Pass the CompTIA Network+ N10-009 Questions and answers with Dumpstech

A Security Information and Event Management (SIEM) system collects, correlates, and analyzes logs from multiple sources in real-time, providing enhanced visibility across multivendor environments.

Breakdown of Options:

A. SNMP – SNMP is used for network device monitoring, but it lacks real-time correlation across multiple vendors.

B. SIEM – Correct answer. SIEM aggregates, analyzes, and correlates logs from multiple sources, providing real-time visibility.

C. Nmap – Nmap is a network scanning tool used for mapping hosts and detecting open ports but does not provide log correlation.

D. Syslog – Syslog collects logs but does not correlate or analyze them in real-time.

Smishing (SMS phishing) occurs when attackers send fraudulent text messages pretending to be a trusted source, tricking the victim into giving up sensitive credentials. Since this came via text message, it qualifies as smishing.

A. DNS poisoning corrupts name resolution.

B. ARP spoofing manipulates MAC-to-IP mappings.

C. Vishing is phishing via voice calls, not text.

References (CompTIA Network+ N10-009):

Domain: Network Security — Social engineering, phishing types (smishing, vishing, spear phishing).

The user’s inability to access the marketing department’s shared drives, despite having internet access, suggests a network segmentation issue. The most likely cause is an incorrect VLAN assignment. The computer is physically located on the accounting department floor, and the switchport is likely configured for the accounting VLAN, not the marketing VLAN. VLANs segment network traffic, and if the computer is in the wrong VLAN, it cannot communicate with the marketing department’s resources.

Why not Mismatched switchport duplex? Duplex mismatches cause performance issues (e.g., packet loss) but not specific access denials to shared drives.

Why not Misconfigured gateway settings? Incorrect gateway settings would prevent internet access, which the user has.

Why not SVI is assigned to the wrong IP address? A Switch Virtual Interface (SVI) with an incorrect IP address affects inter-VLAN routing, but this would likely impact multiple users, not just one.

The correct solution is a Data Center Interconnect (DCI). DCIs extend Layer 2 networks across geographically dispersed data centers, enabling seamless replication of services such as SAN storage, backup synchronization, or VM migrations. This ensures workloads and data can move between sites while maintaining the same VLANs and addressing.

A. Security Service Edge (SSE) provides cloud-delivered security functions like secure web gateways and CASB, not Layer 2 extension.

C. Infrastructure as code (IaC) automates deployment and management of network infrastructure but is unrelated to extending Layer 2 domains.

D. Zero Trust architecture is a security framework ensuring strict access control but doesn’t address network connectivity between sites.

In scenarios where backups need replication between sites, Layer 2 extension is often required so systems can communicate as if they are in the same broadcast domain. DCI is specifically designed to provide this functionality reliably and securely.

References (CompTIA Network+ N10-009):

Domain: Network Infrastructure — WAN technologies, data center interconnect, backup replication.

Since the switch supports only 10Gbps per port, achieving 40Gbps throughput requires link aggregation (LACP), which combines multiple 10Gbps links into one logical interface for higher bandwidth.

Breakdown of Options:

A. 802.1Q tagging – VLAN tagging helps segment traffic but does not increase throughput.

B. Jumbo frames – Jumbo frames reduce overhead but do not increase bandwidth.

C. Half duplex – Half duplex restricts communication, reducing performance instead of improving it.

D. Link aggregation – Correct answer. LACP combines multiple 10Gbps links to provide a 40Gbps connection.

The option that most directly secures sensitive information on the network is data-in-transit encryption. This ensures that data packets are unreadable to attackers who intercept them while moving across the network. Protocols such as TLS, HTTPS, IPsec, and SSH protect confidentiality and integrity of sensitive information.

B. Principle of least privilege (PoLP) secures access control but does not directly protect data in motion.

C. Role-based access control (RBAC) enforces permissions but again does not secure the data while transmitted.

D. Multifactor authentication (MFA) strengthens identity verification but does not directly protect the data itself once transmitted.

Thus, while all options contribute to overall security, encryption of data-in-transit most directly addresses protection of sensitive information on the network.

References (CompTIA Network+ N10-009):

Domain: Network Security — Encryption methods, confidentiality, data-in-transit protection.

WPA2/WPA3 mixed mode provides compatibility for older devices (that only support WPA2) while allowing newer devices to take advantage of stronger WPA3 encryption. This ensures maximum compatibility and security in a mixed-device environment.

A. WPA3 only is most secure but not compatible with legacy devices.

B. WPA2 only is secure but does not future-proof against WPA3-capable devices.

D. WPA/WPA2 mixed mode is weaker due to WPA (deprecated, insecure).

References (CompTIA Network+ N10-009):

Domain: Network Security — Wi-Fi encryption standards, WPA2 vs WPA3, mixed-mode compatibility.

Inconsistent arrival of RTP (Real-Time Protocol) packets indicates jitter or latency variation. A protocol analyzer (packet sniffer, e.g., Wireshark) can capture and analyze RTP streams, showing delay, jitter, and packet loss statistics.

A. Toner and probe locates cable runs, not packet analysis.

C. Cable tester checks wiring faults, not packet timing.

D. Spectrum reader is for identifying wireless interference, not analyzing RTP traffic.

References (CompTIA Network+ N10-009):

Domain: Network Troubleshooting — Protocol analyzers, VoIP troubleshooting, jitter analysis.

The correct answer is Switch because the question references a new logical layout segmenting the network using tagging, which indicates VLAN (Virtual Local Area Network) configuration. VLAN tagging (IEEE 802.1Q) is performed on switches to logically separate broadcast domains within the same physical infrastructure.

According to CompTIA Network+ (N10-009) objectives under switching technologies, VLANs are used to improve security, reduce broadcast traffic, and logically segment network traffic. When VLAN tagging is misconfigured—such as incorrect trunk ports, access port assignments, or mismatched VLAN IDs—devices may lose connectivity to required network resources.

Since the issue began after changes involving tagging, the most likely cause is an incorrect switch configuration, such as improper VLAN assignments or trunking settings.

An access point (Option A) may use VLANs for SSID segmentation, but core tagging configuration is handled at the switch. A firewall (Option B) filters traffic but does not control VLAN tagging at Layer 2 in typical deployments. A load balancer (Option D) distributes traffic among servers and is unrelated to VLAN segmentation.

Therefore, reviewing the switch configuration is the appropriate action to restore connectivity.

Direct Connect is the option most closely associated with having a leased line to a public cloud provider, as defined in the CompTIA Network+ N10-009 objectives under cloud connectivity and WAN technologies. Direct Connect (or equivalent services such as Azure ExpressRoute or Google Cloud Interconnect) provides a dedicated, private physical connection between an organization’s on-premises network and a public cloud provider’s infrastructure. This connection bypasses the public internet, offering consistent bandwidth, lower latency, improved performance, and enhanced security.

A VPN uses encrypted tunnels over the public internet, which does not qualify as a leased line and is subject to internet congestion and variable performance. An internet gateway simply allows cloud resources to communicate with the public internet and does not imply a private or dedicated connection. A private cloud refers to a deployment model where cloud resources are dedicated to a single organization; it does not describe the connectivity method or the use of a leased circuit.

According to Network+ objectives, leased-line connectivity to cloud providers is commonly used by enterprises that require high availability, predictable throughput, regulatory compliance, or secure hybrid cloud architectures. Direct Connect is a foundational component of hybrid networking strategies, linking on-premises environments directly to public cloud services using provider-managed circuits.

An access point (AP) provides users with an extended footprint that allows connections from multiple devices within a designated Wireless Local Area Network (WLAN).

Router: Typically used to connect different networks, not specifically for extending wireless coverage.

Switch: Used to connect devices within a wired network, not for providing wireless access.

Access Point (AP): Extends wireless network coverage, allowing multiple wireless devices to connect to the network.

Firewall: Primarily used for network security, controlling incoming and outgoing traffic based on security rules, not for providing wireless connectivity.

Network References:

CompTIA Network+ N10-007 Official Certification Guide: Explains the roles and functions of network appliances, including access points.

Cisco Networking Academy: Provides training on deploying and managing wireless networks with access points.

Network+ Certification All-in-One Exam Guide: Covers network devices and their roles in creating and managing networks.

The correct answer is VLAN hopping, which is a Layer 2 attack specifically associated with bypassing network segmentation controls. According to the CompTIA Network+ N10-009 objectives, VLANs are commonly used to isolate traffic between different network segments, such as separating a guest network from internal production systems. When an attack originates from an isolated guest network and successfully reaches an internal server, it strongly indicates a failure or exploitation of VLAN boundaries.

VLAN hopping occurs when an attacker gains access to traffic on another VLAN by exploiting misconfigured switch ports or trunking protocols. Common techniques include switch spoofing, where the attacker pretends to be a switch to negotiate a trunk link, and double-tagging, where two VLAN tags are inserted to trick switches into forwarding traffic across VLANs.

The other options do not best fit this scenario. An on-path (man-in-the-middle) attack requires interception between two communicating hosts but does not inherently bypass VLAN isolation. DNS poisoning manipulates name resolution, not network segmentation. ARP spoofing affects local Layer 2 address resolution within the same broadcast domain and typically cannot cross VLAN boundaries.

The Network+ objectives emphasize proper VLAN configuration, disabling unused trunk ports, and implementing port security to prevent VLAN hopping attacks. In this case, VLAN hopping most accurately explains how a guest network could access internal servers.

A /25 subnet mask means 25 bits are reserved for the network portion, leaving 7 bits for host addresses. In dotted decimal, that is:

11111111.11111111.11111111.10000000

Decimal equivalent: 255.255.255.128

A. 255.255.254.0 corresponds to /23.

B. 255.255.255.1 is invalid as a subnet mask.

D. 255.255.255.192 corresponds to /26.

Thus, the correct subnet mask for a /25 network is 255.255.255.128.

References (CompTIA Network+ N10-009):

Domain: Networking Concepts — Subnetting, CIDR notation, dotted decimal.

MIB (Management Information Base): A MIB is a database used for managing the entities in a communication network. The MIB is used by Simple Network Management Protocol (SNMP) to translate events into a readable format, enabling network administrators to manage and monitor network devices effectively.

Function of MIB: MIBs contain definitions and information about all objects that can be managed on a network using SNMP. These objects are defined using a hierarchical namespace containing object identifiers (OIDs).

CompTIA Network+ materials discussing SNMP and MIB functionality​​.