CompTIA N10-009 Practice Test 2026

Explanation:

This question tests fiber-optic troubleshooting and Layer 1 connectivity issues. The key clue is that link lights are still off after replacing the damaged cable, which strongly indicates a physical-layer issue rather than configuration or device failure.

🟢 Correct Option: Transpose the two fiber connectors at one end of the new patch cord
Fiber links require correct transmit (Tx) and receive (Rx) alignment. If these are crossed incorrectly (Tx-to-Tx or Rx-to-Rx), the link will not come up and no link lights will appear. The first troubleshooting step is to ensure the fiber pairs are properly crossed (Tx to Rx and Rx to Tx). This is a common and simple Layer 1 issue that should always be checked before replacing hardware or changing configurations.

🔴 Incorrect options:

A. Replace the fiber-optic transceiver in the switch
Transceivers are rarely the cause when both link lights are off immediately after a cable replacement. Since the issue started after physical cabling work, the problem is more likely incorrect fiber polarity rather than hardware failure.

B. Log in to the switch to shut down and re-enable the switchport
If link lights are off, the issue is at Layer 1, meaning the switchport is not physically detecting a connection. A configuration reset will not restore physical connectivity.

D. Swap the single-mode fiber patch cord with a multimode fiber patch cord
The scenario already specifies a single-mode fiber link over a long distance (16 km), which is appropriate. Multimode fiber is unsuitable for this distance and would not resolve the issue.

🔧 Reference:
→ CompTIA Network+ Fiber Optic Cabling Concepts
Confirms that incorrect fiber polarity (Tx/Rx mismatch) is a common Layer 1 issue that prevents link establishment between fiber-connected devices.

Explanation:
In an indoor corporate environment like a headquarters, the primary cause of severe Wi-Fi interference that leads to constant disconnections is multipath interference, which is caused by excessive signal reflection.

How it happens: Wireless signals are radio waves. When they encounter hard, smooth surfaces like concrete walls, metal filing cabinets, glass windows, or elevator shafts, they reflect. These reflected copies of the same signal travel along different paths and arrive at the receiving antenna at slightly different times.

The Problem: The receiving antenna must process both the original signal and its delayed echoes. If the delay is significant, these out-of-phase signals can cancel each other out or corrupt the data, leading to a phenomenon known as multipath fading. This corruption causes high packet loss, which the client device interprets as a weak or unstable signal, forcing it to drop and reassociate with the access point constantly.

Detailed Analysis of Other Options

B. Too much wireless absorption is incorrect.
Why it's plausible: Absorption (by materials like water in walls, thick concrete, or drywall) weakens a Wi-Fi signal, reducing its range and strength.
Why it's not the best cause: A weak signal typically results in low data rates and poor performance, but not necessarily the "severe interference" and "constant dropping" described. The device would likely maintain a slow, unstable connection rather than repeatedly disconnecting. The question specifies "interference," which is typically caused by signal conflict (like reflection or competing RF sources), not just attenuation (weakening).

C. Too many wireless repeaters is incorrect.
Why it's plausible: Improperly deployed wireless repeaters can create co-channel interference (CCI) by rebroadcasting the same signal on the same channel, which can degrade performance.
Why it's not the most likely cause: A well-designed corporate headquarters network is unlikely to rely heavily on consumer-grade wireless repeaters. They would use a managed wireless LAN (WLAN) with multiple, properly channeled access points connected via Ethernet backhaul. While CCI is a real issue, it is more systematically managed in an enterprise setting, making pervasive reflection from the building's own construction a more probable root cause.

D. Too many client connections is incorrect.
Why it's plausible: A single access point can become overloaded with too many concurrent clients, leading to high latency and poor performance for all users.
Why it's not the cause: Client overloading causes resource contention and slow speeds, but it does not typically cause "severe interference" in the radio frequency (RF) sense. The device would likely remain associated with the network but would experience very slow data transfer. The symptom of "constantly dropping off the network" points to an RF integrity issue (like multipath) rather than a capacity issue.

Reference:
This question aligns with the CompTIA Network+ (N10-009) Exam Objectives, specifically under:

Domain 2.0: Network Implementations
Objective 2.4: Given a scenario, install and configure the appropriate wireless standards and technologies. This includes understanding wireless media and the effects of the physical environment on a Wi-Fi signal, such as reflection, absorption, and multipath.

Explanation:
Link aggregation (EtherChannel, 802.3ad LACP) combines multiple physical links into a single logical link. It provides fault tolerance (one link fails, traffic continues over others), increased bandwidth (aggregate of links), vendor interoperability (LACP standard), simplified management (one logical interface), and is cost‑effective (uses existing ports).

Correct Option:

C (Link aggregation)

Fault tolerance – Traffic redistributes across remaining links if one fails.

Increased bandwidth – Aggregates up to 8 links (e.g., 8 × 1Gbps = 8Gbps).

Vendor interoperability – LACP (802.1ax) works across vendors.

Simplified management – One logical interface to configure, not multiple physical ports.

Cost effective – Uses standard Ethernet ports and cables.

Incorrect Options:

A (Spanning tree) –
STP prevents loops but does not increase bandwidth or aggregate links. It blocks redundant ports, wasting capacity. Not a solution for active‑active link aggregation between data centers.

B (Interface speeds to 10GB) –
Upgrading to 10GB increases bandwidth but does not inherently provide fault tolerance or redundancy (single link failure still causes outage). It is also less cost‑effective than aggregating existing 1GB ports.

D (Jumbo frames) –
Jumbo frames (larger MTU, e.g., 9000 bytes) improve efficiency but do not provide fault tolerance, redundancy, or increased aggregate bandwidth. No impact on vendor interoperability or simplified management in this context.

Reference:
CompTIA Network+ N10-009 Exam Objectives: Section 2.2 (Ethernet Switching) – Link aggregation (LACP, EtherChannel) benefits: load sharing, redundancy, increased throughput. Section 4.4 (Network Monitoring) – LACP for fault‑tolerant multi‑link designs.

Explanation:

✅ Why A. DNS Poisoning is Correct

DNS poisoning (also called DNS spoofing) is an attack in which an attacker corrupts the Domain Name System (DNS) cache or records, causing legitimate domain queries to resolve to malicious IP addresses.

1. When a user attempts to visit a legitimate company website (e.g., www.example.com), the poisoned DNS entry sends them to a completely different website — often controlled by the attacker.
2. This can be used for phishing, malware distribution, or credential theft.
3. The attack works by injecting false DNS records into a resolver’s cache, tricking systems into accepting them as authentic.

Official CompTIA Reference:

CompTIA Network+ N10-009 Exam Objective 4.3: "Explain common networking attacks" – DNS poisoning is explicitly listed as a method for redirecting traffic to malicious sites.

CompTIA Network+ Study Guide: “In DNS poisoning, attackers alter DNS records to redirect traffic from legitimate sites to fraudulent ones without the user’s knowledge.”

Why the Other Options Are Incorrect

B. Denial-of-Service (DoS)

1. DoS attacks flood a target system with traffic to make it unavailable.
2. They do not typically redirect users to a different website — they simply prevent access to the original site.

C. Social Engineering

1. Social engineering manipulates human behavior to gain access or information (e.g., phishing emails, pretexting).
2. While it might trick someone into clicking a malicious link, it is not an automated network-level redirection attack like DNS poisoning.

D. ARP Spoofing

1. ARP spoofing tricks devices on a local network into sending traffic to the attacker instead of the intended recipient by falsifying ARP messages.
2. While it can enable man-in-the-middle attacks and even redirection, it is limited to the local network and does not generally affect users accessing a public website via DNS resolution.

Key Exam Tip: When you see a question mentioning users being sent to the wrong site when using a legitimate URL, think DNS poisoning — it’s a textbook redirection attack at the DNS level.

Explanation:

This question tests understanding of DHCP scope management and IP address exhaustion. The existing scope (.50–.150 = 101 addresses) is fully consumed. The scan reveals IPs .45–.49 are statically assigned outside the scope. Ten new laptops received no valid DHCP lease, causing them to only communicate with each other via APIPA addresses. The scope must be expanded downward carefully.

✅ B. Increase the scope to 10.8.100.40 – 10.8.100.150
Extending the scope down to .40 adds addresses .40–.44 as new assignable DHCP IPs, while .45–.49 remain statically managed outside the DHCP pool. This provides exactly enough room for the 10 new laptops without overlapping the reservation block (.151–.175) or conflicting with statically assigned addresses. It is the minimal and precise fix needed.

❌ A. Increase the scope to 10.8.100.35 – 10.8.100.150
Extending the scope all the way to .35 expands unnecessarily beyond what is needed. It introduces a larger DHCP pool than required for just 10 laptops and risks assigning addresses in the .35–.44 range that may already be reserved for future static use. Over-expanding a DHCP scope is poor network management practice.

❌ C. Increase the scope to 10.8.100.40 – 10.8.100.175
This option extends the upper boundary into the reservation range (.151–.175). Reservations are pre-assigned to specific devices by MAC address. Including them in the general DHCP scope would cause IP address conflicts, potentially breaking connectivity for those reserved devices already on the network.

❌ D. Increase the scope to 10.8.100.50 – 10.8.100.175
This option keeps the lower boundary unchanged at .50, adding no new addresses on the lower end. It also extends the upper boundary into the reservation block (.151–.175), causing the same conflicts as Option C. This change provides no new assignable addresses while creating additional IP conflicts.

🔧 Reference:
⇒ CompTIA Network+ Exam Objectives (N10-009)
→ Covers DHCP configuration, scope management, and IP address conflict resolution under Domain 1.3 — Explain the concepts and characteristics of routing and switching and Domain 2.1 — Compare and contrast various devices, their features, and their appropriate placement on the network.

⇒ CompTIA Network+ Certification Overview
→ Confirms DHCP troubleshooting and IP addressing management as core competencies tested within the N10-009 exam objectives.

Explanation:
The technician needs to identify which switch and port the laptop is connected to. LLDP (Link Layer Discovery Protocol) allows network devices to advertise their identity, chassis ID, port ID, and system name to directly connected neighbors. Running an LLDP client on the laptop (or checking switch LLDP neighbors) reveals the switch name and port number.

Correct Option:

A (LLDP)

LLDP is a vendor-neutral Layer 2 discovery protocol (IEEE 802.1AB).

The switch sends LLDP advertisements containing chassis ID (switch name) and port ID (interface).

The laptop can receive these with an LLDP listener (e.g., lldpd, Wireshark).

Cisco also supports CDP, a similar proprietary protocol.

Incorrect Options:

B (IKE) –
Internet Key Exchange (IKE) is used to establish IPSec VPN security associations. It has no role in physical switch and port discovery.

C (VLAN) –
VLAN identifies the logical broadcast domain, not the physical switch or port number. VLAN configuration does not help locate which switch port is in use.

D (netstat) –
Netstat displays active network connections (TCP/UDP) and listening ports on the laptop. It shows remote IPs, not the physical switch or interface.

Reference:
CompTIA Network+ N10-009 Exam Objectives: Section 1.7 (Network Topologies and Types) – LLDP for neighbor discovery. Section 2.3 (Switching Concepts) – Discovery protocols (LLDP, CDP) for identifying directly connected switches and ports during troubleshooting.

Explanation:

This question tests understanding of inter-switch connectivity and VLAN configuration. When a new switch is added to expand network capacity and connected via a single cable, the link between the two switches must be properly configured to carry traffic from multiple VLANs. Without trunk port configuration, VLAN-tagged traffic cannot pass between switches, leaving all moved hosts isolated.

✅ Correct Option:

A. Configure the connecting ports as trunk ports
A trunk port allows multiple VLANs to pass over a single inter-switch link using IEEE 802.1Q tagging. Without this configuration, the connecting port defaults to an access port carrying only one VLAN, blocking all hosts on other VLANs from reaching the network. Setting both switch ports as trunk ports resolves the connectivity issue immediately.

❌ Incorrect Options:

B. Install STP cables between the switches
STP (Shielded Twisted Pair) is a cable type, not a solution for VLAN or connectivity configuration issues. The problem here is a port configuration issue, not a physical cabling or signal interference problem. Replacing or adding cables would not restore network access to the moved hosts.

C. Increase the PoE budget for the switches
PoE (Power over Ethernet) provides electrical power to devices like IP phones or cameras through network cables. It has no relation to VLAN traffic or inter-switch communication. The hosts losing network access is a Layer 2 configuration issue, not a power delivery problem.

D. Set up link aggregation on the uplink ports
Link aggregation (LACP) combines multiple physical links for increased bandwidth and redundancy. However, the scenario mentions only a single cable connecting the switches. More importantly, the core issue is VLAN traffic not passing — link aggregation would not fix the lack of trunk configuration causing the outage.

🔧 Reference:
→ CompTIA Network+ Exam Objectives (N10-009) — Network Switching
Covers trunk ports, VLANs, and inter-switch link configuration under switching and network infrastructure topics.

Explanation:

A toner (tone generator and probe) is the most effective tool for identifying the correct patch panel port in an unlabeled setup. The tone generator is connected to the wall jack in the office, sending a signal through the UTP cable. The probe is then used at the patch panel to detect the signal, identifying the corresponding port.

This method is quick and precise for tracing cables in a wiring closet, directly addressing the issue of an unlabeled patch panel. This aligns with CompTIA Network+ N10-009 Exam Objectives, Domain 4.0 (Network Troubleshooting), Objective 4.2, which includes using tools like toners for cable identification and troubleshooting.

Why Other Options Are Incorrect

B. Laptop: A laptop could be used to test connectivity after patching but cannot identify an unlabeled patch panel port without additional tools or prior labeling, making it ineffective for this task.

C. Cable tester: A cable tester verifies cable continuity, pin assignments, or faults but cannot trace a specific cable to an unlabeled port without additional functionality like a toner.

D. Visual fault locator: This tool is used for fiber optic cables to detect breaks or faults by emitting visible light. It’s irrelevant for UTP (copper) cables used in this scenario.

Reference:

The answer is based on CompTIA Network+ N10-009 Exam Objectives, Domain 4.0 (Network Troubleshooting), Objective 4.2, which covers the use of tools like tone generators for identifying and troubleshooting cabling issues.

Explanation:
802.1X (port‑based authentication) meets all three requirements: it permits only authenticated devices (no pre‑shared MAC addresses), reduces spoofing by requiring per‑device credentials or certificates, is centrally managed via a RADIUS server, and provides detailed auditable logs of authentication attempts and failures.

Correct Option:

D (802.1X)

Reduces spoofing – Uses per-user/device credentials or certificates, not just MAC addresses.

Centrally managed – RADIUS server (e.g., Cisco ISE, FreeRADIUS) controls policies.

Auditable logs – RADIUS accounting logs track successful/failed authentications.

Port remains closed until authentication succeeds (EAP over LAN).

Incorrect Options:

A (MAC filtering) –
Allows only pre‑approved MAC addresses. Easily spoofed (no reduction in spoofing). Management is per‑switch or per‑AP, not centrally scalable. Logging is minimal and device‑specific.

B (Port security) –
Limits number of MAC addresses per switchport or allows specific MACs. MACs can be spoofed. Typically configured per switch, not centrally managed. Logging is basic (violation alerts) but lacks full audit trails.

C (ACLs) –
Access Control Lists filter traffic based on IP, port, or protocol. They do not authenticate devices before granting network access; devices get an IP first. ACLs do not reduce spoofing (IP spoofing) and are not designed for device authentication.

Reference:
CompTIA Network+ N10-009 Exam Objectives: Section 3.3 (Network Security Hardening Techniques) – 802.1X port‑based authentication, RADIUS central management, and benefits over MAC filtering/port security. Section 3.2 (Security Concepts) – Authentication methods and spoofing prevention.

Explanation:

The configuration provided shows that Core-SW01 is using LACP (Link Aggregation Control Protocol) with channel-group 1 mode active, which means it's expecting the peer (Core-SW02) to also participate in LACP.
However, Core-SW02 does not have any channel-group configuration — its interfaces are configured as trunks but not part of a port-channel group. This mismatch causes the LACP negotiation to fail, and as a result, the port-channel on Core-SW01 enters a “Suspended” state.

🔍 Breakdown of the Issue:
Core-SW01:
Uses channel-group 1 mode active → LACP is enabled.
Forms port-channel 1 expecting LACP negotiation.
Core-SW02:
No channel-group configuration → LACP is not enabled.
Interfaces are trunked but not aggregated.
➡️ Result:
LACP fails to establish a bundle, so Core-SW01 suspends the member interfaces in the port-channel.

❌ Why the Other Options Are Incorrect:
A. Incrementing CRC errors
Indicates physical layer issues like cabling or interference No evidence of physical errors in config
B. Error disabled
Happens due to violations like BPDU guard, port security Not triggered by LACP mismatch
C. Administratively down
Interface is manually shut down No shutdown command present

📚 Reference:
Cisco LACP Troubleshooting: Cisco Docs
CompTIA Network+ N10-009 Objective: 3.3 – Configure and troubleshoot network management protocols