CompTIA Network+ Practice Test (N10-009)

Application-aware routing allows SD-WAN solutions to identify and classify network traffic based on the applications generating it. This enables the network to prioritize critical applications, ensuring they receive optimal bandwidth and low latency paths. Traditional static routing does not adapt to different traffic types dynamically. Link aggregation increases bandwidth by combining connections but doesn't prioritize specific traffic. Firewall filtering controls access based on security policies but doesn't prioritize or route traffic based on its nature.

A primary zone is the correct answer because it contains the master, writable copy of a domain's DNS records. It is the authoritative source from which secondary servers replicate data via zone transfers.

A secondary zone is incorrect because it is a read-only copy of a primary zone. While it provides authoritative answers, it cannot be the original, writable source of the records.

A reverse lookup zone is incorrect because its purpose is to map IP addresses back to domain names, not to serve as the primary source for name-to-IP resolutions.

A stub zone is incorrect because it only contains a partial list of records (NS, SOA, and glue A records) needed to identify the authoritative DNS servers for a zone, not the entire set of records for that zone.

The primary purpose of a Variable Length Subnet Mask (VLSM) is to allow a network administrator to create subnets of varying sizes from a single network address. This flexibility ensures efficient use of the IP address space by tailoring the subnet size to the specific needs of each network segment, thereby minimizing wasted IP addresses. While network segmentation can improve security, it is not the main goal of VLSM. Furthermore, VLSM is a logical addressing scheme and does not affect data transmission speeds or the number of routers required in a network topology.

IPSec is the correct choice because it is designed to provide security at the network layer. By encrypting and authenticating each IP packet of a communication session, IPSec ensures that the data remains confidential and has not been tampered with during transit. SSL/TLS, while also commonly used for encrypting connections, operates at a higher layer in the OSI model and is generally implemented for securing HTTP connections. GRE is a tunneling protocol used to encapsulate a wide variety of network layer protocols, but it does not inherently provide encryption or authentication.

A hybrid topology is the combination of two or more different network topologies, such as star, mesh, or bus, into a single network. This approach allows for the benefits of each topology to be utilized, increasing the overall performance and reliability of the network. Star topology refers singularly to networks where each node is connected to a central node, not a combination. Mesh topology involves each node connecting directly to every other node, again not inherently combined with others. Point-to-point topology typically involves direct connections between two nodes, and does not represent a combination of multiple types.

The correct feature is 'synchronization', which provides a way for a session to insert checkpoints into data streams, thus allowing a restart at the last checkpoint in case of interruptions, without needing to resend all data. This is crucial in saving bandwidth and ensuring efficient communication. 'Dialog control' manages who can transmit data at a given time, and 'token management' mainly concerns with preventing overlap of communication but doesn't ensure data integrity through checkpoints. 'Connection termination' is a routine process to end a session, not related to handling interruptions in data transmission.

The BSSID uniquely identifies each access point in a WLAN. It is a 48-bit identifier that follows MAC address conventions and allows client devices and administrators to distinguish between multiple access points broadcasting the same SSID. The SSID, by contrast, is the user-visible network name. While the BSSID is included in beacon and management frames, its primary purpose is identification, not capacity planning or direct security enforcement.

Changing the channels on the access points to non-overlapping channels (e.g., channels 1, 6, and 11 in a 2.4 GHz band) will reduce interference among the signals, improving connectivity and performance. Channels 1, 6, and 11 do not overlap with each other in the frequency spectrum in the 2.4 GHz band, thereby minimizing the chance of cross-channel interference. Using other channels or repositioning the APs may not necessarily prevent overlap, depending on the other channels in use and physical characteristics of the office.

The MX (Mail Exchange) record is used in DNS to specify the mail servers responsible for receiving email messages on behalf of a domain. This record is essential for directing email traffic correctly to the organization's mail servers. The A record links a domain to an IP address for general queries but is not specific for mail servers. The CNAME record creates an alias for another domain name, not specifically used for mail servers. Lastly, the TXT record is used for providing arbitrary text about a host, commonly for security data like SPF or DKIM, not for mail server specification.

Re-terminating the cable connections correctly is the most direct and effective way to address problems caused by improper termination. This ensures that the physical connections meet the required standards and can resolve connectivity issues. Changing cables might not solve the issue if the terminations remain incorrect. Adjusting device settings does not address the physical connection problems, and inspecting NIC settings should be considered only if there's evidence pointing specifically to NIC configuration errors after physical issues have been resolved.

The correct answer is "nslookup." This command-line utility is specifically designed to query the Domain Name System (DNS) for information such as hostname-to-IP mappings and other resource records, making it the most direct tool for troubleshooting DNS issues. "ping" tests basic reachability and measures round-trip time but does not reveal DNS records. "traceroute" (or "tracert" in Windows) maps the path packets take to a destination but likewise provides no detailed DNS record data. "arp" inspects or modifies the Address Resolution Protocol cache, which maps IP addresses to MAC addresses on a local network, and is unrelated to DNS.

Traps are the best choice because they allow network devices to send unsolicited alerts (or traps) to the network management system (NMS) when specific events occur, such as unexpected shutdowns or high resource usage. While the Management information base (MIB) provides the structure for network data and what can be monitored, it does not by itself enable or trigger alerts. Community strings function as passwords to authenticate access to a device's data and do not deal with alerts. Authentication techniques ensure secure communication in the network but are not directly responsible for triggering event-based notifications.

IEEE 802.3at-commonly called PoE+-increases the maximum power budget per port to 30 W at the power-sourcing equipment (PSE) and guarantees up to 25.5 W at the powered device (PD). This meets the 25 W requirement. IEEE 802.3af supplies only up to 12.95 W at the PD, which is insufficient. IEEE 802.3bt Type 3 can also meet the need but exceeds it, and IEEE 802.3ad is a link-aggregation standard, not a PoE specification.

Implementing and configuring DNSSEC on servers targets the root cause of malicious traffic redirection by authenticating the origins of the data, ensuring that the data integrity is maintained. This specific alignment with protecting against unauthorized changes and redirection aids in counteracting the effects of malicious web traffic redirection techniques. Other options, while beneficial for overall security, do not specifically authenticate the source of web traffic data, which is crucial in mitigating this type of attack.

TCP is the correct answer because it provides features such as sequencing and acknowledgment, error detection and recovery, and flow control mechanisms. These features ensure that data packets are delivered in order and without errors. UDP, while faster due to non-existent overhead for connection setup and error handling, does not guarantee packet delivery or order, making it inappropriate for scenarios requiring reliable data transmission. ICMP, primarily used for diagnostic or control purposes, is not suitable for data transfer.

The best step after forming a theory is to test the theory to determine the cause. This can be accomplished by implementing the suspected configuration changes in a controlled environment (for example, on a lab or test router) to see if the issue can be replicated and resolved. By validating the hypothesis in isolation, the administrator confirms whether the configuration is truly responsible without impacting production. Rebooting the router, analyzing logs, or replacing the device do not directly test the configuration theory and are therefore not the optimal next step.

The broadcast address for any IPv4 subnet is obtained by setting all host bits to 1. For a standard Class C network, the default subnet mask is 255.255.255.0, so the host portion is the final octet. Setting those eight bits to 1 changes 192.168.15.0 to 192.168.15.255, which is the directed broadcast address for that subnet. The incorrect answers either identify the network address, the first usable host address, or the broadcast for a different subnet size.

Encrypting data in transit converts readable plaintext into ciphertext. Anyone who captures the traffic will see only encrypted data, which is unintelligible without the correct decryption key. Thus, encryption safeguards the confidentiality of the information. By itself, encryption does not guarantee availability, non-repudiation, or full integrity-additional mechanisms such as MACs or digital signatures are required for those properties.

The command show config is used specifically to display the current configuration of a network device, making it the correct choice for verifying changes. This command outputs the entire or parts of the current running configuration, which is essential in auditing and troubleshooting practices. Alternatives like show interface or show mac-address-table target specific data that, while useful for other troubleshooting aspects, do not provide comprehensive configuration details necessary for verifying entire device settings.

The spine and leaf topology is ideal for modern data centers because it provides high-capacity, low-latency communication between servers. Each leaf switch connects directly to every spine switch, creating multiple equal-cost paths that minimize bottlenecks and increase fault tolerance compared with traditional three-tier or star designs.