Text preview & study summary

CompTIA Network+ N10-009 - Domains 3 4 5 Operations Security Troubleshooting

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

An attacker sends millions of ping requests to a network target from a botnet of compromised hosts, overwhelming the target's bandwidth. What type of attack is this?

Answer choices

  • A. Man-in-the-middle

  • B. DNS poisoning

  • C. DDoS (Distributed Denial of Service) (Correct)

  • D. ARP spoofing

Explanation

DDoS (Distributed Denial of Service) attacks use multiple compromised systems (botnet) to flood a target with traffic, exhausting resources (bandwidth, CPU, connections). This differs from DoS (single source) by the distributed, harder-to-block nature of the attack.

Question 2

What is the primary difference between an IDS (Intrusion Detection System) and an IPS (Intrusion Prevention System)?

Answer choices

  • A. IDS is hardware-based; IPS is software-based

  • B. IDS only detects and alerts on suspicious traffic; IPS can detect AND actively block/drop malicious traffic inline (Correct)

  • C. IDS works at Layer 7; IPS works at Layer 3

  • D. IDS requires a SPAN port; IPS does not

Explanation

An IDS is deployed out-of-band (using SPAN/tap) and can only detect and alert on threats. An IPS is deployed inline in the traffic path and can detect AND block threats by dropping malicious packets in real-time. IPS adds latency but provides active protection.

Question 3

A network admin runs `show interface GigabitEthernet0/1` on a Cisco router and sees "input errors" and "CRC errors" incrementing. What is the MOST likely physical cause?

Answer choices

  • A. Incorrect VLAN configuration

  • B. Incorrect routing table

  • C. Damaged or low-quality network cable, connector, or cable length exceeding specification (Correct)

  • D. Duplex mismatch on both sides set to full-duplex

Explanation

CRC errors and input errors on an interface indicate physical layer problems — damaged cables, bad connectors, excessive cable length, EMI interference, or bent/pinched fiber. These cause bit errors in frames, detected by CRC checks.

Question 4

A company implements a SIEM (Security Information and Event Management) system. What is the PRIMARY purpose of a SIEM in network operations?

Answer choices

  • A. To configure firewall rules automatically

  • B. To collect, correlate, and analyze log data from multiple sources to identify security threats and compliance violations (Correct)

  • C. To provide VPN connectivity for remote users

  • D. To manage IP address allocations

Explanation

A SIEM aggregates logs from firewalls, IDS/IPS, servers, applications, and network devices, then correlates events across sources to identify patterns indicative of security incidents. It provides real-time alerting, dashboards, and forensic capabilities.

Question 5

A company experiences a network outage. Post-incident, they want to identify the root cause and prevent recurrence. Which document is produced?

Answer choices

  • A. Change request

  • B. SLA revision

  • C. Root Cause Analysis (RCA) / Post-incident report (Correct)

  • D. Business impact analysis

Explanation

A Root Cause Analysis (RCA) or post-incident report documents: what happened, the timeline, contributing factors, the root cause, and corrective actions to prevent recurrence. This is standard practice in ITIL incident management.