×

Quiz Session - Attempts With Random Questions

CompTIA Network+ (N10-009) Exam Questions

Page 3 of 55

41.

You are evaluating different options for data storage. One option you have exposes a pool of hard disks to clients over the network as one or more logical disks. Which type of data storage is being described?

  • SAN

  • NAS

  • SDN

  • NGFW

Correct answer: SAN

A Storage Area Network (SAN) makes a pool of hard disks accessible to client machines over the network. The SAN can pretend to be one or more logical hard disks and enables clients to read and write blocks of data to these disks.

Network Attached Storage (NAS) provides centralized file storage for clients on the network. It has its own built-in file system and is built specifically for file management with dedicated hardware and software.

SDN stands for Software-Defined Networking and is not a type of data storage.

NGFW stands for Next-Generation Firewall and is not a type of data storage.

42.

How many collision domains does a switch with 12 ports have?

  • 12

  • 6

  • 2

  • 1

Correct answer: 12

A switch, by design, will make each of its ports a unique, singular collision domain. This enables a switch to segment each port so that collisions are nonexistent due to each node communication being on its own personal collision domain. This network still falls under one broadcast domain as routers connect broadcast domains.

The answers 6, 2, and 1 are incorrect.

43.

Which is NOT a typical password policy best practice?

  • Only uppercase and lowercase letters

  • Password expiration

  • Minimum password length

  • Restrictions on the use of proper names

Correct answer: Only uppercase and lowercase letters

A password should contain uppercase and lowercase letters, numbers, and special characters.

Password expiration is one of the recommended password policies below. It's important the passwords are changed regularly to prevent exploitation.

Minimum password length is one of the recommended password policies below. Many administrators set the minimum password at eight characters.

You should not use proper names in a password as these can be easily exploited.

A password policy should include the following:

  • Education for end users
  • Strong password requirements, such as:
    • Minimum password length
    • Restrictions on the use of proper names
    • Password expiration
    • No previously used passwords allowed
    • No words spelled out completely within the password
    • The use of characters from the following groups:
      • Uppercase letters
      • Lowercase letters
      • Numbers
      • Special characters

44.

Which of the following attacks involves a botnet?

  • DDoS attack

  • DoS attack

  • Brute-force attack

  • Smurf attack

Correct answer: DDoS attack

A Distributed Denial-of-Service (DDoS) involves multiple devices which form a botnet. A DDoS attack is designed to overwhelm a target system by having many infected computers (called "bots" or "zombies") send traffic to that system.

A Denial-of-Service (DoS) attack floods a target system with spam requests or exploits an application vulnerability to render the system unable to respond to legitimate requests. A DoS attack comes from a single device.

A brute-force attack is a type of password attack.

A Smurf attack attempts to flood a subnet with ping replies by sending Internet Control Message Protocol (ICMP) traffic to a subnet.

45.

Which protocol is used to allow hosts in a subnet to generate their own IPv6 addresses?

  • Router Advertisement

  • IPv6 Address Request Protocol

  • Dynamic Host Configuration Protocol

  • Address Management Protocol

Correct answer: Router Advertisement

The Router Advertisement protocol allows hosts in a subnet to create their own IPv6 addresses based on their MAC addresses. The router sends out a Router Advertisement (RA) message both in response to a Router Solicitation (RS) request from a host and at regular intervals. This RA message contains a prefix and instructions for using it to create an IPv6 address.

IPv6 Address Request Protocol is a fabricated term.

The Dynamic Host Configuration Protocol (DHCP) is used to assign IP addresses to hosts.

The Address Management Protocol (ARP) is used in IPv4 networks to learn the MAC addresses of other hosts in a subnet.

46.

Electromagnetic interference may be caused by which of the following?

  • Cable placement

  • The MDIX feature

  • A short in a cable

  • An open in a cable

Correct answer: Cable placement

Electromagnetic Interference (EMI) occurs when one wire radiates an electromagnetic field that interferes with current flowing through another wire. Cable placement may impact exposure to EMI if an Ethernet cable is close to another device that radiates EMI, such as high-voltage power cables.

Medium Dependent Interface Crossover (MDIX) is the port configuration for a standard cable, as opposed to MDI, which is the port configuration for a crossover cable.

A short circuit occurs when a faulty connection or damaged wire causes the connection to travel along the wrong path.

An open circuit occurs when the connection is severed due to a broken cable.

47.

A network administrator has just made changes to the DHCP scope in the network environment. They now need the workstation to attempt to get a new DHCP lease. Which of the following would they run FIRST?

  • ipconfig /release

  • ipconfig /renew

  • ipconfig /all

  • ipconfig /flushdns

Correct answer: ipconfig /release

The ipconfig /release command releases a computer's existing DHCP lease, enabling a new lease to be requested with ipconfig /renew.

ParameterDescription
/allDisplays the full TCP/IP configuration for all adapters. Adapters can represent physical interfaces, such as installed network adapters, or logical interfaces, such as dial-up connections.
/displaydnsDisplays the contents of the DNS client resolver cache, which includes both entries preloaded from the local Hosts file and any recently obtained resource records for name queries resolved by the computer. The DNS Client service uses this information to resolve frequently queried names quickly, before querying its configured DNS servers.
/flushdnsFlushes and resets the contents of the DNS client resolver cache. During DNS troubleshooting, you can use this procedure to discard negative cache entries from the cache, as well as any other entries that have been added dynamically.
/registerdnsInitiates manual dynamic registration for the DNS names and IP addresses that are configured at a computer. You can use this parameter to troubleshoot a failed DNS name registration or resolve a dynamic update problem between a client and the DNS server without rebooting the client computer. The DNS settings in the advanced properties of the TCP/IP protocol determine which names are registered in DNS.
/release [<Adapter>]Sends a DHCPRELEASE message to the DHCP server to release the current DHCP configuration and discard the IP address configuration, either for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.
/release6 [<Adapter>]Sends a DHCPRELEASE message to the DHCPv6 server to release the current DHCP configuration and discard the IPv6 address configuration, either for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter disables TCP/IP for adapters configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.
/renew [<Adapter>]Renews DHCP configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available only on computers with adapters that are configured to obtain an IP address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.
/renew6 [<Adapter>]Renews DHCPv6 configuration for all adapters (if an adapter is not specified) or for a specific adapter if the Adapter parameter is included. This parameter is available only on computers with adapters that are configured to obtain an IPv6 address automatically. To specify an adapter name, type the adapter name that appears when you use ipconfig without parameters.

48.

Which of the following solutions is a prerequisite for DAI?

  • DHCP snooping

  • Private VLANs

  • Port security

  • RA Guard

Correct answer: DHCP snooping

Attackers can perform on-path attacks via an ARP poisoning attack. Dynamic ARP Inspection (DAI) uses the DHCP snooping database to detect incorrect or malicious IP and MAC address pairings.

Private VLANs help to implement network segmentation and prevent attackers from moving laterally through an organization's network.

Port security ties switch ports to particular MAC addresses, making it more difficult for an attacker to connect to a switch and gain access to the corporate network.

RA Guard allows an organization to filter out unwanted or malicious Router Advertisement (RA) messages in IPv6 networks.

49.

Which of the following is commonly used for both physical security and multi-factor authentication?

  • Smart cards

  • Asset tags

  • Keys

  • Proximity readers

Correct answer: Smart cards

Smart cards are often used for physical security for access control to restricted areas. They can also serve as a "something you have" factor for Multi-Factor Authentication (MFA).

Keys, asset tags, and proximity readers are all used for physical security, not MFA.

50.

What Spanning Tree Protocol (STP) state observes Bridge Protocol Data Units (BPDUs) to ensure no loops are occurring before transmitting frames?

  • Listening

  • Learning

  • Blocking

  • Forwarding

Correct answer: Listening

There are five different port states in the Spanning Tree Protocol (STP) process:

  • Blocking
  • Listening
  • Learning
  • Forwarding
  • Disabled

A port in a listening state listens to the Bridge Protocol Data Units (BPDUs) to ensure that no loops are occurring before passing the data frames. The data is prepared without the MAC populating the forward/filter table.

Learning ports listen to BPDUs and learn all the paths in the switched network while populating the physical addresses they find into the forward/filter table. A blocked port won't forward any frames at all, it simply listens to the BPDUs which are transmitted across the local area network to detect loops in the networks' topologies. It will drop all other frames. Forwarding ports send and receive all the data frames on the bridged port.

51.

Given the password requirements in the supplemental passage, which of the following would NOT be an acceptable password?

  • AG3o3a4mE0uc

  • 06[^Fi1zXTc1

  • vV7K`4\T=2Rl

  • 0R}n2a<?of24

Correct answer: AG3o3a4mE0uc

Given the password requirements, the password "AG3o3a4mE0uc" would not be an acceptable password because it does not include at least one symbol.

The remaining three answers would be acceptable because they meet all five password requirements.

52.

You are configuring backups for a user's machine. You are interested in creating a complete and comprehensive copy of the data set to ensure data availability. Which of the following backup options would be the BEST choice?

  • Full

  • Differential

  • Incremental

  • Snapshot

Correct answer: Full

A full backup is a full and complete backup of all of the data set. This is the safest and most comprehensive backup option, but it can be time-consuming and costly.

Differential backups start with the last full backup and only contain data that has changed since the last full backup.

Incremental backups only back up data that has changed since the previous backup.

Snapshots are a read-only copy of the data set that is frozen at a point in time.

53.

Which standard incorporates TKIP, 802.1X, AES, and CCMP?

  • 802.11i

  • 802.11be

  • 802.11h

  • 802.11ax

Correct answer: 802.11i

The wireless standard 802.11i incorporates Temporal Key Integrity Protocol (TKIP), 802.1X, Advanced Encryption Standard (AES), and Counter Mode/CBC-Media Access Control (MAC) Protocol (CCMP). The wireless security protocol Wi-Fi Protected Access 2 (WPA2) uses 802.11i.

802.11be is the standard for Wi-Fi 7, which can operate at 6 GHz.

802.11h is the regulatory standard for wireless networks that includes Dynamic Frequency Selection (DFS) and Transmit Power Control (TPC). DFS reduces interference with radars and TPC limits device power.

802.11ax is the standard for Wi-Fi 6, which can operate at 5 GHz, and Wi-Fi 6e, which can operate at 6 GHz.

54.

Which of the following statements regarding asymmetrical encryption is FALSE?

  • Asymmetrical encryption is faster and easier than symmetrical encryption.

  • Asymmetrical encryption is used to issue certificates.

  • Asymmetrical encryption uses a public key and a private key.

  • Asymmetrical encryption uses the Diffie-Hellman algorithm for key exchange.

Correct answer: Asymmetrical encryption is faster and easier than symmetrical encryption.

The statement "Asymmetrical encryption is faster and easier than symmetrical encryption." is false. Asymmetrical encryption is slower and more complex to implement than symmetrical encryption. Asymmetrical encryption deals with two keys rather than one, and it has more complex algorithms than symmetrical encryption.

The statement "Asymmetrical encryption is used to issue certificates." is true.

The statement "Asymmetrical encryption uses a public key and a private key." is true. Symmetrical encryption, on the other hand, uses the same key for encryption and decryption.

The statement "Asymmetrical encryption uses the Diffie-Hellman algorithm for key exchange." is true.

55.

Given the password requirements in the supplemental passage, which of the following would be an acceptable password?

  • Igk&$S4[N5n9

  • &doF23<1dz

  • =M3LW1#55+9X

  • #IpP(YM;t£$l

Correct answer: Igk&$S4[N5n9

The password "Igk&$S4[N5n9" would be acceptable because it meets all five password requirements in the supplemental passage.

The password "&doF23<1dz" would not be acceptable because it has only 10 characters rather than the required 12 characters.

The password "=M3LW1#55+9X" would not be acceptable because it does not have at least one lowercase letter.

The password "#IpP(YM;t£$l" would not be acceptable because it does not include any numbers.

56.

Which of the following is NOT a type of timer in the Hot Standby Router Protocol (HSRP)?

  • Wait

  • Hello

  • Active

  • Hold

Correct answer: Wait

Wait is not a Hot Standby Router Protocol (HSRP) timer.

HSRP is a form of First Hop Redundancy Protocol (FHRP). The four HSRP timers are:

  • Hello timer
  • Hold timer
  • Active timer
  • Standby timer

57.

Of the following, which requires no more and no less than two types of authentication from individuals seeking admission to a network?

  • TFA

  • MFA

  • SSO

  • EAP

Correct answer: TFA

Two-Factor Authentication (TFA) requires a user to present two "factors" or types of authentication material to log in. Factors can be "something you know" (password, etc.), "something you have" (smartcard, smartphone, etc.), or "something you are" (fingerprint, facial recognition, etc.).

Multi-factor authentication is more general than TFA, allowing two or more factors to be used for authentication.

With Single Sign-On (SSO), a user logs in once and then is able to access multiple systems. The SSO system distributes authentication data so that a user does not need to log into each system.

An Extensible Authentication Protocol (EAP) is designed to authenticate a "supplicant" to an "authenticator" and create a shared session key. EAP works with IEEE 802.1X and expands on the protocols used by the Point-to-Point Protocol (PPP). Examples of EAP protocols include Flexible Authentication via Secure Tunneling (EAP-FAST), Message Digest 5 (EAP-MD5), and Transport Layer Security (EAP-TLS).

58.

When ranking trouble tickets, which of the following is the MOST significant?

  • Partial network outage

  • Complete workstation failure

  • Small network outage

  • Partial workstation failure

Correct answer: Partial network outage

It's important to prioritize problems when working trouble tickets. A partial network outage would have a higher priority than a complete workstation failure, a small network outage, or a partial workstation failure.

Trouble tickets should be ranked as follows, from most to least important:

  • Complete network outage (all users affected)
  • Partial network outage (many users affected)
  • Small network outage (few users affected)
  • Complete workstation failure (single user with no productivity)
  • Partial workstation failure (single user with reduced productivity)
  • Minor issue (occasional impacts to productivity)

59.

Which of the following is a unit for measuring the gain of an antenna?

  • dBi

  • iBd

  • iBi

  • dBo

Correct answer: dBi

The gain of an antenna is measured relative to a reference antenna. The two valid units for gain are decibel isotropic (dBi), measured relative to an isotropic antenna, and dBd, measured relative to a dipole antenna.

The term iBd is a fabricated term.

The term iBi may refer to inter-block interference or inter-beam interference, neither of which are units of measurement for antenna power.

The term dBo may be used as an abbreviation for a dual-band omnidirectional antenna by some vendors.

60.

What type of IPv6 address range is FC00::/7?

  • Unique local unicast

  • Global unicast

  • Link-local unicast

  • Multicast

Correct answer: Unique local unicast

Unicast addresses are used to send packets to a particular interface. Unicast addressing exists for both IPv4 and IPv6. Unique local unicast addresses are used within a private network and are in the range FC00::/7.

In IPv6, global unicast addresses are used for internet routing and are in the range 2000::/3.

Link-local addresses are non-routable IPv6 addresses in the FE80::/10 range. They are similar to Automatic Private IP Addressing (APIPA) addresses in IPv4. IPv4 and IPV6 multicast are "one to many" addresses designed to send a packet to multiple different interfaces with a single address.

The multicast range in IPv6 is FF00::/8.

×