CompTIA N10-009 Practice Test

Explanation:

Why C is Correct:
Confidentiality ensures that only authorized users can access sensitive data.
Data at rest (stored data) is typically protected via:
→ Access controls (e.g., role-based permissions, least privilege).
→ Encryption (e.g., AES-256 for files/databases).
Privileged access (e.g., admin credentials, decryption keys) is required to view or modify secured data.
This aligns with CIA triad (Confidentiality, Integrity, Availability) security principles.

Why Other Options Are Incorrect:

A) "Anyone on the administrative network" → Violates confidentiality (no access restrictions).

B) "Accessed remotely with training" → Training ≠ authorization (confidentiality requires technical controls, not just knowledge).

D) "After verifying the hash" → Hashes ensure integrity (data hasn’t been altered), not confidentiality.

Reference:
CompTIA Security+ (CIA Triad, Data Encryption)
NIST SP 800-53 (Access Control & Encryption Standards)

Final Answer: C) Data can be accessed after privileged access is granted.

Explanation:

✅ Why A (Reverse the fibers) is the Best First Step:
Fiber optic cables require correct polarity (Tx must connect to Rx, and vice versa).
If fibers are crossed (Tx→Tx or Rx→Rx), the link will not establish, and the indicator light stays off.
Swapping the fibers (flipping the connectors) is a quick, non-destructive first step to test for this common issue.

❌ Why Other Options Are Less Likely as the First Step:

B) Reterminate the fibers – Too aggressive as a first step; retermination is time-consuming and should only be done if other checks fail.

C) Verify the fiber size – Multimode fiber sizes (e.g., OM3 vs. OM4) rarely cause complete link failure (just distance/performance issues).

D) Examine the cable runs for visual faults – Important, but not the fastest first check (physical damage is less likely than a simple polarity issue).

Reference:
CompTIA Network+ Objective 5.3 (Fiber Optic Troubleshooting)
TIA/EIA-568 (Fiber Polarity Standards)

Final Answer:
A) Reverse the fibers.

Explanation:

Normally, an access port is configured to belong to only one VLAN (the data VLAN).

However, many switches support a special case where an access port can carry:
⇒ One data VLAN (for computers, printers, etc.)
⇒ One voice VLAN (for IP phones)
This allows both a workstation and an IP phone to be plugged into the same port (phone often has a built-in switch), while still logically separating traffic.

Thus, seeing more than one VLAN on an access port usually means a voice VLAN has been configured.

❌ Why the other options are incorrect:

B. With too many VLANs
Access ports cannot have multiple data VLANs assigned. If multiple VLANs were attempted incorrectly, the switch would typically reject or error.
The valid way an access port supports more than one VLAN is through a voice VLAN.

C. With a default VLAN
The default VLAN (usually VLAN 1) is just the VLAN an access port belongs to if not otherwise assigned.
It does not explain having two VLANs simultaneously.

D. With a native VLAN
The native VLAN applies to trunk ports, not access ports.
Native VLANs handle untagged traffic across trunks, unrelated to this access port scenario.

📖 Reference:
CompTIA Network+ N10-009 Exam Objectives (Domain 2.3 – Configure and Deploy Common Ethernet Switching Features)
Cisco: Configuring Voice VLAN

⚡ Exam Tip:
Access port = 1 VLAN (except when a voice VLAN is configured → then it carries 2 VLANs: voice + data).

Explanation:

Nmap (Network Mapper) is a widely used network scanning tool that can discover hosts, detect open ports, identify services, and even determine operating systems.
In this case, the administrator wants to know which ports are open on the remote file server (for example, TCP 445 for SMB file sharing).
Running a scan with Nmap (e.g., nmap ) would quickly show which ports are listening and accessible.

❌ Why the other options are incorrect:

A. Dig
Used for DNS queries (domain resolution, records lookup).
It does not identify open ports.

C. Tracert
Used to trace the path packets take to a destination (hop-by-hop).
Helps identify routing issues, not open ports.

D. nslookup
Used to query DNS servers to resolve hostnames into IP addresses.
Like dig, it does not check for open ports.

📖 Reference:
CompTIA Network+ N10-009 Exam Objectives (Domain 4.3 – Given a Scenario, Use the Appropriate Network Software Tools and Commands)
Nmap Official Documentation

⚡ Exam Tip:
Check DNS resolution → dig or nslookup
Trace packet path → tracert (Windows) / traceroute (Linux)
Find open ports/services → nmap

Explanation:

IaaS requires the greatest up-front expense because the customer is responsible for:

Migrating existing workloads (servers, storage, networking).

Configuring and managing virtual machines, storage, and networking (e.g., AWS EC2, Azure VMs).

Potential costs for re-architecting applications to work in the cloud.

Why not the others?

B) SaaS (Software as a Service) – The provider manages everything (e.g., Office 365, Gmail). The customer only pays a subscription fee with minimal migration costs.

C) PaaS (Platform as a Service) – The provider handles the OS, middleware, and runtime (e.g., AWS Elastic Beanstalk, Azure App Services). The customer focuses on deploying applications, reducing upfront costs.

D) NaaS (Network as a Service) – Typically involves outsourcing networking functions (e.g., SD-WAN, cloud-based firewalls) with minimal infrastructure migration costs.

Reference:

CompTIA Network+ Objective 1.8 (Cloud Concepts) – Differentiates between IaaS, PaaS, SaaS, and other cloud models.
IaaS shifts infrastructure management to the cloud but requires significant setup, whereas SaaS/PaaS offload more responsibility to the provider.

Explanation:

Testing the TCP/IP Stack:

The loopback address (127.0.0.1) is used to verify that the local host's TCP/IP stack is functioning correctly.

If ping 127.0.0.1 succeeds, it confirms that the network interface card (NIC) and IP stack are operational.

If it fails, there may be a corrupted TCP/IP installation, a driver issue, or a hardware problem.

Why Not the Other Options?

B) 169.254.1.1 – This is an APIPA (Automatic Private IP Addressing) address, assigned when DHCP fails. Pinging this would test local network communication, not the TCP/IP stack itself.

C) 172.16.1.1 & D) 192.168.1.1 – These are typical private IP addresses used for LAN devices (like routers or servers). Pinging them tests external connectivity, not the local TCP/IP stack.

Reference:

CompTIA Network+ Objective 5.3 (Network Troubleshooting Methodology) – Emphasizes starting with local diagnostics (loopback test) before checking external connectivity.

127.0.0.1 is reserved for loopback testing (RFC 5735).

Conclusion: The first step in troubleshooting is verifying the local TCP/IP stack, which is done using ping 127.0.0.1. If this fails, the issue is on the local machine, not the network.

Explanation:

A captive portal is a web page that users must interact with before gaining access to a network. It is commonly used in guest Wi-Fi environments (hotels, airports, offices) to:

Present terms of use

Request authentication (username/password or voucher)

Collect user consent before granting network access

This directly matches the requirement of accepting terms of use before using a guest network.

Why not the others?

A. Pre-shared key → This is a shared Wi-Fi password (used in WPA/WPA2-Personal). It does not provide a terms-of-use page

. B. Autonomous access point → Refers to a standalone AP that is not controller-managed. This does not enforce terms-of-use.

D. WPA2 encryption → Ensures secure transmission but does not handle user acceptance of terms.

Reference:

CompTIA Network+ N10-009 Exam Objectives (Domain 3.2 – Given a scenario, implement authentication and access controls) Captive portal definition:

CompTIA Network+ Official Study Guide

Explanation:

Integrity refers to the accuracy and trustworthiness of data.

If an employee accidentally deletes a customer's data, the data's integrity is violated because it has been altered (in this case, destroyed) in an unauthorized or unintended way.

Data integrity ensures that information is not modified or deleted improperly, whether maliciously or accidentally.

Why Not the Other Options?

B) Confidentiality – This refers to preventing unauthorized access (e.g., data leaks, breaches). Since the issue is deletion (not exposure), confidentiality is not the primary concern.

C) Vulnerability – A vulnerability is a weakness that could be exploited, not a security principle being violated. This is not the correct answer.

D) Availability – Availability ensures that data is accessible when needed. While deletion affects availability, the immediate violation is integrity because the data was improperly altered.

Reference:

CompTIA Network+ Objective 4.1 (Security Concepts) – Covers the CIA triad (Confidentiality, Integrity, Availability). Integrity is compromised when data is modified or deleted without authorization, even if unintentional.

Conclusion:
The accidental deletion of customer data violates integrity because the data was improperly changed. While availability is also affected, integrity is the primary security principle breached in this scenario.

Explanation:

802.1Q tagging enables inter-switch communication for multiple VLANs (networks).

When two Layer 2 switches need to carry traffic from multiple VLANs over a single physical link, 802.1Q tagging (VLAN trunking) is used.

It inserts a 4-byte VLAN tag into Ethernet frames to identify which VLAN the traffic belongs to.

Without trunking (e.g., using an access port), switches would only pass traffic for a single VLAN.

Why Not the Other Options?

A) Jumbo frames – Refers to larger-than-standard Ethernet frames (MTU > 1500 bytes) for performance optimization, but does not enable multi-VLAN traffic.

C) Native VLAN – A default untagged VLAN on a trunk port, but alone does not facilitate multiple VLANs (only one VLAN passes untagged).

D) Link aggregation (e.g., LACP) – Combines multiple physical links for bandwidth/redundancy, but does not inherently support multiple VLANs.

Reference:

CompTIA Network+ Objective 2.3 (Network Devices – VLANs and Trunking)

802.1Q (IEEE standard for VLAN tagging) is essential for multi-VLAN communication between switches.

Conclusion: To allow two switches to carry traffic from multiple networks (VLANs), 802.1Q trunking must be configured.

Explanation:

Hot Aisle/Cold Aisle Ventilation Best Practices:

In a hot aisle/cold aisle data center layout:

Cold air is supplied from the front of the rack.

Hot air is exhausted out the rear of the rack.

Most networking and server equipment is designed with front-to-back airflow, meaning:

Intake (cooling fans) face the front (cold aisle).

Exhaust (hot air) faces the rear (hot aisle).

Why Not the Other Options?

A) Sides – Equipment is not typically designed for side exhaust; this would disrupt airflow containment.

B) Top – Some high-density equipment may have top exhaust, but standard rack servers/switches use rear exhaust for hot aisle/cold aisle efficiency.

C) Front – The front is for cool air intake, not exhaust (this would recirculate hot air, reducing cooling efficiency).

Reference:

CompTIA Network+ Objective 5.5 (Data Center Cooling & Airflow Management)

Hot aisle/cold aisle is an industry-standard practice to improve cooling efficiency (ASHRAE guidelines).

Conclusion: For proper thermal management in a hot aisle/cold aisle setup, equipment should be installed with the exhaust facing the rear (hot aisle) and intake facing the front (cold aisle).