CompTIA CompTIA Certifications N10-009 Questions & Answers

• Question 11:

  A user reports having intermittent connectivity issues to the company network. The network configuration for the user reveals the following: IP address: 192.168.1.10

  Subnet mask: 255.255.255.0 Default gateway: 192.168.1.254 The network switch shows the following ARP table:

  

  Which of the following is the most likely cause of the user's connection issues?

  A. A port with incorrect VLAN assigned

  B. A switch with spanning tree conflict

  C. Another PC with manually configured IP

  D. A router with overlapping route tables

  Correct Answer: C

• Question 12:

  An organization has a security staff shortage and must prioritize efforts in areas where the staff will have the most impact. In particular, the focus is to avoid expending resources on identifying non-relevant events. A security analyst is reviewing web server logs and sees the following:

  

  Which of the following should the analyst recommend?

  A. Configuring the web server log to filter out 404 errors on image files

  B. Updating firewall rules to block 202.180.155.1

  C. Resyncing the network time server and monitoring logs for future anomalous behavior

  D. Checking with the penetration testing team to see if the team ran any scans on January 14, 2021

  Correct Answer: A

  This answer will help the organization to avoid expending resources on identifying non- relevant events, as the 404 errors on image files are not indicative of any security threat or issue, but rather a misconfiguration or a broken link on the web server. The 404 errors on image files are also very frequent and repetitive, as shown by the web server log, which can clutter the log and make it harder to spot any relevant events. By filtering out these errors, the analyst can focus on more important events and reduce the noise in the log. The other answers are not as good as A, because they either do not address the problem of identifying non-relevant events, or they are based on incorrect assumptions or information. For example:

  B. Updating firewall rules to block 202.180.155.1 is not a good answer, because the IP address 202.180.155.1 is not doing anything malicious or suspicious, but rather requesting image files that do not exist on the web server. Blocking this IP address will not improve the security of the web server, but rather create unnecessary firewall rules and possibly deny legitimate access to the web server. C. Resyncing the network time server and monitoring logs for future anomalous behavior is not a good answer, because there is no evidence that the network time server is out of sync or causing any problems. The web server log shows that the entries are all within a few minutes of each other, which is normal and expected. Resyncing the network time server will not help the analyst to identify non-relevant events, but rather waste time and resources on an unrelated task. D. Checking with the penetration testing team to see if the team ran any scans on January 14, 2021 is not a good answer, because the web server log does not show any signs of a penetration test or a scan. The log shows only 404 errors on image files, which are not typical of a penetration test or a scan, which would usually target different types of files, ports, or vulnerabilities. Checking with the penetration testing team will not help the analyst to identify non-relevant events, but rather distract the analyst from the actual events and possibly create false alarms.

  https://www.professormesser.com/network-plus/n10-008/n10-008-video/general-network- troubleshooting-n10-008/

• Question 13:

  Which of the following disaster recovery metrics describes the average length of time a piece of equipment can be expected to operate normally?

  A. RPO

  B. RTO

  C. MTTR

  D. MTBF

  Correct Answer: D

  MTBF is the disaster recovery metric that describes the average length of time a piece of equipment can be expected to operate normally. MTBF stands for mean time between failures, which is a measure of the reliability and availability of a device or system. MTBF is calculated by dividing the total operating time by the number of failures that occurred during that time. MTBF indicates how often a device or system fails and how long it can run without interruption. A higher MTBF means a lower failure rate and a longer operational life span.

• Question 14:

  A network administrator needs to create a way to redirect a network resource that has been on the local network but is now hosted as a SaaS solution. Which of the following records should be used to accomplish the task?

  A. TXT

  B. AAA

  C. PTR

  D. CNAME

  Correct Answer: D

  CNAME stands for Canonical Name, and it is a type of DNS record that creates an alias for another domain name. A CNAME record can be used to redirect a network resource that has been moved to a different location, such as a SaaS solution. For example, if a web server that was previously hosted on the local network with the domain name www.example.com is now hosted by a SaaS provider with the domain name www.saasprovider.com, a CNAME record can be created to point www.example.com to www.saasprovider.com. This way, the users can still access the web server using the original domain name, and the DNS server will resolve it to the new domain name.

• Question 15:

  Which of the following DNS records maps an alias to a true name?

  A. AAAA

  B. NS

  C. TXT

  D. CNAME

  Correct Answer: D

  A CNAME (Canonical Name) record is a type of DNS (Domain Name System) record that maps an alias name to a canonical or true domain name. For example, a CNAME record can map blog.example.com to example.com, which means that blog.example.com is an alias of example.com. A CNAME record is useful when you want to point multiple subdomains to the same IP address, or when you want to change the IP address of a domain without affecting the subdomains1.

• Question 16:

  Which of the following OSI model layers will ensure messages are transmitted to their destinations and no data is duplicated?

  A. Session

  B. Data link

  C. Network

  D. Transport

  Correct Answer: D

  The transport layer is the fourth layer of the OSI model, and it is responsible for end-to-end delivery of data over a network. It uses standard protocols such as TCP, UDP, and DCCP to enhance its functionalities. One of the main functions of the transport layer is to ensure that messages are transmitted to their destinations reliably and in the correct order. It also prevents data duplication by using sequence numbers, acknowledgments, and retransmission mechanisms

• Question 17:

  A network administrator is notified that a user cannot access resources on the network. The network administrator checks the physical connections to the workstation labeled User and sees the Ethernet is properly connected. However, the network interface's indicator lights are not blinking on either the computer or the switch. Which of the following is the most likely cause?

  A. The switch failed.

  B. The default gateway is wrong.

  C. The port is shut down.

  D. The VLAN assignment is incorrect.

  Correct Answer: C

  If the port is shut down, it means that the switch has disabled the port and is not sending or receiving any traffic on it. This would explain why the network interface's indicator lights are not blinking on either the computer or the switch, and why the user cannot access resources on the network. The port could be shut down manually by the network administrator, or automatically by the switch due to security or error conditions.

• Question 18:

  Which of the following objectives does an evil twin achieve?

  A. DNS poisoning

  B. Log-in credentials

  C. ARP spoofing

  D. Denial of service

  Correct Answer: B

  The objective that an evil twin achieves is log-in credentials. An evil twin is a type of rogue access point that mimics a legitimate wireless network by using the same SSID, encryption, and authentication methods. An evil twin can trick unsuspecting users into connecting to it instead of the real network, and then capture their log-in credentials or other sensitive data. An evil twin can also perform man-in-the-middle attacks, redirecting or modifying the user's traffic.

• Question 19:

  A network engineer is installing hardware in a newly renovated data center. Major concerns that were addressed during the renovation induded air circulation, building power redundancy, and the need for continuous monitoring. The network engineer IS creating alerts based on the following operation specifications:

  

  Which of the following should the network engineer configure?

  A. Environmental monitoring alerts for humidity greater than 95%

  B. SIEM to parse syslog events for a failed power supply

  C. SNMP traps to report when the chassis temperature exceeds 950F (3500)

  D. UPS monitoring to report when input voltage drops below 220VAC

  Correct Answer: C

• Question 20:

  A network administrator needs to add access points to the network because coverage in some areas is improper. Which of the following should the administrator do first?

  A. Interference analysis

  B. Wireless survey

  C. Traffic analysis

  D. Packet capture

  Correct Answer: B

  A wireless survey is the first step that a network administrator should do before adding access points to the network. A wireless survey is a process of collecting data about the wireless environment, such as signal strength, channel usage, interference, and coverage. A wireless survey can help the network administrator to determine the optimal locations and configurations for the access points to provide the best possible coverage and performance for the wireless network. A wireless survey can also help to identify and troubleshoot any issues that may cause improper coverage in some areas. https://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless- controllers/116057-site-survey-guidelines-wlan-00.html