CompTIA Network+ Practice Test (N10-009)

The 'show vlan' command is used on network switches to display VLAN configurations and assignments. It helps in verifying which ports are assigned to specific VLANs, essential for troubleshooting connectivity issues between devices. The command outputs the VLAN IDs, names, and associated ports, providing a clear view of the VLAN landscape to determine if devices are correctly categorized.

Automatic Private IP Addressing (APIPA) allows a computer to assign itself an IP address in the absence of a DHCP server. This functionality, defined in RFC 3927 as link-local addressing, uses a designated range of addresses from 169.254.0.1 through 169.254.255.254. The computer randomly chooses an IP address within this range, allowing for basic communication with other devices on the same local network. This is intended as a temporary solution until a DHCP server can be reached. The 192.168.x.x range is a private IP address space defined by RFC 1918, commonly used in local networks. The 127.0.0.0/8 range (e.g., 127.0.0.1) is reserved for loopback addresses, which are used for network software testing on the local machine. The final option is a subnet mask, not an IP address range; it is used with an IP address to define the network and host portions of the address.

The likeliest issue in this scenario is that the default gateway is not configured or incorrectly configured on the router. The default gateway provides the necessary routing information for forwarding packets destined for external networks and the internet. If it's missing or incorrect, devices can communicate within the local network but fail to find a route for external addresses. Incorrect entries in the routing table typically only affect specific network segments, and incorrect subnets would largely prevent local communications, not just external communications.

HTTPS on port 443 is the correct answer because it is the secure version of HTTP, using encryption (SSL/TLS) to securely transfer web pages from web servers to clients. FTP on port 21 is used for file transfers but not specifically for web pages. SMTP on port 25 is used for sending emails, not web pages. Telnet on port 23 offers text-oriented communication but lacks encryption, making it inappropriate for secure transfers.

An incorrect default gateway on a device typically leads to the inability to communicate with devices outside the local subnet. The default gateway is responsible for routing the packets of a device to destinations not within the immediate network. If it is incorrect, the device can only communicate locally, not beyond its subnet, which is why the device 'Cannot access external websites or services' is the correct answer. The other options could be symptoms of other configuration errors, but they do not directly relate to problems with the default gateway setting.

Guest networks are designed to provide limited network access to visitors while keeping the main corporate network secure. This separation ensures that visitors cannot access sensitive company data or resources, hence maintaining a secure and accessible environment. The correct answer specifies that the primary purpose is to provide internet access in a secure manner specifically for visitors.

The ping command uses the Internet Control Message Protocol (ICMP) to test the reachability and availability of network devices. It sends an ICMP Echo Request to the destination and waits for an ICMP Echo Reply to confirm connectivity. The other mentioned protocols serve different purposes, such as HTTP/HTTPS for web browsing, and SNMP for network management but are not used by the ping command to test network reachability.

The correct approach in a zero trust architecture is to implement policy-based authorization. In zero trust models, access decisions are based not on the physical or network location of a user, but on a set of policies that consider various context factors, such as the user's identity and the device's security status. This method ensures tight control over who can access specific resources, making the network more secure against various threats.

RJ11 cables are commonly used for telephone connections, including devices like fax machines that connect to a standard telephone line. RJ45 is the standard connector for Ethernet networks and is physically larger than RJ11. RJ48 connectors are typically used for specialized data lines like T1 and are not for analog fax machines. Coaxial cables are generally used for television and broadband internet connections, not for telephone-based devices.

The correct answer emphasizes the strategic use of a screened subnet to host services that are intended for public access, such as a web server, thus isolating them from the internal network. This setup acts as a buffer zone, reducing the risk of external attacks directly impacting the core internal network. The incorrect options, although plausible in different contexts, fail to capture the primary security function of a screened subnet as an intermediary that shields internal networks from direct exposure to public internet traffic.

Biometric locks are the most effective option listed for controlling physical access to a sensitive area like a data center. They require unique physical characteristics (e.g., fingerprints or retinal patterns), which are harder to duplicate or share compared to key cards or pin codes. Traditional key locks are less secure as keys can be copied or stolen. Pin code access systems can also be compromised if the code is shared or observed by unauthorized persons. While surveillance cameras are useful, they do not prevent entry but rather record it, making them less effective as the primary security measure.

A captive portal controls network access by requiring users to view or interact with a web page before Internet access is granted. It is a common method for implementing guest Wi-Fi networks, ensuring users accept legal terms or log in. Other answers might sound plausible, but they do not correctly describe the primary function of a captive portal.

According to the CompTIA troubleshooting methodology, the step after establishing a theory of probable cause is to test that theory to determine the actual cause. In this scenario, the theory is a cable fault, so the most direct way to test it is with a cable tester. This tool specifically checks for physical layer issues like opens, shorts, and improper termination. Using higher-level tools like ping or traceroute would be ineffective if a physical layer fault prevents a link. Replacing the switch is a more drastic step (implementing a solution) that should only be taken after the cause is verified.

Configuring a single Extended Service Set Identifier (ESSID) allows multiple access points to appear as a single network to Wi-Fi devices, which enables seamless roaming within a network environment. Devices will automatically connect to the AP with the strongest signal using the same SSID. BSSID refers to the unique identifier of each individual access point and is not suitable for seamless integration of multiple APs. Band steering helps to manage the distribution of devices between different frequency bands (e.g., 2.4GHz and 5GHz) but won't assist in seamless connection to multiple access points under the same network identification. Network types such as Mesh or Infrastructure do not focus on SSID configuration and thus are incorrect in this context.

A network loop in a switched (Layer 2) environment creates a condition where broadcast frames are forwarded endlessly between switches. This results in a broadcast storm, which quickly consumes all available bandwidth and swamps switch CPUs, effectively bringing the network down. While MAC address instability (where a switch's MAC address table constantly changes as it sees the same device on multiple ports) is also a symptom of a network loop, the broadcast storm is the most immediate and severe result. Duplicated IP addresses and routing loops are Layer 3 issues, not direct results of a Layer 2 switching loop.

The correct configuration to ensure a specific device always receives the same IP address is to use reservations. DHCP reservations bind a specific IP address to the MAC address of a device, guaranteeing that this device receives the same IP address each time it connects to the network. In contrast, exclusions are used to prevent certain IP addresses from being assigned from a scope; scope defines the entire range of possible IP addresses that can be assigned to devices; and lease time determines how long a device holds an IP address before it must renew its DHCP configuration.

The command arp -a displays the ARP cache, which lists each known IP address and the corresponding MAC address learned by the workstation. By comparing the information in this table against expected values, the administrator can confirm whether the workstation is resolving Layer-3 addresses to the correct Layer-2 addresses.

show ip route is a Cisco IOS command that shows a router's routing table; it offers no view of host-level ARP information.

ipconfig (or ipconfig /all) shows the workstation's own interface configuration-IP, subnet mask, default gateway, and the adapter's physical address-but it does not list the IP-to-MAC mappings for other hosts.

arp -d * clears the workstation's ARP cache; while useful for forcing the host to relearn entries, it does not display or verify the current mappings.

A software-defined wide area network (SD-WAN) is designed to extend enterprise networks over large geographic areas. It provides centralized control, enhanced security, improved bandwidth utilization, and support for multiple connection types such as MPLS, broadband, and LTE/5G. By using a centralized controller to direct traffic intelligently across all available paths, SD-WAN simplifies WAN operations, boosts performance, and can reduce costs.

IPv6 addressing merely defines a new IP-address format and does not provide centralized WAN management. A virtual private network (VPN) creates secure tunnels but lacks the dynamic, centralized orchestration and path selection of SD-WAN. Zero Trust Architecture (ZTA) is a security framework focused on continuous verification rather than WAN transport and management. Therefore, SD-WAN is the most appropriate choice.

TFTP is most suitable for this scenario because it uses minimal network traffic for file transfers, which is ideal for environments with limited resources and devices with low storage. It provides a straightforward method without the complexity and overhead associated with more robust file transfer protocols, making it suitable for simple tasks like firmware updates where security is not a concern.

Asking about the specific times when the issue occurs and whether it pertains specifically to the corporate website or other sites as well sheds light on whether the issue is isolated to a particular domain, potentially indicating a server or hosting issue, or if it's a broader connectivity or network problem. This helps distinguish between local and network-wide issues. Although other questions are relevant in the troubleshooting process, pinpointing the issue's frequency, timing, and scope from the start is most effective for forming an accurate initial assessment.