CompTIA N10-009 Practice Test

Explanation:

Why B is Correct (TX/RX transposed):
✅ When installing a new NIC, if the transmit (TX) and receive (RX) pairs are reversed (e.g., using a straight-through cable instead of a crossover, or miswiring), communication fails.
✅ Modern NICs often use auto-MDI/MDI-X, which automatically corrects TX/RX mismatches, but some enterprise or specialized NICs may not.
✅ Since the issue appeared after NIC installation, this is the most likely cause.

Why the Other Options Are Incorrect:

A) PoE power budget exceeded – PoE (Power over Ethernet) is irrelevant here because servers typically do not rely on PoE for power. This would affect IP phones or cameras, not a server.

C) Port security violation – Port security restricts access based on MAC addresses, but since this is a new NIC, the MAC address would be new, and port security would have blocked it immediately (not after upgrades).

D) Incorrect cable type – While possible, most modern networks use auto-sensing switches, making cable type (straight-through vs. crossover) less likely to cause complete failure.

Reference:
CompTIA Network+ Objective 2.1: Cabling solutions and issues.
Auto-MDI/MDI-X: Modern Ethernet interfaces automatically detect and correct TX/RX polarity, but manual misconfigurations can still cause issues.

✅ Final Answer: B) TX/RX was transposed.

Explanation:

✅ C. A logical interface used for the routing of VLANs
→ An SVI (Switched Virtual Interface) is a logical (virtual) Layer 3 interface configured on a switch.
→ Its main purpose is to provide routing capabilities between VLANs (also known as Inter-VLAN routing).
→ Since the administrator wants to separate voice and data traffic, they likely have different VLANs (e.g., VLAN 10 for data, VLAN 20 for voice). An SVI allows traffic between these VLANs without requiring an external router.
→ This is a standard use case in enterprise networks with Layer 3 switches.

❌ Why the other options are incorrect:

A. A physical interface used for trunking logical ports
Trunk ports are physical interfaces configured to carry multiple VLANs. They are not SVIs. An SVI is not physical—it’s virtual.

B. A physical interface used for management access
While an SVI can provide management access (like assigning an IP for switch management), that is not the main reason here. The use case clearly states separating voice and data traffic, which is about VLAN routing, not just management.

D. A logical interface used when the number of physical ports is insufficient
This describes technologies like port channels or sub-interfaces. SVIs are not meant to overcome port shortages; they are meant for routing between VLANs.

📖 Reference:
CompTIA Network+ N10-009 Exam Objectives (Domain 2.3 – Configure and Deploy Common Ethernet Switching Features)
Cisco: Configuring SVI

Explanation:

Correct ✅ The right answer is:
A. SSH

🔎 Explanation:
SSH (Secure Shell) uses TCP port 22 by default.
It provides secure remote access to network devices and servers by encrypting all communication (unlike Telnet, which is insecure).
Commonly used for remote CLI access, tunneling, and secure file transfer (via SCP/SFTP).

❌ Why the other options are incorrect:

B. Telnet
Uses TCP port 23.
Provides remote access but does not encrypt data, making it insecure.

C. TLS
Transport Layer Security is an encryption protocol used with HTTPS, SMTP, and other applications.
It does not provide remote access by itself.

D. RDP
Remote Desktop Protocol uses TCP/UDP port 3389.
Provides GUI-based remote access, primarily for Windows systems.

📖 Reference:
CompTIA Network+ N10-009 Exam Objectives (Domain 3.3 – Compare and Contrast Remote Access Methods)
IANA Port Assignments: Well-known ports

Explanation:

Why D (802.1X) is Correct:
802.1X (Port-Based Network Access Control) is an IEEE standard that provides authentication for devices trying to connect to a network.
It requires devices to authenticate (e.g., via RADIUS server) before gaining access, preventing unauthorized devices from connecting.
Ideal for publicly accessible areas where unknown devices (e.g., customer laptops) might try to plug in.

Why the Other Options Are Less Suitable:

A) SSE (Security Service Edge) – A cloud-based security framework (e.g., SASE) that combines networking and security, but not a direct solution for switch port security.

B) ACL (Access Control List) – Filters traffic based on IP/MAC addresses, but does not prevent initial unauthorized connections like 802.1X does.

C) Perimeter network – A DMZ or segmented network for public-facing services, but does not secure individual switch ports against unauthorized devices.

Reference:
CompTIA Network+ Objective 4.3 (Network Access Control)
IEEE 802.1X Standard (Port-Based Network Access Control)

✅ Final Answer: D) 802.1X

Explanation:

Correct Answer:
B) Roaming between access points

Key Definitions:
SSID (Service Set Identifier)
The "name" of a single wireless network broadcast by an access point (AP).
Used for basic identification (e.g., "HomeWiFi").
ESSID (Extended Service Set Identifier)
Refers to a group of APs sharing the same SSID to form a larger network (e.g., corporate Wi-Fi across multiple floors).
Enables seamless roaming between APs without reconnecting.

Why B is Correct:
The primary benefit of ESSID is that users can move between APs (e.g., in an office or campus) without manually reconnecting.
Devices automatically switch to the strongest AP while maintaining connectivity (roaming).

Why Other Options Are Incorrect:

A) Stronger wireless connection – ESSID does not inherently improve signal strength; it depends on AP placement and hardware.

C) Advanced security – Security (e.g., WPA3) depends on encryption, not ESSID vs. SSID.

D) Increased throughput – ESSID does not boost bandwidth; throughput depends on Wi-Fi standards (e.g., Wi-Fi 6) and channel usage.

Reference:
CompTIA Network+ Objective 2.3 (Wireless Technologies)
IEEE 802.11 Standards (ESS for multi-AP networks)

Final Answer: B) Roaming between access points

Explanation:

Network switches (and routers) traditionally use an RJ45 console port for out-of-band management.
Administrators connect a console cable (often RJ45-to-DB9 or USB-to-RJ45) from their computer to the switch’s console port.
This allows direct CLI (Command Line Interface) access for configuration and troubleshooting, even if the network is down.

❌ Why the other options are incorrect:

A. ST
A fiber-optic connector (Straight Tip).
Used for network connections, not console access.

C. BNC
A coaxial connector, historically used in older Ethernet networks (10BASE2) or for RF connections.
Not used for switch console access.

D. SFP
Small Form-factor Pluggable transceiver slot for fiber or copper modules.
Provides uplink capability for network traffic, not console management.

📖 Reference:
CompTIA Network+ N10-009 Exam Objectives (Domain 2.2 – Deploy and Configure Ethernet Switching Features)
Cisco: Connecting a Console to the Switch

⚡ Exam Tip:
Console access = RJ45 (management port)
Network uplinks = SFP/fiber/copper
Legacy coax = BNC

Explanation:

Why A (802.1X) is Correct:
✅ 802.1X is an IEEE standard for port-based Network Access Control (NAC).
✅ It provides authentication for both wired and wireless devices before granting network access.
✅ Uses RADIUS servers (e.g., FreeRADIUS, Microsoft NPS) to validate user credentials (e.g., username/password, certificates).
✅ Ensures only authorized users/devices can connect, making it ideal for enterprise networks.

🔴 Why Other Options Are Incorrect:

B) Access Control List (ACL)
Filters traffic based on IP/MAC addresses or ports, but does not authenticate users.
Works after a device is connected, not as a pre-connection security measure.

C) Port Security
Restricts switch ports to specific MAC addresses but lacks user authentication.
Primarily used to prevent unauthorized devices (not users) from connecting.

D) MAC Filtering
Allows/denies devices based on hardware (MAC) addresses, but:
No user authentication (easily bypassed via MAC spoofing).
Does not scale well in large environments.

Reference:
CompTIA Network+ Objective 4.3 (Network Access Control)
IEEE 802.1X Standard (Port-Based Authentication)

Final Answer:
A) 802.1X

Explanation:

🟢 A patch panel is a central termination point where network cables from different locations on a floor are terminated.
🟢 It allows cables to be neatly organized and connected to network switches using short patch cables.
🟢 This design provides flexibility, easy troubleshooting, and structured cabling management.

❌ Why the other options are incorrect:

B. UPS (Uninterruptible Power Supply)
Provides backup power and protection against outages or surges.
Does not serve as a cable termination point.

C. MDF (Main Distribution Frame)
The MDF is the main building-level termination point for telecommunication cables and connections.
However, the question specifies “on the floor of a company building” → the correct term for that is IDF (Intermediate Distribution Frame), which typically uses patch panels for floor-level cable termination.

D. Rack
A rack is the physical frame that houses network equipment (switches, patch panels, servers, etc.).
It organizes equipment but is not specifically the termination point.

📖 Reference:
CompTIA Network+ N10-009 Exam Objectives (Domain 1.3 – Explain the Concepts and Characteristics of Cabling and Connectors)
TIA/EIA-568 Structured Cabling Standards

⚡ Exam Tip:
Patch Panel → Floor/IDF termination point
MDF → Building-wide termination point
Rack → Housing equipment
UPS → Power backup

Explanation:

✅ A clientless VPN is accessed directly through a web browser without requiring a dedicated VPN client application.
✅ It often uses TLS/SSL encryption to provide secure access to specific internal applications (like web-based portals or financial systems).
✅ In this case, the user simply logs into the VPN gateway through a browser → establishes a secure TLS session → and then accesses the internal financial system.

❌ Why the other options are incorrect:

B. Client-to-site
Requires a VPN client software installed on the user’s device.
Since this scenario specifies web browser access with TLS, no client software is being used.

C. Full tunnel
A full tunnel VPN sends all of the user’s traffic (internal and internet) through the VPN connection.
The scenario only mentions accessing a specific internal system via TLS, not tunneling all traffic.

D. Site-to-site
Used to connect entire networks together (e.g., branch office to headquarters).
This is about an individual user accessing via a browser, so not site-to-site.

📖 Reference:
CompTIA Network+ N10-009 Exam Objectives (Domain 3.3 – Compare and Contrast Remote Access Methods)
Cisco: SSL VPN Overview

⚡ Exam Tip:
Browser + TLS → Clientless VPN
Installed VPN software → Client-to-site
Connects whole offices → Site-to-site
All traffic tunneled → Full tunnel

Explanation:

✅ Why D (Network Segmentation) is Correct:

⇒ OT (Operational Technology) devices (e.g., industrial control systems, SCADA, IoT sensors) often have weak security and are vulnerable to attacks.
⇒ Network segmentation (e.g., VLANs, firewalls, or air-gapped networks) isolates OT devices from the main IT network, reducing attack surfaces.
Prevents malware/unauthorized access from spreading between IT and OT systems (critical for industrial safety).
Aligns with best practices (NIST, IEC 62443) for securing industrial networks.

❌ Why Other Options Are Incorrect:

A) Honeynet – A decoy network to detect attackers, but not a primary security measure for OT devices.

B) Data-at-rest encryption – Protects stored data but does not secure network communication (OT devices often lack encryption support).

C) Time-based authentication (e.g., TOTP) – Useful for user access but irrelevant for most OT devices, which rely on hardware controls rather than logins.

Reference:
CompTIA Network+ Objective 3.2 (Network Segmentation)
NIST SP 800-82 (Guide to Industrial Control Systems Security)
IEC 62443 (Industrial Network Security Standards)

🟢 Final Answer:
D) Network segmentation