CompTIA Network+ Practice Test (N10-009)

Using VLSM enables the network engineer to allocate IP address space more efficiently by allowing for different-sized subnets within the same network. This flexibility reduces the wastage of IP addresses compared to using a fixed-length subnet mask for every subnet, which might not align well with the actual number of hosts needed.

Encapsulating Security Payload (ESP) is used within IPsec to provide confidentiality, along with integrity and authentication of the data. It encrypts the payload data and optional header to ensure that sensitive information remains confidential when sent over an insecure network. The other options do not specifically address data confidentiality. Authentication Header (AH) provides authenticity and integrity but does not encrypt data, thus does not guarantee confidentiality of the communication. Full-duplex transmission relates to the direction data can travel in a network and does not pertain to data confidentiality or encryption.

WPA3 provides enhanced security features compared to WPA2, including improved protections against brute-force attacks and better data encryption. WPA2, while still secure, is older and potentially vulnerable to security exploits that have been addressed in WPA3. WEP is outdated and highly insecure, with many vulnerabilities that can be exploited easily. WPA-PSK offers a decent security level but lacks the advanced features and strength of WPA3, making it less ideal for environments requiring robust security measures.

UDP is known for its connectionless nature, meaning it does not require a connection to be established before sending data between devices. This makes UDP suitable for situations where speed is more critical than reliability. In contrast, 'Reliable and connection-oriented' describes TCP, not UDP. 'Uses handshaking protocols' also refers to TCP, which establishes a connection before data transmission. 'Encrypted by default' is incorrect as UDP does not provide encryption inherently; it relies on application-layer protocols for security.

The primary function of tcpdump is to capture and analyze network traffic. This is crucial for diagnosing network issues and understanding the flow of traffic through a network. The other options, while related to network activities, do not accurately describe the central functionality of tcpdump, which is specifically focused on capturing packet data.

Increasing the wireless coverage might not directly address the high number of clients disconnecting if the area coverage is already sufficient. Adjusting the data rates requires assessing if slow data rates are the actual cause of disassociation, which is not directly implied. Replacing the antenna would depend on whether the existing ones are faulty or unsuitable for the environment, which isn't suggested by the given scenario. Adding an additional access point addresses the issue by reducing the load on a single access point, thus likely decreasing the frequency of disconnections during peak hours. This aligns with managing network congestion and ensuring adequate service delivery for all connected clients.

802.11ac supports dual-band wireless technology that allows for higher data rates (up to several Gbps) and operates exclusively in the 5 GHz frequency band, suitable for applications requiring higher bandwidth like HD video streaming and high-speed file transfer. The other options, although useful in various contexts, offer lower data rates and operate at 2.4 GHz (except for 802.11a, which uses 5 GHz but offers lower throughput than 802.11ac).

A rogue DHCP server can issue incorrect or malicious network settings to clients, directing traffic to unauthorized locations which potentially allows for man-in-the-middle attacks or data exfiltration. It disrupts network operations by allocating incorrect IP addresses and gateway information, posing significant security and operational risks. The other options, while potentially part of various attack strategies or network configurations, do not directly represent the typical outcomes of a rogue DHCP server.

IPSec is the correct choice because it is designed to provide security at the network layer. By encrypting and authenticating each IP packet of a communication session, IPSec ensures that the data remains confidential and has not been tampered with during transit. SSL/TLS, while also commonly used for encrypting connections, operates at a higher layer in the OSI model and is generally implemented for securing HTTP connections. GRE is a tunneling protocol used to encapsulate a wide variety of network layer protocols, but it does not inherently provide encryption or authentication.

Using an Optical Power Meter is the most accurate and direct method to measure the strength of the light signal in a fiber optic cable, providing quantifiable data on how much signal loss occurs between transmitter and receiver. Strength testers or adjusting wavelengths, although related to managing signal strength, do not provide specific measurements needed to diagnose issues and identify potential losses. Ensuring hardware compatibility relates to initial configuration rather than troubleshooting an existing problem.

The correct answer is 'To prevent switching loops in a broadcast domain'. Spanning Tree Protocol (STP) is essential in a layered network to prevent loops, which can create broadcast storms and destabilize network communications. While improving performance and expanding network coverage are beneficial outcomes of many network protocols, they are not the primary functions of the spanning tree protocol. As for managing collision domains, that is primarily addressed by switching devices and protocols at a different layer.

Port Security is a Network Access Control (NAC) feature that limits the number of MAC addresses allowed on a single port, thereby preventing unauthorized devices from connecting to the network. This feature is pivotal in maintaining control over which devices can access network resources, enhancing the physical security layer of the network infrastructure. MAC filtering, while related, is focused more on access permissions rather than limiting the number of connections. 802.1X provides network authentication prior to allowing access, which differs from the more direct control of connections that Port Security offers. Device identification helps in recognizing the devices but does not limit the number of allowable connections specifically.

A wireless access point (AP) connects wired networks to wireless clients. An AP allows wireless devices to join the network by providing a bridge between the wired network infrastructure and wireless clients via radio frequency signals. Routers can provide similar functionality but are primarily designed to route traffic between different networks and typically include a built-in switch and AP. Controllers manage multiple APs but do not themselves broadcast Wi-Fi. NAS devices are focused on data storage.

Botnet malware fits this scenario as it often involves groups of computers that can be remotely managed (often via a command and control server) to execute coordinated tasks such as sending out spam or participating in DDoS attacks - which would explain the unusual network patterns. In contrast, Trojan mostly focuses on creating secret access points without spreading across networks. Spyware primarily aims to monitor user activities and gather personal data rather than extensively utilizing system resources. Worms are known for their ability to self-replicate and spread independently, which doesn't necessarily involve communication with a command and control server.

VLANs (Virtual Local Area Networks) operate at Layer 2 of the OSI model and enable a network engineer to create multiple, isolated broadcast domains on a single physical network infrastructure without requiring additional hardware. This allows for improved network segmentation and traffic management. Subnetting operates at Layer 3 by dividing networks based on IP addresses. Routing and NAT (Network Address Translation) are also Layer 3 functions and do not provide Layer 2 segmentation capabilities.