CompTIA N10-009 Online Practice Questions and Exam Preparation

CompTIA N10-009 Online Questions & Answers

• Question 571:

  SIMULATION You have been tasked with implementing an ACL on the router that will:

  1.Permit the most commonly used secure remote access technologies from the management network to all other local network segments

  2.Ensure the user subnet cannot use the most commonly used remote access technologies in the Linux and Windows Server segments.

  3.Prohibit any traffic that has not been specifically allowed.

  INSTRUCTIONS

  Use the drop-downs to complete the ACL

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  A. See the answer and solution below.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the answer and solution below.

  ---

  Explanation

  

• Question 572:

  Due to concerns around single points of failure, a company decided to add an additional WAN to the network. The company added a second MPLS vendor to the current MPLS WAN and deployed an additional WAN router at each site. Both MPLS providers use OSPF on the WAN network, and EIGRP is run internally. The first site to go live with the new WAN is successful, but when the second site is activated, significant network issues occur.

  Which of the following is the most likely cause for the WAN instability?

  A. A changed CDP neighbor
  B. Asymmetrical routing
  C. A switching loop
  D. An incorrect IP address
  B. Asymmetrical routing

  ---

  Explanation

  Asymmetrical routing occurs when packets take different paths to and from the destination, leading to instability in network communication. The use of two different MPLS providers with OSPF can lead to this type of routing issue, especially if the paths aren't carefully configured and managed. This can cause unexpected routing behaviors and instability in a dual-WAN setup. (Reference: CompTIA Network+ Study Guide, Chapter on Network Routing)

• Question 573:

  Which of the following is the best use case for PAT?

  A. Using BGP for internet routing
  B. Using a single public IP
  C. Using redundant internet service providers
  D. Using a dual-stack IP scheme
  B. Using a single public IP

  ---

  Explanation

  The correct choice is B. Using a single public IP. PAT (Port Address Translation) is a form of NAT that allows many internal private IP addresses to share one public IP address by tracking sessions with port numbers. This is one of the most common edge-network designs for homes, small offices, and many enterprise branch environments.

  The reason PAT is so useful is that it conserves public IPv4 addresses. Internal hosts keep their private addressing, and when they access external resources, the firewall or router translates those connections so they appear to come from one public address, while still keeping each session unique through port mapping.

  The other options are unrelated to PAT's primary purpose. BGP is a routing protocol for route exchange between networks. Redundant ISPs deal with resiliency and multihoming, not port-based address translation. A dual-stack IP scheme means running IPv4 and IPv6 together, which is separate from the NAT/PAT function.

  This question is really asking what situation most naturally calls for PAT. When an organization wants multiple internal devices to reach the internet without assigning each device its own public IPv4 address, PAT is the standard solution. That makes using a single public IP the best answer.

• Question 574:

  Which of the following most directly secures sensitive information on a network?

  A. Data-in-transit encryption
  B. Principle of least privilege
  C. Role-based access controls
  D. Multifactor authentication
  A. Data-in-transit encryption

  ---

  Explanation

  The option that most directly secures sensitive information on the network is data-in-transit encryption. This ensures that data packets are unreadable to attackers who intercept them while moving across the network. Protocols such as TLS, HTTPS, IPsec, and SSH protect confidentiality and integrity of sensitive information.

  Option B: Principle of least privilege (PoLP) secures access control but does not directly protect data in motion.

  Option C: Role-based access control (RBAC) enforces permissions but again does not secure the data while transmitted.

  Option D: Multifactor authentication (MFA) strengthens identity verification but does not directly protect the data itself once transmitted.

  Thus, while all options contribute to overall security, encryption of data-in-transit most directly addresses protection of sensitive information on the network.

  References:

  Domain: Network Security -- Encryption methods, confidentiality, data-in-transit protection.

• Question 575:

  Which of the following focuses on application delivery?

  A. DaaS
  B. IaaS
  C. SaaS
  D. PaaS
  C. SaaS

• Question 576:

  Voice traffic is experiencing excessive jitter. A network engineer wants to improve call performance and clarity.

  Which of the following features should the engineer configure?

  A. QoS
  B. STP
  A. QoS

  ---

  Explanation

  Quality of Service (QoS) prioritizes delay-sensitive traffic such as VoIP by assigning higher priority in queues, reducing jitter, latency, and packet loss. Implementing QoS policies ensures stable and clear voice communication.

  Option B: STP (Spanning Tree Protocol) prevents switching loops, but it does not address jitter or real-time traffic performance.

  References:

  Domain: Network Infrastructure -- QoS, traffic shaping, prioritization of voice/video.

• Question 577:

  A firewall receives traffic on port 80 and forwards it to an internal server on port 88.

  Which of the following technologies is being leveraged?

  A. TLS
  B. FHRP
  C. SSL
  D. PAT
  D. PAT

  ---

  Explanation

  The correct answer is PAT (Port Address Translation). According to the CompTIA Network+ N10-009 objectives, PAT is a form of Network Address Translation (NAT) that allows multiple internal hosts-or services-to be mapped to a single public IP address using different port numbers. PAT can also translate destination port numbers, which is exactly what is occurring in this scenario.

  In this case, the firewall receives incoming traffic on port 80 (commonly used for HTTP) and forwards it to an internal server listening on port 88. This process is often referred to as port forwarding, which is a practical implementation of PAT.

  The firewall rewrites the destination port and potentially the destination IP address so that external clients can access internal services without exposing internal addressing schemes. The other options do not apply. TLS and SSL are encryption protocols used to secure data in transit; they do not perform port translation. FHRP (First Hop Redundancy Protocol), such as HSRP or VRRP, provides gateway redundancy and high availability, not traffic forwarding or port

  remapping.

  The Network+ objectives emphasize understanding how firewalls and NAT technologies manipulate IP addresses and ports to enable secure access to internal resources. PAT is the technology that enables this functionality, making it the correct answer.

• Question 578:

  A technician needs to identify a computer on the network that is reportedly downloading unauthorized content.

  Which of the following should the technician use?

  A. Anomaly alerts
  B. Port mirroring
  C. Performance monitoring
  D. Packet capture
  D. Packet capture

  ---

  Explanation

  Packet Capture: This method captures and inspects network traffic to identify unauthorized downloads or malicious behavior. It provides detailed insight into the data being transmitted, making it the best tool for this scenario.

  Anomaly alerts (A): Alerts may indicate unusual activity but do not provide detailed traffic analysis.

  Port mirroring (B): Port mirroring can redirect traffic for analysis but requires a packet capture tool for deeper inspection.

  Performance monitoring (C): Focuses on system performance metrics, not detailed traffic content.

• Question 579:

  Which of the following cable types allows the use of QSFP ports without requiring transceivers?

  A. Multimode
  B. Twinaxial
  C. RG11
  D. Category 6
  B. Twinaxial

  ---

  Explanation

  Twinaxial (Direct Attach Copper / DAC) cables can plug directly into QSFP ports without needing separate optical transceivers. They are cost-effective for short-distance, high-speed connections (commonly in data centers).

  Option A: Multimode fiber requires SFP/QSFP transceivers to convert electrical signals to optical.

  Option C: RG11 is coaxial cable for broadband/cable TV, not used in QSFP ports.

  Option D: Category 6 is twisted-pair Ethernet cabling, not directly compatible with QSFP ports.

  References:

  Domain: Network Infrastructure -- Cable types, QSFP, DAC (Twinaxial), transceiver requirements.

• Question 580:

  Which of the following is associated with avoidance, acceptance, mitigation, and transfer?

  A. Risk
  B. Exploit
  C. Threat
  D. Vulnerability
  A. Risk