CompTIA N10-009 Practice Test

Why Honeynet?

Definition:

A honeynet is a decoy network composed of multiple fake systems (honeypots) designed to:

Lure attackers away from real systems.

Study their tactics (e.g., tools, techniques, targets).

Example: A fake database server logging attacker keystrokes.

Key Features:

Realistic but isolated (no production data).

Monitored 24/7 for threat intelligence.

Why Not the Others?

A) Geofencing – Blocks/grants access based on physical location (e.g., GPS), unrelated to deception.

C) Jumpbox – A secured admin gateway (e.g., for accessing critical servers), not a trap.

D) Screened subnet – A DMZ (demilitarized zone) for public-facing servers, not for studying attackers.

Reference:

CompTIA Security+ Objective 1.1 (Threat Intelligence) – Honeynets are used for proactive threat research.

RFC 4767 defines honeypot/honeynet architectures.

Final Answer: B) Honeynet is the group of devices used to lure and study attackers.

Why VPC?

Purpose:

A VPC is the primary method for segmenting compute resources (e.g., VMs, containers) within a single cloud account.

It creates isolated virtual networks with subnets, route tables, and security controls

Key Features:

Subnets: Segment resources by tier (e.g., web, DB).

Security Groups/ACLs: Control traffic between segments.

Private/Public Zones: Isolate sensitive workloads.

Why Not the Others?

A) Network Security Group (NSG) – A firewall for VMs/subnets (doesn’t segment the network itself).

B) IaaS – A cloud service model (e.g., AWS EC2), not a segmentation tool.

D) Hybrid Cloud – Combines on-prem + cloud, unrelated to intra-cloud segmentation.

Reference:

CompTIA Cloud+ Objective 1.4 (Virtual Networking) – VPCs are core to cloud resource isolation.

AWS/Azure/GCP VPC Documentation emphasizes segmentation.

Final Answer: C) VPC is most closely associated with segmenting compute resources in a cloud account.

Why 802.11ax?

Designed for High-Density Environments:

OFDMA (Orthogonal Frequency-Division Multiple Access): Allows multiple devices to share a channel simultaneously, reducing congestion.

BSS Coloring: Minimizes interference between overlapping networks.

Higher Efficiency: Supports more devices with better throughput per user.

Key Benefits for Saturation/Coverage:

4x Capacity vs. 802.11ac (Wi-Fi 5).

Better Performance in crowded areas (e.g., offices, stadiums).

Why Not the Others?

A) 802.11ac (Wi-Fi 5) – Lacks OFDMA/BSS Coloring; struggles with dense device counts.

C) 802.11g – Legacy 2.4GHz-only standard (slow, prone to interference).

D) 802.11n – Improved over 802.11g but outdated for high-density needs.

Reference:

CompTIA Network+ Objective 2.4 (Wireless Standards) – 802.11ax is optimized for density.

Wi-Fi Alliance Certification highlights 802.11ax’s efficiency.

Final Answer: B) 802.11ax is the best choice for high-density environments.

Why Subinterfaces Are Needed Here?

Scenario:

If a router has only one physical LAN port but needs to handle traffic for multiple VLANs, subinterfaces (virtual interfaces) are created on the single physical port.

Key Use Case:

Router-on-a-Stick (ROAS): A single router port connects to a switch trunk port, using subinterfaces to route between VLANs.

Why Not the Others?

B) Firewall performing DPI – Deep packet inspection doesn’t require subinterfaces (it inspects traffic at higher layers).

C) Hub using jumbo frames – Hubs are Layer 1 devices (no VLAN/subinterface support).

D) Switch using STP – Spanning Tree operates at Layer 2; subinterfaces are a router/Layer 3 feature.

How Subinterfaces Work:

Physical Port: Connects to a switch’s trunk port.

Subinterfaces: Each maps to a VLAN (e.g., .10 for VLAN 10, .20 for VLAN 20).

Traffic Routing: Router forwards packets between VLANs via subinterfaces.

Reference:

CompTIA Network+ Objective 2.3 (VLANs and Routing) – Subinterfaces enable inter-VLAN routing.

Cisco’s Router-on-a-Stick Guide demonstrates subinterface configuration.

Final Answer: A) A router with only one LAN port most likely requires subinterfaces.

Why This is the Issue?

Spanning Tree Protocol (STP) Requires a Root Bridge:

STP blocks redundant paths to prevent loops, but only one switch should act as the root bridge.

Here, both switches have equal port costs and states, suggesting:

No root bridge election occurred (or both switches think they’re the root).

This can cause all ports to block (breaking connectivity) or create a loop.

Symptoms Match:

Immediate connectivity loss after connecting the switches is classic STP misconfiguration.

Equal costs/states imply no hierarchy in the topology.

Why Not the Others?

A) Port costs equal – STP allows equal costs (the issue is root bridge election, not cost values).

B) Link aggregation – LACP (802.3ad) doesn’t fix STP root conflicts.

D) RSTP – While RSTP converges faster, it still needs a root bridge.

Reference:

CompTIA Network+ Objective 2.3 (Spanning Tree Protocol) – Root bridge election is critical.

IEEE 802.1D defines STP’s root bridge requirements.

Final Answer: C) A root bridge needs to be identified to resolve the STP conflict.

Why a Switch Can Support Jumbo Frames?

Jumbo Frame Support:

Switches (especially modern managed switches) can handle jumbo frames (typically MTU > 1500 bytes, often up to 9000 bytes).

Used for high-throughput applications (e.g., storage networks, video streaming).

Key Features:

Configurable MTU: Switches allow adjusting frame size globally or per port.

Performance Boost: Reduces overhead by carrying more data per frame.

Why Not the Others?

A) Access Point – Most APs use standard 1500-byte MTU (wireless frames are smaller due to overhead).

B) Bridge – Operates at Layer 2 but lacks jumbo frame support (legacy devices).

C) Hub – A Layer 1 device that doesn’t process frames (no MTU awareness).

Reference:

CompTIA Network+ Objective 1.4 (Ethernet Standards) – Jumbo frames are optional in modern switches.

IEEE 802.3 allows MTU adjustments beyond 1500 bytes.

Final Answer: D) Switch is the device that can support jumbo frames.

Why a Toner and Probe?

Purpose:

A toner and probe (aka "fox and hound") is designed to trace and identify unlabeled cables in a bundle or behind walls.

The toner sends a signal over the cable, and the probe detects it audibly.

Best for This Scenario:

The customer needs to find which cable in the IDF (Intermediate Distribution Frame) connects to each unlabeled wall plate.

Unlike a cable tester, a toner/probe works without needing both ends of the cable.

Why Not the Others?

B) Cable Tester – Checks for continuity/faults but can’t trace cables in a bundle.

C) Visual Fault Locator – Used for fiber optics (sends a red laser to find breaks).

D) Network Tap – Monitors live traffic (irrelevant for cable identification).

How to Use a Toner and Probe:

Connect the toner to the wall plate’s RJ45 port.

Scan the IDF cables with the probe to find the matching tone.

Label the cable once identified.

Reference:

CompTIA Network+ Objective 5.3 (Troubleshooting Tools) – Toner/probe is standard for cable tracing.

TIA/EIA-606-B labeling standards recommend tracing tools for IDF/MDF management.

Final Answer: A) Toner and probe is the best tool to identify unlabeled wiring.

Why These Solutions Work?

B) 5GHz Frequency

Avoids 2.4GHz interference entirely by switching to the less congested 5GHz band.

Industrial equipment (e.g., microwaves, Bluetooth, Zigbee) primarily operates in 2.4GHz.

D) Non-Overlapping Channel

In 2.4GHz, only channels 1, 6, and 11 (non-overlapping) minimize interference.

Example: Switching from channel 3 (overlaps with 1/6) to channel 6 reduces crosstalk.

Why Not the Others?

A) Mesh network – Extends coverage but still uses 2.4GHz/5GHz (doesn’t fix interference).

C) Omnidirectional antenna – Spreads signals in all directions (can worsen interference).

E) Captive portal – A login page for Wi-Fi (unrelated to RF interference).

F) Ad hoc network – Device-to-device Wi-Fi (still uses 2.4GHz/5GHz).

How to Implement:

For 5GHz:

Upgrade to 802.11ac/ax (Wi-Fi 5/6) and disable 2.4GHz radios if possible.

For Non-Overlapping Channels:

Set APs to channel 1, 6, or 11 (2.4GHz) and monitor with a Wi-Fi analyzer.

Reference:

CompTIA Network+ Objective 2.4 (Wireless Interference) – 5GHz and channel planning are key fixes.

IEEE 802.11 Standards define non-overlapping channels.

Final Answer: B & D are the best choices to mitigate 2.4GHz interference.

Why a Mesh Network?

Best for Public Safety Vehicles:

Self-healing & redundant paths – If one node fails, traffic reroutes automatically (critical for emergency vehicles).

Wide coverage – Extends connectivity across large areas (e.g., city streets, highways).

Reliable roaming – Vehicles moving between nodes maintain seamless connectivity.

Why Not the Others?

B) Ad hoc – Device-to-device only; no centralized management (unreliable for public safety).

C) Point-to-point – Only connects two fixed locations (e.g., buildings), not mobile vehicles.

D) Infrastructure – Requires fixed APs; poor mobility support for fast-moving vehicles.

Key Mesh Network Features:

Dynamic routing (e.g., BATMAN, 802.11s).

Scalable for city-wide deployments.

Used in: Smart cities, disaster response, military.

Reference:

CompTIA Network+ Objective 2.4 (Wireless Technologies) – Mesh networks excel in mobility/reliability.

FirstNet (U.S. Public Safety Network) relies on mesh-like LTE architectures.

Final Answer: A) Mesh is the best wireless solution for public safety vehicles.

Why These Solutions?

A) Least Privilege Network Access

Minimizes attack surface by granting users/devices only the access they need.

Post-breach, this prevents lateral movement by attackers.

C) Central Policy Management

Ensures consistent enforcement of security rules (e.g., firewalls, access controls) across the network.

Simplifies audits and updates after a breach.

Why Not the Others?

B) Dynamic inventories – Useful for asset tracking but doesn’t directly improve security.

D) Zero-touch provisioning – Automates device setup but doesn’t address access control.

E) Configuration drift prevention – Maintains system consistency but is more operational than security-focused.

F) Subnet range limits – Restricts IP ranges but doesn’t replace least privilege or centralized policies.

Post-Breach Priority:

Limit access (least privilege).

Enforce policies uniformly (central management).

Reference:

NIST SP 800-53 (Least Privilege)

CIS Controls v8 (Centralized Policy Management)

Final Answer: A & C are the best post-breach security upgrades.