Questions & Answers : CompTIA Network+ (N10-007)

What is an example of an IPv4 address?

Options are :

  • 192:168:1:55
  • 192.168.1.254 (Correct)
  • ::1
  • 00:AB:FA:B1:07:34

Answer : 192.168.1.254

Explanation The first one has colons, the third is a MAC address, and the last one is an IPv6 loopback address. The second one is the obvious choice.

What protocol is used to encapsulate other network layer protocols such as multicast and IPX over WAN connections?

Options are :

  • MPLS
  • PPP
  • ESP
  • GRE (Correct)

Answer : GRE

Explanation Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks.

Michael has been tasked with assigning two IP addresses to WAN interfaces on connected routers. In order to conserve address space, what subnet mask should he use for this subnet?

Options are :

  • /29
  • /28
  • /24
  • /30 (Correct)

Answer : /30

Explanation An IPv4 address consists of 32 bits. The first x number of bits in the address is the network address and the remaining bits are used for the host addresses. The subnet mask defines how many bits form the network address and from that, we can calculate how many bits are used for the host addresses. In this question, the /30 subnet mask dictates that the first 30 bits of the IP address are used for network addressing and the remaining 2 bits are used for host addressing. The formula to calculate the number of hosts in a subnet is 2n - 2. The "n" in the host's formula represents the number of bits used for host addressing. If we apply the formula (22 - 2), a /30 subnet mask will provide 2 IP addresses.

A desktop computer is connected to the network and receives an APIPA address but is unable to reach the VLAN gateway of 10.10.100.254. Other PCs in the VLAN subnet are able to reach the Internet. What is the MOST likely source of the problem?

Options are :

  • Bad SFP in the PC's 10/100 NIC
  • APIPA has been misconfigured on the VLAN
  • OS updates have not been installed
  • 802.1q is not configured on the switch port (Correct)

Answer : 802.1q is not configured on the switch port

Explanation APIPA addresses are self-configured and are used when the client is unable to get proper IP configuration from a DHCP server. One possible source of this problem is a misconfigured switch port that the computer is connected to. The 802.1q protocol is used to configure VLAN trunking on switch ports.

A company has a secondary datacenter in a remote location. The cable management and power management are handled by the datacenter staff, while the building’s security is also handled by the datacenter staff with little oversight from the company. What should the technician do to follow the best practices?

Options are :

  • Ensure power monitoring is enabled
  • Secure the patch panels
  • Secure the UPS units
  • Ensure rack security (Correct)

Answer : Ensure rack security

Explanation By ensuring rack security such as locks, RFID card locks, and swing handles, the technician adds an extra layer of security to the servers which is a best practice.

A company is installing several APs for a new wireless system that requires users to authenticate to the domain. The network technician would like to authenticate to a central point. What solution would be BEST to achieve this?

Options are :

  • RADIUS server and access point (Correct)
  • TACACS and proxy server
  • RADIUS server and network controller
  • TACACS+ device and RADIUS server

Answer : RADIUS server and access point

Explanation A Remote Authentication Dial-in User Service (RADIUS) server provides AAA management for users connecting to a wired or wireless network, which includes the ability to authenticate users. As servers are inherently not built with wireless access capabilities, an access point would have to be included in the setup for the RADIUS to work correctly with wireless clients.

A network administrator is troubleshooting an issue with unstable wireless connections in a residence hall. Users on the first and second floors report that the hall’s SSID is not visible in the evenings. The network administrator has verified that the wireless system is operating normally. What is the cause of the issue being reported by the users?

Options are :

  • The SSID is set to hidden
  • Internet router maintenance is scheduled (Correct)
  • A jammer is being used
  • An ARP attack is underway

Answer : Internet router maintenance is scheduled

Explanation Process of elimination: the ARP attack would allow attackers to intercept data or stop all traffic; the SSID being set to hidden wouldn’t just change during the day, and a jammer being used would show some possible “wrong? traffic in the logs of the wireless. Internet router maintenance would simply take the network down for the duration of the update/maintenance.

A network technician has been tasked with connecting three 802.11a clients to an 802.11g access point that is configured for WEP and is within a (9m) line of sight from the client. The clients are unable to associate with the access point. What is MOST likely cause of this issue?

Options are :

  • Wrong frequency (Correct)
  • Wrong encryption
  • Signal loss
  • Interference

Answer : Wrong frequency

Explanation 802.11a operates in the 5GHz band while 802.11g operates in the 2.4GHz band. 802.11a clients cannot communicate to a 802.11b or 802.11g access point.

What is the BEST way to prevent various types of security threats throughout the network on a routine basis?

Options are :

  • Business continuity training
  • Penetration testing
  • User training and awareness (Correct)
  • Disaster recovery planning

Answer : User training and awareness

Explanation Users are the number one vulnerability to a network. Increasing user training can decrease the number of security threats that are realized on your networks.

A network technician has been dispatched to investigate sporadic network outages. After looking at the event logs for the network equipment, the network technician finds that the network equipment has been restarting at the same time every day. What should the technician deploy to correct this issue?

Options are :

  • Rack monitoring
  • Grounding bar
  • Surge protector
  • Air flow management
  • UPS (Correct)

Answer : UPS

Explanation An Uninterruptible power supply (UPS) is a battery system that can supply short term power to electrical units. Since all the devices are restarting at the same time, it is likely due to a power outage. In this case, a UPS would continue to supply power to the network equipment during outages or blackouts.

What is the BEST way to secure the most vulnerable attack vector for a network?

Options are :

  • Remove unneeded services running on the servers
  • Provide end-user awareness training for office staff (Correct)
  • Update all antivirus definitions on workstations and servers
  • Use biometrics and SSO for authentication

Answer : Provide end-user awareness training for office staff

Explanation Users are our most vulnerable attack vector, proper training can help reduce the risk.

An administrator would like to test out an open source-based phone system prior to making an investment in hardware and phones. What should the administrator do to BEST test the software?

Options are :

  • Deploy an open-source VDI solution to create a testing lab
  • Create a virtual PBX and connect it to SIP phone applications (Correct)
  • Create virtual IP phones in a lab that utilize the STP protocol
  • Deploy new SIP appliances and connect them to the open source phone applications

Answer : Create a virtual PBX and connect it to SIP phone applications

Explanation To test out the system prior to purchasing it, he should connect to a virtual PBX with a SIP phone application and ensure it meets his need. Deploying new SIP appliances would be costly, therefore a bad choice. Deploying a VDI is a virtual desktop infrastructure solution, which doesn't have anything to do with phones. Creating virtual IP phones in a lab may work but isn't going to give him an accurate representation of the actual usage of the system.

What would be used in an IP-based video conferencing deployment?

Options are :

  • Codec (Correct)
  • Bluetooth
  • RS-232
  • 56k modem

Answer : Codec

Explanation The term "codec" is a concatenation of "encoder" and "decoder?. In video conferencing, a codec is a software (or can be a hardware) that compresses (encodes) raw video data before it is transmitted over a network.

A network technician wants to create a network where consultants can access the Internet without disrupting the office’s intranet. What type of network should be created?

Options are :

  • Security network
  • DMZ network
  • VLAN network
  • Guest network (Correct)

Answer : Guest network

Explanation Guest network allows anyone to have access to the Internet without having the rights to disrupt the intranet. This network should be logically isolated from the corporate intranet of the office.

A client reports that half of the office is unable to access a shared printer on the network. What should the network technician use to troubleshoot the issue?

Options are :

  • Network Diagrams (Correct)
  • Vendor documentation
  • Data backups
  • Baseline information

Answer : Network Diagrams

Explanation Network diagram is a visual representation of a computer network. Understanding all the connections is a fundamental step in network troubleshooting. This baseline information can be used for anticipating future problems, as well as planning for future growth.

A campus needs to provide wireless connectivity in a cafeteria with a minimal number of WAPs. What type of antenna will provide the BEST coverage?

Options are :

  • Bidirectional
  • High gain (Correct)
  • Omni-directional
  • Dipole

Answer : High gain

Explanation High gain antennas put out increased signal strengths and therefore can reach further with less WAPs.

The administrator modifies a rule on the firewall and now all the FTP users cannot access the server any longer. The manager calls the administrator and asks what caused the extreme downtime for the server. In regards to the manager's inquiry, what did the administrator forget to do first?

Options are :

  • Document the changes
  • Schedule a maintenance window
  • Provide notification of change to users
  • Submit a change request (Correct)

Answer : Submit a change request

Explanation A change request should be submitted through the change management process prior to any changes being made.

A network engineer is designing a campus-wide wireless network. Wireless access points will be distributed across the campus for maximum availability. The network is to be designed to handle a large number of roaming wireless devices. What feature should he employ?

Options are :

  • VLAN pooling
  • LWAPP (Correct)
  • WPA2
  • Subnetting

Answer : LWAPP

Explanation LWAPP is the best choice because it serves as a standard single point that allows quick and efficient management of multiple wireless devices at a time.

A company has added a lot of new users to the network that is causing an increase in network traffic by 200%. Original projection by the engineers was that the new users would only add 20-30% more network traffic, not 200%. The network administrator suspects that a compromise of the network may have occurred. What should the network administrator have done previously to prevent this network breach?

Options are :

  • Provide end user awareness and training for employees (Correct)
  • Place a network sniffer on segments with new employees
  • Create VLANs to segment the network traffic
  • Ensure best practices were implemented when creating new user accounts

Answer : Provide end user awareness and training for employees

Explanation With new employees entering a company, often they are not fully aware of the company’s Internet usage policy and safe Internet practices. Providing end user awareness and training for new employees help reduce the company’s vulnerability to malicious entities on the Internet.

A user has installed a new wireless printer on the network. The user cannot get it connected to the Internet, but can print locally. All other office users can reach the Internet, but cannot connect to the new wireless printer. All users are wireless in this part of the office. What MOST likely has occurred?

Options are :

  • They installed the printer in infrastructure mode
  • They misconfigured the gateway on the wireless printer
  • They installed the printer in ad-hoc mode (Correct)
  • They installed the printer in the wrong subnet

Answer : They installed the printer in ad-hoc mode

Explanation The printer is most likely in ad-hoc mode, which is also known as IBSS. In this type of network, devices talk directly to each other but have no connection outside of this "self-created" network.

A technician needs to set up uplink ports for multiple switches to communicate with one another. All VLANs should be transferred from the designed server switch. What should be set on the uplink ports if VLAN 1 is not the management VLAN?

Options are :

  • STP (Correct)
  • 802.1x
  • 802.1q
  • Port mirroring
  • Port security
  • VTP

Answer : STP

Explanation Setting STP on the uplink ports will ensure that loops are not created.

What cloud infrastructure design includes on-premise servers utilizing a centralized syslog server that is hosted at a third-party organization for review of the logs?

Options are :

  • Hybrid (Correct)
  • Public
  • Community
  • Private

Answer : Hybrid

Explanation On-premise servers is an aspect of the private cloud, whereas syslog hosted on a third-party server is an aspect of the public cloud. Since a hybrid cloud consists of any type of cloud computing sharing multiple aspects of different cloud infrastructure designs, hybrid is the correct answer.

What technology is designed to keep system's uptime running in the event of a disaster?

Options are :

  • High availability (Correct)
  • Load balancing
  • Quality of service
  • Caching engines

Answer : High availability

Explanation If a network switch or router stops operating correctly (meaning that a network fault occurs), communication through the network could be disrupted, resulting in a network becoming unavailable to its users. Therefore, network availability, called uptime, is a major design consideration.

A facility would like to verify each individual's identity prior to allowing access to its server room and datacenter. Additionally, the building should ensure that users do not tailgate behind other users. What solution would BEST meet these requirements?

Options are :

  • Implement a biometric reader at the facility entrance and a proximity card at the datacenter entrance
  • Implement a security guard at the facility entrance and a keypad at the datacenter entrance
  • Implement a biometric reader at the datacenter entrance and require passage through a mantrap (Correct)
  • Implement a CCTV camera and a proximity reader at the datacenter entrance

Answer : Implement a biometric reader at the datacenter entrance and require passage through a mantrap

Explanation A biometric reader would read the employee's fingerprints. A mantrap is most often used in physical security to separate non-secure areas from secure areas and prevent unauthorized access.

A technician is called to investigate a connectivity issue to a remote office that is connected by fiber optic cable. Using a light meter, it is determined that the Db loss is excessive. The installation has been working for several years. The switch was recently moved to the other side of the room and a new patch cable installed. What is most likely the reason for this problem?

Options are :

  • Bend radius limitation
  • Dirty connectors (Correct)
  • Distance limitations
  • Wavelength mismatch

Answer : Dirty connectors

Explanation When Fiber Optic Connectors become dirty, the loss of signal can cause severe problems and performance issues. The technician will need to use appropriate cleaning cloths to clean the dirty connectors and restore the service.

A network technician needs to set up two public-facing web servers and wants to ensure that if they are compromised, the intruder cannot access the intranet. What security technique should be utilized?

Options are :

  • Place them in the demilitarized zone (Correct)
  • Place them in a separate subnet
  • Place them behind honeypots
  • Place them between two identical firewalls

Answer : Place them in the demilitarized zone

Explanation A demilitarized zone (DMZ) is a sub-network inside a network and acts as a semi-trusted zone. It is used for servers that need to be public-facing, such as web, mail, FTP, and VoIP servers.

What port should be allowed to provide access to certain VoIP applications?

Options are :

  • 1720
  • 139
  • 5060 (Correct)
  • 110

Answer : 5060

Explanation 5060 is used by SIP, which VOIP relies upon.

During what period should all scheduled work on production network equipment be scheduled?

Options are :

  • Maintenance window (Correct)
  • Down time
  • Business hours
  • Development life cycle

Answer : Maintenance window

Explanation By using a Maintenance Window, all downtime is limited and the organization can prepare in advance for the scheduled work to be carried out.

Two office buildings are connected via copper network cabling buried in the ground. During local construction, the second building suffers a permanent network outage. What is the MOST likely cause of the outage?

Options are :

  • Cross-talk
  • Open circuit (Correct)
  • Electromagnetic interference
  • Signal attenuation

Answer : Open circuit

Explanation Since the issue started after construction began, it is most likely that the construction crew broke the cable during digging operations. This can cause an open circuit or short circuit, depending on how the cable was cut/broken.

A network technician has configured a point-to-point interface on a router. Once the fiber optic cables have been run, though, the interface will not come up. The technician has cleaned the fiber connectors and used an optical power meter to confirm that light is passing in both directions without excessive loss. What is the MOST likely cause of this issue? 

Options are :

  • Distance limitation
  • Cross-talk
  • EMI
  • Wavelength mismatch (Correct)

Answer : Wavelength mismatch

Explanation Wavelength mismatch is when one or more wavelengths in a fiber optic cable are unequal and cannot be measured using an optical power meter. Cross-talk and EMI are both elements that are irrelevant to Fiber optics.

What default port is associated with network protocols that is connectionless?

Options are :

  • 443
  • 80
  • 3389
  • 2427 (Correct)

Answer : 2427

Explanation Port 80 (HTTP), Port 443 (HTTPS), and Port 3389 (RDP) are all connection-oriented protocols which rely on TCP. They require a connection being established between two hosts in order to verify delivery of the data and error checking during data transfer. Port 2427 is used for Media Gateway Control Protocol, which relies on UDP (a connectionless protocol).

What allows a telecommunication company to remotely test circuits of customers?

Options are :

  • VLAN configuration
  • Toner Probe
  • Smart Jack (Correct)
  • RDP

Answer : Smart Jack

Explanation Smart jacks have built-in remote diagnostics.

A user reports slow computer performance. A technician troubleshooting the issue uses a performance monitoring tool and receives the following results:

Avg % Processor Time =10%
Avg Pages/Second = 0
Avg Disk Queue Length = 3

Based on the results, what might be causing a bottleneck in performance?

Options are :

  • Hard drive (Correct)
  • Processor
  • Memory
  • NIC

Answer : Hard drive

Explanation Based on the results, the hard drive (disk queue) is causing the bottle neck. Since the average processor is not over 50%, the pages/second (memory) is not heavily burdened, nor do we have any information on the NIC.

What is a connectionless protocol?

Options are :

  • TCP
  • ICMP (Correct)
  • SSL
  • SSH

Answer : ICMP

Explanation A connectionless protocol is a form of data transmission in which data is transmitted automatically without determining whether the receiver is ready, or even whether a receiver exists. ICMP, UDP, IP, and IPX are well-known examples.

An administrator has configured a new 100Mbps WAN circuit, but speed testing shows poor performance when downloading larger files. The download initially reaches close to 100Mbps but begins to drop and show spikes in the download speeds over time. The administrator checks the router interface and sees the following:

NETRTR01# show interface eth 1/1
GigabitEthernet 1/1 is up, line is up Hardware is GigabitEthernet, address is 000F.33CC.F13A
Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Member of L2 VLAN 1, port is untagged, port state is forwarding 

What is the issue?

Options are :

  • Apply egress port rate-shaping
  • Shutdown and then re-enable this interface
  • Reset the statistics counter for this interface
  • Remove default 802.1q tag and set to server VLAN (Correct)

Answer : Remove default 802.1q tag and set to server VLAN

Explanation Since the VLAN port is untagged, it can be slowing down performance. It is recommended to remove the default VLAN tag and setup a server VLAN to increase performance.

An administrator's network has OSPF for the internal routing protocol and has two interfaces that continue to go up and down. The administrator reviews the following output:

Fast ethernet 0 is up, line protocol is up
Int ip address is 192.24.120.5/25
MTU 1500 bytes, BW10000 kbit, DLY 100 usec
Reliability 255/255, Tx load 1/255, Rx load 1/255
Encapsulation ospf, loopback not set
Keep alive 10
Full duplex, 100Mb/s, 100Base Tx/Fx
Received 1052993 broadcasts
1258 input errors
983881 packet output, 768588 bytes
1747 output errors, 0 collisions, 423 resets 

What problem would cause this issue?

Options are :

  • Bad wire
  • Wrong IP address
  • Incorrect encapsulation
  • Duplex mismatch (Correct)

Answer : Duplex mismatch

Explanation The duplex mismatch can cause issues where the interface will continually go up and down, or "flap".

A network administrator is following the best practices to implement firewalls, patch management, and policies on his network. What should be performed to verify that the security controls are in place?

Options are :

  • AAA authentication testing
  • Single point of failure testing
  • Penetration testing (Correct)
  • Disaster recovery testing

Answer : Penetration testing

Explanation Penetration testing (also called pen testing) is the practice of testing a computer system, network, or web application in order to find vulnerabilities that an attacker could exploit. It can be used to ensure all security controls are properly configured and in place.

A company has decided to upgrade its legacy phone system to VoIP. The new phones will download the configurations from a TFTP server each time they boot up. What firewall port must be opened to ensure the phones can communicate with the server?

Options are :

  • 69 (Correct)
  • 161
  • 20
  • 53

Answer : 69

Explanation TFTP uses port 69 to communicate.

A network administrator is comparing several different wireless technologies. To calculate the effective maximum file transfer rate instead of the theoretical, what should be measured?

Options are :

  • Bandwidth
  • Throughput (Correct)
  • Latency
  • Goodput

Answer : Throughput

Explanation Throughput is the measurement of the maximum amount of data that is able to be sent over a transmission path.

What requires the network administrator to schedule a maintenance window?

Options are :

  • A major release upgrade of a core switch in a test lab
  • A minor release upgrade of a production router (Correct)
  • When a company-wide email notification must be sent
  • When the network administrator's laptop must be rebooted

Answer : A minor release upgrade of a production router

Explanation During an update of a production router, the router would not be able to route packages and the network traffic would be affected. It would be necessary to announce a maintenance window. A maintenance window is a period of time designated in advance by the technical staff, during which preventive maintenance that could cause disruption of service may be performed.

What happens when convergence on a routed network occurs?

Options are :

  • All routers learn the route to all connected networks (Correct)
  • All routers use route summarization
  • All routers have the same routing table
  • All routers are using hop count as the metric

Answer : All routers learn the route to all connected networks

Explanation Routers exchange routing topology information with each other by using a routing protocol. When all routers have exchanged routing information with all other routers within a network, the routers are said to have converged. In other words: In a converged network, all routers "agree" on what the network topology looks like.

An organization notices a large amount of malware and virus incidents at one satellite office, but hardly any at another. All users at both sites are running the same company image and receive the same group policies. What is MOST likely being implemented at the site with less issues?

Options are :

  • Vulnerability scanning
  • Consent to monitoring
  • End-user awareness training (Correct)
  • Business continuity measures

Answer : End-user awareness training

Explanation Users should have security awareness training and should have accepted and signed acceptable use policy (AUP) agreements. User awareness training is one of the most significant countermeasures the company can implement.

A network administrator needs to install a centrally-located firewall that needs to block specific incoming and outgoing IP addresses without denying legitimate return traffic. What firewall type should the administrator install?

Options are :

  • A stateless network-based firewall
  • A stateful network-based firewall (Correct)
  • A host-based firewall
  • A host-based stateful firewall

Answer : A stateful network-based firewall

Explanation A stateful firewall enhances security through the use of packet filtering and these types of firewalls also keep track of outbound requests and open the port for the returning traffic to enter the network.

A network administrator is configuring one distribution and five access switches which will be installed in a new building. What is the BEST physical location for the equipment?

Options are :

  • The distribution switch in the IDF and the access switches in the MDF
  • All switches should be placed in the MDF to leave room in the IDF for servers
  • The distribution switch in the MDF and the access switches in the IDF (Correct)
  • All switches should be placed in the IDF to leave room in the MDF for servers

Answer : The distribution switch in the MDF and the access switches in the IDF

Explanation Distribution switches should be placed in the Main Distribution Facility (MDF) and the access switches would be placed in the IDF closer to the end users.

A new network administrator is hired to replace a consultant that has been running the network for several months and whose contract was just cancelled. After a month of working on the network, the new network administrator realized there are some network issues and configuration changes in the server settings. The log files on the servers do not contain any error messages related to the issues or changes. What could be the problem?

Options are :

  • ICMP ping of death is resetting DHCP and DNS on the server
  • A backdoor has been installed to access the network (Correct)
  • The last ACL on the router is set to Deny All
  • TACAS\RADIUS misconfiguration is causing logs to be erased

Answer : A backdoor has been installed to access the network

Explanation A hacker or the previous administrator (consultant) left a piece of software or an SSH protocol to be able to allow themselves access to the network in order to change the server settings. The consultant may be disgruntled that their contract was cancelled and that the new network administrator was hired to replace them.

A network technician needs to monitor the network to find a user that is browsing websites that are against the company policy. What should the technician use to view the website and find the user browsing it?

Options are :

  • Packet sniffer (Correct)
  • SNMP GET
  • Top listener tool
  • Intrusion detection system

Answer : Packet sniffer

Explanation Packet Sniffers can capture and analyze network user traffic. This information can be queried to view website addresses, contents, and sometimes even the password information. This differs from an intrusion detection system in that IDS’ wait to receive implicitly-malicious data in a network prior to logging the event.

The network technician has received a large number of complaints from users that there is poor network performance. The network technician suspects a user may have created a malicious flood on the network with a large number of ping requests. What should the technician do?

Options are :

  • Upgrade firmware on all network cards
  • Remove all suspected users from the network
  • Update all antivirus software
  • Block all ICMP request (Correct)

Answer : Block all ICMP request

Explanation Ping requests use the Internet Control Message Protocol to send operational information about a host or router. Blocking all ICMP requests would eliminate the ping request flood, although it may become harder to diagnose network issues in the future as ICMP is used heavily in network troubleshooting.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions