CompTIA CNX-001 Exam Practice Test Instant Access

Question 1

A network architect is working on a new network design to better support remote and on-campus workers. Traffic needs to be decrypted for inspection in the cloud but is not required to go through the company's data center. Which of the following technologies best meets these requirements?

ASecure web gateway

BTransit gateway

CVirtual private network

DIntrusion prevention system

ENetwork access control system

Answer : A

A cloud-delivered Secure Web Gateway can terminate and decrypt user HTTPS sessions directly in the cloud for policy enforcement and inspection without hair-pinning traffic back through the data center.

Question 2

A network administrator is configuring firewall rules to lock down the network from outside attacks. Which of the following should the administrator configure to create the most strict set of rules?

AURL filtering

BFile blocking

CNetwork security group

DAllow List

Answer : D

By explicitly permitting only known, approved traffic and blocking everything else by default, an allow-list policy enforces the strictest firewall posture.

Question 3

A company is experiencing numerous network issues and decides to expand its support team. The new junior employees will need to be onboarded in the shortest time possible and be able to troubleshoot issues with minimal assistance. Which of the following should the company create to achieve this goal?

AStatement of work documenting what each junior employee should do when troubleshooting

BClearly documented runbooks for networking issues and knowledge base articles

CPhysical and logical network diagrams of the entire networking infrastructure

DA mentor program for guiding each junior employee until they are familiar with the networking infrastructure

Answer : B

Runbooks provide step-by-step troubleshooting procedures, and a solid knowledge base captures known issues and resolutions. Together they let new team members ramp up quickly and resolve common network problems with minimal hand-holding.

Question 4

End users are getting certificate errors and are unable to connect to an application deployed in a cloud. The application requires HTTPS connection. A network solution architect finds that a firewall is deployed between end users and the application in the cloud. Which of the following is the root cause of the issue?

AThe firewall on the application server has port 443 blocked.

BThe firewall has port 443 blocked while SSL/HTTPS inspection is enabled.

CThe end users do not have certificates on their laptops.

DThe firewall has an expired certificate while SSL/HTTPS inspection is enabled.

Answer : D

When SSL inspection is turned on, the firewall intercepts and re-signs HTTPS traffic with its own certificate. If that certificate has expired, end users will see certificate errors even though port 443 is open and the backend application's certificate is valid.

Question 5

A company hosts a cloud-based e-commerce application and only wants the application accessed from certain locations. The network team configures a cloud firewall with WAF enabled, but users can access the application globally. Which of the following should the network team do?

AReconfigure WAF rules.

BConfigure a NAT gateway.

CImplement a CDN.

DConfigure geo-restriction.

Answer : D

Geo-restriction lets you block or allow traffic based on the requester's geographic region, preventing access from locations you haven't authorized.

Question 6

A company provides an API that runs on the public cloud for its customers. A fixed number of VMs host the APIs. During peak hours, the company notices a spike in usage that results in network communication speeds slowing down for all customers. The management team has decided that access for all customers should be fair and accessible at all times. Which of the following is the most cost-effective way to address this issue?

AUse an allow list for customers using APIs.

BIncrease the number of VMs running APIs.

CEnable throttling on APIs.

DIncrease the MTU on the VMs.

Answer : C

Implementing request throttling (rate limiting) lets you cap how many requests each customer can make per time unit. This ensures no single user can saturate the API servers, providing fair access across all customers without the recurring costs of adding more VMs.

Question 7

A company is transitioning from on premises to a hybrid environment. Due to regulatory standards, the company needs to achieve a high level of reliability and high availability for the connection between its data center and the cloud provider. Which of the following solutions best meets the requirements?

AEstablish a Direct Connect with the cloud provider and peer to two different VPCs in the cloud network.

BEstablish a Direct Connect with the cloud provider and a redundant connection with a VPN over the internet.

CEstablish two Direct Connect connections to the cloud provider using two different suppliers.

DEstablish a VPN with two tunnels to a transit gateway at the cloud provider.

Answer : C

By provisioning two dedicated Direct Connect circuits from separate carriers (diverse physical paths and providers), you achieve a true highly available, fault-tolerant link that meets stringent reliability and regulatory requirements without relying on the public internet.

CompTIA CNX-001 CompTIA CloudNetX Certification Exam Practice Test