N10-009 CompTIA Network+ Certification Exam Free Practice Exam Questions (2026 Updated)

In disaster recovery, the first step after an incident is to conduct a thorough damage assessment to understand the extent of the damage and determine the next appropriate steps. This allows for informed decision-making during the recovery process. The document says:

“The first step after a disaster is to conduct a damage assessment. This involves evaluating the extent of damage to equipment, infrastructure, and data, forming the foundation for recovery efforts and prioritizing response actions.”

The correct answer is B. NAT64 . This scenario says the internal network is using only IPv6 . In the real world, many internet services still rely on IPv4, so an IPv6-only client may need a translation mechanism to reach IPv4-based servers. That is exactly where NAT64 is used. It allows communication between IPv6-only clients and IPv4 resources by translating between the two protocols.

The other options do not solve that requirement. MPLS is used for traffic forwarding across provider networks and has nothing to do with IPv4/IPv6 protocol translation. GRE creates tunnels, but it does not automatically translate one IP version into another. Static routing can direct traffic, but it cannot make IPv6-only hosts speak to IPv4-only internet destinations.

From a Network+ perspective, this question is testing knowledge of IPv6 transition and interoperability mechanisms . If the network is entirely IPv6 internally, but still needs access to parts of the internet that may be IPv4, some translation service has to exist at the boundary. Among the choices given, NAT64 is the only technology that fits that role. That is why B is the best answer.

A modern replacement for traditional remote-access VPN for users is SASE (Secure Access Service Edge). Network+ highlights trends in remote connectivity and security where organizations move away from backhauling all user traffic through a VPN concentrator and instead use cloud-delivered security and access controls closer to the user. SASE combines networking and security capabilities—commonly including ZTNA (Zero Trust Network Access), secure web gateway (SWG), CASB, firewall-as-a-service (FWaaS), and centralized policy enforcement—so remote users can securely access applications without relying on a classic “connect to the corporate network first” VPN model.

SD-WAN primarily optimizes connectivity between sites and to cloud services, often for branch networks; it’s not typically the direct replacement for remote user VPN access. Site-to-site VPN connects networks (locations) and is not intended for individual remote users. A reverse proxy can publish specific internal web applications externally and provide some security functions, but it does not replace VPN broadly for remote user access to multiple internal resources the way SASE/Zero Trust access solutions do. Therefore, SASE is the best answer as the likely replacement for traditional remote-access VPN.

TheSession Layer(Layer 5 of the OSI Model) is responsible for setting up, managing, and tearing down sessions between applications. It maintains dialog control and synchronizes data exchange between systems.

Port 22 is used for SFTP (Secure File Transfer Protocol) and SCP (Secure Copy Protocol), which encrypt file transfers using SSH (Secure Shell). This ensures data is transmitted securely over the network.

•Why not the other options?

•Port 69 (B) – TFTP (Trivial File Transfer Protocol): Transfers files but is not secure (no encryption).

•Port 80 (C) – HTTP: Used for web traffic, not for file transfer.

•Port 3389 (D) – RDP (Remote Desktop Protocol): Used for remote desktop access, not file transfer.

Understanding Spanning Tree Protocol (STP):

STP is used to prevent network loops in Ethernet networks by creating a spanning tree that selectively blocks some redundant paths.

Default Priority Value:

Bridge Priority: STP uses bridge priority to determine which switch becomes the root bridge. The default bridge priority value for most switches is 32768.

Priority Range: The bridge priority can be set in increments of 4096, ranging from 0 to 61440.

Configuration and Verification:

When deploying a new switch, the network administrator can verify the bridge priority using commands such as show spanning-tree to ensure it is set to the default value of 32768.

Comparison with Other Values:

4096 and 8192: Lower than the default priority, indicating these would be manually configured for higher preference.

36684: A non-standard value, likely a result of specific configuration changes.

When traceroute shows asterisks (timeouts) instead of IP addresses or hostnames, it may indicate that intermediate routers are dropping ICMP packets. However, performing an nslookup will reveal the IP address associated with the domain name, confirming that DNS resolution is correct and helping identify the path to the target server. The document states:

“nslookup is used to query DNS servers to retrieve IP address information associated with a domain name, which helps confirm DNS resolution is working correctly even when traceroute results show timeouts.”

A jump box is a hardened, isolated system that provides secure access to critical infrastructure devices like routers and firewalls.

A full-tunnel VPN routes all of a user ' s network traffic through the corporate network. This means that the organization can inspect all network traffic for security and compliance purposes, as all data is tunneled through the VPN, allowing for comprehensive monitoring and inspection.References: CompTIA Network+ study materials.

Definition of RPO:

Recovery Point Objective (RPO) is a disaster recovery metric that describes the maximum acceptable amount of data loss measured in time. It indicates the point in time to which data must be recovered to resume normal operations after a disaster.

For example, if the RPO is set to 24 hours, then the business could tolerate losing up to 24 hours ' worth of data in the event of a disruption.

Why RPO is Important:

RPO is critical for determining backup frequency and helps businesses decide how often they need to back up their data. A lower RPO means more frequent backups and less potential data loss.

Comparison with Other Metrics:

MTTR (Mean Time to Repair): Refers to the average time required to repair a system or component and return it to normal operation.

RTO (Recovery Time Objective): The maximum acceptable length of time that a computer, system, network, or application can be down after a failure or disaster occurs.

MTBF (Mean Time Between Failures): The predicted elapsed time between inherent failures of a system during operation.

How RPO is Used in Disaster Recovery:

Organizations establish RPOs to ensure that they can recover data within a timeframe that is acceptable to business operations. This involves creating a backup plan that meets the RPO requirements.

Infrastructure as a Service (IaaS) provides scalable compute power, storage, and networking resources on demand. It is the best choice for a company that needs to customize its cloud solution based on size, compute capacity, and storage needs.

IaaS Benefits:

Provides virtual machines, storage, and networking resources.

Scalable based on company needs.

Reduces the need for physical infrastructure.

Incorrect Options:

A. SaaS (Software as a Service): Delivers software applications (e.g., Google Docs, Microsoft 365) but does not provide compute/storage infrastructure.

B. PaaS (Platform as a Service): Provides a development environment for application deployment but not full infrastructure control.

D. IaC (Infrastructure as Code): A methodology for automating infrastructure, not a cloud deployment model.

The MPO (Multi-fiber Push On) connector is designed to handle multiple fiber strands in a single connector, and it is commonly used with high-density transceivers like QSFP (Quad Small Form-factor Pluggable).

QSFP can support up to four channels (hence " quad " ), and MPO connectors can interface multiple fibers (e.g., 8, 12, 24), making them ideal for 40Gbps or 100Gbps deployments.

RJ45 (A) is used for Ethernet over copper.

ST (B) and LC (C) are single-fiber connectors — they don ' t support the multi-fiber needs of QSFP setups.

✅ Therefore, MPO is the correct connector type for this use case.

A warm site typically has a full infrastructure ready, but it lacks the most up-to-date data or is not immediately operational. It requires some configuration or data restoration to become fully functional.

=================

Introduction to Disaster Recovery Concepts:

Disaster recovery involves strategies and measures to ensure business continuity and data recovery in the event of a disaster.

Mean Time Between Failures (MTBF):

MTBF is a reliability metric used to predict the time between failures of a system during operation. It is calculated by dividing the total operational time by the number of failures.

Formula: MTBF=Total Operational TimeNumber of Failures\text{MTBF} = \frac{\text{Total Operational Time}}{\text{Number of Failures}}MTBF=Number of FailuresTotal Operational Time​

This metric helps in understanding the reliability and expected lifespan of systems and components.

Example Calculation:

If a server operates for 1000 hours and experiences 2 failures, the MTBF is: MTBF=1000 hours2=500 hours\text{MTBF} = \frac{1000 \text{ hours}}{2} = 500 \text{ hours}MTBF=21000 hours​=500 hours

Explanation of the Options:

A. MTTR (Mean Time to Repair): The average time required to repair a system after a failure.

B. MTBF (Mean Time Between Failures): The correct answer, representing the average time between failures.

C. RPO (Recovery Point Objective): The maximum acceptable amount of data loss measured in time.

D. RTO (Recovery Time Objective): The target time set for the recovery of IT and business activities after a disaster.

Conclusion:

MTBF is a crucial metric in disaster recovery and system reliability, helping organizations plan maintenance and predict system performance.

If the user cannot communicate with 192.168.10.1, they might be on a different subnet. Changing the subnet mask to 255.255.255.0 ensures the user and the file server are in the same subnet.

Breakdown of Options:

A. Changing the IPv4 address to 192.168.10.1 – This would conflict with the server ' s IP.

B. Changing the subnet mask to 255.255.255.0 – ✅ Correct answer. Ensures both the user and the server are on the same subnet.

C. Changing the DNS servers – DNS does not affect local network connectivity.

D. Changing the physical address – The MAC address does not impact subnet communication.

•The total number of devices = (150 + 10) users × 2 IPs per user = 320 devices

•Class C (D) supports a maximum of 254 hosts (2^8 - 2), which is too small.

•Class B (B) supports 65,534 hosts (2^16 - 2), making it the best choice.

•Why not the other options?

•Class A (C): Supports millions of addresses, which is overkill for 320 devices.

•Class D (A): Used for multicast, not for device addressing.

The best answer is B. Address pool exhaustion . The key detail is that this started happening while deploying a new fleet of computers on a DHCP network . That strongly suggests the number of available leases in the DHCP scope has been used up. When no more addresses are available, new devices cannot obtain valid network settings and will fail to connect properly.

This is a common issue when many systems are added at once. Existing devices may already be consuming most or all of the available leases, and the new clients are left without an address assignment. Without a valid IP configuration from DHCP, the computers will not be able to reach the local network or the internet in the normal way.

The other choices are possible network problems in general, but they are less likely in this exact scenario. An incorrect default gateway or incorrect subnet mask would more often reflect a bad DHCP option or a misconfiguration affecting many clients in a different way. A duplicate IP address can affect connectivity, but it does not naturally match the clue about many new devices being added at once on a DHCP scope.

When a question combines DHCP, many new clients, and sudden inability for new systems to connect, address pool exhaustion is the most likely cause.

The customer can access local resources (a database server), which means local networking is working. However, the inability to reach the internet suggests an issue with the default gateway. If the default gateway is unreachable, packets will not be routed outside the local network.

Breakdown of Options:

A. Incorrect DNS – DNS issues would cause problems resolving domain names, but the user should still be able to access external resources via IP addresses.

B. Unreachable gateway – ✅ Correct answer. If the default gateway is incorrect or unreachable, the device cannot route traffic to the internet.

C. Failed root bridge – STP (Spanning Tree Protocol) failures cause switching issues, but the user can still access local devices, meaning STP is not the problem.

D. Poor upstream routing – Would affect the entire network, not just one user.