CompTIA  N10-009  Network+  Exam Dumps and Practice Test Questions Set 10 Q181-200

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 181

 A network administrator wants to prevent Layer 2 loops in a network with redundant switch connections while maintaining high availability. Which protocol should be implemented?

A) Spanning Tree Protocol (STP)
B) VLAN trunking
C) LACP
D) Port security

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) Spanning Tree Protocol (STP) is designed to prevent loops in Layer 2 networks, which can occur when multiple redundant paths exist between switches. Layer 2 loops cause broadcast storms, multiple frame copies, MAC address table instability, and overall network degradation. STP works by electing a root bridge and calculating the shortest path to it for all switches in the topology. Redundant paths that are not part of the optimal path are placed in a blocking state. This ensures a loop-free logical topology while still maintaining redundancy, so that if an active path fails, STP recalculates and activates a previously blocked path to maintain connectivity. Rapid STP (RSTP) reduces convergence times to a few seconds, minimizing downtime in enterprise networks. STP is widely used in networks with redundant links, such as core and distribution layers, to maintain high availability while preventing broadcast storms. STP also works with VLANs in implementations like Per VLAN Spanning Tree (PVST), allowing separate loop prevention for each VLAN, enhancing scalability and security. By preventing loops while maintaining redundancy, STP ensures network reliability, stability, and predictable traffic flow. It also integrates with other protocols like LACP to ensure that aggregated links do not cause loops and with QoS mechanisms to maintain performance for critical applications.

B) VLAN trunking allows multiple VLANs to share a single physical link. While essential for segmenting traffic and reducing unnecessary broadcast traffic across VLANs, it does not prevent loops in Layer 2 networks. Trunking ensures that traffic for different VLANs is transported correctly between switches but does not manage redundancy or block redundant paths, which can result in loops if STP is not used.

C) LACP combines multiple physical links into a single logical link to increase bandwidth and provide redundancy. While LACP improves throughput and fault tolerance, it does not prevent loops. Without STP, redundant LACP links could contribute to broadcast storms or MAC table instability. LACP is complementary to STP but cannot replace it for loop prevention.

D) Port security restricts access to a switch port based on MAC addresses, enhancing endpoint-level security. While it prevents unauthorized devices from connecting to the network, it does not address Layer 2 loops, broadcast storms, or redundancy management. Port security secures individual ports but does not manage topology.

STP is the only protocol specifically designed to prevent Layer 2 loops while allowing redundant paths to maintain high availability, making it the correct choice.

Question 182

A network engineer wants to restrict network access to only authorized devices based on their MAC addresses while allowing legitimate devices to move between switch ports without manual reconfiguration. Which solution should be implemented?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) DHCP snooping
D) LACP

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Port security with sticky MAC addresses dynamically learns MAC addresses of devices that connect to a switch port and stores them in the running configuration. This allows only authorized devices to access the network, blocking unauthorized devices and generating alerts if a violation occurs. Sticky MAC addresses allow legitimate devices to move between ports without manual updates, simplifying administration in environments where devices frequently relocate, such as offices, classrooms, or labs. Port security also prevents rogue devices from connecting and mitigates threats such as man-in-the-middle attacks, unauthorized access, and MAC spoofing. When combined with features like DHCP snooping and Dynamic ARP Inspection, it provides layered security by ensuring both access control and IP assignment validation. Administrators can configure actions like shutdown, restrict, or protect for ports violating security policies, allowing for tailored enforcement depending on the criticality of the network segment. Port security with sticky MAC addresses ensures both operational flexibility and robust protection for endpoint devices, reducing administrative overhead while maintaining network integrity.

B) VLAN trunking allows multiple VLANs to share a single physical link. While it segments traffic and isolates broadcast domains, trunking does not restrict which devices can connect to a port. VLANs provide traffic separation and security at a logical level but do not enforce MAC-based access control.

C) DHCP snooping validates DHCP messages and ensures only authorized servers assign IP addresses. While critical for preventing rogue DHCP servers, it does not block unauthorized devices from physically connecting to a switch port. DHCP snooping focuses on IP allocation security, not port access control.

D) LACP aggregates multiple physical links to increase bandwidth and provide redundancy. While beneficial for throughput, it does not restrict access to devices based on MAC addresses or enforce endpoint authentication.

Port security with sticky MAC addresses is the only solution that combines device-level authentication with the ability for legitimate devices to move freely, making it the correct choice.

Question 183

A network administrator wants to ensure that only authorized DHCP servers can assign IP addresses to clients on the network. Which feature should be implemented?

A) DHCP snooping
B) VLAN trunking
C) STP
D) LACP

Answer: A) DHCP snooping

Explanation:

A) DHCP snooping is a security mechanism that allows a network to identify and trust authorized DHCP servers while blocking unauthorized servers from assigning IP addresses. It works by marking switch ports connected to legitimate servers as trusted and inspecting DHCP messages on untrusted ports to prevent rogue servers from issuing incorrect configurations. DHCP snooping validates DHCP Discover, Offer, Request, and ACK messages to ensure proper IP address allocation. It maintains a binding table of MAC addresses, IP addresses, and VLAN assignments, which can be leveraged for additional security features like IP Source Guard and Dynamic ARP Inspection to prevent IP spoofing and man-in-the-middle attacks. Implementing DHCP snooping protects the network from IP conflicts, ensures consistent IP assignment, and reduces the risk of unauthorized access caused by rogue servers. It is particularly critical in enterprise networks, classrooms, or public environments where unauthorized devices could disrupt services or compromise security. DHCP snooping integrates seamlessly with port security and VLAN segmentation to provide comprehensive network protection while maintaining operational efficiency.

B) VLAN trunking allows multiple VLANs to share a single physical link. While trunking segments traffic between VLANs, it does not prevent rogue DHCP servers or enforce IP assignment policies.

C) STP prevents Layer 2 loops by blocking redundant paths. While essential for stability, STP does not validate DHCP messages or prevent unauthorized IP allocation.

D) LACP aggregates multiple physical links for increased bandwidth and redundancy. It improves throughput and fault tolerance but does not address DHCP server validation or security.

DHCP snooping is the only feature specifically designed to ensure that only authorized DHCP servers assign IP addresses, making it the correct choice.

Question 184

A network engineer wants to capture traffic from specific switch ports for detailed analysis without impacting normal network operations. Which solution should be implemented?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) LACP

Answer: A) SPAN/mirror port

Explanation:

A) SPAN, or Switched Port Analyzer, allows traffic from one or more source ports or VLANs to be duplicated and sent to a monitoring port. This enables administrators to capture and analyze packets using tools such as Wireshark without interrupting normal network traffic. SPAN is ideal for troubleshooting issues like latency, packet loss, network congestion, misconfigurations, and security anomalies. It supports monitoring multiple source ports, bidirectional traffic, and even entire VLANs if needed. Since SPAN operates passively, it does not add latency or interfere with production traffic, allowing continuous monitoring in enterprise, campus, or data center environments. Administrators can analyze traffic patterns, validate QoS policies, detect high-priority application issues, and troubleshoot network performance without affecting end-users. SPAN provides detailed visibility into network behavior, enabling proactive maintenance, anomaly detection, and optimization. It is particularly valuable when combined with logging and alerting tools, providing a comprehensive network monitoring and diagnostic solution.

B) VLAN trunking allows multiple VLANs to traverse a single link between switches. While essential for carrying segmented traffic, it does not replicate traffic for monitoring or analysis. Trunking is designed for traffic transport, not diagnostic visibility.

C) STP prevents Layer 2 loops by blocking redundant paths in a network. While important for stability, it does not allow traffic capture or analysis and does not provide insight into application behavior or performance.

D) LACP aggregates multiple physical links to increase bandwidth and provide redundancy. While enhancing performance, it does not replicate traffic or facilitate monitoring for troubleshooting purposes.

SPAN/mirror ports are the only solution designed for non-disruptive traffic capture and analysis, making them the correct choice.

Question 185

 A network administrator wants to increase network performance by moving clients to a less congested wireless frequency band. Which action is most effective?

A) Move clients to the 5 GHz band
B) Reduce MTU size
C) Enable Telnet on access points
D) Increase DHCP lease time

Answer: A) Move clients to the 5 GHz band

Explanation:

A) Moving clients to the 5 GHz Wi-Fi band reduces congestion and interference associated with the heavily used 2.4 GHz spectrum. The 2.4 GHz band has fewer non-overlapping channels and is prone to interference from devices like microwaves, Bluetooth devices, and older wireless equipment. The 5 GHz band offers more channels, higher data rates, and reduced interference, which improves throughput and lowers latency, particularly for high-density environments such as offices, auditoriums, and campus networks. While 5 GHz has a shorter range and higher attenuation through walls, strategically deploying access points ensures adequate coverage and maximizes performance. Shifting clients to 5 GHz also benefits latency-sensitive applications such as VoIP, video conferencing, and streaming services. Network administrators can combine band steering, dual-band access points, and load balancing to automatically encourage capable devices to connect to 5 GHz, optimizing spectrum utilization and user experience.

B) Reducing MTU size changes the maximum packet size for transmissions. While it can reduce fragmentation in certain scenarios, it does not reduce congestion or interference on wireless networks. MTU adjustments primarily affect Layer 3 packet handling and do not optimize RF performance.

C) Enabling Telnet on access points allows remote management but has no effect on performance, congestion, or interference. Telnet is a management protocol and does not impact client connectivity or throughput.

D) Increasing DHCP lease time reduces the frequency of IP address renewals but does not affect network congestion or RF interference. DHCP lease adjustments are related to IP management, not wireless performance.

Moving clients to the 5 GHz band directly addresses interference and congestion while improving throughput and latency, making it the correct choice.

Question 186

A network engineer wants to improve wireless network performance in a high-density office environment where many devices are connected to the same access point. Which action is most effective?

A) Deploy additional access points with proper channel planning
B) Increase DHCP lease time
C) Reduce MTU size
D) Enable Telnet on the access points

Answer: A) Deploy additional access points with proper channel planning

Explanation:

A) Deploying additional access points (APs) and implementing proper channel planning is the most effective method to improve wireless network performance in high-density environments. In crowded areas, too many devices competing for the same AP or overlapping channels can lead to congestion, high latency, packet loss, and degraded throughput. By adding APs strategically and assigning non-overlapping channels for each AP, the network can distribute clients more evenly, reduce contention, and improve overall performance. Proper channel planning also minimizes co-channel and adjacent-channel interference, which are common in dense environments. Advanced techniques like band steering can encourage dual-band clients to use the 5 GHz spectrum, further reducing congestion in the crowded 2.4 GHz band. Additional APs combined with load balancing ensure that clients are connected to the optimal AP based on signal strength and utilization. Enterprise wireless networks often use a controller-based approach to dynamically manage AP channels and transmit power to maximize coverage while reducing interference. This approach improves user experience, enables faster data rates, and ensures that latency-sensitive applications like VoIP, video conferencing, and real-time collaboration function smoothly in high-density scenarios. Proper deployment planning is critical, including site surveys to determine coverage, interference sources, and optimal AP placement.

B) Increasing DHCP lease time reduces the frequency of IP address renewals. While this reduces DHCP server load and slightly decreases broadcast traffic related to address renewal, it does not improve wireless throughput, reduce congestion, or address interference issues in high-density environments. The action mainly affects IP management rather than RF performance.

C) Reducing MTU size changes the maximum transmission unit for packets. Although smaller MTUs can prevent fragmentation in certain network segments, this adjustment does not alleviate wireless congestion caused by multiple clients competing for airtime. MTU changes primarily impact Layer 3 efficiency rather than RF spectrum contention or wireless channel utilization.

D) Enabling Telnet on access points allows remote management and monitoring. While it can help administrators configure and troubleshoot APs, Telnet itself does not influence throughput, congestion, interference, or client distribution. It is purely a management protocol and does not optimize high-density performance.

Deploying additional access points with proper channel planning addresses both client density and interference, directly improving network performance, making it the correct choice.

Question 187

 A network administrator wants to reduce broadcast traffic across multiple segments and improve overall network efficiency. Which technology should be implemented?

A) VLANs
B) STP
C) LACP
D) Port security

Answer: A) VLANs

Explanation:

A) VLANs (Virtual Local Area Networks) are the primary method for reducing broadcast traffic by segmenting a single physical network into multiple logical networks, each representing a separate broadcast domain. Broadcast frames sent within a VLAN are confined to that VLAN, preventing them from reaching devices in other VLANs and thereby reducing unnecessary network congestion. By segmenting networks based on departments, functions, or security levels, administrators can improve efficiency, performance, and manageability. VLANs also enhance security by isolating sensitive traffic, so unauthorized devices in one VLAN cannot directly access resources in another without a Layer 3 route or firewall rule. VLANs are scalable and can be dynamically configured to adapt to changing network needs, allowing administrators to move users or devices between VLANs without physical reconfiguration. They are also compatible with trunking protocols such as IEEE 802.1Q, which allow multiple VLANs to traverse a single uplink, preserving bandwidth while maintaining segmentation. By isolating broadcast traffic and controlling which devices receive which frames, VLANs prevent broadcast storms from affecting the entire network, improve overall throughput, and support efficient use of network resources. VLANs are often combined with QoS policies, ACLs, and monitoring tools to prioritize critical traffic, manage congestion, and maintain network stability.

B) STP (Spanning Tree Protocol) prevents loops in redundant Layer 2 topologies by blocking redundant paths. While STP is essential for preventing broadcast storms caused by loops, it does not reduce the amount of legitimate broadcast traffic within a VLAN or segment the network logically. Its focus is loop prevention, not traffic management.

C) LACP (Link Aggregation Control Protocol) combines multiple physical links into a single logical link to increase bandwidth and provide redundancy. While LACP improves throughput between switches, it does not reduce broadcast traffic or isolate broadcast domains. Without VLANs, all broadcast frames still propagate across the Layer 2 network.

D) Port security restricts access to switch ports based on MAC addresses, preventing unauthorized devices from connecting. While it enhances security, it does not affect broadcast traffic or network efficiency because it does not segment or limit the flow of legitimate traffic.

VLANs are the only solution that isolates broadcast domains, reduces broadcast traffic propagation, and improves overall network efficiency, making them the correct choice.

Question 188

 A network engineer wants to ensure high availability between two switches by combining multiple links while preventing a single link failure from disrupting traffic. Which protocol should be implemented?

A) Link Aggregation Control Protocol (LACP)
B) STP
C) VLAN trunking
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP allows multiple physical links to be bundled into a single logical link, known as a Link Aggregation Group (LAG). This increases bandwidth and ensures redundancy because if one physical link fails, the remaining links in the aggregation continue to carry traffic, maintaining connectivity without disruption. LACP dynamically negotiates link aggregation with compatible switches, ensuring proper configuration and preventing misconfigurations that could lead to performance issues. Traffic distribution is typically based on a hashing algorithm using MAC addresses, IP addresses, or sessions to balance load evenly across available links. LACP also provides automatic failover, so administrators do not need to manually intervene when a link goes down. This makes it ideal for core or distribution links, uplinks to servers, or data center environments where high throughput and reliability are required. LACP improves scalability, resilience, and performance, allowing organizations to leverage multiple links efficiently without wasting redundant bandwidth. When combined with STP, LACP links do not interfere with loop prevention, as STP can detect and block redundant paths if needed.

B) STP prevents loops in Layer 2 networks but does not aggregate multiple links for higher bandwidth. While necessary for stability, STP alone does not provide redundancy that increases throughput.

C) VLAN trunking allows multiple VLANs to traverse a single link, improving traffic segmentation. While it helps organize traffic, it does not increase bandwidth or provide automatic failover across multiple physical links.

D) Port security restricts access to switch ports based on MAC addresses, providing endpoint-level security. While useful for preventing unauthorized devices from connecting, it does not enhance bandwidth, redundancy, or link availability.

LACP is the only protocol that combines multiple links for both increased bandwidth and redundancy, making it the correct choice.

Question 189

A network administrator wants to capture and analyze traffic from multiple switch ports without impacting normal network operations. Which solution should be implemented?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) LACP

Answer: A) SPAN/mirror port

Explanation:

A) SPAN, or Switched Port Analyzer, allows administrators to replicate traffic from one or more source ports or VLANs to a designated monitoring port. This enables packet capture using tools such as Wireshark without interrupting normal network operations. SPAN is crucial for troubleshooting issues like latency, packet loss, misconfigurations, and performance bottlenecks. It supports multiple source ports, bidirectional traffic, and even entire VLAN monitoring. Since SPAN operates passively, it does not introduce additional latency or affect production traffic. Administrators can analyze application behavior, validate QoS policies, detect anomalies, and troubleshoot security incidents without affecting end users. SPAN is essential in enterprise, campus, and data center networks where capturing traffic on critical links is required for diagnostics, auditing, or forensic analysis. Properly configured SPAN ports enable proactive problem detection, performance optimization, and improved operational insight, all while maintaining uninterrupted network service.

B) VLAN trunking allows multiple VLANs to traverse a single link between switches. While important for traffic segmentation and transport, it does not replicate traffic for analysis or troubleshooting. Its primary function is logical transport, not monitoring.

C) STP prevents Layer 2 loops by blocking redundant paths. While necessary for network stability, it does not provide traffic visibility or analysis capabilities.

D) LACP aggregates multiple physical links for increased bandwidth and redundancy. While it improves throughput and fault tolerance, it does not replicate traffic or provide packet-level analysis.

SPAN/mirror ports are the only solution that allows detailed traffic analysis without disrupting normal network operations, making it the correct choice.

Question 190

 A network administrator wants to reduce congestion and interference in a wireless network by moving devices to a less crowded frequency band. Which action is most effective?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Reduce MTU size
D) Enable Telnet on access points

Answer: A) Move clients to the 5 GHz band

Explanation:

A) Moving clients to the 5 GHz Wi-Fi band reduces congestion and interference by shifting devices away from the crowded 2.4 GHz spectrum, which has fewer non-overlapping channels and is shared with other devices like Bluetooth devices, microwave ovens, and older wireless equipment. The 5 GHz band provides more channels, higher throughput, and lower latency, which is especially important in high-density environments like offices, classrooms, or conference rooms. Although 5 GHz signals have a shorter range and higher attenuation through walls, proper access point placement ensures adequate coverage while maximizing performance. Band steering can encourage dual-band clients to connect to 5 GHz automatically. By reducing co-channel and adjacent-channel interference, moving clients to 5 GHz improves overall network efficiency, ensures better performance for latency-sensitive applications such as VoIP and video streaming, and enhances user experience. This approach is fundamental in enterprise wireless design to balance load, optimize throughput, and maintain reliable service in high-density deployments.

B) Increasing DHCP lease time reduces the frequency of IP renewals, which slightly decreases broadcast traffic for address renewals, but it does not reduce congestion or interference on the wireless medium. DHCP lease time impacts IP management, not RF spectrum performance.

C) Reducing MTU size changes the maximum packet size for network transmissions. While it may reduce fragmentation in certain situations, it does not address wireless congestion or interference and has little impact on Wi-Fi performance.

D) Enabling Telnet on access points allows remote management but does not influence congestion, interference, or throughput. It is a management protocol and does not optimize client connections or RF performance.

Moving clients to the 5 GHz band directly addresses congestion and interference, improves throughput, and ensures better latency for critical applications, making it the correct choice.

Question 191

A network administrator wants to prevent unauthorized devices from accessing a network while allowing legitimate devices to move between switch ports without manual configuration. Which solution should be implemented?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) DHCP snooping
D) LACP

Answer: A) Port security with sticky MAC addresses

Explanation

A) Port security with sticky MAC addresses provides a mechanism for restricting access to a switch port based on the MAC addresses of connected devices. The “sticky” functionality allows the switch to dynamically learn the MAC addresses of devices on a port and store them in the running configuration. This means authorized devices can move between ports without requiring manual updates, making management much easier in environments with mobile endpoints, such as offices, classrooms, or labs. If an unauthorized device attempts to connect, the switch can take predefined actions such as shutting down the port, restricting traffic, or generating an alert, thereby preventing potential network breaches. This approach improves network security by ensuring only known devices gain access, mitigating risks such as man-in-the-middle attacks, rogue device connections, or MAC spoofing. Sticky MAC addresses also complement DHCP snooping and Dynamic ARP Inspection (DAI) to provide a layered security model, protecting both device access and IP integrity. Administrators can configure different violation modes (protect, restrict, shutdown) depending on the security requirements of the network segment, allowing for flexible but effective endpoint enforcement. Port security with sticky MAC addresses is particularly useful in medium to large enterprise networks because it balances security and operational flexibility, reducing administrative overhead while maintaining robust access control.

B) VLAN trunking allows multiple VLANs to share a single physical link, effectively segmenting traffic for efficiency and security. However, trunking does not control access at the device level; it does not prevent unauthorized devices from connecting to a port. VLANs primarily manage broadcast domains and traffic segmentation but do not enforce endpoint authentication. While VLANs are essential for logical segmentation, they do not address MAC-based access restrictions.

C) DHCP snooping prevents unauthorized DHCP servers from assigning IP addresses to clients. While critical for securing IP address allocation and preventing rogue servers, it does not prevent unauthorized devices from physically connecting to a switch port. DHCP snooping validates DHCP messages but is insufficient alone to enforce device-level access control.

D) LACP aggregates multiple physical links into a single logical connection to increase bandwidth and provide redundancy. While LACP enhances throughput and resiliency, it does not provide security mechanisms for authenticating connected devices. Its primary function is link performance and failover rather than network access control.

Port security with sticky MAC addresses is the only solution that dynamically authenticates devices, prevents unauthorized access, and supports device mobility, making it the correct choice.

Question 192

A network engineer wants to prevent broadcast storms and Layer 2 loops in a network with redundant switch paths. Which protocol should be implemented?

A) Spanning Tree Protocol (STP)
B) VLAN trunking
C) LACP
D) Port security

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) STP is specifically designed to prevent Layer 2 loops in Ethernet networks. Loops can occur when redundant paths exist between switches, causing broadcast frames to circulate indefinitely. This can result in broadcast storms, MAC table instability, and network outages. STP dynamically elects a root bridge and calculates the shortest path to it, placing redundant paths into a blocking state to maintain a loop-free topology. If a primary path fails, STP recalculates the topology and activates blocked paths to maintain connectivity, ensuring high availability. Rapid STP (RSTP) enhances convergence time, allowing networks to recover from failures in seconds instead of minutes, which is critical in enterprise networks for uptime and application performance. STP integrates with VLANs using PVST (Per VLAN Spanning Tree) to prevent loops on a per-VLAN basis, providing granular control over traffic and isolation of broadcast domains. STP is essential for stable Layer 2 network operation, especially when combined with features like LACP or port aggregation to prevent loops while supporting redundancy. STP ensures that broadcast traffic flows predictably, loops are eliminated, and network reliability is maintained.

B) VLAN trunking allows multiple VLANs to share a single physical link, effectively segmenting traffic into separate broadcast domains. While VLANs reduce the impact of broadcasts, they do not prevent loops in redundant Layer 2 topologies. Trunking handles logical traffic separation but does not manage physical path redundancy.

C) LACP aggregates multiple links for increased bandwidth and redundancy. While it improves throughput and link failover, it does not prevent loops. Without STP, redundant LACP links can cause broadcast storms or MAC table instability. LACP is complementary to STP but cannot replace it.

D) Port security restricts access to a port based on MAC addresses, enhancing endpoint security. While useful for preventing unauthorized device access, it does not address Layer 2 loops or broadcast storms. Port security operates at the access layer and does not manage network topology or redundancy.

STP is the only protocol specifically designed to prevent loops and broadcast storms while supporting redundancy, making it the correct choice.

Question 193

A network administrator wants to ensure that only authorized DHCP servers provide IP addresses to clients on a network. Which feature should be implemented?

A) DHCP snooping
B) VLAN trunking
C) STP
D) LACP

Answer: A) DHCP snooping

Explanation

A) DHCP snooping is a network security feature that identifies and trusts authorized DHCP servers while blocking unauthorized servers from assigning IP addresses. Switch ports connected to legitimate DHCP servers are marked as trusted, while all other ports are considered untrusted. DHCP snooping inspects DHCP messages—Discover, Offer, Request, and ACK—to ensure proper IP allocation. It maintains a binding table of MAC addresses, IP addresses, VLANs, and port numbers, which can be leveraged by additional security mechanisms such as IP Source Guard and Dynamic ARP Inspection to prevent IP spoofing and man-in-the-middle attacks. By preventing rogue DHCP servers from distributing incorrect IP addresses, DHCP snooping protects the network from conflicts, service disruptions, and unauthorized access. It is especially critical in enterprise, campus, or public environments where unauthorized devices could compromise network stability. DHCP snooping integrates with other network security features like port security, VLAN segmentation, and SPAN monitoring to provide a layered defense approach. This feature allows administrators to enforce IP policies and maintain consistent network configuration across large deployments without requiring manual IP management.

B) VLAN trunking allows multiple VLANs to share a single physical link. While it effectively segments traffic, it does not control which DHCP servers can assign IP addresses. VLANs are focused on logical separation and broadcast containment rather than DHCP security.

C) STP prevents Layer 2 loops by blocking redundant paths. While critical for stability, STP does not validate DHCP messages or prevent rogue servers from issuing IP addresses. It operates at Layer 2 and addresses topology, not IP allocation.

D) LACP aggregates multiple physical links into a single logical link for higher bandwidth and redundancy. While useful for throughput and failover, it does not prevent unauthorized DHCP servers or manage IP assignments.

DHCP snooping is the only solution designed to ensure only trusted DHCP servers provide IP addresses, making it the correct choice.

Question 194

A network engineer wants to monitor traffic on specific switch ports without interrupting normal operations. Which solution should be implemented?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) LACP

Answer: A) SPAN/mirror port

Explanation:

A) SPAN (Switched Port Analyzer) allows administrators to replicate traffic from one or more source ports or VLANs to a designated monitoring port. This enables traffic capture using tools such as Wireshark or network analyzers without affecting normal network operations. SPAN supports multiple source ports, bidirectional traffic monitoring, and even entire VLAN replication. By capturing packets non-disruptively, administrators can troubleshoot latency, packet loss, misconfigurations, and application performance issues. SPAN is widely used in enterprise networks for proactive monitoring, auditing, and forensic analysis. It provides visibility into critical traffic flows and allows detailed examination of protocols, errors, and anomalies. SPAN operates passively, ensuring that production traffic is unaffected and network performance remains stable. Properly configured SPAN ports help administrators detect security breaches, monitor bandwidth usage, and validate QoS policies without impacting end-users. It is especially valuable in high-density or mission-critical networks where taking live links offline for troubleshooting is impractical.

B) VLAN trunking allows multiple VLANs to share a single link between switches. While it segments traffic, it does not replicate traffic for monitoring or analysis. Trunking manages traffic transport, not network diagnostics.

C) STP prevents Layer 2 loops by blocking redundant paths. While necessary for stability, it does not provide visibility or allow packet-level analysis. STP’s purpose is to maintain a loop-free topology, not traffic monitoring.

D) LACP aggregates links to increase bandwidth and provide redundancy. While beneficial for throughput and fault tolerance, LACP does not replicate traffic or allow packet capture for analysis.

SPAN/mirror ports are the only solution that enables non-disruptive traffic capture for troubleshooting, making it the correct choice.

Question 195

A network administrator wants to improve wireless performance in a congested environment by moving clients to a less crowded frequency band. Which action is most effective?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Reduce MTU size
D) Enable Telnet on access points

Answer: A) Move clients to the 5 GHz band

Explanation:

A) Moving clients to the 5 GHz band reduces congestion and interference caused by the overcrowded 2.4 GHz spectrum. The 2.4 GHz band has only three non-overlapping channels and is shared with devices like Bluetooth equipment, microwaves, and legacy Wi-Fi devices, leading to co-channel and adjacent-channel interference. The 5 GHz band offers more non-overlapping channels, higher throughput, and lower latency, making it ideal for high-density environments such as offices, schools, or conference centers. Although 5 GHz signals attenuate faster through walls, careful access point placement ensures adequate coverage. Band steering encourages dual-band devices to connect to the 5 GHz spectrum, balancing client distribution across frequencies. This approach improves throughput, reduces packet collisions, and enhances latency-sensitive applications like VoIP, video conferencing, and streaming. Combined with load balancing and controller-based RF management, moving clients to 5 GHz optimizes wireless spectrum usage, minimizes interference, and improves overall user experience.

B) Increasing DHCP lease time slightly reduces the frequency of IP address renewals, decreasing DHCP-related broadcast traffic. However, this action does not reduce RF congestion or interference on wireless networks and has little impact on client throughput.

C) Reducing MTU size affects maximum packet size at Layer 3, potentially preventing fragmentation. While relevant for certain network conditions, it does not improve Wi-Fi performance, reduce congestion, or alleviate interference.

D) Enabling Telnet on access points allows remote management but does not influence wireless performance, congestion, or interference. Telnet is a management protocol and has no impact on client connectivity or throughput.

Moving clients to the 5 GHz band directly reduces interference, balances spectrum usage, and improves wireless performance, making it the correct choice.

Question 196

A network administrator wants to isolate broadcast traffic, improve security, and segment a network logically without adding additional physical switches. Which technology should be implemented?

A) VLANs
B) LACP
C) STP
D) Port security

Answer: A) VLANs

Explanation:

A) VLANs, or Virtual Local Area Networks, provide a method for logically segmenting a physical network into multiple independent broadcast domains. Each VLAN acts as a separate Layer 2 network, so broadcast traffic, multicasts, and ARP requests are contained within the VLAN and do not propagate to other VLANs. This segmentation reduces unnecessary traffic on unrelated devices, improving overall network performance. VLANs enhance security by isolating groups of devices—such as separating guest networks from corporate resources or different departments—making it harder for unauthorized users to access sensitive data. VLANs also simplify network management because users can be moved between VLANs without physically rewiring the network; administrators can assign VLAN membership via switch port configuration or dynamic VLAN assignment using protocols like 802.1X. They are essential in modern enterprise environments for improving performance, enforcing security policies, and supporting scalable, manageable networks. Advanced features like Private VLANs provide further isolation within the same VLAN while still allowing controlled access to shared resources. VLANs also work in conjunction with Layer 3 routing to allow selective communication between VLANs while maintaining security boundaries. They support Quality of Service (QoS) by prioritizing critical traffic and can be used with monitoring tools to optimize performance and prevent congestion. Implementing VLANs without adding switches reduces hardware costs and provides flexibility for network expansion.

B) LACP (Link Aggregation Control Protocol) combines multiple physical links between devices into a single logical link to increase throughput and provide redundancy. While beneficial for bandwidth and failover, LACP does not segment networks or isolate broadcast domains. LACP addresses link-level performance rather than logical traffic management, so broadcast traffic is still visible across the same VLANs unless VLANs are also configured.

C) STP (Spanning Tree Protocol) prevents loops in Layer 2 networks by blocking redundant paths. While crucial for stability, STP does not isolate broadcast domains or improve security; it only ensures a loop-free topology. Broadcast traffic in an STP-enabled network still propagates across all ports in the same VLAN.

D) Port security restricts which devices can connect to a switch port based on MAC addresses, preventing unauthorized access. While it enhances endpoint-level security, it does not segment the network or reduce broadcast traffic. Port security protects access points rather than logically separating traffic.

VLANs are the only solution that combines logical segmentation, broadcast isolation, and security enhancements without adding additional physical hardware, making them the correct choice.

Question 197

 A network engineer wants to combine multiple physical links between two switches to increase bandwidth and ensure redundancy. Which protocol should be implemented?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation

A) LACP allows administrators to bundle multiple physical Ethernet links between switches into a single logical link, referred to as a Link Aggregation Group (LAG). This increases the available bandwidth because traffic is distributed across all links in the group based on a hashing algorithm using MAC addresses, IP addresses, or Layer 4 port numbers. LACP also provides redundancy: if one link in the aggregation fails, the remaining links continue to carry traffic, preventing network disruption. LACP supports dynamic negotiation between compatible switches, ensuring proper aggregation and compatibility. This protocol is commonly used in core, distribution, and server uplinks where high throughput and fault tolerance are required. By distributing traffic across multiple links and providing automatic failover, LACP prevents bottlenecks while maintaining link resiliency. LACP integrates with STP, ensuring that loops are still prevented while allowing multiple links to be active, maximizing both performance and network stability. In enterprise networks, LACP reduces the need for oversubscription on uplinks and improves scalability by allowing administrators to add or remove links from the aggregation without service interruption.

B) VLANs segment a network into multiple broadcast domains to improve security and reduce congestion. While VLANs enhance traffic management and isolation, they do not combine links for higher bandwidth or provide link-level redundancy. VLANs manage logical separation rather than link aggregation.

C) STP prevents loops in Layer 2 networks but does not aggregate links for increased throughput. Without LACP, multiple physical links may be blocked by STP to prevent loops, wasting available bandwidth. STP ensures stability, not performance improvement.

D) Port security restricts access to switch ports based on MAC addresses, enhancing endpoint-level security. While useful for preventing unauthorized device connections, it does not increase bandwidth or provide redundancy across multiple links.

LACP is the only protocol that simultaneously provides link aggregation and redundancy, making it the correct choice.

Question 198

A network administrator wants to prevent rogue DHCP servers from assigning incorrect IP addresses. Which feature should be implemented?

A) DHCP snooping
B) VLAN trunking
C) STP
D) LACP

Answer: A) DHCP snooping

Explanation:

A) DHCP snooping is a security feature that ensures only authorized DHCP servers can provide IP addresses to clients. The switch marks ports connected to trusted DHCP servers and inspects DHCP messages received on untrusted ports, filtering out any rogue offers. DHCP snooping maintains a binding table containing IP addresses, MAC addresses, VLANs, and switch ports, which can be leveraged by additional security features like IP Source Guard and Dynamic ARP Inspection. By preventing unauthorized servers from assigning IP addresses, DHCP snooping reduces the risk of IP conflicts, network disruption, and unauthorized access. It is particularly important in environments with multiple DHCP servers or public networks where rogue servers could easily appear. DHCP snooping can be implemented per VLAN, allowing administrators to apply security policies selectively and maintain network integrity while supporting mobility and dynamic IP allocation. It integrates well with port security, VLAN segmentation, and SPAN monitoring, providing a layered security model that prevents unauthorized access at both the network and IP configuration levels. DHCP snooping improves reliability and trustworthiness in enterprise, campus, and public networks by ensuring consistent and secure IP assignment.

B) VLAN trunking allows multiple VLANs to share a single physical link. While VLANs manage broadcast domains and traffic segmentation, trunking does not validate DHCP servers or prevent rogue IP assignments. VLANs handle logical separation, not DHCP security.

C) STP prevents Layer 2 loops by blocking redundant paths. While essential for network stability, STP does not monitor or control DHCP server activity. Loops may be prevented, but IP address security is not addressed.

D) LACP aggregates multiple physical links to increase bandwidth and redundancy. While it enhances throughput and failover, LACP does not enforce DHCP server validation or prevent rogue devices from assigning IP addresses.

DHCP snooping is the only feature designed to protect against unauthorized DHCP servers, making it the correct choice.

Question 199

A network engineer wants to capture traffic from specific switch ports without affecting normal network operations. Which solution should be implemented?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) LACP

Answer: A) SPAN/mirror port

Explanation:

A) SPAN, or Switched Port Analyzer, is a method to replicate traffic from one or more source ports or VLANs to a designated monitoring port. This allows administrators to capture packets using network analysis tools like Wireshark without impacting the normal flow of traffic. SPAN supports bidirectional monitoring, multiple source ports, and even entire VLANs, providing comprehensive visibility into network operations. By passively copying traffic, SPAN ensures no additional latency or disruption occurs on production ports, making it ideal for troubleshooting, auditing, or forensic analysis. Administrators can use SPAN to investigate latency issues, packet loss, misconfigurations, or security anomalies. It is particularly useful in high-density or enterprise environments where taking links offline for analysis would disrupt operations. SPAN can be combined with logging, alerting, and QoS monitoring to provide actionable insights into network behavior and optimize performance. Properly deployed, SPAN allows proactive detection of issues and helps maintain service quality without affecting end-users or applications.

B) VLAN trunking allows multiple VLANs to traverse a single link between switches. While trunking is critical for carrying segmented traffic, it does not provide the ability to replicate or monitor traffic for analysis. Trunking focuses on transport rather than visibility.

C) STP prevents Layer 2 loops by blocking redundant paths. While it is essential for topology stability, it does not provide insight into traffic patterns or facilitate monitoring. STP’s purpose is network reliability, not analysis.

D) LACP aggregates multiple physical links to improve throughput and redundancy. While LACP increases bandwidth, it does not replicate traffic for monitoring or analysis. Its focus is performance, not visibility.

SPAN/mirror ports are the only solution that enables non-disruptive traffic capture and detailed analysis, making it the correct choice.

Question 200

A network administrator wants to reduce wireless interference and improve performance in a high-density office by moving clients to a less congested frequency band. Which action is most effective?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Reduce MTU size
D) Enable Telnet on access points

Answer: A) Move clients to the 5 GHz band

Explanation

A) Moving clients to the 5 GHz Wi-Fi band is the most effective method to reduce congestion and interference. The 2.4 GHz band is crowded, with only three non-overlapping channels and widespread interference from devices such as Bluetooth, microwaves, and legacy Wi-Fi equipment. The 5 GHz band offers more channels, higher throughput, and lower latency, improving performance in high-density environments. Though 5 GHz signals attenuate faster and have shorter range, careful placement of access points ensures coverage while minimizing co-channel and adjacent-channel interference. Band steering encourages dual-band capable devices to connect to 5 GHz automatically, balancing client load across frequency bands. This strategy optimizes spectrum usage, reduces collisions, and ensures better throughput for latency-sensitive applications like VoIP, video conferencing, and streaming. Access point placement, transmit power management, and channel selection further enhance performance in high-density deployments, making 5 GHz the preferred band for performance-critical applications. By moving clients to 5 GHz, network administrators can achieve reduced interference, improved bandwidth utilization, and overall better wireless experience.

B) Increasing DHCP lease time reduces the frequency of address renewals, slightly decreasing DHCP broadcast traffic. However, it does not reduce RF interference or improve wireless throughput.

C) Reducing MTU size affects Layer 3 packet size but does not address wireless congestion or interference. MTU changes may help in certain fragmentation scenarios but have negligible impact on Wi-Fi performance.

D) Enabling Telnet on access points allows remote management but does not influence congestion, interference, or wireless throughput. It is strictly a management protocol and does not improve client connectivity or spectrum utilization.

Moving clients to the 5 GHz band directly reduces interference, increases throughput, and enhances user experience, making it the correct choice.