Text preview & study summary
CompTIA Network+ N10-009 — Readiness Assessment (Mastery)
A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.
Want to test your knowledge? Launch the Interactive Exam Simulator
Question 1
A security appliance reports a sudden increase in outbound DNS queries from one workstation. The queries contain long random-looking subdomains, and the destination domain was registered yesterday. The user reports no browsing issues. Web proxy logs show very little corresponding HTTP or HTTPS traffic.
What should the network team suspect?
Explanation
Long random subdomains to a newly registered domain with little matching web traffic strongly suggest DNS tunneling or DNS-based exfiltration. Attackers can encode data into DNS queries because DNS is often allowed through network controls.
Low TTLs can increase query frequency but do not typically create long randomized subdomains. ARP spoofing affects local address resolution. Spanning tree changes affect layer 2 topology, not suspicious DNS patterns.
Question 2
A network engineer updates a core switch ACL to block a deprecated management protocol. Minutes later, monitoring shows that the network backup system can no longer reach any switches. The change was approved, but the implementation plan did not include a dependency check or backout command.
Which process weakness most directly caused the outage?
Explanation
The outage resulted from incomplete change planning. A proper change process includes dependency analysis, testing or validation, communication, and a rollback plan. The backup system depended on the blocked management path.
Spanning tree is unrelated to the ACL dependency. Removing monitoring would reduce visibility. Telnet is insecure and not a correct alternative.
Question 3
A security investigation requires correlating firewall, switch, VPN, and server logs. The logs show the same user's activity occurring in impossible sequences, with timestamps differing by 7 to 12 minutes across devices. No device shows packet loss or high CPU.
Which operational issue most directly undermines the investigation?
Explanation
Inconsistent time synchronization undermines log correlation and incident timelines. Reliable NTP sources across infrastructure are essential for monitoring, troubleshooting, and forensics.
UDP syslog can lose messages, but it does not inherently create consistent multi-minute timestamp drift. Split tunneling is unrelated to timestamp accuracy. SNMP version does not affect log time correlation.
Question 4
A newly installed Cat6 cable run passes a basic continuity test, but connected devices negotiate only 100 Mbps instead of 1 Gbps. The cable path runs near elevator motors for part of the distance. A certifier reports high near-end crosstalk and intermittent pair errors under load.
Which TWO actions are most appropriate?
Explanation
Gigabit Ethernet requires all four pairs and depends on signal quality. Excessive untwist, poor termination, crosstalk, and EMI can allow continuity to pass while real data transmission fails. Re-termination and rerouting or shielded cabling are appropriate.
A crossover cable is not the answer; Auto-MDI-X and modern gigabit links do not require it. Forcing higher speed worsens negotiation failures. DHCP has no relationship to physical-layer speed.
Question 5
A guest Wi-Fi network allows internet browsing but should not reach internal systems. During testing, a guest device can ping a printer VLAN and open the printer's web management page. The wireless controller shows the guest SSID is mapped to the guest VLAN. The firewall has an any-to-any rule between internal VLANs for legacy reasons.
What should be changed?
Explanation
The SSID-to-VLAN mapping is correct, but routing policy is too permissive. Guest VLANs should be denied access to internal private networks and allowed only necessary internet egress, typically with firewall rules or ACLs.
WPA3 protects wireless authentication and encryption but does not define routed access. Disabling DHCP breaks guest connectivity without solving segmentation. There is no evidence of subnet overlap.
