Practice Free N10-008 Exam Online Questions
Question #91
Which of the following devices and encapsulations are found at the data link layer? (Select two).
- A . Session
- B . Frame
- C . Firewall
- D . Switch
- E . Packet
- F . Router
Correct Answer: B, D
B, D
Explanation:
A frame is a unit of data that is transmitted at the data link layer of the OSI model. A frame consists of a header, a payload, and a trailer. The header contains information such as the source and destination MAC addresses, the frame type, and the error detection code. The payload contains the data from the upper layer protocols, such as IP packets. The trailer contains the frame check sequence, which is used to verify the integrity of the frame. A switch is a device that operates at the data link layer of the OSI model. A switch forwards frames based on the MAC addresses of the devices connected to its ports. A switch can create separate collision domains and reduce network congestion. A switch can also implement VLANs, which are logical groups of devices that share the same broadcast domain, regardless of their physical location. A session is a logical connection between two or more devices that allows the exchange of data at the transport layer of the OSI model. A session is not a device or an encapsulation at the data link layer. A firewall is a device that operates at the network layer or the application layer of the OSI model. A firewall filters packets based on the IP addresses, ports, protocols, or application rules. A firewall is not a device or an encapsulation at the data link layer. A packet is a unit of data that is transmitted at the network layer of the OSI model. A packet consists of a header and a payload. The header contains information such as the source and destination IP addresses, the protocol type, and the hop count. The payload contains the data from the upper layer protocols, such as TCP segments. A packet is not an encapsulation at the data link layer. A router is a device that operates at the network layer of the OSI model. A router forwards packets based on the IP addresses and the routing table. A router can create separate broadcast domains and connect different networks. A router is not a device or an encapsulation at the data link layer.
Reference: CompTIA Network+ N10-008 Cert Guide, Chapter 2, Section 2.2 and CompTIA Network+ N10-008 Cert Guide, Chapter 3, Section 3.1
B, D
Explanation:
A frame is a unit of data that is transmitted at the data link layer of the OSI model. A frame consists of a header, a payload, and a trailer. The header contains information such as the source and destination MAC addresses, the frame type, and the error detection code. The payload contains the data from the upper layer protocols, such as IP packets. The trailer contains the frame check sequence, which is used to verify the integrity of the frame. A switch is a device that operates at the data link layer of the OSI model. A switch forwards frames based on the MAC addresses of the devices connected to its ports. A switch can create separate collision domains and reduce network congestion. A switch can also implement VLANs, which are logical groups of devices that share the same broadcast domain, regardless of their physical location. A session is a logical connection between two or more devices that allows the exchange of data at the transport layer of the OSI model. A session is not a device or an encapsulation at the data link layer. A firewall is a device that operates at the network layer or the application layer of the OSI model. A firewall filters packets based on the IP addresses, ports, protocols, or application rules. A firewall is not a device or an encapsulation at the data link layer. A packet is a unit of data that is transmitted at the network layer of the OSI model. A packet consists of a header and a payload. The header contains information such as the source and destination IP addresses, the protocol type, and the hop count. The payload contains the data from the upper layer protocols, such as TCP segments. A packet is not an encapsulation at the data link layer. A router is a device that operates at the network layer of the OSI model. A router forwards packets based on the IP addresses and the routing table. A router can create separate broadcast domains and connect different networks. A router is not a device or an encapsulation at the data link layer.
Reference: CompTIA Network+ N10-008 Cert Guide, Chapter 2, Section 2.2 and CompTIA Network+ N10-008 Cert Guide, Chapter 3, Section 3.1
Question #92
A company wants to invest in new hardware for the core network infrastructure. The management team requires that the infrastructure be capable of being repaired in less than 60 minutes if any major part fails.
Which of the following metrics is MOST likely associated with this requirement?
- A . RPO
- B . MTTR
- C . FHRP
- D . MTBF
Correct Answer: B
B
Explanation:
MTTR is directly related to how quickly a system can be repaired if any major part fails3. The management team requires that the infrastructure be capable of being repaired in less than 60 minutes, which means they have a low MTTR requirement.
MTTR stands for Mean Time To Repair and is a metric used to measure the average amount of time it takes to repair a failed component or system. In this case, the requirement is for the infrastructure to be capable of being repaired in less than 60 minutes if any major part fails, which means the MTTR
should be less than 60 minutes.
B
Explanation:
MTTR is directly related to how quickly a system can be repaired if any major part fails3. The management team requires that the infrastructure be capable of being repaired in less than 60 minutes, which means they have a low MTTR requirement.
MTTR stands for Mean Time To Repair and is a metric used to measure the average amount of time it takes to repair a failed component or system. In this case, the requirement is for the infrastructure to be capable of being repaired in less than 60 minutes if any major part fails, which means the MTTR
should be less than 60 minutes.
Question #93
Which of the following devices have the capability to allow communication between two different subnetworks? (Select TWO).
- A . IDS
- B . Access point
- C . Layer 2 switch
- D . Layer 3 switch
- E . Router
- F . Media converter
Correct Answer: D, E
D, E
Explanation:
A layer 3 switch is a device that can perform both switching and routing functions. It can forward packets based on the destination IP address, which is the information used to identify different subnetworks. A layer 3 switch can also create and manage multiple VLANs, which are logical subnetworks within a physical network. Therefore, a layer 3 switch can allow communication between two different subnetworks.
A router is a device that connects multiple IP networks and forwards packets based on the destination IP address. A router can also perform network address translation (NAT), which allows devices with private IP addresses to communicate with devices with public IP addresses. Therefore, a router can allow communication between two different subnetworks, especially if they use different address spaces.
An IDS (intrusion detection system) is a device that monitors network traffic and detects malicious or anomalous activities. An IDS does not forward packets or allow communication between subnetworks, but rather alerts the network administrator or takes preventive actions when a threat is detected.
An access point is a device that allows wireless devices to connect to a wired network. An access point does not forward packets or allow communication between subnetworks, but rather acts as a bridge between the wireless and wired segments of the network.
A layer 2 switch is a device that forwards frames based on the destination MAC address, which is the information used to identify devices within the same subnetwork. A layer 2 switch does not perform routing or network segmentation, and therefore cannot allow communication between different subnetworks.
A media converter is a device that converts signals between different types of media, such as copper and fiber. A media converter does not forward packets or allow communication between subnetworks, but rather enables devices with different physical interfaces to connect to the same network.
Reference: Network Devices
Routing and Switching Essentials
CompTIA Network+ N10-008 Study Guide, Chapter 2: Devices and Infrastructure, pages 58-63, 72-75.
D, E
Explanation:
A layer 3 switch is a device that can perform both switching and routing functions. It can forward packets based on the destination IP address, which is the information used to identify different subnetworks. A layer 3 switch can also create and manage multiple VLANs, which are logical subnetworks within a physical network. Therefore, a layer 3 switch can allow communication between two different subnetworks.
A router is a device that connects multiple IP networks and forwards packets based on the destination IP address. A router can also perform network address translation (NAT), which allows devices with private IP addresses to communicate with devices with public IP addresses. Therefore, a router can allow communication between two different subnetworks, especially if they use different address spaces.
An IDS (intrusion detection system) is a device that monitors network traffic and detects malicious or anomalous activities. An IDS does not forward packets or allow communication between subnetworks, but rather alerts the network administrator or takes preventive actions when a threat is detected.
An access point is a device that allows wireless devices to connect to a wired network. An access point does not forward packets or allow communication between subnetworks, but rather acts as a bridge between the wireless and wired segments of the network.
A layer 2 switch is a device that forwards frames based on the destination MAC address, which is the information used to identify devices within the same subnetwork. A layer 2 switch does not perform routing or network segmentation, and therefore cannot allow communication between different subnetworks.
A media converter is a device that converts signals between different types of media, such as copper and fiber. A media converter does not forward packets or allow communication between subnetworks, but rather enables devices with different physical interfaces to connect to the same network.
Reference: Network Devices
Routing and Switching Essentials
CompTIA Network+ N10-008 Study Guide, Chapter 2: Devices and Infrastructure, pages 58-63, 72-75.
Question #94
A network administrator is configuring a load balancer for two systems.
Which of the following must the administrator configure to ensure connectivity during a failover?
- A . VIP
- B . NAT
- C . APIPA
- D . IPv6 tunneling
- E . Broadcast IP
Correct Answer: A
A
Explanation:
A virtual IP (VIP) address must be configured to ensure connectivity during a failover. A VIP address is a single IP address that is assigned to a group of servers or network devices. When one device fails, traffic is automatically rerouted to the remaining devices, and the VIP address is reassigned to the backup device, allowing clients to continue to access the service without interruption.
Reference: CompTIA Network+ Certification Study Guide, Exam N10-007, Fourth Edition, Chapter 6: Network Servers, p. 300
A
Explanation:
A virtual IP (VIP) address must be configured to ensure connectivity during a failover. A VIP address is a single IP address that is assigned to a group of servers or network devices. When one device fails, traffic is automatically rerouted to the remaining devices, and the VIP address is reassigned to the backup device, allowing clients to continue to access the service without interruption.
Reference: CompTIA Network+ Certification Study Guide, Exam N10-007, Fourth Edition, Chapter 6: Network Servers, p. 300
Question #95
A technician is configuring a wireless network and needs to ensure users agree to an AUP before connecting.
Which of the following should be implemented to achieve this goal?
- A . Captive portal
- B . Geofencing
- C . Wireless client isolation
- D . Role-based access
Correct Answer: A
A
Explanation:
A captive portal is a web page that requires users to accept an acceptable use policy (AUP) or enter some credentials before they can access the internet or other network resources12. A captive portal can be implemented on a wireless network to ensure users agree to the terms and conditions of the network usage, such as security, privacy, and bandwidth policies34.
A geofencing is a technology that uses GPS or RFID to define a virtual boundary around a physical location, such as a building or a campus56. Geofencing can be used to restrict or allow access to a wireless network based on the user’s location, but it does not require users to agree to an AUP before connecting78.
Wireless client isolation is a feature that prevents wireless devices connected to the same access point or wireless network from communicating with each other. Wireless client isolation can enhance the security and privacy of the wireless network, but it does not require users to agree to an AUP before connecting.
Role-based access control (RBAC) is a method of assigning permissions to users or groups based on their roles and responsibilities. RBAC can be used to enforce the principle of least privilege and limit the access to network resources based on the user’s role, but it does not require users to agree to an AUP before connecting.
Therefore, the best answer is
A
Explanation:
A captive portal is a web page that requires users to accept an acceptable use policy (AUP) or enter some credentials before they can access the internet or other network resources12. A captive portal can be implemented on a wireless network to ensure users agree to the terms and conditions of the network usage, such as security, privacy, and bandwidth policies34.
A geofencing is a technology that uses GPS or RFID to define a virtual boundary around a physical location, such as a building or a campus56. Geofencing can be used to restrict or allow access to a wireless network based on the user’s location, but it does not require users to agree to an AUP before connecting78.
Wireless client isolation is a feature that prevents wireless devices connected to the same access point or wireless network from communicating with each other. Wireless client isolation can enhance the security and privacy of the wireless network, but it does not require users to agree to an AUP before connecting.
Role-based access control (RBAC) is a method of assigning permissions to users or groups based on their roles and responsibilities. RBAC can be used to enforce the principle of least privilege and limit the access to network resources based on the user’s role, but it does not require users to agree to an AUP before connecting.
Therefore, the best answer is
Question #96
Due to concerns around single points of failure, a company decided to add an additional WAN to the network. The company added a second MPLS vendor to the current MPLS WAN and deployed an additional WAN router at each site. Both MPLS providers use OSPF on the WAN network, and EIGRP is run internally. The first site to go live with the new WAN is successful, but when the second site is activated significant network issues occur.
Which of the following is the MOST likely cause for the WAN instability?
- A . A routing loop
- B . Asymmetrical routing
- C . A switching loop
- D . An incorrect IP address
Correct Answer: B
B
Explanation:
Asymmetrical routing is the most likely cause for the WAN instability. When two different routing protocols are used, like OSPF and EIGRP, it can cause asymmetrical routing, which results in traffic being routed differently in each direction. This can lead to instability in the WAN. A CDP neighbor change, a switching loop, or an incorrect IP address are not likely causes for WAN instability.
B
Explanation:
Asymmetrical routing is the most likely cause for the WAN instability. When two different routing protocols are used, like OSPF and EIGRP, it can cause asymmetrical routing, which results in traffic being routed differently in each direction. This can lead to instability in the WAN. A CDP neighbor change, a switching loop, or an incorrect IP address are not likely causes for WAN instability.
Question #97
A technician is installing multiple UPS units in a major retail store. The technician is required to keep track of all changes to new and old equipment.
Which of the following will allow the technician to record these changes?
- A . Asset tags
- B . A smart locker
- C . An access control vestibule
- D . A camera
Correct Answer: A
A
Explanation:
Asset tags will allow the technician to record changes to new and old equipment when installing multiple UPS units in a major retail store. Asset tags are labels or stickers that are attached to physical assets such as computers, printers, servers, or UPS units. They usually contain information such as asset name, serial number, barcode, QR code, or RFID chip that can be scanned or read by an asset management system or software. Asset tags help track inventory, location, status, maintenance, and ownership of assets.
Reference: https://www.camcode.com/asset-tags/asset-tagging-guide/
A
Explanation:
Asset tags will allow the technician to record changes to new and old equipment when installing multiple UPS units in a major retail store. Asset tags are labels or stickers that are attached to physical assets such as computers, printers, servers, or UPS units. They usually contain information such as asset name, serial number, barcode, QR code, or RFID chip that can be scanned or read by an asset management system or software. Asset tags help track inventory, location, status, maintenance, and ownership of assets.
Reference: https://www.camcode.com/asset-tags/asset-tagging-guide/
Question #98
A network technician is implementing a solution that will allow end users to gain access to multiple applications after logging on.
Which of the following authentication methods would allow this type of access?
- A . SSO
- B . LDAP
- C . EAP
- D . TACACS+
Correct Answer: A
A
Explanation:
SSO stands for Single Sign-On, which is a technology that allows users to log in once and access multiple applications without entering their credentials again1.
SSO simplifies the user experience and enhances security by reducing password fatigue and enforcing password policies1.
SSO is an example of an identity and access management (IAM) solution that integrates with different authentication methods and protocols2.
LDAP, EAP, and TACACS+ are not correct answers because they are not authentication methods that allow access to multiple applications after logging on. They are protocols that facilitate authentication, authorization, and accounting (AAA) functions3.
LDAP stands for Lightweight Directory Access Protocol, which is a protocol that provides access to directory services that store information about users, groups, and devices3.
EAP stands for Extensible Authentication Protocol, which is a framework that supports various authentication methods, such as passwords, certificates, tokens, and biometrics3.
TACACS+ stands for Terminal Access Controller Access-Control System Plus, which is a protocol that provides centralized AAA services for network devices and users3.
Reference:
What is SSO? | How single sign-on works
Single Sign-On – CompTIA Network+ Certification (N10-008): The Total Course Network+ (Plus) Certification | CompTIA IT Certifications
A
Explanation:
SSO stands for Single Sign-On, which is a technology that allows users to log in once and access multiple applications without entering their credentials again1.
SSO simplifies the user experience and enhances security by reducing password fatigue and enforcing password policies1.
SSO is an example of an identity and access management (IAM) solution that integrates with different authentication methods and protocols2.
LDAP, EAP, and TACACS+ are not correct answers because they are not authentication methods that allow access to multiple applications after logging on. They are protocols that facilitate authentication, authorization, and accounting (AAA) functions3.
LDAP stands for Lightweight Directory Access Protocol, which is a protocol that provides access to directory services that store information about users, groups, and devices3.
EAP stands for Extensible Authentication Protocol, which is a framework that supports various authentication methods, such as passwords, certificates, tokens, and biometrics3.
TACACS+ stands for Terminal Access Controller Access-Control System Plus, which is a protocol that provides centralized AAA services for network devices and users3.
Reference:
What is SSO? | How single sign-on works
Single Sign-On – CompTIA Network+ Certification (N10-008): The Total Course Network+ (Plus) Certification | CompTIA IT Certifications
Question #99
An administrator needs to ensure an access switch is sending the appropriate logs to the network monitoring server.
Which of the following logging levels is most appropriate for the access layer switch?
- A . Level 0
- B . Level 2
- C . Level 5
- D . Level 7
Correct Answer: C
C
Explanation:
Logging levels are used to categorize the severity and importance of log messages generated by network devices. The lower the level, the higher the priority. Level 0 is the most critical, while level 7 is the most verbose and least important. Level 5 is the default logging level for most Cisco devices, and it corresponds to notifications. Notifications are messages that indicate normal but significant events, such as interface status changes, configuration changes, or system restarts. These messages are useful for monitoring the health and performance of the network, and they do not generate excessive traffic or consume too much memory or CPU resources. Therefore, level 5 is the most appropriate logging level for an access layer switch, which connects end devices to the network and does not need to log debug or informational messages.
Reference
How to configure logging in Cisco IOS
Cisco Guide to Harden Cisco IOS Devices
Cisco Privilege Levels C Explanation and Configuration
C
Explanation:
Logging levels are used to categorize the severity and importance of log messages generated by network devices. The lower the level, the higher the priority. Level 0 is the most critical, while level 7 is the most verbose and least important. Level 5 is the default logging level for most Cisco devices, and it corresponds to notifications. Notifications are messages that indicate normal but significant events, such as interface status changes, configuration changes, or system restarts. These messages are useful for monitoring the health and performance of the network, and they do not generate excessive traffic or consume too much memory or CPU resources. Therefore, level 5 is the most appropriate logging level for an access layer switch, which connects end devices to the network and does not need to log debug or informational messages.
Reference
How to configure logging in Cisco IOS
Cisco Guide to Harden Cisco IOS Devices
Cisco Privilege Levels C Explanation and Configuration
Question #100
A computer engineer needs to ensure that only a specific workstation can connect to port 1 on a switch.
Which of the following features should the engineer configure on the switch interface?
- A . Port tagging
- B . Port security
- C . Port mirroring
- D . Port aggregation
Correct Answer: B
B
Explanation:
Port security is a feature that can be configured on a switch interface to limit and identify the MAC addresses of workstations that are allowed to connect to that specific port. This can help ensure that only a specific workstation (or workstations) can connect to the interface. According to the CompTIA Network+ Study Manual, “Port security can be used to specify which MAC addresses are allowed to connect to a particular switch port. If a port security violation is detected, the switch can take a number of different actions, such as shutting down the port, sending an SNMP trap, or sending an email alert.”
B
Explanation:
Port security is a feature that can be configured on a switch interface to limit and identify the MAC addresses of workstations that are allowed to connect to that specific port. This can help ensure that only a specific workstation (or workstations) can connect to the interface. According to the CompTIA Network+ Study Manual, “Port security can be used to specify which MAC addresses are allowed to connect to a particular switch port. If a port security violation is detected, the switch can take a number of different actions, such as shutting down the port, sending an SNMP trap, or sending an email alert.”