proprietary systems. APIs act as a bridge, facilitating secure and efficient data exchange and enabling automation and enhanced functionality across different platforms, making them the optimal choice for integrating diverse system components. SNMP, while useful for gathering network status and metrics, does not offer the same level of deep integration or control capabilities as APIs. Syslog is primarily used for collecting and forwarding log messages and does not support the direct, interactive integration required in the scenario. Manual data entry via a GUI is inefficient, error-prone, and the opposite of automation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are APIs, and why are they important for system integration?
How does SNMP differ from APIs when managing network systems?
What role does Syslog play in network management, and why isn’t it ideal for integration?
A company's disaster recovery team meets in a conference room to walk through the procedures of a disaster recovery plan after a simulated server failure. The team discusses their roles and the expected sequence of events without using any actual equipment or relocating to a backup site. Which of the following DR concepts does this scenario describe?
Hot site cutover
RPO validation
Full-scale exercise
Tabletop exercise
Answer Description
This scenario describes a tabletop exercise, which is a discussion-based session where team members meet to discuss their roles and walk through the steps of a disaster recovery plan in response to a simulated event. It does not involve physical relocation or actual system recovery. A full-scale exercise would involve a hands-on, physical run-through. A hot site cutover is the actual process of switching to a live backup site. RPO (Recovery Point Objective) is a metric that defines the acceptable amount of data loss, not a type of exercise.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of a tabletop exercise?
How does a full-scale exercise differ from a tabletop exercise?
What is RPO, and why is it not relevant to this scenario?
A network administrator is setting up a system to streamline the deployment of repeated tasks across multiple devices in a network. Which of the following options is the BEST solution to achieve this with a focus on infrastructure as code?
Upgrading device firmware manually
Utilizing network playbooks to automate repeated tasks
Increasing bandwidth capacity
Implementing a strict network policy
Answer Description
Playbooks, in the context of Infrastructure as Code, allow network administrators to automate and reapply configurations across multiple devices efficiently. They are designed to execute a series of tasks, making them ideal for scalable and repetitive deployment scenarios. Other options, although useful in network management, do not directly align with the need for repeatable task automation in the same way that playbooks do.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are network playbooks, and how do they work in automation?
What is Infrastructure as Code (IaC), and why is it important in network automation?
What are some common tools used for writing and executing network playbooks?
A company is redesigning their data center network architecture to reduce latency and enhance redundancy for handling large volumes of internal traffic. Which topology should they implement to best meet these requirements?
Spine and leaf
Star
Mesh
Point to point
Answer Description
The spine and leaf topology is ideal for modern data centers because it provides high-capacity, low-latency communication between servers. Each leaf switch connects directly to every spine switch, creating multiple equal-cost paths that minimize bottlenecks and increase fault tolerance compared with traditional three-tier or star designs.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main advantage of a spine and leaf topology?
What is east-west traffic in data centers, and why does a spine and leaf topology handle it well?
How does redundancy work in a spine and leaf topology, and why is it important?
A network administrator is planning to update the configurations on several critical network devices. To adhere to best practices in configuration management, what is the most important action that should be performed before applying the new configurations?
Increase the network monitoring level
Make notes of current performance metrics
Back up the current configurations
Inform the IT department about the change
Answer Description
It is essential to back up the current configurations before any changes are made. This allows the network to be restored to its previous state if the new configurations lead to issues or failures. This practice ensures minimal service disruption and provides a recovery point. Making notes of performance metrics helps to compare before and after states but does not safeguard against configuration errors. While informing the IT team is a good practice for awareness, it does not directly protect against potential configuration issues.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is backing up configurations before changes considered a best practice?
What tools or methods can be used to back up network configurations?
How often should network configurations be backed up?
A network administrator is reviewing performance metrics of a corporate network and notices that during peak usage times, there is a significant slowdown in data transfer rates between the database server and client computers. The administrator suspects a potential bottleneck in the network. What is the most effective initial action to confirm and locate the bottleneck?
View system logs on servers for error messages
Replace older network cables with Category 6 cables
Immediately implement Quality of Service (QoS) configurations
Analyze utilization statistics on network switches
Answer Description
Analyzing the utilization statistics on network switches provides immediate and relevant information to identify high traffic flows and overloaded pathways, which are indicative of a bottleneck. This approach targets the specific area of concern quickly and efficiently. Viewing system logs on servers might not directly pinpoint network bottlenecks, although server issues can indirectly affect network performance. Implementing QoS helps manage traffic prioritization but does not identify existing bottlenecks. Similarly, replacing network cables is a premature action without confirming they are the source of the bottleneck.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to analyze utilization statistics on network switches?
Why are Quality of Service (QoS) configurations not the best initial action for bottlenecks?
How do high traffic flows indicate a bottleneck in network switches?
A network administrator is setting up access control for highly sensitive financial records that should be accessible only to the company's executive team. Which of the following methods would be the most appropriate to enforce strict access based on predefined permissions and roles?
Discretionary Access Control (DAC)
Mandatory Access Control (MAC)
Attribute-Based Access Control (ABAC)
Role-Based Access Control (RBAC)
Answer Description
Role-Based Access Control (RBAC) is the most suitable choice because it assigns permissions according to the roles that users hold within an organization. In this scenario, a single role such as "executive" can be granted the necessary rights, ensuring that only those users can see the records.
- Mandatory Access Control (MAC) is highly secure and label-oriented but is designed around fixed classification levels and can be cumbersome to adjust for changing organizational roles.
- Discretionary Access Control (DAC) leaves permission decisions to resource owners, which is more flexible but less stringent and can lead to accidental over-sharing.
- Attribute-Based Access Control (ABAC) offers very fine-grained, attribute-driven policies, but that level of complexity is unnecessary when a straightforward role assignment meets the requirements.
Therefore, RBAC best matches the need for role-centric, easily managed restrictions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does Role-Based Access Control (RBAC) differ from Attribute-Based Access Control (ABAC)?
Why is Mandatory Access Control (MAC) not ideal for this scenario?
What are the potential risks of using Discretionary Access Control (DAC) for sensitive data?
A company's IT department noticed suspicious activity indicating that an external party might have unauthorized access to network resources. The IT staff observed unusual outbound traffic patterns, particularly large amounts of data being sent to unfamiliar IP addresses. Which type of network threat is most likely occurring in this scenario?
Phishing
ARP spoofing
Rogue AP
Data exfiltration
Answer Description
The correct answer is "Data exfiltration," which involves the unauthorized transfer of data from a computer or other device to an external location or party. The observed signs-large, unusual outbound traffic to unfamiliar IP addresses-typically indicate that data is being intentionally siphoned out of the network. "ARP spoofing" primarily redirects traffic within the local network and does not directly explain the large outbound data flow. "Phishing" deceives individuals into disclosing sensitive data, but it does not inherently cause sustained outbound transfers. "Rogue AP" refers to unauthorized wireless access points inside or near the environment; while it can facilitate attacks, it does not itself explain the observed bulk data transmissions to external addresses.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is data exfiltration?
How can IT professionals detect data exfiltration?
What are common methods attackers use for data exfiltration?
Neat!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.