CompTIA CompTIA Certifications N10-008 Questions & Answers

• Question 151:

  A client wants to increase overall security after a recent breach. Which of the following would be best to implement? (Choose two.)

  A. Least privilege network access

  B. Dynamic inventories

  C. Central policy management

  D. Zero-touch provisioning

  E. Configuration drift prevention

  F. Subnet range limits

  Correct Answer: AC

  Least privilege network access: Implementing the principle of least privilege ensures that users and systems have only the minimum levels of access or permissions necessary to perform their functions. This helps to limit the potential impact of security breaches. Central policy management: Centralized policy management allows for consistent application of security policies across the entire network. This ensures that security settings are centrally configured, monitored, and enforced, reducing the likelihood of misconfigurations or oversights that could lead to security vulnerabilities.

  While all the options listed can contribute to overall security, the two mentioned above are particularly effective in controlling access and managing security policies, which are crucial aspects of post-breach security measures.

• Question 152:

  A network administrator wants to know which systems on the network are at risk of a known vulnerability. Which of the following should the administrator reference?

  A. SLA

  B. Patch management policy

  C. NDA

  D. Site survey report

  E. CVE

  Correct Answer: E

• Question 153:

  A network engineer is upgrading an existing edge gateway. The company currently uses a router and needs to be able to filter on all OSI layers. Which of the following should the engineer use to upgrade the gateway?

  A. NGFW

  B. Proxy

  C. Layer 3 switch

  D. Load balancer

  Correct Answer: A

  NGFW (Next-Generation Firewall): NGFWs are advanced security devices that go beyond traditional firewalls. They provide filtering and inspection capabilities at multiple OSI layers, including application-layer filtering, intrusion prevention, and advanced threat protection. NGFWs are designed to offer more sophisticated and comprehensive security features compared to traditional routers.

• Question 154:

  Which of the following passwords would provide the best defense against a brute-force attack?

  A. ThisIsMyPasswordForWork

  B. Qwerty!@#$

  C. Password!1

  D. T5!8j5

  Correct Answer: D

• Question 155:

  Which of the following is most likely to be implemented to actively mitigate intrusions on a host device?

  A. HIDS

  B. NIDS

  C. HIPS

  D. NIPS

  Correct Answer: C

  HIPS is designed to operate on individual host devices (like workstations, servers, etc.) and can actively prevent and mitigate intrusions. It not only detects malicious activities but also has the capability to automatically take action against these threats, such as blocking network traffic or quarantining malware.

• Question 156:

  A user took a laptop on a trip and made changes to the network parameters while at the airport. The user can access all internet websites but not corporate intranet websites. Which of the following is the most likely cause of the issue?

  A. Duplicate IP address

  B. Duplicate SSID

  C. Incorrect DNS

  D. Incorrect subnet mask

  Correct Answer: C

• Question 157:

  Which of the following best describe the functions of Layer 2 of the OSI model? (Choose two.)

  A. Local addressing

  B. Error preventing

  C. Logical addressing

  D. Error detecting

  E. Port addressing

  F. Error correcting

  Correct Answer: AE

• Question 158:

  A network administrator wants to implement an authentication process for temporary access to an organization's network. Which of the following technologies would facilitate this process?

  A. Captive portal

  B. Enterprise authentication

  C. Ad hoc network

  D. WPA3

  Correct Answer: A

  A captive portal is a technology that facilitates the authentication process for temporary access to a network. It is commonly used in public Wi-Fi hotspots, hotels, airports, and other environments where temporary network access is provided. When users connect to the network, they are redirected to a captive portal page where they must authenticate or agree to terms and conditions before gaining access to the internet or other network resources.

• Question 159:

  Which of the following would be best suited for use at the access layer in a three-tier architecture system?

  A. Router

  B. Multilayer switch

  C. Layer 2 switch

  D. Access point

  Correct Answer: B

  Layer 2 switches can (and do) reside at the access layer, BUT multilayer switches are used at the access layer to efficiently manage local traffic within a network segment while also allowing for inter-VLAN routing.

• Question 160:

  Following the implementation of a BYOD policy, some users in a high-density environment report slowness over the wireless connection. Some wireless controller reports indicate high latency and airttime contention. Which of the following is the most probable root cause?

  A. The AP is configured with 2.4GHz frequency, which the new personal devices do not support.

  B. The AP is configured with 2.4GHz frequency without band-steering capabilities.

  C. The AP is configured with 5Ghz frequency with band-steering capabilities.

  D. The AP is configured with 5Ghz frequency, which the new personal devices do not support

  Correct Answer: B

  In high-density environments, using the 2.4GHz frequency without band-steering capabilities can lead to increased interference and contention, as many devices may be trying to use the same frequency. Band-steering helps distribute devices between 2.4GHz and 5GHz frequencies, optimizing the use of available spectrum and reducing contention.