CompTIA Network+ Practice Test (N10-009)
Use the form below to configure your CompTIA Network+ Practice Test (N10-009). The practice test can be configured to only include certain exam objectives and domains. You can choose between 5-100 questions and set a time limit.
CompTIA Network+ N10-009 (V9) Information
The CompTIA Network+ N10-009 certification exam is a key credential for IT professionals specializing in network technologies and infrastructure. This exam assesses a candidate's ability to design, configure, manage, and troubleshoot wired and wireless network devices. Unlike more specialized certifications, the Network+ offers a broad foundation, making it ideal for early-career network technicians and administrators. It covers emerging technologies like cloud computing and virtualization, while also emphasizing traditional networking concepts and practices. By passing the N10-009 exam, candidates demonstrate their expertise in these areas, proving their readiness for roles such as network administrator, network field technician, and help desk technician.
The exam's content is divided into several key areas. Network architecture forms a significant part, where candidates must understand the design and implementation of functional networks, including network components and their roles in network services. Network security is also crucial, requiring knowledge of security concepts and protocols, as well as the skills to implement security features on network devices. The exam also tests on network operations and troubleshooting, focusing on monitoring tools, network performance optimization, and problem-solving techniques. Moreover, it includes newer areas like cloud computing and virtualization, reflecting the evolving nature of network technology. This wide-ranging scope ensures that professionals holding the Network+ certification are equipped to support and manage modern network environments effectively.
More reading:
Free CompTIA Network+ N10-009 (V9) Practice Test
Press start when you are ready, or press Change to modify any settings for the practice test.
- Questions: 20
- Time: Unlimited
- Included Topics:Networking ConceptsNetwork ImplementationNetwork OperationsNetwork SecurityNetwork Troubleshooting
The core layer of a three-tier hierarchical network design primarily manages security processes, including firewall management and intrusion detection.
True
False
Answer Description
This statement is false. In a three-tier hierarchical model, security processes such as firewall management and intrusion detection are not primarily handled at the core layer. Instead, the core layer's main function is to provide fast and reliable connectivity across the network, focusing on high-speed switching and efficient data transport. Security processes are typically managed at the distribution layer, where security and policy-based network decisions are enforced, and at the perimeter or edge, where additional security appliances might be deployed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the main function of the core layer in a three-tier hierarchical network design?
Where are security processes like firewall management and intrusion detection typically handled in the three-tier hierarchical design?
Why doesn't the core layer handle security processes in a three-tier network design?
In computer networking, what is the primary function performed by a proxy server on a network?
To establish direct point-to-point connections
To increase the speed of the internet connection
To serve as an intermediary between clients and other servers
To provide additional storage for network data
Answer Description
A proxy server acts as an intermediary for requests from clients seeking resources on other servers. By receiving the client's request, forwarding it to the destination server, and returning the response, the proxy can also provide caching, content filtering, and IP address masking for privacy and security.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does caching mean in the context of a proxy server?
How does a proxy server enhance privacy using IP address masking?
What is the role of content filtering in a proxy server?
Which of the following best describes the purpose of the TTL field in an IP packet?
To authenticate the source of the packet
To limit the number of hops a packet can traverse before being discarded
To encrypt data payload in the packet for secure transmission
To determine the priority of a packet in a congested network
Answer Description
The TTL field in an IP packet limits how many Layer-3 hops the packet can traverse. Each router decrements the TTL by one, and when the value reaches zero, the router discards the packet and typically sends an ICMP Time-Exceeded message. This mechanism prevents packets from looping indefinitely. The other options describe different network mechanisms and do not match the TTL function.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does TTL stand for in networking?
What happens when a packet’s TTL reaches zero?
How does the TTL field prevent network loops?
What is the primary function of port security on network switches?
Encrypt data transmitted from one port to another
Limit the bandwidth usage on a network
Monitor traffic patterns to detect anomalies
Limit the number of MAC addresses allowed on a switch port
Answer Description
Port security is a layer 2 traffic control feature used mainly to limit the number of MAC addresses allowed on a single port. This prevents unauthorized devices from accessing the network and mitigates risks like MAC flooding. Limiting bandwidth does not relate directly to security, and monitoring traffic patterns and transmitting data securely are functions more closely associated with network monitors and encryption protocols, respectively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does port security prevent unauthorized devices from accessing the network?
What is a MAC flooding attack, and how does port security mitigate it?
What are the different actions a switch can take when a port security violation is detected?
What is the primary function of a scope in a DHCP server configuration?
To restrict internet access to certain devices
To assign specific gateway addresses to devices
To define a range of IP addresses that can be assigned to client devices
To manage bandwidth allocation among connected devices
Answer Description
A scope in DHCP configuration defines a specific range of IP addresses that a DHCP server can allocate to client devices on a network. It is essential for the management and allocation of IP addresses in a dynamic network environment. Other options, like managing bandwidth allocation or assigning specific gateways, are not directly functions of DHCP scopes but could depend on how IP addresses are distributed or network access configurations.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is DHCP?
How does a DHCP server know which IP addresses to assign?
What happens if the DHCP scope runs out of IP addresses?
Which of the following is the BEST reason to implement GRE in a network environment?
To prioritize certain types of network traffic and improve Quality of Service (QoS)
To encapsulate a wide variety of network layer protocol packet types inside IP tunnels
To increase the security of network traffic by encrypting data
To reduce the complexity of managing IP addresses
Answer Description
Encapsulating protocols for tunneling across diverse networks is the primary application of GRE, making it useful for creating virtual point-to-point links over an IP internetwork. It enables the encapsulation of packets from one protocol suite within the datagram encapsulations of another protocol suite, facilitating connectivity across heterogeneous networks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does GRE stand for in networking?
How does GRE encapsulate packets, and why is that useful?
Does GRE provide encryption or security for data traffic?
A network technician is investigating a report that users in the marketing department (VLAN 20) can access servers in the finance department's network segment (VLAN 30). According to security policy, these two segments should be completely isolated from each other. The technician verifies that devices in both departments are receiving correct IP addresses from the DHCP server. What is the most likely cause of this security breach?
A broadcast storm is occurring on the network due to a routing loop.
One or more switch ports for the marketing department have been assigned to the finance department's VLAN.
An access control list (ACL) is missing from the core router's configuration.
The default gateway is misconfigured on the marketing department's workstations.
Answer Description
The correct answer is that one or more switch ports have been assigned to the wrong VLAN. VLANs (Virtual LANs) create logically separate networks on the same physical infrastructure. If a switch port used by a marketing department device is mistakenly assigned to the finance department's VLAN, that device will become part of the finance network segment, bypassing the intended security separation. A misconfigured default gateway or a routing loop would typically cause connectivity failures or performance degradation, not grant unintended access. While a missing access control list (ACL) on a router could also allow unwanted inter-VLAN traffic, the most fundamental cause for a device appearing in the wrong logical segment is an incorrect VLAN assignment on its switch port.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VLAN and how does it work?
How can a switch port be assigned to a VLAN?
What is the role of an ACL in networking?
What type of data is primarily used in performance monitoring to assess network efficiency and identify potential issues?
Usage statistics
Error logs
Security alerts
Traffic analysis data
Answer Description
Traffic analysis data is the most relevant for performance monitoring because it provides insights into the volume and type of traffic flowing through a network. This information is crucial for assessing the network's efficiency, identifying bottlenecks, and understanding overall network health. Usage statistics, while related, more broadly cover the general use of the network without detailed traffic insights. Error logs are important for identifying problems but do not provide a comprehensive overview for performance metrics typically monitored for optimization. Security alerts focus specifically on potential security incidents, not performance metrics.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does traffic analysis data specifically help in performance monitoring?
What tools are commonly used to collect and analyze traffic analysis data?
How is traffic analysis different from usage statistics in networking?
A network administrator needs to update an A record for the company's public website. The DNS infrastructure consists of one primary server and two secondary servers that provide redundancy. To ensure the change is correctly replicated, on which server must the administrator make the modification?
On any of the secondary DNS servers.
On the authoritative recursive server.
On both the primary and all secondary DNS servers simultaneously.
On the primary DNS server.
Answer Description
The correct answer is the primary DNS server. In a standard DNS configuration, the primary server holds the read/write copy of the zone file where all changes, additions, and deletions are made. Secondary DNS servers maintain a read-only copy of this zone file, which they receive from the primary server through a process called a zone transfer. Therefore, any modifications must be made on the primary server to be propagated to the secondaries. The other options are incorrect because secondary servers cannot be directly modified, and recursive or caching servers are not authoritative sources for the zone data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an A record in DNS?
How does a DNS zone transfer work?
What is the role of a primary DNS server in a DNS setup?
Which design approach best utilizes a screened subnet for enhancing network security, considering its strategic placement in network architecture?
Utilizing it to separate the internal network from the external internet, placing only externally accessible services such as a web server within it.
Implementing it for all employee workstations to ensure uniform security policies across the company.
Deploying it as the primary network for internal operations with high-speed connectivity requirements.
Configuring it to serve as the main hub for internal routing and switching, optimizing the network's core performance.
Answer Description
The correct answer emphasizes the strategic use of a screened subnet to host services that are intended for public access, such as a web server, thus isolating them from the internal network. This setup acts as a buffer zone, reducing the risk of external attacks directly impacting the core internal network. The incorrect options, although plausible in different contexts, fail to capture the primary security function of a screened subnet as an intermediary that shields internal networks from direct exposure to public internet traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a screened subnet in network security?
Why is it important to isolate public servers within a screened subnet?
How does a screened subnet differ from the main internal network?
What is a 'runt' in the context of Ethernet communications?
A frame that is smaller than the allowed minimum frame size
A frame that is larger than the allowed maximum frame size
A frame sent from one switch to another
A frame that meets the exact size requirements
Answer Description
A 'runt' is an Ethernet frame that is smaller than the minimum IEEE 802.3 frame size of 64 bytes. The presence of runts, which are often tracked by interface counters, typically indicates issues like collisions, duplex mismatches, or faulty hardware. Frames that exceed the maximum size are known as 'giants,' and distinguishing between these error types is critical for accurate network troubleshooting. A frame that meets the minimum size requirement is considered valid in that regard.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What causes runts in an Ethernet network?
How can runts be detected in a network?
What is the difference between a runt and a giant frame?
A network technician is deploying a 5 GHz wireless network in a location near a weather radar installation. To comply with regulations and prevent interference, the access points must be able to automatically detect the radar signals and switch to a different channel. Which IEEE standard provides this capability through mechanisms like Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC)?
802.11i
802.11h
802.11e
802.11ac
Answer Description
The correct answer is 802.11h. This amendment to the 802.11 standard was specifically created to manage spectrum and power in the 5 GHz band to avoid interference with other systems, such as military, weather, or satellite radar. It accomplishes this using Dynamic Frequency Selection (DFS), which detects radar signals and moves the Wi-Fi network to a clear channel, and Transmit Power Control (TPC), which adjusts signal strength to the minimum necessary. 802.11i is incorrect as it deals with security enhancements (WPA2). 802.11e is incorrect because it focuses on Quality of Service (QoS) for traffic prioritization. 802.11ac is a wireless networking protocol, and while devices using it in the 5 GHz band must adhere to 802.11h regulations, 802.11h is the standard that specifically defines the DFS and TPC mechanisms.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Dynamic Frequency Selection (DFS)?
What is Transmit Power Control (TPC)?
How does 802.11h differ from other 802.11 amendments like 802.11i or 802.11ac?
What is a primary benefit of implementing MFA within an organization's security framework?
It decreases the time it takes for users to access network resources.
It simplifies the user authentication process.
It reduces dependency on passwords alone, enhancing access security.
It allows users to choose any form of identity verification as per convenience
Answer Description
Multifactor authentication (MFA) significantly increases network security by requiring more than one form of verification. This method makes it more challenging for unauthorized users to gain access even if they have compromised one credential type, such as a password. This reduces the likelihood of unauthorized access, compared to using only passwords. Other answers are partly correct but do not fully align with the primary intent of MFA to enhance access security by layering verification methods.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What types of authentication factors are typically used in MFA?
How does MFA reduce the risk of unauthorized access?
What are the challenges of implementing MFA in an organization?
An organization wants to add an extra authentication factor that produces a numeric code derived from a shared secret and the current time. The code changes every 30 seconds and becomes invalid once that interval expires. Which authentication factor best meets this requirement?
Event-based one-time password (HOTP)
Biometric fingerprint scan
Time-based one-time password (TOTP)
Static personal identification number (PIN)
Answer Description
Time-based one-time passwords (TOTP) rely on a shared secret and the present time to generate a unique code every set interval (commonly 30 seconds). After that period, the code cannot be reused, sharply limiting the window in which an attacker could exploit it. Event-based HOTP tokens change only when triggered, static PINs never change, and fingerprint scans are biometric factors rather than time-dependent codes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does a TOTP work in detail?
What are the differences between TOTP and HOTP?
Why are static PINs and biometrics not suitable for this requirement?
A company is implementing a zero trust architecture to bolster their network security. As part of this initiative, what approach should be primarily taken to ensure that authorized users are allowed access to network resources?
Offer access based on network segment location, supplemented by user credential checks
Grant access based on policy-based authorization
Provide network access to devices following a preliminary security assessment
Allow access based on user location within the enterprise premises, subject to additional verifications
Answer Description
The correct approach in a zero trust architecture is to implement policy-based authorization. In zero trust models, access decisions are based not on the physical or network location of a user, but on a set of policies that consider various context factors, such as the user's identity and the device's security status. This method ensures tight control over who can access specific resources, making the network more secure against various threats.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What exactly does policy-based authorization entail in a zero trust model?
How is 'device security status' assessed for policy-based authorization?
What kinds of threats can a zero trust architecture mitigate more effectively?
What is the primary purpose of implementing a spanning tree protocol in a network?
To expand network coverage area
To manage collision domains within the network
To prevent switching loops in a broadcast domain
To improve network performance by selecting the fastest paths
Answer Description
The correct answer is 'To prevent switching loops in a broadcast domain'. Spanning Tree Protocol (STP) is essential in a layered network to prevent loops, which can create broadcast storms and destabilize network communications. While improving performance and expanding network coverage are beneficial outcomes of many network protocols, they are not the primary functions of the spanning tree protocol. As for managing collision domains, that is primarily addressed by switching devices and protocols at a different layer.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a switching loop and why is it problematic?
How does Spanning Tree Protocol (STP) prevent switching loops?
What is a broadcast domain and how does STP interact with it?
A network administrator begins receiving reports that several users in the company cannot access the corporate website hosted internally. The users affected are from different departments but seated in the same area of the building. Before escalating the issue, what should the administrator's first step be in identifying the problem?
Ask the users if they have installed new software
Immediately begin replacing network cables in the affected area
Gather information
Run a virus scan on each user's computer in the affected area
Answer Description
The correct answer is Gather information. According to the CompTIA troubleshooting methodology, the first step is to identify the problem, which begins with gathering comprehensive information. This includes determining the scope of the issue (e.g., who is affected, what services are unavailable) and identifying commonalities, such as the users' physical location. The other actions represent steps taken later in the process. Replacing cables or running a virus scan would be part of implementing a solution or testing a theory, which should not be done without prior investigation. Asking specifically about new software is a valid question, but it's a subset of the broader initial step of gathering all relevant information to form a complete picture of the problem.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does gathering information involve in network troubleshooting?
Why is physical location important during troubleshooting?
How does the CompTIA troubleshooting methodology guide problem solving?
Which default port does the Telnet protocol use for its operations?
25
22
23
21
Answer Description
Telnet commonly uses port 23 for its operations. This is crucial for network technicians to know because while configuring firewalls and network policies, distinguishing between ports used by different services ensures proper traffic flow and security measures. Port 22 is used by SSH, which is a secure alternative to Telnet. Ports 21 and 25 are typically used by FTP and SMTP, respectively, which serve different functions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is Telnet considered less secure compared to SSH?
What tasks is Telnet typically used for?
How does a firewall handle port-specific traffic like Telnet on port 23?
What is the primary purpose of using TCP port 636 in a network environment?
For secure file transfers such as SFTP or FTPS
To carry standard web (HTTP) traffic over SSL/TLS
To secure LDAP communications with SSL/TLS encryption
To transfer multimedia messages across the network
Answer Description
TCP port 636 is reserved for LDAP over SSL/TLS (LDAPS). When a client connects to this port, the LDAP session is automatically encrypted with SSL or TLS before any directory queries or credentials are transmitted, protecting the confidentiality and integrity of the data. HTTPS instead uses port 443 for secure web traffic, multimedia messaging protocols use other ports, and secure file-transfer protocols use ports such as 22 (SFTP) or 989/990 (FTPS), so those options are incorrect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is LDAP used for in a network?
How does SSL/TLS encryption secure LDAPS on port 636?
How does LDAPS differ from LDAP?
A network engineer needs to connect two buildings that are 10 kilometers apart with a high-speed and reliable link. Which of the following transmission media would BEST suit this need?
Multimode fiber optic cable
Category 6 twisted pair cable
Single-mode fiber optic cable
Coaxial cable
Answer Description
Single-mode fiber optic cable is ideal for long-distance communications, supporting distances over 10 kilometers with high bandwidth and minimal signal loss. Multimode fiber optic cable is designed for shorter distances, typically up to 2 kilometers, due to modal dispersion. Category 6 twisted pair cable and coaxial cable are also limited in distance and bandwidth compared to single-mode fiber, making them unsuitable for a 10-kilometer connection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between single-mode and multimode fiber optic cables?
Why is signal loss lower in fiber optic cables compared to copper cables?
What are some other use cases for single-mode fiber optic cables?
That's It!
Looks like that's it! You can go back and review your answers or click the button below to grade your test.