CompTIA N10-009 Practice Test
Prepare smarter and boost your chances of success with our CompTIA N10-009 Practice test. This test helps you assess your knowledge, pinpoint strengths, and target areas for improvement. Surveys and user data from multiple platforms show that individuals who use N10-009 practice exam are 40–50% more likely to pass on their first attempt.
Start practicing today and take the fast track to becoming CompTIA N10-009 certified.
14220 already prepared
Updated On : 3-Nov-2025422 Questions
4.8/5.0
A network administrator needs to add 255 useable IP addresses to the network. A /24 is currently in use. Which of the following prefixes would fulfill this need?
A. /23
B. /25
C. /29
D. /32
Explanation:
A /24 subnet provides 254 usable IP addresses (256 total, minus network and broadcast addresses).
To add 255 more usable IPs, the network needs at least 509 total usable addresses (254 + 255).
A /23 subnet provides:
512 total addresses (2^(32-23) = 512).
510 usable addresses (512 - 2 for network/broadcast).
This meets the requirement of 255 additional IPs while allowing room for growth.
Why Not the Other Options?
B) /25
Incorrect: A /25 provides 126 usable IPs (128 - 2), which is less than the required 255.
C) /29
Incorrect: A /29 provides 6 usable IPs (8 - 2), far too small.
D) /32
Incorrect: A /32 is a single-host subnet (1 IP, no usable addresses).
Reference:
CompTIA Network+ Objective 1.4 (IPv4 Subnetting)
CIDR Cheat Sheet:
/23 = 512 IPs (510 usable).
/24 = 256 IPs (254 usable).
A technician is designing a cloud service solution that will accommodate the company's current size, compute capacity, and storage capacity. Which of the following cloud deployment models will fulfill these requirements?
A. SaaS
B. PaaS
C. IaaS
D. IaC
Explanation:
IaaS is the best choice because it provides scalable compute, storage, and networking resources on demand, allowing the company to:
Adjust capacity to match current needs (CPU, RAM, storage).
Avoid upfront hardware costs (pay-as-you-go model).
Maintain control over OS, middleware, and applications.
Why Not the Other Options?
A) SaaS (Software as a Service)
Incorrect: SaaS delivers ready-to-use applications (e.g., Office 365, Gmail), not infrastructure.
B) PaaS (Platform as a Service)
Incorrect: PaaS provides development platforms (e.g., Azure App Services) but abstracts underlying infrastructure.
D) IaC (Infrastructure as Code)
Incorrect: IaC is a tool/process (e.g., Terraform) for automating infrastructure deployment, not a cloud model.
Reference:
CompTIA Network+ Objective 2.2 (Cloud Models)
NIST SP 800-145 (Cloud Computing Definitions)
Which of the following troubleshooting steps would provide a change advisory board with the information needed to make a decision?
A. Identify the problem.
B. Develop a theory of probable cause.
C. Test the theory to determine cause.
D. Establish a plan of action.
Explanation:
The Change Advisory Board (CAB) requires a detailed plan of action before approving changes to minimize risks. This includes:
Specific steps to resolve the issue.
Risk assessment (downtime, rollback options).
Impact analysis (affected systems/users).
Timeline for implementation.
Why Not the Other Options?
A) Identify the problem
Incorrect: Problem identification is the first step but doesn’t provide actionable steps for the CAB.
B) Develop a theory of probable cause
Incorrect: Theories are hypotheses, not concrete plans.
C) Test the theory to determine cause
Incorrect: Testing confirms the root cause but doesn’t outline resolution steps.
Reference:
CompTIA Network+ Objective 5.1 (Troubleshooting Methodology)
ITIL Change Management Process (CAB approval requires documented plans).
Which of the following network topologies contains a direct connection between every node in the network?
A. Mesh
B. Hub-and-spoke
C. Star
D. Point-to-point
Explanation:
Mesh Topology: Every node (device) is directly connected to every other node in the network.
Full Mesh: Every node has a direct link to all others (most redundant but expensive).
Partial Mesh: Some nodes have direct connections (balance of redundancy and cost).
Why? Ensures high availability and fault tolerance (no single point of failure).
Why Not the Other Options?
B) Hub-and-Spoke
Incorrect: Nodes connect only to a central hub (e.g., VPN concentrator), not to each other.
C) Star
Incorrect: Nodes connect only to a central switch/router, not directly to each other.
D) Point-to-Point
Incorrect: Only two nodes are directly connected (e.g., serial link between routers).
Reference:
CompTIA Network+ Objective 1.2 (Network Topologies)
Real-World Use: Mesh is common in WANs, military networks, and IoT for reliability.
A company receives a cease-and-desist order from its ISP regarding prohibited torrent activity. Which of the following should be implemented to comply with the cease-and-desist order?
A. MAC security
B. Content filtering
C. Screened subnet
D. Perimeter network
Explanation:
Content filtering is the most effective solution to block torrent traffic and comply with the ISP's cease-and-desist order.
It can identify and block P2P/torrent protocols (e.g., BitTorrent) based on:
Application signatures (DPI - Deep Packet Inspection).
URL/domain blacklists (tracker sites).
Prevents users from accessing torrent services altogether.
Why Not the Other Options?
A) MAC security
Incorrect: MAC (Media Access Control) security (e.g., MAC filtering) restricts devices by hardware addresses but does not block torrent traffic.
C) Screened subnet / D) Perimeter network
Incorrect: These are DMZ concepts (isolating public-facing servers), not traffic filtering solutions.
Reference:
CompTIA Network+ Objective 3.2 (Network Access Control)
Best Practice: Use DPI firewalls (e.g., Palo Alto, FortiGate) to enforce torrent blocking.
Which of the following should be used to obtain remote access to a network appliance that has failed to start up properly?
A. Crash cart
B. Jump box
C. Secure Shell (SSH)
D. Out-of-band management
Explanation:
Out-of-band (OOB) management is the correct choice because it provides remote access to network devices (e.g., switches, routers, appliances) even when the primary network is down or the device fails to boot.
Uses dedicated alternate channels (e.g., serial console, cellular modem, or separate management port).
Critical for troubleshooting boot failures, OS crashes, or misconfigured network settings.
Why Not the Other Options?
A) Crash cart
Incorrect: A crash cart is a physical workstation (monitor, keyboard, cables) rolled to the device for local access. Not remote.
B) Jump box
Incorrect: A jump box (jump server) is a secure intermediary host for accessing other systems, but requires the network to be functional.
C) SSH (Secure Shell)
Incorrect: SSH relies on the device’s OS and network stack being operational, which isn’t the case during boot failure.
Reference:
CompTIA Network+ Objective 3.1 (Remote Access Methods)
Best Practice: OOB is used in data centers and critical infrastructure for "lights-out" management.
A network administrator deployed wireless networking in the office area. When users visit the outdoor patio and try to download emails with large attachments or stream training videos, they notice buffering issues. Which of the following is the most likely cause?
A. Network congestion
B. Wireless interference
C. Signal degradation
D. Client disassociation
Explanation:
Signal degradation is the most likely cause because:
Users experience issues only when moving outdoors (patio), indicating weaker signal strength due to:
Distance from the access point (AP).
Physical obstructions (walls, windows, doors)
.
Outdoor environmental factors (weather, interference).
Symptoms (buffering, slow downloads) align with low SNR (Signal-to-Noise Ratio) or poor signal quality, not total disconnection.
Why Not the Other Options?
A) Network congestion
Incorrect: Congestion affects all users simultaneously, not just those outdoors.
B) Wireless interference
Plausible but less likely: Interference (e.g., microwaves, Bluetooth) would cause consistent issues indoors/outdoors, not just patio-specific problems.
D) Client disassociation
Incorrect: Disassociation would cause complete drops, not just buffering
Reference:
CompTIA Network+ Objective 2.4 (Wireless Signal Strength and Coverage)
Solution: Add outdoor APs or directional antennas to extend coverage.
Which of the following is a major difference between an IPS and IDS?
A. An IPS needs to be installed in line with traffic and an IDS does not.
B. An IPS is signature-based and an IDS is not.
C. An IPS is less susceptible to false positives than an IDS.
D. An IPS requires less administrative overhead than an IDS.
Explanation:
IPS (Intrusion Prevention System):
Installed in-line (directly in the traffic path).
Actively blocks malicious traffic in real-time (e.g., drops packets, terminates sessions).
IDS (Intrusion Detection System):
Operates out-of-band (monitors a copy of traffic, often via SPAN port or TAP).
Passively alerts on threats but cannot block them.
Why Not the Other Options?
B) An IPS is signature-based and an IDS is not
Incorrect: Both IPS and IDS can use signature-based (e.g., Snort rules) or anomaly-based detection.
C) An IPS is less susceptible to false positives than an IDS
Incorrect: Both can generate false positives. IPS may be riskier because it auto-blocks traffic.
D) An IPS requires less administrative overhead than an IDS
Incorrect: IPS typically requires more tuning to avoid disrupting legitimate traffic.
Reference:
CompTIA Security+ SY0-601 (Objectives 3.3 & 4.1)
A network administrator suspects users are being sent to malware sites that are posing as legitimate sites. The network administrator investigates and discovers that user workstations are configured with incorrect DNS IP addresses. Which of the following should the network administrator implement to prevent this from happening again?
A. Dynamic ARP inspection
B. Access control lists
C. DHCP snooping
D. Port security
Explanation:
DHCP snooping is the correct solution because it:
Prevents rogue DHCP servers from distributing incorrect DNS/IP settings (common in DHCP spoofing attacks)
Validates DHCP messages and blocks malicious offers (e.g., fake DNS servers).
Maintains a binding table of legitimate DHCP assignments.
Why Not the Other Options?
A) Dynamic ARP inspection (DAI)
Incorrect: DAI prevents ARP spoofing (Layer 2 attacks), not DHCP/DNS manipulation.
B) Access control lists (ACLs)
Incorrect: ACLs filter traffic by IP/port but don’t stop DHCP-based DNS hijacking.
D) Port security
Incorrect: Port security restricts MAC addresses on switch ports but doesn’t protect against DHCP/DNS attacks.
Reference:
CompTIA Network+ Objective 4.2 (Network Hardening Techniques)
Which of the following must be implemented to securely connect a company's headquarters with a branch location?
A. Split-tunnel VPN
B. Clientless VPN
C. Full-tunnel VPN
D. Site-to-site VPN
Explanation:
Site-to-site VPN is the correct choice for securely connecting two fixed locations (e.g., HQ and branch office). It:
Creates an encrypted tunnel between the routers/firewalls of both sites.
Allows all devices at both locations to communicate securely over the public internet.
Uses protocols like IPsec or GRE over IPsec for encryption.
Why Not the Other Options?
A) Split-tunnel VPN / C) Full-tunnel VPN
Incorrect: These are remote-access VPNs for individual users, not site-to-site connections.
Split-tunnel: Only routes some traffic through the VPN.
Full-tunnel: Routes all user traffic through the VPN.
B) Clientless VPN
Incorrect: Provides web-based access (e.g., HTTPS portal) for users, not site-to-site connectivity.
Reference:
CompTIA Network+ Objective 3.3 (VPN Technologies)
| Page 11 out of 43 Pages |
| N10-009 Practice Test | Previous |