CompTIA  N10-009  Network+  Exam Dumps and Practice Test Questions Set 1 Q1-20

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 1

A network technician needs to segment a flat Layer 2 network into multiple broadcast domains while keeping devices on the same physical switch. Which technology provides that capability?

A) VLAN
B) Subnetting
C) NAT
D) Spanning Tree Protocol

Answer: A) VLAN

Explanation:

A) VLAN (Virtual Local Area Network) provides the ability to partition a single physical switch into multiple logical broadcast domains. This is achieved by assigning switch ports (or tagging frames) so that frames from one logical group are kept separate from frames in another. VLANs operate at Layer 2 of the OSI model and reduce unnecessary broadcast traffic by constraining broadcasts to members of the same VLAN. They also improve security and traffic management because devices in different VLANs cannot directly exchange Layer 2 frames without an intervening Layer 3 device (router or layer-3 switch). VLAN membership can be assigned statically (by port) or dynamically (by MAC, authentication, or other mechanisms). Tagged VLAN frames follow the 802.1Q standard when traversing trunk links between switches, which allows multiple VLANs to share the same physical uplink while preserving separation.

B) Subnetting divides an IP address space into smaller logical networks at Layer 3 by manipulating the network prefix and mask. Subnetting affects IP routing and address allocation and creates separate IP networks which are separate broadcast domains only when routed. Subnetting alone does not enforce segmentation at the switch Layer 2 level on a single switch unless paired with VLAN configuration and appropriate routing. Subnetting is complementary to VLANs—often each VLAN maps to its own subnet—but subnetting itself does not provide the switch-level broadcast-domain separation on a single physical switch without Layer 3 intermediation.

C) NAT (Network Address Translation) translates private IP addresses into public ones (or between address pools) and alters IP header addressing as frames pass a NAT device. NAT is a Layer 3/Layer 4 mechanism used primarily for conserving IP addresses and enabling private networks to reach external networks. It does not create separate broadcast domains inside a single switch or separate switch ports into different virtual LANs. NAT is applied at routers or border devices and does not perform intra-switch traffic segmentation at Layer 2.

D) Spanning Tree Protocol (STP) prevents layer-2 switching loops by creating a loop-free tree topology among switches and selectively blocking redundant links. While STP influences which physical links are forwarding or blocked, it does not logically split a switch into multiple broadcast domains. STP is concerned with path selection and loop avoidance across a switched network, not with partitioning a single switch into distinct virtual networks. STP works together with VLANs (there is per-VLAN STP in many implementations), but STP itself is not the technology that segments the switch into separate broadcast domains.

The goal stated in the question is to segment a single flat Layer 2 environment into multiple broadcast domains while keeping devices physically attached to the same switch. The core property needed is Layer 2 separation of broadcasts and traffic isolation on the same physical hardware. VLANs were designed exactly for that: they create independent broadcast domains within one switch (or across switches using trunking), allowing administrators to logically group users based on function, department, security needs, or traffic patterns without requiring separate physical switches. VLANs reduce broadcast storms, allow easier policy enforcement, and enable flexible network layouts. Subnetting, while it results in separate IP networks, does not by itself change how frames are switched on an Ethernet switch; without VLANs, devices in different subnets may still receive broadcasts if they’re on the same Layer 2 segment. NAT changes addresses for reachability across networks and is unrelated to local broadcast domain separation. STP manages redundancy and loop prevention across Layer 2 topologies but does not create logical segmentation of ports into different broadcast domains. Therefore VLAN is the correct selection because it directly addresses the requirement to segment a flat Layer 2 network into multiple broadcast domains on the same physical switch.

Question 2

Which protocol is used to automatically assign IP addresses, subnet masks, default gateways, and DNS server information to hosts on a network?

A) DHCP
B) ARP
C) ICMP
D) FTP

Answer: A) DHCP

Explanation:

A) The Dynamic Host Configuration Protocol (DHCP) automates the assignment of IP configuration parameters such as IP address, subnet mask, default gateway (router), DNS server addresses, and often other options like domain name and lease duration. DHCP clients broadcast discovery messages when they join a network; DHCP servers reply with offers and acknowledge the assignment, often with a lease time that the client must renew. DHCP simplifies administration by removing the need for manual IP configuration, reduces address conflicts via managed address pools, and can dynamically reassign addresses when devices move between networks. DHCP supports both IPv4 and IPv6 (the latter via DHCPv6), though IPv6 also provides stateless autoconfiguration. DHCP relay agents allow DHCP discovery broadcasts to cross routed boundaries so central servers can service many subnets.

B) ARP (Address Resolution Protocol) maps IPv4 addresses to MAC addresses on a local network by broadcasting ARP requests and receiving ARP replies. ARP is essential for frame delivery on Ethernet networks but does not assign IP addresses or provide configuration such as gateway or DNS. ARP operates after IP configuration is in place when a host needs to resolve a neighbor’s MAC address to send a frame.

C) ICMP (Internet Control Message Protocol) conveys error and diagnostic messages for IP networks—examples include ping (echo request/reply) and Destination Unreachable messages. ICMP helps with network troubleshooting and reporting issues, but it does not perform address assignment or provide configuration parameters.

D) FTP (File Transfer Protocol) is an application-layer protocol used to transfer files between hosts. FTP requires an underlying IP configuration to function; it does not assign IP addresses or other network configuration. FTP is unrelated to host configuration and is used for uploading/downloading files.

The requirement specifies automatic provisioning of IP configuration elements to hosts, including gateway and DNS server information. DHCP was created to provide precisely that functionality—automated, centralized distribution of IP-related settings with lease management and options. ARP, ICMP, and FTP each serve important network roles but are orthogonal to dynamic host configuration. ARP resolves addresses, ICMP diagnoses problems, and FTP moves files; none automate the distribution of IP/DNS/gateway parameters to new clients. Thus DHCP is the correct protocol for this operational need.

Question 3

 A network administrator wants to allow secure remote command-line access to a switch for management from a remote location. Which protocol should the administrator use?

A) SSH
B) Telnet
C) HTTP
D) TFTP

Answer: A) SSH

Explanation:

A) SSH (Secure Shell) provides encrypted, authenticated remote command-line access to network devices and servers. SSH encrypts both credentials and session traffic, protecting management sessions from eavesdropping, replay, and credential theft. Modern network devices support SSH for secure administrative access, and public-key authentication can be used in place of passwords for stronger security. SSH runs over TCP (commonly port 22) and supports features such as secure file transfer (SFTP) and tunneling. For switch management, using SSH ensures that sensitive commands, configuration changes, and passwords are not transmitted in plaintext across the network.

B) Telnet is a legacy protocol that provides remote command-line access but transmits credentials and session data in plaintext. Because of the lack of encryption, Telnet is insecure on untrusted networks and is generally deprecated for remote management. It is sometimes used only in isolated, highly controlled environments or for troubleshooting when SSH is unavailable, but its use is strongly discouraged in production.

C) HTTP (Hypertext Transfer Protocol) is used for web traffic and can provide a web-based management interface for devices. However, standard HTTP transmits data in plaintext and is not a secure remote command-line protocol. HTTPS (HTTP over TLS) would address encryption for web management, but HTTP itself is not appropriate for secure CLI access. Additionally, web GUIs may not provide the same low-level CLI functionality network administrators require.

D) TFTP (Trivial File Transfer Protocol) is a simple file-transfer protocol used mainly for transferring configuration files and firmware images to and from network devices. It lacks authentication and encryption and is not an interactive remote management protocol. TFTP is for file movement, not for secure command-line sessions.

The requirement specifies secure remote command-line access. Secure implies encryption and protection of credentials and session data. SSH was built for that purpose and is the de facto standard for secure administrative access. Telnet and TFTP are insecure and transmit sensitive data without encryption. HTTP is for web interfaces and is not the proper choice for secure CLI sessions (HTTPS would be needed for secure web management but still not provide CLI semantics). Therefore SSH is the appropriate and secure protocol for remote command-line management of switches.

Question 4

Which device functions primarily at Layer 3 of the OSI model and makes forwarding decisions based on IP addressing?

A) Router
B) Switch
C) Hub
D) Bridge

Answer: A) Router

Explanation:

A) A router operates at Layer 3 (the network layer) of the OSI model and forwards packets between different IP networks based on their IP addresses and routing tables. Routers examine the destination IP address, consult routing protocols or static routes, decrement the TTL (or hop count), and then forward or drop packets accordingly. Routers perform network address translation, implement access control lists, support inter-VLAN routing when connected to VLANs, and participate in path selection protocols like OSPF, BGP, or EIGRP. Their core responsibility is to interconnect separate IP subnets and route traffic between them.

B) A switch primarily operates at Layer 2 (the data link layer) and makes forwarding decisions based on MAC addresses maintained in a MAC address table. A switch forwards frames within the same broadcast domain and can create separate collision domains per port. While many modern switches are multilayer devices that can perform routing (layer-3 switches), the traditional switch behavior is Layer 2 forwarding, not IP-based routing.

C) A hub is a simple physical-layer (Layer 1) device that repeats electrical signals to all ports, creating a single collision domain. Hubs do not examine MAC or IP addresses and do not make forwarding decisions; they simply broadcast incoming electrical signals to every connected port. Hubs are largely obsolete in modern Ethernet networks.

D) A bridge is a Layer 2 device that filters and forwards frames based on MAC addresses and was historically used to split collision domains. Functionally similar to a modern switch but typically with fewer ports and less intelligence, a bridge does not make IP-based routing decisions and thus does not operate at Layer 3.

The question targets the device whose core decision metric is IP addressing and whose primary function is forwarding between IP networks—this is the router. Switches and bridges operate primarily on MAC addresses at Layer 2, handling frame switching within the same broadcast domain. Hubs operate at Layer 1 and lack any address-awareness. Although some devices blur boundaries (multilayer switches can route), the classic and correct device for IP-based forwarding is the router.

Question 5

Which wireless encryption standard is considered the most secure and is recommended for modern Wi-Fi networks?

A) WPA3
B) WEP
C) WPA
D) WPA2

Answer: A) WPA3

Explanation:

A) WPA3 (Wi-Fi Protected Access 3) is the latest Wi-Fi security standard that provides stronger protections than prior generations. WPA3 introduces features such as SAE (Simultaneous Authentication of Equals) for more secure password-based authentication that resists offline dictionary attacks, individualized data encryption for open networks (Opportunistic Wireless Encryption improvements), and enhanced cryptographic strength for government and industrial use (192-bit security suite). WPA3 addresses known vulnerabilities in older protocols and provides forward secrecy. It also simplifies secure device onboarding through mechanisms like Wi-Fi Easy Connect. For modern deployments where both client and infrastructure support WPA3, it is the recommended standard.

B) WEP (Wired Equivalent Privacy) is an obsolete and insecure legacy encryption scheme for Wi-Fi. WEP suffers from multiple fundamental cryptographic weaknesses that allow attackers to recover the key quickly and decrypt traffic. It has been deprecated for many years and should never be used in production networks.

C) WPA (Wi-Fi Protected Access, sometimes called WPA1) was an interim solution that improved on WEP by introducing TKIP (Temporal Key Integrity Protocol) but still had weaknesses and is considered outdated. TKIP was designed as a stopgap and later found to be vulnerable to attacks; WPA-TKIP should be avoided in favor of stronger protocols.

D) WPA2 vastly improved security over WEP and WPA by introducing CCMP (AES-based Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) and robust authentication options. WPA2 (especially with AES) has been the dominant secure Wi-Fi standard for many years. However, WPA2 has some weaknesses (notably vulnerabilities like the KRACK attack affecting the handshake) and lacks the newer protections introduced in WPA3, which address specific attack vectors and provide better privacy protections for open networks.

The question asks for the most secure, recommended standard for modern Wi-Fi. WPA3 is explicitly designed to supersede WPA2 by adding stronger authentication, protections against offline password cracking, and improved encryption characteristics—features tailored to address the modern threat environment. WEP and WPA are obsolete and insecure and should not be used. WPA2 with AES remains secure when configured correctly and is widespread, but WPA3 provides additional protections and should be chosen when supported. Therefore WPA3 is the correct answer for current best-practice wireless security.

Question 6

A technician needs to connect multiple remote branch offices securely over the public Internet so that they appear to be part of the same private network. Which technology should be implemented?

A) VPN
B) Proxy
C) VLAN
D) NAT

Answer: A) VPN

Explanation:

A) A virtual private network creates a secure, encrypted connection (or tunnel) over a public or untrusted network such as the Internet. This technology enables geographically separated offices to communicate as if they were part of the same private environment by protecting data against interception and tampering. The encrypted tunnel can be established using methods such as IPSec or SSL/TLS, and it ensures confidentiality, integrity, and authentication for transmitted traffic. By implementing this secure overlay network, remote locations can share internal resources, run internal applications, and interact with headquarters systems without exposing sensitive data.

B) A proxy acts as an intermediary between clients and external servers, often used for content filtering, caching, anonymity, or access control. While it can hide internal addresses or enforce organizational browsing policies, it does not create a private network that interconnects multiple remote offices. A proxy does not provide the encrypted site-to-site tunneling mechanism needed to emulate a unified private infrastructure across distant locations; its role centers on request mediation rather than secure interconnectivity.

C) VLAN technology segments broadcast domains on local switches and provides logical separation of devices at layer two. Although VLANs are excellent for organizing and isolating traffic inside a single campus or building, they do not inherently provide secure connectivity across the open Internet. Extending VLANs across long distances requires specialized technologies and does not provide encryption, making it inappropriate for secure branch office communication across public networks.

D) Network address translation translates private IP addresses to public ones or between address ranges, often to conserve public addresses or hide internal structures. While NAT can provide some level of obscurity, it does not itself form a secure channel over the Internet. NAT does not unify remote offices into a single private environment and lacks the encryption and tunneling capabilities needed to protect branch-to-branch communication over untrusted paths.

The goal is to securely interconnect remote offices via public infrastructure so they behave as if on one private network. Only a virtual private network provides the encryption, tunneling, and authentication needed to accomplish this. Proxies mediate requests, VLANs divide LAN segments, and NAT rewrites addresses, but none of those methods achieve protected wide-area connectivity or the creation of secure overlays. A virtual private network fits the requirement precisely.

Question 7

A user reports they can access some websites but not others, while other users on the same network have no issues. What is the most likely cause?

A) DNS cache corruption
B) Switch port failure
C) DHCP server outage
D) Router hardware failure

Answer: A) DNS cache corruption

Explanation:

A) Local corruption of cached name-to-address mappings can prevent a workstation from resolving certain website names correctly. When this occurs, the system may attempt to contact incorrect or outdated IP addresses. Because the issue is isolated to a single user and only affects specific destinations rather than all connectivity, a local cache problem aligns well with the symptoms. Flushing the local name cache or obtaining fresh DNS information usually resolves such inconsistencies. This phenomenon is common after DNS changes, malware activity, or improper cache handling.

B) Failure of a switch port results in complete loss of network connectivity for the device connected to that port. The affected user would typically be unable to access any network resource, including internal hosts, external sites, or DNS servers. The problem described does not match this scenario because partial connectivity is still functioning.

C) When an address-assignment server becomes unavailable, multiple users experience issues, especially after leases expire or when new devices attempt to join the network. The symptoms would affect numerous users at once, not just one individual. Furthermore, a typical outage would produce widespread inability to obtain addresses, not selective access to only some external resources.

D) Hardware failure of the main routing device would impact the entire network or at least a substantial portion of it. If the router were malfunctioning, all users would likely experience connectivity failures, especially for external destinations. A selective problem isolated to a single user is inconsistent with a general routing device malfunction.

The key detail is that only one user experiences partial failure while others function normally. This strongly points to a local problem. Since DNS lookups occur per host and each host maintains its own resolver cache, inconsistency in that cache often causes intermittent reachability where some resources respond normally and others appear unreachable. WAN device failures or local switch issues would not produce such targeted symptoms. Thus, cache corruption is the most fitting explanation.

Question 8

A company needs to implement a centralized authentication method that allows users to log in to network devices using their domain credentials. Which solution is most appropriate?

A) RADIUS
B) SNMP
C) SMTP
D) TFTP

Answer: A) RADIUS

Explanation:

A) Remote Authentication Dial-In User Service provides centralized authentication, authorization, and accounting for network devices. It enables routers, switches, wireless controllers, VPN concentrators, and other infrastructure components to rely on a central directory service for credential verification. Integrations commonly include Active Directory, allowing users to log in with domain accounts. This design improves security, enforces consistent policies, and provides logging of administrative access. RADIUS works over UDP and is widely deployed for network infrastructure authentication.

B) The simple network management protocol is used for monitoring and managing network equipment. It collects metrics, handles alerts, and retrieves configuration data. It is not a mechanism for validating user identities for device logins or granting administrative access. SNMP’s purpose is observability, not credential verification.

C) The simple mail transfer protocol is used to send email between servers. It is entirely unrelated to authenticating administrative sessions on infrastructure equipment and cannot serve as a centralized login mechanism for routers or switches.

D) The trivial file transfer protocol transfers configuration files and firmware images but does not authenticate user sessions for management access. It lacks features such as user identity validation, policy enforcement, and logging of administrative actions.

The requirement is clear: centralized authentication for logging in to network devices using domain credentials. Only a protocol designed for authentication and authorization accomplishes this purpose. Remote Authentication Dial-In User Service integrates with directory services, supports policy-based control, and tracks usage events, making it suitable for unified device management. Monitoring tools, mail transport mechanisms, and simple file transfer utilities cannot handle login verification. Therefore, RADIUS is the correct match.

Question 9

 A network engineer notices broadcast storms occurring due to redundant switch connections. Which feature should be enabled to prevent this condition?

A) STP
B) QoS
C) NAT
D) DHCP snooping

Answer: A) STP

Explanation:

A) A spanning tree mechanism detects redundant links in a switching topology and logically disables some of them to prevent loops. Broadcast storms typically arise when frames continuously circulate due to a loop; the spanning tree algorithm identifies such conditions and ensures a loop-free structure by placing selected ports into a blocking state. This allows network redundancy without the risk of broadcast amplification. By maintaining an organized tree topology, the network avoids collapse and reduced performance caused by unbounded frame propagation.

B) Quality of service prioritizes traffic classes but does not detect or mitigate loops. While it can elevate or limit certain types of data, it cannot prevent frames from repeatedly circulating due to redundant paths. QoS addresses performance management, not topological correction.

C) Network address translation acts on IP packets as they traverse gateway devices and performs address rewriting. It does not resolve switching loops, nor does it operate at the layer where loop-induced storms occur. NAT cannot influence Ethernet-level behavior that causes the described condition.

D) DHCP snooping protects address-assignment processes by filtering unauthorized responses from untrusted ports. It helps prevent rogue assignment servers but has no capacity to prevent switching loops or broadcast amplification events. Its function is limited to safeguarding IP leasing integrity.

Broadcast storms originate from layer-two loops in the switching fabric. The comprehensive solution is a loop-preventing algorithm that ensures a single active path between any two nodes. Only a spanning tree implementation supplies this protection. Enhancing traffic priority, modifying IP addresses, or validating address-assignment messages cannot resolve underlying topological loops. Therefore, STP is the necessary mechanism to prevent broadcast storms.

Question 10

 A technician is installing new fiber optic cable that must be immune to electromagnetic interference while supporting high bandwidth over long distances. Which type of medium is most appropriate?

A) Single-mode fiber
B) Coaxial cable
C) Cat 5e twisted pair
D) Multi-mode fiber

Answer: A) Single-mode fiber

Explanation:

A) A narrow-core optical medium designed for long-distance transmission uses a single propagation path for light, enabling extremely high bandwidth over many kilometers with minimal signal attenuation. Its immunity to electromagnetic interference, very low loss characteristics, and suitability for wide-area backbones make it ideal for long-distance applications. Single-mode provides the longest reach and highest performance among common cabling choices, often used for inter-building links, metropolitan infrastructure, and high-capacity data transport.

B) Coaxial cable carries electrical signals and is susceptible to noise, though less so than some unshielded media. It cannot match the distance, bandwidth, or interference immunity of optical fiber. Coax is used for older Ethernet variants, broadband cable, or specialized applications but does not provide the long-distance, high-bandwidth optical characteristics required here.

C) Enhanced category 5 twisted pair supports shorter copper-based Ethernet links and is subject to signal loss, crosstalk, and electromagnetic interference. Copper cabling is limited to relatively short distances—typically up to 100 meters for Ethernet—and cannot compete with fiber for long-range throughput and EMI resistance.

D) Multi-mode fiber uses a wider core that allows multiple light paths. While it supports high data rates, it suffers from modal dispersion over longer spans. Its effective distance is shorter than single-mode fiber, making it suitable for internal building backbones or campus environments but not for the longest runs. Although immune to electromagnetic interference, it does not match the reach required when very long distance is the priority.

The requirement emphasizes immunity to interference, long-distance reach, and high bandwidth. Optical fiber always supplies EMI immunity, but single-mode fiber uniquely provides superior long-range performance and minimal degradation. Copper media cannot match these properties, and multi-mode fiber is limited by modal dispersion at longer lengths. Thus, single-mode fiber best satisfies the stated needs.

Question 11

A network technician needs to securely transfer configuration files between two routers using a method that provides encryption and authentication. Which protocol should be used?

A) SFTP
B) TFTP
C) FTP
D) SNMP

Answer: A) SFTP

Explanation

A) Secure File Transfer Protocol operates over the secure channel provided by SSH and offers encrypted transmission of files along with user authentication. This makes it particularly well-suited for moving sensitive configuration files across a network. It ensures that the contents cannot be intercepted or altered in transit. The authentication mechanism also verifies the identity of the parties involved, preventing unauthorized access. Because network configuration files often contain passwords, routing details, and security policies, transferring them securely is essential, and the encryption provided by this protocol directly addresses that need. Additionally, since the transmission uses an encrypted tunnel, it can operate safely even across untrusted networks.

B) Trivial file transfer mechanisms provide simple, connectionless file movement without encryption or authentication. Due to the absence of these protections, any files transmitted are exposed to interception or manipulation. This makes it unsuitable for sensitive materials like router configurations, which must remain confidential and unchanged. While often used for quick transfers or bootstrapping of devices in controlled environments, its lack of security features disqualifies it for any scenario where confidentiality or integrity is required.

C) Traditional file transfer mechanisms provide a means of sending data between systems but do so without encryption or strong identity verification. This results in files being transmitted in clear text, including credentials if required for login. Although useful in scenarios where security is not a concern, transporting router configurations using this method would allow an attacker with network access to view or alter sensitive details. This is not acceptable in modern environments where device configurations are critical security elements.

D) The protocol used for management and monitoring of devices focuses on collecting information about device performance, receiving alerts, and sometimes making configuration changes. However, it is not a file transfer protocol and cannot reliably or securely move configuration files between routers. It also lacks the encryption capabilities necessary for safeguarding file contents against interception. Its role is in network monitoring rather than secure file movement.

The protocol in the first option provides the necessary encryption, authentication, and protection required to ensure that network configuration files remain confidential and intact while being transferred between devices, whereas the others do not deliver adequate security for such sensitive operations.

Question 12

A company needs to ensure that wireless users authenticate using their individual corporate credentials rather than a shared passphrase. Which solution should be implemented?

A) WPA2-Enterprise
B) WEP
C) WPA2-Personal
D) Open authentication

Answer: A) WPA2-Enterprise

Explanation:

A) The enterprise variant of the WPA2 standard enables authentication against a central identity store using mechanisms such as 802.1X and RADIUS. This ensures that each user authenticates individually with their own username and password, supporting per-user access control and detailed auditing. It also allows centralized revocation of credentials and provides stronger security than shared-key systems. By tying authentication to corporate accounts, administrators can enforce policies, track user activity, and revoke access instantly if needed. This model is widely adopted in corporate environments where strong authentication and accountability are mandatory.

B) The older WEP standard relies on static keys and is fundamentally insecure. It does not support individual user authentication and is susceptible to numerous attacks that allow quick decryption of wireless traffic. Because it relies on shared keying material, it cannot associate authentication attempts with individual users, and it cannot provide the necessary accountability and access control required in modern corporate deployments.

C) The personal variant of WPA2 uses a shared pre-shared key that all users must know to access the network. While suitable for home or small office environments, it does not allow unique per-user credentials. Anyone with the shared key can join the network, and the shared nature of the key makes auditing difficult. It also complicates security management because changing the passphrase disrupts all users, and users cannot be offboarded individually without reconfiguring every device.

D) Open authentication allows any device to join the wireless network without providing credentials. This completely lacks security, offering no user validation, encryption, or accountability. It is intended only for public-access networks where restrictions are not required. It does not fulfill the requirement of binding access to individual corporate identities.

The enterprise authentication mechanism uniquely provides per-user identity verification, integrates with centralized directories, and delivers the accountability and revocation capabilities that corporate environments require, something the other approaches cannot achieve.

Question 13

A technician is asked to identify the device responsible for blocking unauthorized inbound traffic while allowing outbound connections from the internal network. What device performs this function?

A) Firewall
B) Hub
C) Repeater
D) Patch panel

Answer: A) Firewall

Explanation:

A) A firewall monitors and filters network traffic based on predefined security rules that evaluate factors such as addresses, ports, and protocols. It can permit internal users to initiate outbound connections while blocking unsolicited or unauthorized inbound traffic from the external network. This makes it a primary security barrier between internal systems and the Internet. It inspects traffic flows, enforces policies, and can perform deep inspection to detect undesirable content. Its behavior can be stateful, maintaining knowledge of active sessions to allow return traffic for established outbound connections while denying unexpected attempts to enter from outside.

B) A hub simply repeats incoming electrical signals to all connected ports and offers no filtering or traffic control features. Since it operates at the physical layer, it cannot make decisions about what traffic to allow or block. It lacks any capability to distinguish between authorized and unauthorized communication attempts and does not protect the network in any way.

C) A repeater regenerates and boosts signals to extend the reach of a transmission but similarly lacks any notion of traffic inspection or filtering. It cannot analyze or restrict inbound connections and does not evaluate addresses, session states, or protocols. Its role is limited to signal strengthening, not security enforcement.

D) A patch panel is a passive physical termination point used for organizing network cabling. It has no processing ability and cannot analyze or control traffic. Its function is solely to provide cable connectivity management.

The first device listed is specifically designed to enforce traffic policies by inspecting packets and applying rules that determine whether connections should be allowed or denied. The other items are passive or low-level devices with no filtering or security capabilities.

Question 14

A network team is deploying redundant routers that must share a virtual IP address so that if one router fails, another can seamlessly take over. Which protocol is appropriate?

A) VRRP
B) FTP
C) POP3
D) LDAP

Answer: A) VRRP

Explanation:

A) The Virtual Router Redundancy Protocol allows multiple routers to participate in a redundancy group and present a single virtual IP address to clients. One router becomes the master and handles active forwarding, while the others operate in backup mode. If the master becomes unavailable, a backup router automatically transitions to master state, maintaining continuity of service without requiring changes on client devices. This protocol provides high availability for default gateway services and ensures that host traffic continues to flow even if a physical router fails.

B) The file transfer mechanism referenced here is not related to network redundancy or routing. It is designed for transferring files and cannot manage virtual IP addresses or provide seamless failover functions. It plays no role in gateway availability.

C) The post office protocol is intended for email retrieval by clients and is unrelated to network routing or device redundancy. It provides no ability to coordinate routers or manage virtual addressing for failover.

D) The directory access protocol is used to query and modify directory services. It plays no part in establishing redundant routing paths or providing shared default gateways. It is a service for identity and directory management and does not handle routing failover mechanisms.

The protocol in the first option is specifically created for default gateway redundancy, enabling routers to share a virtual IP address and offer uninterrupted service. The remaining items serve unrelated functions and cannot achieve the redundancy behavior described.

Question 15

A large office building uses multiple switches across different floors. The network engineer wants to ensure that the switches share VLAN configuration information automatically. Which protocol supports this requirement?

A) VTP
B) RDP
C) RTP
D) SIP

Answer: A) VTP

Explanation:

A) The VLAN Trunking Protocol distributes VLAN information among switches within the same management domain. It allows a central switch to act as a server and propagate additions, deletions, and modifications of VLANs to other switches configured as clients. This simplifies administration in large environments by ensuring VLAN consistency across numerous switches. When switches share a common domain and appropriate trunk links exist, this protocol synchronizes VLAN configurations, preventing mismatches and reducing manual configuration workload. However, careful management is required because incorrect updates can propagate widely.

B) The remote desktop protocol facilitates graphical remote access to computers. It does not share or synchronize VLAN information among switches and plays no role in network layer two configuration management. Its purpose is to provide remote control of system desktops.

C) The real-time transport protocol carries audio and video streams and is designed for media delivery. It does not interact with switches in a way that influences VLAN settings or configuration synchronization. It operates at a higher application level unrelated to VLAN management.

D) The session initiation protocol handles initiation and termination of voice and video communication sessions. It neither configures switches nor distributes VLAN information. Its domain is communication session control, not network infrastructure configuration.

The protocol listed first is the only one designed specifically to coordinate VLAN configurations between switches, while the others serve unrelated functions in remote access or media communications.

Question 16

A network administrator wants to measure the time it takes for a packet to travel from one host to another and back again to troubleshoot latency issues. Which tool should be used?

A) Ping
B) Traceroute
C) Netstat
D) ARP

Answer: A) Ping

Explanation:

A) This diagnostic tool sends echo request messages to a target and waits for echo replies, allowing measurement of the round-trip time between the source and destination. By analyzing the returned times, an administrator can determine if latency is present and whether it varies over multiple tests. It is widely used because it provides simple, direct visibility into whether a host is reachable and how long communication takes. It can also detect packet loss by reporting the number of requests that went unanswered. The tool operates using Internet Control Message Protocol messages designed specifically to allow this type of connectivity verification. When troubleshooting network delay, it gives an immediate benchmark for responsiveness. Although it does not reveal the path taken through the network, its round-trip measurement is the primary metric needed when the sole goal is latency analysis.

B) This tool reveals the path packets take through a network by showing each hop along the route. Although it provides per-hop delay information, it does not directly measure simple round-trip time between two endpoints in the same way the first tool does. Instead, it focuses on identifying where delays or routing changes occur. While extremely useful for diagnosing complex routing issues or detecting path anomalies, it is not intended as the primary measurement for simple latency verification between two hosts. The additional information it provides can be valuable but does not replace a straightforward test of travel time to a single destination.

C) This utility displays active connections, listening ports, and protocol statistics on a host. Its main purpose is to show what ports are open, what services are active, and what external systems a device is communicating with. It is useful for troubleshooting socket-level issues and understanding traffic flows but does not measure travel time between systems. There is no mechanism in this tool that provides round-trip time or latency measurements, making it irrelevant for this purpose.

D) This mechanism resolves network-layer addresses to link-layer addresses on a local segment. It is necessary for hosts to determine how to transmit frames to the correct destination. It does not test connectivity timing, does not send echo messages, and does not measure delays. Instead, it maintains mappings and responds to resolution requests. It cannot provide insights into latency because it is purely a resolution and cache mechanism for local addressing.

The first choice is specifically designed to measure how long packets take to travel to a destination and back, which directly addresses latency troubleshooting. The others perform important but unrelated diagnostic or operational functions.

Question 17

A technician discovers that a user accidentally plugged two switch ports together, causing a network outage. Which feature on the switches would prevent this type of issue?

A) Loop prevention
B) Port mirroring
C) Traffic shaping
D) DHCP relay

Answer: A) Loop prevention

Explanation:

A) A mechanism that identifies and neutralizes redundant paths in a switching environment prevents frames from circulating endlessly when connections form a loop. When two ports are connected inadvertently, frames can multiply rapidly, overwhelming the entire network. A loop prevention protocol places selected ports into a blocking state and maintains a loop-free structure. It identifies topology changes, recalculates paths when needed, and ensures that even if physical redundancy exists—whether intentional or accidental—there is only one active path between any two points. This stops broadcast storms and prevents cascading outages caused by misconnected cables. In environments with multiple switches, enabling this feature is critical to maintaining stability, especially when physical connections may change unexpectedly.

B) This feature copies traffic from one port to another for purposes such as monitoring, analysis, or intrusion detection. While valuable for visibility into traffic flows, it does not address the problem of switching loops. It does not detect or disable misconnected ports, nor does it prevent storms. Its purpose is passive observation, not enforcement of topological integrity.

C) This mechanism helps regulate bandwidth usage by prioritizing or limiting certain types of traffic. It can improve performance by ensuring that critical applications receive adequate bandwidth. However, it has no capability to prevent frames from circulating in loops. A broadcast storm created by misconnected switch ports would overwhelm the network regardless of prioritization, because the underlying issue involves repeated frame propagation rather than capacity distribution.

D) This feature forwards address-assignment messages across subnet boundaries so that clients can reach a remote address-assignment server. While important in routed networks, it does not influence switch topology or prevent redundant links from creating storms. It handles forwarding of configuration messages but does not protect network infrastructure from physical cabling issues.

Loop prevention protocols detect and control redundant paths, stopping the exact scenario described, whereas the other features serve unrelated operational purposes.

Question 18

A server must be connected to a switch using a link that combines multiple physical interfaces into one logical high-bandwidth connection for improved throughput and redundancy. What technology accomplishes this?

A) Link aggregation
B) Port security
C) PoE
D) VLAN pruning

Answer: A) Link aggregation

Explanation:

A) This method groups multiple physical network interfaces into a single logical channel, increasing available bandwidth and providing redundancy. If one physical link fails, traffic continues flowing across the remaining links. It also allows load balancing of frames across the aggregated interfaces to improve performance. Standards-based approaches, such as those defined by IEEE, ensure interoperability between devices from different vendors. This technique is commonly used for servers, storage devices, and high-performance switches where individual interfaces do not provide enough throughput on their own. By bonding multiple connections, administrators can create a resilient high-speed path without requiring specialized hardware.

B) This security feature restricts which addresses are allowed to connect to a switch port. It prevents unauthorized devices from accessing the network but does not combine links or improve bandwidth. It is concerned with identity verification and protection against unauthorized physical access, not throughput enhancement.

C) This function supplies electrical power over network cabling to devices such as cameras, phones, or access points. Its role is to eliminate the need for additional power cables. While critical for powering remote devices, it does not combine interfaces or increase throughput. It does not contribute redundancy or bandwidth scaling.

D) This mechanism controls which traffic is allowed across trunk links by limiting the flow of unneeded groups of broadcast domains. It helps optimize trunk usage and prevents unnecessary traffic from traversing the network. It cannot merge physical interfaces and has no effect on throughput from a server to a switch through aggregated links.

The technology in the first option directly enables combining interfaces for bandwidth and redundancy, which matches the requirement, while the other mechanisms address unrelated security, power, or traffic optimization tasks.

Question 19

A user cannot access any internal or external resources. The device’s IP address is 169.254.x.x. What is the most likely problem?

A) DHCP server unreachable
B) DNS misconfiguration
C) Duplicate IP address
D) Incorrect default gateway on router

Answer: A) DHCP server unreachable

Explanation:

A) When a device attempts to obtain an address dynamically and fails to reach the assignment server, it assigns itself an automatic private address in the 169.254.x.x range. This address range is reserved for self-assigned use when a device cannot contact the server responsible for issuing addresses. Devices with such an address cannot communicate with most of the network because the address is not routable and exists solely as a fallback mechanism. This symptom indicates that requests for address assignment are not being answered, which may occur due to server outage, relay configuration problems, network segmentation, or switch port isolation. Because the device lacks proper addressing, it cannot reach internal resources or the wider network.

B) Problems with name resolution typically allow communication by direct address but prevent resolution of server names. In such a scenario, connectivity to numeric addresses may still function. Since the user cannot access any resources and has a self-assigned address, the issue is not related to name resolution. A misconfigured name server does not cause fallback addressing.

C) Conflicts involving identical addresses usually result in intermittent connectivity or address conflict warnings. The device may lose connection frequently or may be forced offline when it detects a conflict. It would not automatically assign itself a fallback address solely due to conflict. The presence of an automatic private address suggests that no valid address was received, not that a duplicate was detected.

D) A missing or incorrect default gateway would restrict access to external networks but generally still allow communication with local systems on the same network. The inability to reach all resources, including local ones, combined with a fallback address, rules out gateway settings as the root cause.

The fallback address indicates failure to receive a dynamic assignment, making inability to reach the assignment server the most logical explanation.

Question 20

A network engineer needs to capture all traffic passing through a switch port to analyze suspicious activity. Which feature enables this functionality?

A) Port mirroring
B) Spanning Tree
C) MTU adjustment
D) LACP

Answer: A) Port mirroring

Explanation:

A) This feature copies all frames received or sent on one port to another designated port, allowing a monitoring device to capture and analyze traffic. Security teams and network administrators use it to inspect suspicious flows, troubleshoot issues, or examine protocol behavior. By duplicating the traffic, it provides full visibility into what a device sends or receives without interrupting network operations. It is implemented at the switch level and supports detailed packet analysis by external tools. It does not modify the traffic; it simply mirrors it for passive observation.

B) This protocol ensures loop-free topologies in layer-two networks by blocking redundant links. Its purpose is to maintain stability, not to copy traffic for analysis. It cannot direct traffic to a monitoring device and does not provide any packet inspection capability. Its role is topological, not diagnostic.

C) Adjusting maximum transmission unit values controls the largest payload size allowed through a network. While important for performance optimization and preventing fragmentation-related issues, it does not duplicate traffic or aid in analyzing suspicious activity. It only affects packet size constraints, not monitoring.

D) This channeling method aggregates multiple physical links to improve throughput or redundancy. While useful for increasing available bandwidth, it does not facilitate packet capture. It deals with load balancing and failover across multiple interfaces, not traffic duplication.

The feature in the first option is specifically designed for traffic observation by copying packets to an analysis device, making it the correct method for monitoring suspicious behavior.