CompTIA Network+ Practice Tests | N10-008 Exam

An 802.11ac wireless bridge is the most practical solution to connect two nearby buildings without trenching or laying physical cable. It provides high-speed, point-to-point connectivity using directional antennas.

Private VLANs (PVLANs) are used to segment devices on the same subnet and switch so they cannot communicate with each other, while still accessing shared resources like a gateway.

A hot site is a fully operational backup facility with hardware, network, and data synchronization already in place. It allows for immediate failover in the event of a disaster, minimizing downtime.

/23 (255.255.254.0) gives 510 usable IPs, ideal for 260 devices with minimal waste.

TLS (Transport Layer Security) is the protocol that provides encryption in transit for HTTPS.

A DDoS attack is often launched from botnets — networks of compromised systems controlled by an attacker.

This process describes Zero-touch provisioning (ZTP), where a device automatically pulls its configuration from a cloud controller once connected.

Clientless VPNs allow users to access network resources through a secure web portal using a browser, without VPN software.

This describes a Spanning Tree Protocol (STP) loop. If STP isn’t correctly configured, a redundant link can cause broadcast storms and outages.

An SLA (Service Level Agreement) defines performance expectations, including response and prioritization, so it guides which ticket to resolve first.

Enable 802.1Q and configure voice VLANs so that both data and VoIP traffic can share ports while remaining logically separated.

Tailgating is a physical security breach where an attacker follows an authorized person inside without credentials, enabling rogue device installation.

When indicator lights are not blinking on both the computer and switch, the most likely cause is that the switch port is administratively shut down. Re-enabling it with the “no shutdown” command restores connectivity.

A MIB (Management Information Base) is a definition file for event translation, allowing SNMP to represent network device events in a readable format.

Confidentiality ensures that data at rest is only accessible to authorized individuals. This aligns with the principle that data can be accessed only after privileged access is granted.

The engineer should have reduced the TTL record prior to the MX record change to ensure that cached DNS entries expired quickly, allowing the new record to propagate faster.

ESP (Encapsulating Security Payload) encrypts transmitted data, providing confidentiality, integrity, and authentication.

Switching to the 5GHz frequency avoids the crowded 2.4GHz band, and using non-overlapping channels minimizes interference within the 2.4GHz range.

RPO (Recovery Point Objective) measures how much data could be lost, defining the maximum acceptable amount of data loss since the last backup.

Switches can be configured to support jumbo frames, enhancing throughput and efficiency in high-performance networks.

A heat map illustrates wireless signal strength and coverage within a building, helping identify dead zones and optimize AP placement.

An incorrect entry in the hosts file can override DNS resolution, causing the hostname to resolve to the wrong IP address.

SD-WAN provides secure, centralized, and simplified management for multiple sites with reduced provisioning time.

Wrapping the end connections in copper tape before terminating ensures proper shielding and reduces interference in Cat 8 cabling.

Server height (rack units) and switch depth directly determine rack size to ensure equipment fits properly and maintains airflow.

Configuring the port to tag traffic to the voice VLAN ensures VoIP packets are prioritized and handled correctly.

MAC flooding overwhelms the CAM table, forcing the switch to broadcast traffic, which can be exploited for eavesdropping.

The first step is to identify the problem, which establishes a clear starting point for troubleshooting.

Port 443 is used for HTTPS, which encrypts traffic for secure communication.

A 169.254.x.x address indicates APIPA, which occurs when DHCP is unavailable.

A vulnerability is a weakness that can be exploited by a threat.

A private cloud is dedicated to one organization and often hosted on-premises.

An IPS (Intrusion Prevention System) actively blocks and mitigates malicious activity.

An uninterruptible power supply (UPS) ensures continuous power and improves availability.

An omnidirectional antenna distributes signal in all directions, ideal for central placement.

This is shoulder surfing, where an attacker physically observes sensitive information.

A Distributed Denial of Service (DDoS) attack uses many systems to flood a target with requests.

The port is shut down, preventing connectivity and causing the link lights to remain off.

A MIB is a definition file that translates events and organizes device information for SNMP.

Confidentiality ensures data at rest can only be accessed after privileged access is granted.

Reducing the TTL before the MX change ensures DNS propagation occurs quickly.

ESP (Encapsulating Security Payload) encrypts the payload to ensure confidentiality, integrity, and authenticity of transmitted data.

Implementing least privilege network access and central policy management strengthens security by reducing unauthorized access and ensuring consistent policy enforcement.

A /30 subnet provides exactly two usable IPs, making it the most efficient option for point-to-point router connections.

The ipconfig utility would reveal misconfigurations or issues related to IP settings that could contribute to errors when tracing cabling issues.

An on-path attack (formerly known as a man-in-the-middle attack) intercepts and can alter traffic between two parties without their knowledge.

Port 587 is used for secure email submission (SMTP with STARTTLS), ensuring encrypted transmission of email messages.

In this scenario, the exhaust should face the front as per the provided answer key.

Broadcast traffic is sent to all nodes on the network segment, unlike unicast (single node) or multicast (group of nodes).

A mesh network is the best solution because it provides redundancy, self-healing, and reliable coverage for mobile public safety vehicles.

Switches operate primarily at the Data Link layer, not the Physical layer. The Physical layer includes components like network cables, NICs, and fiber optic transceivers.

A routing table allows a layer 3 switch to perform routing functions similar to a router. It maintains information about different network paths and determines the best route for data packets.

RPC (Remote Procedure Call) is used by the Session layer to manage communication sessions between networked devices. It allows a program to execute code on a remote system as if it were local.

The primary function of a router is to route data packets between different networks. It determines the best path for data to travel from the source to the destination across interconnected networks.

An Intrusion Prevention System (IPS) can take immediate action to block or mitigate threats, while an Intrusion Detection System (IDS) only detects and alerts. IPS is proactive in stopping threats before they can cause harm.

A site-to-site VPN connects entire networks to each other securely over the internet. This allows for secure communication between remote offices or branches.

Port Address Translation (PAT) maps multiple private IP addresses to a single public IP address using different port numbers.

A key benefit of NFV is improved network flexibility and scalability.

A key benefit of using Direct Connect for cloud connectivity includes enhanced security through a private connection and decreased latency for data transmission.

A common benefit of using SaaS for businesses is the reduced need for in-house IT management and maintenance. SaaS providers handle the infrastructure, updates, and maintenance, allowing businesses to focus on their core activities.

Using FTP is most appropriate for uploading large files to a public server for access by multiple users. It is designed for transferring files efficiently but is not suitable for secure or encrypted transfers.

DHCP commonly uses ports 67 and 68 for communication between clients and servers. Port 67 is used by the DHCP server to receive client requests, and port 68 is used by the client to receive responses from the server.

The ping command uses ICMP to test network connectivity. It sends ICMP Echo Request messages to a target host and waits for ICMP Echo Reply messages to determine if the host is reachable.

Anycast allows multiple, geographically dispersed servers to share the same IP address. Efficient routing of data, reduced latency, and improved fault tolerance are all benefits of anycast communication.

The 802.11n, 802.11ac, and 802.11ax standards are all capable of supporting both 2.4 GHz and 5 GHz frequency bands, providing greater flexibility and compatibility with various devices.

Twinaxial cables offer high-speed data transfer with low latency over short distances, making them suitable for data center and high-performance computing applications.

A primary characteristic of a mesh network topology is that each device is connected to every other device, providing multiple pathways for data to travel and enhancing network redundancy and reliability.

The primary purpose of Automatic Private IP Addressing (APIPA) is to provide a failover mechanism when DHCP servers are unavailable, allowing devices to self-assign IP addresses within the range of 169.254.0.0 to 169.254.255.255 for local network communication.

Class A IP addresses support a small number of large networks, each with a large number of host addresses, making them suitable for large organizations.

Application-aware networking enhances the performance of business-critical applications by prioritizing their network traffic. This ensures that these applications receive the necessary bandwidth and lower latency, which improves their overall performance. CPU allocation, storage capacity, and physical network setup are unrelated to application-aware networking.

“Deny by default” is most closely associated with the principle of least privilege access in Zero Trust Architecture (ZTA). This approach ensures that access is denied unless explicitly granted, aligning with the idea that users should only have the minimum necessary permissions to perform their tasks.

Static routing is best suited for small, simple networks with predictable traffic patterns where manual configuration is feasible.

The primary use case for implementing BGP in an enterprise network is to provide robust and scalable inter-domain routing, connecting the enterprise network to multiple ISPs.

Routes with lower Administrative Distance are preferred over those with higher AD, ensuring the most reliable route is selected.

Dynamic NAT maps multiple private IP addresses to a pool of public IP addresses, allocating public IP addresses on a first-come, first-served basis.

FHRP stands for First Hop Redundancy Protocol, a protocol used to ensure network redundancy and availability by providing a backup router in case the primary router fails.

The primary purpose of a VLAN database is to maintain information about VLAN configurations and assignments, ensuring that VLAN settings are consistent across the network.

A voice VLAN primarily enhances the performance of VoIP systems by ensuring that voice traffic receives higher priority and reduced latency, which is crucial for maintaining call quality and reliability.

If there is a mismatch in speed settings between two connected network devices, the connection may experience significant performance degradation or fail to establish.

The primary purpose of the Spanning Tree Protocol (STP) is to prevent network loops and ensure a loop-free topology, which is crucial for maintaining stable and efficient network operations.

Only one Designated Port is allowed per network segment in STP. The Designated Port is responsible for forwarding traffic for that segment, ensuring efficient data transmission.

Increasing the channel width from 20 MHz to 40 MHz increases the available bandwidth and potential data throughput. However, it decreases the number of available channels, potentially causing more interference.

A potential drawback of using the 5GHz frequency band is its shorter range and less penetration through obstacles compared to the 2.4GHz band, which can be a limitation in environments with many physical barriers.

A drawback of using a single SSID for both 2.4GHz and 5GHz bands in a mixed-device environment is that devices might consistently connect to the 2.4GHz band, resulting in slower speeds. This can happen because many devices default to the 2.4GHz band due to its better range, despite the 5GHz band offering faster speeds.

WPA3 introduces enhanced protection against offline dictionary attacks through a more robust handshake process, a significant improvement over WPA2.

The Intermediate Distribution Frame (IDF) is typically located on each floor of a building to manage and connect local devices to the Main Distribution Frame (MDF).

A fiber distribution panel allows for the organization and management of fiber connections in a data center.

The MOST CRUCIAL factor when balancing the power load is monitoring the current draw of each device, preventing overload and potential outages.

Inert gas systems suppress fires by displacing oxygen and are most effective without damaging sensitive electronic equipment.

A physical network diagram best represents the cabling paths and rack locations in a data center, showing the actual physical layout.

A Layer 3 network diagram would be MOST USEFUL for troubleshooting network performance issues related to data transmission between different subnets. Layer 3, or the Network Layer, handles routing and logical addressing.

The PRIMARY risk is that security vulnerabilities may go unpatched, exposing the network to threats after End-of-Support (EOS) date.

Implementing an automated tracking system is the most effective method for ensuring all change requests are properly tracked and documented, reducing human error.

The implementation of the User-based Security Model (USM) is CRUCIAL in SNMPv3 for securing trap transmissions through authentication and encryption.

Enabling port mirroring on a switch is best for capturing packets non-intrusively by sending copies of traffic to a monitoring port.

The MOST CRUCIAL feature of a SIEM system for detecting security incidents in real-time is the implementation of real-time correlation rules. These allow the SIEM to analyze logs as received, identifying incident patterns promptly.

A network protocol analyzer is best suited for capturing and analyzing real-time network traffic to diagnose performance issues, allowing inspection of individual packets and traffic flow.

Implementing redundant systems to take over during maintenance is most effective for maintaining availability, minimizing downtime if one system is offline.

A financial institution processing high-frequency transactions requires the shortest RPO due to critical data loss consequences.

Mean Time Between Failures (MTBF) measures average time between system failures, indicating system reliability and failure prediction.

Lower operational costs compared to other recovery sites is NOT an advantage of hot sites, which typically have higher operational costs.

An Active-Passive configuration is where one server handles traffic while another is standby to take over on failure.

A DHCP scope defines the range of IP addresses a DHCP server can assign dynamically on a subnet.

DHCP exclusions specify ranges of IP addresses within the DHCP scope that should not be assigned dynamically.

DNSSEC provides authentication and integrity for DNS responses to prevent spoofing attacks.

A site-to-site VPN is designed to securely connect entire networks over the internet, allowing resource sharing as if on the same LAN.

A console connection is typically used for the initial setup of network devices, before network communication is established.

AES (Advanced Encryption Standard) is a widely used symmetric encryption algorithm known for strong security and efficiency.

Multifactor Authentication (MFA) enhances security by requiring multiple forms of verification before granting access, reducing unauthorized access risk.

The principle of least privilege ensures users are granted only the minimum permissions necessary to perform their job functions, reducing security risks.

The issue is likely due to a high False Rejection Rate (FRR), where the biometric system incorrectly denies access to legitimate users.

A honeynet is a network of honeypots working together to simulate a realistic environment to monitor attacker behavior comprehensively.

A vulnerability is a weakness or flaw in a system that can be exploited by a threat, potentially leading to unauthorized access or breaches.

The General Data Protection Regulation (GDPR) requires companies in the EU to protect privacy and give customers data control including erasure rights.

Using anti-virus software is NOT effective against DoS attacks since they target availability, not malware.

Disabling DTP on all switch ports prevents VLAN hopping attacks by stopping dynamic trunk negotiation, blocking unauthorized tagged frames.

Dynamic ARP Inspection (DAI) validates ARP packets against trusted IP-to-MAC mappings, mitigating ARP spoofing and related attacks.

Implementing DNSSEC uses cryptographic signatures to ensure authenticity of DNS responses, preventing DNS spoofing attacks.

An on-path attack involves intercepting and altering communications, enabling fraudulent messages to users.

An attack encrypts organization data, rendering it inaccessible until a ransom is paid.

Configuring port security limits allowed devices per port and helps prevent MAC address spoofing conflicts.

Shutdown violation mode disables the port after an unauthorized access attempt to protect the network.

MAC filtering on wireless access points limits access to approved devices only, enhancing security.

RBAC grants access based on user roles; ABAC uses specific attributes like clearance and context for fine-grained control.

Content filtering restricts access to malicious sites, reducing malware infections effectively.

Establishing security rules on the internal firewall to control traffic between the subnet and the internal network is the next critical step for securing the subnet.

Asking the user to describe exactly what happens when the slowdown occurs helps gather specific information crucial for diagnosis.

The first step is to check whether the user’s computer is connected to the network, fundamental for accessing shared resources.

Investigate potential environmental factors in the physical area, as localized issues often arise due to such causes.

Scheduling the update during a maintenance window minimizes user impact and ensures careful implementation.

STP and UTP do not differ in transmission distance; key differences relate to shielding, cost, and typical usage.

Electromagnetic interference (EMI) from nearby sources is the most likely cause after eliminating cable and hardware issues.

Excessive fragmentation at the IP layer is not a typical cause of runts, which typically originate from physical layer or collision issues.

The correct command to reactivate an administratively down port is “no shutdown”.

Broadcast storms causing excessive network traffic are the most common symptom of a network loop.

The best initial step is to verify the VLAN assignment in the switch’s configuration and correct it if necessary.

New devices cannot obtain an IP address and are assigned APIPA addresses when the DHCP address pool is exhausted.

Using DHCP to automatically assign IP addresses and avoid static IP configurations whenever possible is the best practice to prevent duplicate IP issues.

Increasing the size of the broadcast domain is not recommended as it can increase congestion, worsening contention.

A damaged network cable with partially severed pairs causes errors and retransmissions, significantly reducing throughput.

Increasing the number of broadcast domains does not directly reduce packet loss.

Configuring routing protocols on network devices is not a use of protocol analyzers.

LLDP operates at Layer 2 and is used for network discovery on local segments.

Reconfiguring one network to a different, non-overlapping subnet avoids IP address conflicts.

Assigning a public IP address to the instances enables communication with the internet through the gateway.

LC Lucent Connector and SC Subscriber Connector are commonly used with fiber optic cables, whereas RJ45 is for twisted-pair cables and BNC for coaxial.

192.168.10.1 is a valid host address in the subnet 192.168.10.0/25; addresses .0 and .127 serve as network and broadcast addresses respectively.

Data encryption is a key Presentation layer function, securing data by encoding it for authorized recipients only.

BGP (Border Gateway Protocol) is used between autonomous systems on the internet to determine best paths for data transmission.

Round-robin distributes traffic equally by cycling sequentially through all servers, regardless of load.

Bandwidth, latency, and packet loss are all common QoS metrics that help evaluate network performance.

NAT translates private IP addresses to a public IP address for internet access, enabling multiple devices to share one public IP.

NFV reduces costs by virtualizing network functions to reduce the number of required physical devices.

An internet gateway directs outgoing instance traffic to the internet and incoming traffic to instances, acting as a router for internet-bound data.

A dedicated physical connection provided by a Direct Connect partner is required for secure cloud connectivity.

A use case for IaaS is hosting a scalable e-commerce platform that requires customized configurations, providing flexibility and control over infrastructure.

SFTP (Secure File Transfer Protocol) is built on SSH and provides secure file transfer through encryption of commands and data.

TFTP uses UDP (User Datagram Protocol) for connectionless file transfer with minimal overhead.

The window size feature controls the amount of data sent before receiving an acknowledgment, helping prevent congestion.

Monitoring and limiting broadcast traffic helps prevent network congestion and improves overall network performance.

LTE-Advanced offers higher spectral efficiency, lower latency, and carrier aggregation compared to standard 4G LTE.

A primary component of a coaxial cable is a single copper conductor with a concentric shield that protects the signal from EMI.

A potential drawback of a hybrid topology is increased costs and complexity associated with integrating multiple topologies.

Using RFC1918 private address ranges conserves public IP addresses by allowing internal communication without using public IPs.

A medium-sized enterprise would most likely use a Class B IP address, balancing network and host capacity.

A central management system is essential for zero-touch provisioning, enabling automatic configuration of devices without manual intervention.

SASE stands for Secure Access Service Edge, a framework combining network security and WAN capabilities for dynamic secure access.

Sole reliance on static routing can lead to difficulty maintaining and updating routes as the network scales and changes.

EIGRP provides efficient internal routing within an autonomous system, optimizing path selection and fast convergence.

It ensures the most reliable and trusted routes are preferred, enabling optimal network stability and performance.

NAT hides internal IP addresses from external networks, making it harder for attackers to target specific devices.

FHRP increases network redundancy and reliability by enabling backup routers to take over if the primary router fails.

The VLAN database centralizes VLAN configurations, maintaining consistency across the network to ensure proper segmentation.

Voice VLANs isolate voice traffic from data traffic, potentially enhancing security by limiting voice traffic exposure.

Duplex setting controls whether the interface can send and receive data simultaneously (full duplex) or one direction at a time (half duplex).

A central management system is essential for zero-touch provisioning, enabling automatic configuration of devices without manual intervention.

SASE stands for Secure Access Service Edge, a framework combining network security functions with WAN capabilities for dynamic and secure access.

Reliance on static routing can make maintaining and updating routes difficult as the network scales and changes.

EIGRP provides efficient internal routing within an autonomous system, optimizing path selection and fast convergence.

Understanding Administrative Distance ensures the most reliable and trusted routes are preferred, improving network stability.

NAT enhances security by hiding internal IP addresses from external networks, complicating attacker access to devices.

FHRP increases network redundancy and reliability by providing backup routers if the primary router fails.

The VLAN database centralizes VLAN configurations, maintaining consistency to ensure proper segmentation.