CompTIA Network+ Practice Test (N10-009)

The correct answer is 'Frame', as Layer 2 of the OSI model, also known as the Data Link Layer, processes data in units called frames. A frame encapsulates packets with a header and a trailer to facilitate node-to-node communication across the physical layer. Ethernet frames are the most common type of Layer 2 frames, which include headers containing MAC addresses. The other answers, while related to networking, represent data units or terminologies used at different OSI model layers or different contexts, none of which pertain to the primary function of Layer 2.

Transport Layer Security (TLS) establishes an encrypted channel that ensures confidentiality, integrity, and authentication for application traffic. It underpins HTTPS, SMTPS, FTPS, and many other Internet services, making it the de-facto standard for end-to-end protection of data in transit. IPsec also offers strong encryption but functions at the network layer and is most often deployed for site-to-site or remote-access VPN tunnels rather than securing individual application sessions. SSH encrypts traffic too, yet its primary purpose is secure remote administration and file transfer, not general web or email traffic. HTTPS is simply HTTP carried inside TLS; the underlying encryption protocol is still TLS, so selecting TLS most accurately identifies the technology that delivers the strongest and broadest protection for sensitive Internet communications.

An Internet gateway enables networked devices to connect to the Internet by providing a routing path from the local network to the Internet. This function is fundamental in network design to facilitate external communication and access to Internet services. The answer specifying data transfer between a private network and the Internet correctly captures this role. Other options, while related to networking tasks, do not accurately describe the primary function of an Internet gateway.

IPSec is the correct choice because it is designed to provide security at the network layer. By encrypting and authenticating each IP packet of a communication session, IPSec ensures that the data remains confidential and has not been tampered with during transit. SSL/TLS, while also commonly used for encrypting connections, operates at a higher layer in the OSI model and is generally implemented for securing HTTP connections. GRE is a tunneling protocol used to encapsulate a wide variety of network layer protocols, but it does not inherently provide encryption or authentication.

ST connectors are primarily favored for their reliability in ensuring a secure physical connection through their bayonet-style locking mechanism, which is vital in environments where frequent vibrations or movements might occur, such as in industrial settings or data centers.

The other options are either incorrect or describe attributes that are more characteristic of other connector types:

• LC connectors are known for their small form factor, not ST connectors.
• MPO connectors accommodate multiple fibers, whereas ST connectors terminate a single fiber.
• Although low insertion loss is desirable, it is not a distinguishing advantage of the ST design.

An intrusion prevention system (IPS) not only detects malicious activities but actively blocks them from causing harm to the network. While an intrusion detection system (IDS) also monitors for potentially malicious activity, it differs from an IPS because it does not block the activity but rather alerts the administrator. A firewall is designed to block unauthorized access based on predetermined security rules, not specifically to handle post-detection activities like an IPS. A proxy server, conversely, facilitates requests between the client and the server primarily for anonymity and can perform content filtering but does not directly act on intrusion attempts like an IPS.

The correct answer is captive portals, which display a web page to newly connected users so they must accept the organization's terms of service or provide information (such as an email address) before full Internet access is allowed. Captive-portal implementations can also keep guest traffic isolated from internal resources.

MAC filtering confines access to devices with approved hardware addresses but does not present a terms-of-use page or collect user details. WPA3 secures wireless communication through strong encryption but likewise offers no interactive login page. Subnetting divides IP networks for logical segmentation and has no capability to prompt users for agreements or credentials.

An ad hoc network is a decentralized type of wireless network where devices connect to each other directly in a peer-to-peer (P2P) fashion, without the need for a central access point or router. This makes it ideal for temporary setups where no network infrastructure exists. An infrastructure network requires a central access point to manage communications. A mesh network can involve peer-to-peer links but is typically a more complex setup, often used to extend wireless coverage over a larger area. A point-to-point network typically connects exactly two nodes, often over a longer distance, whereas this scenario involves several users in a single room.

Creating a diagram that combines physical and logical views offers a complete picture of the network. The physical portion shows tangible details such as device locations, cable runs, and rack layouts, while the logical portion illustrates IP addressing, VLANs, and traffic flow. Having both perspectives in a single diagram (or paired companion diagrams) streamlines troubleshooting and makes it easier to predict how changes to one layer will affect overall connectivity.

A Content Delivery Network (CDN) is designed to cache content at multiple geographical locations to ensure faster delivery of multimedia content and webpages to a global audience, effectively handling high traffic and enhancing web performance. VPNs, while useful for secure connectivity, primarily focus on security rather than performance enhancement. Load balancers distribute traffic across servers to prevent any one server from becoming overwhelmed, but they do not reduce latency caused by geographical distance. Firewalls monitor and control incoming and outgoing network traffic based on predetermined security rules and do not influence content delivery speed.

SFTP operates as a subsystem of SSH and, by default, uses TCP port 22 for both control commands and data transfer within a single encrypted session. Opening port 22 on the firewall is therefore sufficient to enable SFTP connectivity. Ports 20/21 are used by legacy (unencrypted) FTP, while ports 80 and 443 are associated with HTTP and HTTPS respectively and are unrelated to SFTP.

HTTPS on port 443 is the correct answer because it is the secure version of HTTP, using encryption (SSL/TLS) to securely transfer web pages from web servers to clients. FTP on port 21 is used for file transfers but not specifically for web pages. SMTP on port 25 is used for sending emails, not web pages. Telnet on port 23 offers text-oriented communication but lacks encryption, making it inappropriate for secure transfers.

MTTR is the average amount of time required to diagnose, repair, and fully restore a device or system after a failure has been detected. It spans detection, troubleshooting, replacement or repair, and verification that normal operation has resumed. It does not describe the interval between failures (MTBF), the allowable data-loss window (RPO), or merely the time to notice a fault.

An incorrect default gateway on a device typically leads to the inability to communicate with devices outside the local subnet. The default gateway is responsible for routing the packets of a device to destinations not within the immediate network. If it is incorrect, the device can only communicate locally, not beyond its subnet, which is why the device 'Cannot access external websites or services' is the correct answer. The other options could be symptoms of other configuration errors, but they do not directly relate to problems with the default gateway setting.

SIP supports several transport protocols-including UDP, TCP, and SCTP-but UDP is both the default and the most widely used for unencrypted SIP signaling on port 5060. UDP's lightweight, connectionless behavior reduces latency and overhead, which benefits real-time voice and video traffic. SIP provides its own reliability mechanisms (retransmissions and acknowledgments), so it does not rely on TCP's connection-oriented features. TCP may be selected when very large SIP messages need guaranteed delivery, and SCTP is optional in certain environments.