N10-009 CompTIA Network+ Certification Exam Free Practice Exam Questions (2025 Updated)

If a ping to 10.0.100.19 is unreachable, the most likely issue is that users are on the wrong subnet and cannot communicate with the server.

Breakdown of Options:

A. The users are on the wrong subnet. ✅ Correct answer. If users are on a different subnet without proper routing, they won't reach the server.

B. The DHCP server renewed the lease. – Would change the client’s IP, but the server’s static IP should remain unchanged.

C. The IP address was not reserved. – DHCP reservations matter for dynamic IPs, but RDP servers typically have static IPs.

D. The hostname was changed. – Would affect DNS resolution, but pinging the IP directly would still work.

The correct answer is golden configuration. This is a reference standard or baseline that defines the approved settings and rules devices should follow. Any deviation from the golden configuration indicates drift or misconfiguration that must be remediated.

A. Production refers to the live environment but doesn’t define a standard.

B. Backup configurations are stored copies, not the standard rules.

C. Candidate configuration is a proposed change being tested, not the final baseline.

By enforcing golden configurations, administrators ensure compliance, maintain security standards, and improve consistency across the enterprise.

References (CompTIA Network+ N10-009):

Domain: Network Operations — Configuration standards, golden images/configs.

LDAP (Lightweight Directory Access Protocol) uses port 389 for standard connections and port 636 for LDAP over SSL (LDAPS), which secures directory service communication.

Breakdown of Options:

A. 22 – SSH port, not used for directory services.

B. 389 – Used for LDAP, but not encrypted.

C. 445 – Used for SMB file sharing, not LDAP.

D. 636 – Correct answer. LDAPS (LDAP over SSL/TLS) secures directory authentication.

Definition of ESP (Encapsulating Security Payload):

ESP is a part of the IPsec protocol suite used to provide confidentiality, integrity, and authenticity of data. ESP encrypts the payload and optional ESP trailer, providing data confidentiality.

ESP Functionality:

ESP can encrypt the entire IP packet, ensuring that the data within the packet is secure from interception or eavesdropping. It also provides options for data integrity and authentication.

ESP operates in two modes: transport mode (encrypts only the payload of the IP packet) and tunnel mode (encrypts the entire IP packet).

Comparison with Other Protocols:

AH (Authentication Header): Provides data integrity and authentication but does not encrypt the payload.

GRE (Generic Routing Encapsulation): A tunneling protocol that does not provide encryption.

UDP (User Datagram Protocol) and TCP (Transmission Control Protocol): These are transport layer protocols that do not inherently provide encryption. Encryption must be provided by additional protocols like TLS/SSL.

Use Cases:

ESP is widely used in VPNs (Virtual Private Networks) to ensure secure communication over untrusted networks like the internet.

The default gateway for a network should be an IP address within the subnet, but not the broadcast address. In this case:

IP: 192.163.1.15

Subnet Mask: 255.255.255.0

This means the network range is: 192.163.1.0 - 192.163.1.255

192.163.1.255 is the broadcast address for this subnet, so it cannot be used as a gateway.

Hence, the device fails to communicate outside its subnet because it's trying to use a broadcast address as its gateway.

✅ The issue is clearly with the gateway configuration.

The correct answer is OSPF (Open Shortest Path First). OSPF is a link-state routing protocol known for its fast convergence and use of the Dijkstra algorithm to calculate the shortest loop-free path. It efficiently scales to large enterprise networks and avoids routing loops by maintaining a complete topology map.

A. BGP is primarily an external routing protocol used between ISPs, not internal.

B. STP is not a routing protocol; it prevents loops at Layer 2.

D. RIP is an older distance-vector protocol with slower convergence and a maximum hop limit of 15.

OSPF’s design makes it the preferred internal gateway protocol (IGP) for medium-to-large organizations requiring speed and loop-free reliability.

References (CompTIA Network+ N10-009):

Domain: Networking Concepts — IGPs, OSPF, routing protocols.

These four terms—avoidance, acceptance, mitigation, and transfer—are strategies used in risk management.

From Andrew Ramdayal’s guide:

“Risk in security refers to the potential for loss, damage, or destruction of assets or data due to a threat exploiting a vulnerability. Risk management strategies include avoidance, acceptance, mitigation, and transfer.”

Shoulder surfing is a social engineering attack where attackers observe someone’s private information by looking over their shoulder or using tools like cameras to capture input.

From Andrew Ramdayal’s guide:

“Shoulder surfing is the act of watching someone enter confidential information, such as PINs or passwords, often using direct line-of-sight or surveillance equipment.”

Role of NTP (Network Time Protocol):

NTP is used to synchronize the clocks of network devices to a reference time source. Accurate time synchronization is critical for correlating events and logs from different systems.

Importance for SIEM Systems:

Event Correlation: SIEM (Security Information and Event Management) systems collect and analyze log data from various sources. Accurate timestamps are essential for correlating events across multiple systems.

Time Consistency: Without synchronized time, it is challenging to piece together the sequence of events during an incident, making forensic analysis difficult.

Comparison with Other Protocols:

DNS (Domain Name System): Translates domain names to IP addresses but is not related to time synchronization.

LDAP (Lightweight Directory Access Protocol): Used for directory services, such as user authentication and authorization.

DHCP (Dynamic Host Configuration Protocol): Assigns IP addresses to devices on a network but does not handle time synchronization.

Implementation:

Ensure that all network devices, servers, and endpoints are synchronized using NTP. This can be achieved by configuring devices to use an NTP server, which could be a local server or an external time source.

Definition of SD-WAN:

Software-Defined Wide Area Network (SD-WAN) is a technology that simplifies the management and operation of a WAN by decoupling the networking hardware from its control mechanism. It allows for centralized management and enhanced security.

Benefits of SD-WAN:

Reduced Provisioning Time: SD-WAN enables quick and easy deployment of new sites with centralized control and automation.

Security: Incorporates advanced security features such as encryption, secure tunneling, and integrated firewalls.

Scalability: Easily scales to accommodate additional sites and bandwidth requirements.

Comparison with Other Technologies:

VXLAN (Virtual Extensible LAN): Primarily used for network virtualization within data centers.

VPN (Virtual Private Network): Provides secure connections but does not offer the centralized management and provisioning efficiency of SD-WAN.

NFV (Network Functions Virtualization): Virtualizes network services but does not specifically address WAN management and provisioning.

Implementation:

SD-WAN solutions are implemented by deploying edge devices at each site and connecting them to a central controller. This allows for dynamic routing, traffic management, and security policy enforcement.

The issue is that more students have arrived on campus, meaning the available IP addresses are exhausted. To fix this, the administrator should increase the DHCP scope size to allow more devices to obtain IP addresses.

Breakdown of Options:

A. Enable IP helper – IP helper is used to forward DHCP requests across different subnets. However, the problem here is that the DHCP scope is full, not that requests are not reaching the server.

B. Change the subnet mask – The subnet mask determines the number of available hosts, but changing it without increasing the IP pool does not help.

C. Increase the scope size – Correct answer. Expanding the DHCP scope provides more IP addresses for assignment.

D. Add address exclusions – Exclusions reserve IP addresses, which would further reduce available addresses instead of solving the issue.

Fiber connections require Tx on one end to connect to Rx on the other end. If the patch cord is replaced and link lights remain off, the most common cause is that the connectors are reversed. Swapping (transposing) the connectors ensures proper transmit/receive alignment.

A. Replacing the transceiver may eventually be necessary, but only after verifying correct connections.

B. Restarting the switchport won’t resolve a physical misconnection.

D. Using multimode fiber would be incorrect here, as the link was designed for single-mode (10 miles/16 km requires SMF).

References (CompTIA Network+ N10-009):

Domain: Network Troubleshooting — Fiber connectivity, Tx/Rx alignment, link light diagnostics.

802.1Q tagging, also known as VLAN tagging, is used to identify VLANs on a trunk link between switches. This allows the switches to transfer data for multiple VLANs (or networks) over a single physical connection. This method ensures that traffic from different VLANs is properly separated and managed across the network.References: CompTIA Network+ study materials.

Microwaves are known to interfere with the 2.4GHz frequency, which is the same frequency used by many wireless networks. This can cause signal degradation and intermittent connectivity issues, especially if the WAP is placed near such devices.

=================