CompTIA Network+ Practice Test (N10-009)

OSPF is a link-state routing protocol. Each router floods link-state information, and after building a complete topology map, it runs Dijkstra's Shortest Path First (SPF) algorithm to compute the least-cost path to every destination in its link-state database. Algorithms such as Bellman-Ford (used by distance-vector protocols like RIP), Path Vector (used by BGP), and Ford-Fulkerson (a flow-optimization algorithm not used in IP routing) are not used by OSPF.

The use of checksums to verify data integrity during transmission ensures that the data has not been altered, thus maintaining the integrity of the information as defined in the CIA triad. Although backing up data regularly primarily addresses availability, and implementing role-based access controls supports confidentiality and integrity indirectly by controlling access, neither directly ensures integrity like checksums. Using encryption strengthens confidentiality primarily by encoding data to prevent unauthorized access.

The correct reason why the port would go into an 'error disabled' state in this scenario is usually due to a violation of port security settings, such as exceeding the maximum allowed MAC addresses. Port security limits the number of valid MAC addresses allowed on a port to prevent unauthorized access. If this number is exceeded, the default action for many switches is to disable the port to prevent possible security breaches. Incorrect cable types or DHCP exhaustion typically do not directly cause ports to be error disabled, and temperature anomalies are more related to hardware malfunctions rather than configurations that trigger port security.

The best practice is to create a descriptive, unique SSID that references the organization (for example, CompanyName_WiFi or CompanyName_Staff) without revealing sensitive internal details. A clear, distinctive name helps employees quickly recognize the correct network and reduces the risk of accidental connections to other nearby APs. Generic names can lead to confusion, while keeping the default SSID may advertise the hardware vendor and invite attacks. Including highly specific information such as the Finance or HR department can expose unnecessary details about the network's internal structure.

CRC errors are usually indicative of physical layer issues such as cabling problems or electrical interference. Therefore, examining the quality of the cables used, checking for bends, breaks, or poor connections, and ensuring correct cable specifications are followed, serves as the most direct approach to addressing and resolving CRC errors. Other options might also be part of broader troubleshooting steps, but they do not directly address the common causes of CRC errors as effectively as checking the physical setup does.

A warm site is a partially equipped recovery facility with pre-installed servers, network connectivity, and other core infrastructure. It usually has some software and configuration in place and may receive periodic-though not real-time-data replication. Because it is not maintained in full sync with the primary data center, the IT staff must perform additional configuration and restore recent data before the site can assume production workloads. This contrasts with a cold site, which has only basic infrastructure and no installed hardware or data, and a hot site, which is fully mirrored and ready for immediate failover.

VLANs (Virtual Local Area Networks) operate at Layer 2 of the OSI model and enable a network engineer to create multiple, isolated broadcast domains on a single physical network infrastructure without requiring additional hardware. This allows for improved network segmentation and traffic management. Subnetting operates at Layer 3 by dividing networks based on IP addresses. Routing and NAT (Network Address Translation) are also Layer 3 functions and do not provide Layer 2 segmentation capabilities.

Administrative distance is a value used by routers to select the best path when there are multiple routes to a destination from different routing protocols. A lower administrative distance is preferred over a higher one. Therefore, knowing that it is used to determine the preference of routing information received from different sources explains its role. The other options are incorrect because they do not correctly describe the primary function of administrative distance, mainly focusing on secondary aspects or misrepresenting the concept.

The tracert (or traceroute on Unix/Linux systems) command is used to determine the route taken by packets across an IP network on their way to a specific host. It can identify where packets start to fail to reach the destination, showing each hop in the path and the time taken to get from one node to another. This makes it invaluable for identifying at which hop in the network path packets are potentially being dropped. In contrast, ping is effective for checking reachability and round-trip times but does not show the path of the packets. netstat displays protocol statistics and current TCP/IP network connections, which is not suitable for tracing the path of packets. ipconfig (or ifconfig in Unix/Linux) is primarily used to display all current TCP/IP network configuration values and refresh DHCP and DNS settings, but isn't useful for tracing packet paths.

When enhanced security measures such as cryptographic validations are in place, they require signatures to validate data authenticity. If these signatures are not kept current following modifications to the address records, validation systems may reject these as untrustworthy. Conversely, issues like network congestion or incorrect firewall settings typically do not result in selective rejection of valid records.

A logical network diagram primarily focuses on illustrating the architecture of the network, including how different devices communicate and relate within the network, such as showing subnets, network devices, and routing protocols. This differs from physical diagrams, which depict the physical location of hardware and interconnections.

The BSSID uniquely identifies each access point in a WLAN. It is a 48-bit identifier that follows MAC address conventions and allows client devices and administrators to distinguish between multiple access points broadcasting the same SSID. The SSID, by contrast, is the user-visible network name. While the BSSID is included in beacon and management frames, its primary purpose is identification, not capacity planning or direct security enforcement.

The correct answer is to configure each access point with the same SSID on different, non-overlapping channels. An Extended Service Set (ESS) allows multiple access points to use the same network name (SSID), making them appear as a single, large network. This enables client devices to roam seamlessly from one access point to another. To prevent signal interference and performance degradation between adjacent access points, they must be set to different, non-overlapping channels (e.g., 1, 6, and 11 for 2.4 GHz Wi-Fi). Configuring APs with the same channel would cause co-channel interference. BSSIDs are the unique MAC addresses of the access points and cannot be configured to be the same.

An ad hoc network is a decentralized type of wireless network where devices connect to each other directly in a peer-to-peer (P2P) fashion, without the need for a central access point or router. This makes it ideal for temporary setups where no network infrastructure exists. An infrastructure network requires a central access point to manage communications. A mesh network can involve peer-to-peer links but is typically a more complex setup, often used to extend wireless coverage over a larger area. A point-to-point network typically connects exactly two nodes, often over a longer distance, whereas this scenario involves several users in a single room.

Routers at the network layer generally use IP addresses to make decisions about packet forwarding, routing them to the next hop based on the routing table. MAC addresses are used in Layer 2 for device identification on the same network segment and not for routing decisions, making them incorrect for this context. Port numbers and service numbers are associated with TCP/UDP in the transport layer and layer 4 services respectively, which are not used for routing decisions at the network layer.

IPSec (Internet Protocol Security) is the correct choice because it is designed to securely encrypt and encapsulate data for secure transport over a public network, which is essential for VPNs. ICMP, used mainly for diagnostic purposes, does not support secure encapsulation. TCP and UDP are core transport protocols and do not inherently provide encryption or encapsulation necessary for VPN security.

Version-control repositories such as Git store each revision of configuration files, record who made the change and when, and support branching, merging, and rollbacks. This collaborative history prevents accidental overwrites and provides an auditable trail-capabilities the other choices do not offer.

Accurate cable maps are crucial for efficient troubleshooting and management of the network. They assist in quick identification of connection points and paths, thereby reducing downtime and simplifying maintenance tasks. Incorrect maps can lead to confusion, increased troubleshooting times, and potential errors during network upgrades or repairs.

Address pool exhaustion occurs when all the available network addresses in a DHCP pool are currently in use, preventing new devices from obtaining addresses needed for network connection. This issue is typical when network expansion, such as adding a new department, occurs without adjusting DHCP configurations to meet increased demand. Investigating whether the DHCP pool has sufficient available network addresses directly addresses the problem. Adding more access points does not relate directly to the provisioning of network addresses, but instead to wireless coverage. Errors in network segment configuration could potentially lead to connection issues, but these would generally manifest differently than simple failures to access network resources. Deactivating unused network ports would not increase the availability of network addresses that are directly managed by DHCP.

Traffic analysis is the correct answer because it specifically involves the examination and breaking down of network traffic to detect trends, potential security threats, or other issues. This is crucial for proactive network management and optimization. Other options, like configuration monitoring and availability monitoring, focus on different aspects of network performance. Configuration monitoring tracks changes to the network's configuration while availability monitoring ensures that systems are up and running as expected.