CompTIA Network+ Practice Test (N10-009)

HTTPS (Hypertext Transfer Protocol Secure) is the best choice for secure client-server communications involving sensitive data because it incorporates SSL/TLS to encrypt data in transit and authenticate the server. This ensures that all data sent between the client and server is protected. In contrast, HTTP (Hypertext Transfer Protocol) is incorrect as it does not include encryption and sends data in cleartext. LDAP (Lightweight Directory Access Protocol) is used for accessing and maintaining distributed directory information services and does not inherently encrypt data in its standard form. SNMP (Simple Network Management Protocol) is used for network management; while newer versions have security features, its primary purpose is not for general secure data exchange.

Fine-tuning the RSSI (Received Signal Strength Indicator) threshold can significantly enhance the roaming experience by determining the sensitivity of when a device should switch to a stronger signal access point, thus maintaining steadier connectivity. Adjusting transmit power primarily affects the range and strength of the signal emitted by access points but does not directly optimize how devices roam between them. Although SCTP optimization might appear related to performance, it mainly deals with transport protocols for session initiation tasks rather than wireless roaming. Lastly, tweaking QoS settings is generally geared towards prioritizing traffic types over the network and would not specifically resolve roaming transitions.

Traffic analysis data is the most relevant for performance monitoring because it provides insights into the volume and type of traffic flowing through a network. This information is crucial for assessing the network's efficiency, identifying bottlenecks, and understanding overall network health. Usage statistics, while related, more broadly cover the general use of the network without detailed traffic insights. Error logs are important for identifying problems but do not provide a comprehensive overview for performance metrics typically monitored for optimization. Security alerts focus specifically on potential security incidents, not performance metrics.

Configuring the transport agnostic feature is crucial as it allows the SD-WAN system to function efficiently across various types of network connections (MPLS, broadband, LTE, etc.) without needing specific adjustments for each type. This feature abstracts the details of the underlying transport mechanisms, allowing seamless connectivity and management. Other options listed either do not relate directly to managing diverse transport mechanisms or involve security, not operational connectivity.

The primary purpose of the ping command is to test the reachability of a host on an IP network and measure the round-trip time for messages sent from the originating host to a destination computer. This is crucial for initially diagnosing connectivity issues. Answers involving speed testing or direct problem resolution are incorrect because ping does not measure network speed in terms of throughput and cannot resolve the problems itself; it merely checks connectivity and latency.

The correct answer is Cat 6a because it supports speeds up to 10 Gbps over distances up to 100 meters, which is ideal for a modern small business requiring high-speed applications like video conferencing and large file transfers. In contrast, Cat 6 supports 10 Gbps but only up to 55 meters in high crosstalk environments, making it less reliable for consistent high-speed delivery across a business premise. Cat 5e, supporting up to 1 Gbps, currently does not meet the requirements for higher speed applications. Cat 7, although capable of up to 10 Gbps, is typically used for specific cases due to its shielded system and is not a common upgrade path from Cat 5e.

DNSSEC (Domain Name Security Extensions) enhances the security of the domain name system by signing records with public key cryptography. This allows client systems to verify the authenticity and integrity of the response, protecting against certain types of attacks such as cache poisoning. Technologies like DoH and DoT, while providing confidentiality through encryption of requests, do not offer mechanisms for response validation akin to DNSSEC.

The default route is used whenever a destination network is not found elsewhere in the routing table. If it points to the wrong next-hop, packets destined for the Internet (or any unknown network) will be forwarded toward an unreachable or incorrect gateway. The result is that external resources become slow or unreachable while internal LAN traffic is unaffected. Duplicate-IP errors, spanning-tree loops, and DHCP scope exhaustion are unrelated to the default-route setting, so those choices are incorrect.

An unauthorized server that assigns network configurations, such as a rogue DHCP server, often intercepts or disrupts network traffic by providing incorrect configurations to clients. This misdirection can lead to man-in-the-middle attacks or other security breaches, highlighting why understanding this threat is crucial. The incorrect answers do not accurately describe the primary malicious intent of such a server.

A visual fault locator is used to detect physical issues in fiber optic cables, specifically pinpointing exact location of breaks or severe bends affecting the cable's integrity. It emits a bright light that leaks through breaks or faults, visually indicating where the defect lies. Incorrect cable types and improper termination primarily involve using wrong materials or faulty setup procedures which can't typically be detected directly through a visual inspection of light leakage. Signal degradation pertains to the reduction in signal quality over distance or due to interference, but it wouldn't be visually detectable using this method.

Single-mode fiber is designed for long-distance data transmission, capable of carrying signals over 100 kilometers without the need for signal repeaters due to its ability to limit light mode dispersion. This makes it the appropriate choice for distances like 120 kilometers between two data centers. Multimode fiber, on the other hand, is typically used for shorter distances up to 2 kilometers due to modal dispersion, which can lead to signal loss over longer distances.

A switch is the correct answer because it creates a separate collision domain for each port, allowing each connected device to operate without collisions with devices on other ports and use the full available bandwidth. A hub, by contrast, places all connected devices into a single collision domain, forcing them to share bandwidth and leading to performance degradation from frequent collisions. A router operates at Layer 3 to separate broadcast domains and route traffic between different networks, which is a different function than managing collision domains within a single LAN segment. An access point is used for wireless connectivity and creates a shared collision domain for all wireless clients connected to it, using collision avoidance (CSMA/CA) instead of eliminating collisions in the way a switch does for wired devices.

IPsec is designed to securely exchange data over public networks by encrypting and authenticating IP packets. It establishes mutual authentication and negotiates cryptographic keys, making it ideal for VPN tunnels. GRE can encapsulate many protocol types inside IP tunnels but lacks inherent encryption. UDP supports fast, connectionless transmission without built-in security, while TCP provides reliable delivery but no native encryption or confidentiality mechanisms.

DHCP, or Dynamic Host Configuration Protocol, automates the assignment of IP addresses, subnet masks, gateways, and other network settings. This automation simplifies the management of IP address allocation, reduces configuration errors, and supports the easy addition of new devices to the network without the need for manual IP configuration. The other options are incorrect. Resolving domain names to IP addresses is the primary function of DNS. Encrypting data traffic at the transport layer is a function of protocols like TLS. Providing a secure channel for remote administration is a function of protocols like SSH.

Multifactor Authentication (MFA) requires users to provide multiple forms of verification to access a system. This method significantly increases security by requiring two or more independent credentials, combining something the user knows, something the user has, or something the user is. This setup blocks unauthorized access more effectively than methods relying on a single authentication factor.