CompTIA Network+ Practice Test (N10-009)
Use the form below to configure your CompTIA Network+ Practice Test (N10-009). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.

CompTIA Network+ N10-009 (V9) Information
The CompTIA Network+ N10-009 certification exam is a key credential for IT professionals specializing in network technologies and infrastructure. This exam assesses a candidate's ability to design, configure, manage, and troubleshoot wired and wireless network devices. Unlike more specialized certifications, the Network+ offers a broad foundation, making it ideal for early-career network technicians and administrators. It covers emerging technologies like cloud computing and virtualization, while also emphasizing traditional networking concepts and practices. By passing the N10-009 exam, candidates demonstrate their expertise in these areas, proving their readiness for roles such as network administrator, network field technician, and help desk technician.
The exam's content is divided into several key areas. Network architecture forms a significant part, where candidates must understand the design and implementation of functional networks, including network components and their roles in network services. Network security is also crucial, requiring knowledge of security concepts and protocols, as well as the skills to implement security features on network devices. The exam also tests on network operations and troubleshooting, focusing on monitoring tools, network performance optimization, and problem-solving techniques. Moreover, it includes newer areas like cloud computing and virtualization, reflecting the evolving nature of network technology. This wide-ranging scope ensures that professionals holding the Network+ certification are equipped to support and manage modern network environments effectively.
More reading:

Free CompTIA Network+ N10-009 (V9) Practice Test
- 20 Questions
- Unlimited
- Networking ConceptsNetwork ImplementationNetwork OperationsNetwork SecurityNetwork Troubleshooting
Which security property is primarily provided when data is encrypted as it traverses an untrusted network such as the internet?
Non-repudiation - it proves the sender cannot deny sending the data.
Availability - it prevents attackers from delaying or blocking the data.
Integrity - it ensures packets cannot be altered in transit.
Confidentiality - intercepted data remains unreadable without the decryption key.
Answer Description
Encrypting data in transit converts readable plaintext into ciphertext. Anyone who captures the traffic will see only encrypted data, which is unintelligible without the correct decryption key. Thus, encryption safeguards the confidentiality of the information. By itself, encryption does not guarantee availability, non-repudiation, or full integrity-additional mechanisms such as MACs or digital signatures are required for those properties.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between confidentiality and integrity in network security?
What role does a decryption key play in maintaining confidentiality?
How do additional mechanisms like MACs or digital signatures ensure integrity or non-repudiation?
Which scenario is most likely to result in significant interference in a wireless communication environment?
Setting excessively high transmission power on a wireless router
Deploying multiple access points with overlapping frequency channels
Implementing an incorrect subnet mask
Utilizing non-standard antennas for signal transmission
Answer Description
In wireless communication, using overlapping frequency channels is a prevalent cause of interference. This interference occurs because wireless signals on the same or closely overlapping frequencies can disrupt each other, leading to significant degradation in network performance. The selection of non-standard antennas, while impactful in signal propagation, doesn't directly relate to the interference between signals. Incorrect subnet masks affect network addressing but not signal interference. Setting high transmission power can cause interference with other devices but is less likely to be a direct issue than overlapping frequency channels.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why do overlapping frequency channels cause interference?
What are non-overlapping channels in wireless networks?
How does high transmission power affect wireless networks?
Which open-standard first hop redundancy protocol, defined in RFC 5798, allows multiple routers to share a virtual IP and MAC address so that hosts keep forwarding traffic even if the master router fails?
HSRP (Hot Standby Router Protocol)
RIP (Routing Information Protocol)
EIGRP (Enhanced Interior Gateway Routing Protocol)
VRRP (Virtual Router Redundancy Protocol)
Answer Description
Virtual Router Redundancy Protocol (VRRP) is an IETF-standard FHRP (RFC 5798) that lets two or more routers form a virtual default gateway. One router (the master) actively forwards traffic; if it goes down, another router in the group automatically takes over using the same virtual IP/MAC, so end-station traffic continues uninterrupted.
HSRP provides the same function but is Cisco-proprietary, so it is not the correct choice when the question specifies an open standard. RIP and EIGRP are dynamic routing protocols that exchange route information but do not offer default-gateway redundancy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is VRRP considered an open standard while HSRP is not?
How does VRRP ensure uninterrupted network traffic during a router failure?
What is the difference between VRRP and dynamic routing protocols like RIP and EIGRP?
A company's IT department is considering migrating their legacy software systems to a SaaS provider. They require a solution that not only reduces management overhead but also integrates seamlessly with their existing workflow tools. Which of the following would be a critical factor to consider while evaluating potential SaaS providers?
Availability of mobile support for iOS and Android devices
API accessibility and compatibility with their existing tools
The ability to scale storage requirements on-demand
Level of data encryption offered for stored and in-transit data
Answer Description
When selecting a SaaS provider for integrating with existing workflow tools, API accessibility and compatibility are crucial factors. A robust API enables seamless integration with existing systems, ensuring that data flows smoothly between the SaaS application and other enterprise tools. This compatibility helps in maintaining business processes without significant changes, which is vital for the effectiveness of the new software solution. While scalability, support for mobile platforms, and data encryption are important, they do not directly address the primary need for integration capabilities with existing workflow systems.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an API, and why is it crucial in SaaS integration?
How can API compatibility be tested before selecting a SaaS provider?
Why are scalability, mobile support, and encryption secondary in this scenario?
Which of the following scenarios represents the BEST approach for applying a newly released patch to critical network infrastructure software?
Testing the patch in a non-production environment prior to widespread deployment
Ignoring the patch until it has been available for several months to confirm it's stable
Applying the patch only to non-critical systems to observe its impacts before deciding on further action
Immediately applying it to all devices to ensure all security vulnerabilities are quickly mitigated
Answer Description
The best approach is to first test the patch in a controlled, non-production environment to verify that it does not introduce new issues. After testing confirms compatibility and stability, the patch can be safely deployed to production. Skipping testing could cause outages, while delaying patching for long periods leaves the infrastructure exposed to known vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is testing patches in a non-production environment important?
What risks are associated with skipping testing before patch deployment?
What is the difference between production and non-production environments?
A network administrator is setting up a wireless network in a busy office environment. The administrator wants to ensure that employee devices connect seamlessly to the strongest signal within the office without manually switching between multiple access points. What is the BEST configuration to use?
Use a single ESSID across all access points.
Assign a unique BSSID for each access point.
Configure each access point as a separate mesh network.
Implement band steering on all access points.
Answer Description
Configuring a single Extended Service Set Identifier (ESSID) allows multiple access points to appear as a single network to Wi-Fi devices, which enables seamless roaming within a network environment. Devices will automatically connect to the AP with the strongest signal using the same SSID. BSSID refers to the unique identifier of each individual access point and is not suitable for seamless integration of multiple APs. Band steering helps to manage the distribution of devices between different frequency bands (e.g., 2.4GHz and 5GHz) but won't assist in seamless connection to multiple access points under the same network identification. Network types such as Mesh or Infrastructure do not focus on SSID configuration and thus are incorrect in this context.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ESSID, and why is it used?
How does a BSSID differ from an ESSID?
What is Band Steering, and why is it not ideal for seamless roaming?
A network engineer is selecting appropriate cabling for a new data center. They need a solution that supports increased bandwidth over long distances and is less susceptible to electrical interference. Which type of cable best meets these requirements?
Multimode fiber
Coaxial cable
Single-mode fiber
Twinaxial cable
Answer Description
Single-mode fiber is the optimal choice for long-distance and high-bandwidth applications as it uses laser light to send signals, which allows for smaller modal dispersion over long distances compared to multimode fiber and other types of cables. This makes it ideal for large-scale data centers that require high-speed data transfer across long distances without susceptibility to electrical interference. Multimode fiber, while also resistant to electrical interference and useful for moderate distances, cannot maintain signal quality over as long distances as single-mode. Coaxial and Twinaxial cables are susceptible to electromagnetic interference and are generally used for shorter distances.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the primary difference between single-mode and multimode fiber?
Why is fiber optic cable less susceptible to electrical interference?
What factors determine the maximum distance a fiber optic cable can support?
A network administrator is setting up a network that must support both IPv4 and IPv6. Which configuration approach allows the network devices to process IPv4 and IPv6 packets simultaneously, optimizing the handling of traffic without the need for extra translation mechanisms?
Dual stack
NAT64
Tunneling
Answer Description
Dual stack is the correct choice as it allows devices to run IPv4 and IPv6 simultaneously, providing seamless communication compatibility with both protocols. Dual stack avoids the complexities and performance hits associated with translating between IPv4 and IPv6, aligning directly with the needs specified in the question. Tunneling, although a valid approach for supporting IPv4 and IPv6, involves encapsulating IPv6 packets within IPv4 packets (or vice versa), which can introduce additional overhead and complexity. NAT64, on the other hand, translates IPv6 addresses into IPv4 addresses, which is not required in scenarios where systems support both protocols natively as is the case in dual stack configurations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a dual stack configuration work in a network?
What are the main challenges of using tunneling instead of dual stack?
Why is NAT64 not suitable for networks with dual stack support?
A network administrator is setting up a new server and needs to ensure that LDAP services are enabled and accessible over a secure connection. Which port should the administrator ensure is open on the firewall to allow secure LDAP communication?
Port 636
Port 389
Port 443
Port 53
Answer Description
Port 636 is used for LDAP over SSL, often referred to as LDAPS. It ensures that the communication between the LDAP client and server is encrypted, providing confidentiality and integrity to the data exchanged. This is crucial for preventing unauthorized access and eavesdropping. Port 389, while commonly used for LDAP, transmits data in plain text and thus is not suitable for environments where security is a concern. Port 443 is generally used for HTTPS traffic, and Port 53 is for DNS services, neither of which are relevant to secure LDAP communications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is LDAP, and why is it important?
What is the difference between LDAP and LDAPS?
Why is port 636 specifically used for LDAPS?
A network technician is investigating a report that users in the marketing department (VLAN 20) can access servers in the finance department's network segment (VLAN 30). According to security policy, these two segments should be completely isolated from each other. The technician verifies that devices in both departments are receiving correct IP addresses from the DHCP server. What is the most likely cause of this security breach?
One or more switch ports for the marketing department have been assigned to the finance department's VLAN.
The default gateway is misconfigured on the marketing department's workstations.
An access control list (ACL) is missing from the core router's configuration.
A broadcast storm is occurring on the network due to a routing loop.
Answer Description
The correct answer is that one or more switch ports have been assigned to the wrong VLAN. VLANs (Virtual LANs) create logically separate networks on the same physical infrastructure. If a switch port used by a marketing department device is mistakenly assigned to the finance department's VLAN, that device will become part of the finance network segment, bypassing the intended security separation. A misconfigured default gateway or a routing loop would typically cause connectivity failures or performance degradation, not grant unintended access. While a missing access control list (ACL) on a router could also allow unwanted inter-VLAN traffic, the most fundamental cause for a device appearing in the wrong logical segment is an incorrect VLAN assignment on its switch port.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN and how does it work?
How can a switch port be assigned to a VLAN?
What is the role of an ACL in networking?
The IT team at a large retail company is reviewing its disaster-recovery strategy to meet the organization's requirement for moderate downtime after a disruption. They are considering implementing a warm site. Which of the following best describes the state of a warm site that they should expect?
Partially equipped with servers, network connections, and possibly some replicated data, but requires additional configuration before it can become fully operational.
Equipped only with the physical infrastructure and requires all servers, applications, and data to be restored before operations can resume.
Lacks any pre-installed hardware and is primarily an empty data center reserved for emergency use.
Fully operational with all services, applications, and data mirrored from the primary site and running in real time.
Answer Description
A warm site is a partially equipped recovery facility with pre-installed servers, network connectivity, and other core infrastructure. It usually has some software and configuration in place and may receive periodic-though not real-time-data replication. Because it is not maintained in full sync with the primary data center, the IT staff must perform additional configuration and restore recent data before the site can assume production workloads. This contrasts with a cold site, which has only basic infrastructure and no installed hardware or data, and a hot site, which is fully mirrored and ready for immediate failover.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the key difference between a warm site and a cold site?
How does a warm site compare to a hot site in terms of data replication?
Why might an organization choose a warm site over a hot site for disaster recovery?
An organization wishes to enforce policies that restrict access to sensitive resources from unauthorized network segments. Which security rule should primarily be configured to manage this access?
Disable unused ports
Access control list (ACL)
Content filtering
MAC filtering
Answer Description
An Access control list (ACL) is the correct answer because it is used to define which users or systems are granted access to specific resources. ACLs can restrict access to network resources based on IP addresses, protocols, or ports, effectively controlling which packets are allowed through a router or firewall. In contrast, MAC filtering is mainly used to allow or deny network access based on hardware addresses, which is less about resource-specific permissions and more about network access. Content filtering manages access to specific types of content rather than securing resources based on network segments. Disabling unused ports is a precautionary security measure to minimize unnecessary network entry points, but it does not involve resource access permissions between network segments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does an ACL work to control access to network resources?
What is the difference between standard and extended ACLs?
What are the best practices for configuring and managing ACLs?
A network administrator discovers that an Ethernet port on a managed switch is in a 'Suspended' state. What is the MOST likely reason for this port status?
LACP misconfiguration or negotiation failure
The port has exceeded its power over Ethernet (PoE) budget
Using an incorrect cable type, such as using UTP instead of STP
Mismatched VLAN assignments on the port
Answer Description
In a networking context, a port set to 'Suspended' typically indicates an issue with port aggregation protocols, such as LACP (Link Aggregation Control Protocol) misconfiguration or disagreement. This state can occur if the aggregation negotiation fails, which is crucial in scenarios where multiple links are combined to form a single logical link for bandwidth aggregation and redundancy. Answers involving VLAN mismatch or cable issues, though potentially valid troubleshooting considerations, are less directly associated with the 'Suspended' status, as these would more likely lead to different port statuses or error indications.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is LACP and why is it used?
How does LACP negotiation failure lead to a 'Suspended' port state?
How can a network administrator resolve LACP misconfiguration?
A network technician is tasked with setting up a network in a large data center. Given the need for high speed data transfer and distances that exceed 100 meters between devices, which type of cable should the technician use?
CAT5e
Multimode fiber
CAT6
Single-mode fiber
Answer Description
Single-mode fiber is the most suitable choice for this scenario because it provides a higher transmission rate and can cover long distances (beyond 100 meters) without signal degradation. Multimode fiber also supports high data rates but is typically used for shorter distances, such as connecting multiple adjacent racks in a datacenter. CAT5e and CAT6 cables are not feasible for lengths exceeding 100 meters as signal quality can degrade, especially at high data rates.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between single-mode fiber and multimode fiber?
Why do CAT5e and CAT6 cables have length limitations?
What are the advantages of using single-mode fiber in a data center?
During a network upgrade, a technician uses a cable tester to verify the new cabling installations. The tester identifies several failures. What type of issues CANNOT be directly detected using a standard cable tester?
Improper cable termination
Signal attenuation
Crossed wires
Short circuits
Answer Description
While a cable tester can effectively detect electrical problems, such as discontinuities, shorts, or miswirings (crossed or reversed wires), it cannot directly determine signal degradation issues like attenuation or interference. These types of problems require more advanced analysis typically provided by a network analyzer, which can measure the quality of signal transmission and identify disturbances or signal loss over a network cable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is signal attenuation in networking?
How does a cable tester work in detecting cable issues?
What tools can detect signal attenuation in a network?
A technician is configuring a server to send real-time financial data updates to a specific client workstation. What type of traffic should be used for this one-to-one communication to ensure that the data is delivered directly from the server to the specified workstation?
Anycast
Unicast
Broadcast
Multicast
Answer Description
Unicast is the ideal traffic type for one-to-one communications. It ensures that data packets are sent from one single host to one specific receiver, making it optimal for direct and private communication like sending updates from a server to a specific client workstation. Multicast, on the other hand, involves a one-to-many relationship where data is sent from one sender to multiple receivers subscribed to a specific group, which is not suitable for the scenario of a one-to-one, private data transaction. Broadcast traffic sends data to all nodes in a network segment indiscriminately, which is inefficient and insecure for targeted updates. Anycast allows routing to the nearest or best destination among multiple possible receivers; however, it is used predominantly in routing scenarios, not specific one-to-one transactions within the same network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main purpose of unicast traffic?
How does unicast differ from multicast traffic?
When might broadcast traffic be useful if unicast is for one-to-one communication?
Which transmission method uses the destination host's unique IP address and forwards traffic exclusively to that address?
Broadcast
Multicast
Anycast
Unicast
Answer Description
Unicast transmission is used when information needs to be sent from one source to one specific recipient, utilizing the unique IP address of the destination host. This contrasts with broadcast, which sends traffic to all hosts on a network, and multicast, which sends traffic to multiple specified hosts within a group but not to all nodes on the network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between unicast, broadcast, and multicast?
How does a network device know to use unicast versus broadcast or multicast?
Why is unicast transmission more common for internet communication?
While working in a corporate environment as a network administrator, you notice that several devices are unable to communicate with each other despite being connected to what you believe is the same VLAN. What command can you execute to verify VLAN assignments and troubleshoot the issue?
show interface
show config
show mac-address-table
show vlan
Answer Description
The 'show vlan' command is used on network switches to display VLAN configurations and assignments. It helps in verifying which ports are assigned to specific VLANs, essential for troubleshooting connectivity issues between devices. The command outputs the VLAN IDs, names, and associated ports, providing a clear view of the VLAN landscape to determine if devices are correctly categorized.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN and why is it important?
What specific output does the 'show vlan' command provide?
How does a mismatched VLAN configuration cause communication issues?
A company is negotiating a new contract with an Internet Service Provider (ISP) for increased bandwidth and improved uptime. What aspect of the service-level agreement (SLA) should be prioritized to ensure that network downtime impacts are minimized?
Disaster recovery options
24/7 customer support
Network uptime commitment
Early termination rights
Answer Description
The correct answer is 'Network uptime commitment', as it specifies the amount of time the network should be operational and accessible, which is critical for maintaining business operations. An SLA that includes a substantial uptime guarantee reduces potential disruptions caused by network outages. The option '24/7 customer support' is helpful but does not directly mitigate downtime impact, as support responsiveness does not govern the actual operational performance of the network. 'Disaster recovery options' are crucial in a broader context but pertain more to recovery post-incident rather than preventing downtime. 'Early termination rights' relate to contract flexibility rather than operational performance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an SLA in networking?
What does 'network uptime commitment' mean?
How is downtime calculated in an SLA?
A network administrator is troubleshooting issues on a network where newly installed security cameras are intermittently going offline. The PoE switch used supports a total of 185 watts, and there are 10 cameras, each requiring 20 watts. Which of the following actions should the administrator take to BEST resolve the power-budget-exceeded issue?
Install an additional PoE switch or replace it with one that supports a higher power budget
Adjust the camera settings to lower their power consumption
Prioritize power to critical cameras and turn off non-essential ones
Replace PoE cameras with non-PoE cameras
Answer Description
Installing an additional PoE switch or a switch with a higher power budget is the best solution because the existing switch cannot supply the 200 watts required by all ten cameras. The resulting power shortfall causes certain cameras to shut down intermittently. Lowering camera settings or prioritizing some cameras only sidesteps the underlying capacity problem, and replacing the cameras with non-PoE models would require separate power cabling without fixing the current PoE deficit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PoE and how does it work?
How can a network administrator calculate the power budget for PoE devices?
What are the standards for PoE, and how do they differ?
Neat!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.