CompTIA  N10-009  Network+  Exam Dumps and Practice Test Questions Set 8 Q141-160

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 141

A network administrator wants to prevent unauthorized access to a switch port while allowing devices to move between ports without manual reconfiguration. Which feature should be implemented?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Port security with sticky MAC addresses dynamically learns the MAC addresses of devices connected to a switch port and stores them in the running configuration. This allows authorized devices to move between ports without requiring manual reconfiguration, while unauthorized devices attempting to connect can be blocked, shut down, or trigger an alert. Sticky MAC addresses provide strong endpoint-level security by ensuring that only known devices can access the network, while reducing administrative overhead in dynamic environments where users frequently relocate devices. By combining device authentication with automatic learning, sticky MAC addresses simplify management and enhance security simultaneously. This feature can also integrate with DHCP snooping and Dynamic ARP Inspection to provide layered security, ensuring that both device-level access and IP allocation are controlled. It is particularly effective in environments such as offices, classrooms, and labs where multiple users frequently move between ports.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While it is essential for traffic segmentation and efficient VLAN transport, it does not authenticate devices or prevent unauthorized access. Trunking focuses on traffic transport, not endpoint security or device verification.

C) STP prevents Layer 2 loops in networks with redundant paths by selectively blocking some links. While critical for network stability, STP does not restrict access to devices or authenticate endpoints. Its functionality is limited to topology management, not port-level security.

D) DHCP snooping validates DHCP messages to prevent rogue IP assignments from unauthorized DHCP servers. While it protects IP allocation, it does not control which devices can connect to a port, so it cannot prevent unauthorized devices from physically accessing the network.

Port security with sticky MAC addresses provides dynamic device validation, allows legitimate device mobility, and blocks unauthorized access, making it the correct choice.

Question 142

 A network administrator wants to forward multicast traffic only to devices that have requested it to conserve bandwidth. Which feature should be enabled?

A) IGMP snooping
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) IGMP snooping

Explanation

A) IGMP snooping listens to IGMP messages exchanged between hosts and multicast routers to determine which devices have joined specific multicast groups. By monitoring join and leave messages, switches can forward multicast traffic only to ports with devices that explicitly requested it. This prevents multicast flooding to all ports in a VLAN, reducing unnecessary bandwidth usage and preventing congestion. IGMP snooping is especially important in networks with IPTV, video conferencing, or other multicast-dependent applications. It maintains a dynamic forwarding table to ensure efficient multicast delivery while minimizing impact on non-interested devices. By forwarding multicast traffic only where it is needed, IGMP snooping improves performance, reduces packet loss, and ensures latency-sensitive applications maintain quality of service. Additionally, IGMP snooping enhances scalability by allowing multicast traffic to coexist efficiently with unicast and broadcast traffic, supporting large enterprise networks.

B) VLAN trunking allows multiple VLANs to share a single link between switches. While essential for VLAN transport, it does not monitor multicast group membership or forward traffic selectively. Trunking focuses on transmitting multiple VLANs rather than controlling multicast delivery.

C) STP prevents Layer 2 loops by blocking redundant paths. While critical for topology stability, it does not manage multicast group memberships or selectively forward traffic. STP does not optimize network bandwidth usage for multicast applications.

D) DHCP snooping prevents rogue DHCP servers from assigning IP addresses. While important for network security, DHCP snooping does not forward multicast traffic or prevent flooding. Its functionality is limited to DHCP messages and cannot optimize multicast delivery.

IGMP snooping ensures multicast traffic is delivered only to requesting devices, conserving bandwidth and improving performance, making it the correct choice.

Question 143

 A network engineer wants to combine multiple physical links between two switches to increase bandwidth and provide redundancy. Which protocol should be used?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP allows multiple physical links to be combined into a single logical link between switches, increasing bandwidth and providing redundancy. Traffic is distributed across all member links using load-balancing algorithms based on MAC addresses, IP addresses, or sessions, enhancing throughput for high-demand applications such as server uplinks and backbone connections. LACP dynamically negotiates compatible links, ensuring all aggregated links function correctly and preventing misconfigurations. If one physical link fails, remaining links continue to carry traffic, providing fault tolerance. This protocol is widely used in enterprise and data center networks to maximize throughput and maintain continuous operation without introducing single points of failure. By aggregating multiple links, LACP provides scalability, redundancy, and optimized link utilization for high-performance network environments.

B) VLANs segment networks into multiple logical broadcast domains to improve security and reduce congestion. While VLANs improve performance and isolation, they do not combine physical links or provide redundancy.

C) STP prevents Layer 2 loops by blocking redundant paths. While critical for topology stability, STP does not increase bandwidth or aggregate links. In some cases, STP may even block aggregated links if they are not configured properly.

D) Port security restricts access to switch ports based on MAC addresses. While enhancing security, port security does not combine multiple physical links or provide redundancy. It controls access rather than optimizing link performance.

LACP is the only protocol that provides both increased bandwidth and redundancy while dynamically managing aggregated links, making it the correct choice.

Question 144

A technician wants to measure network throughput, jitter, and packet loss between two endpoints to troubleshoot VoIP quality. Which tool should be used?

A) iPerf
B) Netstat
C) ARP
D) Traceroute

Answer: A) iPerf

Explanation:
A) iPerf is a network performance testing tool used to measure throughput, jitter, latency, and packet loss between two endpoints. These metrics are essential for troubleshooting VoIP and other real-time applications requiring low latency and minimal packet loss. iPerf generates traffic streams over TCP or UDP to simulate real network conditions and provides configurable parameters, such as test duration, parallel streams, and window size. By using a client-server setup, administrators can measure performance under controlled conditions, identify bottlenecks, validate QoS policies, and determine if the network can support latency-sensitive applications. iPerf allows repeatable, precise measurements, making it an industry-standard tool for performance assessment. It helps detect congestion points, optimize routing, and proactively address issues that could impact VoIP quality.

B) Netstat shows active connections, listening ports, and routing tables. While useful for monitoring host-level sessions, it does not generate traffic or provide detailed metrics like jitter, throughput, or packet loss, making it unsuitable for VoIP troubleshooting.

C) ARP resolves IP addresses to MAC addresses on a local network. While essential for Layer 2 communication, ARP does not measure performance metrics or simulate network conditions, so it cannot evaluate VoIP quality.

D) Traceroute identifies the path packets take between endpoints and measures per-hop latency. While useful for detecting routing issues, it does not measure sustained throughput, jitter, or packet loss under load conditions, which are crucial for VoIP troubleshooting.

iPerf provides accurate, measurable throughput, jitter, and packet loss data, making it the correct choice.

Question 145

 A network administrator wants to segment a network into smaller broadcast domains to reduce congestion and enhance security. Which technology should be used?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation:

A) VLANs divide a physical network into multiple logical broadcast domains. By isolating traffic within each VLAN, broadcast storms are confined to a single domain, reducing congestion and improving network performance. VLANs also enhance security by limiting communication to devices within the same VLAN unless routing is explicitly configured between VLANs. This allows administrators to group users by department, function, or security level without requiring additional physical infrastructure. VLANs support traffic management, policy enforcement, and QoS, making them highly scalable in enterprise networks. Properly configured VLANs facilitate troubleshooting and optimize bandwidth usage by ensuring that broadcast traffic does not impact unrelated devices. Enterprise networks benefit from improved efficiency, enhanced security, and simplified network administration through VLAN segmentation.

B) LACP aggregates multiple physical links to increase bandwidth and provide redundancy. While useful for throughput and fault tolerance, it does not isolate broadcast traffic or create separate broadcast domains.

C) STP prevents Layer 2 loops in networks with redundant paths. While critical for network stability, STP does not segment broadcast domains or reduce congestion. Its focus is maintaining loop-free topology, not performance improvement.

D) Port security restricts access to switch ports based on MAC addresses. While it prevents unauthorized devices from connecting, it does not reduce broadcast traffic or segment the network. Its purpose is endpoint security, not traffic management.

VLANs provide broadcast isolation, improve performance, and enhance security, making them the correct choice.

Question 146

 A network administrator wants to monitor the status and performance of network devices and interfaces across the network. Which protocol should be implemented?

A) SNMP
B) Netstat
C) ARP
D) Traceroute

Answer: A) SNMP

Explanation:

A) SNMP (Simple Network Management Protocol) is a widely used protocol for monitoring and managing network devices. It allows network administrators to collect statistics on bandwidth utilization, interface status, errors, CPU load, and memory usage from switches, routers, servers, and other devices. SNMP works by polling devices at regular intervals or receiving asynchronous notifications (traps) when specific events occur. SNMPv1 and v2 provide basic monitoring capabilities, while SNMPv3 adds authentication and encryption for secure monitoring. By integrating SNMP with a Network Management System (NMS), administrators can visualize network performance, generate reports, and receive alerts for abnormal conditions. SNMP supports scalability for large enterprise networks and enables proactive detection of congestion, failures, or misconfigurations. With SNMP, administrators can analyze traffic patterns, plan capacity, optimize network resources, and ensure service-level agreements are maintained. It provides a holistic view of the network, helping engineers maintain reliability, performance, and security.

B) Netstat shows active network connections, listening ports, and routing tables on a single host. While useful for troubleshooting connectivity or identifying active sessions, it does not provide comprehensive metrics on network-wide performance, device status, or interface utilization, limiting its effectiveness for enterprise monitoring.

C) ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses in a local network. While critical for Layer 2 communication, it does not provide performance metrics, device health information, or traffic statistics and is insufficient for network-wide monitoring.

D) Traceroute identifies the path packets take from a source to a destination and measures per-hop latency. While useful for diagnosing routing issues, it does not provide detailed interface statistics, bandwidth usage, or device performance data, and cannot proactively alert administrators to issues.

SNMP is the only protocol designed for scalable, proactive monitoring of network devices and performance, making it the correct choice.

Question 147

A network engineer wants to prevent broadcast storms and Layer 2 loops in a network with redundant paths. Which protocol should be implemented?

A) Spanning Tree Protocol (STP)
B) VLAN trunking
C) LACP
D) Port security

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) STP is designed to prevent Layer 2 loops by blocking redundant links in networks with multiple paths. Broadcast frames, if unchecked, can circulate endlessly, causing network congestion and downtime. STP dynamically calculates a loop-free topology, placing some links into a blocking state while keeping others forwarding. If a primary link fails, STP recalculates the topology to unblock redundant links, ensuring continuity without introducing loops. STP operates at the data-link layer and supports extensions like Rapid STP (RSTP) for faster convergence and Per VLAN STP (PVST) for VLAN-specific loop management. By preventing broadcast storms and ensuring a stable Layer 2 topology, STP enhances network reliability and protects against downtime caused by misconfigured redundant links. It is critical for enterprise networks where uptime and stability are essential.

B) VLAN trunking allows multiple VLANs to traverse a single link. While essential for traffic segmentation, it does not detect or prevent loops. VLAN trunking addresses VLAN transport but does not manage Layer 2 topology.

C) LACP combines multiple physical links into a single logical link to increase bandwidth and provide redundancy. While it enhances throughput and fault tolerance, it does not prevent loops. Without STP, LACP may contribute to broadcast storms if redundant links exist.

D) Port security restricts access to switch ports based on MAC addresses. While it protects against unauthorized devices, it does not manage network topology or prevent broadcast storms.

STP is the only protocol designed to prevent loops and broadcast storms, making it the correct choice.

Question 148

A network technician wants to capture and analyze traffic from a switch without disrupting normal operations. Which solution is most appropriate?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

A) SPAN (Switched Port Analyzer) or mirror port duplicates traffic from one or more source ports or VLANs to a designated monitoring port. This allows administrators to capture packets using tools such as Wireshark without affecting the original traffic flow. SPAN is crucial for diagnosing latency, packet loss, or abnormal traffic patterns, as it provides full visibility into Layer 2 and Layer 3 traffic. It supports multiple source ports, VLANs, and bidirectional monitoring, enabling comprehensive analysis in enterprise environments. SPAN operates passively, ensuring that normal network operations continue while monitoring is conducted. Engineers can analyze application traffic, troubleshoot performance issues, and identify misconfigurations or security threats using mirrored traffic. By providing detailed visibility without interruption, SPAN simplifies troubleshooting and enhances network reliability.

B) VLAN trunking allows multiple VLANs to share a single link between switches. While essential for segmenting and transporting traffic, it does not allow traffic capture or analysis. Trunking focuses on VLAN transport, not monitoring.

C) STP prevents Layer 2 loops by selectively blocking redundant links. While important for network stability, it does not provide traffic capture or analysis capabilities. STP manages topology but offers no insight into packet-level traffic.

D) DHCP snooping validates DHCP server messages to prevent rogue IP assignment. While enhancing security, it does not duplicate or allow detailed analysis of network traffic, and its functionality is limited to DHCP messages.

SPAN/mirror ports provide passive traffic capture for troubleshooting and analysis, making it the correct choice.

Question 149

A network engineer wants to prevent rogue devices from obtaining IP addresses from unauthorized DHCP servers. Which feature should be configured?

A) DHCP snooping
B) Port security
C) STP
D) VLAN trunking

Answer: A) DHCP snooping

Explanation:

A) DHCP snooping is a security mechanism that allows only trusted DHCP servers to provide IP addresses. It works by marking ports connected to legitimate DHCP servers as trusted and inspecting DHCP messages on untrusted ports. DHCP snooping validates messages such as DHCP Discover, Offer, Request, and ACK to ensure that only authorized servers respond. It also maintains a binding table of MAC addresses, IP addresses, and VLAN information for security purposes. By preventing rogue DHCP servers from assigning incorrect IP configurations, DHCP snooping mitigates risks such as man-in-the-middle attacks, IP conflicts, and network outages. DHCP snooping also complements IP Source Guard and Dynamic ARP Inspection, providing a layered security approach in enterprise networks. This is especially important in large, dynamic environments where unauthorized DHCP servers could disrupt operations.

B) Port security restricts switch port access based on MAC addresses. While it prevents unauthorized devices from connecting physically, it does not inspect DHCP messages or prevent rogue servers from issuing IP addresses.

C) STP prevents Layer 2 loops by blocking redundant paths. While essential for stability, STP does not validate DHCP traffic or prevent unauthorized IP assignments.

D) VLAN trunking allows multiple VLANs to share a single physical link. While critical for VLAN transport, it does not provide DHCP security or inspect DHCP messages.

DHCP snooping specifically prevents rogue servers from assigning IP addresses, making it the correct choice.

Question 150

A network administrator wants to segment a network into logical groups to improve security and reduce broadcast traffic. Which technology should be used?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation:

A) VLANs (Virtual Local Area Networks) logically divide a physical network into multiple broadcast domains, improving performance and security. By isolating traffic, broadcast frames are confined within a VLAN, reducing network congestion and improving efficiency. VLANs also enhance security by restricting communication to devices within the same VLAN unless inter-VLAN routing is explicitly configured. Administrators can group users based on departments, functions, or security levels without requiring additional physical infrastructure. VLANs support policy enforcement, access control, and Quality of Service (QoS) to optimize performance for critical applications. They are scalable, allowing for network segmentation in both small and large enterprise networks. Proper VLAN implementation simplifies troubleshooting, reduces broadcast-related issues, and ensures network resources are used efficiently.

B) LACP aggregates multiple physical links for increased bandwidth and redundancy. While it enhances throughput and provides fault tolerance, it does not create separate broadcast domains or improve security at the VLAN level.

C) STP prevents Layer 2 loops by selectively blocking redundant links. While essential for topology stability, STP does not segment traffic or reduce broadcast domains.

D) Port security restricts access to switch ports based on MAC addresses. While it enhances endpoint security, it does not create broadcast domains or improve network segmentation.

VLANs are the only technology that isolates broadcast domains, enhances security, and improves performance, making them the correct choice.

Question 151

A network administrator wants to combine multiple physical links between switches to increase bandwidth and provide redundancy. Which protocol should be implemented?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP is a protocol used to combine multiple physical links into a single logical link between switches. This approach increases overall bandwidth, allowing traffic to be distributed across all aggregated links. LACP also provides redundancy; if one link fails, the remaining links continue to carry traffic without disruption. Load-balancing algorithms distribute traffic based on MAC addresses, IP addresses, or sessions, optimizing network throughput. LACP dynamically negotiates compatible links between devices, ensuring proper configuration and reducing misconfiguration risks. This protocol is widely deployed in enterprise and data center environments to maximize performance and provide fault tolerance. By logically aggregating links, LACP supports scalability, enhances reliability, and reduces the need for frequent network upgrades when traffic demands increase. It is particularly effective for server uplinks, backbone links, and inter-switch connections where high availability and increased bandwidth are critical.

B) VLANs segment networks into multiple logical broadcast domains, improving security and reducing congestion. While they help organize traffic and isolate broadcast domains, VLANs do not increase physical bandwidth or provide redundancy across links. Their purpose is logical segmentation rather than link aggregation.

C) STP (Spanning Tree Protocol) prevents Layer 2 loops by selectively blocking redundant paths. While critical for maintaining a loop-free topology, STP does not combine links or increase bandwidth. In fact, STP may block some links that could otherwise carry traffic if not combined using aggregation protocols like LACP.

D) Port security restricts access to switch ports based on MAC addresses. While it enhances security by preventing unauthorized devices from connecting, port security does not provide bandwidth aggregation or redundancy across multiple links. It is a security measure rather than a performance-enhancing protocol.

LACP is the only protocol designed specifically to increase bandwidth and provide redundancy by combining multiple links, making it the correct choice.

Question 152

A network technician wants to monitor traffic from specific switch ports to analyze network performance without disrupting normal operations. Which feature should be used?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

A) SPAN (Switched Port Analyzer) or mirror port allows a switch to replicate traffic from one or more source ports or VLANs to a designated monitoring port. This enables administrators to analyze traffic using tools like Wireshark without impacting network operations. SPAN is ideal for troubleshooting latency, packet loss, misconfigurations, and abnormal traffic patterns. It can capture bidirectional traffic and supports multiple source ports or VLANs, providing comprehensive visibility. Since SPAN duplicates traffic passively, it does not interrupt or degrade normal operations, making it safe for production environments. Network engineers use SPAN to observe network behavior, verify QoS policies, analyze application performance, and detect security threats. Its ability to deliver accurate, real-time traffic data without affecting the network makes it essential for enterprise and data center environments.

B) VLAN trunking allows multiple VLANs to share a single physical link. While important for segmenting and transporting traffic, trunking does not provide visibility into packet flows or traffic analysis capabilities. It is focused on forwarding traffic rather than monitoring it.

C) STP prevents Layer 2 loops by blocking redundant paths. While necessary for maintaining network stability, STP does not provide traffic replication or analysis capabilities. It manages topology but offers no insight into performance or troubleshooting metrics.

D) DHCP snooping validates DHCP server responses to prevent rogue IP assignments. While improving network security, it does not replicate traffic for monitoring or analysis. Its scope is limited to DHCP traffic and does not provide detailed visibility for troubleshooting network performance.

SPAN/mirror ports are specifically designed for traffic monitoring without disruption, making them the correct choice.

Question 153

A network administrator wants to prevent unauthorized devices from accessing the network while allowing legitimate devices to move between ports without manual reconfiguration. Which feature should be implemented?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Port security with sticky MAC addresses allows a switch to dynamically learn MAC addresses of connected devices and store them in the configuration. This ensures that only authorized devices can access the network while enabling legitimate devices to move between ports without manual updates. Unauthorized devices attempting to connect can be blocked, shut down, or generate an alert, providing both security and flexibility. Sticky MAC addresses reduce administrative overhead and are particularly useful in environments where users frequently relocate devices, such as offices, labs, or classrooms. When combined with DHCP snooping or Dynamic ARP Inspection, this feature contributes to a layered security approach, protecting the network from rogue devices and IP conflicts while maintaining operational efficiency.

B) VLAN trunking allows multiple VLANs to share a single physical link. While essential for transporting traffic across VLANs, it does not authenticate devices or prevent unauthorized access. Its focus is on traffic transport rather than endpoint security.

C) STP prevents Layer 2 loops by blocking redundant paths. While important for topology stability, STP does not restrict access to devices or authenticate endpoints. It manages loop-free topology but not security at the port level.

D) DHCP snooping validates DHCP messages to prevent rogue IP assignment. While it helps prevent unauthorized IP allocation, it does not control which devices physically connect to a port and therefore cannot fully prevent unauthorized access.

Port security with sticky MAC addresses provides dynamic authentication, mobility for legitimate devices, and blocks unauthorized access, making it the correct choice.

Question 154

A network engineer wants to forward multicast traffic only to devices that request it to conserve bandwidth. Which feature should be implemented?

A) IGMP snooping
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) IGMP snooping

Explanation:

A) IGMP snooping monitors Internet Group Management Protocol messages between hosts and multicast routers to determine which devices have joined specific multicast groups. By listening to join and leave messages, the switch forwards multicast traffic only to ports with interested devices, preventing unnecessary flooding to all ports in the VLAN. This reduces bandwidth consumption and improves network performance. IGMP snooping is essential in networks using IPTV, video conferencing, or other multicast-dependent applications. It maintains a dynamic forwarding table to ensure that multicast traffic reaches only requesting devices, preserving bandwidth for other applications. This selective forwarding minimizes congestion, prevents packet loss, and ensures latency-sensitive traffic maintains quality of service. By providing efficient multicast delivery, IGMP snooping enhances scalability, network reliability, and overall performance in enterprise environments.

B) VLAN trunking allows multiple VLANs to share a single link. While important for traffic segmentation, it does not monitor multicast group membership or selectively forward traffic. Trunking is focused on transmitting VLAN traffic, not managing multicast efficiency.

C) STP prevents loops in Layer 2 networks. While necessary for stability, it does not control multicast traffic or optimize bandwidth usage. STP manages redundant links but does not forward traffic selectively.

D) DHCP snooping prevents rogue DHCP servers from assigning IP addresses. While enhancing IP security, it does not forward multicast traffic selectively or reduce unnecessary traffic. Its scope is limited to DHCP messages only.

IGMP snooping ensures multicast traffic is delivered only to requesting devices, conserving bandwidth and improving performance, making it the correct choice.

Question 155

A network administrator wants to segment a network into logical groups to reduce broadcast traffic and improve security. Which technology should be used?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation:

A) VLANs (Virtual Local Area Networks) divide a physical network into multiple logical broadcast domains. By isolating traffic within each VLAN, broadcast storms are confined to a single domain, reducing network congestion and improving performance. VLANs also enhance security by restricting communication to devices within the same VLAN unless routing is configured between VLANs. Administrators can group users based on department, function, or security level without adding physical infrastructure. VLANs also support policy enforcement, Quality of Service (QoS), and network scalability. Proper VLAN configuration simplifies troubleshooting, reduces unnecessary traffic, and ensures network resources are utilized efficiently. VLANs are widely deployed in enterprise networks to improve performance, enforce security, and provide logical segmentation across large networks.

B) LACP aggregates multiple physical links for increased bandwidth and redundancy. While it enhances throughput and provides fault tolerance, it does not isolate broadcast domains or improve security between groups of devices.

C) STP prevents Layer 2 loops by selectively blocking redundant links. While essential for topology stability, STP does not reduce broadcast traffic or segment the network. Its purpose is maintaining loop-free topology rather than performance improvement.

D) Port security restricts access to switch ports based on MAC addresses. While enhancing security at the port level, it does not create broadcast domains or segment traffic. Its focus is device access control rather than network segmentation.

VLANs are the only technology that isolates broadcast domains, improves performance, and enhances security, making them the correct choice.

Question 156

A network administrator wants to identify the physical path packets take from a source to a destination and measure latency at each hop. Which tool should be used?

A) Traceroute
B) Netstat
C) ARP
D) iPerf

Answer: A) Traceroute

Explanation:

A) Traceroute is a diagnostic tool used to determine the path packets take from a source device to a destination device across an IP network. It provides a hop-by-hop analysis of the route, showing each router or Layer 3 device the packets traverse and the latency at each hop. This is achieved by sending packets with incrementally increasing Time-to-Live (TTL) values, which expire at each successive hop, triggering ICMP Time Exceeded messages. By analyzing the returned messages, Traceroute reveals the intermediate devices, response times, and potential points of delay or congestion. This tool is essential for troubleshooting routing issues, identifying bottlenecks, verifying network paths, and ensuring optimal packet delivery. It is particularly useful in complex enterprise networks, wide-area networks, and cloud environments to map routes, detect misconfigured routers, and diagnose latency or connectivity issues.

B) Netstat shows active connections, listening ports, and routing table entries on a host. While helpful for identifying open ports and network sessions, it does not provide hop-by-hop latency or path information across the network. Its functionality is limited to host-level monitoring, making it unsuitable for route tracing.

C) ARP (Address Resolution Protocol) resolves IP addresses to MAC addresses within a local broadcast domain. While critical for Layer 2 communication, ARP does not provide path information, latency, or routing analysis. It is confined to the local subnet and cannot trace the journey of packets across multiple hops.

D) iPerf measures throughput, jitter, and packet loss between endpoints. While useful for performance testing, iPerf does not identify intermediate devices or measure hop-specific latency, so it cannot map the physical path of traffic.

Traceroute is the only tool that provides detailed hop-by-hop path information along with latency measurement, making it the correct choice.

Question 157

A network engineer wants to prevent Layer 2 loops while maintaining redundancy in a network with multiple switches. Which protocol should be enabled?

A) Spanning Tree Protocol (STP)
B) VLAN trunking
C) LACP
D) DHCP snooping

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) STP is designed to prevent Layer 2 loops in networks that contain redundant paths. When switches are interconnected with multiple links, frames can circulate indefinitely, leading to broadcast storms and network degradation. STP dynamically selects a loop-free topology by placing some ports into a blocking state while allowing others to forward traffic. If a primary link fails, STP recalculates the topology and unblocks redundant paths, maintaining network connectivity without loops. Variants like Rapid STP (RSTP) and Per VLAN STP (PVST) provide faster convergence and VLAN-specific loop prevention. By managing redundancy and loops, STP ensures network stability, reliability, and uptime, which is critical for enterprise networks with high availability requirements.

B) VLAN trunking allows multiple VLANs to share a single physical link. While essential for transporting traffic across VLANs, it does not prevent loops or manage topology. Trunking deals with VLAN segmentation rather than network stability.

C) LACP combines multiple physical links into a single logical link to increase bandwidth and redundancy. While it provides throughput and fault tolerance, LACP does not prevent loops on its own. If redundant links exist without STP, broadcast storms could occur.

D) DHCP snooping validates DHCP messages to prevent unauthorized IP assignments. It does not manage Layer 2 topology or prevent loops. Its scope is limited to DHCP security, not overall network stability.

STP is the only protocol specifically designed to prevent loops while maintaining redundancy, making it the correct choice.

Question 158

A network administrator wants to restrict access to a switch port based on device MAC addresses. Which feature should be implemented?

A) Port security
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security

Explanation:

A) Port security allows a switch to restrict access to a port based on MAC addresses. Administrators can define a list of allowed MAC addresses, and if a device with an unrecognized MAC attempts to connect, the port can shut down, block traffic, or generate an alert. This enhances security by preventing unauthorized devices from accessing the network. Port security can be configured with sticky MAC addresses, allowing dynamically learned addresses to be stored and retained across reboots, simplifying management in environments where devices frequently move. It is particularly effective in offices, classrooms, and public areas where endpoint access must be tightly controlled. By enforcing device-level authentication, port security reduces the risk of network breaches and mitigates threats such as rogue devices and man-in-the-middle attacks.

B) VLAN trunking allows multiple VLANs to share a single link between switches. While it segments traffic, it does not restrict access based on MAC addresses or authenticate devices. Its purpose is logical traffic separation, not endpoint security.

C) STP prevents Layer 2 loops by blocking redundant paths. While essential for topology stability, it does not control which devices connect to ports or provide security. Its functionality is strictly for loop prevention.

D) DHCP snooping prevents unauthorized DHCP servers from assigning IP addresses. While it enhances IP security, it does not restrict physical access to switch ports based on MAC addresses. Its scope is limited to DHCP message validation.

Port security is specifically designed to enforce access control based on MAC addresses, making it the correct choice.

Question 159

A network engineer wants to prevent rogue DHCP servers from distributing incorrect IP addresses. Which feature should be implemented?

A) DHCP snooping
B) VLAN trunking
C) STP
D) LACP

Answer: A) DHCP snooping

Explanation

A) DHCP snooping is a security feature that allows only trusted DHCP servers to assign IP addresses. It works by marking ports connected to legitimate servers as trusted and inspecting DHCP messages on untrusted ports to prevent unauthorized servers from responding. DHCP snooping validates messages like DHCP Discover, Offer, Request, and ACK, ensuring only authorized servers provide IP addresses. It maintains a binding table mapping client MAC addresses, IP addresses, and VLANs, which can be used for additional security features such as IP Source Guard and Dynamic ARP Inspection. DHCP snooping prevents rogue devices from distributing incorrect configurations that could cause man-in-the-middle attacks, IP conflicts, or network outages. In enterprise environments, this feature ensures consistent and secure IP assignment while protecting against unauthorized servers.

B) VLAN trunking transports multiple VLANs across a single link. While critical for traffic segmentation, it does not validate DHCP messages or prevent rogue servers.

C) STP prevents loops in Layer 2 networks. While essential for stability, it does not address DHCP security or IP assignment issues.

D) LACP combines multiple links for bandwidth and redundancy. While it provides fault tolerance and increased throughput, it does not prevent rogue DHCP servers from assigning IP addresses.

DHCP snooping specifically secures IP allocation by validating servers, making it the correct choice.

Question 160

A network administrator wants to analyze traffic patterns from multiple ports on a switch without affecting normal operations. Which solution is most appropriate?
A) SPAN/mirror port
B) VLAN trunking
C) Port security
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

A) SPAN (Switched Port Analyzer), also known as a mirror port, is a feature that allows network administrators to replicate traffic from one or more source ports or VLANs to a designated monitoring port. This enables detailed traffic analysis without impacting the normal operation of the network. SPAN is commonly used in enterprise networks, data centers, and high-availability environments to monitor, troubleshoot, and secure traffic flows.

SPAN works by creating a copy of the packets traversing specified source ports or VLANs and forwarding them to a monitoring port, where diagnostic tools such as Wireshark, tcpdump, or intrusion detection systems (IDS) can inspect the traffic. Because SPAN operates passively, it does not introduce additional latency or modify the packets themselves, ensuring that production traffic continues uninterrupted. This makes it an ideal solution for continuous monitoring in environments where downtime or packet loss is unacceptable, such as financial institutions, healthcare networks, or cloud service providers.

One of the key benefits of SPAN is comprehensive visibility. Administrators can configure multiple source ports or entire VLANs for monitoring, enabling them to analyze traffic patterns across the network. SPAN supports bidirectional monitoring, meaning both inbound and outbound traffic can be captured for each monitored port. This is critical for troubleshooting performance issues, understanding application behavior, and ensuring that network policies such as Quality of Service (QoS) are correctly applied. For example, an administrator may monitor VoIP traffic to verify latency and jitter, or inspect database queries to identify bottlenecks affecting application performance.

SPAN also plays a significant role in security monitoring. By sending mirrored traffic to intrusion detection or prevention systems (IDS/IPS), network administrators can detect anomalies, such as unusual packet flows, suspicious connections, or potential denial-of-service attacks. This capability allows proactive identification and mitigation of security threats without impacting end users. Additionally, SPAN can be used for forensic analysis in the event of a security incident, providing a complete record of traffic for investigation and compliance purposes.

Configuring SPAN typically involves selecting the source and destination ports. The source can be a single port, multiple ports, or an entire VLAN. The destination port is connected to a monitoring device that captures and analyzes the traffic. Modern switches also support RSPAN (Remote SPAN), which allows mirrored traffic to be sent across the network to a monitoring station located on a different switch or VLAN. This extends the reach of traffic analysis while maintaining non-disruptive monitoring across large or distributed networks.

Administrators must also consider performance implications. While SPAN is passive, mirroring high-volume traffic to a single destination port can potentially saturate the monitoring interface if the aggregate traffic exceeds the capacity of the monitoring port. To mitigate this, engineers can use traffic filters, monitoring only specific types of traffic (e.g., TCP port 80, VLAN 10, or specific IP addresses), or distribute monitoring across multiple SPAN sessions and ports. This ensures that the analysis remains effective without overwhelming monitoring resources.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. Trunking is essential for carrying segregated traffic across switches and maintaining VLAN boundaries, but it does not replicate or analyze traffic for monitoring purposes. While trunking efficiently transports VLAN traffic, it is not designed to provide visibility into network behavior or diagnose application performance issues. Therefore, VLAN trunking alone cannot achieve the monitoring objectives described in this scenario.

C) Port security is a feature that restricts access to switch ports based on MAC addresses. It enhances network security by preventing unauthorized devices from connecting and potentially introducing rogue traffic. While port security is critical for safeguarding network access and reducing risks associated with MAC flooding or unauthorized devices, it does not allow administrators to capture, analyze, or monitor overall traffic patterns. Port security ensures access control but does not provide the diagnostic capabilities that SPAN offers.

D) DHCP snooping is a security mechanism that monitors and validates DHCP messages to prevent unauthorized DHCP servers from assigning IP addresses. It protects the network from rogue DHCP attacks and ensures that devices receive valid configurations. However, DHCP snooping focuses on IP address assignment and does not provide full traffic visibility or analysis capabilities. It is useful for network security, but it cannot replicate traffic for performance monitoring or troubleshooting purposes.

SPAN is widely regarded as a best practice in proactive network management. By enabling continuous monitoring without disrupting production traffic, SPAN allows engineers to:

Analyze traffic flows and patterns to optimize network performance.

Validate QoS policies for latency-sensitive applications like VoIP and video conferencing.

Identify network bottlenecks, such as congestion on specific ports or links.

Detect anomalies and security threats, including malware or unusual traffic spikes.

Perform forensic investigations by capturing packets for auditing and compliance.

Support capacity planning by understanding traffic distribution and predicting future network needs.

Additionally, SPAN integrates seamlessly with advanced monitoring solutions. For example, administrators can feed SPAN traffic into network performance monitoring (NPM) systems, intrusion detection/prevention systems (IDS/IPS), or analytics platforms. This integration provides real-time visibility and historical reporting, enabling proactive maintenance, anomaly detection, and trend analysis.

In large enterprise or data center networks, SPAN is often combined with automation and centralized monitoring platforms. Network engineers can configure SPAN sessions programmatically, apply filters dynamically, and correlate traffic from multiple switches to obtain a holistic view of the network. This approach ensures that monitoring scales with network growth while maintaining reliability and operational efficiency.

In SPAN/mirror ports are the only solution among the options that allow passive, non-disruptive traffic monitoring. Unlike VLAN trunking, which only transports traffic, port security, which only controls access, or DHCP snooping, which validates IP assignments, SPAN provides full visibility into network traffic, supporting performance troubleshooting, security analysis, and proactive network management. By replicating traffic to a designated monitoring port without impacting production operations, SPAN enables administrators to understand, optimize, and secure their networks effectively, making it the correct choice.