CompTIA Network+ Practice Test (N10-009)

802.1X provides an authentication framework that allows network devices, such as switches and wireless access points, to become part of an authentication process before allowing further access to the network. This protocol works by encapsulating and transporting the authentication data between the client and the authentication server, typically using the Extensible Authentication Protocol (EAP). Port-based Network Access Control is a feature of 802.1X that denies all access to the network via the port to which the client is connected until the client's identity is verified and authorized. This involves blocking all traffic, except authentication messages, until the client is authenticated, serving to prevent unauthorized access. The other options, while related to network security, do not directly describe the function of 802.1X as thoroughly or accurately.

Setting the MTU to match the smallest allowed data packet size in the network minimizes fragmentation. In settings with a combination of higher and lower capacity links, selecting the MTU of the smaller links as the standard avoids fragmentation that could occur if packets allowed by larger capacity links are too big to be handled by the smaller links without being broken up.

The three-way handshake is essential for establishing a reliable connection between a client and server. This process involves sending a SYN packet, receiving a SYN-ACK in response, and then sending an ACK. If any part of this handshake fails, the connection will not be established reliably, which could lead to the intermittent connection issues observed. The other options do not directly affect the fundamental establishment of connections. Window scaling impacts flow control but not the initial connection establishment. Keepalive messages are used to maintain a connection but not in establishing one. Checksums ensure data integrity rather than connection reliability.

The primary purpose of key management in network security is to handle cryptographic keys in a secure manner. This involves the generation, distribution, storage, rotation, and destruction of keys, ensuring they remain protected throughout their lifecycle. Secure key management helps prevent unauthorized access and maintains the integrity of encrypted data. The incorrect answers address auditing (reviewing compliance), authentication (verifying identities), and defining security rules-all important tasks but different from managing cryptographic keys.

Encrypting data in transit converts readable plaintext into ciphertext. Anyone who captures the traffic will see only encrypted data, which is unintelligible without the correct decryption key. Thus, encryption safeguards the confidentiality of the information. By itself, encryption does not guarantee availability, non-repudiation, or full integrity-additional mechanisms such as MACs or digital signatures are required for those properties.

The correct answer is to configure each access point with the same SSID on different, non-overlapping channels. An Extended Service Set (ESS) allows multiple access points to use the same network name (SSID), making them appear as a single, large network. This enables client devices to roam seamlessly from one access point to another. To prevent signal interference and performance degradation between adjacent access points, they must be set to different, non-overlapping channels (e.g., 1, 6, and 11 for 2.4 GHz Wi-Fi). Configuring APs with the same channel would cause co-channel interference. BSSIDs are the unique MAC addresses of the access points and cannot be configured to be the same.

The correct technique to implement in this scenario is Port Address Translation (PAT).

Port Address Translation allows multiple devices on a local network to share a single public IP address when accessing the internet. PAT works by assigning a unique port number to each outgoing connection, so the edge router can track and manage traffic between internal private IP addresses and external public IP communications. This makes it especially useful for small businesses with limited public IPs.

The other options are not suitable for this specific use case:

• VLAN tagging is used for segmenting network traffic within a LAN, not for internet access sharing.
• Dynamic routing helps routers share routing information but does not manage IP address translation.
• Dynamic Host Configuration Protocol (DHCP) assigns IP addresses to devices within a network, but it does not handle public IP sharing.

Therefore, Port Address Translation (PAT) is the correct choice.

Packet loss fundamentally means that data packets fail to reach their destination, resulting in incomplete data transmission. This is directly observed as intermittent errors, such as glitches in video or audio streams. While packet loss can cause increased latency, the latency is a secondary effect resulting from the time it takes for a protocol like TCP to retransmit the lost packets. Enhanced bandwidth utilization is incorrect; in fact, retransmissions caused by packet loss consume more bandwidth, leading to inefficient use. Encryption protocols are related to data security, not the physical delivery of packets.

An asset inventory explicitly lists all the hardware within an organization, including details about warranty support, which is crucial for understanding which devices are currently under warranty before planning hardware updates. Hence, it facilitates informed decisions about upgrades or replacements if warranty support is nearing an end. Physical and logical diagrams, though useful for understanding network connectivity and layout, do not typically include warranty information. IPAM tools are primarily used for managing IP addresses and do not include hardware warranty details.

WPA3 provides enhanced security features compared to WPA2, including improved protections against brute-force attacks and better data encryption. WPA2, while still secure, is older and potentially vulnerable to security exploits that have been addressed in WPA3. WEP is outdated and highly insecure, with many vulnerabilities that can be exploited easily. WPA-PSK offers a decent security level but lacks the advanced features and strength of WPA3, making it less ideal for environments requiring robust security measures.

BGP (Border Gateway Protocol) is the standard protocol used to exchange routing information between different autonomous systems on the internet, making it the appropriate choice for a router that needs to communicate across different ASs. OSPF and EIGRP are typically used for routing within a single AS (intra-domain routing), hence they would not be suitable for this scenario where inter-domain routing is required. RIPv2, although capable of dynamic routing, is generally considered outdated and insufficient for the scale and complexity of multinational corporation networks due to limitations like a low hop count and slower convergence.

Choosing a directional antenna for a point-to-point setup is ideal because it focuses the signal between two specific points, which enhances the signal strength and reduces interference compared to an omnidirectional antenna which spreads the signal in all directions. Omnidirectional antennas, despite their usability in different scenarios, are not optimal for long, specific links as they do not focus the signal. High-gain antennas without specifying directional or omnidirectional criteria might seem suitable, but the key is the directionality which maximizes the strength and focus of the signal. Finally, an autonomous access point is a solution for network management and flexibility but does not inherently address the directional strength needed in a point-to-point connection.

A stateful firewall is optimal for enhancing network security as it not only filters traffic based on state, port, and protocol, but also keeps track of active connections. By monitoring the state of network connections, it can make more informed decisions about which packets to allow or deny, dynamically adjusting to the flow of traffic based on the context of the traffic and sessions. Other options, such as static packet filtering, do not offer the dynamic tracking of connection states, making them less effective in scenarios where comprehensive security and control over both ingress and egress traffic are needed.

Reviewing the current licenses and their usage is the first step in ensuring compliance. This action allows the network manager to compare existing software deployments with the terms and conditions specified in the license agreements. Updating software merely adjusts the version but does not ensure compliance with licensing agreements. Renewing licenses might be necessary but is irrelevant until the current usage is assessed. Retraining staff, while helpful for maintaining standards, does not directly address the specific issue of licensing compliance.

Routers at the network layer generally use IP addresses to make decisions about packet forwarding, routing them to the next hop based on the routing table. MAC addresses are used in Layer 2 for device identification on the same network segment and not for routing decisions, making them incorrect for this context. Port numbers and service numbers are associated with TCP/UDP in the transport layer and layer 4 services respectively, which are not used for routing decisions at the network layer.

A vulnerability refers to a weakness in a system that can be exploited to compromise the security of the network or system. Understanding vulnerabilities helps in prioritizing security efforts and mitigating risks. 'Exploit' is an incorrect answer because it refers to the method by which someone takes advantage of a vulnerability. 'Risk' refers to the potential for loss or damage when a threat exploits a vulnerability, making it also incorrect. 'Threat' is a potential cause of an unwanted impact to a system or organization, thus also incorrect.

The correct answer is 'To prevent switching loops in a broadcast domain'. Spanning Tree Protocol (STP) is essential in a layered network to prevent loops, which can create broadcast storms and destabilize network communications. While improving performance and expanding network coverage are beneficial outcomes of many network protocols, they are not the primary functions of the spanning tree protocol. As for managing collision domains, that is primarily addressed by switching devices and protocols at a different layer.

Using a Public Key Infrastructure (PKI) system is the most effective method to ensure the authenticity, confidentiality, and integrity of secure communications across a network. PKI employs a pair of public and private keys to encrypt and decrypt data, along with digital certificates issued and verified by a Certificate Authority (CA), thus maintaining secure transmissions. While other options like access control lists and firewalls are critical to comprehensive network security, they do not directly address the specific needs of data encryption and key management intrinsic to PKI.

When multiple routing sources advertise an identical destination prefix, the router chooses the route with the lowest administrative distance because that value represents how trustworthy the source is. Static routes have an AD of 1 by default, OSPF 110, and RIP 120, so in this scenario the static route would be selected. Metrics are considered only after administrative distance when two routes come from the same protocol, and bandwidth or protocol type do not override administrative distance when prefixes and masks match.

The correct answer is 'Frame', as Layer 2 of the OSI model, also known as the Data Link Layer, processes data in units called frames. A frame encapsulates packets with a header and a trailer to facilitate node-to-node communication across the physical layer. Ethernet frames are the most common type of Layer 2 frames, which include headers containing MAC addresses. The other answers, while related to networking, represent data units or terminologies used at different OSI model layers or different contexts, none of which pertain to the primary function of Layer 2.