CompTIA  N10-009  Network+  Exam Dumps and Practice Test Questions Set 9 Q161-180

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 161

A network administrator wants to prevent network loops while providing redundancy in a Layer 2 network. Which protocol should be implemented?

A) Spanning Tree Protocol (STP)
B) VLAN trunking
C) LACP
D) DHCP snooping

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) Spanning Tree Protocol (STP) is designed to prevent Layer 2 loops in networks with redundant paths. When multiple switches are interconnected with redundant links, frames can circulate indefinitely, causing broadcast storms and network congestion. STP dynamically selects a loop-free topology by placing some ports into a blocking state while allowing others to forward traffic. If a primary path fails, STP recalculates the topology and activates blocked ports to maintain connectivity without creating loops. Variants like Rapid STP (RSTP) provide faster convergence, and Per-VLAN STP (PVST) manages loop prevention on a per-VLAN basis. STP is essential in enterprise networks to ensure stability, prevent outages, and maintain high availability in environments with redundant Layer 2 connections. It also works seamlessly with VLANs, LACP, and other network features to maintain both performance and redundancy.

B) VLAN trunking allows multiple VLANs to traverse a single link between switches. While it is essential for transporting VLAN traffic, it does not prevent Layer 2 loops or manage redundant paths. Trunking focuses on logical segmentation rather than network stability.

C) LACP aggregates multiple physical links into a single logical link to increase bandwidth and provide redundancy. While it improves throughput and fault tolerance, it does not prevent loops if additional redundant links exist. Without STP, LACP may contribute to broadcast storms if loops are present.

D) DHCP snooping validates DHCP server responses to prevent unauthorized IP address allocation. While important for security, it does not manage Layer 2 loops or redundancy and only addresses IP assignment issues.

STP is the only protocol specifically designed to prevent loops while maintaining redundancy, making it the correct choice.

Question 162

A network technician wants to monitor which devices consume the most bandwidth on a network to troubleshoot congestion. Which tool should be used?

A) SNMP
B) Netstat
C) ARP
D) Traceroute

Answer: A) SNMP

Explanation:

A) SNMP (Simple Network Management Protocol) is a protocol used for monitoring and managing network devices. SNMP allows administrators to collect data on bandwidth usage, interface utilization, packet errors, CPU and memory usage, and other performance metrics. This information can be used to identify devices consuming excessive bandwidth and causing congestion. SNMP works with Network Management Systems (NMS) to provide visual graphs, historical statistics, and alerts for abnormal conditions. SNMP supports scalable monitoring across large enterprise networks and can be configured to provide real-time insights or periodic reports. By analyzing SNMP data, network engineers can identify bottlenecks, plan capacity, enforce QoS policies, and optimize traffic flow. This makes SNMP essential for troubleshooting performance issues and maintaining a high-performing network.

B) Netstat displays active connections, listening ports, and routing tables on a single host. While it is useful for identifying open connections or detecting unusual activity on a host, it does not provide network-wide bandwidth metrics or identify high-traffic devices, making it insufficient for troubleshooting congestion.

C) ARP resolves IP addresses to MAC addresses within a local network. While necessary for Layer 2 communication, ARP does not provide bandwidth usage metrics or insights into which devices are consuming the most network resources.

D) Traceroute identifies the path packets take to reach a destination and measures per-hop latency. While helpful for diagnosing routing issues, it does not provide bandwidth utilization or traffic statistics, making it unsuitable for congestion analysis.

SNMP is the only tool that provides scalable, detailed bandwidth and performance monitoring across devices, making it the correct choice.

 

Question 163

A network engineer wants to reduce congestion and interference in a high-density Wi-Fi environment. Which action is most effective?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Enable Telnet on the access point
D) Reduce MTU size

Answer: A) Move clients to the 5 GHz band

Explanation:

A) Moving clients to the 5 GHz Wi-Fi band reduces congestion caused by the crowded 2.4 GHz spectrum. The 2.4 GHz band has fewer non-overlapping channels and is often shared with other devices like Bluetooth devices, microwaves, and legacy Wi-Fi equipment, which increases interference. The 5 GHz band provides more channels, higher data rates, and less interference, improving throughput and reducing latency for clients. Although 5 GHz signals have shorter range and higher attenuation, deploying access points strategically ensures coverage while maintaining high performance. This approach is particularly effective in high-density environments such as offices, auditoriums, and campuses where multiple clients compete for limited spectrum. By reducing interference and congestion, network administrators improve reliability, user experience, and performance for applications such as VoIP, video streaming, and file transfers.

B) Increasing DHCP lease time reduces the frequency of IP address renewals but does not impact wireless congestion or RF interference. It only affects IP management, not client performance.

C) Enabling Telnet on an access point allows remote management but does not influence wireless performance or congestion. Telnet is unrelated to RF optimization or throughput improvement.

D) Reducing MTU size changes the maximum packet size for transmissions. While it may reduce fragmentation in certain cases, it does not mitigate interference or congestion in a high-density Wi-Fi environment.

Moving clients to the 5 GHz band directly addresses interference and congestion, improving throughput and network performance, making it the correct choice.

Question 164

A network administrator wants to isolate broadcast traffic and improve security by dividing a physical network into multiple logical segments. Which technology should be implemented?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation:

A) VLANs (Virtual Local Area Networks) segment a physical network into multiple logical broadcast domains. By confining broadcast traffic to a single VLAN, congestion is reduced, and overall network performance improves. VLANs also enhance security by isolating groups of users, ensuring that devices in one VLAN cannot communicate with another VLAN unless routing is explicitly configured. VLANs allow administrators to group users by function, department, or security level without additional physical hardware. This logical segmentation simplifies policy enforcement, traffic management, and troubleshooting. VLANs also support Quality of Service (QoS) to prioritize critical traffic and improve performance for latency-sensitive applications. They are scalable and commonly used in enterprise networks to optimize bandwidth usage, enhance security, and improve operational efficiency.

B) LACP aggregates multiple physical links to increase bandwidth and provide redundancy. While useful for throughput, LACP does not segment broadcast domains or enhance security through traffic isolation.

C) STP prevents Layer 2 loops by selectively blocking redundant paths. While necessary for stability, STP does not reduce broadcast traffic or provide segmentation.

D) Port security restricts access to switch ports based on MAC addresses. While improving endpoint security, it does not divide a network into logical broadcast domains or reduce congestion.

VLANs are the only technology that isolates broadcast domains, enhances security, and improves performance, making them the correct choice.

Question 165

A network technician wants to measure network throughput, jitter, and packet loss between two endpoints to troubleshoot VoIP performance. Which tool should be used?

A) iPerf
B) Netstat
C) ARP
D) Traceroute

Answer: A) iPerf

Explanation:

A) iPerf is a network testing tool that measures throughput, jitter, latency, and packet loss between two endpoints. It is particularly useful for evaluating performance for real-time applications such as VoIP, video conferencing, and streaming. iPerf can generate TCP or UDP traffic to simulate real network conditions and supports configurable test parameters such as duration, parallel streams, and window size. Using a client-server setup, iPerf provides accurate performance metrics under controlled conditions. This allows administrators to identify bottlenecks, validate Quality of Service (QoS) configurations, troubleshoot congestion, and determine if the network can reliably support latency-sensitive traffic. iPerf is widely used in enterprise and data center environments to assess performance, optimize routing, and ensure that applications receive adequate network resources.

B) Netstat shows active connections, listening ports, and routing tables. While helpful for host-level diagnostics, it does not measure throughput, jitter, or packet loss across a network, making it unsuitable for VoIP performance evaluation.

C) ARP resolves IP addresses to MAC addresses within a local network. While necessary for Layer 2 communication, ARP does not provide metrics on throughput, jitter, or packet loss.

D) Traceroute identifies the path packets take to reach a destination and measures per-hop latency. While useful for routing diagnostics, it does not provide comprehensive metrics on throughput, jitter, or packet loss needed for VoIP troubleshooting.

iPerf provides detailed measurements of throughput, jitter, and packet loss, making it the correct choice for evaluating VoIP performance.

Question 166

A network administrator wants to prevent unauthorized devices from connecting to a switch port while allowing legitimate devices to move between ports without manual reconfiguration. Which feature should be implemented?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Port security with sticky MAC addresses allows a switch to dynamically learn the MAC addresses of devices connecting to a port and store them in the running configuration. This ensures that only authorized devices can access the network while still allowing legitimate devices to move between ports without requiring manual updates to the configuration. When an unauthorized device attempts to connect, the switch can shut down the port, block the device, or generate an alert. Sticky MAC addresses are particularly useful in environments with frequent device relocation, such as offices, labs, or classrooms, as they reduce administrative overhead while maintaining security. This feature can also be integrated with DHCP snooping and Dynamic ARP Inspection to provide a layered security approach, ensuring both device-level access control and IP allocation verification. By dynamically authenticating devices and allowing legitimate mobility, sticky MAC addresses provide a practical solution to securing network endpoints.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While essential for traffic segmentation and transporting multiple VLANs, trunking does not authenticate devices or prevent unauthorized access to individual switch ports. Its focus is on traffic transport rather than port-level security.

C) STP prevents Layer 2 loops by selectively blocking redundant links in a network. While important for network stability, STP does not manage access to switch ports or authenticate devices, making it irrelevant for preventing unauthorized connections.

D) DHCP snooping validates DHCP messages to prevent rogue servers from assigning IP addresses. While useful for ensuring proper IP allocation, it does not control which devices can physically connect to a port, so it cannot fully prevent unauthorized access.

Port security with sticky MAC addresses is the only feature that provides dynamic device authentication while allowing legitimate device mobility, making it the correct choice.

Question 167

 A network administrator wants to forward multicast traffic only to devices that have explicitly requested it to conserve bandwidth. Which feature should be implemented?

A) IGMP snooping
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) IGMP snooping

Explanation:

A) IGMP snooping monitors Internet Group Management Protocol messages exchanged between hosts and multicast routers to determine which devices have joined or left specific multicast groups. By tracking these join and leave messages, switches can forward multicast traffic only to ports with devices that have explicitly requested it, preventing unnecessary flooding to all ports within a VLAN. This reduces bandwidth consumption and prevents congestion, which is especially important for applications like IPTV, video conferencing, and streaming. IGMP snooping dynamically builds a forwarding table to ensure multicast traffic reaches only the intended devices. This approach minimizes packet loss, maintains latency-sensitive traffic quality, and enhances overall network performance. By forwarding multicast traffic selectively, IGMP snooping improves scalability, reduces broadcast-like behavior, and ensures that resources are efficiently used across the network.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While important for traffic segmentation and VLAN transport, it does not track multicast group memberships or selectively forward multicast traffic. Its purpose is to carry multiple VLANs rather than optimize multicast delivery.

C) STP prevents Layer 2 loops in networks with redundant paths by blocking some links to maintain a loop-free topology. While critical for stability, it does not monitor multicast membership or manage bandwidth for multicast traffic.

D) DHCP snooping prevents unauthorized DHCP servers from assigning IP addresses. While essential for IP allocation security, it does not forward multicast traffic selectively or reduce unnecessary traffic. Its functionality is limited to DHCP message validation.

IGMP snooping ensures multicast traffic is delivered only to requesting devices, conserving bandwidth and improving performance, making it the correct choice.

Question 168

A network engineer wants to combine multiple physical links between two switches to increase bandwidth and provide redundancy. Which protocol should be implemented?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP allows multiple physical links between switches to be combined into a single logical link. This increases bandwidth by distributing traffic across all aggregated links and provides redundancy, so that if one link fails, the remaining links continue to carry traffic without disruption. LACP dynamically negotiates compatible links to ensure correct configuration and load balancing. It uses algorithms to distribute traffic based on MAC addresses, IP addresses, or sessions, optimizing network performance. LACP is particularly useful in enterprise and data center environments where high availability and increased throughput are critical, such as server uplinks, backbone links, and inter-switch connections. By aggregating links, LACP enhances scalability, reliability, and overall network efficiency.

B) VLANs segment networks into multiple logical broadcast domains to reduce congestion and improve security. While VLANs enhance organization and isolation, they do not combine physical links or increase aggregate bandwidth.

C) STP prevents Layer 2 loops by selectively blocking redundant paths. While essential for stability, it does not aggregate links or increase throughput. Without LACP, redundant links may be blocked by STP and cannot contribute to bandwidth.

D) Port security restricts access to switch ports based on MAC addresses. While improving security, it does not increase bandwidth or provide redundancy. Its purpose is device-level access control rather than performance enhancement.

LACP is the only protocol designed to increase bandwidth and provide redundancy through link aggregation, making it the correct choice.

Question 169

A network technician wants to capture traffic from specific switch ports for troubleshooting without affecting normal operations. Which solution should be used?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

A) SPAN (Switched Port Analyzer) or mirror port duplicates traffic from one or more source ports or VLANs to a designated monitoring port. This allows network administrators to capture packets using tools such as Wireshark without interrupting normal traffic flow. SPAN is particularly useful for troubleshooting latency, packet loss, misconfigurations, and abnormal traffic patterns. It supports multiple source ports, VLANs, and bidirectional traffic, providing comprehensive visibility. SPAN operates passively, ensuring that monitoring does not degrade production performance. It is widely used in enterprise networks to validate network behavior, detect performance bottlenecks, verify QoS policies, and analyze high-priority application traffic like VoIP or video. By providing accurate traffic visibility without impacting normal operations, SPAN simplifies network troubleshooting and improves reliability.

B) VLAN trunking allows multiple VLANs to traverse a single physical link but does not replicate traffic for analysis. Its function is limited to transporting segmented traffic, not monitoring it.

C) STP prevents Layer 2 loops by selectively blocking redundant paths. While necessary for stability, it does not provide the ability to capture traffic or analyze network behavior.

D) DHCP snooping validates DHCP messages to prevent rogue IP allocation. While enhancing security, it does not allow traffic capture or analysis and only focuses on DHCP communications.

SPAN/mirror ports provide non-disruptive traffic capture for troubleshooting, making them the correct choice.

Question 170

A network administrator wants to prevent rogue DHCP servers from distributing incorrect IP addresses on a network. Which feature should be implemented?

A) DHCP snooping
B) VLAN trunking
C) STP
D) LACP

Answer: A) DHCP snooping

Explanation:

A) DHCP snooping is a security mechanism that allows only trusted DHCP servers to assign IP addresses. It works by marking ports connected to legitimate servers as trusted and inspecting DHCP messages on untrusted ports to block unauthorized servers. DHCP snooping validates DHCP Discover, Offer, Request, and ACK messages to ensure IP addresses are assigned correctly. It also maintains a binding table mapping MAC addresses, IP addresses, and VLANs, which can be used for additional security features such as IP Source Guard and Dynamic ARP Inspection. This prevents rogue devices from assigning incorrect IP configurations, avoiding IP conflicts, man-in-the-middle attacks, and network outages. DHCP snooping is essential in enterprise networks to maintain consistent IP address allocation, ensure network integrity, and protect sensitive communications from malicious devices.

B) VLAN trunking allows multiple VLANs to share a single link. While useful for transporting traffic, it does not prevent unauthorized DHCP servers from assigning IP addresses.

C) STP prevents Layer 2 loops by blocking redundant paths. While necessary for stability, it does not validate DHCP messages or prevent rogue servers.

D) LACP aggregates multiple physical links into a single logical link. While it increases bandwidth and provides redundancy, it does not prevent unauthorized DHCP servers from distributing IP addresses.

DHCP snooping is the only feature specifically designed to prevent rogue DHCP servers from issuing IP addresses, making it the correct choice.

Question 171

A network administrator wants to identify which applications are consuming the most bandwidth on a network to optimize performance. Which protocol or tool should be used?

A) SNMP
B) ARP
C) Traceroute
D) STP

Answer: A) SNMP

Explanation:

A) SNMP (Simple Network Management Protocol) is the most suitable tool for monitoring bandwidth usage and identifying applications that consume the most network resources. SNMP enables network administrators to collect statistics from switches, routers, servers, and other devices, including interface traffic, errors, and utilization patterns. By using SNMP, administrators can monitor traffic trends over time, generate alerts for unusual activity, and integrate with Network Management Systems (NMS) to visualize bandwidth usage per device, per interface, or even per application if the NMS supports traffic classification. This capability is vital in enterprise networks where congestion or heavy application use can degrade performance for critical services. SNMP provides a centralized, scalable, and proactive monitoring solution that allows IT teams to plan capacity, optimize traffic flows, and enforce Quality of Service (QoS) policies. By analyzing SNMP-collected data, administrators can pinpoint high-bandwidth applications, isolate bottlenecks, and make informed decisions about traffic shaping or prioritization.

B) ARP resolves IP addresses to MAC addresses within a local network. While ARP is crucial for Layer 2 communication, it does not provide visibility into bandwidth consumption or identify applications generating traffic. ARP operates only within a subnet and offers no performance metrics.

C) Traceroute identifies the path packets take from source to destination and measures latency at each hop. While helpful for routing diagnostics, it does not monitor application-level bandwidth or network-wide traffic trends, making it unsuitable for optimizing performance.

D) STP prevents Layer 2 loops by blocking redundant paths. While essential for network stability, STP does not provide traffic or bandwidth monitoring capabilities. It ensures a loop-free topology but does not offer insights into application usage or congestion.

SNMP is the only tool designed for scalable, continuous monitoring of bandwidth and application usage across network devices, making it the correct choice.

Question 172

A network engineer wants to prevent broadcast storms and Layer 2 loops in a network with redundant switch links. Which protocol should be implemented?

A) Spanning Tree Protocol (STP)
B) VLAN trunking
C) LACP
D) DHCP snooping

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) Spanning Tree Protocol (STP) is specifically designed to prevent Layer 2 loops in networks with redundant links. Broadcast frames can circulate indefinitely in a looped network, causing network congestion and outages. STP dynamically calculates a loop-free topology by placing some links in a blocking state while allowing others to forward traffic. If a primary link fails, STP recalculates the topology and unblocks alternate paths to maintain connectivity. Variants such as Rapid STP (RSTP) and Per VLAN STP (PVST) provide faster convergence and VLAN-specific loop prevention. Implementing STP is critical in enterprise networks where uptime and reliability are essential. It ensures stability while allowing redundancy, preventing network-wide broadcast storms that could impact business-critical services. STP integrates with other network features like VLANs and LACP to maintain a stable, efficient Layer 2 topology.

B) VLAN trunking allows multiple VLANs to traverse a single link but does not prevent loops. Trunking focuses on segmenting traffic for organizational and performance reasons rather than maintaining a loop-free network.

C) LACP combines multiple physical links into a single logical link to increase bandwidth and provide redundancy. While useful for throughput, LACP alone does not prevent loops and may contribute to broadcast storms if STP is not implemented.

D) DHCP snooping prevents rogue DHCP servers from assigning incorrect IP addresses. While important for security, it does not address Layer 2 loops or broadcast storms.

STP is the only protocol that prevents loops while allowing redundancy, making it the correct choice.

Question 173

A network administrator wants to restrict access to a switch port based on the MAC addresses of connected devices. Which feature should be implemented?

A) Port security
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security

Explanation:

A) Port security is a switch feature that restricts access to a port based on MAC addresses. Administrators can define a list of allowed addresses, and if an unauthorized device attempts to connect, the switch can shut down the port, block traffic, or generate an alert. Port security can also use sticky MAC addresses, allowing devices’ addresses to be dynamically learned and stored in the configuration, which simplifies management in environments where devices frequently move. This feature enhances security by preventing unauthorized access, mitigating rogue devices, and protecting against man-in-the-middle attacks. It is widely used in offices, classrooms, and labs to ensure that only known devices can communicate on the network while allowing authorized users to relocate without reconfiguration. Port security also integrates with DHCP snooping and Dynamic ARP Inspection for layered security, protecting both access and IP integrity.

B) VLAN trunking allows multiple VLANs to traverse a single physical link. While important for traffic transport, it does not control access to the port or enforce MAC-based authentication.

C) STP prevents Layer 2 loops by blocking redundant paths. While essential for stability, it does not provide device-level access control or enforce security policies.

D) DHCP snooping validates DHCP messages to prevent rogue servers from assigning IP addresses. While useful for security, it does not prevent unauthorized devices from physically connecting to a switch port.

Port security is the only feature that provides MAC-based access control, making it the correct choice.

Question 174

A network engineer wants to measure network throughput, packet loss, and jitter between two endpoints to troubleshoot VoIP performance. Which tool should be used?

A) iPerf
B) Netstat
C) ARP
D) Traceroute

Answer: A) iPerf

Explanation:

A) iPerf is a network testing tool designed to measure throughput, jitter, packet loss, and latency between two endpoints. It can generate TCP or UDP traffic under controlled conditions, allowing administrators to simulate real network behavior. iPerf provides detailed performance metrics that are particularly valuable for troubleshooting VoIP, video conferencing, and other latency-sensitive applications. Using a client-server model, iPerf tests can evaluate maximum available bandwidth, identify congestion points, and validate Quality of Service (QoS) configurations. By analyzing the results, administrators can detect bottlenecks, optimize network paths, and ensure reliable application performance. iPerf is widely used in enterprise and data center networks to benchmark throughput, validate network upgrades, and troubleshoot issues proactively.

B) Netstat shows active connections, listening ports, and routing tables on a host. While useful for host-level diagnostics, it does not measure throughput, jitter, or packet loss across a network.

C) ARP resolves IP addresses to MAC addresses in a local network. It does not provide metrics on throughput, packet loss, or jitter.

D) Traceroute identifies the path packets take and measures per-hop latency. While helpful for routing diagnostics, it does not provide comprehensive metrics on throughput or packet loss needed for VoIP troubleshooting.

iPerf is the only tool designed to measure throughput, jitter, and packet loss for end-to-end performance analysis, making it the correct choice.

Question 175

 A network administrator wants to prevent rogue DHCP servers from distributing incorrect IP addresses on a network. Which feature should be implemented?

A) DHCP snooping
B) VLAN trunking
C) STP
D) LACP

Answer: A) DHCP snooping

Explanation:

A) DHCP snooping is a network security feature that ensures only authorized DHCP servers can assign IP addresses. It marks trusted ports connected to legitimate DHCP servers and inspects DHCP messages on untrusted ports to prevent rogue servers from issuing IP addresses. DHCP snooping validates DHCP Discover, Offer, Request, and ACK messages, maintaining a binding table of MAC addresses, IP addresses, and VLAN assignments. This table can also be used by features like IP Source Guard and Dynamic ARP Inspection to prevent IP spoofing. By preventing rogue DHCP servers from distributing incorrect configurations, DHCP snooping protects against IP conflicts, man-in-the-middle attacks, and network outages. It is essential in enterprise environments to maintain consistent IP allocation and network integrity while supporting security policies and compliance requirements.

B) VLAN trunking allows multiple VLANs to share a single physical link. While critical for VLAN transport, it does not prevent rogue DHCP servers from assigning IP addresses.

C) STP prevents Layer 2 loops by blocking redundant paths. While necessary for network stability, it does not inspect DHCP messages or protect IP assignments.

D) LACP aggregates multiple physical links for increased bandwidth and redundancy. While beneficial for throughput, it does not prevent rogue DHCP servers from assigning IP addresses.

DHCP snooping is the only feature that secures IP address allocation by blocking unauthorized DHCP servers, making it the correct choice.

Question 176

A network administrator wants to isolate broadcast domains, improve security, and reduce network congestion without adding additional physical switches. Which technology should be implemented?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation:

A) VLANs, or Virtual Local Area Networks, allow a physical network to be divided into multiple logical networks. Each VLAN represents a separate broadcast domain, which means that broadcast traffic originating in one VLAN is not forwarded to ports in another VLAN unless routed through a Layer 3 device. This segmentation is critical for reducing congestion, because broadcasts, multicasts, and other Layer 2 traffic are contained within the VLAN, ensuring that only the devices that need the traffic receive it. VLANs also enhance security because devices in one VLAN cannot communicate directly with devices in another VLAN unless explicitly allowed through routing or firewall policies. This logical separation allows organizations to implement policies based on department, user roles, or security requirements without adding extra physical switches, reducing cost and complexity. VLANs also facilitate easier network management by allowing administrators to move users or devices between segments without rewiring or reconfiguring the physical infrastructure. Advanced VLAN features, such as Private VLANs, can provide additional isolation for sensitive devices while still allowing controlled access to shared resources. By controlling broadcast domains, VLANs improve network performance, simplify monitoring, and provide a foundation for implementing Quality of Service (QoS) policies to prioritize critical applications such as VoIP and video conferencing. In large enterprise networks, VLANs are combined with routing, ACLs, and network monitoring tools to create scalable, secure, and efficient environments.

B) LACP, or Link Aggregation Control Protocol, is designed to combine multiple physical links into a single logical link to increase bandwidth and provide redundancy. While LACP improves throughput and fault tolerance, it does not isolate broadcast domains or reduce Layer 2 congestion. Its primary function is link-level performance and resilience, not logical segmentation or security between groups of users. Without VLANs, broadcasts on an aggregated link could still reach all ports in the Layer 2 domain. LACP is often used in conjunction with VLANs to maximize performance between core switches or uplinks to servers, but it cannot replace VLANs in managing broadcast domains.

C) STP, or Spanning Tree Protocol, prevents loops in Layer 2 networks by selectively blocking redundant paths. While critical for network stability and avoiding broadcast storms caused by loops, STP does not segment networks or isolate broadcast traffic. Its function is limited to ensuring a loop-free topology, so all devices in the Layer 2 domain remain part of the same broadcast domain unless VLANs are implemented. STP alone cannot improve security by segregating groups of users or reduce broadcast traffic from unrelated devices.

D) Port security restricts which devices can connect to a switch port based on MAC addresses. While it is useful for preventing unauthorized access to the network, port security does not create separate broadcast domains, nor does it manage Layer 2 traffic or reduce congestion. Port security ensures endpoint control, but it does not address the larger network architecture issues that VLANs solve. It is a complement to VLANs for enhancing security but cannot replace VLANs for traffic management and segmentation.

VLANs are the only technology among these options that provide logical segmentation, reduce broadcast traffic, and enhance security without requiring additional hardware, making them the correct choice.

Question 177

A network engineer needs to combine multiple physical links between two switches to increase bandwidth and provide redundancy. Which protocol should be implemented?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP allows multiple physical Ethernet links to be combined into a single logical link, known as a Link Aggregation Group (LAG). This approach increases available bandwidth by distributing traffic across all aggregated links and provides redundancy so that if one link fails, the remaining links continue to forward traffic without interruption. LACP automatically negotiates link aggregation between switches that support the protocol, ensuring compatibility and correct configuration. Traffic distribution is typically based on MAC addresses, IP addresses, or session-level hashing algorithms, which optimizes network performance while preventing traffic imbalance. In data center and enterprise networks, LACP is often deployed on uplinks between core switches, distribution switches, and servers that require high throughput. By combining multiple links, LACP reduces the risk of network bottlenecks and enables fault tolerance. It is important to note that LACP does not prevent Layer 2 loops on its own, so STP is usually implemented alongside it to maintain a loop-free topology. LACP supports dynamic configuration, meaning that administrators can add or remove links from the aggregation without disrupting traffic, making it highly scalable and efficient. Proper implementation of LACP improves redundancy, increases bandwidth, and provides resilience in high-performance environments.

B) VLANs segment networks into logical broadcast domains to reduce congestion and improve security. While VLANs are essential for logical separation, they do not combine multiple links or provide higher bandwidth. VLANs and LACP are complementary: VLANs handle traffic segmentation, while LACP aggregates physical connections.

C) STP prevents loops in Layer 2 networks but does not combine links for increased throughput. Without LACP, multiple links between switches may be blocked by STP to avoid loops, resulting in underutilized bandwidth. STP addresses topology stability, not bandwidth aggregation.

D) Port security restricts access to a switch port based on MAC addresses. It enhances security but does not aggregate links or increase bandwidth. Its purpose is endpoint control rather than performance optimization.

LACP is the only protocol that combines multiple physical links to increase throughput and provide redundancy, making it the correct choice.

Question 178

A network administrator wants to monitor traffic on specific switch ports without disrupting normal network operations. Which solution should be implemented?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation

A) SPAN, or Switched Port Analyzer, allows traffic from one or more source ports or VLANs to be duplicated and sent to a designated monitoring port. This enables network administrators to capture and analyze traffic using tools such as Wireshark, without impacting production traffic. SPAN is widely used for troubleshooting network issues, monitoring performance, and detecting security anomalies. It supports bidirectional traffic monitoring and can aggregate traffic from multiple source ports, providing comprehensive visibility. SPAN operates passively, so it does not introduce latency or disrupt normal network operations. Administrators can analyze patterns, validate Quality of Service (QoS), and troubleshoot issues such as packet loss, latency, or abnormal application behavior. SPAN is particularly important in large networks, where capturing traffic from critical links without downtime is essential. It allows proactive problem detection and operational insight without interfering with end-user activity.

B) VLAN trunking allows multiple VLANs to share a single physical link between switches. While it is necessary for transporting VLAN traffic, it does not provide traffic capture or monitoring capabilities. Its primary function is traffic segmentation and transport, not analysis.

C) STP prevents Layer 2 loops by blocking redundant paths to maintain a loop-free topology. While essential for stability, it does not provide visibility into network traffic or enable troubleshooting of application performance.

D) DHCP snooping validates DHCP messages to prevent rogue servers from assigning incorrect IP addresses. While enhancing network security, it does not replicate traffic or provide monitoring capabilities for analysis. Its scope is limited to DHCP messages only.

SPAN/mirror ports are the only solution designed for passive traffic capture without disruption, making them the correct choice.

Question 179

A network administrator wants to prevent rogue DHCP servers from distributing incorrect IP addresses. Which feature should be implemented?

A) DHCP snooping
B) VLAN trunking
C) STP
D) LACP

Answer: A) DHCP snooping

Explanation:

A) DHCP snooping is a security feature that ensures only authorized DHCP servers can assign IP addresses. It works by marking ports connected to legitimate servers as trusted and inspecting DHCP messages on untrusted ports to block unauthorized servers. DHCP snooping validates DHCP Discover, Offer, Request, and ACK messages and maintains a binding table mapping MAC addresses, IP addresses, and VLANs. This table can be leveraged by IP Source Guard and Dynamic ARP Inspection to prevent IP spoofing and man-in-the-middle attacks. DHCP snooping protects the network from rogue servers that could assign incorrect IP addresses, leading to conflicts, communication failures, or unauthorized access. It is essential in enterprise networks to maintain consistent and secure IP allocation. DHCP snooping also allows administrators to enforce IP address policies, ensuring that endpoints receive the correct network configuration while maintaining security and operational integrity.

B) VLAN trunking allows multiple VLANs to traverse a single link. While critical for traffic segmentation, it does not prevent rogue DHCP servers from assigning IP addresses.

C) STP prevents Layer 2 loops by blocking redundant paths. While essential for network stability, it does not validate DHCP messages or secure IP allocation.

D) LACP combines multiple links for increased bandwidth and redundancy. While beneficial for performance, it does not prevent rogue DHCP servers from distributing incorrect IP addresses.

DHCP snooping is the only feature specifically designed to prevent unauthorized DHCP servers from assigning IP addresses, making it the correct choice.

Question 180

A network engineer wants to prevent unauthorized devices from connecting to a switch port while still allowing legitimate devices to move between ports. Which solution should be implemented?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) STP
D) LACP

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Port security with sticky MAC addresses allows a switch to dynamically learn the MAC addresses of devices connecting to a port and store them in the running configuration. This ensures that only authorized devices can access the network while allowing legitimate devices to move between ports without manual reconfiguration. If an unauthorized device attempts to connect, the switch can block the port, shut it down, or generate an alert. Sticky MAC addresses simplify administration by automatically updating the allowed MAC address list, reducing the need for manual updates when devices move between ports. This is particularly useful in environments where users frequently relocate devices, such as offices, classrooms, and labs. Combined with DHCP snooping and Dynamic ARP Inspection, sticky MAC addresses provide a layered security approach, protecting both access and IP integrity. Port security ensures endpoint authentication, mitigates rogue device access, and maintains network operational integrity without affecting mobility for legitimate users.

B) VLAN trunking allows multiple VLANs to share a single physical link but does not restrict access to individual switch ports based on device MAC addresses. It manages traffic segmentation, not endpoint security.

C) STP prevents Layer 2 loops by blocking redundant paths. While essential for network stability, it does not control which devices can connect to a port or prevent unauthorized access.

D) LACP aggregates multiple physical links to increase bandwidth and provide redundancy. While it improves throughput, it does not enforce device authentication or prevent unauthorized access to ports.

Port security with sticky MAC addresses is the only solution that provides dynamic device authentication while allowing legitimate mobility, making it the correct choice.