Practical Test : CompTIA Network+ (N10-007)

An engineer is reviewing network logs on a management switch and discovers that compared to previous reports, a large amount of traffic is coming from a particular node. Upon further investigation, the engineer determines traffic coming from the port in question is using ports that indicate NAT is occurring somewhere downstream from that port. After conferring with another network manager, the team determines that a user has added an unauthorized SOHO WLAN route to the network. Among the vulnerabilities that could result from this device is the possibility that a user inadvertently connects the LAN interface of the SOHO router into the LAN port coming from the corporate network. This configuration could cause what scenario to occur?

Options are :

  • DHCP scope exhaustion
  • Evil twin stacks
  • Excessive interface on the corporate LAN port
  • Competing DHCP servers on a single LAN (Correct)

Answer : Competing DHCP servers on a single LAN

Explanation Most SOHO routers come with a built-in DHCP server that is enabled by default. By plugging this device into the corporate network, the SOHO router is now providing a competiting DHCP server to the corporate LAN, which could result in the wrong IPs being issues or IP conflicts if both DHCP servers use the same scope (for example,

What provides origin authenticity through source authentication, data integrity through hash functions, and confidentiality through encryption protection for IP packets?

Options are :

  • DES
  • SHA
  • CRC
  • IPSEC (Correct)

Answer : IPSEC

Explanation Internet Protocol Security (IPSec) is a network protocol that encrypts and authenticates data sent over a network. All other choices offer encryption OR authentication.

What protocol utilizes 3DES encryption by default?

Options are :

  • GRE
  • PPTP
  • STP
  • IPSec (Correct)

Answer : IPSec

Explanation IPSec uses 3DES (an older encryption standard) by default.

A common technique used by malicious individuals to perform a man-in-the-middle attack on a wireless network is:

Options are :

  • ARP cache poisoning
  • amplified DNS attacks
  • sessions hijacking
  • creating an evil twin (Correct)

Answer : creating an evil twin

Explanation Evil Twin access points are the most common way to perform a man-in-the-middle attack on a wireless network.

What does the CSU/DSU device connect to?

Options are :

  • A cable modern to a wireless router
  • A local network to a VPN
  • An analog line to a network router
  • A T1 line to a network router (Correct)

Answer : A T1 line to a network router

Explanation A CSU/DSU device is designed to connect a terminal device to a T1 line. The terminal device or Data Terminal Equipment (DTE) such as a router will connect to the T1 line via CSU/DSU (Channel Service Unit/Data Service Unit).

A network technician is responsible for the basic security of the network. Management has asked if there is a way to improve the level of access users have to the company file server. Right now, any employee can upload and download files with basic system authentication (username and password). What should he configure to increase security?

Options are :

  • Multifactor authentication (Correct)
  • Single sign-on authentication
  • MDS authentication
  • Kerberos authentication

Answer : Multifactor authentication

Explanation This security approach provides a defense layer that makes it difficult for an unauthorized user to break into a system. It provides multiple factors that a user must know in order to obtain access. For instance, if one factor is successfully broken, there will be few others that the individual attempting to enter the system must overcome.

What type of network topology utilizes a central device with point-to-point connections to all other devices?

Options are :

  • Star (Correct)
  • Mesh
  • Bus
  • Ring

Answer : Star

Explanation A star topology is a local area network (LAN) in which all nodes (workstations or other devices) are directly connected to a common central computer. Every workstation is indirectly connected to one another through the central computer.

The Chief Information Officer (CIO) of an organization is concerned that the current locally-hosted software threat solution is not agile enough. The CIO points to specific examples of zero-day threats that have recently taken a day or more to receive patches. The IT team is tasked to find a solution that has a better chance of stopping emerging threats like zero-days. What solution would BEST prevent these types of issues?

Options are :

  • Host-based IDS
  • Stateful firewall
  • Cloud-based anti-malware (Correct)
  • Premise-based IDS

Answer : Cloud-based anti-malware

Explanation Cloud-based anti-malware software is constantly updated, reducing the time needed to patch threats.

A single mode fiber is no longer providing network connectivity to a remote site. What could be used to identify the location of the break?

Options are :

  • OTDR (Correct)
  • Cable certifier
  • MT-RJ
  • Media Converter

Answer : OTDR

Explanation An optical time-domain reflectometer (OTDR) is an optoelectronic instrument used to characterize an optical fiber.

The network administrator is configuring a switch port for a file server with a dual NIC. The file server needs to be configured for redundancy and the dual NIC needs to be combined for maximum throughput. What feature on the switch should the network administrator use?

Options are :

  • LACP (Correct)
  • BPDU
  • Load balancing
  • Spanning tree

Answer : LACP

Explanation LACP is a protocol used to control the combining of ports. Link Aggregation groups combine numerous physical ports to make one high bandwidth path. This method can increase bandwidth and therefore, throughput. It can also provide network redundancy and load balancing.

What can be issued from the command line to find the layer 3 hops to a remote destination?

Options are :

  • ping
  • netstat
  • nslookup
  • traceroute (Correct)

Answer : traceroute

Explanation Traceroute will determine every hop between the host and the destination using ICMP.

The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?

Options are :

  • WPA2 Enterprise
  • WPA personal (Correct)
  • MAC filtering
  • WEP

Answer : WPA personal

Explanation Since they wish to use a pre-shared key and not require an authentication server, the most secure choice is WPA personal. WPA2 Enterprise is actually a more secure choice, but it requires a RADIUS authentication server to be used.

A company has just installed a VoIP system on their network. Prior to the installation, all of the switches were upgraded to layer 3 capable in order to more adequately route packets. What network segmentation technique is this an example of?

Options are :

  • Compliance implementation
  • Performance optimization (Correct)
  • Separate public/private networking
  • Honeypot implementation

Answer : Performance optimization

Explanation Voice over Internet Protocol (VoIP) performance optimization can help a business improve the quality of its video and audio communications over the Internet by tending to such issues as transport and protocol conversion, as well as mitigation.

What network topology has a central, single point of failure?

Options are :

  • Star (Correct)
  • Hybrid
  • Ring
  • Mesh

Answer : Star

Explanation A central connecting device allows for a single point of failure. A star network uses a centralized connecting device like a switch.

An F-connector is used on which cable type?

Options are :

  • Single mode fiber
  • RG6 (Correct)
  • CAT5
  • CAT3

Answer : RG6

Explanation An F connector is a coaxial RF connector commonly used for cable television with an RG6 cable. RG6 is a type of coaxial cable used to transmit audio and video signals to devices such as television sets.

A technician is configuring a computer lab at a school. The computers need to be able to communicate with each other, but students using the computers should not be able to access the Internet. What rule on the firewall should the technician configure to prevent student access to the Internet?

Options are :

  • Block all LAN to WAN traffic (Correct)
  • Block all WAN to LAN traffic
  • Block all WLAN to WAN traffic
  • Block all LAN to LAN traffic

Answer : Block all LAN to WAN traffic

Explanation By blocking all traffic from the LAN to WAN, it will prevent the students from accessing the Internet by blocking all requests to the Internet.

A network administrator wants to deploy a wireless network in a location that has too much RF interference at 2.4 GHz. Which of the following standards requires the use of 5 GHz band wireless transmissions?

Options are :

  • 802.11b
  • 802.11ac (Correct)
  • 802.11g
  • 802.11n
  • 802.11n

Answer : 802.11ac

Explanation 802.11ac wireless transmission channel uses the 5Ghz band. While 802.11n can operate in the 5 GHz band, it also operates in the 2.4 GHz band. Only 802.11ac and 802.11a operate exclusively in the 5 GHz band.

A VLAN with a gateway offers no security without the addition of:

Options are :

  • 802.1d
  • 802.1w
  • An ACL (Correct)
  • A RADIUS server

Answer : An ACL

Explanation VLANs can be protected with an ACL. Without a properly configured ACL, there is no additional security provided by a VLAN.

What encryption type MOST likely is used for securing a client-to-server VPN connection?

Options are :

  • Kerberos
  • AES
  • ISAKMP (Correct)
  • TKIP

Answer : ISAKMP

Explanation ISAKMP is used in IPSec, which is commonly used in client-to-server VPN connections.

What is used to proxy client requests for IP configurations across different network segments?

Options are :

  • Teredo tunneling
  • Reverse proxy
  • DHCP relay (Correct)

Answer : DHCP relay

Explanation A DHCP client is an Internet host using DHCP to obtain configuration parameters such as an IP address. A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet.

A technician needs to ensure wireless coverage in the green space near the center of the college campus. The antenna is being installed in the middle of the field on a pole. What type of antenna should be installed to ensure maximum coverage?

Options are :

  • Omnidirectional (Correct)
  • Yagi
  • Directional
  • Unidirectional

Answer : Omnidirectional

Explanation Omnidirectional antennas send the signal out equally in all directions, therefore it will provide the best coverage since it is located in the center of the field.

What is a network topology in which all nodes have point to point connections to all other nodes known as?

Options are :

  • Mesh (Correct)
  • Star
  • Bus
  • Ring

Answer : Mesh

Explanation A mesh network is a network topology in which each node relays data for the network.

An administrator needs to open the default port on the firewall for DNS. What port should they open?

Options are :

  • 110
  • 53 (Correct)
  • 67
  • 3389

Answer : 53

Explanation Port 53 is used for DNS.

What is used to authenticate remote workers who connect from offsite?

Options are :

  • 802.1x (Correct)
  • OSPF
  • VTP trunking
  • Virtual PBX

Answer : 802.1x

Explanation 802.1x can be used because it is designed to enhance the security of wireless local area networks (WLANs) . WLANs provide an authentication framework, allowing a user to be authenticated by a central authority. RADIUS (Remote Authentication Dial-In User Service) allows a company to maintain user profiles in a central database that all remote servers can share. It provides better security, allowing a company to set up a policy that can be applied at a single administered network point. Remote users connect to one or more Remote Access Servers. The remote access servers then forward the authentication requests to the central RADIUS server. 802.1X is an IEEE Standard for Port-based Network Access Control (PNAC). It provides an authentication mechanism to devices wishing to attach to a network. 802.1X authentication involves three parties: a supplicant, an authenticator, and an authentication server. The supplicant is a client that wishes to attach to the network. The authenticator is a network device, such as an Ethernet switch, wireless access point or in this case, a remote access server and the authentication server is the RADIUS server.

A technician is setting up a new network and wants to create redundant paths through the network. What should be implemented to prevent performance degradation?

Options are :

  • VLAN
  • ARP inspection
  • Port mirroring
  • Spanning tree (Correct)

Answer : Spanning tree

Explanation The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. The basic function of STP is to prevent bridge loops and the broadcast radiation that results from them. Spanning tree also allows a network design to include spare (redundant) links to provide automatic backup paths if an active link fails, without the danger of bridge loops or the need for manual enabling/disabling of these backup links.

A host has been assigned the address This is an example of what kind of IPv4 address?

Options are :

  • MAC
  • Static
  • Public
  • APIPA (Correct)

Answer : APIPA

Explanation APIPA stands for Automatic Private IP Addressing and is a feature of Windows operating systems. When a client computer is configured to use automatic addressing (DHCP), APIPA assigns a class B IP address from to to the client when a DHCP server is unavailable.

A network technician has installed and configured a new wireless router. The clients and hosts can ping each other. The WAN is a 10Gbp/s cable connection. The wired clients have fast connections, but the wireless clients are slow to ping and browse the Internet. What could cause the slow wireless clients?

Options are :

  • A router is on the incorrect LAN
  • An access point experiencing RFI from florescent light bulbs (Correct)
  • A high signal-to-noise ratio on the wireless network
  • A cable connection does not support wireless

Answer : An access point experiencing RFI from florescent light bulbs

Explanation If interference in the wireless spectrum is occurring, more retransmissions will be needed (and thereby slowing speeds experienced). All the other answers will not cause a slow down of only the wireless network. And a high signal to noise ratio is a good thing on wireless networks.

A network engineer is conducting an assessment for a customer who wants to implement an 802.11n wireless network. Before the engineer can estimate the number of WAPs needed, it is important to reference the _______________.

Options are :

  • Network topology
  • Site survey (Correct)
  • Network diagram
  • PoE requirements

Answer : Site survey

Explanation Since it is a wireless network, a review of a site survey is necessary to determine any physical advantages and disadvantages. Network topology and Network diagrams can be created once the site survey is complete and the location of the access points is determined.

What should be used to ensure a specific device always receives the same IP address?

Options are :

  • Reservation (Correct)
  • DHCP relay
  • Address Lease
  • DHCP scope

Answer : Reservation

Explanation A DHCP reservation ensures that a device gets the same IP Address every time based on its MAC address.

A customer is attempting to download a file from a remote FTP server, but receives an error that a connection cannot be opened. What should be done FIRST to resolve the problem?

Options are :

  • Validate the security certificate from the host
  • Flush the DNS cache on the local workstation
  • Ensure that port 161 is open
  • Ensure that port 20 is open (Correct)

Answer : Ensure that port 20 is open

Explanation Executing an FTP port connection through a client is a two-stage process requiring the use of two different ports. Once the user enters the name of the server and the login credentials in the authorization fields of the FTP client, the FTP connection is attempted over port 20.

A technician needs to set aside addresses in a DHCP pool so that certain servers always receive the same address. What should be configured?

Options are :

  • Helper addresses
  • Reservations (Correct)
  • Scopes
  • Leases

Answer : Reservations

Explanation A reservation is used in DHCP to ensure that a computer always receives the same IP address. To create a reservation, you need to know the hardware MAC address of the network interface card that should receive the IP address.

When a switch has multiple paths to reach the root bridge, what state is the port with the LEAST desirable path placed by the spanning tree protocol?

Options are :

  • Blocking (Correct)
  • Listening
  • Forwarding
  • Bonding

Answer : Blocking

Explanation Blocking is the state in the spanning tree protocol that prevents looping in the network.

QoS operates at which of the following OSI model layers?

Options are :

  • Layer 7
  • Layer 5
  • Layer 1
  • Layer 3 (Correct)

Answer : Layer 3

Explanation QoS occurs at both Layer 2 and Layer 3 of the OSI Model.

Janet is a system administrator who is troubleshooting an issue with a DNS server. She notices that the security logs have filled up and that they need to be cleared from the event viewer. She recalls this being a daily occurrence. What would BEST resolve this issue?

Options are :

  • Increase the maximum log size
  • Delete the logs when full
  • Log into the DNS server every hour to check if the logs are full
  • Install an event management tool (Correct)

Answer : Install an event management tool

Explanation Using an event management tool will allow the administrator to clear the event logs and move them from the server to a centralized database, if needed.

What 802.11g antenna broadcasts an RF signal in a specific direction with a narrow path?

Options are :

  • Bi-directional
  • Unidirectional (Correct)
  • Patch
  • Omni-directional

Answer : Unidirectional

Explanation Unidirectional is one direction. It focuses the broadcasting from the antenna in a single direction instead of all directions, focusing the transmission and making the signal stronger. A specific type of unidirectional antenna is known as a Yagi antenna, and this may be a term you may also see used on the Network+ certification exam.

Company policies require that all network infrastructure devices send system level information to a centralized server. What should be implemented to ensure the network administrator can review device error information from one central location?

Options are :

  • TACACS+ server
  • Single sign-on
  • Wi-Fi analyzer
  • Syslog server (Correct)

Answer : Syslog server

Explanation Syslog is a protocol designed to send log entries generated by a device or process called a facility across an IP network to a message collector, called a syslog server. A syslog message consists of an error code and the severity of the error. A syslog server would enable the network administrator to view device error information from a central location.

A new piece of malware is attempting to exfiltrate user data through hiding the traffic and sending it over a TLS-encrypted outbound traffic over random ports. What technology would be able to detect and block this type of traffic?

Options are :

  • Stateless packet inspection
  • Stateful packet inspection
  • Intrusion detection system
  • Application aware firewall (Correct)

Answer : Application aware firewall

Explanation A Web Application Firewall (WAF) or Application Aware Firewall would be able to detect both the accessing of random ports and the TLS encryption, and could identify it as suspicious, whereas Stateless would inspect port number being used by the traffic leaving. IDS only analyzes incoming traffic, therefore would not be able to see this activity as suspicious.

A network technician needs to identify active services that should be disabled on the network. What tool would BEST accomplish this?

Options are :

  • Interface monitoring tool
  • Packet analyzer
  • Content filter
  • Port scanner (Correct)

Answer : Port scanner

Explanation Port Scanner will scan for what ports are open or closed enabling certain services or not. Such as if port 22 is open, that means Secure Shell service is enabled. Or if port 25 is open then the SMTP service is enabled.

Max is a network technician who just terminated the ends on a new copper cable used between two legacy switches. When he connects the two switches together using the cable, they fail to establish a connection. What is MOST likely the issue?

Options are :

  • The cable is a crossover cable
  • The cable is a straight-through cable (Correct)
  • The cable has exceeded bend radius limitations
  • The cable has RJ-11 connectors instead of RJ-45

Answer : The cable is a straight-through cable

Explanation There are two types of cable, Straight-through and Crossover. In this instance, a crossover cable would need to be used to communicate with legacy switches since they won't support MDIX.

A switch technician is being tasked to centrally manage the switches and to segment the switches by broadcast domains. The corporate network is currently using VLAN1 for all of its devices and is using a single private IP address range with a 24-bit mask. The supervisor wants VLAN 100 to be the management subnet and all switches to share the VLAN information. What option would be best to use?

Options are :

  • Use VLSM on VLAN1, with VTP and 802.1w on the inter switch connections with native VLAN 100
  • Use VLSM on the IP address range, with STP and 802.1q on the inter switch connections with native VLAN 100
  • Use VLSM on the IP address range, with VTP and 802.1x on all inter switch connections with native VLAN 100
  • Use VLSM on the IP address range, with VTP and 802.1q on the inter switch connections with native VLAN 100 (Correct)

Answer : Use VLSM on the IP address range, with VTP and 802.1q on the inter switch connections with native VLAN 100

Explanation 802.1q is the networking standard that supports VLANs and VLAN tagging. VTP is the VLAN Trunk Protocol and carries all VLAN information to all switches in a VTP domain.

What connection type is used to terminate DS3 connections in a telecommunications facility?

Options are :

  • BNC (Correct)
  • RJ-11
  • F-connector
  • 66 block

Answer : BNC

Explanation Bayonet Neill-Concelman Connector (BNC connector) is a type of coaxial RF (Radio frequency) electrical connector that is used in place of coaxial connectors. A DS3 (Digital Signal 3) is also known as a T3 line with a maximum bandwidth of 44.736 Mbit/s. DS3 uses 75 ohm coaxial cable and BNC connectors.

A home office has a dozen devices that need a class-based DHCP device to assign addresses. The subnet only has one octet for the host portion of each device. What IP address could be assigned to the default gateway?

Options are :

  • (Correct)

Answer :

Explanation A non-routable IP address (in this case, also known as a private IP address, is not assigned to any one organization and does not need to be assigned by an Internet Service Provider. Since the question wants a class-based IP to be assigned to devices, and only one octet being available for the host portion, it would need to be a Class C address, such as

While installing new network equipment, a network administrator wants to add infrastructure to keep the cables organized in the environment. The administrator also needs cables to be easily removed or added due to the constantly changing environment. What should be added to the network plant to achieve this goal?

Options are :

  • Hook and loop straps
  • Raised floor
  • Cable ties
  • Ladder trays (Correct)

Answer : Ladder trays

Explanation Ladder trays are a cost-effective alternative and allow for easy installation of cables by electricians as well as future access for adding or removing cable runs.

What describes a design where traffic is shared between multiple network servers to provide greater throughput and reliability?

Options are :

  • Load balancing (Correct)
  • VLAN tagging
  • Multiplexing
  • MPLS trunking

Answer : Load balancing

Explanation Load Balancing is a technique used to spread work across multiple computers, network links, or other devices.

A network technician is diligent about maintaining all system servers at the most current service pack level available. After performing upgrades, users experience issues with server-based applications. What should be used to prevent issues in the future?

Options are :

  • Configure a honeypot for application testing
  • Configure a test lab for updates (Correct)
  • Virtualize the servers and take daily snapshots
  • Configure an automated patching server

Answer : Configure a test lab for updates

Explanation To prevent the service pack issues, make sure to validate them in a test/lab environment first before going ahead and applying a new Service Pack in your production environment.

You have been tasked with testing a CAT 5e network cable. After conducting the test using the tool provided by your manager, you see the following test results:

What tool did you use to test the cable and get these results?

Options are :

  • Crimper
  • Cable Certifier (Correct)
  • Multimeter
  • Punch Down Tool
  • Protocol Analyzer
  • OTDR
  • Toner Probe

Answer : Cable Certifier

Explanation Cable certifiers can provide a “pass? or “fail? status in accordance with the industry standards and can also show detailed information such as “open?, “short?, or the length of the cable. None of the other tools listed can provide you with this level of information.

Looking over your cable test results again, determine if the cable was or was not properly crimped.

Options are :

  • Cable was properly crimped
  • Cable was not properly crimped (Correct)

Answer : Cable was not properly crimped

Explanation Cable certifiers can provide a “pass? or “fail? status in accordance with the industry standards and can also show detailed information such as “open?, “short?, or the length of the cable. When a short is detected, but the full length of the cable is shown (3 ft), this indicates the cable was incorrectly crimped. In this case, it appears that pin 3 and pin 6 are both crimped into the same position in the RJ-45 connector, causing the short.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions