What Practical N10-009 Practice Exam Is

NEW QUESTION 1

Which of the following fiber connector types is the most likely to be used on a network interface card?

• A. LC
• B. SC
• C. ST
• D. MPO

Answer: A

Explanation:
LC (local connector) is the most likely fiber connector type to be used on a network interface card, because it is a small form factor connector that can fit more interfaces on a single card. LC connectors use square connectors that have a locking mechanism on the top, similar to an RJ45 copper connector. LC connectors are also compatible with SFP (small form-factor pluggable) modules that are often used to link a gigabit Ethernet port with a fiber network12.
References:
✑ Optical Fiber Connectors – CompTIA Network+ N10-007 – 2.11
✑ CompTIA Network+ Certification Exam Objectives2

NEW QUESTION 2

A company is moving to a new building designed with a guest waiting area that has existing network ports. Which of the following practices would BEST secure the network?

• A. Ensure all guests sign an NDA.
• B. Disable unneeded switchports in the area.
• C. Lower the radio strength to reduce Wi-Fi coverage in the waiting area.
• D. Enable MAC filtering to block unknown hardware addresses.

Answer: B

Explanation:
One of the best practices to secure the network would be to disable unneeded switchports in the guest waiting area. This will prevent unauthorized users from connecting to the network through these ports. It's important to identify which switchports are not in use and disable them, as this will prevent unauthorized access to the network. Other practices such as ensuring all guests sign an NDA, lowering the radio strength to reduce Wi-Fi coverage in the waiting area and enabling MAC filtering to block unknown hardware addresses are not as effective in securing the network as disabling unneeded switchports. Enforcing an NDA with guests may not stop a malicious user from attempting to access the network, reducing the radio strength only limits the Wi-Fi coverage, and MAC filtering can be easily bypassed by hackers.

NEW QUESTION 3

A technician is troubleshooting network connectivity from a wall jack. Readings from a multimeter indicate extremely low ohmic values instead of the rated impedance from the switchport. Which of the following is the MOST likely cause of this issue?

• A. Incorrect transceivers
• B. Faulty LED
• C. Short circuit
• D. Upgraded OS version on switch

Answer: C

Explanation:
A short circuit is a condition where two conductors in a circuit are connected unintentionally, creating a low resistance path for the current. This causes the voltage to drop and the current to increase, which can damage the circuit or cause a fire. A multimeter can measure the resistance or impedance of a circuit, and if it shows extremely low values, it indicates a short circuit.

NEW QUESTION 4

A network administrator needs to change where the outside DNS records are hosted.
Which of the following records should the administrator change at the registrar to accomplish this task?

• A. NS
• B. SOA
• C. PTR
• D. CNAME

Answer: A

Explanation:
NS stands for Name Server, and it is a DNS record that specifies which servers are authoritative for a domain. The registrar is the entity that manages the domain registration and delegation, and it maintains the NS records for each domain. To change where the outside DNS records are hosted, the network administrator needs to change the NS records at the registrar to point to the new DNS servers that will host the outside DNS records.
References:
✑ DNS Record Types – N10-008 CompTIA Network+ : 1.61
✑ CompTIA Network+ N10-008 Cert Guide, page 1472

NEW QUESTION 5

A network technician is configuring a wireless access point and wants to only allow company-owned devices to associate with the network. The access point uses PSKs,
and a network authentication system does not exist on the network. Which of the following should the technician implement?

• A. Captive portal
• B. Guest network isolation
• C. MAC filtering
• D. Geofencing

Answer: C

Explanation:
MAC filtering is a method of allowing only company-owned devices to associate with the network by using their MAC addresses as identifiers. A MAC address is a unique identifier assigned to each network interface card (NIC) by the manufacturer. MAC filtering can be configured on the wireless access point to allow or deny access based on the MAC address of the device. This way, only devices with known MAC addresses can connect to the network. References: https://www.comptia.org/training/books/network-n10-008-study-guide (page 323)

NEW QUESTION 6

Which of the following would be used to enforce and schedule critical updates with supervisory approval and include backup plans in case of failure?

• A. Business continuity plan
• B. Onboarding and offboarding policies
• C. Acceptable use policy
• D. System life cycle
• E. Change management

Answer: A

NEW QUESTION 7

Which of the following can be used to limit the ability of devices to perform only HTTPS connections to an internet update server without exposing the devices to the public internet?

• A. Allow connections only to an internal proxy server.
• B. Deploy an IDS system and place it in line with the traffic.
• C. Create a screened network and move the devices to it.
• D. Use a host-based network firewall on each device.

Answer: A

Explanation:
An internal proxy server is a server that acts as an intermediary between internal devices and external servers on the internet. An internal proxy server can be used to limit the ability of devices to perform only HTTPS connections to an internet update server by filtering and forwarding the requests and responses based on predefined rules or policies. An internal proxy server can also prevent the devices from being exposed to the public internet by hiding their IP addresses and providing a layer of security and privacy.

NEW QUESTION 8

Which of the following technologies provides a failover mechanism for the default gateway?

• A. FHRP
• B. LACP
• C. OSPF
• D. STP

Answer: A

Explanation:
First Hop Redundancy Protocol (FHRP) provides a failover mechanism for the default gateway, allowing a backup gateway to take over if the primary gateway fails. References: CompTIA Network+ Certification Study Guide, Chapter 4: Infrastructure.

NEW QUESTION 9

A company has wireless APS that were deployed with 802.11g. A network engineer has noticed more frequent reports of wireless performance issues during the lunch hour in comparison to the rest of the day. The engineer thinks bandwidth consumption will increase while users are on their breaks, but network utilization logs do not show increased bandwidth numbers. Which Of the following would MOST likely resolve this issue?

• A. Adding more wireless APS
• B. Increasing power settings to expand coverage
• C. Configuring the APS to be compatible with 802.1la
• D. Changing the wireless channel used

Answer: C

Explanation:
* 802.11g is an older wireless standard that operates in the 2.4 GHz frequency band and has a maximum data rate of 54 Mbps. 802.11a is a newer wireless standard that operates in the 5 GHz frequency band and has a maximum data rate of 54 Mbps. By configuring the APS to be compatible with 802.11a, the network engineer can reduce interference and congestion in the 2.4 GHz band and improve wireless performance.
References: Network+ Study Guide Objective 2.5: Implement network troubleshooting methodologies

NEW QUESTION 10

Which of the following documents would be used to define uptime commitments from a provider, along with details on measurement and enforcement?

• A. NDA
• B. SLA
• C. MOU
• D. AUP

Answer: B

Explanation:
A service level agreement (SLA) is a document that is used to define uptime commitments from a provider, along with details on measurement and enforcement. An SLA is a contract between a service provider and a customer that outlines the level of service that the provider is committed to providing and the terms under which that service will be delivered.

NEW QUESTION 11

A network is experiencing extreme latency when accessing a particular website. Which of the following commands will BEST help identify the issue?

• A. ipconfig
• B. netstat
• C. tracert
• D. ping

Answer: C

NEW QUESTION 12

An engineer is designing a network topology for a company that maintains a large on- premises private cloud. A design requirement mandates internet-facing hosts to be partitioned off from the internal LAN and internal server IP ranges. Which of the following defense strategies helps meet this requirement?

• A. Implementing a screened subnet
• B. Deploying a honeypot
• C. Utilizing network access control
• D. Enforcing a Zero Trust model

Answer: A

Explanation:
A screened subnet is a network topology that uses two firewalls to isolate a segment of the network from both the internal LAN and the internet. The screened subnet, also known as a demilitarized zone (DMZ), hosts the internet-facing servers that need to be accessible from outside the network, such as web servers, mail servers, or DNS servers. The first firewall, also known as the external firewall, filters the traffic between the internet and the DMZ, allowing only the necessary ports and protocols to pass through. The second firewall, also known as the internal firewall, filters the traffic between the DMZ and the internal LAN, allowing only authorized and secure connections to access the internal resources. This way, the screened subnet provides a layer of protection for both the internet-facing hosts and the internal LAN from potential attacks12.
The other options are not defense strategies that help meet the design requirement of partitioning off the internet-facing hosts from the internal LAN and internal server IP ranges. Deploying a honeypot is a deception technique that lures attackers to a fake system or network that mimics the real one, in order to monitor their activities and collect information about their methods and motives. However, a honeypot does not isolate or protect the internet-facing hosts from the rest of the network3. Utilizing network access control is a security method that enforces policies on who or what can access the network resources, based on factors such as identity, role, device type, location, or time. However, network access control does not create a separate segment for the internet-facing hosts from the internal LAN. Enforcing a Zero Trust model is a security paradigm that assumes no trust for any entity inside or outside the network, and requires continuous verification and validation of every request and transaction. However, a Zero Trust model does not necessarily imply a specific network topology or architecture for separating the internet-facing hosts from the internal LAN.

NEW QUESTION 13

A network technician is investigating why a core switch is logging excessive amounts of data to the syslog server. The running configuration of the switch showed the following logging information:
ip ssh logging events logging level debugging logging host 192.168.1.100 logging synchronous
Which of the following changes should the technician make to best fix the issue?

• A. Update the logging host IP.
• B. Change to asynchronous logging.
• C. Stop logging SSH events.
• D. Adjust the logging level.

Answer: D

Explanation:
The logging level debugging is the highest level of logging, which means that the switch will log every possible event, including low-priority and verbose messages. This can result in excessive amounts of data being sent to the syslog server, which can affect the performance and storage of the server. To fix the issue, the technician should adjust the logging level to a lower value, such as informational, warning, or error, depending on the desired level of detail and severity. This will reduce the amount of log data generated by the switch and only send the relevant and necessary messages to the syslog server. https://betterstack.com/community/guides/logging/log-levels-explained/

NEW QUESTION 14

A technician is troubleshooting a workstation's network connectivity and wants to confirm
which switchport corresponds to the wall jack the PC is using Which of the following concepts would BEST help the technician?

• A. Consistent labeling
• B. Change management
• C. Standard work instructions
• D. Inventory management
• E. Network baseline

Answer: A

Explanation:
Consistent labeling would be the concept that would best help the technician to confirm which switchport corresponds to the wall jack the PC is using. Consistent labeling is a practice of using standardized and descriptive labels for network devices, ports, cables, jacks, and other components. It can help with identifying, locating, and troubleshooting network issues. For example, a technician can use consistent labeling to trace a cable from a PC to a wall jack, and then from a patch panel to a switchport. References: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DC_Infra2_5/DCIn fra_6.html

NEW QUESTION 15

A coffee shop owner hired a network consultant to provide recommendations for installing a new wireless network. The coffee shop customers expect high speeds even when the network is congested. Which of the following standards should the consultant recommend?

• A. 802.11ac
• B. 802.11ax
• C. 802.11g
• D. 802.11n

Answer: B

Explanation:
802.11ax is the latest and most advanced wireless standard, providing higher speeds, lower latency, and more capacity than previous standards. It also supports OFDMA, which allows multiple devices to share a channel and reduce congestion. The other options are older standards that have lower bandwidth, range, and efficiency than 802.11ax. Therefore, 802.11ax is the best option for the coffee shop owner who wants to provide high speeds even when the network is congested.

NEW QUESTION 16

Which of the following would be used to indicate when unauthorized access to physical internal hardware has occurred?

• A. Motion detectors
• B. Radio frequency identification tags
• C. Tamper evident seal
• D. Locking racks

Answer: C

Explanation:
A tamper evident seal is a device or material that provides a visible indication of unauthorized access to physical internal hardware. Tamper evident seals can be stickers, labels, tapes, locks, or seals that are designed to break, tear, or change color when someone tries to open, remove, or tamper with them. Tamper evident seals can help deter and detect physical security breaches, such as theft, vandalism, or sabotage of hardware devices12. Tamper evident seals can also provide evidence for forensic analysis and legal action3.
References
1 - What Is Hardware Security? Definition, Threats, and Best Practices 2 - Device Physical Security Guideline | Information Security Office
3 - What is unauthorized physical access? – Heimduo

NEW QUESTION 17

A network administrator needs to monitor traffic on a specific port on a switch. Which of the following should the administrator configure to accomplish the task?

• A. Port security
• B. Port tagging
• C. Port mirroring
• D. Media access control

Answer: C

Explanation:
Port mirroring is a feature that allows a network technician to monitor traffic on a specific port on a switch by copying all the traffic from that port to another port where a monitoring device is connected. Port mirroring can be used for troubleshooting, analysis, or security purposes, such as detecting network anomalies, performance issues, or malicious activities. References: https://www.comptia.org/training/books/network-n10-008-study- guide (page 156)

NEW QUESTION 18

A technician removes an old PC from the network and replaces it with a new PC that is unable to connect to the LAN. Which of the Mowing is MOST likely the cause of the issue?

• A. Port security
• B. Port tagging
• C. Port aggregation
• D. Port mirroring

Answer: A

Explanation:
It is most likely that the issue is caused by port security, as this is a feature that can prevent new devices from connecting to the LAN. Port tagging, port aggregation, and port mirroring are all features that are used to manage traffic on the network, but they are not related to the connectivity of new devices. If the technician has configured port security on the network and the new PC does not meet the security requirements, it will not be able to connect to the LAN.

NEW QUESTION 19

A network administrator is reviewing north-south traffic to determine whether a security threat exists. Which of the following explains the type of traffic
the administrator is reviewing?

• A. Data flowing between application servers
• B. Data flowing between the perimeter network and application servers
• C. Data flowing in and out of the data center
• D. Data flowing between local on-site support and backup servers

Answer: C

Explanation:
North-south traffic is any communication between components of a data center and another system, which is physically out of the boundary of the data center. It is also referred to as client-server traffic, as it usually involves requests from end users or external applications to the data center resources. For example, when a user accesses a web application hosted in a data center, the traffic between the user’s browser and the web server is considered north-south traffic.

NEW QUESTION 20

A network administrator is concerned about a rainbow table being used to help access network resources. Which of the following must be addressed to reduce the likelihood of a rainbow table being effective?

• A. Password policy
• B. Remote access policy
• C. Acceptable use policy
• D. Data loss prevention policy

Answer: A

Explanation:
A password policy must be addressed to reduce the likelihood of a rainbow table being effective. A rainbow table is a precomputed table of hashed passwords and their corresponding plaintext values. A rainbow table can be used to crack hashed passwords by performing a reverse lookup of the hash value in the table. A password policy is a set of rules and guidelines that define how passwords should be created, used, and managed in an organization. A password policy can help prevent rainbow table attacks by enforcing strong password requirements, such as length, complexity, expiration, and history. A strong password is one that is hard to guess or crack by using common methods such as brute force or dictionary attacks. References: [CompTIA Network+ Certification Exam Objectives], What Is Rainbow Table Attack? | Kaspersky, Password Policy Best Practices | Thycotic

NEW QUESTION 21
......