CompTIA N10-009 Practice Test

C) Warm Site

Why a Warm Site?

Balances Cost and Recovery Time:

A warm site has preconfigured hardware and backups but isn’t fully operational like a hot site.

It allows for shorter downtime (hours to days) than a cold site but is cheaper than a hot site.

Ideal for non-critical applications that can tolerate brief interruptions.

Matches the Requirements:

The company needs a cost-effective solution for non-critical apps.

A warm site fits the "short period of downtime" tolerance.

Why Not the Others?

A) Hot Site – Fully operational with real-time data sync (minimal downtime), but expensive (overkill for non-critical apps).

B) Cold Site – Just a physical space with no preconfigured systems (days/weeks to activate), too slow for even short downtime.

D) Passive Site – Not a standard DR term; may refer to unused backups (not a ready-to-deploy site).

Comparison of DR Site Types:

Hot Site: Immediate failover (high cost).

Warm Site: Faster than cold, cheaper than hot (best for this scenario).

Cold Site: Lowest cost, longest activation time.

Reference:

CompTIA Network+ Objective 4.4 (Disaster Recovery) – Warm sites are designed for balanced cost/recovery time.

NIST SP 800-34 outlines warm sites for moderate RTO (Recovery Time Objective).

Final Answer: C) Warm Site is the best choice for non-critical apps with short downtime tolerance.

Why BGP Uses Autonomous System Numbers (ASNs)?

Purpose of ASNs in BGP:

BGP is an Exterior Gateway Protocol (EGP) designed to route traffic between autonomous systems (e.g., ISPs, large enterprises).

Each organization/ISP is assigned a unique ASN (Autonomous System Number) to identify its network in global routing tables.

Example: BGP uses ASNs to determine the best path between ASes (e.g., AS64512 → AS65530).

How BGP Works:

ASNs prevent routing loops (via the AS_PATH attribute).

Enables policy-based routing (e.g., prefer one ISP over another).

Why Not the Others?

A) IS-IS – A link-state IGP (Interior Gateway Protocol) that doesn’t use ASNs (designed for intra-AS routing).

B) EIGRP – A Cisco-proprietary IGP; uses process IDs (not ASNs) for router communication.

C) OSPF – Another link-state IGP; uses area IDs (not ASNs).

Reference:

CompTIA Network+ Objective 2.2 (Routing Protocols) – BGP is the only protocol listed that uses ASNs.

RFC 4271 (BGP-4) defines ASN usage for inter-domain routing.

Final Answer: D) BGP is the protocol that uses autonomous system numbers.

Why VLAN Hopping?

How It Works:

VLAN hopping exploits double-tagged packets (a packet with two VLAN tags).

The attacker sends a frame with:

An outer tag matching the native VLAN of a trunk port.

An inner tag for the target VLAN.

If the switch strips only the outer tag, the inner tag allows access to the restricted VLAN.

Impact:

Bypasses VLAN segmentation, letting attackers jump between VLANs.

Why Not the Others?

A) MAC Flooding – Overwhelms a switch’s CAM table with fake MACs (no VLAN tags involved).

C) DNS Spoofing – Corrupts DNS cache to redirect traffic (no packet tagging).

D) ARP Poisoning – Sends fake ARP replies to redirect traffic (Layer 2 attack, no VLAN tags).

Mitigation for VLAN Hopping:

Set the native VLAN to an unused ID on trunk ports.

Enable VLAN access control lists (VACLs).

Use 802.1Q tagging consistently (avoid native VLAN mismatches).

Reference:

CompTIA Network+ Objective 4.2 (VLAN Security) – VLAN hopping is a tagged packet attack.

Cisco’s VLAN Security Best Practices highlight double-tagging risks.

Final Answer: B) VLAN Hopping uses double-tagged packets to bypass VLAN segregation.

Why PKI?

X.509 Certificates are Core to PKI:

X.509 is the standard format for public key certificates used in PKI.

These certificates bind identities (e.g., websites, users) to public keys for:

SSL/TLS (HTTPS, VPNs).

Digital signatures (code signing, document authentication).

Email encryption (S/MIME).

How PKI Uses X.509:

Certificate Authorities (CAs) issue X.509 certs after verifying identities.

Certificates include:

Public key + owner info.

Validity period.

CA’s digital signature.

Why Not the Others?

B) VLAN Tagging – Uses 802.1Q tags (Layer 2), unrelated to certificates.

C) LDAP – A directory service protocol (e.g., Active Directory); can store certs but isn’t their primary use.

D) MFA (Multi-Factor Authentication) – May use certs for one factor, but not inherently tied to X.509.

Reference:

CompTIA Network+ Objective 3.9 (PKI Certificates) – X.509 is the PKI standard.

RFC 5280 defines X.509 for Internet PKI.

Final Answer: A) PKI is the technology most associated with X.509 certificates.

Why TXT Records?

Email Authentication via TXT Records:

SPF (Sender Policy Framework): Uses TXT records to list authorized email servers for a domain.

DKIM (DomainKeys Identified Mail): Uses TXT records to store public keys for verifying email signatures.

DMARC (Domain-based Message Authentication): Uses TXT records to define policies for handling SPF/DKIM failures.

How It Works:

Receiving mail servers check the sender’s domain TXT records to:

Validate the sending server is authorized (SPF).

Verify email integrity (DKIM).

Apply policies if checks fail (DMARC).

Why Not the Others?

B) AAAA – Maps hostnames to IPv6 addresses (unrelated to email validation).

C) CNAME – Aliases one hostname to another (e.g., www → example.com).

D) MX – Directs email to mail servers (doesn’t verify senders).

Reference:

CompTIA Network+ Objective 1.6 (DNS Records) – TXT records are used for SPF/DKIM.

RFC 7208 (SPF), RFC 6376 (DKIM) define these standards.

Final Answer: A) TXT records verify email sender authenticity.

Why PoE Power Budget?

Symptoms Match PoE Issues:

VoIP phone reboots intermittently – A classic sign of insufficient/fluctuating PoE power.

Workstation works fine – The workstation doesn’t rely on PoE, so it’s unaffected.

How PoE Works:

VoIP phones often use Power over Ethernet (PoE) (e.g., 802.3af/at).

If the switch’s PoE power budget is exceeded, devices may:

Reboot randomly.

Fail to power on.

Experience intermittent shutdowns.

Why Not the Others?

B) Port security – Would block traffic entirely (not cause reboots).

C) Signal degradation – Would cause data issues (packet loss/latency), not power cycling.

D) Ethernet cable not working – Would affect both phone and workstation (since they share the cable).

Troubleshooting Steps:

Prioritize the VoIP phone or upgrade to a higher-wattage PoE switch.

Test with a PoE injector (bypasses switch power limits).

Reference:

CompTIA Network+ Objective 1.4 (Power over Ethernet) – Covers PoE budgets and symptoms.

IEEE 802.3af/at standards define PoE power limits (15.4W/30W per port).

Final Answer: A) PoE power budget exceeded is the most likely cause.

Why tracert (Traceroute)?

Output Matches Traceroute Results:

The output shows hops with latency (ms) and IP addresses, which is typical for tracert (Windows) or traceroute (Linux/macOS).

Purpose of Traceroute:

Maps the network path to a destination (here, 10.249.3.76).

Helps identify where traffic fails (e.g., stops at 10.249.3.1, suggesting a routing/firewall issue).

Why Not the Others?

B) netstat – Displays local network connections/routing tables, not path tracing.

C) tcpdump – Captures raw packets (output would show packet contents, not hops).

D) nmap – Scans for open ports/services, not route paths.

Key Clues in the Output:

Hop-by-hop IPs + latency = Traceroute.

Timeouts (*) = Common when intermediate devices block probes.

Reference:

CompTIA Network+ Objective 5.3 (Troubleshooting Commands) – tracert is standard for path analysis.

RFC 1393 defines traceroute’s methodology.

Final Answer: A) tracert is the tool being used.

Why ESP?

Provides Full Confidentiality:

Encrypts the entire data stream (payload + inner headers) in IPsec VPNs.

Uses strong encryption (e.g., AES, 3DES) to ensure no eavesdropping.

IPsec VPNs Use ESP for Confidentiality:

ESP + IKE (Internet Key Exchange) is the standard for secure site-to-site tunnels.

Example: Corporate branches use ESP to encrypt all traffic between sites.

Why Not the Others?

A) GRE (Generic Routing Encapsulation) – A tunneling protocol with no encryption (data is exposed).

B) IKE (Internet Key Exchange) – Only negotiates encryption keys; doesn’t encrypt data itself.

D) AH (Authentication Header) – Provides integrity/authentication but no encryption (data is visible).

Reference:

CompTIA Network+ Objective 3.2 (IPsec Components) – ESP is the protocol for encryption.

RFC 4303 defines ESP’s role in IPsec.

Final Answer: C) ESP ensures the entire data stream remains confidential.

Why 224.0.0.0/24?

Multicast IP Range:

224.0.0.0/4 (224.0.0.0 to 239.255.255.255) is reserved for multicast by IANA.

224.0.0.0/24 is a subset used for local network control (e.g., routing protocols like OSPF).

Higher ranges (e.g., 232.0.0.0/8) are used for audio/video streaming (e.g., IPTV, video conferencing).

Multicast vs. Unicast:

Unicast (e.g., 192.168.0.0/24) sends data to one recipient.

Multicast sends data to multiple subscribers efficiently (ideal for broadcasting).

Why Not the Others?

A) 172.16.0.0/24 – Private unicast range (RFC 1918), not for multicast.

B) 192.168.0.0/24 – Private unicast range (RFC 1918), not for multicast.

D) 240.0.0.0/24 – Reserved for future use (not assigned to multicast).

Reference:

CompTIA Network+ Objective 1.4 (Multicast Addressing) – 224.0.0.0/4 is the multicast range.

RFC 3171 defines IPv4 multicast address assignments.

Final Answer: C) 224.0.0.0/24 is the correct multicast network for audio/video broadcasting.

Explanation:

The default administrative distance (AD) for EIGRP is 90, which makes it more trusted than OSPF (AD 110) or RIP (AD 120) but less trusted than directly connected routes (AD 0) or static routes (AD 1).

Why This Matters:

Administrative distance (AD) determines which routing protocol’s path is preferred when multiple protocols know how to reach the same destination.

Lower AD = More trusted.

EIGRP’s AD of 90 means it is prioritized over OSPF (110) and RIP (120) but is overridden by static or connected routes. Other Protocols & Their Default ADs:

Connected interface: 0

Static route: 1

OSPF: 110

RIP: 120

External BGP (eBGP): 20

Internal BGP (iBGP): 200

Key Takeaway:

EIGRP’s AD of 90 makes it a preferred choice over other dynamic routing protocols like OSPF and RIP in Cisco environments.

Reference:

CompTIA Network+ Objective 2.2 (Routing Protocols)

Cisco’s EIGRP Documentation

Final Answer: B) EIGRP has a default administrative distance of 90.