×

Quiz Session - Attempts With Random Questions

CompTIA Network+ (N10-009) Exam Questions

Page 7 of 55

121.

A network technician is troubleshooting an issue where a local workstation is attempting to send the communication outside the router instead of within the local network. It appears to be incorrectly concluding that the destination is beyond the router's subnet. Which of the following is MOST LIKELY the cause?

  • Incorrect subnet mask

  • Incorrect default gateway

  • Incorrect DNS configuration

  • Expired IP address

Correct answer: Incorrect subnet mask

In the process of one host attempting to communicate with another host, it will send an Address Resolution Protocol (ARP) request to the destination host to determine the Media Access Control (MAC) address, rather than forwarding the traffic to the default gateway. In this way, a host with an incorrect subnet mask could determine that an address is, incorrectly, outside the subnet and on a remote subnet.

An incorrect default gateway will result in no connectivity to the Internet or any other network.

An incorrect Domain Name System (DNS) configuration can cause internet domain resolution issues.

An expired Internet Protocol (IP) address occurs when the lease on the Dynamic Host Control Protocol (DHCP) server for that address lapses. When this happens, the DHCP server will assign a new IP address.

122.

In what type of diagram would you expect to see protocols, access lists, and addressing schemes?

  • Logical network diagram

  • Physical network diagram

  • Layered network diagram

  • Rack diagram

Correct answer: Logical network diagram

You would expect to see network protocols, configurations, access control lists, and Internet Protocol (IP) addressing schemes in a logical network diagram. Logical changes, such as new subnets or Virtual Local Area Networks (VLANs), should always be updated in logical network diagrams to keep them current.

A physical network diagram shows connectivity between the physical devices in a network, such as routers, switches, servers, and firewalls.

A layered network diagram shows the relationships between the physical, data link, and network layers of the Open Systems Interconnection (OSI) model.

A rack diagram identifies each rack unit along with whatever physical device is installed there. For instance, Rack 12D may contain six devices, with a Storage Area Network (SAN) device installed in rack units 31 and 32. Server racks typically have 42 rack units, each 1.75 inches high.

123.

Of the following, which is considered the MOST secure symmetric encryption?

  • AES

  • DES

  • 3DES

  • RSA

Correct answer: AES

Advanced Encryption Standard (AES) is available in 128-bit key, 192-bit key, and 256-bit key versions.

AES is considered more secure than Data Encryption Standard (DES) and Triple Data Encryption Standard (3DES).

Rivest, Shamir, and Adleman (RSA) is an asymmetric encryption, and therefore not applicable to this question.

124.

Which of the following DNS record types is only used for IPv6?

  • AAAA

  • A

  • CNAME

  • MX

Correct answer: AAAA

An AAAA record is the IPv6 address record, creating mappings between hostnames and IPv6 addresses.

An A record is the IPv4 address record. A canonical name (CNAME) creates an alias of an existing DNS hostname, allowing multiple hostnames to map to the same IP address. A mail exchange record (MX record) identifies the mail server or message transfer agent for a domain.

125.

You are performing a site survey at a client site before installing a new wireless network. Which of the following tools will allow you to find and document all existing wireless networks in the area?

  • Wi-Fi analyzer

  • Protocol analyzer

  • OTDR

  • Dig

Correct answer: Wi-Fi analyzer

A Wi-Fi analyzer, or wireless analyzer, looks for and documents all existing wireless networks in the area. This can be useful both for troubleshooting issues with a wireless network and for conducting site surveys.

A protocol analyzer, such as Wireshark, looks at sniffed packet information to determine what is occurring on a network. An Optical Time-Domain Reflectometer (OTDR) is a hardware tool used to find breaks in a fiber-optic cable. Dig is a command-line tool used to troubleshoot domain name system issues on a macOS, UNIX, or Linux system.

126.

An eager customer service agent has requested access to troubleshooting systems used by the Network Operations Center (NOC). Why was the request denied?

  • Least privilege

  • RBAC

  • IAM

  • NDA

Correct answer: Least privilege

The eager customer service agent was denied access to the Network Operations Center (NOC) troubleshooting systems based on the principle of least privilege. Because network troubleshooting is not part of the agent's job, there is no justification for granting permission to use the tools.

Role-Based Access Control (RBAC) involves granting temporary access to a person or resource based on the role assumed.

Identity and Access Management (IAM) is a broad term encompassing all aspects of controlling access to network resources.

A Non-Disclosure Agreement (NDA) forbids the unauthorized release of confidential information.

127.

What is the term that describes private, dedicated domains on each port of a switch?

  • Collision domains

  • Broadcast domains

  • Anycast domains

  • IP domains

Correct answer: Collision domains

Every port on a switch has its own collision domain, which protects the data from being corrupted by simultaneous transmissions by multiple devices.

A broadcast domain includes all devices on a LAN segment or bridged to other LAN segments that can be reached by a broadcast. Broadcast domains can be divided by routers or VLANs.

Anycast is used in IPv6 and is similar to broadcast in IPv4.

IP domains operate at layer 3, the network layer, while collision domains operate at layer 2, the data link layer.

128.

You need to connect Unshielded Twisted Pair (UTP) cabling to a 110 block. Which tool should you use to complete this task?

  • Punch-down tool

  • Butt set

  • Crimper

  • TAP

Correct answer: Punch-down tool

A punch-down tool is used to connect Unshielded Twisted Pair (UTP) cabling to a 110 block. A punch-down tool has a blunt end that forces the wire into the grooves of the block.

A butt set is used by telephone technicians to check if a line is working. It connects into a punch-down block and can be used to test for a dial tone and to make calls from the line.

A crimper can be used to attach a connector, such as an RJ-45 connector, to the end of a UTP cable.

A Test Access Point (TAP) is used to connect directly to a cable.

129.

A network administrator at a large corporation is attempting to adjust and move some of the IP communication paths within the network. They have made the changes in the router's database but want to verify that the workstations can see the new path. Which of the following commands would they use?

  • route

  • ping

  • nslookup

  • nmap

Correct answer: route

The route command can display the PC's current IP routing table. In addition, the route command can be used to add or delete entries in that routing table.

The ping command is used to determine the reachability of a remote device, not to confirm available routes.

The nslookup command displays DNS information.

The nmap command is used for port scanning.

130.

There are two important concepts when designing a fault-tolerant network. One is to determine which devices are not redundant and could lead to a network outage. This would be referred to as which of the following?

  • Single point of failure

  • No single point of failure

  • NIC teaming

  • NIC bonding

Correct answer: Single point of failure

There are two important concepts when designing a fault-tolerant network:

  • Single point of failure: A Single Point Of Failure (SPOF) is a critical component of a system that, if it fails, brings the rest of the network down with it.
  • No single point of failure: Systems without single points of failure use redundancy (additional network links, switches, routers, etc.) to ensure that no component is essential. However, this design is more expensive to implement.

Network Interface Card (NIC) teaming and bonding refer to combining NICs for hardware redundancy.

131.

After traveling partway to its destination, a packet is dropped. What is the MOST LIKELY cause?

  • TTL exhaustion

  • Invalid MAC address

  • Invalid IP address

  • Invalid port numbers

Correct answer: TTL exhaustion

A packet's Time To Live (TTL) defines the maximum number of hops that it can take to reach its destination. If the TTL is exhausted because the distance is too far, the packet will be dropped.

If the MAC address, IP address, or port number is incorrect, a packet is likely to go to the wrong place. An invalid IP address (i.e., one that doesn't fit the format) is unlikely to be sent at all.

132.

Which of the following provides protection against power outages?

  • UPS

  • STP

  • GBIC

  • PDU

Correct answer: UPS

An Uninterruptible Power Supply (UPS) provides a battery backup that can allow a device to continue operating during a power outage.

The Spanning Tree Protocol (STP) protects against loops in layer 2 networks that have redundant network links.

A Gigabit Interface Converter (GBIC) allows different connectors to be used to plug into a switch port. A GBIC is designed to be easy to insert and remove, making it ideal for troubleshooting.

A Power Distribution Unit (PDU) can be something as simple as a power strip or something with more intelligence. But they do not provide power in case of an outage.

133.

How do rates of data transfer on Ethernet compare to Wi-Fi?

  • Higher

  • Smaller

  • Slower

  • Less reliable

Correct answer: Higher

Wired Ethernet speeds can reach up to 40 Gbps, whereas wireless speeds at their current level can only reach a rate of about 2 Gbps. Wi-Fi 7 promises higher theoretical speeds, but they remain limited because of current implementations.

Data transfer rates would be neither smaller nor slower with Ethernet compared to Wi-Fi.

Ethernet is generally more stable and reliable for data transfer than Wi-Fi.

134.

Which of the following would you typically place in a screened subnet?

  • VoIP

  • File server

  • Database server

  • Application server

Correct answer: VoIP

Since Voice over Internet Protocol (VoIP) servers have regular access to the public Internet, it would be a good idea to place them into a screened subnet, also known as a Demilitarized Zone (DMZ). Screened subnets are situated between the internal private network and the external public Internet, separated by two firewalls.

File servers, database servers, and application servers should all be kept within the internal network, not out on the screened subnet.

135.

The top-to-bottom or bottom-to-top problem-solving approach uses which of the following models?

  • OSI model

  • TCP/IP model

  • MITRE ATT&CK

  • Cyber Kill Chain

Correct answer: OSI model

The top-to-bottom approach works from the application to the physical Layer of the OSI model or vice versa. The bottom-to-top approach works from the physical layer to the application layer.

A similar approach could also be used with the TCP/IP model, however, Network+ defines this approach using the OSI model.

The MITRE ATT&CK framework is a globally available cybersecurity knowledge base. It is not related to the top-to-bottom or bottom-to-top approaches in the Network+ troubleshooting model.

Cyber Kill Chain is a security model that maps the stages of a cyberattack. It is not related to the top-to-bottom or bottom-to-top approaches in the Network+ troubleshooting model.

136.

On a Windows computer, which of the following commands shows information similar to the route print command?

  • netstat -r

  • net -r

  • show ip route

  • netstat route

Correct answer: netstat -r

Both the route print and netstat -r command will display the current routing table on a Windows computer.

The net command in Windows is used to manage network resources but does not show the route table. The command net-r is incorrect.

The show ip route command displays the routing table on a Cisco router, not Windows.

The syntax netstat route is incorrect. The correct syntax is netstat -r.

137.

You have two switches whose duplex settings are the same, but they are not communicating properly. What are they MOST likely set to?

  • Auto

  • Full

  • Half

  • None

Correct answer: Auto

Duplex options on a switch are full, half, and auto, and the two must match for the system to work. If both are set to auto but default to different values (e.g., one full, one half), then the system won't work properly. Despite both sides being set to auto, the auto-negotiation can fail. In this case, the manual configuration of both sides may be in order.

If both sides were manually set to either full or half, the connection should function properly.

"None" is not an option for duplex settings.

138.

Which of the following metrics should be MINIMIZED to satisfy SLA requirements?

  • MTTR

  • MTBF

  • MTTF

  • MTBR

Correct answer: MTTR

Mean Time To Repair (MTTR) is the average amount of time between a component failing and the system being restored to normal operation. It should be minimized to meet customer expectations as defined in the Service Level Agreement (SLA). MTTRs may be dependent on the priority of the fault and the service level purchased by the customer. A priority one issue may have an expected MTTR of hour hours.

Mean Time Between Failures (MTBF) measures the average amount of time between failures of a particular component.

Mean Time To Failure (MTTF) is the average amount of time that a device can be expected to operate before it fails. MTBF is the sum of MTTR and MTTF.

MTBR is a fabricated term.

139.

Which of the following interacts with an Authentication, Authorization, and Accounting (AAA) server and encrypts a complete network packet?

  • TACACS+

  • Kerberos

  • RADIUS

  • CHAP

Correct answer: TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a TCP-based, Cisco-proprietary authentication protocol that uses an Authentication, Authorization, and Accounting (AAA) server. Unlike RADIUS, TACACS+ encrypts the entire packet containing authentication information and has less extensive accounting functionality.

Kerberos is an authentication protocol that uses a trusted third party to authenticate users and distribute tickets that can be used to access other systems and resources. With Kerberos, the client and server mutually authenticate one another.

Remote Authentication Dial-In User Service (RADIUS) is an open standard, UDP-based authentication protocol that relies on an Authentication, Authorization, and Accounting (AAA) server. RADIUS only encrypts the password in an authentication packet and provides better accounting functionality than TACACS+.

The Challenge Handshake Authentication Protocol (CHAP) uses a challenge-response protocol to authenticate a client to a server without sending credentials over the network. This is accomplished with a three-way (challenge, response, acceptance) handshake.

140.

According to the IEEE 802.3 standard, what is the MINIMUM length of an Ethernet frame?

  • 64 octets

  • 64 bits

  • 1500 bits

  • 1500 octets

Correct answer: 64 octets

The minimum length of an Ethernet frame is 64 octets. An octet is a series of eight bits, also known as a byte. Frames smaller than this are referred to as runts and are often caused by collisions or issues with network cards.

The 802.3 Ethernet frame includes the following allocation of 64 bytes as a minimum:

  • Destination MAC address - 6 bytes
  • Source MAC address - 6 bytes
  • Ethertype or length - 2 bytes
  • Payload - 46 bytes (up to 1500)
  • Frame check sequence - 4 bytes

The answers 64 bits, 1500 bits, and 1500 octets are incorrect.

×