Text preview & study summary

CompTIA Network+ N10-009 — Readiness Assessment (Mastery)

A free sample of 5 questions from this quiz, shown in full with answer choices and explanations. No interactivity — everything is visible on this page for study and review.

Want to test your knowledge? Launch the Interactive Exam Simulator

Question 1

A security appliance reports a sudden increase in outbound DNS queries from one workstation. The queries contain long random-looking subdomains, and the destination domain was registered yesterday. The user reports no browsing issues. Web proxy logs show very little corresponding HTTP or HTTPS traffic.

What should the network team suspect?

Answer choices

  • A. DNS tunneling or DNS-based data exfiltration. (Correct)

  • B. Normal recursive DNS behavior caused by a low TTL.

  • C. ARP spoofing on the local VLAN.

  • D. A spanning tree topology change.

Explanation

Long random subdomains to a newly registered domain with little matching web traffic strongly suggest DNS tunneling or DNS-based exfiltration. Attackers can encode data into DNS queries because DNS is often allowed through network controls.

Low TTLs can increase query frequency but do not typically create long randomized subdomains. ARP spoofing affects local address resolution. Spanning tree changes affect layer 2 topology, not suspicious DNS patterns.

Question 2

A network engineer updates a core switch ACL to block a deprecated management protocol. Minutes later, monitoring shows that the network backup system can no longer reach any switches. The change was approved, but the implementation plan did not include a dependency check or backout command.

Which process weakness most directly caused the outage?

Answer choices

  • A. The ACL should have been applied only after disabling spanning tree.

  • B. The change lacked impact analysis, validation testing, and a documented rollback plan. (Correct)

  • C. The monitoring system should have been removed from the network before the maintenance window.

  • D. The engineer should have used Telnet instead of SSH for the change.

Explanation

The outage resulted from incomplete change planning. A proper change process includes dependency analysis, testing or validation, communication, and a rollback plan. The backup system depended on the blocked management path.

Spanning tree is unrelated to the ACL dependency. Removing monitoring would reduce visibility. Telnet is insecure and not a correct alternative.

Question 3

A security investigation requires correlating firewall, switch, VPN, and server logs. The logs show the same user's activity occurring in impossible sequences, with timestamps differing by 7 to 12 minutes across devices. No device shows packet loss or high CPU.

Which operational issue most directly undermines the investigation?

Answer choices

  • A. Devices are not synchronized to reliable NTP sources. (Correct)

  • B. Syslog uses UDP, so all timestamps become untrusted.

  • C. The VPN concentrator is using split tunneling.

  • D. The switches are using SNMPv3 instead of SNMPv2c.

Explanation

Inconsistent time synchronization undermines log correlation and incident timelines. Reliable NTP sources across infrastructure are essential for monitoring, troubleshooting, and forensics.

UDP syslog can lose messages, but it does not inherently create consistent multi-minute timestamp drift. Split tunneling is unrelated to timestamp accuracy. SNMP version does not affect log time correlation.

Question 4

A newly installed Cat6 cable run passes a basic continuity test, but connected devices negotiate only 100 Mbps instead of 1 Gbps. The cable path runs near elevator motors for part of the distance. A certifier reports high near-end crosstalk and intermittent pair errors under load.

Which TWO actions are most appropriate?

Answer choices

  • A. Re-terminate the cable while preserving pair twists as close as possible to the termination point. (Correct)

  • B. Replace the patch cable with a crossover cable so gigabit negotiation can use all four pairs.

  • C. Reroute the cable away from EMI sources or replace the run with properly grounded shielded cabling. (Correct)

  • D. Increase the switch port speed manually to 10 Gbps to force better negotiation.

  • E. Extend the DHCP scope to allow the endpoint to request a gigabit lease.

Explanation

Gigabit Ethernet requires all four pairs and depends on signal quality. Excessive untwist, poor termination, crosstalk, and EMI can allow continuity to pass while real data transmission fails. Re-termination and rerouting or shielded cabling are appropriate.

A crossover cable is not the answer; Auto-MDI-X and modern gigabit links do not require it. Forcing higher speed worsens negotiation failures. DHCP has no relationship to physical-layer speed.

Question 5

A guest Wi-Fi network allows internet browsing but should not reach internal systems. During testing, a guest device can ping a printer VLAN and open the printer's web management page. The wireless controller shows the guest SSID is mapped to the guest VLAN. The firewall has an any-to-any rule between internal VLANs for legacy reasons.

What should be changed?

Answer choices

  • A. Enable WPA3 on the guest SSID because stronger encryption blocks internal routing.

  • B. Apply ACLs or firewall rules that deny guest VLAN access to internal RFC1918 networks while allowing required internet egress. (Correct)

  • C. Disable DHCP on the guest VLAN so guest devices cannot discover internal subnets.

  • D. Change the printer VLAN subnet mask so it no longer overlaps with the guest VLAN.

Explanation

The SSID-to-VLAN mapping is correct, but routing policy is too permissive. Guest VLANs should be denied access to internal private networks and allowed only necessary internet egress, typically with firewall rules or ACLs.

WPA3 protects wireless authentication and encryption but does not define routed access. Disabling DHCP breaks guest connectivity without solving segmentation. There is no evidence of subnet overlap.