No products in the cart.
CompTIA Network+ (N10-009) Exam Questions
Page 10 of 55
181.
Which of the following controls inbound and outbound traffic to a virtual machine in a VPC?
-
Security group
-
ACL
-
WAF
-
Network firewall
Correct answer: Security group
Security groups are used to control inbound and outbound traffic to resources in a Virtual Private Cloud (VPC), such as virtual machines.
A VPC security group acts as a virtual firewall at the resource level, while Access Control Lists (ACLs) apply controls at the subnet level.
A Web Application Firewall (WAF) applies security controls to applications on Layer 7.
A cloud network firewall is a more comprehensive tool, filtering traffic from multiple sources across the cloud infrastructure.
182.
You need to calculate the throughput of your network connection to a remote website. Which of the following tools should you use?
-
Bandwidth speed tester
-
Protocol analyzer
-
Wi-Fi analyzer
-
iperf
Correct answer: Bandwidth speed tester
A bandwidth speed tester is used to determine the throughput of a network connection to a remote site.
A protocol analyzer or packet capture tool is used to sniff packets flowing over a network.
A Wi-Fi analyzer measures the strength of a wireless network connection.
The utility iperf is designed to determine the maximum achievable bandwidth on a network.
183.
Which type of DoS attack uses an army of bots to target the victim?
-
Distributed
-
Amplified
-
Reflective
-
Horde
Correct answer: Distributed
A Denial of Service (DoS) attack involves overwhelming a network resource with requests to make it unusable. A Distributed DoS (DDoS) uses an army of bots to execute the attack.
An amplified attack uses a third-party server to make DoS requests larger and more impactful. An amplified attack is a type of reflective attack.
A reflective attack is not a direct attack on a victim's computer. A reflective attack uses a third party to attack a network resource.
Horde is not a type of DoS attack.
184.
Which protocol is NOT detected by IoT wireless sensors?
-
Ethernet
-
Bluetooth
-
ANT+
-
NFC
Correct answer: Ethernet
Ethernet is a wired technology. Although it may be used in Internet of Things (IoT) implementation, it would not connect to wireless sensors.
Bluetooth wirelessly connects peripherals (headphones, keyboard, mouse, etc.) to a computer. Bluetooth can also be used to connect industrial devices.
Adaptive Network Topology+ (ANT+) is commonly used for IoT sensors, such as heart rate or blood pressure monitoring. ANT Wireless protocol is an Ultra-Low Power (UPL) technology that can also be used for industrial implementations.
Near-Field Communications (NFC) is used to connect smartphones to nearby devices and is commonly used for tap payment apps (Apple Pay, Google Pay, etc.).
185.
Which of the following Quality of Service (QoS) concepts allows you to control the flow of packets into and out of the network according to the type of packet or similar rules?
-
Traffic shaping
-
Traffic sharing
-
Neighbor discovery
-
Port bonding
Correct answer: Traffic shaping
Traffic shaping can be used to implement Quality of Service (QoS) on advanced routers and switches. Traffic shaping is a bandwidth management process in which the flow of packets into and out of the network is controlled based on the type of packet or other rules.
Traffic sharing is a fabricated term.
Neighbor discovery protocol is used by Internet Protocol version 6 (IPv6) for Stateless Address Autoconfiguration (SLAAC) and IP address resolution.
Port bonding is the aggregation of multiple interfaces into a single logical interface.
186.
Which of the following is a type of router in the Virtual Router Redundancy Protocol?
-
Backup
-
Active
-
Standby
-
Virtual
Correct answer: Backup
In the Virtual Router Redundancy Protocol (VRRP), one router is the primary router and the others are backups.
The other three answers are incorrect. In the Hot Standby Redundancy Protocol (HSRP), there are active, standby, and virtual routers.
Both VRRP and HSRP are First Hop Redundancy Protocols (FHRP).
187.
Of the following, which protocol is used for communications between autonomous systems (ASes)?
-
Border Gateway Protocol (BGP)
-
Open Shortest Path First (OSPF)
-
Routing Information Protocol (RIP)
-
Intermediate System to Intermediate System (IS-IS)
Correct answer: Border Gateway Protocol (BGP)
As an exterior gateway protocol, the Border Gateway Protocol (BGP) is used for communications between autonomous systems.
Open Shortest Path First (OSPF), Routing Information Protocol (RIP), and Intermediate System to Intermediate System (IS-IS) are all interior gateway protocols, which means they're used within an autonomous system.
188.
Which of the following quality of service mechanisms marks packets to impact the behavior of traffic?
-
DiffServ
-
IntServ
-
Best Effort
-
Applied Priority
Correct answer: DiffServ
Differentiated services (DiffServ) mark packets enabling different traffic flows to be treated in different ways. Quality of Service (QoS) is all about prioritizing network traffic. Many QoS approaches are based on DiffServ. QoS deals with problems such as dropped packets, delay, jitter, and errors. You can learn more about differentiated services in IETF RFC 7657, among others.
The three main models for QoS are diffserv, intserv, and best effort. Intserv includes the explicit reservation of resources to manage traffic flow. This method is much more labor-intensive and is not highly scalable. Best effort is the default QoS model. It just means that there is no implementation of any traffic control mechanisms and there is no special treatment for any types of traffic. Applied priority has to do with the classification of network traffic by type and destination to give some traffic higher priority.
189.
Which of the following security best practices ONLY applies to IPv6 networks?
-
RA Guard
-
Port Security
-
Secure SNMP
-
Private VLANs
Correct answer: RA Guard
Router Advertisements (RA) are how neighbor discovery and solicitation are performed by routers in IPv6 networks. RA Guard blocks unwanted or malicious RA messages.
Port security, Secure SNMP, and the use of private Virtual Local Area Networks (VLANs) also apply to IPv4 networks.
Port security is a way to limit the number of MAC addresses that can be assigned to a port.
Security on Simple Network Management Protocol is possible on both IPv4 and IPv6.
Private VLANs are possible on both IPv4 and IPv6.
190.
How many antennas are included in Wi-Fi 6?
-
8
-
4
-
16
-
6
Correct answer: 8
Wi-Fi 6 includes MU-MIMO 8x8. This means that it uses Multi-User, Multiple Input, Multiple Output (MU-MIMO) technology as well as eight antennas with eight transmitters and eight receivers.
Wi-Fi 5 also uses MU-MIMO, but with 4x4 antennas.
The answers 16 and six are incorrect.
191.
Which of the following is a nonproprietary protocol used to gather information about network devices and how they are connected?
-
LLDP
-
LDAP
-
CDP
-
LDP
Correct answer: LLDP
Link Layer Discovery Protocol (LLDP) is a nonproprietary protocol used to gather information about network devices and how they are connected.
Lightweight Directory Access Protocol (LDAP) is a nonproprietary protocol used to organize data and authenticate users.
Cisco Discovery Protocol (CDP) is a proprietary protocol similar to LLDP.
LDP is a fabricated term.
192.
Which of the following is an optical module transceiver?
-
SFP+
-
ANT+
-
OFDM
-
RS-232
Correct answer: SFP+
A Small Form-factor Pluggable (SFP) is a pluggable module transceiver that can be used in either Ethernet or optical data transmission. SFP+ is an enhanced version with speeds up to 16 Gbit/s. Ethernet applications of SFP+ include 10 Gigabit Ethernet and 8 Gbps Fibre Channel. Quad Small Form-factor Pluggable (QSFP) is another compact, hot-pluggable transceiver.
Adaptive Network Topology+ (ANT+) is a wireless protocol used in the Internet of Things (IoT) for short-distance connections.
Orthogonal Frequency Division Multiplexing (OFDM) is a modulation technique used in cellular networks.
RS-232 is an industry standard commonly used in serial cables.
193.
Which of the following terms is used to describe the situation in which a system may remain operational even if one of its components fails?
-
Fault tolerance
-
Multipathing
-
Clustering
-
Load balancing
Correct answer: Fault tolerance
Fault tolerance is the ability of a system to continue operations in the event of a failure of one of its components. Multipathing, clustering, and load balancing are all methods of providing fault tolerance.
Multipathing involves correcting multiple redundant connections between a computer and a storage device.
Clustering is the aggregation of multiple servers into a single logical unit.
Load balancing is the distribution of traffic across multiple servers.
194.
A packet that contains 1600 bytes will cause which of the following network interface errors?
-
Giant
-
Runt
-
CRC error
-
Encapsulation error
Correct answer: Giant
Packets over 1500 bytes are labeled as giants.
Runts are Ethernet frames under 64 octets.
Cyclic Redundancy Check (CRC) errors are caused by data corruption.
Encapsulation errors occur when a router has a Layer 3 packet to forward but lacks part of the necessary Layer 2 header.
195.
Which of the following physical security mechanisms is an authentication factor that is LEAST like the others?
-
Biometrics
-
Key fob
-
Smart card
-
Key
Correct answer: Biometrics
Biometrics is an example of a "something you are" authentication factor.
Key fobs, smart cards, and keys are examples of "something you have" factors.
Authentication factors include:
- Something you know
- Something you are
- Something you have
These factors may be included in Multi-Factor Authentication (MFA).
196.
With Network Address Translation (NAT), there are several different names involved. Which of the following is the NAT IP address that is a public IP address mapped to an inside device?
-
Inside global
-
Inside local
-
Outside local
-
Outside global
Correct answer: Inside global
The addresses used BEFORE network translation with NAT are called local. The addresses used AFTER network translation with NAT are called global. Inside global is the name that you would give to an IP address inside the local network after translation.
For example, the inside local IP address 10.1.1.3 might be translated to an inside global address 170.168.2.4. The first address falls within RFC 1918 private addresses, while the second one is a public address.
The answer inside local is incorrect as that would be a private IP address.
The answer outside local is incorrect as that would be the address given to the outside host before translation.
The answer outside global is incorrect as that would be the name given to the IP address of the outside destination host after translation.
Here are the possible NAT names and their meanings:
- Inside local - Name of the inside source address before translation
- Outside local - Name of the destination host before translation
- Inside global - Name of the inside host after translation
- Outside global - Name of the outside destination host after translation
197.
An attacker grabs a closing door and enters a secure area. What type of attack does this describe?
-
Tailgating
-
Piggybacking
-
Phishing
-
Shoulder surfing
Correct answer: Tailgating
Tailgating occurs when someone follows an authorized employee into a building or room without their knowledge.
Piggybacking and tailgating both involve an attacker gaining access to a secure area by following a legitimate employee through. The difference is that the employee knowingly helps the attacker get in with piggybacking (holding a door, etc.) while tailgating is done without their knowledge or consent (grabbing a door before it closes, etc.).
Phishing is a social engineering attack performed over email, social media, or other messaging platforms. Its goal is to steal sensitive information or plant malware on a device.
Shoulder surfing involves looking over someone's shoulder while they are using a computer to steal sensitive information such as passwords.
198.
A router's forwarding decisions are based primarily on which of the following?
-
Destination IP address
-
Destination MAC address
-
Source IP address
-
Source MAC address
Correct answer: Destination IP address
Routers are Layer 3 devices, therefore, they use the logical network address, IP address, to interpret and determine where packets should be forwarded. Since a router is a gateway to other routed domains, it uses IP addresses to keep track of the other routing points.
Switches make forwarding decisions based on the destination MAC address.
A router would not make a decision based on the source IP address. The forwarding decision answers the question: Where is this packet going?
The source MAC address is incorrect.
199.
A mantrap is designed to protect against which type of attack?
-
Tailgating
-
Piggybacking
-
Phishing
-
Shoulder surfing
Correct answer: Tailgating
Tailgating involves sneaking in after a person with legitimate access. A mantrap limits access to one person at a time. A mantrap is also known as an access control vestibule. These are commonly used in data centers. A security guard will allow a person to enter a mantrap and close the door behind them. Then the door ahead will open, allowing access to the data center.
Piggybacking is the use of someone else's network connection to transfer data.
Phishing involves the use of email to trick the user into disclosing private information.
Shoulder surfing occurs when someone visually surveys your environment to capture private information.
200.
Which social engineering attack exploits sensitive information in paper form?
-
Dumpster diving
-
Spyware
-
Phishing
-
Record scanning
Correct answer: Dumpster diving
Dumpster diving is the attempt to glean sensitive information from material that has been thrown out. This may include banking information, credit card information, or other sensitive material. Everyone should take care to dispose of these kinds of papers properly, such as with a paper shredder.
Spyware is a technology-based form of attack rather than social engineering.
Phishing involves the use of email and other methods to entice victims to share sensitive information.
Record scanning is a fabricated term.