CompTIA  N10-009  Network+  Exam Dumps and Practice Test Questions Set 4 Q61-80

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 61

A network administrator wants to segment traffic on a single physical switch to improve security and limit broadcast domains. Which feature should be implemented?

A) VLAN
B) STP
C) Port mirroring
D) DHCP snooping

Answer: A) VLAN

Explanation:

A) Virtual LANs allow logical segmentation of network devices on a single switch regardless of their physical location. By creating separate broadcast domains, VLANs reduce unnecessary traffic, contain potential broadcast storms, and improve security by isolating groups of devices. Policies can be applied per VLAN to restrict access to sensitive resources. VLANs are highly flexible, allowing administrators to reorganize or expand logical networks without changing physical infrastructure. This makes VLANs an effective method to segment traffic for both performance and security purposes.

B) Preventing loops in a switching environment ensures network stability but does not logically separate devices into different broadcast domains. Spanning Tree Protocol protects against loops but does not segment traffic or enhance security through isolation.

C) Copying network traffic to a monitoring port provides visibility into communications but does not reduce broadcast domains or separate traffic. Port mirroring is a diagnostic tool, not a traffic segmentation feature.

D) Validating DHCP requests protects against rogue servers and ensures correct address assignment but does not logically separate traffic or limit broadcasts. DHCP snooping addresses security at the address-assignment layer, not broadcast domain management.

VLANs are specifically designed to divide traffic logically and reduce broadcast domains, making the first choice correct.

Question 62

A network engineer notices that several wireless clients experience slow connections on a 2.4 GHz access point with many nearby networks. Which action would most effectively improve performance?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Enable Telnet on the AP
D) Reduce MTU size

Answer: A) Move clients to the 5 GHz band

Explanation:

A) The higher-frequency band provides more available channels and is less congested by common devices like microwaves, cordless phones, and neighboring 2.4 GHz networks. It allows higher data rates, reduced interference, and improved performance for clients in dense environments. Although the 5 GHz band has shorter range, careful access point placement ensures coverage while taking advantage of reduced co-channel interference, resulting in faster and more stable connections.

B) Extending IP address lease duration affects how often clients request network configuration but does not address wireless congestion or interference. It has no impact on throughput or signal quality.

C) Enabling remote command-line access allows administrative control but does not improve performance for clients experiencing slow connections. It does not influence radio frequency conditions.

D) Changing packet sizes affects fragmentation at the network layer but does not resolve interference or congestion on the wireless medium. MTU adjustments cannot mitigate channel overlap issues.

Moving devices to the less crowded 5 GHz spectrum directly addresses congestion and interference, making the first choice correct.

Question 63

A technician wants to prevent unauthorized devices from obtaining IP addresses from the DHCP server and connecting to the network. Which feature should be implemented?

A) DHCP snooping
B) Port security
C) VLAN trunking
D) STP

Answer: A) DHCP snooping

Explanation:

A) This feature inspects DHCP messages and only allows legitimate responses from trusted servers. Unauthorized devices cannot assign themselves or others addresses, preventing rogue devices from joining the network or performing man-in-the-middle attacks. It also builds a binding table linking MAC addresses, IP addresses, and switch ports, which can be used to enforce security policies. DHCP snooping protects the network at the address-assignment layer and ensures that only authenticated servers provide configuration to clients.

B) Restricting access to known MAC addresses controls which devices can attach to a port but does not specifically prevent unauthorized DHCP servers from operating. While port security limits physical access, DHCP snooping addresses rogue server threats.

C) Allowing multiple VLANs on a single trunk provides logical segmentation but does not prevent unauthorized devices from obtaining addresses or connecting. VLAN trunking is a traffic management feature, not an access control mechanism.

D) Preventing loops ensures stability in switching environments but does not affect IP address assignment or unauthorized device connection. STP protects against broadcast storms, not DHCP attacks.

Monitoring and validating DHCP transactions directly addresses unauthorized address assignment, making the first choice correct.

Question 64

A company wants to improve network performance by aggregating multiple physical links between two switches into a single logical connection. Which technology should be used?

A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) Spanning Tree Protocol (STP)
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) LACP allows multiple physical interfaces to be combined into a single logical link. This increases bandwidth between devices while providing redundancy—if one physical link fails, traffic continues on the remaining links. LACP also balances traffic across the available interfaces to optimize throughput and prevent congestion. This is particularly useful for connecting switches, servers, or network devices that require higher aggregate capacity without introducing loops or complexity.

B) Segregating traffic into logical groups provides isolation and broadcast containment but does not increase bandwidth between switches. VLANs manage traffic segmentation, not link aggregation.

C) Preventing loops in the network maintains stability but does not provide combined bandwidth or redundancy across multiple physical links. STP blocks redundant paths rather than aggregating them.

D) Restricting port access based on MAC addresses enforces security but does not affect throughput or link redundancy. Port security controls access, not capacity.

Combining multiple physical interfaces into a single logical connection for higher performance is achieved using LACP, making it the correct choice.

Question 65

A technician observes intermittent packet loss on a wireless network during heavy interference periods. Which method would best improve reliability for affected clients?

A) Enable 5 GHz band connectivity and reduce co-channel interference
B) Increase DHCP lease time
C) Configure Telnet access on the AP
D) Shorten IP address reservation intervals

Answer: A) Enable 5 GHz band connectivity and reduce co-channel interference

Explanation:

A) Switching clients to the 5 GHz band reduces interference from neighboring 2.4 GHz devices, cordless phones, and microwaves. The higher band offers more channels, less overlap, and better overall signal quality, reducing packet loss and improving reliability. Proper channel planning and access point placement further minimize co-channel and adjacent-channel interference, ensuring stable connectivity during peak usage or interference events.

B) Extending the time clients hold IP addresses has no effect on packet loss or interference. DHCP lease duration does not influence wireless signal integrity.

C) Enabling remote command-line access provides management capabilities but does not address performance or interference issues. Telnet or other management protocols cannot reduce wireless packet loss.

D) Shortening IP address reservation intervals does not improve transmission reliability and may increase administrative overhead. It affects address allocation rather than connectivity quality.

Reducing interference by using the less crowded 5 GHz spectrum directly mitigates packet loss and improves wireless reliability, making the first choice correct.

Question 66

A network engineer wants to monitor all traffic passing through a switch without interrupting network communication. Which solution should be implemented?

A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

A) Configuring a port to mirror traffic allows administrators to send a copy of all frames from one or more source ports to a monitoring device without impacting normal communication. This is useful for troubleshooting, intrusion detection, or performance analysis. Traffic is duplicated, not modified, so the original transmission remains unaffected. SPAN provides visibility into live network traffic and allows network engineers to analyze packets using tools like Wireshark, making it ideal for passive monitoring.

B) Allowing multiple VLANs on a trunk link facilitates traffic segregation across multiple logical networks but does not provide visibility into all traffic for monitoring purposes. VLAN trunking is for transport, not analysis.

C) Preventing loops in the network maintains stability but does not capture or mirror traffic for inspection. STP is a loop-prevention protocol and does not support traffic monitoring.

D) Validating DHCP messages secures address assignment but does not duplicate network traffic for analysis. DHCP snooping protects clients from rogue servers but does not provide general visibility.

A SPAN or mirror port is specifically designed to allow monitoring of traffic without affecting the live network, making the first choice correct.

Question 67

A company wants to allow remote users to access internal network resources securely from any internet connection. Which solution is best suited for this requirement?

A) Remote VPN
B) Public Wi-Fi
C) Static routing
D) NAT

Answer: A) Remote VPN

Explanation:

A) A remote VPN creates an encrypted tunnel from the user’s device to the corporate network, protecting all transmitted data. It provides authentication, confidentiality, and integrity, allowing users to securely access internal applications, file shares, and services as if they were physically on the network. VPN clients often include policies to restrict access based on user identity and device posture, ensuring secure connectivity over untrusted networks.

B) Using public wireless networks does not provide encryption or authentication for internal resources, leaving sensitive information exposed. Public Wi-Fi cannot guarantee secure access.

C) Defining static paths between networks facilitates routing but does not provide encryption or secure remote connectivity for individual users. Routing alone does not address security requirements.

D) Translating addresses allows devices to communicate with external networks but does not create a secure, encrypted connection. NAT cannot protect traffic between remote users and internal resources.

A remote VPN is the solution that ensures secure, encrypted access to internal resources from any internet connection, making it the correct choice.

Question 68

A network technician wants to prevent loops on a layer-two network with redundant paths. Which protocol should be implemented?

A) Spanning Tree Protocol (STP)
B) DHCP
C) NAT
D) VLAN

Answer: A) Spanning Tree Protocol (STP)

Explanation:

A) This protocol detects redundant paths in a switched network and blocks select interfaces to prevent broadcast storms and loops while maintaining at least one active path. If the primary path fails, STP recalculates the topology and activates blocked links, ensuring network availability without introducing loops. It is essential in environments with multiple interconnected switches to maintain a stable, loop-free network.

B) Dynamically assigning addresses ensures proper host configuration but does not prevent switching loops. DHCP operates at layer three and does not manage layer-two topology.

C) Translating addresses allows internal devices to communicate with external networks but does not address loops within a switching domain. NAT focuses on IP mapping, not network stability.

D) Separating traffic into logical domains improves segmentation but does not prevent loops. VLANs provide broadcast containment but require STP for loop prevention in redundant paths.

STP is designed specifically to detect and prevent loops in layer-two networks, making the first choice correct.

Question 69

A network engineer is designing a wireless network for a multi-story office building. The goal is to ensure full coverage and minimal interference. What is the first step the engineer should take?

A) Conduct a site survey
B) Increase DHCP lease time
C) Enable Telnet on APs
D) Reduce MTU size

Answer: A) Conduct a site survey

Explanation:

A) A site survey involves measuring signal strength, identifying interference sources, and mapping potential coverage areas. This allows proper placement of access points, selection of channels, and determination of required power levels. By analyzing the building’s materials, layout, and existing wireless environment, the engineer can design a network that provides reliable coverage, minimal interference, and optimal performance. This planning step prevents dead zones, reduces co-channel and adjacent-channel interference, and ensures efficient use of resources.

B) Extending IP address lease duration affects client address assignment but has no influence on wireless coverage or interference. DHCP settings do not improve signal quality.

C) Enabling remote management allows configuration access but does not affect coverage or interference. Telnet or similar protocols are management tools rather than planning steps.

D) Adjusting packet size affects fragmentation but does not influence wireless coverage, interference, or access point placement. MTU settings are irrelevant to RF planning.

Conducting a site survey provides the necessary information for a well-designed wireless deployment, making it the correct first step.

Question 70

A technician wants to prevent unauthorized devices from connecting to network ports but also allow for legitimate device changes without constant manual reconfiguration. Which solution achieves this?

A) Port security with sticky MAC addresses
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) Port security with sticky MAC addresses

Explanation:

A) Sticky MAC addresses allow the switch to dynamically learn connected device addresses and retain them as authorized entries. This allows legitimate devices to move or be replaced without administrative intervention while blocking unauthorized devices. If a new or unknown device connects, the switch can shut down the port or drop traffic, enforcing security while maintaining operational flexibility. This strikes a balance between security and ease of management, reducing administrative overhead while protecting the network from rogue devices.

B) Allowing multiple VLANs on a trunk link organizes traffic but does not prevent unauthorized devices from connecting to a port. Trunking handles transport rather than access control.

C) Preventing loops maintains network stability but does not enforce access control or restrict device connections. STP ensures network reliability but does not manage endpoint authorization.

D) Validating DHCP messages prevents rogue servers from assigning addresses but does not restrict physical connections to switch ports. DHCP snooping addresses address-assignment security, not access control at the port level.

Sticky MAC enforcement combines security and flexibility, making it the correct solution.

Question 71

A network engineer wants to test the maximum throughput between two servers in a data center to validate network performance. Which tool should be used?

A) iPerf
B) Ping
C) Traceroute
D) ARP

Answer: A) iPerf

Explanation:

A) This tool is specifically designed to measure network performance, including maximum throughput, latency, and jitter. By running one instance as a server and another as a client, iPerf generates controlled traffic to quantify the network’s capacity. It can use TCP or UDP, allowing testing of different traffic types and identifying bottlenecks. This is particularly useful in data center environments to validate network changes, test upgrades, or benchmark equipment performance. iPerf provides precise, repeatable results to help engineers understand the network’s true capabilities.

B) Sending echo requests verifies basic connectivity and round-trip time but does not measure maximum throughput or performance under load. Ping provides only simple diagnostic information, not bandwidth testing.

C) Displaying the path packets take to a destination helps identify routing issues but does not provide throughput measurements. Traceroute shows hop-by-hop latency, not sustained traffic performance.

D) Resolving MAC addresses helps with local device identification but does not measure network performance or throughput. ARP operates at the link layer and is unrelated to bandwidth testing.

iPerf is the tool purpose-built for performance measurement between endpoints, making it the correct choice.

Question 72

A company wants to segment its network to separate marketing, finance, and engineering traffic while minimizing broadcast domains. Which technology should be deployed?

A) VLANs
B) LACP
C) STP
D) DHCP snooping

Answer: A) VLANs

Explanation:

A) Virtual LANs allow logical separation of network devices into distinct broadcast domains regardless of physical switch location. Each department can be assigned its own VLAN, which reduces broadcast traffic, improves security, and simplifies management. Policies can be applied to control inter-VLAN communication, enabling granular access control between segments. VLANs also allow organizations to optimize performance by isolating high-traffic groups, making them ideal for departmental segmentation in enterprise environments.

B) Aggregating multiple links increases bandwidth but does not provide logical separation of traffic. LACP is focused on redundancy and throughput, not broadcast domain segmentation.

C) Preventing loops maintains stability but does not isolate traffic between departments. STP manages path selection and network reliability, not logical segmentation.

D) Validating DHCP assignments protects against rogue servers but does not separate network traffic or reduce broadcasts. DHCP snooping addresses security at the address-assignment layer, not traffic segmentation.

Logical segmentation to isolate departmental traffic and limit broadcast domains is achieved through VLANs, making the first choice correct.

Question 73

A technician is troubleshooting a fiber optic connection that shows intermittent failures. Inspection reveals the connectors are dirty. What is the proper corrective action?

A) Clean the fiber connectors with approved tools
B) Replace the entire switch
C) Increase MTU size
D) Disable Spanning Tree

Answer: A) Clean the fiber connectors with approved tools

Explanation:

A) Contaminants on fiber connectors cause signal attenuation, reflection, and intermittent loss. Cleaning the connectors with appropriate materials, such as lint-free wipes, alcohol, or specialized fiber cleaning kits, restores optical signal integrity and reliable communication. Regular maintenance of fiber connections is essential for optimal network performance. Proper cleaning reduces insertion loss and eliminates intermittent failures, making it the most direct and effective corrective action.

B) Replacing the switch is unnecessary when the problem lies in the connectors. This would be costly and ineffective if the hardware itself is functioning correctly.

C) Adjusting the MTU size affects how packets are transmitted but does not address physical-layer signal degradation caused by dirty connectors. MTU changes cannot fix optical signal quality.

D) Disabling loop-prevention protocols does not resolve connectivity issues caused by physical contamination. STP manages topology, not optical signal integrity.

Cleaning the fiber connectors directly resolves the cause of intermittent failures, making it the correct solution.

Question 74

 A network engineer wants to ensure that multicast traffic is delivered only to ports with devices that have requested it, preventing unnecessary flooding. Which feature should be enabled?

A) IGMP snooping
B) Port security
C) STP
D) DHCP snooping

Answer: A) IGMP snooping

Explanation:

A) IGMP snooping listens to group membership messages exchanged between hosts and multicast routers. By tracking which ports have devices that want to receive specific multicast streams, the switch forwards traffic only to those ports. This prevents unnecessary flooding of multicast traffic to ports where it is not needed, optimizing bandwidth usage and improving network efficiency. It is especially useful for streaming media, IPTV, or other multicast-dependent applications in enterprise networks.

B) Controlling port access based on MAC addresses secures the network but does not manage multicast traffic distribution. Port security cannot selectively forward multicast frames.

C) Preventing loops ensures stable switching operation but does not control which ports receive multicast traffic. STP focuses on loop prevention, not traffic optimization.

D) Validating DHCP messages prevents rogue servers from assigning addresses but does not affect multicast distribution. DHCP snooping addresses security at the address-assignment layer, not traffic forwarding.

The mechanism designed specifically to limit multicast forwarding to only interested devices is IGMP snooping, making it the correct choice.

Question 75

A technician wants to measure network latency, jitter, and packet loss between two endpoints in order to troubleshoot VoIP call quality issues. Which tool is most appropriate?

A) iPerf
B) Netstat
C) ARP
D) Traceroute

Answer: A) iPerf

Explanation:

A) iPerf can generate controlled traffic between two endpoints and measure performance metrics such as latency, jitter, and packet loss. These metrics are crucial for assessing the quality of real-time applications like VoIP, which are sensitive to delays and variations in delivery. By using TCP or UDP streams, administrators can evaluate network behavior under different loads and determine whether congestion or other issues are impacting voice quality. iPerf provides quantitative results that help identify bottlenecks and optimize network performance.

B) Monitoring active connections shows which applications are using network resources but does not measure latency, jitter, or packet loss. Netstat provides connection information, not performance metrics.

C) Resolving MAC addresses helps with local device identification but does not measure end-to-end network performance. ARP operates only at the link layer.

D) Displaying the path packets take shows hop-by-hop latency but does not provide sustained throughput, jitter, or packet loss statistics. Traceroute is useful for path analysis, not detailed performance testing.

Measuring comprehensive network performance metrics for VoIP troubleshooting requires iPerf, making it the correct choice.

Question 76

A network administrator wants to prevent unauthorized devices from sending DHCP server responses on a switch. Which feature should be enabled?

A) DHCP snooping
B) Port security
C) VLAN trunking
D) STP

Answer: A) DHCP snooping

Explanation:

A) This feature inspects DHCP messages and allows only trusted DHCP servers to assign addresses. It builds a binding table mapping MAC addresses, IP addresses, and switch ports, which ensures that clients only receive configuration from legitimate servers. Unauthorized devices cannot provide DHCP responses, preventing IP address spoofing and man-in-the-middle attacks. DHCP snooping is a security measure at the layer-three level that protects the network from rogue servers and ensures clients obtain valid IP configurations.

B) Restricting devices based on MAC addresses limits which devices can connect to a port but does not prevent rogue DHCP servers from responding to clients. Port security addresses access control, not DHCP server validation.

C) Allowing multiple VLANs on a trunk link facilitates traffic segregation but does not enforce DHCP security. VLAN trunking is for transporting traffic, not controlling DHCP responses.

D) Preventing loops ensures stability in a switching environment but does not prevent unauthorized DHCP servers from assigning addresses. STP protects against broadcast storms, not rogue DHCP.

DHCP snooping specifically validates DHCP traffic and prevents unauthorized assignment, making it the correct choice.

Question 77

A technician needs to combine multiple physical links between two switches to increase bandwidth while providing redundancy. Which protocol should be used?
A) Link Aggregation Control Protocol (LACP)
B) VLAN
C) STP
D) Port security

Answer: A) Link Aggregation Control Protocol (LACP)

Explanation:

A) Link Aggregation Control Protocol (LACP) is a standardized protocol, defined in IEEE 802.3ad (and later IEEE 802.1AX), that allows multiple physical network interfaces to be combined into a single logical link. This process, commonly referred to as link aggregation or port channeling, provides both increased bandwidth and redundancy. By combining multiple links, traffic can be distributed across all member ports, effectively multiplying the available throughput between switches. For example, aggregating four 1 Gbps links can theoretically provide up to 4 Gbps of total bandwidth, significantly improving network performance for high-demand environments such as data centers, server farms, or core networks.

LACP provides dynamic negotiation of aggregated links between switches. Unlike static link aggregation, which requires manual configuration on both sides of the connection, LACP allows switches to automatically detect compatible interfaces, confirm their operational status, and bundle them into a logical link. This dynamic negotiation prevents misconfiguration and ensures that only compatible links are aggregated. Additionally, LACP monitors the health of member interfaces; if one link fails, traffic is automatically redistributed across the remaining links without interrupting network connectivity. This feature provides fault tolerance, reducing downtime and maintaining network reliability.

LACP supports load balancing algorithms to distribute traffic efficiently across member links. Common methods include balancing based on source MAC, destination MAC, IP addresses, or Layer 4 port numbers. Proper load balancing optimizes the utilization of all aggregated links, reducing bottlenecks and improving overall network performance. Some enterprise networks use LACP to aggregate multiple 10 Gbps or even 100 Gbps links, enabling extremely high throughput between critical switches, routers, or servers.

Another advantage of LACP is compatibility with various switch vendors, as it is an industry-standard protocol. This makes it suitable for multi-vendor environments where interoperability is required. Administrators can also monitor aggregated links using standard network management tools, which report the status of each member port, traffic distribution, and any link failures. This visibility allows proactive management and troubleshooting, ensuring that the logical link functions as intended.

LACP is commonly implemented in data centers, core switches, and aggregation layers of enterprise networks. For instance, when multiple access switches connect to a distribution switch, aggregating uplinks with LACP prevents individual link saturation while providing redundancy. Similarly, servers with multiple network interface cards (NICs) can use LACP to achieve higher throughput and maintain connectivity even if one NIC fails.

B) VLANs (Virtual Local Area Networks) allow network administrators to segment traffic logically into isolated broadcast domains. While VLANs improve network organization, security, and broadcast management, they do not combine multiple physical links to increase bandwidth. VLANs operate primarily at Layer 2 to isolate traffic between logical groups, whereas LACP operates to aggregate physical connections to enhance throughput. VLANs and LACP serve complementary purposes but address different network requirements. For example, an administrator may use VLANs for traffic segregation while simultaneously using LACP to increase inter-switch bandwidth.

C) Spanning Tree Protocol (STP) is a Layer 2 protocol used to prevent loops in Ethernet networks that contain redundant paths. While STP is essential for network stability, it does not aggregate multiple links for higher bandwidth. In fact, STP blocks redundant paths to eliminate loops, meaning only one link actively forwards traffic at a time. LACP, by contrast, utilizes all aggregated links simultaneously, distributing traffic to maximize throughput while maintaining redundancy. In a network that implements both STP and LACP, STP still operates to prevent loops outside the aggregated link, but the LACP bundle itself is seen as a single logical link, which STP allows to forward traffic without blocking.

D) Port security enforces restrictions on which devices can connect to specific switch ports based on MAC addresses. While it enhances network security by limiting unauthorized access and preventing MAC flooding attacks, port security does not affect link bandwidth or redundancy. It is a management and security feature, not a performance optimization tool. Therefore, port security is unrelated to the requirement of combining physical links to increase throughput.

In practical deployment, LACP requires careful configuration and planning to maximize its benefits. Administrators should ensure that all aggregated links have the same speed, duplex settings, and VLAN configurations. Mismatched interfaces may prevent the LACP bundle from forming or degrade performance. Additionally, LACP can be configured in either active or passive mode. In active mode, the switch actively negotiates the aggregation with its peer, while passive mode waits for the other switch to initiate negotiation. Typically, at least one side of the connection is set to active to ensure proper establishment of the logical link.

Monitoring LACP involves checking the port channel status, member link status, and load distribution across interfaces. Most managed switches provide command-line and graphical tools to view which physical ports are part of the aggregation, which links are up or down, and how traffic is balanced. This ongoing visibility is critical in high-availability environments where maintaining bandwidth and redundancy is essential for business continuity.

In combining multiple physical links for increased bandwidth and redundancy is best achieved using LACP. It allows dynamic negotiation, fault tolerance, load balancing, and compatibility across multiple devices, making it ideal for modern enterprise networks. VLANs, STP, and port security serve important roles in network segmentation, loop prevention, and security but do not address the core requirement of link aggregation. By using LACP, organizations can achieve higher throughput, greater resiliency, and efficient utilization of available physical links, enhancing both performance and reliability in their network infrastructure.

Question 78

A network engineer observes that users on a particular VLAN cannot communicate with users on another VLAN. Switches are properly configured, but no routing is enabled. What is the most likely cause?
A) Missing inter-VLAN routing
B) Duplicate IP addresses
C) Wireless interference
D) Incorrect DHCP server

Answer: A) Missing inter-VLAN routing

Explanation:

A) VLANs (Virtual Local Area Networks) are a fundamental feature in modern network design that allow network administrators to segment a physical network into multiple logical broadcast domains. Each VLAN functions as its own isolated network, even if the devices are connected to the same physical switch infrastructure. This segmentation improves security, reduces broadcast traffic, and provides better network organization. However, a key limitation of VLANs is that devices within one VLAN cannot directly communicate with devices in another VLAN without a routing mechanism.

This is where inter-VLAN routing comes into play. Inter-VLAN routing is typically provided by a layer-three switch (also called a multilayer switch) or a router configured with subinterfaces corresponding to each VLAN. Each VLAN is assigned its own unique IP subnet, and the routing device forwards traffic between these subnets while maintaining the logical separation of broadcast domains. Without inter-VLAN routing, each VLAN operates as an isolated segment. Devices can communicate freely within the same VLAN, but any attempt to reach a device on a different VLAN will fail because Layer 2 switches forward traffic only within the same VLAN and cannot perform the Layer 3 routing required to cross subnet boundaries.

A common implementation of inter-VLAN routing involves Switch Virtual Interfaces (SVIs) on a layer-three switch. Each SVI corresponds to a VLAN and is assigned an IP address that acts as the default gateway for devices within that VLAN. For example, if VLAN 10 is assigned 192.168.10.0/24 and VLAN 20 is assigned 192.168.20.0/24, the SVI for VLAN 10 could be 192.168.10.1, and the SVI for VLAN 20 could be 192.168.20.1. Devices in VLAN 10 would use 192.168.10.1 as their default gateway to reach VLAN 20. The switch routes packets between SVIs, enabling seamless inter-VLAN communication.

Another method is router-on-a-stick, where a single physical router interface is divided into multiple logical subinterfaces, each configured for a specific VLAN. Trunking is used between the switch and router to carry traffic for all VLANs over a single link. While this method can be effective in smaller networks, modern multilayer switches simplify this process by performing routing internally, reducing latency and eliminating the need for a dedicated router per VLAN.

When inter-VLAN routing is missing, even if all switches are correctly configured with VLAN membership and trunk links, devices on different VLANs cannot communicate. Network administrators may observe symptoms such as failed pings between VLANs, inability to access servers located in another VLAN, or complete isolation between departments or functional groups. This scenario is a classic misconfiguration in environments where VLANs are implemented for segmentation, but the routing mechanism is not yet configured or has been accidentally disabled.

B) Duplicate IP addresses occur when two devices are assigned the same IP within a network. This situation can lead to intermittent connectivity issues, ARP conflicts, and occasional network errors. While duplicate IPs can cause significant problems for the affected devices, they do not prevent all devices from communicating between VLANs. Duplicate IPs typically result in localized disruptions rather than network-wide isolation. Therefore, this is an unlikely cause of complete VLAN-to-VLAN communication failure.

C) Wireless interference affects the signal quality, throughput, and connectivity of wireless clients. Common sources of interference include neighboring access points operating on the same channel, microwave ovens, Bluetooth devices, or physical obstructions. While interference can degrade performance for wireless devices, it does not influence VLAN isolation in a wired environment. VLAN segmentation is a logical separation implemented at Layer 2 and Layer 3, independent of RF signal conditions. Therefore, wireless interference cannot explain why devices in one VLAN are unable to reach devices in another VLAN on wired switches.

D) Incorrect DHCP configuration affects IP address assignment, gateway settings, and subnet information for clients. Misconfigured DHCP may result in devices receiving incorrect IP addresses, subnet masks, or default gateway addresses, which can prevent devices from communicating properly. However, if devices are statically assigned correct IP addresses or if routing exists, misconfigured DHCP alone would not block inter-VLAN communication. DHCP issues do not inherently prevent Layer 3 routing from functioning; they only affect initial client connectivity and IP configuration.

The lack of inter-VLAN routing is therefore the definitive cause of isolation between VLANs. Without a routing device capable of forwarding traffic between subnets, VLANs remain logically separated, regardless of physical connectivity or switch configuration. Correcting this issue involves implementing either SVIs on a layer-three switch or a router-on-a-stick configuration, assigning proper IP subnets to each VLAN, and verifying that routing between VLANs is operational. Administrators should also ensure that trunk links between switches carry all VLAN traffic correctly and that access control policies do not inadvertently block inter-VLAN communication.

In addition to solving the immediate connectivity issue, implementing inter-VLAN routing provides several benefits:

Improved network segmentation and security: VLANs can isolate sensitive departments (e.g., finance, HR) while still allowing controlled access to shared resources through routing and ACLs.

Optimized traffic flow: Routing between VLANs enables more efficient use of network resources and prevents broadcast storms from propagating across VLANs.

Scalability: Adding new VLANs and extending inter-VLAN routing is straightforward with multilayer switches, making network expansion easier.

Troubleshooting clarity: Proper routing allows administrators to segment and monitor traffic per VLAN, facilitating diagnostics and performance management.

By understanding the role of inter-VLAN routing in Layer 3 communication, network engineers can avoid common misconfigurations that lead to isolated VLANs and ensure that devices across different network segments can communicate efficiently and securely.

Question 79
A technician is troubleshooting slow wireless performance in a high-density office environment. What is the best method to reduce interference and improve throughput?

A) Move clients to the 5 GHz band
B) Increase DHCP lease time
C) Enable Telnet on the APs
D) Reduce MTU size

Answer: A) Move clients to the 5 GHz band

Explanation:

A) Moving wireless clients to the 5 GHz band is a highly effective solution for improving performance in high-density environments. The 5 GHz frequency spectrum offers several technical advantages over the 2.4 GHz band, making it ideal for office spaces where multiple devices compete for wireless access.

One major benefit of 5 GHz is the availability of a larger number of non-overlapping channels. In the 2.4 GHz spectrum, there are only three non-overlapping channels (typically channels 1, 6, and 11), which can quickly become congested in environments with many access points and clients. In contrast, 5 GHz provides up to 23 non-overlapping channels (depending on regional regulations), allowing administrators to distribute wireless traffic more efficiently across multiple channels. This reduces co-channel interference, where multiple devices transmit on the same channel, and adjacent-channel interference, where overlapping signals interfere with each other, both of which degrade throughput and reliability.

The 5 GHz band also supports higher modulation schemes and wider channel widths, enabling faster data rates and improved throughput. Technologies such as 802.11ac (Wi-Fi 5) and 802.11ax (Wi-Fi 6) leverage the 5 GHz spectrum to provide multi-gigabit speeds, higher capacity, and lower latency. In high-density office environments, these improvements are critical, as they allow numerous clients—laptops, smartphones, tablets, VoIP phones—to communicate efficiently without overwhelming the network.

However, the 5 GHz spectrum has a shorter range and slightly lower penetration through walls and obstacles compared to 2.4 GHz. Careful access point placement and proper planning are essential to ensure adequate coverage. Using site surveys, heatmaps, and signal strength measurements can help position access points to maximize coverage while taking advantage of the reduced interference in 5 GHz. Additionally, modern enterprise wireless networks often implement band steering, which automatically encourages capable clients to connect to the 5 GHz band, balancing the load between the two frequencies.

Other considerations include enabling Quality of Service (QoS) for applications sensitive to latency, such as video conferencing or VoIP. While moving clients to 5 GHz reduces interference and congestion, applying additional network policies ensures consistent performance for critical applications. Furthermore, managing the network with wireless controllers or cloud-managed solutions allows administrators to dynamically adjust channel assignments, power levels, and load balancing in real time to maintain optimal performance.

B) Adjusting DHCP lease times does not directly impact wireless performance. DHCP lease time determines how long an IP address is valid before renewal is required. While longer lease times reduce the frequency of DHCP requests and slightly decrease overhead, this adjustment does not affect interference, channel congestion, or throughput. DHCP settings are related to network configuration management rather than signal quality.

C) Enabling Telnet on access points provides a method for remote command-line management, allowing technicians to configure and troubleshoot devices. However, Telnet is a management protocol and does not influence RF performance, interference, or wireless throughput. Additionally, Telnet is generally considered insecure compared to SSH and should be avoided for routine management. Regardless, enabling Telnet would not solve slow performance caused by high-density wireless congestion.

D) Reducing MTU (Maximum Transmission Unit) size affects packet fragmentation and can sometimes optimize performance for specific network scenarios, particularly in WAN links. However, it does not address the underlying causes of interference in a wireless environment, such as overlapping channels, co-channel congestion, or high client density. Adjusting MTU is ineffective for improving throughput in a high-density wireless office.

In moving clients to the 5 GHz spectrum directly addresses the primary sources of wireless performance degradation in high-density environments. By leveraging more available channels, higher data rates, and reduced interference, administrators can significantly improve throughput, reduce latency, and provide a better user experience. Proper access point placement, band steering, and RF management further enhance the effectiveness of this solution.

Question 80

 A network administrator wants to capture and analyze all traffic from specific switch ports to troubleshoot application issues. Which feature should be used?
A) SPAN/mirror port
B) VLAN trunking
C) STP
D) DHCP snooping

Answer: A) SPAN/mirror port

Explanation:

A) A SPAN (Switched Port Analyzer), also known as a mirror port, is specifically designed for monitoring and analyzing network traffic. When a SPAN port is configured, the switch duplicates traffic from one or more source ports or VLANs and sends it to a designated monitoring port. Network administrators can then connect diagnostic tools, packet analyzers, or intrusion detection systems to the monitoring port to inspect the traffic without affecting normal operations.

SPAN ports are widely used for troubleshooting, performance monitoring, and security analysis. They provide insight into application-level behavior, packet flow, and network performance metrics. For example, administrators can capture HTTP requests, database queries, VoIP traffic, or DNS transactions to identify latency issues, dropped packets, or misconfigured devices. SPAN allows passive monitoring, meaning the captured traffic does not alter or disrupt live network communication, ensuring that production traffic continues uninterrupted while diagnostics are performed.

SPAN configuration supports both ingress and egress traffic, meaning administrators can capture incoming, outgoing, or both types of traffic for detailed analysis. Advanced switches also allow multiple SPAN sessions, enabling simultaneous monitoring of different ports, VLANs, or traffic types for comprehensive visibility. This capability is essential when troubleshooting complex application issues in large networks where multiple sources of traffic must be correlated.

B) VLAN trunking allows multiple VLANs to share the same physical link between switches. While this is essential for transporting segregated traffic across the network, it does not provide a mechanism for duplicating traffic to a monitoring port. VLAN trunking is a fundamental networking feature for traffic segregation, not a monitoring tool, and therefore cannot be used for packet analysis or application troubleshooting.

C) Spanning Tree Protocol (STP) is designed to prevent loops in a network by selectively blocking redundant paths. While STP is critical for network stability and avoiding broadcast storms, it does not offer any functionality for capturing or analyzing traffic. STP operates at the control plane, managing path selection and network topology, not the data plane, which is required for monitoring packets.

D) DHCP snooping is a security feature that validates DHCP messages to prevent unauthorized IP address assignments or rogue DHCP servers. While DHCP snooping enhances network security, it does not duplicate or forward traffic to monitoring tools. It operates at the control plane level, enforcing policies for address allocation rather than enabling detailed packet inspection.

Using a SPAN or mirror port provides administrators with a controlled, non-intrusive way to capture and analyze network traffic. It supports troubleshooting tasks such as identifying application performance issues, diagnosing network latency, detecting misconfigurations, and performing forensic investigations in the event of security incidents. By providing full visibility into the communication between devices, SPAN helps ensure network reliability and application performance while minimizing the risk of disrupting production traffic.

In SPAN/mirror ports are the industry-standard feature for capturing and analyzing network traffic. They enable detailed monitoring and diagnostic capabilities, allow administrators to pinpoint application issues, and provide insight into network behavior without interfering with normal operations. VLAN trunking, STP, and DHCP snooping, while valuable for other aspects of network management, do not provide the traffic duplication and inspection capabilities necessary for effective application troubleshooting.