CompTIA Network+ Practice Test (N10-009)

Implementing Quality of Service (QoS) rules to prioritize essential traffic and limit bandwidth for video streaming ensures that critical applications continue to perform well even during high traffic periods. Increasing bandwidth could solve the problem, but it might not be cost-effective. Restricting access to streaming sites could disrupt users who may need access for legitimate purposes, while changing work schedules is impractical and does not directly address the bandwidth issue.

Tailgating is a specific type of social engineering where an unauthorized person follows someone with authorized access into a restricted area without being noticed. This differs from other social-engineering techniques because it requires physical proximity and exploits courteous behavior rather than electronic communication or technical network manipulation.

The broadcast address for any IPv4 subnet is obtained by setting all host bits to 1. For a standard Class C network, the default subnet mask is 255.255.255.0, so the host portion is the final octet. Setting those eight bits to 1 changes 192.168.15.0 to 192.168.15.255, which is the directed broadcast address for that subnet. The incorrect answers either identify the network address, the first usable host address, or the broadcast for a different subnet size.

When a switch port goes into the "Error disabled" state, the IOS software shuts down the interface after detecting a fault such as a BPDU guard, port-security, or link-flap violation. In this condition the port is administratively up in the configuration but operationally down, and it forwards no traffic until an administrator repairs the cause and re-enables the port or until an errdisable recovery timer brings it back online. Other status values such as "Administratively down" (disabled by configuration), "Suspended" (for example, in an EtherChannel mismatch), or "Connected" (normal forwarding) do not match this behavior.

The correct subnet mask is 255.255.224.0. Starting with a /16 network, borrowing 3 bits for subnetting (2³=8 subnets) results in a /19 subnet mask, which corresponds to 255.255.224.0. The other options do not provide the appropriate number of subnets or the correct subnet mask for dividing the network into exactly 8 subnets.

A primary zone is the correct answer because it contains the master, writable copy of a domain's DNS records. It is the authoritative source from which secondary servers replicate data via zone transfers.

A secondary zone is incorrect because it is a read-only copy of a primary zone. While it provides authoritative answers, it cannot be the original, writable source of the records.

A reverse lookup zone is incorrect because its purpose is to map IP addresses back to domain names, not to serve as the primary source for name-to-IP resolutions.

A stub zone is incorrect because it only contains a partial list of records (NS, SOA, and glue A records) needed to identify the authoritative DNS servers for a zone, not the entire set of records for that zone.

Port security is a layer 2 traffic control feature used mainly to limit the number of MAC addresses allowed on a single port. This prevents unauthorized devices from accessing the network and mitigates risks like MAC flooding. Limiting bandwidth does not relate directly to security, and monitoring traffic patterns and transmitting data securely are functions more closely associated with network monitors and encryption protocols, respectively.

Disabling all unused ports on switches and routers (and similarly disabling unnecessary services) removes unneeded entry points, directly shrinking the device's attack surface. Encrypting management traffic and implementing port mirroring improve confidentiality and monitoring, but they do not eliminate potential targets. Enabling additional remote-management services actually expands the attack surface by exposing more services to possible exploitation.

The term 'Integrity' is part of the Confidentiality, Integrity, and Availability (CIA) triad and specifically refers to the assurance that data is not altered or tampered with in an unauthorized manner. It ensures that information is trustworthy and accurate. 'Confidentiality' focuses on limiting access to information to authorized persons. 'Availability' pertains to ensuring that authorized users have reliable access to information when needed. Although 'Authentication' is critical for security, it primarily deals with verifying the identity of a user or device.

A private network infrastructure is exclusively maintained for the communication needs within an organization, generally isolated from public access to secure sensitive data and operations. An intranet used by company employees is a prime example of such a network. Public networks are designed for public access, thus unfit for internal, sensitive communications. A VPN, although it uses public networks, essentially creates a 'private tunnel' and is mainly used for secure connections over the internet. A metropolitan area network (MAN) typically spans a larger geographic area like a city and can be either public or private, but the scenario describes a public service, making it broader than a single organization's private network.

A warm site is a partially equipped recovery facility with pre-installed servers, network connectivity, and other core infrastructure. It usually has some software and configuration in place and may receive periodic-though not real-time-data replication. Because it is not maintained in full sync with the primary data center, the IT staff must perform additional configuration and restore recent data before the site can assume production workloads. This contrasts with a cold site, which has only basic infrastructure and no installed hardware or data, and a hot site, which is fully mirrored and ready for immediate failover.

Configuration drift occurs when the actual configuration state of a device or system deviates from the desired or documented state-often because of manual, out-of-band, or incomplete changes. This divergence can introduce inconsistencies, reduce reliability, and create security or compliance risks. Effective IaC and automation practices continuously detect and remediate drift to keep infrastructure aligned with its intended configuration.

When the volume of data packets exceeds the carrying capacity of a network segment, it primarily results in increased packet delays and potential losses. This is because the network cannot handle the excessive load, leading to buffered or dropped packets. Other options like 'Enhanced throughput' and 'Reduced latency' represent misunderstandings of network congestion effects - higher traffic volumes degrade, rather than improve, performance characteristics. 'Automatic rerouting of traffic', although possible through certain configurations, is not a direct consequence of congestion.

The correct scenario involves renting virtual machines and storage from a cloud provider, which is a characteristic example of IaaS. IaaS provides virtualized computing resources over the internet, enabling users to run and manage applications without managing the physical cloud infrastructure. The other options, while related to cloud services, do not accurately depict the IaaS model. SaaS provides software applications over the internet, PaaS provides platforms to create software that are managed by third-party providers, and private clouds are about deployment models, not service models like IaaS.

A rack diagram is the most useful type of network documentation for visually representing the physical arrangement of devices within server racks. It provides detailed information about the exact placement of hardware, aiding in both troubleshooting and future expansions or modifications. Physical diagrams show the physical connections between devices, not specifically how they are arranged in racks. Network diagrams provide a broader overview of connections and network topology, which does not detail specific device placements in server racks. Cable maps focus primarily on the routing and organization of cables, not on device placement within racks.

Class of Service (CoS) is a Quality of Service (QoS) mechanism that operates at Layer 2 to mark frames with a priority level. This allows network devices to categorize traffic and prioritize sensitive data, such as VoIP packets, over less time-sensitive traffic like HTTP. This process is crucial for maintaining call quality during periods of network congestion. Traffic shaping is a different QoS technique focused on controlling the rate of traffic flow rather than prioritizing by type. Packet sniffing is a monitoring tool used to capture and analyze network traffic, not manage it. Load balancing distributes traffic across multiple network paths or servers to improve availability and performance but does not inherently prioritize traffic based on its type.

HTTPS is the secure version of HTTP, providing encryption and secure identification of the server. It typically runs on port 443 to ensure data sent and received is encrypted, which is essential for handling sensitive information such as financial reports. The other options are incorrect. HTTP on port 80 is for unencrypted web traffic. FTP on port 21 is for file transfers and is unencrypted by default. SMTP on port 25 is for sending email and is also unencrypted by default.

Configuring a dedicated voice VLAN allows the switch to separate and apply Quality of Service (QoS) policies to voice traffic, reducing latency and jitter that can degrade call quality. While 802.1Q tagging identifies frames that belong to different VLANs, it does not by itself ensure that voice traffic receives higher priority. Link aggregation increases bandwidth and redundancy, and speed/duplex settings affect physical-layer performance, but neither directly provides the traffic prioritization required by real-time voice communications.

VXLAN is primarily used for Layer 2 network isolation over a Layer 3 network, allowing for the creation of a large number of isolated Layer 2 networks across geographically dispersed data centers. This technology is essential in scenarios where you need to extend the same Layer 2 domain across different data centers without physical connectivity limitations. Choice 'Extending Layer 2 domains across multiple data centers' directly reflects the capability of VXLAN to extend network segments over a Layer 3 infrastructure, which is crucial for large and distributed network architectures. Other options, while feasible in certain contexts, do not specifically leverage the unique Layer 2 encapsulation capabilities of VXLAN.

The Subscriber Connector (SC) is the correct answer because its square form factor and push-pull latch create a pull-proof connection that resists accidental unplugging, making it popular in telecom and data-communications patch panels. LC also uses a push-pull latch but in a smaller form factor; ST relies on a bayonet twist-lock; and FC uses a threaded coupling. These differences make LC, ST, and FC plausible yet incorrect choices here.