Practice Free N10-008 Exam Online Questions
Question #181
A junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment.
Which of the following issues is the engineer attempting to prevent?
- A . DDoS
- B . ARP spoofing
- C . VLAN hopping
- D . Rogue DHCP
Correct Answer: C
C
Explanation:
VLAN hopping is a type of network attack where an attacker can send or receive traffic from a VLAN that they are not supposed to access. VLAN hopping can allow an attacker to bypass security policies, access sensitive data, or launch other attacks on the network. VLAN hopping can be performed using two methods: double tagging and switch spoofing1.
Double tagging is where the attacker sends a frame with two VLAN tags, one for the native VLAN and one for the target VLAN. The native VLAN is the VLAN that is used for untagged traffic on a trunk port. If the attacker’s access port is in the same VLAN as the native VLAN, the switch will accept the frame and forward it on the trunk port. The switch will remove the first tag, which is the native VLAN, and send the frame with the second tag, which is the target VLAN. The frame will then reach the target VLAN and be processed by the devices in that VLAN.
Switch spoofing is where the attacker sends Dynamic Trunking Protocol (DTP) packets and tries to negotiate a trunk with the switch. DTP is a Cisco protocol that allows switches to automatically form trunks between them. If the switch’s port is configured with the default dynamic auto or dynamic desirable mode, it will accept the DTP packets and form a trunk with the attacker. The attacker will then have access to all VLANs on the trunk.
To prevent VLAN hopping, the junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. This means that the engineer is changing the VLAN that is used for untagged traffic on the trunk ports to a different VLAN than the default VLAN 1. This will prevent double tagging attacks, as the attacker’s access port will not be in the same VLAN as the native VLAN, and the switch will not accept the frames with two tags. The engineer should also disable DTP on the trunk ports and use the switchport nonegotiate command to prevent switch spoofing attacks2.
Reference
VLAN Hopping – NetworkLessons.com
VLAN Hopping on Native VLAN – Cisco Community
C
Explanation:
VLAN hopping is a type of network attack where an attacker can send or receive traffic from a VLAN that they are not supposed to access. VLAN hopping can allow an attacker to bypass security policies, access sensitive data, or launch other attacks on the network. VLAN hopping can be performed using two methods: double tagging and switch spoofing1.
Double tagging is where the attacker sends a frame with two VLAN tags, one for the native VLAN and one for the target VLAN. The native VLAN is the VLAN that is used for untagged traffic on a trunk port. If the attacker’s access port is in the same VLAN as the native VLAN, the switch will accept the frame and forward it on the trunk port. The switch will remove the first tag, which is the native VLAN, and send the frame with the second tag, which is the target VLAN. The frame will then reach the target VLAN and be processed by the devices in that VLAN.
Switch spoofing is where the attacker sends Dynamic Trunking Protocol (DTP) packets and tries to negotiate a trunk with the switch. DTP is a Cisco protocol that allows switches to automatically form trunks between them. If the switch’s port is configured with the default dynamic auto or dynamic desirable mode, it will accept the DTP packets and form a trunk with the attacker. The attacker will then have access to all VLANs on the trunk.
To prevent VLAN hopping, the junior network engineer is trying to change the native network ID to a non-default value that can then be applied consistently throughout the network environment. This means that the engineer is changing the VLAN that is used for untagged traffic on the trunk ports to a different VLAN than the default VLAN 1. This will prevent double tagging attacks, as the attacker’s access port will not be in the same VLAN as the native VLAN, and the switch will not accept the frames with two tags. The engineer should also disable DTP on the trunk ports and use the switchport nonegotiate command to prevent switch spoofing attacks2.
Reference
VLAN Hopping – NetworkLessons.com
VLAN Hopping on Native VLAN – Cisco Community
Question #182
A network administrator is adding a new switch to the network.
Which of the following network hardening techniques would be BEST to use once the switch is in production?
- A . Disable unneeded ports
- B . Disable SSH service
- C . Disable MAC filtering
- D . Disable port security
Correct Answer: A
A
Explanation:
One of the best practices for network hardening is to disable unneeded switchports. This prevents unauthorized devices from connecting to the network and reduces the attack surface. Disabling unneeded ports also conserves power and bandwidth.
To disable a port on a Cisco switch, the administrator can use the following commands:
switch# configure terminal
switch(config)# interface fastethernet 0/1
switch(config-if)# shutdown
switch(config-if)# end
Disabling SSH service is not a good idea, as SSH provides secure remote access to the switch. Disabling MAC filtering or port security would weaken the security of the switch, as it would allow any device to connect to any port. MAC filtering and port security are techniques that limit the number of MAC addresses or devices that can access a port.
Reference: Chapter 18. Network
Hardening Techniques – CompTIA Network+ N10-008 Cert Guide, CompTIA Network+ Exam N10-008 – Lesson 19: Applying Network Hardening Techniques, CompTIA Network+ N10-008 | Udemy
A
Explanation:
One of the best practices for network hardening is to disable unneeded switchports. This prevents unauthorized devices from connecting to the network and reduces the attack surface. Disabling unneeded ports also conserves power and bandwidth.
To disable a port on a Cisco switch, the administrator can use the following commands:
switch# configure terminal
switch(config)# interface fastethernet 0/1
switch(config-if)# shutdown
switch(config-if)# end
Disabling SSH service is not a good idea, as SSH provides secure remote access to the switch. Disabling MAC filtering or port security would weaken the security of the switch, as it would allow any device to connect to any port. MAC filtering and port security are techniques that limit the number of MAC addresses or devices that can access a port.
Reference: Chapter 18. Network
Hardening Techniques – CompTIA Network+ N10-008 Cert Guide, CompTIA Network+ Exam N10-008 – Lesson 19: Applying Network Hardening Techniques, CompTIA Network+ N10-008 | Udemy
Question #183
A network manager wants to set up a remote access system for the engineering staff. Access to this system will be over a public IP and secured with an ACL.
Which of the following best describes this system?
- A . VPN
- B . Secure Shell
- C . Jump server
- D . API
Correct Answer: C
C
Explanation:
A jump server is a system that allows remote access to internal devices through a single, secure device on the public network. A jump server can be configured with an access control list (ACL) to limit who can access the system and what devices they can connect to. A jump server can also use secure protocols such as SSH or VPN to encrypt the communication between the remote user and the internal device. A jump server is different from a VPN, which creates a virtual private network between the remote user and the internal network. A jump server is also different from a secure shell, which is a protocol that allows remote command execution and file transfer. An API is an application programming interface that allows software components to interact with each other.
Reference: Other Network Appliances C SY0-601 CompTIA Security+: 3.31
C
Explanation:
A jump server is a system that allows remote access to internal devices through a single, secure device on the public network. A jump server can be configured with an access control list (ACL) to limit who can access the system and what devices they can connect to. A jump server can also use secure protocols such as SSH or VPN to encrypt the communication between the remote user and the internal device. A jump server is different from a VPN, which creates a virtual private network between the remote user and the internal network. A jump server is also different from a secure shell, which is a protocol that allows remote command execution and file transfer. An API is an application programming interface that allows software components to interact with each other.
Reference: Other Network Appliances C SY0-601 CompTIA Security+: 3.31
Question #184
Which of the following is used to track and document various types of known vulnerabilities?
- A . CVE
- B . Penetration testing
- C . Zero-day
- D . SIEM
- E . Least privilege
Correct Answer: A
A
Explanation:
CVE stands for Common Vulnerabilities and Exposures, which is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services. CVE provides a standardized identifier and description for each vulnerability, as well as references to related sources of information. CVE helps to track and document various types of known vulnerabilities and facilitates communication and coordination among security professionals.
Reference: https://partners.comptia.org/docs/default-source/resources/comptia-network-n10-008-exam-objectives-(2-0), https://cve.mitre.org/cve/
A
Explanation:
CVE stands for Common Vulnerabilities and Exposures, which is a list of publicly disclosed cybersecurity vulnerabilities that is free to search, use, and incorporate into products and services. CVE provides a standardized identifier and description for each vulnerability, as well as references to related sources of information. CVE helps to track and document various types of known vulnerabilities and facilitates communication and coordination among security professionals.
Reference: https://partners.comptia.org/docs/default-source/resources/comptia-network-n10-008-exam-objectives-(2-0), https://cve.mitre.org/cve/
Question #185
A user is required to log in to a main web application, which then grants the user access to all other programs needed to complete job-related tasks.
Which of the following authentication methods does this setup describe?
- A . SSO
- B . RADIUS
- C . TACACS+
- D . Multifactor authentication
- E . 802.1X
Correct Answer: A
A
Explanation:
The authentication method that this setup describes is SSO (Single Sign-On). SSO is a technique that allows a user to log in once to a main web application and then access multiple other applications or services without having to re-enter credentials. SSO simplifies the user experience and reduces the number of passwords to remember and manage.
Reference: CompTIA Network+ N10-008 Certification Study Guide, page 371; The Official CompTIA Network+ Student Guide (Exam N10-008), page 14-5.
A
Explanation:
The authentication method that this setup describes is SSO (Single Sign-On). SSO is a technique that allows a user to log in once to a main web application and then access multiple other applications or services without having to re-enter credentials. SSO simplifies the user experience and reduces the number of passwords to remember and manage.
Reference: CompTIA Network+ N10-008 Certification Study Guide, page 371; The Official CompTIA Network+ Student Guide (Exam N10-008), page 14-5.
Question #186
A network technician is responding to an issue with a local company.
To which of the following documents should the network technician refer to determine the scope of the issue?
- A . MTTR
- B . MOU
- C . NDA
- D . SLA
Correct Answer: D
D
Explanation:
SLA stands for Service Level Agreement, and it is a contract that defines the expectations and responsibilities between a service provider and a customer. SLA can specify the quality, availability, and performance metrics of the service, as well as the penalties for non-compliance and the procedures for resolving issues. SLA can help the network technician determine the scope of the issue by providing the baseline and target values for the service, the escalation process and contacts, and the service credits or remedies for the customer45.
CompTIA Network+ N10-008 Cert Guide – Chapter 15: Network Troubleshooting Methodology35: What is a Service Level Agreement (SLA)? | ITIL | AXELOS
D
Explanation:
SLA stands for Service Level Agreement, and it is a contract that defines the expectations and responsibilities between a service provider and a customer. SLA can specify the quality, availability, and performance metrics of the service, as well as the penalties for non-compliance and the procedures for resolving issues. SLA can help the network technician determine the scope of the issue by providing the baseline and target values for the service, the escalation process and contacts, and the service credits or remedies for the customer45.
CompTIA Network+ N10-008 Cert Guide – Chapter 15: Network Troubleshooting Methodology35: What is a Service Level Agreement (SLA)? | ITIL | AXELOS
Question #187
An IT organization needs to optimize speeds for global content distribution and wants to reduce latency in high-density user locations.
Which of the following technologies BEST meets the organization’s requirements?
- A . Load balancing
- B . Geofencing
- C . Public cloud
- D . Content delivery network
- E . Infrastructure as a service
Correct Answer: D
D
Explanation:
A content delivery network (CDN) is a distributed network of servers that delivers web content to users based on their geographic location. By replicating content across multiple servers in various locations, a CDN can optimize speed and reduce latency in high-density user locations.
D
Explanation:
A content delivery network (CDN) is a distributed network of servers that delivers web content to users based on their geographic location. By replicating content across multiple servers in various locations, a CDN can optimize speed and reduce latency in high-density user locations.
Question #188
A technician is tasked with setting up a mail server and a DNS server. The mail port should be secured and have the ability to transfer large files.
Which of the following ports should be opened? (Select TWO).
- A . 22
- B . 53
- C . 110
- D . 389
- E . 995
- F . 3389
Correct Answer: BE
BE
Explanation:
Port 53 is used for DNS, which is a service that translates domain names into IP addresses. Port 995 is used for POP3S, which is a protocol for receiving email messages securely. POP3S supports large file transfers and encryption. Therefore, these two ports should be opened for the mail server and the DNS server project
BE
Explanation:
Port 53 is used for DNS, which is a service that translates domain names into IP addresses. Port 995 is used for POP3S, which is a protocol for receiving email messages securely. POP3S supports large file transfers and encryption. Therefore, these two ports should be opened for the mail server and the DNS server project
Question #189
Which of the following is MOST commonly used to address CVEs on network equipment and/or operating systems?
- A . Vulnerability assessment
- B . Factory reset
- C . Firmware update
- D . Screened subnet
Correct Answer: C
C
Explanation:
Firmware is a type of software that controls the low-level functions of a hardware device, such as a router, switch, printer, or camera. Firmware updates are patches or upgrades that fix bugs, improve performance, add features, or address security vulnerabilities in firmware. Firmware updates are commonly used to address CVEs (Common Vulnerabilities and Exposures) on network equipment and operating systems, as CVEs are publicly known flaws that can be exploited by attackers.
Reference: https://www.comptia.org/blog/what-is-firmware
C
Explanation:
Firmware is a type of software that controls the low-level functions of a hardware device, such as a router, switch, printer, or camera. Firmware updates are patches or upgrades that fix bugs, improve performance, add features, or address security vulnerabilities in firmware. Firmware updates are commonly used to address CVEs (Common Vulnerabilities and Exposures) on network equipment and operating systems, as CVEs are publicly known flaws that can be exploited by attackers.
Reference: https://www.comptia.org/blog/what-is-firmware
Question #190
Which of the following policies outlines the software and hardware requirements for using personally owned devices to conduct business?
- A . DLP
- B . AUP
- C . BYOD
- D . NDA
Correct Answer: C
C
Explanation:
The policy that outlines the software and hardware requirements for using personally owned devices to conduct business is BYOD (Bring Your Own Device). BYOD is a practice that allows employees to use their own devices, such as laptops, tablets, or smartphones, to access corporate resources and applications. BYOD can offer benefits such as increased productivity, flexibility, and satisfaction for employees, as well as reduced costs for employers. However, BYOD also poses challenges and risks, such as security, compatibility, and support issues. Therefore, a BYOD policy is needed to define the rules and expectations for using personal devices in a business environment. A BYOD policy typically covers topics such as device eligibility, security requirements, acceptable use, data ownership, privacy, and liability.
Reference: CompTIA Network+ N10-008 Certification Study Guide, page 362; The Official CompTIA Network+ Student Guide (Exam N10-008), page 14-2.
C
Explanation:
The policy that outlines the software and hardware requirements for using personally owned devices to conduct business is BYOD (Bring Your Own Device). BYOD is a practice that allows employees to use their own devices, such as laptops, tablets, or smartphones, to access corporate resources and applications. BYOD can offer benefits such as increased productivity, flexibility, and satisfaction for employees, as well as reduced costs for employers. However, BYOD also poses challenges and risks, such as security, compatibility, and support issues. Therefore, a BYOD policy is needed to define the rules and expectations for using personal devices in a business environment. A BYOD policy typically covers topics such as device eligibility, security requirements, acceptable use, data ownership, privacy, and liability.
Reference: CompTIA Network+ N10-008 Certification Study Guide, page 362; The Official CompTIA Network+ Student Guide (Exam N10-008), page 14-2.