Practice Free N10-008 Exam Online Questions
Question #211
A false camera is installed outside a building to assist with physical security.
Which of the following is the device assisting?
- A . Detection
- B . Recovery
- C . Identification
- D . Prevention
Correct Answer: D
D
Explanation:
A false camera is a dummy device that looks like a real camera but does not actually record or transmit any video. It is used to deter potential intruders or attackers from entering or damaging a building by creating the illusion of surveillance. Therefore, it is a preventive measure that aims to reduce the likelihood or impact of a security breach. It is not a detection, recovery, or identification tool, as it does not alert, restore, or recognize any security incidents.
Reference: [CompTIA Network+ N10-008 Certification Study Guide], Chapter 6: Network Security, Section 6.1:
Physical Security, pp. 317-318
[Professor Messer’s CompTIA N10-008 Network+ Course Notes], Section 6.1: Physical Security, p. 79 [Professor Messer’s CompTIA N10-008 Network+ Training Course], Video 6.1: Physical Security, 5:25 minutes
D
Explanation:
A false camera is a dummy device that looks like a real camera but does not actually record or transmit any video. It is used to deter potential intruders or attackers from entering or damaging a building by creating the illusion of surveillance. Therefore, it is a preventive measure that aims to reduce the likelihood or impact of a security breach. It is not a detection, recovery, or identification tool, as it does not alert, restore, or recognize any security incidents.
Reference: [CompTIA Network+ N10-008 Certification Study Guide], Chapter 6: Network Security, Section 6.1:
Physical Security, pp. 317-318
[Professor Messer’s CompTIA N10-008 Network+ Course Notes], Section 6.1: Physical Security, p. 79 [Professor Messer’s CompTIA N10-008 Network+ Training Course], Video 6.1: Physical Security, 5:25 minutes
Question #212
A network technician is configuring a wireless access point and wants to only allow company-owned devices to associate with the network. The access point uses PSKs, and a network authentication system does not exist on the network.
Which of the following should the technician implement?
- A . Captive portal
- B . Guest network isolation
- C . MAC filtering
- D . Geofencing
Correct Answer: C
C
Explanation:
MAC filtering is a method of allowing only company-owned devices to associate with the network by using their MAC addresses as identifiers. A MAC address is a unique identifier assigned to each network interface card (NIC) by the manufacturer. MAC filtering can be configured on the wireless access point to allow or deny access based on the MAC address of the device. This way, only devices with known MAC addresses can connect to the network.
Reference: https://www.comptia.org/training/books/network-n10-008-study-guide (page 323)
C
Explanation:
MAC filtering is a method of allowing only company-owned devices to associate with the network by using their MAC addresses as identifiers. A MAC address is a unique identifier assigned to each network interface card (NIC) by the manufacturer. MAC filtering can be configured on the wireless access point to allow or deny access based on the MAC address of the device. This way, only devices with known MAC addresses can connect to the network.
Reference: https://www.comptia.org/training/books/network-n10-008-study-guide (page 323)
Question #213
A network administrator wants to know which systems on the network are at risk of a known vulnerability.
Which of the following should the administrator reference?
- A . SLA
- B . Patch management policy
- C . NDA
- D . Site survey report
- E . CVE
Correct Answer: E
E
Explanation:
A Common Vulnerabilities and Exposures (CVE) is a publicly available database of known security vulnerabilities and exposures that affect various software and hardware products. A CVE entry provides a standardized identifier, a brief description, and references to related sources of information for each vulnerability or exposure. A network administrator can reference the CVE database to check if any of the systems on the network are affected by a known vulnerability, and if so, what are the potential impacts and mitigations.
A Service Level Agreement (SLA) is a contract between a service provider and a customer that defines the expected level and quality of service, such as availability, performance, and security. An SLA does not provide information on specific vulnerabilities or exposures affecting the systems or services.
A Patch Management Policy is a set of rules and procedures that govern how patches are applied to systems and software to fix bugs, improve functionality, or address security issues. A patch management policy can help prevent or reduce the risk of vulnerabilities or exposures, but it does not provide information on specific vulnerabilities or exposures affecting the systems or software. A Non-Disclosure Agreement (NDA) is a legal contract between two or more parties that prohibits the disclosure of confidential or proprietary information to unauthorized parties. An NDA does not provide information on specific vulnerabilities or exposures affecting the systems or information. A Site Survey Report is a document that summarizes the results of a physical inspection and assessment of a network site, such as the layout, infrastructure, equipment, and environmental conditions. A site survey report can help identify and resolve potential network issues, such as interference, signal strength, or coverage, but it does not provide information on specific vulnerabilities or exposures affecting the network devices or software. Reference
What is CVE?
What is a Service Level Agreement (SLA)?
Guide to Enterprise Patch Management Planning
NDA, MSA, SOW and SLA. Confidentiality agreements when you outsource QA Site Survey Report
E
Explanation:
A Common Vulnerabilities and Exposures (CVE) is a publicly available database of known security vulnerabilities and exposures that affect various software and hardware products. A CVE entry provides a standardized identifier, a brief description, and references to related sources of information for each vulnerability or exposure. A network administrator can reference the CVE database to check if any of the systems on the network are affected by a known vulnerability, and if so, what are the potential impacts and mitigations.
A Service Level Agreement (SLA) is a contract between a service provider and a customer that defines the expected level and quality of service, such as availability, performance, and security. An SLA does not provide information on specific vulnerabilities or exposures affecting the systems or services.
A Patch Management Policy is a set of rules and procedures that govern how patches are applied to systems and software to fix bugs, improve functionality, or address security issues. A patch management policy can help prevent or reduce the risk of vulnerabilities or exposures, but it does not provide information on specific vulnerabilities or exposures affecting the systems or software. A Non-Disclosure Agreement (NDA) is a legal contract between two or more parties that prohibits the disclosure of confidential or proprietary information to unauthorized parties. An NDA does not provide information on specific vulnerabilities or exposures affecting the systems or information. A Site Survey Report is a document that summarizes the results of a physical inspection and assessment of a network site, such as the layout, infrastructure, equipment, and environmental conditions. A site survey report can help identify and resolve potential network issues, such as interference, signal strength, or coverage, but it does not provide information on specific vulnerabilities or exposures affecting the network devices or software. Reference
What is CVE?
What is a Service Level Agreement (SLA)?
Guide to Enterprise Patch Management Planning
NDA, MSA, SOW and SLA. Confidentiality agreements when you outsource QA Site Survey Report
Question #214
An engineer recently installed a new distribution switch and connected two servers provisioned with the following IPs: 192.168.17.20 and 192.168.17.30. The servers cannot connect to the Internet, but they can reach themselves.
The engineer observes that the distribution switch has the following setup:
The engineer is able to reach the core router 192.168.17.1 from the distribution switch.
Which of the following is the most likely cause of this issue?
- A . A routing loop has occurred.
- B . The subne1 mask is Incorrect.
- C . The servers are not configured with default gateway.
- D . There is an improper Layer 1 connection between the router and the ISP modem.
Correct Answer: C
C
Explanation:
The servers can communicate with each other but not the internet, indicating local network connectivity is fine. The distribution switch’s VLAN and IP configuration are correct, and the engineer can reach the core router, suggesting the issue is not with the switch or the router. The most likely cause is that the servers do not have a default gateway configured, which is necessary for traffic to leave the local network and reach the internet.
C
Explanation:
The servers can communicate with each other but not the internet, indicating local network connectivity is fine. The distribution switch’s VLAN and IP configuration are correct, and the engineer can reach the core router, suggesting the issue is not with the switch or the router. The most likely cause is that the servers do not have a default gateway configured, which is necessary for traffic to leave the local network and reach the internet.
Question #214
An engineer recently installed a new distribution switch and connected two servers provisioned with the following IPs: 192.168.17.20 and 192.168.17.30. The servers cannot connect to the Internet, but they can reach themselves.
The engineer observes that the distribution switch has the following setup:
The engineer is able to reach the core router 192.168.17.1 from the distribution switch.
Which of the following is the most likely cause of this issue?
- A . A routing loop has occurred.
- B . The subne1 mask is Incorrect.
- C . The servers are not configured with default gateway.
- D . There is an improper Layer 1 connection between the router and the ISP modem.
Correct Answer: C
C
Explanation:
The servers can communicate with each other but not the internet, indicating local network connectivity is fine. The distribution switch’s VLAN and IP configuration are correct, and the engineer can reach the core router, suggesting the issue is not with the switch or the router. The most likely cause is that the servers do not have a default gateway configured, which is necessary for traffic to leave the local network and reach the internet.
C
Explanation:
The servers can communicate with each other but not the internet, indicating local network connectivity is fine. The distribution switch’s VLAN and IP configuration are correct, and the engineer can reach the core router, suggesting the issue is not with the switch or the router. The most likely cause is that the servers do not have a default gateway configured, which is necessary for traffic to leave the local network and reach the internet.
Question #216
Which of the following should be used to associate an IPv6 address with a domain name?
- A . AAAA
- B . A
- C . SOA
- D . TXT
Correct Answer: A
A
Explanation:
An AAAA record is a type of DNS record that maps a domain name to an IPv6 address. It is similar to an A record, which maps a domain name to an IPv4 address, but it uses a 128-bit address instead of a 32-bit one. An AAAA record allows a domain name to be resolved by both IPv4 and IPv6 clients, and it is necessary for accessing websites and services that use IPv6.
A
Explanation:
An AAAA record is a type of DNS record that maps a domain name to an IPv6 address. It is similar to an A record, which maps a domain name to an IPv4 address, but it uses a 128-bit address instead of a 32-bit one. An AAAA record allows a domain name to be resolved by both IPv4 and IPv6 clients, and it is necessary for accessing websites and services that use IPv6.
Question #217
Users in a branch can access an ln-house database server, but II is taking too long to fetch records. The analyst does not know whether the Issue is being caused by network latency.
Which of the following will the analyst MOST likely use to retrieve the metrics that are needed to resolve this issue?
- A . SNMP
- B . Link state
- C . Syslog
- D . QoS
- E . Traffic shaping
Correct Answer: A
A
Explanation:
Network latency is the amount of time it takes for a packet to travel from its source to its destination, measured in milliseconds1.
High network latency can cause slow performance, packet reordering, and network congestion1. To resolve network latency issues, the analyst needs to measure and monitor various network metrics, such as latency, jitter, packet loss, throughput, and error rate1.
SNMP (Simple Network Management Protocol) is a protocol that allows network devices to exchange management information and report network statistics2.
SNMP can be used to retrieve network metrics from routers, switches, servers, firewalls, and other network devices2.
SNMP uses a manager-agent model, where the manager is a software application that queries the agents on the network devices, and the agents are software components that respond to the manager’s requests2.
SNMP can also use traps or notifications, where the agents send unsolicited messages to the manager when certain events or thresholds are met2.
SNMP can help the analyst identify the source and extent of network latency, as well as troubleshoot and optimize network performance2.
Link state is a routing protocol that maintains a map of the network topology and calculates the best path to each destination3. It is not a tool for measuring network metrics or resolving network latency issues.
Syslog is a protocol that allows network devices to send log messages to a centralized server for analysis and reporting. It can provide useful information for network troubleshooting, but it is not a tool for measuring network metrics or resolving network latency issues.
QoS (Quality of Service) is a set of techniques that prioritize network traffic based on its type, source,
destination, and other criteria. It can help improve network performance and reduce network
latency, but it is not a tool for measuring network metrics or resolving network latency issues.
Traffic shaping is a technique that controls the rate and volume of network traffic to optimize bandwidth usage and prevent network congestion. It can help improve network performance and reduce network latency, but it is not a tool for measuring network metrics or resolving network latency issues.
Reference:
1: 19 Network Metrics: How to Measure Network Performance
2: Using SNMP to Monitor Network Devices
3: Link State Routing Protocol
[4]: Syslog Protocol
[5]: Quality of Service (QoS)
[6]: Traffic Shaping
A
Explanation:
Network latency is the amount of time it takes for a packet to travel from its source to its destination, measured in milliseconds1.
High network latency can cause slow performance, packet reordering, and network congestion1. To resolve network latency issues, the analyst needs to measure and monitor various network metrics, such as latency, jitter, packet loss, throughput, and error rate1.
SNMP (Simple Network Management Protocol) is a protocol that allows network devices to exchange management information and report network statistics2.
SNMP can be used to retrieve network metrics from routers, switches, servers, firewalls, and other network devices2.
SNMP uses a manager-agent model, where the manager is a software application that queries the agents on the network devices, and the agents are software components that respond to the manager’s requests2.
SNMP can also use traps or notifications, where the agents send unsolicited messages to the manager when certain events or thresholds are met2.
SNMP can help the analyst identify the source and extent of network latency, as well as troubleshoot and optimize network performance2.
Link state is a routing protocol that maintains a map of the network topology and calculates the best path to each destination3. It is not a tool for measuring network metrics or resolving network latency issues.
Syslog is a protocol that allows network devices to send log messages to a centralized server for analysis and reporting. It can provide useful information for network troubleshooting, but it is not a tool for measuring network metrics or resolving network latency issues.
QoS (Quality of Service) is a set of techniques that prioritize network traffic based on its type, source,
destination, and other criteria. It can help improve network performance and reduce network
latency, but it is not a tool for measuring network metrics or resolving network latency issues.
Traffic shaping is a technique that controls the rate and volume of network traffic to optimize bandwidth usage and prevent network congestion. It can help improve network performance and reduce network latency, but it is not a tool for measuring network metrics or resolving network latency issues.
Reference:
1: 19 Network Metrics: How to Measure Network Performance
2: Using SNMP to Monitor Network Devices
3: Link State Routing Protocol
[4]: Syslog Protocol
[5]: Quality of Service (QoS)
[6]: Traffic Shaping
Question #218
A security engineer wants to provide a secure, dedicated, alternate access method into an IT network infrastructure to administer connected devices and IT assets.
Which of the following is the engineer most likely to implement?
- A . Remote desktop gateway
- B . Authentication and authorization controls
- C . Out-of-band management
- D . Secure Shell
Correct Answer: C
C
Explanation:
Out-of-band management is a method of accessing network devices and IT assets through a dedicated channel that is separate from the normal data traffic. This provides a secure and alternate way to administer the network infrastructure, especially in case of failures or emergencies. Remote desktop gateway is a service that allows remote access to desktops and applications on a network. Authentication and authorization controls are mechanisms that verify the identity and permissions of users and devices on a network. Secure Shell is a protocol that encrypts the communication between a client and a server on a network.
C
Explanation:
Out-of-band management is a method of accessing network devices and IT assets through a dedicated channel that is separate from the normal data traffic. This provides a secure and alternate way to administer the network infrastructure, especially in case of failures or emergencies. Remote desktop gateway is a service that allows remote access to desktops and applications on a network. Authentication and authorization controls are mechanisms that verify the identity and permissions of users and devices on a network. Secure Shell is a protocol that encrypts the communication between a client and a server on a network.
Question #219
A SaaS provider has decided to leave an unpatched VM available via a public DMZ port.
With which of the following concepts is this technique MOST closely associated?
- A . Insider threat
- B . War driving
- C . Evil twin
- D . Honeypot
Correct Answer: D
D
Explanation:
A honeypot is a decoy system that is intentionally left vulnerable or exposed to attract attackers and divert them from the real targets. A honeypot can also be used to collect information about the attackers’ techniques and motives. In the scenario, the SaaS provider has left an unpatched VM available via a public DMZ port, which could be a honeypot technique to lure attackers and monitor their activities.
Reference: https://www.comptia.org/blog/what-is-a-honeypot
D
Explanation:
A honeypot is a decoy system that is intentionally left vulnerable or exposed to attract attackers and divert them from the real targets. A honeypot can also be used to collect information about the attackers’ techniques and motives. In the scenario, the SaaS provider has left an unpatched VM available via a public DMZ port, which could be a honeypot technique to lure attackers and monitor their activities.
Reference: https://www.comptia.org/blog/what-is-a-honeypot
Question #220
A network administrator received complaints of intermittent network connectivity issues. The administrator investigates and finds that the network design contains potential loop scenarios.
Which of the following should the administrator do?
- A . Enable spanning tree.
- B . Configure port security.
- C . Change switch port speed limits.
- D . Enforce 802. IQ tagging.
Correct Answer: A
A
Explanation:
Spanning tree is a protocol that prevents network loops by dynamically disabling or enabling switch ports based on the network topology. Network loops can cause intermittent connectivity issues, such as broadcast storms, MAC address table instability, and multiple frame transmission. By enabling spanning tree, the network administrator can ensure that there is only one active path between any two network devices at any given time.
Reference: CompTIA Network+ N10-008 Certification Exam Objectives, page 91 CompTIA Network+ Cert Guide: Switching and Virtual LANs, page 172
A
Explanation:
Spanning tree is a protocol that prevents network loops by dynamically disabling or enabling switch ports based on the network topology. Network loops can cause intermittent connectivity issues, such as broadcast storms, MAC address table instability, and multiple frame transmission. By enabling spanning tree, the network administrator can ensure that there is only one active path between any two network devices at any given time.
Reference: CompTIA Network+ N10-008 Certification Exam Objectives, page 91 CompTIA Network+ Cert Guide: Switching and Virtual LANs, page 172