CompTIA N10-009 Exam Practice Questions to Pass CompTIA Network+ Exam

Question 1

A company experiences an incident involving a user who connects an unmanaged switch to the network. Which of the following technologies should the company implement to help avoid similar incidents without conducting an asset inventory?

AScreened subnet

B802.1X

CMAC filtering

DPort security

Answer : D

Port security is a Layer 2 security feature that restricts the number of devices connecting to a network switch port. It helps prevent unauthorized devices, such as an unmanaged switch, from being connected to the network.

How Port Security Works:

Limits the number of MAC addresses that can connect to a port.

Can shut down or restrict the port if an unauthorized device is detected.

Prevents users from plugging in unauthorized networking equipment (e.g., unmanaged switches, hubs).

Incorrect Options:

A . Screened Subnet: A screened subnet (DMZ) is used for isolating external-facing servers, not for controlling unauthorized network connections.

B . 802.1X: Provides authentication for devices but requires a RADIUS server, which is a more complex solution than port security.

C . MAC Filtering: Controls which MAC addresses can connect but is difficult to manage and can be spoofed.

CompTIA Network+ N10-009 Official Study Guide -- Chapter on Network Security Controls

Question 2

A network technician is installing a new switch that does not support STP at the access layer of a network. The technician wants a redundant connection to the distribution switch. Which of the following should the technician use?

ALink aggregation

BSubinterfaces

CSwitch virtual interfaces

DHalf-duplex connections

Answer : A

Link aggregation(also known as port channeling or EtherChannel) allows multiple physical connections to act as one logical connection. This avoids loops that would typically be prevented by STP and provides redundancy and increased bandwidth. It's ideal when STP is not available or desirable.

===========

Question 3

Which of the following allows a network administrator to analyze attacks coming from the internet without affecting latency?

AIPS

BIDS

CLoad balancer

DFirewall

Answer : B

An IDS (Intrusion Detection System) is deployed out-of-band, meaning it passively monitors network traffic using a SPAN/mirror port or network tap. It detects and analyzes suspicious traffic without introducing latency since it does not sit in-line.

A . IPS (Intrusion Prevention System) is in-line and can block traffic but may add latency.

C . Load balancer distributes traffic across servers for performance and redundancy, not for threat detection.

D . Firewall filters traffic at the perimeter or internally; it can affect latency but does not provide the same in-depth attack analysis.

Reference (CompTIA Network+ N10-009):

Question 4

A network technician is attempting to harden a commercial switch that was recently purchased. Which of the following hardening techniques best mitigates the use of publicly available information?

AChanging the default password

BBlocking inbound SSH connections

CRemoving the gateway from the network configuration

DRestricting physical access to the switch

Answer : A

Changing the default password is a fundamental step in device hardening, as default credentials are widely known and published online, posing a significant security risk if not updated. The document notes:

''Default passwords are often known by attackers and published on the internet. Changing them to unique, strong passwords is a critical first step in securing network devices against unauthorized access.''

Question 5

A company implements a video streaming solution that will play on all computers that have joined a particular group, but router ACLs are blocking the traffic. Which of the following is the most appropriate IP address that will be allowed in the ACL?

A127.0.0.1

B172.17.1.1

C224.0.0.1

D240.0.0.1

Answer : C

224.0.0.1 is a multicast address that allows packets to be sent to all hosts within a multicast group. Since video streaming often uses multicast to efficiently distribute data to multiple clients without unnecessary duplication, this is the correct answer.

*Why not the other options?

*127.0.0.1 (A) -- This is the loopback address used for internal device testing, not for multicast traffic.

*172.17.1.1 (B) -- This is a private unicast address, meaning it can only send packets to one specific host.

*240.0.0.1 (D) -- This falls within the reserved experimental IP address range and is not used for multicast.

CompTIA Network+ (N10-009) Official Guide -- Chapter 7: IP Addressing and Subnetting

Question 6

Which of the following could provide a lightweight and private connection to a remote box?

ASite-to-site VPN

BTelnet

CConsole

DSecure Shell

Answer : D

Secure Shell (SSH) is a protocol used to securely access remote devices over an unsecured network. It provides encrypted command-line access and is a lightweight and secure method of remote administration.

A . Site-to-site VPN connects entire networks, not just a single host.

B . Telnet is not secure; it transmits data (including credentials) in plaintext.

C . Console access is direct via serial cable, not remote.

Reference:

CompTIA Network+ N10-009 Official Objectives: 2.6 -- Configure and troubleshoot remote access.

Question 7

A network administrator is configuring a new switch and wants to ensure that only assigned devices can connect to the switch. Which of the following should the administrator do?

AConfigure ACLs.

BImplement a captive portal.

CEnable port security.

DDisable unnecessaryservices.

Answer : C

CompTIA Network+ Certification N10-009 Practice Questions