CompTIA N10-009 Practice Test

Why LC is the Best Choice for NICs:

Compact Size – LC's small form factor (similar to an RJ45) makes it ideal for high-density ports like network interface cards (NICs) and switches.

Common in Modern Hardware – Most enterprise-grade NICs (e.g., 10G/25G/100G Ethernet) use LC duplex connectors for SFP/SFP+ transceivers.

Performance – LC is the standard for high-speed fiber optics (e.g., single-mode and multimode).

Why Not the Others?

B) SC – Larger and clunkier, typically used for older switches/patch panels (less common on NICs).

C) ST – Uses a bayonet-style twist lock, common in legacy multimode systems but rarely found on modern NICs.

D) MPO – A multi-fiber connector (12–24 fibers) used for high-density backbone links (e.g., 40G/100G QSFP) but not single-port NICs.

Real-World Use Cases:

LC Duplex: Standard for 1G/10G/25G NICs with SFP/SFP+ modules.

MPO: Used in data centers for parallel optics (e.g., 40G-SR4, 100G-SR4).

Reference:

CompTIA Network+ Objective 1.3 (Fiber Connector Types) – LC is highlighted for modern high-density deployments.

Industry standards (e.g., Cisco, Juniper, Intel NICs) default to LC connectors for fiber NICs.

Final Answer: A) LC is the most likely fiber connector on a network interface card.

Why This is the Best Solution?

-97dB Signal Power is Extremely Weak

Coaxial (cable modem) signals should typically be between -15dB to -6 dBmV for downstream and +8 dBmV to +50 dBmV for upstream.

-97dB indicates severe signal loss, often caused by:

Excessive splitters (each splitter reduces signal strength by ~3.5dB).

Long cable runs or damaged cabling.

Removing Splitters Improves Signal Strength

Eliminating unnecessary splitters reduces attenuation (signal loss).

This directly addresses the root cause of disconnections and slow speeds.

Why Not the Other Options?

B) Switching to Wireless – Doesn’t fix the underlying coaxial signal issue; wireless performance would also suffer.

C) Moving Devices Closer to the Modem – Irrelevant for wired connections (coaxial signal strength is the problem, not distance).

D) Lowering Network Speed – A workaround, not a fix. The modem may still drop connections due to poor signal.

Additional Troubleshooting Steps:

Check for damaged coaxial cables or loose connections.

Test signal levels directly at the ISP demarcation point (bypassing all splitters).

Contact the ISP if the signal remains weak (may require a line amplifier).

Reference:

CompTIA Network+ Objective 1.6 (Troubleshooting WAN Issues) – Coaxial signal levels are critical for cable modems.

Industry standards (e.g., DOCSIS) specify optimal signal ranges for stable connectivity.

Final Answer: A) Removing splitters is the most effective solution to improve signal strength and resolve the issue.

Why NAT Provides Security:

Hides Internal IP Addresses: NAT masks private IPs behind a public IP, making it harder for attackers to directly target internal devices.

Blocks Unsolicited Traffic: By default, NAT drops incoming connections that weren’t initiated from inside the network (like a basic firewall).

No Direct Access: External threats can’t reach internal devices unless port forwarding is explicitly configured.

Why the Others Don’t Offer Security:

BGP (Border Gateway Protocol): Only exchanges routing info between ISPs—no built-in security (requires manual filters to block malicious routes).

FHRP (First Hop Redundancy Protocol): Ensures gateway redundancy (e.g., HSRP/VRRP) but doesn’t protect against attacks.

EIGRP (Enhanced Interior Gateway Routing Protocol): A routing protocol for LANs/WANs; security requires extra authentication setups.

Key Takeaway:
NAT is the only option here that inherently adds security by design. The rest are purely functional protocols.

Reference:

CompTIA Network+ Objective 3.3 (Network Access Control)

NAT’s security role is explicitly covered in RFC 3022.

Final Answer: A) NAT is the correct choice.

Why This is a Cost-Effective Advantage?

Reduces Bandwidth Costs:

In a split-tunnel VPN, only traffic destined for the corporate network is routed through the VPN.

Internet/cloud traffic (e.g., YouTube, SaaS apps) goes directly to the internet, avoiding the corporate gateway.

This saves bandwidth on the company’s internet connection, reducing costs.

Improves Performance:

Users get faster access to cloud services (no extra hop through the VPN).

Why Not the Other Options?

A) Web traffic is filtered through a web filter – This is a security feature, not a cost-saving measure.

B) More bandwidth is required on the company’s internet connection – The opposite is true (split-tunnel reduces bandwidth usage).

C) Monitoring detects insecure machines – A security benefit, unrelated to cost.

Key Takeaway:

Split-tunnel VPNs are cost-effective because they offload internet/cloud traffic from the corporate network, reducing bandwidth expenses.

Reference:

CompTIA Network+ Objective 3.2 (VPN Technologies) – Split-tunnel vs. full-tunnel VPN trade-offs.

Final Answer: D) Cloud-based traffic flows outside of the company’s network is the cost-effective advantage.

Why the Exhaust Should Face the Rear:

Hot Aisle/Cold Aisle Airflow Design:

Cold air is pumped into the front of racks (cold aisle).

Equipment intakes cool air from the front.

Hot exhaust air is expelled out the rear (hot aisle), where it’s captured by HVAC systems.

Standard Equipment Airflow:

Most servers/switches use front-to-back airflow:

Front: Intake (cool air).

Rear: Exhaust (hot air).

Why Not the Other Options?

A) Sides – Equipment is not designed for side exhaust (disrupts airflow containment).

B) Top – Some high-density gear uses top exhaust, but rear is the standard for rack-mounted devices.

C) Front – The front is for cool air intake; exhausting hot air here would recycle heat, causing overheating.

Key Point:

Proper alignment (front intake, rear exhaust) ensures efficient cooling and prevents hot/cold air mixing.

Reference:

CompTIA Network+ Objective 5.5 (Data Center Cooling) – Hot/cold aisle best practices.

ASHRAE Guidelines for data center airflow management.

Final Answer: D) Rear is the correct exhaust direction.

Why netstat is the First Command to Run:

Check Listening Ports:

The issue is web server accessibility (users can ping but not browse).

netstat -tuln shows if the server is listening on port 80 (HTTP) or 443 (HTTPS).

If the port isn’t listed, the web service isn’t bound correctly (even if the process is running).

Verify Firewall Rules:

netstat can reveal if a local firewall (e.g., iptables) is blocking the port.

Why Not the Other Options?

A) traceroute – Tests network path (useless here, since ping works).

C) tcpdump – Packet capture (overkill for a quick check; use if netstat shows the port is open but traffic isn’t arriving).

D) arp – Checks MAC/IP mappings (irrelevant for a web server issue).

Typical Root Causes This Reveals:

Web server misconfigured (not bound to 0.0.0.0:80).

Local firewall dropping traffic.

Service running but stuck (requires restart).

Next Steps if netstat Shows the Port is Listening:

Check external firewall/ACLs on the network.

Use curl localhost to test locally.

Run tcpdump if deeper inspection is needed.

Reference:

CompTIA Network+ Objective 5.3 (Troubleshooting Commands) – netstat is the go-to for port/connection verification.

Final Answer: B) netstat is the first command to run.

Why Client-to-Site VPN?

Purpose: A client-to-site VPN (also called remote-access VPN) allows individual users to securely connect to a corporate network from a remote location.

How It Works:

The user runs VPN client software on their device (e.g., OpenVPN, Cisco AnyConnect).

The client encrypts traffic and tunnels it to the company’s VPN gateway.

Once connected, the user can access internal resources as if they were on-site.

Why Not the Others?

A) Command-line interface (CLI) – A text-based way to configure devices (e.g., SSH), but not a remote network access solution.

B) API gateway – Manages API traffic (e.g., for cloud services), but doesn’t provide network-level remote access.

D) Jump box – A secured intermediary server for accessing internal systems, but requires the user to already be on the network (or use a VPN first).

Key Features of Client-to-Site VPN:

Encryption: Protects data in transit (e.g., IPsec, SSL/TLS).

Authentication: Verifies user identity (e.g., certificates, 2FA).

IP Assignment: Often assigns the user an internal IP for network access.

When to Use Other Options?

Jump box: For privileged access management (e.g., admins accessing servers).

CLI: For device management (not remote user access).

API gateway: For application integrations, not general network access.

Reference:

CompTIA Network+ Objective 3.2 (VPN Technologies) – Covers client-to-site VPNs for remote access.

Final Answer: C) Client-to-site VPN is the correct solution for remote users.

Why BGP (Border Gateway Protocol) is Used for This?

BGP is the Standard for Inter-Domain Routing:

It’s the only protocol designed to exchange routing information between autonomous systems (ASes)—e.g., between your company’s network and an ISP (or between ISPs).

Example: If your company multihomes (connects to two ISPs), BGP lets you control how traffic enters/exits your network.

Key Features of BGP:

Path Vector Protocol: Chooses routes based on policies (not just speed).

Scalable for the Internet: Handles the global routing table (hundreds of thousands of routes).

Why Not the Other Options?

A) Preventing a loop within a LAN – BGP is not used for LANs (use STP or EIGRP/OSPF instead).

B) Improving reconvergence times – BGP is slow to converge (by design); OSPF/EIGRP are better for fast reconvergence.

D) Sharing routes with a Layer 3 switch – Internal routing (e.g., OSPF, EIGRP) is used here, not BGP.

When is BGP Actually Used?

Multihoming (connecting to multiple ISPs).

Peering agreements (e.g., between cloud providers and ISPs).

Internet backbone routing.

Key Takeaway:

BGP is only necessary when routing between different organizations/ISPs. For everything else, use an IGP (OSPF, EIGRP).

Reference:

CompTIA Network+ Objective 2.2 (Routing Protocols) – BGP is explicitly for inter-domain routing.

Final Answer: C) Exchanging router updates with a different ISP is the best reason to use BGP.

Why This is the First Step?

Crosstalk is Often Caused by Improper Termination:

Passthrough plugs expose raw wire ends, which can easily cross or touch if not aligned perfectly.

Even minor contact between wires induces crosstalk (interference between pairs).

Visual Inspection is Fast and Non-Invasive:

Before re-terminating or blaming external factors (like RFI), check for:

Exposed copper outside the connector.

Misaligned wires (e.g., pairs not twisted up to the plug).

Split pairs (wires from different pairs touching).

Why Not the Other Options (Yet)?

B) Restore default settings on devices – Crosstalk is a physical layer issue; device settings won’t fix it.

C) Terminate the connections again – Do this only after inspecting (might not be needed if the issue is visible).

D) Check for RF interference – Cat 8 is shielded; RFI is unlikely unless the cable is damaged (inspect first).

Key Troubleshooting Steps for Crosstalk:

Inspect connectors for wiring errors (most common cause).

Re-terminate if wires are misaligned (ensure twists are maintained up to the plug).

Test with a cable certifier (if available) to verify crosstalk levels.

Prevention Tip:

Use proper passthrough crimping tools to avoid wire displacement.

Consider non-passthrough plugs for Cat 8 (less prone to errors)

Reference:

CompTIA Network+ Objective 5.3 (Troubleshooting Cable Issues) – Crosstalk is typically a termination problem.

TIA/EIA-568 standards emphasize proper termination for high-speed cables (e.g., Cat 8).

Final Answer: A) Inspect the connectors first—it’s the quickest way to identify (and fix) crosstalk causes.

Why a Cable Tester is the Best Tool Here?

Identifies Physical Layer Issues:

Since one AP can’t reach the internet (while others work), the problem is likely:

A broken/damaged Ethernet cable in the ceiling.

Improper termination (e.g., faulty RJ45 connectors).

A cable tester verifies:

Continuity (all wires intact).

Correct pinout (no miswiring).

Cable length/signal integrity.

Quick and Direct Diagnosis:

Tests the specific cable to the faulty AP (no guesswork).

Why Not the Other Tools?

A) Network tap – Used to monitor live traffic, not test cable integrity.

C) Visual fault locator (VFL) – For fiber optics (not copper Ethernet).

D) Toner and probe – Traces cables but doesn’t test functionality (e.g., won’t detect a short or open pair).

If the Cable Tests Fine:

Check the switch port (e.g., LED status, VLAN assignment).

Test the AP with a known-good cable (rules out device failure).

Reference:

CompTIA Network+ Objective 5.3 (Troubleshooting Tools) – Cable testers are the go-to for physical layer issues.

TIA/EIA-568 Standards require cable testing for certification.

Final Answer: B) Cable tester is the right tool to diagnose the faulty AP’s Ethernet connection.