CompTIA  N10-009  Network+  Exam Dumps and Practice Test Questions Set 5 Q81-100

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 81

A network engineer needs to provide secure remote access for employees connecting from home to the corporate network. Which solution should be implemented?

A) Remote VPN
B) Public Wi-Fi
C) Static routing
D) NAT

Answer: A) Remote VPN

Explanation:

A) Implementing a remote VPN provides encrypted communication between the remote employee’s device and the corporate network, ensuring confidentiality, integrity, and authentication. Remote VPNs establish secure tunnels over the public internet, encapsulating all traffic and preventing unauthorized interception. This allows employees to access internal resources such as file servers, email systems, and intranet applications as if they were physically on the corporate network. VPN clients often include additional security features such as certificate-based authentication, multi-factor authentication, and endpoint posture checks to ensure that only authorized devices can connect. By encrypting traffic end-to-end, VPNs mitigate risks associated with using untrusted networks and provide a secure method for remote workers to remain productive without compromising sensitive corporate data. Remote VPNs are also scalable, allowing organizations to manage multiple simultaneous connections efficiently while enforcing centralized security policies. This solution addresses the challenge of secure connectivity comprehensively, making it the ideal choice for enabling employees to work remotely without exposing the network to risk.

B) Using public Wi-Fi allows remote connectivity but provides no security for corporate resources. Data transmitted over public networks can easily be intercepted by attackers using packet sniffers or man-in-the-middle techniques. While convenient, relying on public Wi-Fi leaves internal applications vulnerable and does not provide encryption, authentication, or traffic control. It cannot ensure that sensitive information remains confidential or that only authorized employees are accessing the corporate network. Public Wi-Fi is inherently untrusted, and using it without additional security measures such as a VPN exposes both the end user and the organization to significant risk. Therefore, public Wi-Fi is not suitable as a primary solution for secure remote access.

C) Static routing defines explicit paths for network traffic between known subnets but does not provide secure connectivity over the internet for remote users. While static routing is useful for controlling traffic flow within a network, it does not encrypt data, authenticate users, or enable remote connectivity from untrusted locations. Implementing static routes for remote access would require exposing internal network paths to the public internet, which could introduce security vulnerabilities. Additionally, static routing does not scale well for multiple remote users or devices, making it impractical for enterprise remote access requirements. As a result, static routing alone cannot address the need for secure remote connectivity.

D) Network Address Translation (NAT) allows private IP addresses to communicate with public networks by translating them to a single or small set of public IP addresses. While NAT helps conserve IP addresses and enables external connectivity, it does not provide encryption, authentication, or secure tunneling for remote users. NAT operates at the network layer and is concerned with address mapping rather than secure access. Using NAT alone does not protect traffic transmitted across untrusted networks, nor does it prevent unauthorized access to internal resources. NAT may be combined with VPNs or firewalls, but by itself, it does not solve the requirement for secure remote access.

The remote VPN solution is the only one among these options that provides encrypted, authenticated, and controlled access for employees connecting from outside the corporate network. It ensures confidentiality of data, mitigates exposure to untrusted networks, and allows secure access to internal resources, making it the correct choice.

Question 82

 A network engineer wants to prevent broadcast storms and loops in a layer-two network with redundant links. Which protocol should be implemented?

A) Spanning Tree Protocol (STP)
B) DHCP
C) NAT
D) VLAN

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) Spanning Tree Protocol is designed to detect and prevent layer-two loops in switched networks with redundant paths. Redundant links are necessary for fault tolerance, but without proper loop control, broadcast frames can circulate endlessly, consuming bandwidth and causing network instability. STP dynamically identifies redundant paths and selectively blocks some of them while keeping at least one active path for communication. If the active path fails, STP recalculates the topology and activates a previously blocked path to maintain connectivity. This protocol ensures loop-free operation while allowing redundancy and fault tolerance, making it a critical feature for switched networks with multiple links. STP operates at the data-link layer, exchanging Bridge Protocol Data Units (BPDUs) to detect topology changes and coordinate the blocking or forwarding of ports. By maintaining a loop-free environment, it prevents broadcast storms, reduces unnecessary traffic, and protects the network from outages caused by layer-two loops.

B) DHCP provides dynamic IP address allocation to clients but does not control layer-two loops or prevent broadcast storms. While DHCP ensures proper IP configuration, it does not influence switch port behavior, spanning paths, or topology management. DHCP operates at layer three, assigning addresses to hosts for connectivity, and cannot detect or block redundant paths in the switching fabric. Using DHCP alone does not address the risk of broadcast storms, making it unsuitable for loop prevention.

C) NAT translates private IP addresses to public addresses for external communication but does not manage switch topology or prevent loops. NAT operates at layer three and primarily addresses address space conservation and external connectivity. While it allows devices to communicate with external networks, NAT does not influence traffic forwarding on redundant links within the layer-two network. Therefore, NAT cannot prevent broadcast storms or loops in a switched environment.

D) VLANs segment traffic into separate broadcast domains to isolate groups of devices, which reduces the scope of broadcast traffic. However, VLANs do not inherently prevent loops. If multiple switches are connected redundantly within a VLAN, a loop can still occur, potentially leading to broadcast storms. VLANs control logical separation of traffic but rely on STP or other loop-prevention protocols to maintain network stability. While VLANs improve traffic management and security, they do not replace the need for STP in networks with redundant links.

STP is the only solution that dynamically manages redundant paths at layer two to prevent loops and broadcast storms while maintaining network availability. Its ability to block and unblock ports based on topology changes ensures stability and reliability, making it the correct choice.

Question 83

A network technician wants to reduce interference for wireless clients in a dense office environment. What action would most effectively improve performance?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Enable Telnet on the AP
D) Reduce MTU size

Answer: A) Move clients to the 5 GHz band

Explanation:

A) The 5 GHz frequency band offers more non-overlapping channels and is less congested than the 2.4 GHz band, which is prone to interference from devices such as cordless phones, microwaves, and neighboring Wi-Fi networks. By moving clients to the 5 GHz band, network engineers can significantly reduce co-channel and adjacent-channel interference. The 5 GHz band also supports higher data rates, improving throughput for applications such as video conferencing, VoIP, and file transfers. Although the 5 GHz signals have shorter range due to higher frequency attenuation, strategic access point placement ensures adequate coverage while benefiting from reduced congestion and improved performance. This solution directly addresses interference and allows clients to maintain reliable connections in a dense environment.

B) Increasing the DHCP lease time affects how frequently clients request IP addresses, but it does not impact signal interference, channel congestion, or throughput. DHCP configuration changes network management behavior but does not improve wireless performance or mitigate RF issues.

C) Enabling Telnet on the access point allows remote management and configuration but does not influence wireless signal quality, throughput, or interference. Management protocols like Telnet do not affect the performance of connected clients and are unrelated to RF optimization.

D) Reducing the MTU size adjusts the maximum frame size transmitted over the network. While MTU settings can affect fragmentation and performance at the network layer, they do not resolve RF congestion, co-channel interference, or limited spectrum issues. MTU adjustments are not effective in improving wireless throughput in high-density environments.

Using the 5 GHz spectrum to reduce interference is the most effective solution for improving wireless client performance in congested areas. It provides a less crowded environment, higher data rates, and better overall reliability, making it the correct choice.

Question 84

A technician needs to capture traffic from specific switch ports for analysis without interrupting normal network communication. Which feature should be used?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

 

A) Configuring a SPAN or mirror port allows a switch to replicate traffic from one or more source ports or VLANs to a designated monitoring port. This enables network engineers to capture and analyze packets using tools like Wireshark without affecting the normal flow of traffic. SPAN is essential for troubleshooting, performance monitoring, intrusion detection, and network analysis. It provides real-time visibility into network behavior, allowing administrators to identify errors, latency issues, or abnormal patterns while leaving the operational network unaffected. By sending a duplicate of traffic rather than interrupting the original transmission, SPAN ensures passive monitoring, which is critical for diagnosing complex network problems without impacting service.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While it facilitates traffic transport across logical networks, it does not provide a method for duplicating or monitoring traffic for analysis. Trunking is focused on efficient traffic delivery, not packet capture or troubleshooting.

C) STP prevents loops in layer-two networks and maintains stability but does not capture traffic for analysis. STP is a control protocol that dynamically blocks or forwards ports based on topology changes, without providing insight into the contents of frames or network usage patterns.

D) DHCP snooping secures IP address assignment by validating messages from trusted DHCP servers and blocking rogue servers. While it enhances network security, it does not allow for traffic capture or analysis. DHCP snooping addresses only a specific type of protocol interaction, not general network monitoring.

A SPAN or mirror port is specifically designed for passive monitoring and packet analysis, providing administrators with visibility into live traffic without disrupting normal operations. This makes it the correct solution.

Question 85

A network engineer wants to measure the maximum throughput and packet loss between two endpoints to troubleshoot VoIP performance issues. Which tool should be used?

A) iPerf
B) Netstat
C) ARP
D) Traceroute

Answer: A) iPerf

Explanation

A) iPerf is a network testing tool that generates controlled traffic between two endpoints to measure maximum throughput, packet loss, latency, and jitter. For VoIP troubleshooting, iPerf is ideal because it quantifies performance metrics that directly affect voice quality, such as delay, variation in packet delivery, and dropped packets. By using TCP or UDP streams, administrators can simulate real-world traffic conditions and assess whether the network meets the requirements for high-quality voice communications. iPerf provides detailed, repeatable, and accurate measurements that help pinpoint performance bottlenecks and validate network configurations or upgrades. It also allows adjustments in parameters such as window size, number of parallel streams, and protocol type to match specific testing needs, offering a comprehensive view of network performance for VoIP and other real-time applications.

B) Netstat displays active connections, listening ports, and routing tables on a host. While useful for monitoring session-level activity, it does not measure throughput, packet loss, or jitter between endpoints. Netstat provides static connection information but cannot simulate traffic or provide quantitative performance data for VoIP troubleshooting.

C) ARP resolves IP addresses to MAC addresses on a local network segment. It is a link-layer mechanism used for device identification but does not measure throughput, latency, or packet loss. ARP cannot provide performance metrics necessary for evaluating VoIP quality between endpoints.

D) Traceroute shows the path packets take through a network and provides per-hop latency information. While it is useful for identifying routing paths or troubleshooting delays, it does not measure sustained throughput, jitter, or packet loss between two endpoints. Traceroute offers hop-level insights but lacks the quantitative metrics required for VoIP performance analysis.

iPerf is the only tool among these options that accurately measures throughput, packet loss, and jitter, providing actionable data for optimizing network performance for VoIP. This makes it the correct choice.

Question 86

A network administrator wants to prevent unauthorized devices from connecting to switch ports while still allowing legitimate endpoint changes without constant manual configuration. Which solution should be implemented?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Implementing port security with sticky MAC addresses allows the switch to dynamically learn and retain MAC addresses of devices connected to a port. Once learned, these addresses are stored in the running configuration or MAC address table, and only authorized devices can communicate through that port. If an unauthorized device attempts to connect, the port can be configured to either block the traffic, send an alert, or shut down temporarily. Sticky MAC addresses provide flexibility for legitimate endpoint changes, such as moving devices to different ports or replacing hardware, without requiring manual reconfiguration every time. This strikes a balance between network security and operational efficiency. By limiting port access to known devices, it prevents rogue devices from gaining unauthorized access to sensitive network resources, protects against network attacks, and maintains operational continuity. Sticky MAC enforcement is particularly valuable in enterprise networks where frequent device changes occur but strict access control is required. It also integrates with other security policies and can complement features like DHCP snooping, creating a multi-layered approach to port-level security.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches, which is useful for traffic segmentation and reducing cabling complexity. However, VLAN trunking does not enforce port-level access control or prevent unauthorized devices from connecting. Trunking manages logical traffic separation and carries multiple VLANs over a single link but does not verify the identity of devices connecting to individual ports. Using VLAN trunking alone would not mitigate the risk of rogue devices gaining access to sensitive network areas or prevent network breaches, making it insufficient for this requirement.

C) Spanning Tree Protocol prevents layer-two loops in networks with redundant paths by selectively blocking and forwarding certain links. While STP is essential for network stability, it does not provide access control for individual devices connecting to a switch port. STP operates at the network topology level, ensuring a loop-free topology, but it does not restrict unauthorized access or monitor MAC addresses on ports. Relying on STP alone would leave the network vulnerable to rogue devices connecting to ports, which is not suitable when endpoint security is a priority.

D) DHCP snooping validates DHCP messages and blocks rogue servers from assigning IP addresses. While this enhances network security at the IP assignment level, it does not prevent unauthorized devices from physically connecting to switch ports. DHCP snooping ensures clients receive IP addresses only from trusted servers, but it does not enforce per-port access control or dynamically authorize legitimate endpoint changes. Therefore, DHCP snooping alone cannot satisfy the requirement for port-level device authentication.

Port security with sticky MAC addresses combines access control with operational flexibility, dynamically learning legitimate devices while blocking unauthorized ones. This ensures that the network remains secure without imposing heavy administrative overhead, making it the correct choice.

Question 87

A network engineer needs to segment a large network into smaller broadcast domains while maintaining efficient management and reducing unnecessary traffic. Which technology should be deployed?

A) VLANs
B) LACP
C) NAT
D) DHCP snooping

Answer: A) VLANs

Explanation:

A) VLANs, or Virtual LANs, allow a network administrator to segment a single physical network into multiple logical networks, each representing a distinct broadcast domain. This segmentation reduces unnecessary broadcast traffic, isolates sensitive groups of devices, and improves overall network performance. For example, departments such as finance, marketing, and engineering can each reside in their own VLAN, preventing their broadcast traffic from affecting other areas of the network. VLANs also enhance security by controlling which devices can communicate directly and provide the flexibility to implement access control policies, quality of service, and traffic monitoring per VLAN. From a management perspective, VLANs simplify network administration by allowing logical reorganization of devices without physically rewiring switches. This makes them highly scalable and adaptable to organizational changes. VLAN configuration can be combined with routing policies to enable controlled communication between different segments, further enhancing security and traffic efficiency. VLANs operate at the data-link layer, isolating broadcast domains while allowing a unified management infrastructure to oversee multiple logical networks, which is why they are the preferred solution for segmenting a large network.

B) LACP, or Link Aggregation Control Protocol, combines multiple physical links between devices into a single logical link to increase bandwidth and provide redundancy. While LACP is useful for optimizing link utilization and ensuring fault tolerance, it does not provide broadcast domain segmentation or traffic isolation. LACP is concerned with aggregating links for performance purposes, not with managing or controlling broadcast traffic between groups of devices. Relying on LACP alone would not address the requirement to reduce unnecessary traffic or segment the network logically.

C) NAT, or Network Address Translation, translates private IP addresses to public addresses for communication with external networks. While NAT helps conserve IP addresses and allows devices to communicate externally, it does not segment a network into logical broadcast domains or reduce broadcast traffic within the internal network. NAT operates primarily at layer three and focuses on IP mapping rather than traffic isolation, making it unsuitable for the purpose of broadcast domain management.

D) DHCP snooping secures address assignment by ensuring that clients only receive IP addresses from trusted DHCP servers. Although DHCP snooping enhances security, it does not create logical broadcast domains, reduce broadcast traffic, or isolate groups of devices. DHCP snooping is focused on validating IP configuration rather than segmenting networks, so it does not meet the requirement of efficient management and broadcast reduction.

VLANs provide the precise mechanism needed to segment networks, reduce broadcast traffic, and maintain efficient management of devices, making them the correct choice.

Question 88

 A technician wants to measure packet loss, latency, and jitter between two endpoints to troubleshoot VoIP call quality issues. Which tool should be used?

A) iPerf
B) Netstat
C) ARP
D) Traceroute

Answer: A) iPerf

Explanation:

A) iPerf is a network performance measurement tool capable of generating controlled traffic between two endpoints to quantify metrics such as throughput, packet loss, latency, and jitter. For VoIP troubleshooting, these metrics are critical, as voice communication quality is highly sensitive to delay and variation in packet delivery. iPerf allows testing with both TCP and UDP protocols, enabling administrators to simulate real-time traffic patterns and measure how the network handles them. By running one instance of iPerf as a server and another as a client, engineers can generate streams of packets to evaluate performance under different network loads. This testing identifies bottlenecks, packet drops, and variations in latency that impact call quality. iPerf also provides configurable parameters, such as window size, number of parallel streams, and test duration, to emulate real-world conditions. Its results help network administrators plan upgrades, optimize routing, and configure quality-of-service policies specifically for VoIP applications. By providing precise and quantitative metrics, iPerf enables proactive troubleshooting, allowing network engineers to correct underlying issues before end users experience degraded call quality.

B) Netstat displays active connections, listening ports, and routing information on a host. While useful for monitoring network sessions, it does not measure packet loss, latency, or jitter between endpoints. Netstat provides insight into connection states but cannot simulate traffic or assess performance for VoIP, so it does not fulfill the requirement of performance testing for real-time applications.

C) ARP resolves IP addresses to MAC addresses on the local network segment. While essential for connectivity, ARP operates only at the link layer and provides no information on packet loss, latency, or jitter. It cannot generate test traffic or evaluate network performance, making it unsuitable for VoIP troubleshooting.

D) Traceroute shows the path packets take to a destination and provides per-hop latency. While it is useful for identifying routing issues or locating points of high latency, it does not provide sustained throughput, jitter measurement, or packet loss data under load. Traceroute is a diagnostic tool for path analysis rather than performance assessment, so it does not meet the requirements for VoIP quality troubleshooting.

iPerf is uniquely capable of generating traffic and providing quantitative metrics for packet loss, latency, and jitter, directly addressing VoIP troubleshooting needs. This makes it the correct choice.

Question 89

A network engineer wants to isolate multicast traffic so that it is only delivered to devices that have requested it. Which feature should be enabled?

A) IGMP snooping
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) IGMP snooping

Explanation:

A) IGMP snooping monitors Internet Group Management Protocol messages sent between hosts and multicast routers. By tracking which ports have devices requesting membership in specific multicast groups, switches can forward multicast traffic only to those ports. This prevents unnecessary flooding of multicast traffic to ports where it is not needed, optimizing bandwidth usage and reducing network congestion. IGMP snooping is critical in environments where video streaming, IPTV, or other multicast-dependent applications are deployed. Without it, multicast traffic is broadcast to all ports within a VLAN, wasting bandwidth and potentially degrading network performance. By enabling IGMP snooping, administrators ensure that only interested devices receive the multicast traffic while maintaining normal unicast and broadcast behavior for other traffic types.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While trunking is essential for transporting traffic between switches, it does not selectively forward multicast traffic to only interested devices. Trunking provides logical transport, not multicast optimization, so it does not meet the requirement for efficient multicast delivery.

C) STP prevents layer-two loops and ensures network stability but does not manage multicast traffic distribution. STP controls which links are active or blocked to maintain a loop-free topology but cannot forward multicast selectively to requesting ports. STP’s function is topology control, not traffic optimization.

D) DHCP snooping validates DHCP messages and blocks rogue servers from assigning IP addresses. While important for network security, DHCP snooping does not manage multicast traffic. It addresses layer-three IP assignment rather than forwarding multicast streams selectively.

IGMP snooping is specifically designed to forward multicast traffic efficiently only to devices that request it, optimizing bandwidth usage and improving network performance. This makes it the correct choice.

Question 90

 A network administrator wants to aggregate multiple physical links between two switches to increase bandwidth and provide redundancy. Which protocol should be used?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP allows multiple physical interfaces between switches to be combined into a single logical link. This aggregation increases overall bandwidth by distributing traffic across all member interfaces while providing redundancy—if one link fails, the others continue to carry traffic, ensuring uninterrupted connectivity. LACP negotiates link aggregation dynamically between devices, ensuring that all links in the aggregation are compatible and correctly configured. It supports load balancing, which spreads traffic based on MAC address, IP address, or session criteria, optimizing network performance. LACP also helps prevent misconfiguration by verifying the state of each link before adding it to the aggregation. This protocol is widely used in enterprise and data center environments where high availability, fault tolerance, and increased throughput are required for critical applications and inter-switch connectivity.

B) VLANs provide logical segmentation of traffic to reduce broadcast domains and enhance security but do not combine physical links for increased bandwidth. VLANs isolate traffic but do not offer redundancy or aggregate links, making them unsuitable for this purpose.

C) STP prevents layer-two loops and maintains network stability in redundant topologies but does not increase bandwidth or aggregate multiple links. STP selectively blocks redundant paths rather than using them simultaneously, which is opposite of the goal of link aggregation.

D) Port security restricts access to known devices based on MAC addresses, preventing unauthorized connections, but it does not aggregate links or increase throughput. Port security is focused on access control, not performance optimization.

LACP is the only solution that increases bandwidth, provides redundancy, and ensures fault tolerance by combining multiple physical links into a single logical connection, making it the correct choice.

Question 91

A network engineer wants to prevent devices on a network from obtaining IP addresses from unauthorized DHCP servers. Which feature should be enabled?

A) DHCP snooping
B) Port security
C) STP
D) VLAN trunking

Answer: A) DHCP snooping

Explanation:

A) DHCP snooping is a security feature implemented on switches that monitors DHCP messages and allows only responses from trusted DHCP servers. When enabled, the switch builds a DHCP binding table that maps client MAC addresses, assigned IP addresses, and the ports they are connected to. If an unauthorized device attempts to operate as a DHCP server, its messages are blocked, preventing rogue devices from distributing invalid IP addresses that could lead to network attacks such as man-in-the-middle exploits or denial-of-service conditions. This ensures clients receive valid IP configurations, including default gateway, subnet mask, and DNS information, maintaining network integrity and reliability. DHCP snooping also works in conjunction with other security mechanisms such as IP source guard and dynamic ARP inspection to create layered protection against unauthorized IP usage. In environments with sensitive data or large-scale networks, enabling DHCP snooping ensures network stability, prevents malicious configuration attacks, and maintains controlled distribution of IP addresses.

B) Port security limits access to switch ports based on MAC addresses. While this prevents unauthorized devices from connecting to a physical port, it does not validate which DHCP server is providing IP addresses. Port security protects physical access, but it does not protect the network from rogue DHCP servers distributing incorrect IP configurations. Therefore, while useful for access control, it does not meet the requirement for securing DHCP assignments.

C) STP (Spanning Tree Protocol) prevents layer-two loops in redundant switch topologies. STP ensures that broadcast storms are avoided and the network remains stable, but it does not interact with DHCP traffic or enforce rules regarding IP address assignment. While STP is critical for network reliability, it does not prevent clients from receiving addresses from unauthorized DHCP servers, making it unsuitable for this specific security need.

D) VLAN trunking allows multiple VLANs to be transported over a single link between switches. Trunking provides logical separation and traffic segmentation, but it does not enforce DHCP security or validate DHCP server legitimacy. VLANs can contain rogue servers within a broadcast domain, but trunking alone does not prevent unauthorized DHCP messages from reaching clients.

Enabling DHCP snooping specifically addresses the problem of unauthorized DHCP servers by validating messages, building bindings, and enforcing trusted server policies. It protects the integrity of IP assignments while providing a foundation for additional security measures, making it the correct choice.

Question 92

A technician is troubleshooting slow wireless performance in a high-density office environment. What is the most effective solution to improve throughput?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Enable Telnet on the AP
D) Reduce MTU size

Answer: A) Move clients to the 5 GHz band

Explanation:

A) Moving clients to the 5 GHz band improves wireless performance because it provides more non-overlapping channels and is less susceptible to interference compared to the 2.4 GHz band. The 2.4 GHz spectrum is crowded with devices like cordless phones, microwaves, and other Wi-Fi networks, causing co-channel interference and congestion, which results in slow connections. The 5 GHz band supports higher data rates and allows better throughput for bandwidth-intensive applications such as video conferencing and large file transfers. Although the range of 5 GHz signals is shorter due to higher frequency attenuation, careful access point placement can mitigate coverage issues. By migrating clients to this band, network congestion is reduced, interference is minimized, and users experience higher reliability and better overall network performance. This approach is widely adopted in enterprise and high-density environments where performance and stability are critical.

B) Increasing DHCP lease time affects the duration an IP address is assigned to a client but has no impact on wireless signal quality, interference, or congestion. DHCP settings influence network management but do not address performance issues caused by RF interference or channel saturation, making this solution ineffective for throughput problems.

C) Enabling Telnet on the access point provides administrative remote access for configuration but does not impact the performance of wireless clients. Management protocols do not improve RF conditions, throughput, or reduce interference, so enabling Telnet does not solve the underlying problem of slow connectivity.

D) Reducing MTU size changes the maximum packet size allowed on the network, which can reduce fragmentation in some scenarios. However, MTU adjustments do not resolve RF interference, congestion, or channel overlap issues in a wireless environment. While MTU tuning can optimize certain network layers, it does not address the primary cause of slow wireless performance in high-density areas.

Using the 5 GHz spectrum is the most direct and effective solution for reducing interference and improving wireless throughput. It provides a less congested environment, higher speeds, and better reliability, making it the correct choice.

Question 93

A network engineer wants to combine multiple physical links between two switches to increase bandwidth while providing redundancy. Which protocol should be used?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP allows multiple physical interfaces between network devices to be logically combined into a single aggregated link. This provides increased bandwidth because traffic can be distributed across all member interfaces, enhancing throughput for high-demand connections. Additionally, LACP provides redundancy—if one physical link fails, the remaining links continue to carry traffic, maintaining connectivity and minimizing disruption. LACP dynamically negotiates link aggregation between devices to ensure that only compatible links are combined and prevents misconfiguration. It also supports load-balancing algorithms that optimize traffic distribution based on MAC addresses, IP addresses, or session data, improving overall network efficiency. LACP is commonly deployed in enterprise and data center networks where high availability, fault tolerance, and optimal performance are critical for applications like servers, storage networks, and backbone connectivity.

B) VLANs segment network traffic into separate broadcast domains for isolation and security. While VLANs reduce unnecessary broadcast traffic, they do not aggregate links or increase bandwidth. VLANs operate at the logical layer and manage traffic separation, not physical interface redundancy or combined throughput, so they do not meet the requirement for increased bandwidth and redundancy.

C) STP prevents loops in layer-two networks by selectively blocking redundant links. While essential for maintaining network stability, STP does not combine links for higher throughput. In fact, STP intentionally blocks redundant paths to prevent broadcast storms, which is the opposite of the goal of link aggregation.

D) Port security limits access to known devices based on MAC addresses, preventing unauthorized devices from connecting. While important for security, port security does not increase bandwidth, provide redundancy, or aggregate multiple physical links, so it does not fulfill the requirement for improving throughput and reliability.

LACP provides both increased bandwidth and link-level redundancy, while ensuring proper negotiation and load balancing, making it the correct choice.

Question 94

A network engineer wants to capture traffic from specific switch ports to analyze performance and troubleshoot issues without interrupting normal network operations. Which feature should be used?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

A) SPAN, or Switched Port Analyzer, allows a switch to duplicate traffic from selected source ports or VLANs and send it to a designated monitoring port. This enables network engineers to capture and analyze traffic using tools like Wireshark without affecting the normal operation of the network. SPAN is ideal for performance analysis, troubleshooting connectivity issues, monitoring application behavior, and detecting anomalies such as network attacks or misconfigurations. By passively replicating traffic rather than interrupting it, SPAN provides real-time visibility while maintaining operational continuity. This is particularly useful in enterprise networks where uptime is critical and diagnostic access must not disrupt production traffic. SPAN can also be configured for multiple source ports or VLANs, making it highly flexible for targeted analysis and long-term monitoring.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While essential for transporting traffic between devices, trunking does not replicate traffic for monitoring. Trunking focuses on efficient traffic transport across VLANs, not capturing or analyzing network data.

C) STP prevents layer-two loops in redundant topologies by selectively blocking certain ports. While crucial for maintaining network stability, STP does not allow traffic capture or analysis. It ensures loop-free operation but provides no visibility into packet contents or network performance.

D) DHCP snooping secures IP assignment by validating messages from trusted DHCP servers and preventing rogue servers from assigning addresses. While this enhances network security, it does not provide general traffic monitoring or replication for analysis. DHCP snooping only affects DHCP traffic, not all network communications.

SPAN/mirror ports provide passive monitoring for troubleshooting and analysis without interrupting normal network operations, making it the correct choice.

Question 95

A network administrator wants to segment a network into separate broadcast domains for security and performance. Which technology should be implemented?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation

A) VLANs allow logical segmentation of a single physical network into multiple broadcast domains. Each VLAN represents an isolated layer-two network where broadcast traffic is contained within the domain, reducing unnecessary network congestion. VLANs enhance security by restricting communication between devices in different VLANs unless explicitly allowed through routing or access control policies. This isolation prevents unauthorized access between departments, sensitive systems, or user groups. VLANs also improve performance by limiting the propagation of broadcast traffic, which is particularly important in large networks with high device density. From a management perspective, VLANs are highly flexible, allowing network administrators to move devices or reassign them to different VLANs without physically rewiring the network. They operate at the data-link layer and can be combined with layer-three routing for controlled inter-VLAN communication. VLANs are widely used in enterprise, campus, and data center networks to achieve scalable, secure, and high-performance designs.

B) LACP aggregates multiple physical links to increase bandwidth and provide redundancy. While important for link-level performance and reliability, LACP does not segment broadcast domains or isolate traffic between groups of devices. It focuses on throughput rather than logical network separation.

C) STP prevents loops in layer-two networks with redundant paths. While critical for network stability, STP does not create separate broadcast domains or control inter-device communication. It only manages which paths are active to prevent loops and broadcast storms.

D) Port security restricts access to known devices by limiting which MAC addresses can connect to a port. While enhancing endpoint security, port security does not segment the network or reduce broadcast domains. It controls device access rather than logical traffic separation.

VLANs are the technology specifically designed to segment networks into isolated broadcast domains, improving both security and performance, making them the correct choice.

Question 96

A network engineer wants to prevent rogue devices from connecting to the corporate network while still allowing authorized endpoint changes without manual reconfiguration. Which solution is most appropriate?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Port security with sticky MAC addresses dynamically learns the MAC addresses of devices connected to a switch port and stores them in the running configuration or MAC address table. This ensures that only authorized devices can transmit traffic on the port. If an unauthorized device attempts to connect, the switch can take predefined actions such as shutting down the port, generating an alert, or blocking traffic from the unknown device. Sticky MAC addresses are particularly useful in environments where endpoints may move between ports, as the switch can automatically learn new devices without requiring manual configuration for each change. This approach combines security with operational flexibility, providing protection against rogue devices while accommodating legitimate device movement. It also integrates well with features such as DHCP snooping and dynamic ARP inspection, forming a comprehensive security strategy for endpoint management. By limiting access to known devices, it reduces the risk of network breaches, protects sensitive resources, and maintains compliance with organizational policies. Sticky MAC enforcement ensures that the network can dynamically adapt to authorized changes while maintaining strict security measures, making it an ideal solution for controlling access in enterprise networks.

B) VLAN trunking allows multiple VLANs to traverse a single physical link between switches. While trunking is essential for transporting traffic between segmented networks, it does not provide port-level access control or prevent rogue devices from connecting. VLAN trunking is concerned with logical separation and traffic transport, not authenticating individual devices or controlling unauthorized access. Using trunking alone would not address the need for endpoint security or dynamic device validation.

C) STP (Spanning Tree Protocol) prevents loops in layer-two networks by selectively blocking redundant paths to maintain a loop-free topology. STP ensures network stability but does not manage device-level access. It does not authenticate connected devices, restrict unauthorized access, or track MAC addresses on a port. While essential for maintaining redundancy without causing broadcast storms, STP does not provide protection against rogue devices.

D) DHCP snooping validates DHCP messages and prevents rogue servers from distributing IP addresses. While this helps secure the assignment of IP configurations, it does not enforce device-level access control on a switch port. DHCP snooping ensures only trusted DHCP servers assign addresses, but it does not prevent unauthorized devices from connecting to a network port or transmitting traffic, so it cannot fully meet the requirement for endpoint access control.

Port security with sticky MAC addresses provides dynamic device validation, prevents unauthorized connections, and supports legitimate endpoint movement without heavy administrative overhead. This makes it the correct choice.

Question 97

A technician needs to measure maximum throughput, packet loss, and jitter between two endpoints to troubleshoot VoIP issues. Which tool should be used?

A) iPerf
B) Netstat
C) ARP
D) Traceroute

Answer: A) iPerf

Explanation:

A) iPerf is a network performance testing tool that generates controlled traffic between two endpoints to measure critical metrics such as throughput, packet loss, latency, and jitter. These metrics are particularly important for real-time applications like VoIP, which require low latency, minimal packet loss, and consistent delivery to maintain call quality. iPerf allows testing with both TCP and UDP protocols, enabling administrators to simulate realistic traffic scenarios. By running one instance as a server and another as a client, engineers can generate streams of traffic and evaluate the network’s performance under load. iPerf also provides configurable parameters such as window size, number of parallel streams, and test duration, offering flexibility to mimic the demands of VoIP or other latency-sensitive applications. Results from iPerf testing help identify bottlenecks, optimize routing, configure quality-of-service policies, and validate network upgrades. Its precision and repeatability make it indispensable for diagnosing issues that affect voice quality, such as jitter and packet loss, and for ensuring that the network meets the performance requirements of critical applications.

B) Netstat displays information about active connections, listening ports, and routing tables on a host. While useful for monitoring session-level activity, it does not generate traffic, measure packet loss, or assess latency and jitter between endpoints. Netstat provides a snapshot of connection status but cannot simulate load or provide quantitative performance metrics required for VoIP troubleshooting, making it insufficient for this purpose.

C) ARP resolves IP addresses to MAC addresses on the local network segment. It operates at the link layer and is used for device identification and communication, but it cannot measure throughput, jitter, or packet loss. ARP does not generate test traffic or provide performance analysis, so it is unsuitable for evaluating VoIP quality.

D) Traceroute identifies the path packets take from one device to another and measures per-hop latency. While it can help locate network delays or routing issues, it does not measure sustained throughput, jitter, or packet loss under real traffic conditions. Traceroute is primarily a diagnostic tool for path analysis, not a performance-testing tool, so it cannot provide the detailed metrics required for VoIP troubleshooting.

iPerf is the only tool that provides comprehensive and accurate performance metrics between endpoints, allowing network engineers to analyze and troubleshoot VoIP call quality effectively, making it the correct choice.

Question 98

 A network administrator wants to isolate multicast traffic so that only devices that request it receive the data. Which feature should be used?

A) IGMP snooping
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) IGMP snooping

Explanation:

A) IGMP snooping monitors Internet Group Management Protocol (IGMP) messages exchanged between hosts and multicast routers. It allows switches to forward multicast traffic only to the ports where devices have requested to receive that traffic, preventing unnecessary flooding to ports where it is not needed. This optimization reduces bandwidth consumption, improves network efficiency, and prevents congestion caused by unwanted multicast streams. In environments with video streaming, IPTV, or other multicast-dependent applications, enabling IGMP snooping ensures that multicast traffic is delivered efficiently only to intended recipients. Without IGMP snooping, multicast frames are broadcast to all ports within the VLAN, wasting network resources and potentially degrading performance. By listening to IGMP join and leave messages, the switch dynamically adjusts forwarding tables, maintaining efficient traffic distribution. IGMP snooping also integrates with other network security and performance features, providing administrators with control over multicast delivery while maintaining proper network operation.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While trunking is necessary for transporting segmented traffic, it does not selectively forward multicast traffic based on group membership. Trunking only carries VLAN traffic between switches and does not optimize multicast delivery or prevent flooding to uninterested ports, so it does not address the requirement.

C) STP prevents loops in layer-two networks by selectively blocking redundant paths to maintain a loop-free topology. While critical for network stability, STP does not manage multicast traffic or control which devices receive multicast frames. STP focuses on topology rather than selective forwarding, making it unsuitable for multicast optimization.

D) DHCP snooping validates DHCP messages and blocks rogue servers from assigning addresses. While important for IP address security, DHCP snooping does not interact with multicast traffic. It provides layer-three security for IP assignment but does not prevent unnecessary multicast flooding or optimize delivery to group members.

IGMP snooping is specifically designed to forward multicast traffic only to requesting devices, reducing unnecessary network load and improving efficiency. This makes it the correct choice.

Question 99

A network engineer wants to segment a large network into smaller broadcast domains for security and performance. Which technology should be implemented?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation

A) VLANs, or Virtual Local Area Networks, allow logical segmentation of a physical network into multiple broadcast domains. Each VLAN isolates broadcast traffic within its domain, reducing unnecessary traffic and improving network performance. VLANs also enhance security by restricting communication between devices in separate VLANs unless routed through a layer-three device or controlled by access policies. For example, finance, marketing, and engineering departments can each have their own VLAN, preventing unauthorized access and limiting the propagation of broadcast traffic. VLANs provide scalability and flexibility, as devices can be reassigned to different VLANs without rewiring the network. Administrators can implement quality-of-service policies, traffic monitoring, and inter-VLAN routing as needed. VLANs operate at the data-link layer, maintaining isolated broadcast domains while allowing centralized management. They are widely used in enterprise networks to achieve high performance, enhanced security, and efficient resource allocation.

B) LACP aggregates multiple physical links between switches to increase bandwidth and provide redundancy. While beneficial for throughput and fault tolerance, LACP does not segment broadcast domains or isolate traffic between groups of devices. LACP focuses on physical link optimization rather than logical network separation.

C) STP prevents loops in layer-two networks by selectively blocking redundant paths. While crucial for stability, STP does not create broadcast domains or control which devices can communicate. It ensures loop-free operation but does not improve performance through segmentation.

D) Port security restricts access based on MAC addresses, preventing unauthorized devices from connecting. While important for security, it does not segment networks or reduce broadcast domains. Port security enforces access control rather than traffic isolation.

VLANs are the only solution that logically separates broadcast domains, enhances security, and improves performance, making them the correct choice.

Question 100

A technician needs to provide secure remote access for employees working from home to the corporate network. Which solution is most appropriate?

A) Remote VPN
B) Public Wi-Fi
C) Static routing
D) NAT

Answer: A) Remote VPN

Explanation:

A) A remote VPN provides encrypted communication between the employee’s device and the corporate network over an untrusted network, such as the internet. This ensures confidentiality, integrity, and authentication of traffic, allowing employees to access internal resources like file servers, email, and intranet applications securely. VPNs use tunneling protocols to encapsulate and encrypt traffic, protecting it from interception or tampering. Remote VPN solutions often include features such as certificate-based authentication, multi-factor authentication, and endpoint checks to ensure only authorized users and devices can connect. VPNs are scalable, allowing multiple simultaneous connections, and can be managed centrally to enforce security policies. This approach mitigates risks associated with untrusted networks while maintaining productivity for remote employees.

B) Public Wi-Fi provides internet access but is untrusted and insecure. Data transmitted over public networks can be intercepted or modified, and there is no authentication mechanism to prevent unauthorized access to corporate resources. Using public Wi-Fi without a secure VPN exposes sensitive data and internal systems to high risk.

C) Static routing defines explicit paths between network devices but does not provide secure remote connectivity. Static routing is used for internal traffic management and does not encrypt data or authenticate remote users, making it unsuitable for secure access over the internet.

D) NAT translates private IP addresses to public addresses to allow communication with external networks. While NAT facilitates external connectivity, it does not encrypt traffic, authenticate users, or secure remote access. NAT alone cannot protect remote communications from interception or unauthorized access.

Remote VPN is the only solution that provides secure, encrypted, and authenticated remote access, ensuring safe connectivity for employees working from home. This makes it the correct choice.