CompTIA Network+ (N10-009) Exam Questions

Correct answer: RIP

The Routing Information Protocol (RIP) is a distance-vector routing protocol with a maximum hop count of 15. Routes with a hop count of 16 jumps or more are considered unreachable.

IS-IS, like OSPF, is a link-state routing protocol that uses the Dijkstra algorithm to determine the shortest path. The default metric for IS-IS is 10. The total cost is the sum of all outbound interfaces along the path.

BGP is a distance-vector protocol like RIP, but it uses a much more sophisticated algorithm. OSPF is a link-state protocol that considers much more information than RIP.

Correct answer: Document findings, actions, and outcomes

It's important to document your findings during and following troubleshooting. This is the final step, step 7, of the Network+ troubleshooting method.

Trouble ticket systems are an excellent way to track issues and can serve as a valuable resource when a similar problem arises in the future. You may want to create a "post mortem" or root cause analysis to investigate further. You can also create a knowledge base or FAQ for future reference.

Implementing the solution is step 5 of the Network+ troubleshooting method.

Verifying system functionality is step 6.

Establishing a plan of action is step 4.

For the Network+ exam, the structured troubleshooting method consists of 7 steps:

1. Identify the problem: Effective troubleshooting must begin with a clear problem definition and might include specific symptoms.
2. Establish a theory of probable cause: This is the point where experience and intuition play a huge role because it is now time to brainstorm the potential cause.
3. Test the theory to determine the cause: Test the theory, e.g., would the hypothesized cause lead to the observed symptoms? Do a sanity check.
4. Establish a plan of action: With the theory confirmed, it's now time to determine what actions should be performed and how to ensure effective resolution.
5. Implement the solution or escalate as necessary: Based on the plan of action, it might be appropriate to schedule the time that actions will take place to ensure minimal downtime.
6. Verify full system functionality: Verify full system functionality and, if possible, implement preventative measures for the future.
7. Document findings, actions, and outcomes: Report the findings and action plan that led to the resolution to ensure that future issues of this kind, or similar ones, can be resolved quickly.

Correct answer: DOCSIS

The Data-Over-Cable Service Interface Specification (DOCSIS) identifies the frequencies dedicated to data transmission and handling.

A Hybrid Fiber-Coaxial (HFC) network is how cable companies provide high-speed transmission to specific locations before it is broken down into a slower-speed coaxial configuration. A DSL Access Multiplexer (DSLAM) is a device that terminates multiple DSL connections from customers. Time Division Multiplexing (TDM) is a technology that enables multiple transmissions to share the same medium.

Correct answer: OID

Object Identifier (OID) refers to a uniquely managed object that can be queried or configured in a Network Management System (NMS). OIDs are defined in a Management Information Base (MIB) in a Simple Network Management Protocol (SNMP) system. MIBs are provided by equipment vendors.

An MIB provides information about network devices to the NMS.

UMO is a fabricated term.

A Memorandum Of Understanding (MOU) is a draft agreement between two parties used prior to the establishment of a formal contract.

Correct answer: POP3

The Post Office Protocol version 3 (POP3) is used to retrieve and download email from an email server. It downloads the complete message and removes it from the server.

POP3 differs from Internet Message Access Protocol version 4 (IMAP4) primarily by how it operates and by the port it operates on. IMAP4 provides greater control over messages, along with enhanced security.

Transport Layer Security (TLS) and Secure Socket Layer (SSL) are both encryption and security protocols not used for email.

Correct answer: Link-local

Link-local addresses are non-routable Internet Protocol version 6 (IPv6) addresses in the FE80::/10 range. They are similar to Automatic Private IP Addressing (APIPA) addresses in IPv4 and can be used to create temporary Local Area Network (LAN) configurations.

IPv4 and IPV6 multicast are "one to many" addresses designed to send a packet to multiple different interfaces with a single address.

Anycast addressing is designed to deliver a packet to the IPv6 address with the shortest routing distance.

Unicast addresses are used to send packets to a particular interface. Unicast addressing exists for both IPv4 and IPv6.

Correct answer: Separation of duties

Separation of duties is designed to protect against fraud by separating processes into multiple tasks assigned to different employees. It is not a concept related to a zero-trust architecture.

Network segmentation, least privilege, and strong user authentication are all parts of a zero-trust security strategy, which limits users to only the permissions needed to do their jobs.

Network segmentation involves dividing the network into smaller, isolated segments. It prevents lateral movement through the corporate network.

Authentication proves the user's identity. Policy-based authentication uses rules to manage authentication processes.

The principle of least privilege restricts a user's access to only those resources needed to do their job.

Correct answer: MAC filtering is enabled on the access point

When a network refuses to allow a connection, despite the details being properly configured and the keys being correct, it is time to verify whether Media Access Control (MAC) filtering is enabled. If MAC filtering is enabled, and the new host's MAC address has not been added to the "allowed" Access Control List (ACL), access to the switch will be refused. At this point, with MAC filtering confirmed, adding the new host's MAC address will resolve the issue.

Domain Name System (DNS) configuration issues would not be related to connecting a new device to a wireless network.

The configuration of Dynamic Host Configuration Protocol (DHCP) would not be suspected. If the technician was able to connect another device earlier, then it would appear that DHCP is working.

A bad wireless card is unlikely an issue on a modern computer. MAC address filtering would be a more likely scenario.

Correct answer: Complicated and hard to reconfigure

Since each system must relay a token to another, any failures take down the entire network. If this happens, it can be difficult to determine which one is causing the fault in the network. Thus, ring networks are complicated and hard to reconfigure.

None of the other statements about a ring topology would be true. It is not necessarily easy and simple to reconfigure or troubleshoot. Any node on a ring network could be a Single Point Of Failure (SPOF), potentially losing connectivity along the entire network.

Correct answer: 5 GHz, 54 Mbps

The frequency bands and maximum bandwidth values of wireless standards are as follows:

• 802.11a: 5 GHz, 54 Mbps
• 802.11b: 2.4 GHz, 11 Mbps
• 802.11g: 2.4 GHz, 54 Mbps
• 802.11n: 2.4 and 5 GHz, >300 Mbps
• 802.11ac: 5 GHz, >3 Gbps
• 802.11ax: 2.4, 5, and 6 GHz, 9.6 Gbps

Correct answer: Review

Review is the final step of an incident response plan.

Neither recover, eradicate, nor identify are the final steps of an incident response plan, as shown below.

The incident response framework below is based on the Computer Security Incident Handling Guide from the National Institute of Standards and Technology (NIST). Typical incident response plans include the following phases:

• Prepare: This stage is designed to position an organization to manage a potential incident properly. Incident responders should know how to identify an incident, have a plan to recover and restore normal operations, and have security policies in place.
• Identify: This phase kicks off the response to a particular incident by identifying the incident.
• Contain: Containment is intended to limit the spread of an infection or other security incident. This involves ensuring that mission-critical systems remain online and diagnosing the current state of any affected systems, computers, or networks.
• Eradicate: Once the scope of the incident has been determined and the incident is contained, the incident response team can focus on removing the intrusion from affected systems.
• Recover: Once affected systems have been cleaned, they can be restored to normal operation. This step commonly involves ongoing testing and recertification of affected devices.
• Review: During this stage, the incident response team performs a retrospective to identify potential room for improvement in all previous stages of the process. For example, new security policies may be needed to address a new threat or the incident response plan may require tweaks to improve efficiency or communication.

Correct answer: Blocking

A blocked port won't forward any frames at all. It simply listens to the Bridge Protocol Data Units (BPDUs) which are transmitted across the local area network to detect loops in the networks' topologies. It will drop all other frames.

A listening port listens to the BPDUs to ensure that no loops are occurring before passing the data frames. The data is prepared without the MAC populating the forward/filter table.

Learning ports listen to BPDUs and learn all the paths in the switched network while populating the physical addresses they find into the forward/filter table.

Forwarding ports send and receive all the data frames on the bridged port.

Correct answer: End-to-end IP traceability

Network Address Translation (NAT) results in a loss of end-to-end Internet Protocol (IP) traceability, which is a disadvantage rather than an advantage of NAT.

Advantages of NAT include:

• Increasing flexibility for Internet connections
• Reducing the occurrence of IP address overlap
• Conserving legally registered IP addresses

Correct answer: SOA

Start of Authority (SOA) records are a source of authoritative information about a particular DNS zone. Examples of information contained within an SOA record include the zone's primary name server, contact information (i.e., email address) of the zone's administrator, and information regarding refresh timers for the zone.

Address records map IP addresses to hostnames, and an AAAA record is the address record for IPv6.

A canonical name (CNAME) record creates aliases that allow a many-to-one mapping of domain names to IP addresses.

MX, or mail exchange, records specify the email server or message transfer agent server for a domain.

Correct answer: AUP

An Acceptable Use Policy (AUP) outlines what is and is not acceptable on an organization's computers and devices.

A Data Loss Prevention (DLP) policy does not list what actions are acceptable on a device but instead is geared toward preventing data loss in an organization.

A Privileged User Agreement (PUA) outlines which individuals would be authorized to have privileged access and when they would be allowed to use privileged accounts.

A Nondisclosure Agreement (NDA) is an agreement between two or more parties used to protect confidential material and knowledge.

Correct answer: Change channel configuration

Changing channel configuration will not affect wireless network security.

Disabling the Service Set Identifier (SSID) broadcast provides an additional layer of security through obscurity.

Wi-Fi Protected Access version 2 (WPA2) improves the security of a wireless network by using Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP) for integrity checking and Advanced Encryption Standard (AES) for encryption.

Configuring Media Access Control (MAC) filtering can deter additional users from accessing the network. MAC filtering is good for small organizations but not for large ones, as it is difficult to set MAC filtering for a large number of devices.

Correct answer: Switch

Layer 2 is the Data Link Layer, which uses MAC addresses to route traffic. Switches are designed to translate IP addresses to MAC addresses and route traffic to the various devices on a subnet or outside of the subnet.

A router is a Layer 3 device, encapsulating data link frames and forwarding IP packets.

A hub is a Layer 1 (physical layer) device. Unlike a switch, a hub is essentially a repeater and does not forward frames based on MAC addresses.

A firewall security device can operate at multiple OSI layers, including 3, 4, and 7.

Correct answer: 6 GHz

IEEE 802.11ax or Wi-Fi 6 extends into the 6 GHz frequency band.

Wireless LAN (WLAN) standards are defined in IEEE 802.11.

Correct answer: Snapshot

A snapshot is a read-only copy of the data set that is frozen at a point in time. This type of technology is often used for virtual machines and file system objects.

Incremental backups back up only data that has changed since the last incremental backup.

Full backups back up the complete data set.

Snap backup is a fabricated term.

Correct answer: 7 - Debug

The higher the syslog level, the more detailed the logs are in the message. Debug is a severity of 7 and it contains highly detailed information that is typically used during the troubleshooting process.

Syslog severity levels:

0 - Emergency

1 - Alert

2 - Critical

3 - Error

4 - Warning

5 - Notice

6 - Informational

7 - Debug