×

Quiz Session - Attempts With Random Questions

CompTIA Network+ (N10-008) Exam Questions

Page 10 of 55

181.

Which of the following is NOT a hardening best practice for VLANs?

  • Disable the default VLAN

  • Implement VLAN segmentation

  • Use private VLANs

  • Move switch ports off the default VLAN

Correct answer: Disable the default VLAN

Most switches do not allow the default Virtual Local Area Network (VLAN) to be disabled, and it would not be a good hardening practice.

Implementing network segmentation with VLANs and port security is a good network security practice.

Using private VLANs offers increased network security.

Switch ports can and should be moved off of the default VLAN.

182.

Which authentication protocol authenticates a user to an IdP?

  • SAML

  • RADIUS

  • PEAP

  • SSO

Correct answer: SAML

Security Assertion Markup Language (SAML) is an authentication protocol based on Extensible Markup Language (XML) that authenticates a user to an Identity Provider (IdP). SAML allows users to log into multiple applications with a single set of credentials. SAML is one of the standards used for Single Sign-On (SSO).

Remote Authentication Dial-In User Service (RADIUS) is an authentication protocol that allows for centralized control of user access.

Protected Extensible Authentication Protocol (PEAP) is a form of EAP, which is a framework for port-based access control. Protected EAP performs encryption of EAP with a Transport Layer Security (TLS) tunnel.

Single Sign-On (SSO) is not an authentication protocol. SSO is a method for users to authenticate to multiple applications or websites. SSO uses authentication protocols like SAML, OpenID Connect (OIDC), and Open Authorization 2.0 (OAuth 2.0).

183.

Which type of diagram is MOST LIKELY to display a line labeled "HDMI"?

  • Cable map

  • Rack diagram

  • Logical network diagram

  • Site survey

Correct answer: Cable map

A cable map is a type of wiring diagram that shows in detail how devices are physically connected. A cable might show a High-Definition Multimedia Interface (HDMI) connection between a computer and monitor, or any number of other cable types. While a physical network diagram may contain cabling information, the focus is on the hardware rather than the wiring details.

Rack diagrams show the location of physical devices in a rack.

A logical network diagram shows such things as protocols, configurations, and access lists.

A site survey is a report that shows wireless coverage. It is also referred to as a heat map.

184.

Which of the following BEST describes native VLAN?

  • The VLAN on an IEEE 802.1Q trunk that has no tag bytes

  • An out-of-band management VLAN

  • The VLAN used to identify the virtual port created by an EtherChannel

  • The VLAN on an IEEE 802.1Q trunk that has tag bytes added to each frame

Correct answer: The VLAN on an IEEE 802.1Q trunk that has no tag bytes

The native Virtual Local Area Network (VLAN) is the untagged VLAN in an IEEE 802.1Q trunk, which can carry traffic from multiple VLANs. All other VLANs in the trunk have four tag bytes.

All traffic in a dot1Q trunk is in-band. The answer "an out-of-band management VLAN" is incorrect.

An EtherChannel virtual port does not have a special VLAN type.

A native VLAN on an IEEE 802.1Q trunk does not have tag bytes added to each frame.

185.

Your team believes that a configuration change is required on the network you support. What should you submit?

  • Change request

  • Trouble ticket

  • Email to manager

  • Chat to coworkers

Correct answer: Change request

A change request is used to initiate a change management process to address a configuration issue. The request must then go through an approval process and should include several items for a successful change.

A trouble ticket is typically used for outages and performance issues rather than change management. However, a ticket management system may include change requests.

Informal discussions with managers and coworkers may be in order, but every change should be handled using a change request in the change management system.

186.

A server cluster provides which of the following benefits?

  • Availability

  • Confidentiality

  • Authenticity

  • Integrity

Correct answer: Availability

A computer cluster is made up of a group of tightly connected computers that work together. This technology is often used to ensure availability and to prevent a single device from becoming overworked. This occurs because the computers act as one single system and the traffic is distributed evenly throughout the computers in the cluster.

Confidentiality involves limiting access to information to those who have proper permissions.

Authenticity relates to the validity of information determined because the source or user has been properly identified.

A server cluster will not guarantee any more integrity than a single server.

187.

Data aggregation and correlation are core capabilities of which type of security appliance?

  • SIEM

  • IDS

  • IPS

  • Firewall

Correct answer: SIEM

A Security Information and Event Management (SIEM) solution collects data from various security solutions, aggregates it, and analyzes it.  Types of data collected by a SIEM include:

  • Dashboards
  • Compliance
  • Data aggregation
  • Correlation
  • Data retention

An Intrusion Detection System (IDS) monitors the network for suspicious activity.

An Intrusion Prevention System (IPS) not only monitors the network but also can block attempted attacks.

A firewall allows or denies network traffic from entering or leaving a protected network.

188.

Of the following, which is a constantly evolving document that dictates a set of guidelines for network usage?

  • Security policy

  • Postmortem report

  • Syslog report

  • QoS policy

Correct answer: Security policy

A security policy is a constantly changing document that defines how the operations of security, authorization, and authentication occur.

A postmortem report comes after an incident occurs and defines what occurred and how to prevent it in the future.

A syslog report is a collection of router logs that can be used to determine network activity and whether a breach occurred.

A Quality of Service (QoS) policy comes from a service provider to a customer outlining what they can expect from their service and the level of quality that the provider promises.

189.

Which of the following is NOT a feature of IPsec?

  • Broadcast

  • Integrity

  • Anti-replay

  • Authentication

Correct answer: Broadcast

Internet Protocol Security (IPSec) does not support either IP broadcast or IP multicast.

Integrity, anti-replay, and authentication are all features of IPSec.

IPSec is a key component of Virtual Private Networks (VPNs). IPSec uses two primary security protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP). The five components of ESP are:

  • Confidentiality (encryption)
  • Data Integrity
  • Authentication
  • Anti-Replay Service
  • Traffic flow

As shown above, IPsec fulfills the CIA triad:

  • Confidentiality: Encryption protects the privacy of data and ensures that it cannot be read by anyone without the encryption keys.
  • Integrity: Integrity protections, provided by checksums, ensure that data has not been modified in transit.
  • Authentication: Authentication protections verify the identities of both parties in a conversation.

190.

You need to test network connectivity on a Windows computer using the ping command. Which type of window must you open on the device to run this command?

  • CMD

  • Microsoft Edge

  • Windows Explorer

  • Firefox

Correct answer: CMD

The Packet Internet Groper (PING) command is used in Windows through the Command Processing (CMD) window. The ping command uses Internet Control Message Protocol (ICMP) packets to attempt to communicate with other connected devices via Internet Protocol (IP).

Windows Explorer is now called File Explorer. It is not an environment for running commands.

Microsoft Edge is a browser used for accessing websites on the Internet.

Firefox is another browser used for accessing websites on the Internet.

191.

Computers connected to a Wireless Access Point (WAP) located in the employee breakroom periodically lose their connection when employees are heating up food. What may be the cause?

  • RFI

  • Misconfiguration of wireless parameters

  • Refraction

  • Absorption

Correct answer: RFI

The interference happening with the wireless connection is likely related to Radio Frequency Interference (RFI) created by the microwave when it's in use. Microwaves, along with cordless phones and other similar wireless devices, operate on the 2.4 GHz band and can interfere with the signal of the 2.4 GHz wireless, regardless of the wireless standard. The best resolution in this situation would be to move the wireless AP away from the microwave or to convert the wireless to 5 GHz, which is used in the newest wireless standards such as 802.11n and 802.11ac.

Misconfiguration of wireless parameters is not likely since there is connectivity when the microwave is off.

Refraction is a change in signal on a Radio Frequency (RF) connection.

Absorption occurs when a signal is weakened because it hits some material and is absorbed by it.

192.

Which cloud model offers the greatest scalability and elasticity?

  • Public cloud

  • Private cloud

  • Hybrid cloud

  • Community cloud

Correct answer: Public cloud

In the public cloud, an organization is using a shared infrastructure managed by a cloud service provider, which allows them to expand or contract their cloud deployment as needed. The public cloud also includes on-demand access and pay-as-you-go pricing.

Private, hybrid, and community clouds all use at least some dedicated or customer-owned infrastructure, which limits scalability and elasticity.

193.

Which command will you use to find the current TCP/IP network configuration settings, Dynamic Host Configuration Protocol (DHCP) server IP address, and DHCP lease expiration date on a Windows system?

  • ipconfig

  • telnet

  • tracert

  • ping

Correct answer: ipconfig

On Windows, the ipconfig command allows for the management of IP addresses and DHCP leases, including the ability to release and renew leases.

The telnet remote access protocol is insecure and is no longer recommended for use.

The tracert command on Windows is used to display the network path to a remote destination.

The ping command determines the reachability of a remote device.

194.

Which of the following is a passive social engineering attack intended to collect sensitive information?

  • Shoulder surfing

  • Piggybacking

  • Tailgating

  • Phishing

Correct answer: Shoulder surfing

A passive attack occurs when an attacker watches and waits. Shoulder surfing involves looking over someone's shoulder while they are using a computer to steal sensitive information such as passwords.

Piggybacking and tailgating both involve an attacker gaining access to a secure area by following a legitimate employee through. The difference is that the employee knowingly helps the attacker get in with piggybacking (holding a door, etc.) while tailgating is done without their knowledge or consent (grabbing a door before it closes, etc.).

Phishing is a social engineering attack performed over email, social media, or other messaging platforms. Its goal is to steal sensitive information or plant malware on a device.

195.

A toner probe is also known as which of the following?

  • Fox and hound

  • TDR

  • OTDR

  • Fox tracer

Correct answer: Fox and hound

A toner probe is composed of a tone generator ("fox") and probe ("hound"), which is why it is known as a "fox and hound."

A Time Domain Reflectometer (TDR) is used to measure reflected electrical pulses on electrical lines. An Optical Time Domain Reflectometer (OTDR) performs similar measurements of optical pulse on a fiber line. A toner probe may be referred to as a fox and hound tracer, but not simply a fox tracer.

196.

Which of the following uses an active or passive tag that stores data that can be read without line-of-sight?

  • RFID

  • NFC

  • 802.11

  • IR

Correct answer: RFID

Radio-Frequency Identification (RFID) is used by proximity-sensing smartcards. Tags can be passive or active and store information that can be read by an RFID reader, which does not require line-of-sight to the tag.

Near-Field Communications (NFC) is used to connect smartphones to nearby devices and is commonly used for tap payment apps (Apple Pay, Google Pay, etc.).

802.11 is Wi-Fi and is used by many Internet of Things (IoT) devices, such as smart lights.

Infrared (IR) signals are used by TV remotes and use a plastic lens to focus the beam.

197.

Which cloud service model enables an end user's applications and data to be hosted securely within a cloud data center?

  • DaaS

  • SaaS

  • PaaS

  • IaaS

Correct answer: DaaS

Desktop as a Service (DaaS) hosts end users' desktops (including data and applications) within a cloud data center.

Software as a Service (SaaS) provides customers with access to applications developed and hosted by the cloud provider. Platform as a Service (PaaS) offers a managed environment for an organization's applications. Infrastructure as a Service (IaaS) provides a platform for a customer to install their own operating system.

198.

A software developer would like to use the cloud to generate code without dealing with any infrastructure. Which cloud service model would meet that requirement?

  • PaaS

  • HaaS

  • NaaS

  • SaaS

Correct answer: PaaS

Platform as a Service (PaaS) is a service-based model where a service provider gives customers access to a managed environment in which they can deploy code without worrying about managing the environment themselves.

Hardware as a Service (HaaS) is a service-based model for leasing hardware components.

Network as a Service (NaaS) offerings enable a company to lease virtualized network infrastructure from their service provider.

Software as a Service (SaaS) provides customers with access to software solutions (such as Google Docs or Microsoft 365) under a service-based model.

199.

Of the following, which is used to retrieve email from an email server on port 110?

  • POP3

  • IMAP4

  • TLS

  • SSL

Correct answer: POP3

The Post Office Protocol version 3 (POP3) is used to retrieve and download email from an email server. It downloads the complete message and removes it from the server.

POP3 differs from Internet Message Access Protocol version 4 (IMAP4) primarily by how it operates and by the port it operates on. IMAP4 provides greater control over messages, along with enhanced security.

Transport Layer Security (TLS) and Secure Socket Layer (SSL) are both encryption and security protocols not used for email.

200.

You are in the process of configuring a network in a new office building. One room in the building has been designated to house one of the secondary telecommunications connection points for the campus. What is that connection point called?

  • IDF

  • MDF

  • NIU

  • Demarc

Correct answer: IDF

The Intermediate Distribution Frame (IDF) serves as a secondary point for telecommunication lines in a building or campus. An IDF may connect to multiple devices in the surrounding area. There may be multiple IDFs that connect to a Main Distribution Frame (MDF).

The MDF stores the combination of the demarc (demarcation point), telephone cross-connects, and Local Area Network (LAN) cross-connects. There may be multiple IDFs in one building, but there is likely only one MDF.

A Network Interface Unit (NIU) is a device such as a modem supplied by an Internet Service Provider (ISP).

A demarc is where the connections from the outside world enter a building.

×