CompTIA CNX-001 Exam Practice Test Instant Access

Question 1

A network architect needs to design a solution to ensure every cloud environment network is built to the same baseline. The solution must meet the following requirements:

Use automated deployment.

Easily update multiple environments.

Share code with a community of practice.

Which of the following are the best solutions? (Choose two.)

ACI/CD pipelines

BPublic code repository

CDeployment runbooks

DPrivate code repository

EAutomated image deployment

FDeployment guides

Answer : A, B

CI/CD pipelines: Automate the provisioning and configuration of network baselines across all environments, and make it easy to roll out updates consistently.

Public code repository: Enables your community of practice to collaborate, review, and contribute to shared IaC modules and templates, while making updates discoverable and reusable.

Question 2

A large commercial enterprise that runs a global video streaming platform recently acquired a small business that serves customers in a geographic area with limited connectivity to the global telecommunications infrastructure. The executive leadership team issued a mandate to deliver the highest possible video streaming quality to all customers around the world. Which of the following solutions should the enterprise architect suggest to meet the requirements?

AServe the customers in the acquired area with a highly compressed version of content.

BUse a geographically weighted DNS solution to distribute the traffic.

CDeploy multiple local load balancers in the newly added geographic area.

DUtilize CDN for all customers regardless of geographic location.

Answer : D

A global Content Delivery Network caches and serves video streams from edge nodes close to end users, minimizing latency and packet loss over limited backhaul links and ensuring the highest possible quality everywhere. By offloading traffic to a CDN, even customers in regions with constrained connectivity will receive optimized streams from the nearest POP rather than traversing the congested core network.

Question 3

Throughout the day, a sales team experiences videoconference performance issues when the accounting department runs reports. Which of the following is the best solution?

ARunning the accounting department's reports outside of business hours

BUsing a load balancer to split the video traffic evenly

CConfiguring QoS on the corporate network switches

DIncreasing the throughput on the network by purchasing high-end switches

Answer : C

By implementing Quality of Service rules, you can prioritize videoconference packets over the bulk data transfers generated by accounting reports, ensuring consistent call quality without disrupting either department's workflows.

Question 4

A network administrator is configuring firewall rules to lock down the network from outside attacks. Which of the following should the administrator configure to create the most strict set of rules?

AURL filtering

BFile blocking

CNetwork security group

DAllow List

Answer : D

By explicitly permitting only known, approved traffic and blocking everything else by default, an allow-list policy enforces the strictest firewall posture.

Question 5

A customer asks a MSP to propose a ZTA design for its globally distributed remote workforce. Given the following requirements:

Authentication should be provided through the customer's SAML identity provider.

Access should not be allowed from countries where the business does not operate.

Secondary authentication should be added to the workflow to allow for passkeys.

Changes to the user's device posture and hygiene should require reauthentication into the network.

Access to the network should only be allowed to originate from corporate-owned devices.

Which of the following solutions should the MSP recommend to meet the requirements?

AEnforce certificate-based authentication.
Permit unauthenticated remote connectivity only from corporate IP addresses.
Enable geofencing.
Use cookie-based session tokens that do not expire for remembering user log-ins.
Increase RADIUS server timeouts.

BEnforce posture assessment only during the initial network log-on.
Implement RADIUS for SSO.
Restrict access from all non-U.S. IP addresses.
Configure a BYOD access policy.
Disable auditing for remote access.

CChain the existing identity provider to a new SAML.
Require the use of time-based one-time passcode hardware tokens.
Enable debug logging on the VPN clients by default.
Disconnect users from the network only if their IP address changes.

DConfigure geolocation settings to block certain IP addresses.
Enforce MFA.
Federate the solution via SSO.
Enable continuous access policies on the WireGuard tunnel.
Create a trusted endpoints policy.

Answer : D

Federate the solution via SSO ensures authentication is handled by the customer's SAML identity provider.

Enforce MFA supports secondary authentication with passkeys.

Configure geolocation settings to block certain IP addresses prevents access from unauthorized countries.

Enable continuous access policies on the WireGuard tunnel forces re-authentication whenever device posture or hygiene changes.

Create a trusted endpoints policy restricts access to corporate-owned devices only.

Question 6

A network security administrator needs to set up a solution to:

Gather all data from log files in a single location.

Correlate the data to generate alerts.

Which of the following should the administrator implement?

ASyslog

BEvent log monitoring

CLog management

DSIEM

Answer : D

A Security Information and Event Management system centralizes log collection from disparate sources and applies correlation rules to generate actionable alerts.

Question 7

A network architect is working on a new network design to better support remote and on-campus workers. Traffic needs to be decrypted for inspection in the cloud but is not required to go through the company's data center. Which of the following technologies best meets these requirements?

ASecure web gateway

BTransit gateway

CVirtual private network

DIntrusion prevention system

ENetwork access control system

Answer : A

A cloud-delivered Secure Web Gateway can terminate and decrypt user HTTPS sessions directly in the cloud for policy enforcement and inspection without hair-pinning traffic back through the data center.

CompTIA CloudNetX Certification CNX-001 Exam Practice Test