CompTIA Network+ Practice Test (N10-009)

Direct Connect services primarily provide a dedicated network connection that bypasses the internet. This is advantageous because it offers more consistent network performance compared to internet-based connections. The approach reduces latency, increases bandwidth, and offers a more reliable security profile by not exposing data to the public internet. While increased speed and better bandwidth management are benefits, they are secondary to the main purpose of consistent and reliable network performance over a private connection.

Precision Time Protocol (PTP) is specifically designed for very high-accuracy clock synchronization over an IP/Ethernet network. In practice it can keep devices aligned to within sub-microsecond accuracy, and SMPTE ST 2059 adopts PTP for timing professional video and audio equipment. NTP is adequate for general computing but normally stays within the millisecond range on a LAN. Using a separate GPS receiver at every device can provide precise time but is costly and impractical indoors, and DHCP is unrelated to time synchronization.

A Denial-of-Service (DoS) attack is intended to make a server or network resource unavailable to users, typically by overwhelming it with excessive requests until it can no longer respond effectively. The sudden spike in traffic and degradation of service mentioned in the scenario is characteristic of a DoS attack. ARP poisoning is a threat that affects data integrity by redirecting network traffic to an attacker, which is different from overwhelming a service with traffic. MAC flooding aims to saturate a switch's MAC address table, forcing it to broadcast traffic to all ports, which is a different mechanism and goal than the one described. A Rogue AP is an unauthorized access point that provides a vector for various other attacks but does not in itself cause a massive flood of traffic to a specific web server.

The correct answer is 'Gather information'. According to the troubleshooting methodology, the first step in identifying the problem is to gather all relevant information regarding the issue. This includes understanding the symptoms and the impact of the issue. While questioning users and duplicating the problem are part of the process, they come after initially gathering all necessary data to understand what might be going wrong.

Implementing automated synchronization between the live network configurations and the central repository ensures all changes are documented and versioned. This practice not only provides a history of changes for auditing purposes but also allows for quick rollbacks to previous configurations if necessary. Manual versioning is prone to human error and inconsistency, while periodic documentation can cause delays and lack real-time updates.

A visual fault locator is used to detect physical issues in fiber optic cables, specifically pinpointing exact location of breaks or severe bends affecting the cable's integrity. It emits a bright light that leaks through breaks or faults, visually indicating where the defect lies. Incorrect cable types and improper termination primarily involve using wrong materials or faulty setup procedures which can't typically be detected directly through a visual inspection of light leakage. Signal degradation pertains to the reduction in signal quality over distance or due to interference, but it wouldn't be visually detectable using this method.

Software-defined networking (SDN) abstracts the control plane from the data plane, placing control logic in a centralized SDN controller. Administrators use this controller to program the network and enforce policies across all switches and routers, eliminating the need to configure each device individually. Although SD-WAN also uses centralized orchestration, its primary goal is to optimize and manage traffic across multiple WAN links between sites. Zero Trust Architecture is a security framework focused on continuous verification and least-privilege access, and a traditional VPN only provides encrypted connectivity without centralized device management. Therefore, SDN best satisfies the requirement for centralized configuration of network devices.

Static routing involves manually configuring routes in a router's routing table. These routes remain fixed and do not adjust to topology changes unless an administrator edits or replaces them. This manual, unchanging nature distinguishes static routing from dynamic routing protocols that automatically discover and update routes. Therefore, the correct response is the option stating that routes are manually configured and do not change unless manually updated. The other options describe behaviors associated with dynamic routing or centralized route control, which do not apply to static routing.

The correct answer specifies a specific range of IP addresses from 169.254.0.1 to 169.254.255.254, which are designated for automatic assignment by the host in the event that DHCP server communication is unsuccessful. This range is within the 169.254.0.0/16 subnet, reserved specifically for this purpose by networking standards to prevent IP conflicts with addresses assigned elsewhere.

A Management Information Base (MIB) provides a structured format for device information that allows for precise and efficient data collection regarding device performance, status, and configuration, essential for targeted and effective monitoring. This hierarchy of data is not meant for automatic firmware updates, enhancing user interface designs, or encrypting network communications, which differentiates the correct choice from the incorrect ones.

For long distances, especially those covering more than 2 km, Single Mode Fiber (SMF) is the appropriate choice because it allows light to travel down a very narrow core, which minimizes signal degradation and allows for data transmission over long distances without significant signal loss. Multimode Fiber (MMF) is generally suited for shorter distances due to modal dispersion, where multiple light paths cause the signal to spread and degrade over long hauls. Cat 6 and Cat 6a are types of copper cables which are typically limited to 100 meters in Ethernet applications; thus, they are unsuitable for a distance of 10 km.

In Spanning Tree Protocol (STP), the Root Port is the port on a non-root bridge with the lowest path cost to the root bridge. This port is used for forwarding traffic towards the root bridge. The Designated Port is assigned on a network segment and is used to forward packets on that segment. The Alternate Port provides an alternative path towards the root, similar to the root port, but is in a blocking state to prevent loops until needed. The Backup Port provides redundancy to a designated port on the same segment and is also in a blocking state. Thus, the best answer is the Root Port because it specifically serves as the primary forwarding path to the root bridge.

WPA3 is the recommended protocol and standard as it provides advanced security measures, including individualized data encryption and improved protection against brute-force attacks, which are crucial for protecting modern wireless networks.

HTTPS on port 443 is the correct answer because it is the secure version of HTTP, using encryption (SSL/TLS) to securely transfer web pages from web servers to clients. FTP on port 21 is used for file transfers but not specifically for web pages. SMTP on port 25 is used for sending emails, not web pages. Telnet on port 23 offers text-oriented communication but lacks encryption, making it inappropriate for secure transfers.

The 'show interface' command is used to view detailed information about the network interfaces on a router or switch. This involves operational status, physical layer statuses, and counters for errors which are vital for troubleshooting. The incorrect options represent other valuable commands but do not focus specifically on interface details as demanded by the question.

The correct reason why the port would go into an 'error disabled' state in this scenario is usually due to a violation of port security settings, such as exceeding the maximum allowed MAC addresses. Port security limits the number of valid MAC addresses allowed on a port to prevent unauthorized access. If this number is exceeded, the default action for many switches is to disable the port to prevent possible security breaches. Incorrect cable types or DHCP exhaustion typically do not directly cause ports to be error disabled, and temperature anomalies are more related to hardware malfunctions rather than configurations that trigger port security.

Configuration-drift detection compares the live environment against the desired state defined in IaC templates. During an upgrade, this practice highlights any unauthorized or unintended changes so administrators can remediate them, ensuring the new configuration meets policy and compliance requirements. The other options describe benefits that are not directly provided by drift detection.

An intrusion prevention system (IPS) not only detects malicious activities but actively blocks them from causing harm to the network. While an intrusion detection system (IDS) also monitors for potentially malicious activity, it differs from an IPS because it does not block the activity but rather alerts the administrator. A firewall is designed to block unauthorized access based on predetermined security rules, not specifically to handle post-detection activities like an IPS. A proxy server, conversely, facilitates requests between the client and the server primarily for anonymity and can perform content filtering but does not directly act on intrusion attempts like an IPS.

A central repository enables network teams to keep all configuration scripts and automation code in a single location, where it can be accessed and updated by various team members. Version control systems such as Git allow tracking changes to network configurations, collaboratively working on code without overwriting each other's changes, and the ability to revert to previous versions if a new configuration causes issues. Version control is the only option among the given answers that addresses all the specified criteria for collaboration, tracking changes, and reverting to previous states when needed.

HTTPS (Hypertext Transfer Protocol Secure) is the best choice for secure client-server communications involving sensitive data because it incorporates SSL/TLS to encrypt data in transit and authenticate the server. This ensures that all data sent between the client and server is protected. In contrast, HTTP (Hypertext Transfer Protocol) is incorrect as it does not include encryption and sends data in cleartext. LDAP (Lightweight Directory Access Protocol) is used for accessing and maintaining distributed directory information services and does not inherently encrypt data in its standard form. SNMP (Simple Network Management Protocol) is used for network management; while newer versions have security features, its primary purpose is not for general secure data exchange.