CompTIA Network+ (N10-008) Exam Questions

Correct answer: A temporary assignment of an IP address to a client

A Dynamic Host Configuration Protocol (DHCP) lease temporarily assigns an Internet Protocol (IP) address to a client.

A DHCP reservation creates a mapping of an IP address to a Media Access Control (MAC) address (more permanent than a lease).

A DHCP option defines parameters for IP addresses.

A DHCP scope is the set of IP addresses that a DHCP server can assign to clients.

Correct answer: MX

A Mail Exchange (MX) record is used to map a domain name for use in an email server.

A Start Of Authority (SOA) record provides authoritative information about a DNS zone.

To map a hostname to an IPv4 address, an Address (A) record is used.

An Address (AAAA) record is the IPv6 version used to map an IPv6 address to a hostname.

Correct answer: MIB

In order for your Network Management System (NMS) to recognize a new device with a Simple Network Management Protocol (SNMP), you will need to install a specific Management Information Base (MIB) for the device. MIBs give the NMS information about managed resources, such as data types and configuration.

An SNMP agent is a piece of software installed on a network device that sends messages to the NMS.

A Security Information and Event Management (SIEM) system is used to detect and analyze security threats.

An SNMP trap is a type of log message based on a network event.

Correct answer: EIRP

Effective Isotropic Radiated Power (EIRP) is a measure of how much power an antenna can emit.

Polarization, omnidirectional, and unidirectional have to do with the direction of an antenna, not its power.

Polarization is the direction in which an antenna sends a signal.

Omnidirectional antennas send signals in all directions.

Unidirectional antennas emit signals in a particular direction.

Correct answer: RJ-45

The RJ-45 connector is the most ubiquitous connection for Ethernet, especially in the home. Store-bought Ethernet cables come with the connector, though it is possible to make your own when purchasing the cable and connectors in bulk.

The F connector, or F-type connector, is used to attach coaxial cables commonly used in cable TV or video connections.

An RJ-11 connector has four wires and it's commonly used to connect phones.

A DB-9 connector is used for computer peripheral devices.

Correct answer: Contain

Incident response phases are discussed in NIST SP 800-61. Typical incident response plans include the following phases:

• Prepare: This stage is designed to position an organization to manage a potential incident properly. Incident responders should know how to identify an incident, have a plan to recover and restore normal operations, and have security policies in place.
• Identify: This phase kicks off the response to a particular incident by identifying the incident.
• Contain: Containment is intended to limit the spread of an infection or other security incident. This involves ensuring that mission-critical systems remain online and diagnosing the current state of any affected systems, computers, or networks.
• Eradicate: Once the scope of the incident has been determined and the incident is contained, the incident response team can focus on removing the intrusion from affected systems.
• Recover: Once affected systems have been cleaned, they can be restored to normal operation. This step commonly involves ongoing testing and recertification of affected devices.
• Review: During this stage, the incident response team performs a retrospective to identify potential room for improvement in all previous stages of the process. For example, new security policies may be needed to address a new threat or the incident response plan may require tweaks to improve efficiency or communication.

Correct answer: FHRP

Both Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router Protocol (HSRP) are examples of a First Hop Redundancy Protocol (FHRP). VRRP is an open standard while HSRP is Cisco proprietary. An FHRP uses a virtual Internet Protocol (IP) address to allow multiple routers to respond to requests.

Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate multiple protocols.

FRHP is a misspelling of FHRP.

Interior routing protocols include Open Shortest Path First (OSPF), Routing Information Protocol (RIP), and Intermediate System to Intermediate System (IS-IS).

Correct answer: 802.1Q

802.1Q is a standard method for frame tagging. It is used to identify a Virtual Local Area Network (VLAN). It is a way to differentiate traffic based on VLAN. Port tagging, or VLAN tagging, is another way to separate traffic based on VLAN.

Inter-Switch Link (ISL) is a Cisco proprietary method of Ethernet frame tagging, much like 802.1Q.

802.1X is used to control access on an internal network. 802.1X commonly authenticates with a Remote Authentication Dial-In User Service (RADIUS) server.

802.3u is the Ethernet standard for 100BASE-T Fast Ethernet.

Correct answer: Selecting a destination address based on the closest routing distance

Anycast addressing is designed to deliver a packet to the IPv6 address with the shortest routing distance.

Anycast identifies multiple interfaces but delivers packets to only one address, so the answer "sends packets to multiple addresses" would be incorrect.

The answer "delivers packets to one interface specifically" is incorrect. That would be true of unicast, not anycast.

Link-local addresses are non-routable IPv6 addresses in the FE80::/10 range. They are similar to Automatic Private IP Addressing (APIPA) addresses in IPv4.

Correct answer: Multiprotocol Label Switching

Multiprotocol Label Switching (MPLS) is a switching mechanism that puts labels on data and then uses those labels to forward the data when it reaches the MPLS network.

The other three responses are incorrect.

Correct answer: IP spoofing

Internet Protocol (IP) spoofing is typically used to bypass Access Control Lists (ACLs). It is also used in Denial of Service (DoS) attacks. IP spoofing is not an on-path attack because it does not intercept data between a client and a server.

Address Resolution Protocol (ARP) spoofing, also known as ARP poisoning, allows an attacker to intercept data on a Local Area Network (LAN). It involves the attacker sending fake ARP messages into the network.

With Dynamic Host Configuration Protocol (DHCP) spoofing, the attacker responds to DHCP requests after intercepting them on a network. The goal is to pose as a fake DHCP or Domain Name System (DNS) server.

With DNS spoofing or DNS poisoning, the attacker intercepts traffic to alter the DNS cache.

ARP spoofing, DHCP spoofing, and DNS spoofing are all forms of on-path attack.

Correct answer: Stateful

A firewall uses a set of predefined rules to determine if traffic should be permitted to enter or leave a protected network or be blocked from doing so. Stateful firewalls keep track of the state of a network session, enabling it to permit legitimate packets from a session but block packets that are not valid in context, such as a TCP SYN/ACK without a preceding SYN. Stateful firewalls can be used to permit outbound connections while blocking inbound ones.

Packet filtering firewalls inspect packet headers and permit or deny traffic based on predefined rules such as permitting certain IP addresses or protocols. Packet filtering is performed by both stateless and stateful firewalls.

A perimeter network or screened subnet hosts servers that should be accessible from the public internet (web, email, etc.). The perimeter firewall allows legitimate protocols for these services (HTTP, SMTP, etc.) to come through but blocks others.

Network Address Translation (NAT) converts internal, private IP addresses to publicly routable IP addresses at the network boundary. This allows a many-to-one relationship between internal and external addresses.

Correct answer: Layer 3

The transport layer is Layer 4 of the Open Systems Interconnection (OSI) model. Layer 4 packets will be encapsulated within Layer 3 packets.

In the transmission of data over a network, information (in the form of Protocol Data Units, or PDUs) passes through succeeding layers of the OSI model from the origin to the destination. Encapsulation or de-encapsulation of PDUs occurs between each layer. Data that starts at Layer 7, the application layer, will become encapsulated into datagrams, and information will move downward through each layer of the process. At the destination, the reverse process will occur, from the physical layer to the application layer.

In other words, datagrams are encapsulated into packets, which are then encapsulated into frames. Frames are encapsulated into bits and the data is then sent to the destination where de-encapsulation occurs.

The seven layers of the OSI model with their associated PDUs are:

• Layer 7 - Application - Datagrams
• Layer 6 - Presentation Datagrams
• Layer 5 - Session - Datagrams
• Layer 4 - Transport - Segments
• Layer 3 - Network - Packets
• Layer 2 - Data link - Frames
• Layer 1 - Physical - Bits

Correct answer: Root bridge

The root bridge is the root of the spanning tree domain. All of its ports are forwarding and in the designated state.

In a non-root switch, a designated port in STP is one that has been selected as the primary forwarding port for a particular LAN segment. All other ports on that LAN segment become blocked ports.

Designated bridge, alternate bridge, and gateway bridge are fabricated terms and do not exist in STP.

Correct answer: A

To map a hostname to an IPv4 address, an Address (A) record is used.

An AAAA record is the IPv6 version of an address record, used to map an IPv6 address to a hostname.

A Mail Exchange (MX) record is used to map a domain name for use in an email server.

A Start Of Authority (SOA) record provides authoritative information about a DNS zone.

Correct answer: SIP

Session Initiation Protocol (SIP) is a signaling protocol that supports VoIP gateways to transmit voice traffic. Voice over Internet Protocol (VoIP) transmits voice data (i.e., phone calls) over an IP network. When combined with data and video transfer, this is called Unified Communications (UC). Other protocols that support VoIP gateways include Media Gateway Control Protocol (MGCP) and Lightweight Telephony Protocol (LTP).

Software-Defined Networking (SDN) uses software controllers for network infrastructure.

Plain Old Telephone System (POTS) is another name for the traditional analog phone network.

Spanning Tree Protocol (STP) stops loops in a network.

Correct answer: RFID

Radio Frequency Identification (RFID) can use passive tags that don't require power and store information that can be read by an RFID reader.

Near-Field Communication (NFC), Bluetooth, and 802.11 all require power on both the sending and receiving devices.

Correct answer: Nmap

Nmap is a popular port scanning tool. It can determine if a port is open on a device or if a port is blocked by a firewall.

The netstat command shows network statistics on a Windows PC.

The nslookup command is used to display Domain Name System (DNS) information.

The ipconfig command shows Internet Protocol (IP) configuration information.

Correct answer: They are less urgent and usually provide more information

With syslog, the higher the level, the less critical the alert and the more information it provides. For example, log level 7 is debugging, which is non-critical and highly informative.

The answer "they are more urgent and usually provide more information" is incorrect. Higher levels are less urgent.

The answer "they are less urgent and usually provide less information" is incorrect. Severity levels with a higher number usually provide more information.

The answer "they are more urgent and usually provide less information" is incorrect. Higher-number severity levels are less urgent.

Here are the syslog levels:

• Severity 0 - Emergency
• Severity 1 - Alert
• Severity 2 - Critical
• Severity 3 - Error
• Severity 4 - Warning
• Severity 5 - Notification
• Severity 6 - Information
• Severity 7 - Debugging

Correct answer: Absorption

Absorption occurs when a material is converting a signal's energy into heat. Concrete can have a serious impact on signal strength due to the amount of energy it absorbs.

Reflection is the bending of a Radio Frequency (RF) signal and may be caused by windows, glass, or mirrors.

Scattering is unlikely to occur as a result of a concrete wall and is more likely to occur due to chain-link fences or smog.

Radio Frequency Interference (RFI) occurs when devices use the same frequency as the wireless network. Such devices may include microwaves, baby monitors, or game consoles.