CompTIA Network+ Practice Test (N10-009)

Configure the port as an access port for the data VLAN and add a voice VLAN. An access port carries one untagged VLAN (for the PC's frames) and can be instructed, via the voice-VLAN command or LLDP-MED, to accept 802.1Q-tagged frames from the IP phone on a separate VLAN. This keeps data and voice traffic logically separate, allows QoS policies to prioritize voice, and prevents users from plugging in a device that could exploit a true trunk. Simply assigning a default VLAN, configuring only the voice VLAN, or changing speed/duplex does not meet the requirement to transport both traffic types securely and efficiently.

IPSec is the correct choice because it is designed to provide security at the network layer. By encrypting and authenticating each IP packet of a communication session, IPSec ensures that the data remains confidential and has not been tampered with during transit. SSL/TLS, while also commonly used for encrypting connections, operates at a higher layer in the OSI model and is generally implemented for securing HTTP connections. GRE is a tunneling protocol used to encapsulate a wide variety of network layer protocols, but it does not inherently provide encryption or authentication.

Encrypting data in transit converts readable plaintext into ciphertext. Anyone who captures the traffic will see only encrypted data, which is unintelligible without the correct decryption key. Thus, encryption safeguards the confidentiality of the information. By itself, encryption does not guarantee availability, non-repudiation, or full integrity-additional mechanisms such as MACs or digital signatures are required for those properties.

Class D addresses are designated for multicast usage and range from 224.0.0.0 to 239.255.255.255. This range supports multicast groups for applications like streaming media. The other options are incorrect. The range 192.0.0.0 to 223.255.255.255 is assigned to Class C addresses. The 127.0.0.0 to 127.255.255.255 block is the loopback address range, which is reserved for internal testing on a local machine.

Single-mode fiber is the optimal choice for long-distance and high-bandwidth applications as it uses laser light to send signals, which allows for smaller modal dispersion over long distances compared to multimode fiber and other types of cables. This makes it ideal for large-scale data centers that require high-speed data transfer across long distances without susceptibility to electrical interference. Multimode fiber, while also resistant to electrical interference and useful for moderate distances, cannot maintain signal quality over as long distances as single-mode. Coaxial and Twinaxial cables are susceptible to electromagnetic interference and are generally used for shorter distances.

Using an Optical Power Meter is the most accurate and direct method to measure the strength of the light signal in a fiber optic cable, providing quantifiable data on how much signal loss occurs between transmitter and receiver. Strength testers or adjusting wavelengths, although related to managing signal strength, do not provide specific measurements needed to diagnose issues and identify potential losses. Ensuring hardware compatibility relates to initial configuration rather than troubleshooting an existing problem.

The primary advantage of a full mesh topology is that it provides a network design where every node is directly connected to every other node. This maximizes redundancy and ensures there is no single point of failure, allowing communication even if a connection fails, making it highly useful for critical applications in environments such as distributed data centers. The incorrect choices do not focus on the intrinsic attribute of full mesh related to direct node connectivity and fault tolerance.

Configuring a dedicated voice VLAN allows the switch to separate and apply Quality of Service (QoS) policies to voice traffic, reducing latency and jitter that can degrade call quality. While 802.1Q tagging identifies frames that belong to different VLANs, it does not by itself ensure that voice traffic receives higher priority. Link aggregation increases bandwidth and redundancy, and speed/duplex settings affect physical-layer performance, but neither directly provides the traffic prioritization required by real-time voice communications.

Lightweight access points are designed for scenarios where centralized control is required. They do not handle all of their processing and rely on a wireless controller to manage their configurations and data traffic, ideal for large environments requiring uniform policies and simplicity in managing multiple devices. Autonomous access points, while capable of independent operation, are more suited to smaller scale or standalone deployments where centralized management is not as critical. Managed and unmanaged switch options do not directly pertain to the control over wireless access points.

A trusted zone is the organization-controlled internal network (for example, a corporate LAN or intranet). Because it contains critical assets, it is assigned the highest trust level, but traffic from this zone is generally allowed to initiate connections to lower-trust zones. An untrusted zone is an external network that the organization does not control-most commonly the public Internet. It carries the lowest trust level, and inbound traffic from this zone to higher-trust zones is blocked by default or subjected to tight firewall rules. The other options confuse port numbers, zone placement, or specific filtering methods with the fundamental concept of trust that defines the two zones.

The standard Ethernet frame size under the IEEE 802.3 specification has a minimum length of 64 bytes and a maximum length of 1518 bytes. This range includes the header and trailer but excludes the Layer 1 preamble and Start Frame Delimiter. The maximum payload, or Maximum Transmission Unit (MTU), is 1500 bytes, and the minimum payload is 46 bytes to meet the 64-byte minimum frame requirement. It is essential for network analysts and administrators to know these details to ensure proper network function and compatibility with various networking devices and protocols. The other answers provided are incorrect as they do not accurately represent the frame sizes specified by the standard.

RJ45 connectors are the standard connector type used for terminating Cat6 cables in Ethernet networks. They are designed to provide a reliable and secure connection for network interfaces and patch panels, supporting speeds up to 10Gbps over Ethernet. The other options listed do not fit the Cat6 cable specification for Ethernet networking.

The correct answer is that a honeypot is designed to attract attacks in order to study the attacker's behavior or to distract them from more valuable targets. By understanding attacker methods, the security team can better defend their actual network resources. The other options, while plausible, do not correctly describe the main purpose of honeypots. Redirecting traffic to optimize bandwidth and securing endpoints are not purposes of a honeypot, and testing network performance under load is more related to stress testing or performance benchmarking rather than security.

CCTV cameras provide visual monitoring and recording that allow security personnel to detect unauthorized access or suspicious activity. Because they simply observe and alert rather than physically stop or remediate an incident, they are considered detection controls. Preventive controls (for example, badge readers) block access, corrective controls restore normal operation after an incident, and compensating controls are alternatives used when primary controls are not feasible.

For connections spanning 15 kilometers, single mode fiber is the most suitable option. It is specifically designed for long distances as it uses a smaller core diameter that allows light to travel in a direct path, minimizing signal loss and delay. While multimode fiber could potentially be considered for shorter distances due to its ability to transmit data at high speeds, its larger core size leads to higher modal dispersion, making it less effective over long distances. The other options are copper-based cables, such as Cat 5e and STP, which are limited to a maximum length of 100 meters and are therefore unsuitable for a 15-kilometer link.