CompTIA Network+ Practice Test (N10-009)

HTTPS is the secure version of HTTP, which means that HTTPS traffic is encrypted. By default, HTTPS traffic runs over port 443. Therefore, to allow encrypted web traffic, the firewall should be configured to allow traffic through port 443. While port 80 is used for HTTP, it is not secure. Ports 53 and 22 are often used for DNS and SSH respectively, neither of which are correct for this scenario.

Configuring a switch port speed to 100 Mbps on a connection where the connected devices support gigabit speeds will lead to a significant bottleneck. The port will limit the transmission speed to 100 Mbps, thereby underutilizing the gigabit capability of the connected devices and potentially causing network congestion due to slower data transfer rates. This misconfiguration does not directly involve protocol compatibility or increase noise levels, and it also won't necessarily result in complete data loss unless other factors are at play.

Private network addresses, as defined by RFC 1918, are used for internal networks and are not routable on the public internet. Assigning these addresses ensures the servers are isolated from direct external connections, enhancing security. Public network addresses are globally routable and would expose the servers to the internet. APIPA addresses are used as a fallback when a DHCP server is unavailable and are not suitable for a planned data center configuration. The term "Externally routable RFC 1918 addresses" is a contradiction, as these address ranges are specifically designated as non-routable on the global internet.

An IDS is typically positioned out of band to passively monitor network traffic. It analyzes traffic copies and sends alerts when suspicious activity is detected but does not actively block packets. An IPS, by contrast, is placed inline and can automatically take preventive actions-such as dropping or rejecting malicious packets-to stop the threat in real time. Therefore, the only statement that correctly distinguishes these roles is the option describing an IDS as passive (alert-only) and an IPS as active (blocking).

The correct answer is the one that defines a network's ability to dynamically adjust its services and priorities based on the recognition and analysis of different types of application traffic, which is central to the concept of being application aware. This involves real-time adaptation to optimize application performance and reliability, differentiating it from static configurations that do not change based on the traffic type.

The correct answer is 'Gather information'. According to the troubleshooting methodology, the first step in identifying the problem is to gather all relevant information regarding the issue. This includes understanding the symptoms and the impact of the issue. While questioning users and duplicating the problem are part of the process, they come after initially gathering all necessary data to understand what might be going wrong.

Packet loss fundamentally means that data packets fail to reach their destination, resulting in incomplete data transmission. This is directly observed as intermittent errors, such as glitches in video or audio streams. While packet loss can cause increased latency, the latency is a secondary effect resulting from the time it takes for a protocol like TCP to retransmit the lost packets. Enhanced bandwidth utilization is incorrect; in fact, retransmissions caused by packet loss consume more bandwidth, leading to inefficient use. Encryption protocols are related to data security, not the physical delivery of packets.

A trusted zone is the organization-controlled internal network (for example, a corporate LAN or intranet). Because it contains critical assets, it is assigned the highest trust level, but traffic from this zone is generally allowed to initiate connections to lower-trust zones. An untrusted zone is an external network that the organization does not control-most commonly the public Internet. It carries the lowest trust level, and inbound traffic from this zone to higher-trust zones is blocked by default or subjected to tight firewall rules. The other options confuse port numbers, zone placement, or specific filtering methods with the fundamental concept of trust that defines the two zones.

The broadcast address for any IPv4 subnet is obtained by setting all host bits to 1. For a standard Class C network, the default subnet mask is 255.255.255.0, so the host portion is the final octet. Setting those eight bits to 1 changes 192.168.15.0 to 192.168.15.255, which is the directed broadcast address for that subnet. The incorrect answers either identify the network address, the first usable host address, or the broadcast for a different subnet size.

A Client-to-site configuration allows individual users to connect securely from distant locations to their organization's network, providing an encrypted tunnel over public connections. Site-to-site configurations connect entire networks across different locations, differing from the personal connection setup required by remote employees. Full tunnel and Split tunnel refer to how traffic is handled through these connections but do not specify the type of network connection arrangement between a single client and a network.

Time-based authentication is the correct answer because it allows system access to be controlled based on the time factor, aligning access permissions with individual shift times. This mechanism restricts users from accessing certain systems outside their designated working hours, thus increasing security.

LDAP, while useful for directory services and access management, does not inherently restrict access based on current time or schedule without additional configuration or integration. Multifactor authentication (MFA) provides an additional layer of security by requiring more than one form of verification but does not limit access based on time. Role-based access control defines user permissions based on their role within an organization but does not typically restrict access times unless specifically configured to do so.

Before making any significant changes to a network's infrastructure, the first step under the change management process should always start with submitting a change request. This action ensures that all necessary approvals are obtained, and all impacts are assessed before any changes are implemented, minimizing potential disruptions. Just discussing potential changes informally does not provide proper documentation or authorization. Implementing changes directly or beginning with a risk assessment, though important, skips the initial necessary step of formally recording and initiating the process through an official change request.

Automatic Private IP Addressing (APIPA) allows a computer to assign itself an IP address in the absence of a DHCP server. This functionality, defined in RFC 3927 as link-local addressing, uses a designated range of addresses from 169.254.0.1 through 169.254.255.254. The computer randomly chooses an IP address within this range, allowing for basic communication with other devices on the same local network. This is intended as a temporary solution until a DHCP server can be reached. The 192.168.x.x range is a private IP address space defined by RFC 1918, commonly used in local networks. The 127.0.0.0/8 range (e.g., 127.0.0.1) is reserved for loopback addresses, which are used for network software testing on the local machine. The final option is a subnet mask, not an IP address range; it is used with an IP address to define the network and host portions of the address.

Unshielded Twisted Pair (UTP) cables lack an overall shielding layer, so they are more susceptible to electromagnetic interference than Shielded Twisted Pair (STP), coaxial, or fiber-optic cabling. STP uses a foil or braided shield to attenuate external noise, coaxial cable has a conductive shield around the dielectric insulator, and fiber-optic cable transmits light rather than electrical signals, making it immune to EMI. Therefore, UTP is the cable type most likely to suffer connectivity issues in a noisy electromagnetic environment.

Precision Time Protocol (PTP) is specifically designed for very high-accuracy clock synchronization over an IP/Ethernet network. In practice it can keep devices aligned to within sub-microsecond accuracy, and SMPTE ST 2059 adopts PTP for timing professional video and audio equipment. NTP is adequate for general computing but normally stays within the millisecond range on a LAN. Using a separate GPS receiver at every device can provide precise time but is costly and impractical indoors, and DHCP is unrelated to time synchronization.