Practice Free N10-008 Exam Online Questions
Question #21
An engineer is designing a network topology for a company that maintains a large on-premises private cloud. A design requirement mandates internet-facing hosts to be partitioned off from the internal LAN and internal server IP ranges.
Which of the following defense strategies helps meet this requirement?
- A . Implementing a screened subnet
- B . Deploying a honeypot
- C . Utilizing network access control
- D . Enforcing a Zero Trust model
Correct Answer: A
A
Explanation:
A screened subnet is a network topology that uses two firewalls to isolate a segment of the network
from both the internal LAN and the internet. The screened subnet, also known as a demilitarized zone (DMZ), hosts the internet-facing servers that need to be accessible from outside the network, such as web servers, mail servers, or DNS servers. The first firewall, also known as the external firewall, filters the traffic between the internet and the DMZ, allowing only the necessary ports and protocols to pass through. The second firewall, also known as the internal firewall, filters the traffic between the DMZ and the internal LAN, allowing only authorized and secure connections to access the internal resources. This way, the screened subnet provides a layer of protection for both the internet-facing hosts and the internal LAN from potential attacks12.
The other options are not defense strategies that help meet the design requirement of partitioning off the internet-facing hosts from the internal LAN and internal server IP ranges. Deploying a honeypot is a deception technique that lures attackers to a fake system or network that mimics the real one, in order to monitor their activities and collect information about their methods and motives. However, a honeypot does not isolate or protect the internet-facing hosts from the rest of the network3. Utilizing network access control is a security method that enforces policies on who or what can access the network resources, based on factors such as identity, role, device type, location, or time. However, network access control does not create a separate segment for the internet-facing hosts from the internal LAN. Enforcing a Zero Trust model is a security paradigm that assumes no trust for any entity inside or outside the network, and requires continuous verification and validation of every request and transaction. However, a Zero Trust model does not necessarily imply a specific network topology or architecture for separating the internet-facing hosts from the internal LAN.
A
Explanation:
A screened subnet is a network topology that uses two firewalls to isolate a segment of the network
from both the internal LAN and the internet. The screened subnet, also known as a demilitarized zone (DMZ), hosts the internet-facing servers that need to be accessible from outside the network, such as web servers, mail servers, or DNS servers. The first firewall, also known as the external firewall, filters the traffic between the internet and the DMZ, allowing only the necessary ports and protocols to pass through. The second firewall, also known as the internal firewall, filters the traffic between the DMZ and the internal LAN, allowing only authorized and secure connections to access the internal resources. This way, the screened subnet provides a layer of protection for both the internet-facing hosts and the internal LAN from potential attacks12.
The other options are not defense strategies that help meet the design requirement of partitioning off the internet-facing hosts from the internal LAN and internal server IP ranges. Deploying a honeypot is a deception technique that lures attackers to a fake system or network that mimics the real one, in order to monitor their activities and collect information about their methods and motives. However, a honeypot does not isolate or protect the internet-facing hosts from the rest of the network3. Utilizing network access control is a security method that enforces policies on who or what can access the network resources, based on factors such as identity, role, device type, location, or time. However, network access control does not create a separate segment for the internet-facing hosts from the internal LAN. Enforcing a Zero Trust model is a security paradigm that assumes no trust for any entity inside or outside the network, and requires continuous verification and validation of every request and transaction. However, a Zero Trust model does not necessarily imply a specific network topology or architecture for separating the internet-facing hosts from the internal LAN.
Question #21
An engineer is designing a network topology for a company that maintains a large on-premises private cloud. A design requirement mandates internet-facing hosts to be partitioned off from the internal LAN and internal server IP ranges.
Which of the following defense strategies helps meet this requirement?
- A . Implementing a screened subnet
- B . Deploying a honeypot
- C . Utilizing network access control
- D . Enforcing a Zero Trust model
Correct Answer: A
A
Explanation:
A screened subnet is a network topology that uses two firewalls to isolate a segment of the network
from both the internal LAN and the internet. The screened subnet, also known as a demilitarized zone (DMZ), hosts the internet-facing servers that need to be accessible from outside the network, such as web servers, mail servers, or DNS servers. The first firewall, also known as the external firewall, filters the traffic between the internet and the DMZ, allowing only the necessary ports and protocols to pass through. The second firewall, also known as the internal firewall, filters the traffic between the DMZ and the internal LAN, allowing only authorized and secure connections to access the internal resources. This way, the screened subnet provides a layer of protection for both the internet-facing hosts and the internal LAN from potential attacks12.
The other options are not defense strategies that help meet the design requirement of partitioning off the internet-facing hosts from the internal LAN and internal server IP ranges. Deploying a honeypot is a deception technique that lures attackers to a fake system or network that mimics the real one, in order to monitor their activities and collect information about their methods and motives. However, a honeypot does not isolate or protect the internet-facing hosts from the rest of the network3. Utilizing network access control is a security method that enforces policies on who or what can access the network resources, based on factors such as identity, role, device type, location, or time. However, network access control does not create a separate segment for the internet-facing hosts from the internal LAN. Enforcing a Zero Trust model is a security paradigm that assumes no trust for any entity inside or outside the network, and requires continuous verification and validation of every request and transaction. However, a Zero Trust model does not necessarily imply a specific network topology or architecture for separating the internet-facing hosts from the internal LAN.
A
Explanation:
A screened subnet is a network topology that uses two firewalls to isolate a segment of the network
from both the internal LAN and the internet. The screened subnet, also known as a demilitarized zone (DMZ), hosts the internet-facing servers that need to be accessible from outside the network, such as web servers, mail servers, or DNS servers. The first firewall, also known as the external firewall, filters the traffic between the internet and the DMZ, allowing only the necessary ports and protocols to pass through. The second firewall, also known as the internal firewall, filters the traffic between the DMZ and the internal LAN, allowing only authorized and secure connections to access the internal resources. This way, the screened subnet provides a layer of protection for both the internet-facing hosts and the internal LAN from potential attacks12.
The other options are not defense strategies that help meet the design requirement of partitioning off the internet-facing hosts from the internal LAN and internal server IP ranges. Deploying a honeypot is a deception technique that lures attackers to a fake system or network that mimics the real one, in order to monitor their activities and collect information about their methods and motives. However, a honeypot does not isolate or protect the internet-facing hosts from the rest of the network3. Utilizing network access control is a security method that enforces policies on who or what can access the network resources, based on factors such as identity, role, device type, location, or time. However, network access control does not create a separate segment for the internet-facing hosts from the internal LAN. Enforcing a Zero Trust model is a security paradigm that assumes no trust for any entity inside or outside the network, and requires continuous verification and validation of every request and transaction. However, a Zero Trust model does not necessarily imply a specific network topology or architecture for separating the internet-facing hosts from the internal LAN.
Question #23
An IT technician is working on a support ticket regarding an unreachable web-site. The technician has utilized the ping command to the website, but the site is still unreachable.
Which of the following tools should the technician use NEXT?
- A . ipconfig
- B . tracert
- C . arp
- D . netstat
Correct Answer: B
B
Explanation:
tracert is a command-line tool that can trace the route of a packet from the source to the destination. It can show the number of hops, the IP address and hostname of each router, and the round-trip time for each hop. tracert can help the technician troubleshoot the unreachable website by identifying where the packet is dropped or delayed along the path. ipconfig is a command-line tool that can display and configure the IP settings of a network interface. arp is a command-line tool that can display and manipulate the Address Resolution Protocol (ARP) cache, which maps IP addresses to MAC addresses. netstat is a command-line tool that can display network connections, routing tables, and statistics.
Reference: CompTIA Network+ Certification Exam Objectives Version 7.0 (N10-007), Objective 2.4:
Given a scenario, use appropriate software tools to troubleshoot connectivity issues.
B
Explanation:
tracert is a command-line tool that can trace the route of a packet from the source to the destination. It can show the number of hops, the IP address and hostname of each router, and the round-trip time for each hop. tracert can help the technician troubleshoot the unreachable website by identifying where the packet is dropped or delayed along the path. ipconfig is a command-line tool that can display and configure the IP settings of a network interface. arp is a command-line tool that can display and manipulate the Address Resolution Protocol (ARP) cache, which maps IP addresses to MAC addresses. netstat is a command-line tool that can display network connections, routing tables, and statistics.
Reference: CompTIA Network+ Certification Exam Objectives Version 7.0 (N10-007), Objective 2.4:
Given a scenario, use appropriate software tools to troubleshoot connectivity issues.
Question #24
A newly installed VoIP phone is not getting the DHCP IP address it needs to connect to the phone system.
Which of the following tasks needs to be completed to allow the phone to operate correctly?
- A . Assign the phone’s switchport to the correct VLAN
- B . Statically assign the phone’s gateway address.
- C . Configure a route on the VoIP network router.
- D . Implement a VoIP gateway
Correct Answer: A
A
Explanation:
A VLAN (Virtual Local Area Network) is a logical grouping of devices that share the same broadcast domain, regardless of their physical location or connection. VLANs can improve network performance, security, and management by separating different types of traffic, such as data, voice, and video1.
A VoIP (Voice over Internet Protocol) phone is a device that uses the Internet to transmit voice calls, instead of the traditional phone lines. VoIP phones require a network connection, an IP address, and a gateway to communicate with other VoIP devices or phone systems2.
A DHCP (Dynamic Host Configuration Protocol) server is a device that automatically assigns IP addresses and other network configuration parameters to devices that request them. DHCP simplifies network administration and avoids IP conflicts3.
A switchport is a physical interface on a switch that connects to a network device, such as a VoIP phone, a computer, or another switch. A switchport can be configured to belong to a specific VLAN or to carry traffic from multiple VLANs4.
A gateway is a device that connects different networks and enables communication between them. A gateway can also perform protocol conversion, such as translating between VoIP and analog signals5. A route is a path that a packet takes to reach its destination. A route consists of a destination network, a next-hop device, and a metric. A router is a device that forwards packets based on their destination IP addresses and the routing table.
In order to allow a newly installed VoIP phone to operate correctly, the network administrator needs to assign the phone’s switchport to the correct VLAN. This will ensure that the phone can communicate with the DHCP server and obtain an IP address that belongs to the same network as the phone system. This will also isolate the voice traffic from the data traffic and improve the quality of service.
Statically assigning the phone’s gateway address is not enough to allow the phone to operate correctly, as the phone still needs an IP address and a subnet mask to communicate with other
devices on the network. Moreover, statically assigning network parameters can be tedious and prone to errors, especially for a large number of devices.
Configuring a route on the VoIP network router is not necessary to allow the phone to operate correctly, as the phone and the phone system are on the same network and do not need to cross any routers. Configuring a route would only be needed if the phone and the phone system were on different networks and needed to communicate through a router.
Implementing a VoIP gateway is not required to allow the phone to operate correctly, as the phone and the phone system are both VoIP devices and use the same protocol. Implementing a VoIP gateway would only be needed if the phone or the phone system needed to communicate with a non-VoIP device or system, such as a traditional phone line or a public switched telephone network (PSTN).
Reference: 1: VLAN
2: VoIP Phone
3: DHCP
4: Switchport
5: Gateway
: [Route]
: [VoIP VLAN Configuration]
: [Static vs Dynamic IP Addressing]
: [Routing Basics]
: [VoIP Gateway]
A
Explanation:
A VLAN (Virtual Local Area Network) is a logical grouping of devices that share the same broadcast domain, regardless of their physical location or connection. VLANs can improve network performance, security, and management by separating different types of traffic, such as data, voice, and video1.
A VoIP (Voice over Internet Protocol) phone is a device that uses the Internet to transmit voice calls, instead of the traditional phone lines. VoIP phones require a network connection, an IP address, and a gateway to communicate with other VoIP devices or phone systems2.
A DHCP (Dynamic Host Configuration Protocol) server is a device that automatically assigns IP addresses and other network configuration parameters to devices that request them. DHCP simplifies network administration and avoids IP conflicts3.
A switchport is a physical interface on a switch that connects to a network device, such as a VoIP phone, a computer, or another switch. A switchport can be configured to belong to a specific VLAN or to carry traffic from multiple VLANs4.
A gateway is a device that connects different networks and enables communication between them. A gateway can also perform protocol conversion, such as translating between VoIP and analog signals5. A route is a path that a packet takes to reach its destination. A route consists of a destination network, a next-hop device, and a metric. A router is a device that forwards packets based on their destination IP addresses and the routing table.
In order to allow a newly installed VoIP phone to operate correctly, the network administrator needs to assign the phone’s switchport to the correct VLAN. This will ensure that the phone can communicate with the DHCP server and obtain an IP address that belongs to the same network as the phone system. This will also isolate the voice traffic from the data traffic and improve the quality of service.
Statically assigning the phone’s gateway address is not enough to allow the phone to operate correctly, as the phone still needs an IP address and a subnet mask to communicate with other
devices on the network. Moreover, statically assigning network parameters can be tedious and prone to errors, especially for a large number of devices.
Configuring a route on the VoIP network router is not necessary to allow the phone to operate correctly, as the phone and the phone system are on the same network and do not need to cross any routers. Configuring a route would only be needed if the phone and the phone system were on different networks and needed to communicate through a router.
Implementing a VoIP gateway is not required to allow the phone to operate correctly, as the phone and the phone system are both VoIP devices and use the same protocol. Implementing a VoIP gateway would only be needed if the phone or the phone system needed to communicate with a non-VoIP device or system, such as a traditional phone line or a public switched telephone network (PSTN).
Reference: 1: VLAN
2: VoIP Phone
3: DHCP
4: Switchport
5: Gateway
: [Route]
: [VoIP VLAN Configuration]
: [Static vs Dynamic IP Addressing]
: [Routing Basics]
: [VoIP Gateway]
Question #25
A network technician is selecting new network hardware, and availability is the main concern.
Which of the following availability concepts should the technician consider?
- A . RTO
- B . MTTR
- C . MTBF
- D . RPO
Correct Answer: A
A
Explanation:
The availability concept that the network technician should consider when selecting new network hardware is RTO (Recovery Time Objective). RTO is a metric that defines the maximum acceptable time for restoring a system or service after a disruption or failure. RTO is based on the impact and cost of downtime for the business and its customers. RTO helps determine the level of redundancy and backup needed for network hardware to ensure high availability and minimize downtime.
Reference: CompTIA Network+ N10-008 Certification Study Guide, page 346; The Official CompTIA Network+ Student Guide (Exam N10-008), page 13-9.
A
Explanation:
The availability concept that the network technician should consider when selecting new network hardware is RTO (Recovery Time Objective). RTO is a metric that defines the maximum acceptable time for restoring a system or service after a disruption or failure. RTO is based on the impact and cost of downtime for the business and its customers. RTO helps determine the level of redundancy and backup needed for network hardware to ensure high availability and minimize downtime.
Reference: CompTIA Network+ N10-008 Certification Study Guide, page 346; The Official CompTIA Network+ Student Guide (Exam N10-008), page 13-9.
Question #26
Which of the following authentication protocols should be used when securing a basic wireless network? (Select two).
- A . WPA2
- B . RDP
- C . WPA
- D . SSL
- E . SNMP
- F . EAP
Correct Answer: AF
AF
Explanation:
WPA2 and EAP are two authentication protocols that can be used to secure a basic wireless network. WPA2 stands for Wi-Fi Protected Access 2 and it is a security standard that provides strong encryption and authentication for wireless networks. WPA2 supports two modes: personal and enterprise. In personal mode, WPA2 uses a pre-shared key (PSK) that is shared among all wireless devices. In enterprise mode, WPA2 uses an authentication server, such as a RADIUS server, to verify the identity of each wireless device. EAP stands for Extensible Authentication Protocol and it is a framework that allows different methods of authentication to be used over wireless networks. EAP works with WPA2 enterprise mode to provide more flexibility and security for wireless authentication. EAP supports various methods, such as EAP-TLS, EAP-FAST, PEAP, and LEAP, that use certificates, passwords, or tokens to authenticate wireless devices.
AF
Explanation:
WPA2 and EAP are two authentication protocols that can be used to secure a basic wireless network. WPA2 stands for Wi-Fi Protected Access 2 and it is a security standard that provides strong encryption and authentication for wireless networks. WPA2 supports two modes: personal and enterprise. In personal mode, WPA2 uses a pre-shared key (PSK) that is shared among all wireless devices. In enterprise mode, WPA2 uses an authentication server, such as a RADIUS server, to verify the identity of each wireless device. EAP stands for Extensible Authentication Protocol and it is a framework that allows different methods of authentication to be used over wireless networks. EAP works with WPA2 enterprise mode to provide more flexibility and security for wireless authentication. EAP supports various methods, such as EAP-TLS, EAP-FAST, PEAP, and LEAP, that use certificates, passwords, or tokens to authenticate wireless devices.
Question #27
A network administrator is configuring a firewall to allow for a new cloud-based email server. The company standard is to use SMTP to route email traffic.
Which of the following ports, by default, should be reserved for this purpose?
- A . 23
- B . 25
- C . 53
- D . 110
Correct Answer: B
B
Explanation:
Port 25, by default, should be reserved for SMTP traffic to allow for a new cloud-based email server. SMTP stands for Simple Mail Transfer Protocol, which is a network protocol that enables email communication between mail servers and clients. SMTP uses port 25 as its default port for sending and receiving email messages over TCP/IP networks. A cloud-based email server is an email server that is hosted on a cloud service provider’s infrastructure, rather than on-premise or in-house. A cloud-based email server can offer advantages such as scalability, reliability, security, and cost-effectiveness. To allow for a new cloud-based email server, a firewall should be configured to open port 25 for SMTP traffic.
Reference: [CompTIA Network+ Certification Exam Objectives],.
What Is SMTP? | Mailtrap Blog, Cloud Email Server:.
What Is It & How Does It Work? | Zoho Mail
B
Explanation:
Port 25, by default, should be reserved for SMTP traffic to allow for a new cloud-based email server. SMTP stands for Simple Mail Transfer Protocol, which is a network protocol that enables email communication between mail servers and clients. SMTP uses port 25 as its default port for sending and receiving email messages over TCP/IP networks. A cloud-based email server is an email server that is hosted on a cloud service provider’s infrastructure, rather than on-premise or in-house. A cloud-based email server can offer advantages such as scalability, reliability, security, and cost-effectiveness. To allow for a new cloud-based email server, a firewall should be configured to open port 25 for SMTP traffic.
Reference: [CompTIA Network+ Certification Exam Objectives],.
What Is SMTP? | Mailtrap Blog, Cloud Email Server:.
What Is It & How Does It Work? | Zoho Mail
Question #28
A network technician is investigating an issue with handheld devices in a warehouse. Devices have not been connecting to the nearest APs, but they have been connecting to an AP on the far side of the warehouse.
Which of the following is the MOST likely cause of this issue?
- A . The nearest APs are configured for 802.11g.
- B . An incorrect channel assignment is on the nearest APs.
- C . The power level is too high for the AP on the far side.
- D . Interference exists around the AP on the far side.
Correct Answer: C
C
Explanation:
The power level is a setting that determines how strong the wireless signal is from an access point (AP). If the power level is too high for an AP on the far side of a warehouse, it can cause interference and overlap with other APs on the same channel or frequency. This can result in handheld devices not connecting to the nearest APs, but connecting to the AP on the far side instead. A technician should adjust the power level of the AP on the far side to reduce interference and improve connectivity.
Reference: https://www.comptia.org/blog/what-is-power-level
C
Explanation:
The power level is a setting that determines how strong the wireless signal is from an access point (AP). If the power level is too high for an AP on the far side of a warehouse, it can cause interference and overlap with other APs on the same channel or frequency. This can result in handheld devices not connecting to the nearest APs, but connecting to the AP on the far side instead. A technician should adjust the power level of the AP on the far side to reduce interference and improve connectivity.
Reference: https://www.comptia.org/blog/what-is-power-level
Question #29
A technician is investigating an intermittent connectivity issue that occurs when specific WAPs are turned on. The technician checks into the issue further and finds the WAPs that are having issues share channel five.
Which of the following is most likely causing the issue?
- A . Polarization
- B . Interference
- C . Incorrect channel
- D . Low power levels
Correct Answer: B
B
Explanation:
The most likely cause of the intermittent connectivity issues when specific Wireless Access Points (WAPs) are turned on and share channel five is interference. Wireless interference occurs when multiple devices operate on the same channel within close proximity to each other, leading to signal congestion and reduced performance. This type of interference can cause the connectivity to be sporadic, as described. Other options like polarization, incorrect channel (since they are on the intended channel), or low power levels would generally not cause intermittent issues strictly when WAPs are turned on.
B
Explanation:
The most likely cause of the intermittent connectivity issues when specific Wireless Access Points (WAPs) are turned on and share channel five is interference. Wireless interference occurs when multiple devices operate on the same channel within close proximity to each other, leading to signal congestion and reduced performance. This type of interference can cause the connectivity to be sporadic, as described. Other options like polarization, incorrect channel (since they are on the intended channel), or low power levels would generally not cause intermittent issues strictly when WAPs are turned on.
Question #30
A fiber link connecting two campus networks is broken.
Which of the following tools should an engineer use to detect the exact break point of the fiber link?
- A . OTDR
- B . Tone generator
- C . Fusion splicer
- D . Cable tester
- E . PoE injector
Correct Answer: A
A
Explanation:
To detect the exact break point of a fiber link, an engineer should use an OTDR (Optical Time Domain Reflectometer). This device sends a series of pulses into the fiber, measuring the time it takes for the pulses to reflect back, and can pinpoint the exact location of the break.
Reference: Network+ N10-007 Certification Exam Objectives, Objective 2.5: Given a scenario, troubleshoot copper cable issues.
FS: OTDR (Optical Time Domain Reflectometer) Testing Principle and Applications
A
Explanation:
To detect the exact break point of a fiber link, an engineer should use an OTDR (Optical Time Domain Reflectometer). This device sends a series of pulses into the fiber, measuring the time it takes for the pulses to reflect back, and can pinpoint the exact location of the break.
Reference: Network+ N10-007 Certification Exam Objectives, Objective 2.5: Given a scenario, troubleshoot copper cable issues.
FS: OTDR (Optical Time Domain Reflectometer) Testing Principle and Applications