CompTIA CompTIA Certifications N10-008 Questions & Answers

• Question 871:

  A network technician is implementing a solution that will allow end users to gain access to multiple applications after logging on. Which of the following authentication methods would allow this type of access?

  A. SSO

  B. LDAP

  C. EAP

  D. TACACS+

  Correct Answer: A

  Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

• Question 872:

  Which of the following types of connections would need to be set up to provide access from the internal network to an external network so multiple satellite offices can communicate securely using various ports and protocols?

  A. Client-to-site VPN

  B. Clientless VPN

  C. RDP

  D. Site-to-site VPN

  E. SSH

  Correct Answer: D

  A site-to-site VPN is a type of VPN connection that allows communication between two or more networks. In this case, the internal network of the corporate client would be connected to an external network, such as the internet, using a siteto-site VPN. This would allow the satellite offices to communicate securely with each other and with the headquarters using various ports and protocols.In summary, client-to-site VPN allows a single user to access a network remotely, while site-to-site VPN allows multiple networks to communicate and connect securely as if they were on the same local network.

• Question 873:

  An auditor assessing network best practices was able to connect a rogue switch into a network Jack and get network connectivity. Which of the following controls would BEST address this risk?

  A. Activate port security on the switchports providing end user access.

  B. Deactivate Spanning Tree Protocol on network interfaces that are facing public areas.

  C. Disable Neighbor Resolution Protocol in the Layer 2 devices.

  D. Ensure port tagging is in place for network interfaces in guest areas

  Correct Answer: A

  Activate port security on the switchports providing end user access would BEST address the risk of a rogue switch being connected to the network. Port security limits the number of devices that can connect to a particular switchport, thereby preventing unauthorized devices from connecting to the network. By limiting the number of MAC addresses allowed on each switchport, the network administrator can help prevent rogue devices from connecting and potentially causing security issues.

• Question 874:

  Which of the following compromises internet-connected devices and makes them vulnerable to becoming part of a botnet? (Select TWO)

  A. Deauthentication attack

  B. Malware infection

  C. IP spoofing

  D. Firmware corruption

  E. Use of default credentials

  F. Dictionary attack

  Correct Answer: BE

  an attacker must install malware that opens a backdoor remote connection by using the default credentials.

• Question 875:

  Which of the following would be used when connecting devices that have different physical characteristics?

  A. A proxy server

  B. An industrial control system

  C. A load balancer

  D. A media converter

  Correct Answer: D

  A media converter converts the signal from one media type (e.g., copper Ethernet) to another media type (e.g., fiber Ethernet). Devices that have different physical characteristics (i.e., different Layer 1 mediums) have to use a media converter for proper communication between them.

• Question 876:

  A network client is trying to connect to the wrong TCP port. Which of the following responses would the client MOST likely receive?

  A. RST

  B. FIN

  C. ICMP Time Exceeded

  D. Redirect

  Correct Answer: A

  TCP (Transmission Control Protocol) is a connection-oriented protocol, which means that a connection needs to be established between the client and the server before data can be exchanged. During the connection establishment process, the client sends a SYN (Synchronize) packet to the server, and the server responds with a SYN-ACK (Synchronize-Acknowledge) packet. If the client is trying to connect to the wrong TCP port, the server will not respond with a SYN-ACK packet, and instead, it will send a RST packet to terminate the connection attempt.

• Question 877:

  Which of the following can be used to store various types of devices and provide contactless delivery to users?

  A. Asset tags

  B. Biometrics

  C. Access control vestibules

  D. Smart lockers

  Correct Answer: D

  An access control vestibule is part of a physical access control system that typically provides a space between two sets of interlocking doors. Vestibules are designed to prevent unauthorized individuals from following authorized individuals into facilities with controlled access.

• Question 878:

  Which of the following protocols is widely used in large-scale enterprise networks to support complex networks with multiple routers and balance traffic load on multiple links?

  A. OSPF

  B. RIPv2

  C. QoS

  D. STP

  Correct Answer: A

• Question 879:

  A company wants to add a local redundant data center to its network in case of failure at its primary location. Which of the following would give the LEAST amount of redundancy for the company's network?

  A. Cold site

  B. Hot site

  C. Cloud site

  D. Warm site

  Correct Answer: A

• Question 880:

  A network attack caused a network outage by wiping the configuration and logs of the border firewall. Which of the following sources, in an investigation to determine how the firewall was compromised, can provide the MOST detailed data?

  A. Syslog server messages

  B. MIB of the attacked firewall

  C. Network baseline reports

  D. NetFlow aggregate data

  Correct Answer: A

  Syslog server messages would be the best source to provide the most detailed data in an investigation to determine how the firewall was compromised. Syslog server messages can contain a wealth of information related to network activity, including messages related to firewall activity, such as configuration changes and log messages. In this scenario, reviewing the syslog messages from the firewall prior to the attack could provide insight into the attack method and the source of the attack.