Add to collection(s) Add to saved
  1. No category
Uploaded by Mr. Mosi

N10-007 Exam Simulation 1

advertisement 
4/18/22, 4:08 PM
N10-007 Exam Simulation
QBank Quiz April 18, 2022
Question #1 of 200
Test ID: 205855659
Question ID: 1289200
Which attack involves the use of multiple computers with the purpose of denying legitimate access to a critical server?
A) land attack
B) distributed denial-of-service (DDoS) attack
C) denial-of-service (DoS) attack
D) Ping of Death attack
Explanation
Distributed denial-of-service (DDoS) attacks are an extension of the denial-of-service (DoS) attack. In DDoS, the attacker uses
multiple computers to target a critical server and deny access to the legitimate users. The primary components of a DDoS attack
are the client, the masters or handlers, the slaves, and the target system. The initial phase of the DDoS attack involves using
numerous computers referred to as slaves and planting backdoors in the slaves that are controlled by master controllers. Handlers
are the systems that instruct the slaves to launch an attack against a target host. Slaves are typically systems that have been
compromised through backdoors, such as Trojans, and are not aware of their participation in the attack. Masters or handlers are
systems on which the attacker has been able to gain administrative access. The primary problem with DDoS is that it addresses
the issues related to the availability of critical resources instead of confidentiality and integrity issues. Therefore, it is difficult to
detect DDoS attacks by using security technologies such as SSL and PKI. To detect the use of zombies in a DDoS attack, you
should examine the firewall logs. Both zombies and botnets can be used in a DDoS attack. Launching a traditional DoS attack
might not disrupt a critical server operation. Launching a DDoS attack can bring down the critical server because the server is
being overwhelmed by processing multiple requests until it ceases to be functional. Trinoo and tribal flow network (TFN) are
examples of DDoS tools.
A land attack involves sending a spoofed TCP SYN packet with the target host's IP address and an open port as both the source
and the destination to the target host on an open port. The land attack causes the system to either freeze or crash because the
computer continuously replies to itself.
A Ping of Death is another type of DoS attack that involves flooding target computers with oversized packets, exceeding the
acceptable size during the process of reassembly, and causing the target computer to either freeze or crash. Other denial-ofservice attacks, referred to as smurf and fraggle, deny access to legitimate users by causing a system to either freeze or crash.
A denial-of-service (DoS) attack is an attack on a computer system or network that causes loss of service to users. The DoS attack
floods the target system with unwanted requests. It causes the loss of network connectivity and services by consuming the
bandwidth of the target network or overloading the computational resources of the target system. The primary difference between
DoS and DDoS is that in DoS, a particular port or service is targeted by a single system and in DDoS, the same process is
accomplished by multiple computers. There are other types of denial-of-service attacks such as buffer overflows, where a process
attempts to store more data in a buffer than amount of memory allocated for it, causing the system to freeze or crash.
For the Network+ exam, you need to understand the following about DoS attacks:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
1/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Distributed DoS - carried out using multiple computers that are referred to as botnets. This attack will cause a traffic spike and
is a coordinated attack so that all the botnets participate in the attack.
Reflective/amplified - uses potentially legitimate third-party component to send the attack traffic to a victim, hiding the
attackers' identity. The attackers send packets to the reflector servers with a source IP address set to their victim's IP, indirectly
overwhelming the victim with the response packets. Domain Name System (DNS) and Network Time Protocol (NTP) servers
are particularly susceptible to this attack.
Smurfing - a DDoS attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended
victim's spoofed source IP are broadcast to a computer network using an IP Broadcast address. The target of the attack is
flooded with packets, causing performance to decline.
Friendly/unintentional DoS - a DoS attack that is carried out by devices that have legitimate access to the attacked server. This
can occur as part of a DDoS where the legitimate device is a botnet. It could also occur when a user inadvertently causes a
DoS attack due to initializing multiple requests that hang up the server.
Physical attack - an attack where an attacker attacks a device in such a way as to permanently put it out of commission. Also
referred to as permanent DoS, this attack may involve affecting the firmware or infecting the device with malware.
Objective:
Network Security
Sub-Objective:
Summarize common networking attacks.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks
Question #2 of 200
Question ID: 1123529
You are implementing several switches on your network. The network contains client computers that run both Internet Protocol (IP)
and Internetwork Packet Exchange (IPX). To increase network efficiency, you need to configure the switches so that the two
different types of traffic are isolated. Which type of virtual local area network (VLAN) should you implement?
A) protocol-based VLAN
B) subnet-based VLAN
C) frame-tagging VLAN
D) port-based VLAN
Explanation
You should implement a protocol-based VLAN. This will allow you to isolate the IP and IPX traffic. With protocol-based VLANs,
each VLAN is configured to support a single protocol.
A port-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each port on the switch is assigned to a VLAN.
Devices attached to that port automatically becomes members of that VLAN.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
2/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A subnet-based VLAN is not used to isolate IP and IPX traffic. With this type of VLAN, each subnet on your network is assigned to
a VLAN. Devices are part of a subnet based on the subnet to which the device's IP address belongs.
A frame-tagging VLAN is not used to isolate IP and IPX traffic. A frame-tagging VLAN is a type of port-based VLAN that uses
frame tagging to allow VLANs to be spread across multiple switches.
Objective:
Network Security
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
Overview of VLANs (Virtual LANs), https://www.alliedtelesis.com/sites/default/files/overview_vlans.pdf
CompTIA Network+ N10-007 Cert Guide, Chapter 4 Ethernet Technology, Ethernet Switch Features
Question #3 of 200
Question ID: 1123354
You are working to convert a 10BaseT network to a 1000BaseT network. This conversion includes replacing all cabling, network
devices, and network interface cards (NICs). Next year, you also have a planned building renovation where departments will be
relocated to different areas within the building. However, that renovation should involve minimal network hardware changes.
When you start the conversion, you have a hard time determining where each wall plate terminates at the patch panels. You
decide to follow better design procedures to make future upgrades or troubleshooting easier and also to ensure that next year's
move goes more smoothly. However, your solutions should minimally impact the current network structure. Which best practices
should you implement during the conversion? (Choose two.)
A) Implement patch panel labeling.
B) Create a logical network diagram.
C) Implement an SLA.
D) Create a physical network diagram.
E) Implement port labeling.
F) Implement device naming conventions.
Explanation
You should implement port labeling and patch panel labeling. This will ensure that you are able to locate individual cables at both
ends of their connection. For example, the wall port where the computer is connected to the network might be labeled as Port24.
Where the cable then plugs into the patch panel or other network device, you should also label that port with the same number.
This will ensure that you can easily locate both ends of the connection.
It is not necessary to create a logical or physical network diagram. Although diagrams can help with troubleshooting, these are not
the best options in this scenario because your company plans to do a renovation next year.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
3/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You should not implement device naming conventions because you want your solutions to minimally impact the current network
structure. While device naming conventions should be adopted, it would require quite a bit of administrative effort to change the
names of the current devices. Clients could also experience connection problems because of the new naming convention.
You should not implement a service level agreement (SLA). An SLA provides details on the levels of service that will be provided to
an organization or department.
For the Network+ exam, you need to understand the following labeling needs: port labeling, system labeling, circuit labeling,
naming conventions, and patch panel labeling.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
TIA labeling standard marked for changes, http://www.cablinginstall.com/articles/print/volume-16/issue-3/features/installation/tialabeling-standard-marked-for-changes.html
What's Your Port/Patch Panel Labeling Method?, http://community.spiceworks.com/topic/471563-what-s-your-port-patch-panellabeling-method
Question #4 of 200
Question ID: 1289221
Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered.
What should you do last as part of the incident response?
A) investigation
B) analysis
C) triage
D) post-mortem review
Explanation
A post-mortem review should be completed last as part of the incident response. The post-mortem review should be performed
within the first week of completing the investigation of the intrusion. Triage is part of the first step in an incident response. During
this step, the incident response team examines the incident to see what was affected and sets priorities. Investigation takes place
after the triage. It involved the collection of relevant data. After the investigation stage, the incident response team is responsible
for the containment stage. After the incident is contained, the next stage is analysis, where the root cause of the incident is
discovered. The troubleshooting order according to the CompTIA Network+ blueprint is as follows:
1. Identify the problem.
Gather information.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
4/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Duplicate the problem, if possible.
Question users.
Identify symptoms.
Determine if anything has changed.
Approach multiple problems individually.
1. Establish a theory of probable cause.
Question the obvious.
Consider multiple approaches.
Top-to-bottom/bottom-to-top OSI model
Divide and conquer
1. Test the theory to determine cause.
Once theory is confirmed, determine next steps to resolve problem.
If theory is not confirmed, re-establish new theory or escalate.
1. Establish a plan of action to resolve the problem and identify potential effects,
2. Implement the solution or escalate as necessary,
3. Verify full system functionality and if applicable implement preventive measures.
4. Document findings, actions, and outcomes.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Explain the network troubleshooting methodology.
References:
CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1)
Question #5 of 200
Question ID: 1123458
Which two guidelines are the best to implement for passwords according to CompTIA guidelines? (Choose two.)
A) Ensure that passwords are only constructed of only alphanumeric characters.
B) Configure passwords to change periodically.
C) Ensure that passwords change rarely or never change.
D) Ensure that passwords are at least 15 characters in length.
E) Create passwords that contain at least one symbol.
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
5/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Of the choices presented, you should configure passwords to change periodically and create passwords that contain at least one
symbol in order to create the strongest passwords. Depending on the security level required, passwords might change once every
three months, once per month or once per week. In some very high security situations, such as military and intelligence agencies,
passwords are commonly configured to change as often as twice per day. Configuring passwords to change periodically can
significantly increase the strength of password security on a network. Passwords should also include alphanumeric characters and
at least one symbol, such as the dollar sign ($) character.
Passwords should usually be between eight and ten characters in length. A minimum password length of greater than ten
characters will force users to create passwords that are too long to be easily remembered. If a user's password is too long, then
the user might record the password and place it where it can be easily found, which can cause a security risk.
Passwords are often victims of brute force or dictionary attacks where attackers attempt to guess passwords. Using complex
passwords help prevent these attacks. Organizations should also implement account lockout policies to lock accounts after a
certain number of invalid login attempts.
Objective:
Network Operations
Sub-Objective:
Identify policies and best practices.
References:
Password Selection and Security Guidelines, http://www.thebitmill.com/articles/password_tips.html
Question #6 of 200
Question ID: 1123602
A user named Luther reports that he cannot log on to the network from his workstation. You attempt to use your administrator
credentials to log on to the network from Luther's computer, but you cannot. Both you and Luther can log on to the network from
your workstation. Your workstation and Luther's workstation are connected to the same hub.
What is most likely causing the connectivity problem on Luther's workstation?
A) Luther is typing an incorrect user name when he attempts to log on to the network from
his workstation.
B) Luther is typing an incorrect password when he attempts to log on to the network from
his workstation.
C) The NIC in Luther's workstation is defective.
D) The hub that connects Luther's workstation to the network is defective.
Explanation
In this scenario, neither you nor Luther can log on to the network from his computer. However, both of you can log on to the
network from your computer. Thus, you can assume that the network interface card (NIC) in Luther's computer is defective. If
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
6/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Luther were unable to log on to the network from his computer, but you were able to log on to the network from his computer, then
you could assume that Luther was supplying either an incorrect user name or password or both.
One of the most common logon problems can be attributed to the caps lock feature. When the caps lock feature is enabled, then
all alphabetical characters typed without the shift key being pressed appear in upper case. Most network operating systems
require case-sensitive passwords. Therefore, the password system and the password SYSTEM are considered different
passwords by the operating system.
Both your computer and Luther's computer are connected to the same hub. If the hub were defective, then neither you nor Luther
would be able to log on to the network from either computer.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #7 of 200
Question ID: 1123365
You want to install a device between your company's private network and the Internet that will prevent users on the Internet from
transferring HTTP messages into the company's network.
Which device should you install?
A) a firewall
B) a bridge
C) a hub
D) a router
Explanation
You should install a firewall between the Internet and your company's private network. A firewall can provide packet-filtering
services for a network. Data packets can be allowed or denied entry to or from a network based on several criteria, including the
Transmission Control Protocol (TCP) port number and the IP address of the sending host. In this scenario, you can configure the
firewall to deny access to packets from the Internet that are sent through TCP port 80, which is the well-known TCP port for
Hypertext Transfer Protocol (HTTP) messages.
A bridge is a device that can divide a network into two segments. A network divided by a bridge appears to be a single network to
devices and applications that operate at a higher level than the bridge. You normally use a bridge to divide a network to optimize
network traffic. A hub, which is often referred to as a repeater or a repeating hub, acts as a concentration point for network
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
7/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
connections on networks that use the star physical topology. A router connects two or more subnets and enables computers on a
subnet to send data to remote subnets; although some routers provide packet-filtering capabilities, packet filtering is not a
guaranteed capability with a router.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
References:
Introduction to Firewalls, http://netsecurity.about.com/od/hackertools/a/aa072004.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
Question #8 of 200
Question ID: 1289208
The owner of your favorite pastry shop has just installed free Wi-Fi access for customers. The owner accomplished this task with
limited technical skills and without any assistance. After a couple of days in operation, the owner calls to complain that he cannot
get into the Wi-Fi router to make an adjustment. First, you have him use the hard reset function built into the router. What action
would you recommend that the owner take next?
A) Generate new keys.
B) Change the default credentials.
C) Patch and update the router.
D) Upgrade the firmware.
Explanation
Changing default credentials is important for router and switch security, particularly with SOHO routers. Default credentials are
published by the router manufacturers, and an easy search using the router model number will provide you (and an attacker) with
the information needed to reconfigure the router. Changing the default credentials is an essential step in securing your network.
While the other options can harden the router, the first and most crucial step is to change the default credentials because they are
widely known and can be used by attackers.
Upgrading firmware is one way to ensure that the network component is performing properly or to the current standard. Firmware
differs from a driver. A driver allows the hardware communicate with an operating system, such as Windows 10, Linux, or OSX.
Firmware is the software that allows the hardware device to operate. A simplified example of one aspect of firmware would be the
line of instruction on the NIC that causes the green light to blink when network traffic is present.
Patching and updates to the network hardware will ensure that the firmware is up to date and that any remedies to known security
issues will be corrected.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
8/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You should be concerned with generating new keys, but this is not the primary concern here. If a breach occurred, the attacker
managed to obtain the keys. Generating new keys will keep the attacker from using the stolen keys again.
Objective:
Network Security
Sub-Objective:
Given a scenario, implement network device hardening.
References:
The One Router Setting Everyone Should Change (But No One Does), https://www.tomsguide.com/us/change-router-defaultpasswords,news-26975.html
Question #9 of 200
Question ID: 1123220
You administer your company's 100BaseTX Ethernet network. TCP/IP is the networking protocol used on the network. You want
the routers on the network to send you notices when they have exceeded specified performance thresholds.
Which protocol should you use to enable the routers to send the notices?
A) SMTP
B) SNMP
C) Telnet
D) ARP
Explanation
You should use Simple Network Management Protocol (SNMP) to enable the routers to notify you when they exceed specified
performance thresholds. SNMP is a protocol in the TCP/IP protocol suite that enables the collection of data about various devices
connected to a TCP/IP network, including bridges, hubs, and routers. Each SNMP-compatible device has a Management
Information Base (MIB) database that defines the type of information that can be collected about the device. You can also
configure SNMP traps to analyze network performance and network problems. A trap is a message that an SNMP-compatible
device sends when the device has exceeded a performance threshold. You can configure SNMP to send traps to the network
management software you are using, to your e-mail address, or to another destination.
SNMP works at the Application layer of the OSI model. SNMP monitors are the pieces of software that actually monitor managed
devices. This software must be applied at the device level.
Address Resolution Protocol (ARP) is used on a TCP/IP network to resolve IP addresses to media access control (MAC)
addresses. TCP/IP uses IP addresses to identify hosts, whereas Ethernet uses MAC addresses to identify network nodes. For
Ethernet and TCP/IP to interoperate, a host's IP address must be resolved to a MAC address. You cannot use ARP to notify you
when network devices have exceeded performance thresholds. ARP works at the Network layer of the OSI model.
Simple Mail Transfer Protocol (SMTP) is used to transfer e-mail messages from e-mail clients to e-mail servers. SMTP is also used
to transfer e-mail messages between e-mail servers. SMTP will not send traps when network devices have exceeded performance
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
9/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
thresholds. SMTP works at the Application layer of the OSI model.
Telnet is a terminal emulation protocol. You can use Telnet to establish a remote session with a server and to issue commands on
a server. Telnet client software provides you with a text-based interface and a command line from which you can issue commands
on a server that supports the Telnet protocol. Telnet will not send notices when network devices have exceeded established
performance thresholds. Telnet works at the Application layer of the OSI model.
Objective:
Networking Concepts
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
SNMP, http://www.tech-faq.com/snmp.html
Question #10 of 200
Question ID: 1289206
A user reports that a legacy system is no longer responding. After researching, a technician reports that the system has been
flooded with ICMP packets larger than 65,535 bytes. This is most likely the result of which type of attack?
A) ARP issues
B) malware
C) ping of death
D) backdoor access
Explanation
This is most likely the result of a ping of death attack. In a ping of death attack, a system or network is flooded with ICMP packets
larger than 65,536 bytes. You can prevent this type of attack by not allowing ICMP messages from outside your network.
This scenario is not the result of a malware attack. Malware, or malicious software, is generally obtained through email, instant
messaging, the Internet, or file sharing. In most cases, malware affects the performance of the infected computer. It also may steal
information. You can install anti-malware software to prevent these attacks. User education is also important.
This scenario is not the result of backdoor access, also referred to as improper access. Backdoor access is usually obtained
through using a backdoor utility or by using some built-in developer hook in an application that allows developers to circumvent
normal authentication. It is often very hard to detect backdoor access. Companies should track the open-source projects that enter
their network from external untrusted sources, such as open-source code repositories, and should rapidly respond to any
backdoors discovered.
This scenario is not the result of ARP issues. This is often accomplished by poisoning the ARP cache of computers. ARP
poisoning can also be referred to as man-in-the-middle (MITM) attacks. You can use dynamic ARP inspection at routers to help
mitigate this issue.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
10/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
For the Network+ exam, you must also understand the following common security issues:
Misconfigured firewall - allows vulnerabilities to be exposed, giving attackers the opportunity to exploit the firewall itself or the
internal and DMZ devices the firewall was intended to protect. You should never allow all traffic into your internal network from
the outside untrusted network. In addition, disable or remove any default accounts. If possible, configure the firewall to send
alerts any time a configuration change has occurred. This would ensure that you would know that a configuration change has
occurred and allow you to verify if the change was valid or carried out by an attacker.
Misconfigured ACLs/applications - allows vulnerabilities to be exposed, giving attackers the opportunity to exploit applications
or entities protected by the access control list (ACL). Disable or remove any default accounts in applications. Make sure that
ACLs are not configured to allow all. ACLs should default to deny for all accounts not given access.
Denial of service (DoS) - occurs when a server is flooded with traffic with the intent to shut down the server. In most cases,
upgrading your devices and applications with the latest service packs or updates will prevent these attacks.
Open/closed ports - allows or denies network access to specific types of traffic based on the port used. You should disable all
ports that you are not using. Remember any open ports are avenues of attack.
ICMP related issues - includes ping of death and unreachable default gateway. Most companies simply deny any ICMP from
external networks.
Unpatched firmware/OSs - allows vulnerabilities to be exposed, giving attackers the opportunity to exploit the unpatched
device or computer. Make sure that all patches, security updates, hotfixes, and service packs are deployed in a timely manner
to all affected systems.
Malicious users - includes both trusted and untrusted users. Often malicious users will use packet sniffing utilities to obtain
information about the network to enable attackers to carry out attack. Auditing can help mitigate this issue.
Authentication issues - includes TACACS/RADIUS misconfigurations and default passwords/settings. Terminal Access
Controller Access-Control System (TACACS) is a TCP-based protocol used to communicate with an authentication,
authorization, and accounting (AAA) server. Remote Authentication Dial-In User Service (RADIUS) is a UDP-based protocol
used to communicate with a AAA server. Because TACACS and RADIUS only handle the authentication of remote users, the
TACACS/RADIUS server isn't configured correctly only if valid users are not authenticated or if invalid users are authenticated.
When it comes to default passwords, you should disable all default passwords on any authentication servers. Default settings
should also be changed. Changing default passwords and settings will help to ensure that attackers cannot use these defaults
to breach the network.
Banner grabbing/OUI - A banner is the text that is embedded with a message that is received from a host. Usually this text
includes signatures of applications that issue the message. Banner grabbing is a fingerprinting technique that relies on
morphed or empty TCP packets that are sent over to a target machine. Telnet, Netcat, Nmap and other tools can be used to
carry out banner grabbing. First you need to thoroughly analyze what information is leaked. Set up your services properly.
Default settings are always insecure. Turn off all the features and services that are unnecessary.
Domain/local group configurations - Groups are often used as part of any security configuration. Users are placed into group,
and groups are given access to resources. You should periodically audit groups and ensure that their permissions are
appropriately configured.
Jamming - Jamming compromises the wireless environment. It works by denying service to authorized users as legitimate
traffic is jammed by the overwhelming frequencies of illegitimate traffic.
Objective:
Network Security
Sub-Objective:
Summarize common networking attacks.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
11/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
References:
Ping of Death, http://compnetworking.about.com/od/networksecurityprivacy/l/bldef_pingdeath.htm
Question #11 of 200
Question ID: 1289158
Which of the following types of backups would back up data that has NOT been changed since the last backup?
A) Incremental backup
B) Differential backup
C) System snapshot
D) Full backup
Explanation
Full backups backup all of the files on a system, regardless of whether the data has been changed or not. While full backups
provide the protection in case of a failure, they take the most time and require the most storage resources to accomplish. A full
backup resets the archive bit, which is the indicator in file attributes that tells the OS whether or not the file needs to be backed up.
When a file is created or modified, the archive bit is “set” or turned on.
Differential backups look at the archive bit and back up all data whose archive bit is set. Differential backups do not reset the
archive bit. If, for example, a full back up is performed on Sunday, a differential backup performed on Monday night will back up all
of Monday’s new files and modifications, without resetting the archive bit. A differential backup performed on Tuesday night will
back up all of Monday’s new/modified files as well as all of Tuesday’s new/modified files. Wednesday night’s backup will process
changes from Monday, Tuesday and Wednesday. To restore data, the administrator would restore the full backup and the most
recent differential backup.
Incremental backups look at the archive bit and back up all data whose archive bit is set. Unlike differential backups, however,
incremental backups reset the archive bit. If, for example, a full back up is performed on Sunday, an incremental backup performed
on Monday night will back up all of Monday’s new files and modifications, while resetting the archive bit. An incremental backup
performed on Tuesday night will only backup all of Tuesday’s new/modified files and reset the archive bit. Wednesday night’s
backup will process Wednesday’s changes and reset the archive bit. To restore data, the administrator would restore the full
backup and each of the incremental backups.
Snapshots create a system image at a given point in time. While they can be considered a form of backup, snapshots are not
concerned with archive bits and capture the entire system state.
Objective:
Network Operations
Sub-Objective:
Compare and contrast business continuity and disaster recovery concepts.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
12/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Tips & Tricks for Better Business Backup and Recovery for World Backup Day, https://www.acronis.com/en-us/blog/posts/tipstricks-better-business-backup-and-recovery-world-backup-day
CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability
Question #12 of 200
Question ID: 1289289
You are the network admin at a small college. For most of the day, your school's wireless network performs as it should. Between
classes, however, performance is abysmally slow. What is the most likely cause?
A) Channel overlap
B) Signal-to-noise ratio
C) Refraction
D) Overcapacity
Explanation
You should look at overcapacity. Overcapacity is an issue in wireless performance. The proliferation of wireless devices will put an
enormous drain on a wireless network originally designed for a few devices. In today’s environment, the network may need to
provide service to tablet computers, smartphones, personal performance monitors, and smart watches, in addition to the few
laptops the network was originally designed to support. From the symptoms being described, more students are connecting their
devices between classes, causing the performance of the network to degrade.
Refraction “bends” the signal as it passes through, or the signal curves as it tries to go around the object. Think of a stick where
part of the stick is in the water and part of the stick is out of the water. The stick appears ‘‘bent” because the water causes
refraction of the image. If refraction were the issue, the problem would be throughout the day, not just at certain times.
Channel overlap can cause performance issues. Even though 11 channels are available in the US, there is a high degree of
overlap. When using multiple wireless access points in 2.4 GHz mode, set the channels at 1, 6, and 11 to provide the best
coverage. If this were the issue, the problem would be throughout the day, not just at certain times.
The signal-to-noise ratio (SNR) is the relationship between the strength of the wireless signal compared to the amount of
background interference (noise). SNR is measured in decibels (dB). Devices such as microwaves, cordless phones, wireless
cameras, and fluorescent lights are all contributors. When using a Wi-Fi analyzer, any SNR below 25dB is considered poor, while a
reading above 41db is considered excellent. If this were the issue, the problem would be throughout the day, not just at certain
times.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
13/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
4 More Incredibly Common Reasons Your Wifi Performance is Awful, https://www.securedgenetworks.com/blog/4-more-incrediblycommon-reasons-your-wifi-performance-is-awful
Question #13 of 200
Question ID: 1123300
You decide to install an 802.11a wireless network in your company's main building. Which frequency band is used in this network?
A) 5 GHz
B) 2.9 GHz
C) 900 MHz
D) 2.4 GHz
Explanation
The 802.11a wireless local area networks (WLANs) use the 5-GHz frequency band.
802.11a WLANs use the 5-GHz frequency band with Orthogonal Frequency Division Multiplexing (OFDM). OFDM supports a
maximum data rate of 54 Mbps.
802.11b WLANs use the 2.4-GHz frequency band for transmission with Direct Sequence Spread Spectrum (DSSS). DSSS
supports a maximum data rate of 11 Mbps.
802.11a WLAN equipment does not use the 900-MHz or 2.9-GHz frequency bands for transmission.
The maximum data rate is often referred to as maximum bandwidth. Channel bandwidth is the amount of bandwidth within a single
channel used by the frequency.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, implement the appropriate wireless technologies and configurations.
References:
Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=2
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs
Question #14 of 200
Question ID: 1289066
You administer a 100BaseTX Ethernet network that is configured to use the TCP/IP network communications protocol. You have
installed a firewall between the network and the Internet. Currently ports 80, 20, and 21 are open on the firewall.
You want to allow only SMTP and POP3 communications between the network and the Internet.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
14/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Which configurations should you make on the firewall?
A) Close port 80 only.
B) Close ports 20, 21, and 80, and open ports 25 and 110.
C) Close ports 20 and 21, and open port 25.
D) Close ports 21 and 80, and open port 110.
Explanation
Currently, ports 80, 20, and 21 are open in the firewall. Port 80 is the port that is used to transfer Hypertext Transfer Protocol
(HTTP) messages. HTTP is the protocol that is used to transport Web pages on the Internet. Ports 20 and 21 are used by File
Transfer Protocol (FTP), a protocol that can transfer data files on the Internet. An FTP server listens for requests on port 21 and
establishes connections with FTP clients on port 20. In this scenario, you should close ports 20, 21, and 80 to prevent HTTP and
FTP traffic.
Simple Mail Transfer Protocol (SMTP) is used to transfer e-mail messages between e-mail servers on the Internet. SMTP uses
port 25. Post Office Protocol 3 (POP3) is used by e-mail clients to retrieve messages from e-mail servers. POP3 uses port 110. In
this scenario, you should open ports 25 and 110.
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137–139
IMAP – 143
SNMP – 161
LDAP – 389
HTTPS – 443
SMB – 445
LDAPS – 636
H.323 – 1720
MGCP – 2427/2727
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
15/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Networking Concepts
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications
Computer Network Glossary - Port Number: Ports 50-99, http://compnetworking.about.com/od/tcpip/l/blports_gl50.htm
Computer Network Glossary - Port Number: Ports 10-49, http://compnetworking.about.com/od/tcpip/l/blports_gl10.htm
Computer Network Glossary - Port Number: Ports 100-149, http://compnetworking.about.com/od/tcpip/l/blports_gl100.htm
Question #15 of 200
Question ID: 1289225
You installed a network in a company executive's home office to allow her to securely access the corporate network and work from
home. It has worked properly for three months, but now she says that it is broken. What should you do first to troubleshoot this
problem?
A) Identify the problem.
B) Establish a plan of action.
C) Test the theory to determine cause.
D) Establish a theory of probable cause.
Explanation
According to the general troubleshooting strategy, the first thing you should do when troubleshooting a problem is to identify the
problem. This includes gathering information, duplicating the problem, questioning users, identifying symptoms, determining if
anything has changed, and approaching multiple problems individually. The user's statement that the network is "broken" does not
clarify whether there is an issue with hardware or software, with user error, or with an external vendor such as the network service
provider. If a user complains that he is unable to access a server or printer resource on the network, you should first ask if the user
is able to access any network resources. This will perhaps help to narrow your search from the entire network to a single device.
The troubleshooting order according to the CompTIA Network+ blueprint is as follows:
1. Identify the problem.
Gather information.
Duplicate the problem, if possible.
Question users.
Identify symptoms.
Determine if anything has changed.
Approach multiple problems individually.
1. Establish a theory of probable cause.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
16/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question the obvious.
Consider multiple approaches.
Top-to-bottom/bottom-to-top OSI model
Divide and conquer
1. Test the theory to determine cause.
Once theory is confirmed, determine next steps to resolve problem.
If theory is not confirmed, re-establish new theory or escalate.
1. Establish a plan of action to resolve the problem and identify potential effects,
2. Implement the solution or escalate as necessary,
3. Verify full system functionality and if applicable implement preventive measures.
4. Document findings, actions, and outcomes.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Explain the network troubleshooting methodology.
References:
CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1)
Question #16 of 200
Question ID: 1289150
You are the network administrator for a healthcare organization. Recently several federal and state government laws have been
enacted which will affect network operations. Which change management documentation should record this information?
A) regulations
B) policies
C) baselines
D) procedures
Explanation
Regulations are governmental guidelines that are written by federal or state agencies based on the laws passed by federal or state
government. Regulations are established by entities outside the network owner.
Baselines are primarily used to identify performance issues. They are actually performance statistics used for comparative
purposes. By establishing a performance baseline, you can ensure that performance issues are identified much easier in the
future.
Policies set forth the network rules, including the who, what, and when of the rules. Policies tell what the rules are, who is covered
by the rule, and when the rule applies. Procedures set forth the steps that must be taken to enforce the policies, including updating
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
17/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
the network drivers. Procedures tell how to achieve the desired results.
Standards are reference models to make sure products of different vendors can work together in a network. Change management
documentation is very important. When anything on your network changes, you need to properly document this change. This
change includes wiring changes, hardware changes, software changes, and so on. If change documentation is overlooked,
network technicians and administrators may make the wrong assumptions about the network.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use appropriate documentation and diagrams to manage the network.
References:
Regulation, http://en.wikipedia.org/wiki/Regulation
Question #17 of 200
Question ID: 1123347
Your company has decided to implement either a 1000Base-LX or 1000-Base-SX network. Which type of cable should you use?
A) fiber optic
B) UTP
C) STP
D) coaxial
Explanation
The 1000Base-SX and 1000Base-LX standards use fiber optic cable. They are Gigabit Ethernet technologies. 1000Base-SX uses
multi-mode fiber optic cable. 1000Base-LX uses single-mode or multi-mode fiber optic cable.
1000Base-SX and 1000Base-LX do not use unshielded twisted pair (UTP), shielded twisted pair (STP), or coaxial cable.
1000Base-CX uses shielded twisted pair (STP) cable for short-haul cable runs.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
Gigabit Ethernet, http://en.wikipedia.org/wiki/Gigabit_Ethernet
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
18/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #18 of 200
Question ID: 1123433
Which action would you perform to look for candidates for exploitation across an information system?
A) Vulnerability scanning
B) Log reviewing
C) Port scanning
D) Patch management
Explanation
Vulnerability scanning looks for areas that are candidates for exploitation (weak spots) in networks, operating systems,
applications, and equipment. Vulnerability scans can also identify the effectiveness of in-place systems designed to prevent those
exploits.
Log reviewing is the process of studying the event logs and looking for patterns or key triggers (such as a failed logon) that would
indicate a potential problem. As an example, in the Windows OS you could look for event codes 525-537 or 539, which are
indicative of a failed login attempt.
Patches are updates to operating systems and applications. Patch management is the process of applying those updates, auditing
for installation, and verifying that the most current patch has been applied. While some patches address performance features,
they are more often associated with correcting security issues.
Port scanning examines ports (0-65535) to determine if they are available for traffic (open) or blocked (closed). A company may
want to enable port 80 for HTTP traffic, but disable ports 20/21 to block FTP traffic. While open ports may be candidates for
exploitation, port scanning does not provide the level of information that vulnerability scanning does.
Objective:
Network Operations
Sub-Objective:
Explain common scanning, monitoring and patching processes and summarize their expected outputs.
References:
Vulnerability Scanning vs. Penetration Testing, https://www.secureworks.com/blog/vulnerability-scanning-vs-penetration-testing
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks
Question #19 of 200
Question ID: 1289216
What is another term for a demilitarized zone (DMZ)?
A) dual-homed firewall
B) screened subnet
C) virtual private network (VPN)
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
19/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) screened host
Explanation
A screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides
between the public network and DMZ, and the other resides between the DMZ and private network. A DMZ is a separate network
segment that contains Internet-accessible servers, which is separated from the Internet and the rest of the private network by a
firewall. A system administrator would deploy a Web server on a DMZ if the Web server needed to be separated from other
networked servers. The general standpoint behind a DMZ is that all the systems on the DMZ can be compromised because the
DMZ can be accessed from the Internet. An e-mail server and FTP server could also be located on a DMZ. If you locate the e-mail
server on the private network, you could place an e-mail proxy on the DMZ. An extranet is similar to a DMZ, but is only accessible
to partners or clients. Firewall architectures include bastion hosts, dual-homed firewalls, screened hosts, and screened subnets.
A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The
router acts as a screening device, and the firewall is the screen host.
A dual-homed firewall is one that has two network interfaces: one interface connects to the Internet, and the other connects to the
private network.
A virtual private network (VPN) is not a physical network. As its name implies, it is a virtual network that allows users connecting
over the Internet to access private network resources while providing the maximum level of security. An encrypted VPN connection
should be used to ensure the privacy and integrity of data that is transmitted between entities over a public network, whether those
entities are clients, servers, firewalls, or other network hardware. A VPN can use a tunneling protocol, such as IPSec.
Objective:
Network Security
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
Demilitarized Zone in Computer Networking, http://compnetworking.about.com/cs/networksecurity/g/bldef_dmz.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
Question #20 of 200
Question ID: 1289287
You are about to install several wireless access points in different areas of the building. You want maximum coverage, so you opt
for the longer-range 2.4 Ghz frequency. Which item below should most likely also be of concern?
A) Interference
B) Channel overlap
C) Power levels
D) Security type mismatch
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
20/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
You should be concerned with channel overlap. Channel overlap can cause performance issues. Even though 11 channels are
available in the US, there is a high degree of overlap. When using multiple wireless access points in 2.4 GHz mode, you should set
the wireless channels at 1, 6, and 11 to provide the best coverage.
Power levels can affect wireless network performance. In Windows 10, for example, you can change the wireless power settings
by going to Control Panel\Hardware and Sound\Power Options\Edit Plan Settings, selecting “Change Advanced Power Settings”,
and modifying the Wireless Adapter Settings to suit your preferences. Most wireless access points allow you to adjust the signal
strength. Power levels should only be a concern if you need to adjust the signal strength to prevent the signal from extending
outside a certain boundary.
Interference in wireless communications can originate from several sources. If there are too many devices operating in the 2.4 Ghz
spectrum without proper channel separation, there could be interference. Common household items such as microwaves, cordless
phones, and baby monitors can also be sources of interference. Because you are deploying multiple wireless access points in the
same frequency, you are more likely to experience channel overlap than interference. This should be a secondary concern.
It is important to verify that you do not have a security type mismatch. To connect to a wireless network, the client device must be
set to use the same security type as the access point. Access point security types include open and WEP (both to be avoided if at
all possible), WPA/TKIP, WPA/AES, and WPA2/AES. While you need to ensure that the wireless access points and the devices
using them implement the same security type, you are more likely to have channel issues in the scenario.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
Channel Planning Best Practices,
https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Channel_Planning_Best_Practices
Question #21 of 200
Question ID: 1123490
You want to ensure that the sender of the message or network transmission is authenticated, and not an imposter or a phishing
attempt. Which method will provide the highest level of origin authentication?
A) CCMP-AES
B) WPA
C) TKIP-RC4
D) Preshared key
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
21/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Counter Mode with Cypher Block Chaining (CBC) Media Access Control Protocol - Advanced Encryption Standard (CCMP-AES)
provides greater security over wireless networks through CBC MAC, ensuring that incoming packets are indeed coming from the
stated source. It also provides fast encryption using AES, which encrypts blocks of data instead of individual bits.
In a wireless network, a preshared key (PSK) is an encryption method used with WPA Personal or WPA2 personal. PSK is
appropriate for small office-home office (SOHO) networks. A user will request access to the wireless network, supply a
passphrase, which is then used with the Service Set Identifier (SSID) to generate a unique encryption key. PSK is not as secure as
CCMP-AES.
Temporal Key Integrity Protocol-Rivest Cipher 4 (TKIP-RC4) is an encryption method that was designed to provide security
enhancements to wireless networks using Wired Equivalent Protocol (WEP). WEP was an extremely weak encryption standard.
TKIP added a key distribution method whereby each transmission had its own encryption key, an authentication method to verify
message integrity, and an encryption method called RC4. However, TKIP-RC4 is not as secure as CCMP-AES.
Wi-Fi Protected Access (WPA) was an interim security improvement over WEP. WPA was later replaced by Wi-Fi Protected Access
version 2 (WPA2). WPA-2 uses AES to encrypt wireless communications. Using complex authentication will prevent unauthorized
entities from guessing credentials easily.
Objective:
Network Security
Sub-Objective:
Given a scenario, secure a basic wireless network.
References:
AES-CCMP, https://docs.microsoft.com/en-us/windows-hardware/drivers/network/aes-ccmp
Question #22 of 200
Question ID: 1123313
Computer A needs the IP address of Computer B, but Computer A only knows Computer B's FQDN. Which of the following is
MOST likely to contain this information?
A) Forward zone
B) Internal DNS
C) External DNS
D) Reverse zone
Explanation
The forward lookup zone is most likely to contain the IP address of Computer B. When comparing forward vs reverse zones, the
forward lookup zone provides the association between devices on a domain and their corresponding IP address. As an example, it
would contain a record that says mypc.mydomain.com has IP address 192.168.5.1. If another machine on the network needed the
IP address for mypc.mydomain.com, it would query the forward lookup zone on the DNS server, find the record for
mypc.mydomain.com, and retrieve the IP address.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
22/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Reverse lookup zones do just the opposite, listing the records by IP address and then providing the FQDN.
When comparing internal vs external DNS, the internal DNS would reside within the enterprise's networks and provide "local"
name resolution. An external DNS server would be one that not only provides resolution for your domain, but others as well. While
the query may go to the DNS server, the information is actually contains in the lookup zones located on the servers.
Another type of DNS server is a third party/cloud-hosted DNS. Third-party DNS uses servers provided by Google Public DNS,
OpenDNS, or UltraDNS. Cloud-hosted DNS is based on platforms like Amazon AWS's Route 53 and Microsoft Azure DNS.
When discussing DNS hierarchy, at the top you have the root domain. When a DNS query comes in (such as a query for
mail.mydomain.com), the root will direct the query to the DNS server responsible for the URL's top-level domain, such as the .com
DNS server (or the .gov DNS server, the .mil DNS server and so forth). The .com DNS server then directs the query to the domain
name server for mydomain.com. When the name server for mydomain.com finds the listings, it locates the subdomain
mail.mydomain.com, and retrieves the IP address for the computer responsible for mail.mydomain.com.
Objective:
Networking Concepts
Sub-Objective:
Explain the functions of network services.
References:
Overview of DNS zones and records, https://docs.microsoft.com/en-us/azure/dns/dns-zones-records
Question #23 of 200
Question ID: 1289265
The network you administer is organized according to the following image:
ElliotA, KateB, and PayR are workstations. FileSrv is a file server, and WebSrv is a Web server. FRW1 and FRW2 are firewalls.
WebSrv is on a demilitarized zone (DMZ) that is maintained between the two firewalls. Router1 connects the network to the
Internet. Remote users on the Internet connect to WebSrv, and some remote users on the Internet are allowed to gain access to
files on FileSrv.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
23/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Users report a network connectivity problem, so you test network connectivity. ElliotA can connect to KateB and FileSrv. KateB can
connect to WebSrv. WebSrv can connect to PayR and FileSrv. FileSrv cannot connect to Router1, but FileSrv can connect to
FRW1 and FRW2. Internet users can connect to Router1, but they cannot connect to WebSrv.
What is most likely causing the connectivity problem on the network?
A) FRW1 is configured with an invalid IP address.
B) Router1's connection to the Internet is down.
C) The cable that connects Router1 to FRW2 is not properly connected to FRW2.
D) The port on Hub1 that connects FileSrv to the hub is not able to send or receive data.
E) Router1 is overloaded with network traffic.
Explanation
The most likely cause of the network connectivity problem in this scenario is that the cable that connects Router1 to FRW2 is not
properly connected to FRW2. If the cable is not properly connected, then users on the Internet will be able to contact Router1, but
they will not be able to gain access to resources on WebSrv. Also, computers on the network will be able contact one another and
the firewalls, but they will not be able to contact Router1 or connect to the Internet. Potential issues with the cable are a bad
connector, bad internal wiring, a split (a physical cut in the cable), or a termination problem.
Bad connector - If you suspect that a connector is bad on a short cable, it may be easier to replace the entire cable than one
connector. However, for long cable runs that extend over a long distance, you should replace the connector so that the cable
will not have to be re-routed.
Bad wiring - If you suspect that the cable itself is damaged or nonfunctional, you should always replace the cable.
Split cables - This is similar to bad wiring but is much easier to diagnose because the cable is actually cut. An open circuit can
be the direct result of this issue.
Incorrect termination - This occurs when the cabling connectors are configured with the wrong individual pin in the connector
sockets, or when a twisted pair cable is wired as a split pair.
Straight-through - With this type of cable, each pin should connect to the same pin on the opposite side. This cabling is used
when connecting unlike devices, such as connecting a router to a hub, a computer to a switch, or a LAN port to a switch, hub,
or computer.
Crossover - With this type of cable, some of the internal wires should cross over each other by switching the orange-white and
green-white wires, and then the orange and green wires. This cabling is used when connecting like devices, such as
connecting a computer to a router, a computer to a computer, or a router to a router.
TX/RX reversal is another kind of cabling error. A straight-through cable has the same transmit (Tx) or receive (Rx) leads at each
end, while they are reversed at one end in a crossover cable. A straight-through cable connects dissimilar devices, while a
crossover cable connects like devices. If you use a crossover cable in the wrong location on the network, the device will be unable
to connect to the network. You should replace the cable with the correct type. Some switches support medium dependent interface
crossover (MDIX). This allows a switch port to match its leads to the cable you have used. However, if a network device does not
support MDIX, you must use an appropriate cable (that is, a crossover cable) to allow its Tx leads to connect to the Rx leads on a
connected device. If loss of connection occurs, you are using the wrong cable or have the switch leads configured incorrectly.
A split pair is a wiring error where two wires of a twisted pair are instead connected using two wires from different pairs. It most
commonly occurs when a punch-down block is wired incorrectly or when RJ-45 connectors are crimped onto the wrong wires. In
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
24/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
both of these situations, you will need to rewrite the block or connector. Open circuits or short circuits could also cause loss of
connection.
An open circuit is usually the result of a broken cable or improper termination. This causes an incomplete connection and
complete failure of the electric current.
A short circuit occurs when there is unwanted contact with the cabling. This results in the current following an unwanted path,
which could cause overheating or burning.
If the network connectivity problem were caused by an invalid IP address on FRW1, then users on the Internet would be able to
gain access to WebSrv, but FileSrv would not be able to connect to FRW1, FRW2, WebSrv, or the Internet. If the port on Hub1 that
connects FileSrv were not able to send or receive data, then Internet users would be able to gain access to WebSrv, but KateB
would not be able to contact WebSrv, and ElliotA would not be able to contact FileSrv. If Router1 were not connected to the
Internet, then Internet users would not be able to connect to Router1 and users on the network would not be able to connect to the
Internet. If Router1 were overloaded with network traffic, then Router1 would probably be slower than usual. However, users on the
Internet would be able to connect to WebSrv and computers on the network would be able to connect to WebSrv and the Internet.
Other common issues with cabling include a bad SFP/GBIC module, cable placement issues, attenuation, distance limitations, EMI
and RMI, and cross-talk.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #24 of 200
Question ID: 1289159
Which option is a critical metric in preventive maintenance that would allow you to schedule the replacement of a component at a
convenient time, as opposed to waiting for the component to fail at an inopportune time?
A) MTTR
B) MTBF
C) Load balancer
D) SLA requirements
Explanation
Mean Time Between Failures (MTBF) is the average, or mean, time between failures on a device or system. It is an expression of
reliability. Generally speaking, it the average length of time that something will work before it is likely to fail. Good preventive
maintenance policies would replace a device, such as a power supply, as the time in service approaches MTBF.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
25/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Mean Time To Recover (MTTR) is the average, or mean, time that it takes to recover, or restore, a system. In terms of a backup,
for example, the term would refer to the time needed to restore a system from a full, full + incremental, or full + differential backup.
The term can also be applied to full system failure, or hardware component failure such as a hard drive, RAM or power supply.
Service level agreement (SLA) requirements determine what the vendor who provides technology services is obligated to provide
to the customer. Items that are outlined in the SLA can include response time, repair time, network reliability expectations,
escalation protocols, dispute resolution and more. Often the terms MTBF and MTTR may be included in an SLA.
A load balancer can be used to divert incoming web traffic, based on content, to specific servers. This will reduce the workload on
the primary server. The destination server is determined by data in transport layer or application layer protocols. Distribution can
be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest
response time.
Objective:
Network Operations
Sub-Objective:
Compare and contrast business continuity and disaster recovery concepts.
References:
Mean Time Between Failures and Mean Time To Repair, https://www.opservices.com/mttr-and-mtbf/
CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability
Question #25 of 200
Question ID: 1289117
Match the description on the left with the DNS resource record on the right.
{UCMS id=4880775042301952 type=Activity}
Explanation
The DNS resource record types are as follows:
A - Maps a host name to an IPv4 address
AAAA - Maps a host name to an IPv6 address
CNAME - Maps an additional host name to an existing host record
MX - Maps a mail server name to a domain
PTR - Maps an IP address to a host name
Objective:
Networking Concepts
Sub-Objective:
Explain the functions of network services.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
26/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
List of DNS Record Types, http://en.wikipedia.org/wiki/List_of_DNS_record_types
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices
Question #26 of 200
Question ID: 1123416
After a data breach occurs at a client's site, you determine that some of the switches, routers, and servers in the network were
updated with the most current security patches, and some have never been updated. When you examine the network diagram,
you notice that many of the same types of devices do not look the same in the diagram. What type of documentation should you
provide to the client to ensure all devices are consistently identified by their type?
A) Change management documentation
B) Diagram symbols
C) Network configuration and performance baselines
D) Inventory management
Explanation
Diagram symbols should be standardized throughout the network documentation. For example, routers should all be depicted in
the documentation with the same shape. The same would be true for other devices, such as switches, bridges, and patch panels:
each type of equipment should use a symbol, icon, or shape that is unique to that type of equipment. The most commonly used
symbols were developed by Cisco, but Amazon Web Services uses its own set of symbols, and different software packages may
have their own symbols.
Change management documentation primarily refers to software patches, updates, and rollbacks. It is important to document
when these events occur, and what the results were. Change management also refers to the documentation, justification and
approval process for major configuration changes, such as the addition of a switch or a storage area network. Change
management documentation is not part of any network diagram.
Network configuration and performance baselines are parts of the network documentation that assist with troubleshooting. In
particular, performance baselines show how the network performs under typical loads, in terms of bandwidth used, packets
dropped, throughput, or other metrics, for a given period of time. Later, when network issues occur, such as a perceived drop in
network speed, the administrator can compare current conditions to the previously recorded baseline. These baselines are not part
of any network diagram.
Inventory management deals with the identification, tagging, allocation, and placement of the major physical pieces of equipment
with which the network is built. Routers, switches, hubs, wireless access points, and high-end NICS are among the items that are
often tracked in an inventory management system. Most inventory management information is not included in diagrams.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use appropriate documentation and diagrams to manage the network.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
27/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation
Question #27 of 200
Question ID: 1289244
You have decided to implement a network protocol analyzer on your company's network. Which job is NOT performed by this tool?
A) provide network activity statistics
B) identify source and destination of communication
C) identify the types of traffic on the network
D) detect active viruses or malware on the network
Explanation
A network protocol analyzer does not detect active viruses or malware on the network. Most network protocol analyzers provide
the following functions:
Provide network activity statistics.
Identify source and destination of communication.
Identify the types of traffic on the network.
Detect unusual level of traffic.
Detect specific pattern characteristics.
A network protocol analyzer can determine if passwords are being transmitted over the network in clear text. It can also be used to
read the contents of any File Transfer Protocol (FTP) packet, including an FTP GET request. WireShark is a commercial network
protocol analyzer. For the Network+ exam, you also need to understand the following troubleshooting tools:
Speed test sites - These sites are used to determine the speed of your Internet connection. They are a great method to help
you see if you are getting the speed promised by your Internet service provider (ISP). For a list of possible sites to use, please
see http://pcsupport.about.com/od/toolsofthetrade/tp/internet-speed-test.htm,
Looking glass sites - These sites view routing information from a server's perspective using Border
Gateway Protocol (BGP) routes. For a list of possible looking glass servers, please see http://www.bgp4.as/looking-glasses.
Wi-Fi analyzer - These tools are used to analyze the signal strength of your wireless access points. For a list of possible FREE
Wi-Fi analyzers for laptops or mobile devices, please see http://open-tube.com/free-wifi-analyzers-for-laptops-mobile-devices/
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Network analyzer, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1196637,00.html
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
28/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #28 of 200
Question ID: 1289080
You need to copy the traffic from a single port to a different port, but prevent bidirectional traffic on the port. Which switch feature
should you use?
A) port mirroring
B) PoE
C) trunking
D) spanning tree
Explanation
Port mirroring copies the traffic from a single port to a different or mirror port, but prevents bidirectional traffic on the port. It allows
you to view all of the traffic for a single VLAN, no matter the switch where the traffic originates. Local port mirroring only uses ports
from the same switch. Remote port mirroring uses ports from multiple switches.
Power over Ethernet (PoE) allows the electrical current to be carried by the data cable to the device. PoE allows you to place
network devices where electrical current is not normally available. PoE+ is an enhanced version of PoE that provides more power
and better reliability. PoE+ is most commonly deployed in enterprise networks, while PoE is usually sufficient for small business or
home networks. PoE is defined by the IEEE 802.3af and 802.3at standards.
A spanning tree prevents loops when more than one path can be used. Spanning Tree Protocol (STP) uses the Spanning Tree
Algorithm (STA) to help a switch or bridge by allowing only one active path at a time. A switching loop or bridge loop occurs when
there is more than one path between two endpoints. The loop causes broadcast storms because broadcasts and multicasts are
forwarded by switches out every port. The switch will repeatedly rebroadcast the messages, thereby flooding the network. If a
frame is sent into a looped topology, it can loop forever. You should allow physical loop, but create a loop-free logical topology
using the shortest path bridging (SPB) protocol or the older spanning tree protocols (STP) on the network switches.
Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two
ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the
communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you
should configure a trunk on a switch port for both switches, the new switch in the room and the switch to which the new switch
connects.
By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. This unknown traffic flooding can be
prevented by blocking unicast or multicast traffic on the switch ports. However, keep in mind that there may be times when you
need to use unicast or multicast traffic.
You can also configure forwarding and blocking on a switch port. If you configure forwarding, certain types of traffic based on the
rules you configure will be forwarded to a certain port. If you configure blocking, certain types of traffic can be blocked from a
switch port.
A VLAN with a gateway offers no security without the addition of an access control list (ACL). Always make sure to configure the
appropriate ACL for your VLANs and switches.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
29/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad.
LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this
protocol, traffic is forwarded to a different link if a link fails. LACP allows network administrators to configure two or more links to
pass traffic as if they were one physical link.
You can manually or automatically assign the IP address for the switch. Automatic configuration uses a DHCP server to obtain the
IP address and all other information that you have configured the DHCP server to assign. The DHCP server does not have to be
on the same subnetwork as the switch. If you manually configure the IP address, you need to ensure that all settings are correct.
Switches should be given their own IP address and default gateway to use so that they can be remotely managed.
For IP address assignment for devices attached to the switch, some switches can also be configured to act as a DHCP server and
assign IP addresses to attached devices. However, you must ensure that the DHCP ranges configured on the switch do not
overlap the ranges configured on other DHCP servers. Otherwise, you may have a single IP address assigned to multiple hosts on
the network, thereby affecting communication.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features
Port Mirroring, http://en.wikipedia.org/wiki/Port_mirroring
Question #29 of 200
Question ID: 1289132
You have been asked to create several TIA/EIA 568A wiring cables for your network. Which color wire should be placed in Pin 1?
A) Orange
B) Green/White
C) Green
D) Orange/White
Explanation
Pin 1 in the 568A cable specification should contain the Green/White wire. The 568A specification is shown below:
Pin 1 - Green/White
Pin 2 - Green
Pin 3 - Orange/White
Pin 4 - Blue
Pin 5 - Blue/White
Pin 6 - Orange
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
30/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Pin 7 - Brown/White
Pin 8 - Brown
The 568B specification is shown below:
Pin 1 - Orange/White
Pin 2 - Orange
Pin 3 - Green/White
Pin 4 - Blue
Pin 5 - Blue/White
Pin 6 - Green
Pin 7 - Brown/White
Pin 8 - Brown
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
How to Wire Your Own Ethernet Cables & Connectors, http://www.ehow.com/how_6908936_wire-own-ethernet-cablesconnectors.html
Category 5 Cable Wiring Standards,
http://www.cisco.com/en/US/products/hw/optical/ps2006/products_tech_note09186a008043af97.shtml#topic1
Question #30 of 200
Question ID: 1289090
You have recently added a new Windows 8 computer to your IPv6 network. Because your network is small, you currently use static
IP addressing. You record the IPv6 address of the new Windows 8 computer. What is the shortest possible notation of it IPv6
address as shown below?
2001:0DB8:0000:0001:0000:0000:0000:F00D
A) 2001:0DB8:0:1::F00D
B) 2001:DB8:0:1:0:0:0:F00D
C) 2001:DB8::1::F00D
D) 2001:DB8:0:1::F00D
Explanation
The shortest possible notation of the IPv6 address 2001:0DB8:0000:0001:0000:0000:0000:F00D is 2001:DB8:0:1::F00D. The
address is shortened according to the following rules:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
31/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Remove leading zeros.
Remove the consecutive fields of zeros with double colon (::).
The double colon (::) can be used only once.
The option 2001:DB8::1::F00D is incorrect because the double colon (::) can be used only once in the process of shortening an
IPv6 address.
The option 2001:DB8:0:1:0:0:0:F00D is incorrect because 2001:DB8:0:1:0:0:0:F00D can be further shortened to
2001:DB8:0:1::F00D. This is referred to as address compression.
The option 2001:0DB8:0:1::F00D is incorrect because 2001:0DB8:0:1::F00D can be further shortened to 2001:DB8:0:1::F00D.
IPv6 addresses are 16 bytes, or 128 bits in length. The following are valid IPv6 addresses:
::10.2.4.1 is an example of an IPv4-compatible IPv6 address, where the first 12 bytes (96 bits) of the address are set to 0.
:: is the IPv6 "unspecified address." It is a unicast address not assigned to any interface, and is used by DHCP-dependent host
prior to allocating a real IPv6 address.
2001:0:42:3:ff::1 is a valid IP address, with the :: representing two segments (4 bytes) of compressed zeros.
2001:42:4:0:0:1:34:0 is a valid IP address, with only the leading zeros of each segment truncated.
IPv6 globally routable unicast addresses start with the first 4 characters in the range of 2000 to 3999. An IPv6 link-local address is
also used on each IPv6 interface. Link-local addresses begin with FE80. Multicast addresses begin with FF as the first two hex
characters.
IPv6 can use auto-configuration to discover the current network and select a host ID that is unique on that network. IPv6 can also
use a special version of DHCP for IPv6. The protocol that is used to discover the network address and learn the Layer 2 address
of neighbors on the same network is Neighbor Discovery Protocol (NDP).
IPv6 addresses use the Extended Unique Identifier (EUI-64) format. This format causes a router to automatically populate the loworder 64 bits of an IPv6 address based on an interface's MAC address.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
IPv6: Learn it, Love it, http://searchnetworking.techtarget.com/news/article/0,289142,sid7_gci870277,00.html
CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6
Question #31 of 200
Question ID: 1289140
You have decided to implement a firewall between your company's network and the Internet. What does a firewall software solution
typically provide? (Choose three.)
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
32/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) IP proxy services
B) packet filtering
C) L1 cache
D) HTTP proxy services
E) L2 cache
Explanation
Of the listed services, a firewall software solution typically provides packet filtering, Hypertext Transfer Protocol (HTTP) proxy
services, and Internet Protocol (IP) proxy services. These three services can also be obtained as separate products.
With packet filtering, data packets can either be allowed or denied entry into a network based on certain specified factors, such as
the TCP port number or the IP address of the sending host. HTTP proxy services typically include Web page caching, which
enables Web pages to be stored on an HTTP proxy server and retrieved from the proxy server rather than from the Internet; thus,
HTTP proxy services can improve Web browsing performance. IP proxy services typically include the ability to present a single IP
address to the Internet on behalf of all hosts on a private network. IP proxy services enable private IP addresses to be used on the
private network, and IP proxy services protect the internal network-addressing scheme from malicious users on the Internet.
Firewall software solutions do not involve Level 1 (L1) or Level 2 (L2) cache. L1 cache is cache memory that resides on a central
processing unit (CPU). L2 cache is cache memory that resides on a system board near the CPU. Cache memory is a small
amount of memory that is very fast and interfaces with the slower RAM on a system board to help increase the rate at which data
flows between RAM and the CPU.
For the Network+ exam, you must understand the following firewall types:
Host-based - This firewall is installed on a specific host and only protects the host on which it is installed. This is the best
solution if you need to protect laptops or desktop computers from external threats.
Network-based - This firewall is installed on the network and protects all devices that are on the network that it controls.
Application aware/context aware - This firewall is designed to manage application and Web 2.0 traffic. This type allows finetuning the rules rather than just configuring allow or deny rules.
Small office/home office firewall - This firewall is easier to configure than most enterprise firewalls and often only involves a
software component that you install on a network host.
Unified Threat Management (UTM) - This device bundles multiple security functions into a single physical or logical device.
Features included could be IPS, IDS, anti-virus, anti-malware, anti-spam, NAT, and other functions.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
Introduction to Firewalls, http://netsecurity.about.com/od/hackertools/a/aa072004.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
33/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #32 of 200
Question ID: 1289135
Your company is deploying a VoIP system on its premises at three locations. The internal VoIP system must communicate with the
existing PSTN network. Which device will be necessary to permit network-based calls to access the PSTN, and for PSTN-based
calls to access the network?
A) VoIP-PSTN gateway
B) IP-ISDN adapter
C) PBX system
D) Internet modem
E) IP-PBX adapter gateway
Explanation
The company must deploy one or more VoIP-PSTN gateways. These devices establish the routing of calls to the existing PSTN
network. Such gateways connect to the PSTN network through T1/E1/J1, ISDN, or FXO interfaces.
IP-PBX adapters permit VoIP devices to interact with PBX-based devices for calling. They do not support communications with the
existing PSTN network.
IP-ISDN adapters permit VoIP devices to interact with ISDN-based PBX systems. Like IP-PBX adapters, IP-ISDN adapters do not
support communications with the existing PSTN network.
An Internet modem permits local Wi-Fi or Ethernet devices to communicate with devices on other IP networks across a WAN or
broadband link. Internet modems do not support communications with the existing PSTN network.
A PBX or private branch exchange system provides support for private, in-house telephony. Such systems can (and usually do)
connect to the existing PSTN, but they do not in and of themselves support communications with a PSTN.
PBX systems are closely linked with the PSDN network, but existing PBX systems can also be migrated to VoIP using suitable
adapters. A VoIP adapter used in combination with a PBX system constitutes an IP-PBX adapter that may be used to interface a
PBX with an IP network and its VoIP devices. IP-ISDN fills the same role for ISDN-based PBX systems, where and IP-ISDN
adapter may be used to interface an ISDN-PBX with an IP network and its VoIP devices.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
References:
Typical VoIP Deployment Example http://what-when-how.com/voip/typical-voip-deployment-example/
Question #33 of 200
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
Question ID: 1123615
34/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You are the network administrator for a corporate network that includes a DNS server, a DHCP server, a file/print server, and a
wireless subnet. Computers on the wireless subnet are having trouble connecting to internal resources and to the Internet.
Upon troubleshooting the problem, you discover that some of the wireless computers can only access resources on other wireless
computers. However, some of the wireless computers can access internal resources and the Internet.
What is causing some of the wireless computers to be able to access other wireless computers only?
A) The computers are configured with static IP addresses.
B) The computers are configured to operate in infrastructure mode.
C) The computers are configured to operate in ad hoc mode.
D) The computers are configured with the wrong subnet mask.
Explanation
Ad hoc mode allows wireless computers to be configured much more quickly than infrastructure mode. Ad hoc mode wireless
computers all participate in the same network. This means that the ad hoc wireless computers can access each other, but cannot
access network resources on a LAN, WAN, or Internet. Ad hoc mode is cheaper to implement than infrastructure mode. In
addition, it is easy to set up and configure and can provide better performance than infrastructure mode. However, it is difficult to
manage an ad hoc mode wireless network.
Infrastructure mode allows wireless computers to connect to a LAN, WAN, or the Internet. This means that infrastructure mode
wireless computers can access all computers on the LAN, WAN, and Internet. Infrastructure mode is much more expensive than
ad hoc mode to implement because you must configure wireless access points. While infrastructure mode is harder to set up and
configure, management is much easier than with ad hoc mode.
The problem is not with static IP addresses or the subnet mask. The ad hoc mode wireless computers are configured with dynamic
IP address information, but have not received that information from the corporate DHCP server.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
Understanding Ad Hoc Mode, http://www.wi-fiplanet.com/tutorials/article.php/1451421
Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Introducing Wireless LANs
Question #34 of 200
Question ID: 1123497
Which attack involves impersonating the identity of another host to gain access to privileged resources that are typically restricted?
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
35/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) teardrop
B) SYN flood
C) spoofing
D) spamming
Explanation
In a spoofing attack, which is also referred to as a masquerading attack, a person or program is able to masquerade successfully
as another person or program. Spoofing refers to modifying the source IP address field in an IP datagram to imitate the IP address
of a packet originating from an authorized source. This results in the target computer communicating with the attacker's computer
and providing access to restricted resources. Basically, the Internet traffic is misdirected because the DNS server is resolving the
domain name to an incorrect IP address. A man-in-the-middle attack is an example of a spoofing as well as a session hijacking
attack. Other types of spoofing attacks, apart from IP spoofing, are e-mail spoofing and Web spoofing. Spoofing attacks have to do
with the misdirection of domain name resolution and Internet traffic.
In a teardrop attack, the attacker uses a series of IP fragmented packets, causing the system to either freeze or crash while the
packets are being reassembled by the victim host. A teardrop attack is primarily based on the fragmentation implementation of IP.
To reassemble the fragments in the original packet at the destination, the host checks the incoming packets to ensure that they
belong to the same original packet. The packets are malformed. Therefore, the process of reassembling the packets causes the
system to either freeze or crash.
In a SYN flood attack, the attacker floods the target with spoofed IP packets and causes it to either freeze or crash. The
Transmission Control Protocol (TCP) uses the synchronize (SYN) and acknowledgment (ACK) packets to establish communication
between two host computers. The exchange of the SYN, SYN-ACK, and ACK packets between two host computers is referred to
as handshaking. The attackers flood the target computers with a series of SYN packets to which the target host computer replies.
The target host computer then allocates resources to establish a connection. Because the IP address is spoofed, the target host
computer never receives a valid response in the form of ACK packets from the attacking computer. When the target computer
receives many such SYN packets, it runs out of resources to establish a connection with the legitimate users and becomes
unreachable for processing of valid requests.
A spamming attack involves flooding an e-mail server or specific e-mail addresses repeatedly with identical unwanted e-mails.
Spamming is the process of using an electronic communications medium, such as e-mail, to send unsolicited messages to users
in bulk. Packet filtering routers typically do not prove helpful in such attacks because the packet filtering routers do not examine the
data portion of the packet. E-mail filter programs are now being embedded either in the e-mail client or in the server. E-mail filters
can be configured to prevent spamming to a great extent.
Objective:
Network Security
Sub-Objective:
Summarize common networking attacks.
References:
IP Spoofing: An Introduction, http://www.symantec.com/connect/articles/ip-spoofing-introduction
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
36/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #35 of 200
Question ID: 1289271
You need to create a cable that will allow you to get a link light on your network interface card (NIC) when the NIC is not plugged
into a hub or switch. Which type of cable should you use?
A) loopback cable
B) straight-through cable
C) crossover cable
D) rollover cable
Explanation
You should use a loopback cable. A loopback cable is used to test the network function of the NIC by allowing it to send and
receive network communication with itself.
A crossover cable connects two legacy or non-MDIX compliant devices, such as two computers, two hubs, or two switches.
A patch cable and a straight-through cable are the same thing. This is the standard cable used to connect networking devices.
You should not use a rollover cable. A rollover cable connects the console port on any Cisco device. The pin configuration for a
rollover cable is easy to remember because of the cable name. The cable pin configuration is "rolled over" so that pin 1 on end 1 is
pin 8 on the other, pin 2 on end 1 is pin 7 on the other, and so on until a complete reversal is made. The wires are in reverse order
on opposite ends.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
Loopback cable, http://www.ortizonline.com/publications/april2004/loopback.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #36 of 200
Question ID: 1289171
You administer a LAN. You want to encrypt TCP/IP communications on the LAN. The protocol that you use for encryption should
be able to encrypt entire data packets, and the protocol should be able to operate in both tunnel mode and transport mode. Which
protocol should you use to encrypt data on the network?
A) L2TP
B) IPX
C) Kerberos
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
37/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) IPSec
Explanation
You should use Internet Protocol Security (IPSec) to encrypt the data packets on the network that you administer. IPSec can
encrypt data packets transported on a TCP/IP network by using either tunnel mode or transport mode. In transport mode, IPSec
encrypts only the part of an IP data packet used by the Transport layer. In tunnel mode, IPSec encrypts entire IP packets. IPSec
uses several technologies to encrypt data, including the following: Diffie-Hellman key exchange, Data Encryption Standard (DES),
bulk encryption, and digital certificates.
Internetwork Packet Exchange (IPX) is a routing and addressing protocol that is native to Novell NetWare operating systems
before NetWare 5. Layer 2 Tunneling Protocol (L2TP) is a virtual private network (VPN) protocol that is used to establish a secure
tunnel between two LANs through a published network such as the Internet. The L2TP VPN protocol can carry several network
communications protocols on a tunnel, including TCP/IP and IPX/SPX. The L2TP protocol can create a tunnel through several
different kinds of networks, including TCP/IP, Frame Relay, and X.25.Kerberos is an authentication protocol that is used to
determine whether users should be allowed to gain access to a network or network resources. Windows 2000 operating systems
and above support Kerberos and the NT LAN Manager (NTLM) authentication protocols; NTLM is also known as Windows NT
Challenge/Response. On a Windows 2000 or above network, Kerberos is used for authentication between Windows computers.
The NTLM authentication protocol is used for authentication between a down-level computer, such as a Windows 9x or Windows
NT computer, and more current versions of the Windows operating system.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use remote access methods.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks
Question #37 of 200
Question ID: 1123273
Management has asked you to investigate upgrading your company's network from IPv4 to IPv6. What are valid reasons you
should give for performing this upgrade? (Choose two.)
A) IPv4 is too slow for Internet traffic.
B) IPv4 addresses are being depleted at an increasing rate.
C) Routing traffic is increasingly difficult due to the rapid growth of the Internet.
D) IPv6 provides approximately 10 times more host addresses than IPv4.
Explanation
The IPv4 addressing system is running out of IP addresses. The current system uses a 32-bit address and, therefore, provides for
4,294,967,296 addresses. However, these addresses are being depleted at a rapid rate. Many methods, such as proxies and
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
38/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Network Address Translation (NAT), reduce the rate of depletion, but a new system must be put into place. Routing tables are also
increasingly hard to maintain because they must contain an ever-increasing amount of information.
IPv6 uses a 128-bit hexadecimal system and will provide for 3,400,000,000,000,000,000,000,000,000,000,000,000,000 addresses.
Speed is not a factor in this decision.
If you are designing a network based on IPv4 addressing, a good practice is to consider how readily an IPv6 addressing scheme
could be overlaid on that network in the future. Using Teredo tunneling, an IPv6 host could provide IPv6 connectivity even when
the host is directly connected to an IPv4-only network. Miredo is a client that can implement the Teredo protocol and is included in
many versions of Linux.
IPv6/IPv4 tunneling is often referred to as 6to4 or 4to6 tunneling, depending on which protocol is being tunneled (IPv4 or IPv6).
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
IPv4 or IPv6 - Myths and Realities, http://www.ciscopress.com/articles/article.asp?p=1215643
Cisco Press article: Internet Addressing and Routing First Step, http://www.ciscopress.com/articles/article.asp?
p=348253&seqNum=7
CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6
Question #38 of 200
Question ID: 1123240
Which of the following indicates the largest number of bytes allowed in a frame?
A) PDU
B) CSMA/CA
C) CSMA/CD
D) MTU
Explanation
Maximum transmission units (MTUs) indicate the largest number of bytes allowed in a frame. If the MTU size is reduced, network
performance is affected. Also, if the MTU is too large, a packet may be rejected by the device receiving the packet.
Carrier Sense Multiple Access/Collision Detection (CSMA/CD) is a feature of Ethernet switches that slows down the traffic on wired
networks when bottlenecks occur. It uses rules to determine how network devices should respond when two devices attempt to
use a data channel simultaneously and a collision occurs.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
39/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) is a feature that creates a collision-free communication channel
between the transmitting device and the receiver.
A protocol data unit (PDU) is the term for a package of data (encapsulated data) as it travels through the OSI layers. Depending on
the layer, the PDU will have a different name, such as "frame" and "packet." The name of the PDU indicates the layer and the type
of information in the encapsulation.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
MTU Size Issues, https://www.networkworld.com/article/2224654/cisco-subnet/mtu-size-issues.html
Question #39 of 200
Question ID: 1289133
You are designing a SOHO network for your company. You want to use the Ethernet standard that supports a data transmission
rate of 1 Gbps over copper cable.
Which Ethernet standard should you use on the network?
A) 1000BaseSX
B) 1000BaseCX
C) 10BaseT
D) 100BaseFX
Explanation
The 1000BaseCX Ethernet standard supports a data transmission rate of 1 gigabit per second (Gbps) over 150-ohm balanced
copper cable. The 1000BaseCX Ethernet standard supports a maximum cable segment length of only 25 meters (m). The
1000BaseCX Ethernet standard was designed to support connections between network nodes that are in close proximity, such as
nodes in a network's wiring closet. The 1000BaseCX standard specifies 8-pin High Speed Serial Data Connectors (HSSDCs) or 9pin D-subminiature connectors. HSSDC connectors are preferred over the 9-pin D-subminiature connectors because they provide
a better electrical connection than the D connectors. Note that 1000BaseCX Ethernet equipment may be difficult to obtain,
because it never became popular.
The 10BaseT Ethernet standard supports a data transmission rate of 10 megabits per second (Mbps) over unshielded twisted-pair
(UTP) copper cable that meets or exceeds Category 3 (CAT3) standards. The 100BaseFX Fast Ethernet standard supports a data
transmission rate of 100 Mbps over fiber-optic cable, and the 1000BaseSX Gigabit Ethernet standard supports a data transmission
rate of 1 Gbps over fiber-optic cable. The 1000BaseLX Ethernet standard supports a data transmission rate of 1Gbps over fiberoptic cable. SX uses single-mode fiber cabling, while LX uses multi-mode fiber cabling.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
40/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Some newer equipment will only work on specific types of networks. Ensure that any new equipment that you purchase is
compatible with the network that you have implemented, particularly if you are implementing an older standard such as 10BaseT.
Another Ethernet standard that you need to understand for the Network+ exam is IEEE 1905.1-2013, the IEEE standard for a
convergent digital home network. For testing purposes, you need to understand the following portions covered by this standard:
Ethernet over HDMI - This standard allows you to use a High Definition Multimedia Interface (HDMI) connection for Ethernet
communication. It supports 4.92Gbps or higher transmission depending on which HDMI version you use. Most
implementations have a maximum cable length of 15 feet.
Ethernet over power line - Power-line networking uses the electrical wiring in your house to create a network. The speeds of
this connection are rather slow at 50 Kbps to 14 Mbps, depending on which specification you implement.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
1000Base-X, https://www.techopedia.com/definition/26890/1000base-x
Question #40 of 200
Question ID: 1123229
You are responsible for ensuring that unnecessary protocols are not running on your network. You need to determine which
protocols operate at the Transport layer of the OSI model. Which of the following protocols should you list? (Choose two.)
A) HTTP
B) IP
C) IPX
D) TCP
E) UDP
Explanation
Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both operate at the Transport layer of the Open Systems
Interconnection (OSI) model. Because the Transport layer is the fourth layer in the OSI model, it is sometimes referred to as Layer
4.
Protocols that operate at the Transport layer provide transport services to higher-layer protocols, such as Hypertext Transfer
Protocol (HTTP) and Trivial File Transfer Protocol (TFTP). TCP reliably delivers a stream of bytes in order from a program on one
computer to another program on another computer. TCP is the protocol that major Internet applications rely on, such as the World
Wide Web, email, remote administration and file transfer. TCP is a connection-oriented protocol. UDP, on the other hand, is a
connectionless protocol.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
41/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
HTTP is an Application layer (Layer 7) protocol that uses the connection-oriented services of TCP, and TFTP is an Application
layer protocol that uses the connectionless services of UDP. HTTP is the primary service used on the World Wide Web. HTTPS is
a secure version of the HTTP protocol.
Internet Protocol (IP) is a connectionless protocol in the TCP/IP protocol suite. Internetwork Packet Exchange (IPX) is a
connectionless protocol in the IPX/SPX protocol suite. IP and IPX operate at the Network layer of the OSI model (Layer 3) and
provide routing and addressing services for nodes on a network. Internet Control Message Protocol (ICMP) is an error-reporting
protocol that also operates at the Network layer.
Objective:
Networking Concepts
Sub-Objective:
Explain devices, applications, protocols and services at their appropriate OSI layers.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models, Layer 1: The
Physical Layer
TCP/IP and OSI Network Models, http://www.speedguide.net/read_articles.php?id=120
Question #41 of 200
Question ID: 1289058
Which TCP port is the well-known port assigned to SSL?
A) 119
B) 443
C) 20
D) 80
Explanation
Transmission Control Protocol (TCP) port 443 is the well-known port assigned to Secure Sockets Layer (SSL). SSL uses public
key cryptography at the Session layer of the Open Systems Interconnection (OSI) model to secure transactions, such as financial
transactions, on the Internet. The Session layer is responsible for establishing and maintaining a connection between two
computers on a network, which is referred to as a session.
SSL can select from several public key cryptography technologies, including Digital Encryption Standard (DES), triple-DES, and
Rivest-Shamir-Adelman (RSA). Port 443 sessions often use transport-layer encryption. In public key cryptography, a computer
such as a server has a private key that is kept secret and a public key that is shared with the public. When a Web client contacts a
Web server for an SSL session, the Web server sends the Web client its certificate, which contains the server's public key. The
Web browser can contact a certificate authority to determine whether the certificate and the public key are authentic. After the Web
client authenticates the server's certificate, the client encrypts a message and sends it back to the server. The server then
authenticates the client by decrypting the message. After the authentication process is complete, the client and the server
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
42/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
negotiate an encryption algorithm, such as RSA or DES, to be used during the session. After the encryption algorithm is
negotiated, messages on the session can be encrypted.
TCP port 20 is assigned to File Transfer Protocol (FTP). FTP can be used to transfer files between FTP clients and FTP servers on
a TCP/IP network such as the Internet.
TCP port 80 is assigned to Hypertext Transfer Protocol (HTTP). HTTP is used to transfer Web pages from Web servers to Web
browsers on a TCP/IP network. Port 80 Web sessions often use application-level encryption.
TCP port 119 is assigned to the Network News Transfer Protocol (NNTP). NNTP is used to transfer network news messages on
TCP/IP networks.
Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented.
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137–139
IMAP – 143
SNMP – 161
LDAP – 389
HTTPS – 443
SMB – 445
LDAPS – 636
H.323 – 1720
MGCP – 2427/2727
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
Objective:
Networking Concepts
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
43/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Port 443, http://www.grc.com/port_443.htm
Question #42 of 200
Question ID: 1289257
A user reports that she cannot print from her computer. You also notice that they are unable to reach a supplier's web site. The
operating system is Windows 8.1. Which command should you start with to help with your diagnosis?
A) route
B) ping
C) dig
D) nmap
Explanation
The ping command allows you to test the connection between a local computer and a node on the network. If you are trying to
determine why a user cannot print, you can issue the ping command with either the printer’s network name (ping colorprinter) or
the IP address of the printer (ping 192.168.1.38). If you could ping by IP address, but not by network name, that would indicate a
problem with DNS translation.
The nmap Linux command is used to explore the network. It also acts as a security scanner. As an example, you can use nmap
192.168.1.0/24 to scan a subnet.
The route command can be used to add additional routes (path) in your network. As an example, if you decided that traffic from
some computers needed to go to another node in the network, you would use a route add command.
The dig command is used in Linux to find DNS information. It is primarily used in troubleshooting DNS problems. Entering dig and
a domain name would return the A record for that domain.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Ping command, https://www.lifewire.com/ping-command-2618099
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #43 of 200
Question ID: 1289161
You have recently discovered that your company is not maintaining system logs as per the adopted company procedures. You
need to decide if the company procedures should be modified, or if the system logs should be maintained as per the procedures.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
44/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Which statement is an accurate reason for following the company procedures?
A) Logging provides audit trails, but increases the risk for security violations.
B) Logging provides access control by authenticating user credentials.
C) Logging helps an administrator to detect security breaches and vulnerable points in a
network.
D) Logging prevents security violations, but only deals with passive monitoring.
Explanation
Logging helps the administrator to detect vulnerable points in a network, specify changes that can enhance the system's security,
log suspicious activity from a specific user or a system, and identify a security breach.
Logging does NOT increase the risk for security violations.
Logging is not only a passive monitoring system, but also an active process of assimilating information about various aspects of
the network, such as infrastructure performance and security.
Logging as a part of the access control system provides accountability services, but does not provide authentication and
authorization services to legitimate users.
Logging is the process of collecting information that is used for monitoring and auditing purposes. Logging establishes user
accountability by providing audit trails and system logs related to system resource usage and activities. In the event of an intrusion,
logging proves helpful in detecting the potential source of an attack. Therefore, logs must be secured properly. Logs should be
periodically archived and reviewed for any suspicious activity. The period of log retention depends on the security requirements of
the organization. Logs can also be used for security evaluation of a company during the course of information security audits.
An infrastructure can be monitored by performing activities, such as log analysis and intrusion detection by using the IDS. An
organization can also periodically deploy countermeasure testing to ensure that the infrastructure devices comply with the security
policy and meet the security needs of the organization. Countermeasure testing is not a monitoring technique, but it ensures that
an organization meets its security objectives.
Objective:
Network Operations
Sub-Objective:
Explain common scanning, monitoring and patching processes and summarize their expected outputs.
References:
Guide to Computer Security Log Management, http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
Question #44 of 200
Question ID: 1289165
You are a network administrator for a Windows Server 2012 domain. Recently, you have noticed network performance issues
when Microsoft operating systems and applications release new service packs or updates. All server and client computers are
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
45/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
configured to automatically download and install any updates. You need to deploy a solution that will reduce the network
performance issues when these updates are released. What should you do?
A) Change the configuration of all computers to check for updates but wait for the user to
download and install them.
B) Change the configuration of all computers to never check for updates.
C) Change the configuration of all computers to download updates but wait for the user to
install.
D) Deploy a centralized Windows Software Update Services server that will download and
deploy the updates, and deploy a group policy that ensures that all servers and clients
obtain their updates from the centralized server.
Explanation
You should deploy a centralized Windows Software Update Services (WSUS) server that will download and deploy the updates
and deploy a group policy that ensures that all servers and clients obtain their updates from the centralized server. The WSUS
server will download all the updates needed for clients and servers. This means that an update will only need to be downloaded
once from the Internet. By using a group policy, you can configure the server and client computers to obtain the updates from the
centralized server. This will allow you to configure the day and time that servers and clients will check for updates. Therefore, you
can deploy the updates during off-peak times and minimize network performance issues due to updates.
Changing the configuration of the computers to never check for updates will cause security and performance issues for your
computers. You need to deploy any updates from operating system and application vendors.
Changing the configuration of all computers to download updates but wait for the user to install will not reduce network
performance issues because all the computers will still be downloading the updates from the Internet. All of the clients and servers
downloading their updates separately is probably what is causing the network performance issues. In addition, it is never good to
leave update installation in the hands of users.
Changing the configuration of all computers to check for updates but wait for the user to download and install them will not reduce
network performance issues when released. In this solution, all the computers would still be separately downloading the updates.
Also, this solution relies on the users to approve the download and installation of the updates.
For the Network+ exam, you need to understand the following issues as they relate to applying patches and updates:
OS updates - Operating system (OS) updates come in many forms. Service packs are usually fully tested by the vendor and
contain all updates and hotfixes since the last service pack. Hotfixes are released to fix an urgent issue and are not tested as
stringently as service packs. Other updates can be released periodically to fix minor issues and are usually tested a bit more
than hotfixes, but not as much as service packs. However, you should still test any OS updates in a lab environment BEFORE
you deploy them in the live server and client computers.
Firmware updates - Firmware updates involve updates to the firmware running on ROM chips in devices, including routers,
switches, mobile phones, and computers.
Driver updates - Driver updates are released by device or component vendors, including video cards and network cards. Make
sure to install the driver that is appropriate for your OS version.
Feature changes/updates - Feature changes or updates are released by OS and application vendors to provide users with
additional functionality. Only deploy those features that your users need, because the features will require storage space.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
46/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Major vs minor updates - While both major and minor updates should be deployed, you should read the documentation that
comes with the update to see if your organization considers it to be major or minor. What the vendor may consider major, the
vendor may only consider minor. Deploy any major updates as quickly as possible.
Vulnerability patches - A vulnerability patch is usually a security patch. These patches are usually very important to prevent
security breaches or exploitation of the vulnerability.
Upgrading vs downgrading - Upgrading is the process is installing the next version of an OS or application. Downgrading is the
process of reverting to a previous version of an OS or application. If available with your operating system, you should
implement some sort of system restore program to create a savepoint before you install a new OS or application version. This
will allow you to easily revert back to the previous version using the savepoint you created.
Configuration backup - A full backup is suggested before you install any patches, hotfixes, service packs, new OS versions, or
any other update. However, many OSs now offer a system restore program that will create savepoints. This process is usually
much faster than a full backup. Also, restoring a savepoint is much quicker when compared to the restore time of a backup.
Objective:
Network Operations
Sub-Objective:
Explain common scanning, monitoring and patching processes and summarize their expected outputs.
References:
Windows Server Update Services, https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx
Question #45 of 200
Question ID: 1289305
Users are unable to log in to the network. When you examine the authentication server, you see that CPU usage is almost 100%.
What is most likely the issue?
A) Unresponsive service
B) Expired IP addresses
C) Names not resolving
D) Incorrect gateway
Explanation
Most likely, you have an unresponsive service that is tying up resources. In Services on a Windows computer, find the
unresponsive service and note the name of the service. In an elevated command prompt, enter "sc queryex servicename" and get
the process ID (PID). Then, kill the process using "taskkill /f /pid" followed by the PID in question. If the PID were 1687, for
example, the command would be taskkill /f /pid 1687.
Expired IP addresses occur when a client computer has been offline for a period of time, is brought back on line, and uses an IP
address whose lease has expired. To resolve the problem on a Windows computer, issue an “ipconfig /release” command,
followed by “ipconfig /renew”. This will unbind the IP address from the client machine, and the DHCP server will issue a new IP
address. Expired IP addresses would cause connectivity issues but not resource usage issues.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
47/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Names not resolving occurs when you enter a URL that you know to be valid, and the Domain Name System (DNS) server is not
providing the corresponding IP address for that server. IP addresses, not the URLs we enter into the browser, are used to locate
machines throughout a LAN or over the Internet. DNS provides the translation from URL to IP address, known as name resolution.
Names not resolving would cause connectivity issues but not resource usage issues.
If you get a “Destination Host Unreachable” message, the most likely culprit is an incorrect gateway. Make sure the local machine
and the default gateway are on the same subnet. If the gateway IP address is actually the IP address of the LAN side of the router,
you will see a “Request timed out” message. This would result in connectivity issues but not resource usage issues.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
How To Kill A Windows Service Which Is Stuck At Stopping, https://support.4it.com.au/article/how-to-kill-a-windows-service-whichis-stuck-at-stopping/
Question #46 of 200
Question ID: 1289105
You need to implement a wireless network for a client. You have two 802.11a, two 802.11b, and two 802.11g wireless access
points.
You need to implement three wireless networks that can communicate with each other. Which wireless access points should you
use?
A) the 802.11a and 802.11g wireless access points
B) You can use all of them together.
C) the 802.11a and 802.11b wireless access points
D) the 802.11b and 802.11g wireless access points
Explanation
You should use the 802.11b and 802.11g wireless access points. These two standards operate at the 2.4 GHz frequency and can
be used interchangeably. If you deploy all of these access points, you will need to ensure that each of them uses a different
channel to prevent interference between them.
You cannot use 802.11a wireless access points with 802.11b or 802.11g wireless access points. 802.11a wireless access points
operate at the 5 GHz frequency. Therefore, a solution that includes 802.11a will only provide two wireless access points.
The maximum data rate is often referred to as maximum bandwidth. Channel bandwidth is the amount of bandwidth within a single
channel used by the frequency.
802.11a has a maximum bandwidth of 54 Mbps, with each channel being between 20-80 MHz.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
48/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
802.11b has a maximum bandwidth of 11 Mbps, with each channel being 22 MHz.
802.11g has a maximum bandwidth of 54 Mbps, with each channel being 20 MHz.
802.11n has a maximum bandwidth of 600 Mbps, with each channel being 20-40 MHz.
802.11ac has a maximum bandwidth of 900 Mbps, with each channel being between 20-80 MHz.
802.11a has a maximum bandwidth of 54 Mbps, with each channel being between 20-80 MHz.
802.11b has a maximum bandwidth of 11 Mbps, with each channel being 22 MHz.
802.11g has a maximum bandwidth of 54 Mbps, with each channel being 20 MHz.
802.11n has a maximum bandwidth of 600 Mbps, with each channel being 20-40 MHz.
802.11ac has a maximum bandwidth of 900 Mbps, with each channel being between 20-80 MHz.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, implement the appropriate wireless technologies and configurations.
References:
Comparison of IEEE 802.11a, IEEE 802.11b and IEEE 802.11g, http://www.codeproject.com/Articles/13253/Comparison-of-IEEEa-IEEE-b-and-IEEE
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs
Question #47 of 200
Question ID: 1123491
You have a strong wireless password policy, but users (including management) are complaining about it. Consequently,
enforcement is difficult. You need a protocol solution that does not require digital certificates. Which of these choices would help
you secure your network?
A) Geofencing
B) EAP-TLS
C) EAP-FAST
D) PEAP
Explanation
Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) was developed by Cisco to assist
with enforcing strong password policies, and it does not require digital certificates. EAP-FAST is a faster version of Protected EAP
(PEAP). EAP-FAST uses protected access credentials (PACs) stored on the supplicant device, somewhat like cookies. With the
credentials already stored on the supplicant, authentication can occur more rapidly. Extensible Authentication Protocol (EAP) made
the use of certificates, biometrics, and smart cards possible.
PEAP first creates a tunnel between the supplicant (client) and the server, and then proceeds with the rest of the steps in the EAP
process. PEAP requires certificates.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
49/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Extensible Authentication Protocol - Transport Layer Security (EAP-TLS) uses public key infrastructure (PKI) certificates to
authenticate the supplicant (client) and the server.
Geofencing allows an administrator to geographically define the boundaries of wireless access. It is particularly useful if the
organization does not want individuals outside the building to have wireless access. Global Positioning System (GPS) or Radio
Frequency Identification (RFID) data from the client device is used to request access to the authentication server. If the client
device is within the defined boundaries, it will be granted access. Geofencing does not really provide a way to secure your
network; it just limits the network's boundaries.
Objective:
Network Security
Sub-Objective:
Given a scenario, secure a basic wireless network.
References:
EAP-FAST Authentication with Wireless LAN Controllers and External RADIUS Server Configuration Example,
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/99791-eapfast-wlc-rad-config.html
Question #48 of 200
Question ID: 1123270
Management has decided to implement a small private network for guests. The network will consist of Windows 7 computers that
will only be able to access the other computers on the private network. You recommend that the small private network use APIPA
addresses. Which is the following is a valid APIPA address?
A) 169.254.2.120
B) 192.168.16.45
C) 10.1.1.131
D) 172.16.4.36
Explanation
The 169.254.2.120 address is a valid Automatic Private IP Addressing (APIPA) address. By default, Windows XP and Windows 7
client computers are configured to use an APIPA address if the DHCP server does down. The addresses in the APIPA range are
169.254.0.0 through 169.254.255.255. These addresses are not routable and are therefore only usable on the local subnet.
The other addresses are all part of the three private IP address ranges, as shown below:
10.0.0.0 through 10.255.255.255
172.16.0.0 through 172.31.255.255
192.168.0.0 through 192.168.255.255
To prevent the use of APIPA addresses, you should change the default settings on the Alternate Configuration tab of the Internet
Protocol Version 4 Properties dialog box. On this tab, you can specifically configure a static IP address that the computer can use.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
50/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Private IP addresses can only be used on the private network. To connect to the Internet, computers that use private IP addresses
with need some sort of Network Address Translation (NAT) service. Public IP addresses allow computers to communicate on the
Internet without t using the single public address of the NAT server.
A challenge with basic NAT, however, is that it provides a one-to-one mapping of inside local addresses to inside global addresses,
meaning that a company would need as many publicly routable IP addresses as it had internal devices needing IP addresses.
Many routers support Port Address Translation (PAT), which allows multiple inside local addresses to share a single inside global
address (a single publicly routable IP address).
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, Assigning IPv4 Addresses
Advanced IP Addressing, http://www.ciscopress.com/articles/article.asp?p=174107&seqNum=5
Question #49 of 200
Question ID: 1131304
Which one of these requires a user complete an action, such as digitally signing an AUP, prior to accessing the network?
A) Port security
B) MAC filter
C) Captive portal
D) Access control list
Explanation
Captive portals are web pages, typically used in public networks, where users must complete some action before they are granted
access to the network. Captive portals are commonly seen in coffee shops, hotels, and airports, and the user often has to accept
an acceptable use policy (AUP) before they can connect to the internet.
None of the other options requires a user to take action before accessing the network.
Port security allows a network administrator to only allow a specific MAC address (or group of MAC addresses) on a switch port.
MAC filtering theoretically does the same thing as port filtering, but port filtering works on switches, whereas MAC filtering works
on routers.
MAC filtering is accomplished by granting (or denying) network access to a list of MAC addresses. The list of MAC addresses for
which you are either granting or denying access to is stored in an access control list (ACL).
ACLs compare the entity that is requesting access to a network resource against a list of valid entities. Access is granted or denied
based on the access configured for that entity. Simply put, ACLs identify which users have access to a given object, such as a
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
51/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
drive, a file, or a directory.
Objective:
Network Security
Sub-Objective:
Explain authentication and access controls.
References:
Captive portal, http://searchmobilecomputing.techtarget.com/definition/captive-portal
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Remote-Access Security
Question #50 of 200
Question ID: 1289217
Your organization has several VLANs implemented on its network. The VLANs operate across several switches. What do all users
on a VLAN have in common?
A) TCP/IP subnet
B) Broadcast domain
C) Collision domain
D) Cable segment
Explanation
VLANs place users from many locations into the same broadcast domain. A single VLAN can span multiple physical LAN
segments, collision domains, and TCP/IP segments. VLANs can be based on work function, common applications or protocols,
department, or other logical groupings. VLAN assignment is configured at the switch for each device that is connected to the
switch. VLANs enable many users at many locations to be in the same broadcast domain. Remember, routers define broadcast
domains, and because switches are Layer 2 devices, they do not segment broadcast domains; instead, they segment collision
domains.
VLANs span multiple collision domains, subnets, and cable segments, so users would not have these aspects of the network in
common. IEEE 802.1Q is the networking standard that supports VLANs on an Ethernet network. Broadcast domains can be
created using switches or routers.
Objective:
Network Security
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
VLANs Defined, http://docwiki.cisco.com/wiki/LAN_Switching_and_VLANs#VLANs_Defined
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
52/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
CompTIA Network+ N10-007 Cert Guide, Chapter 4 Ethernet Technology, Ethernet Switch Features
Question #51 of 200
Question ID: 1123384
Which would be the best device to provide multiple security functions in a central location?
A) Layer 7 firewall
B) UTM appliance
C) Multi-layer switch
D) Load balancer
Explanation
A Unified Threat Management (UTM) appliance would be the best device to provide multiple security functions in a central
location. UTM appliances incorporate multiple security and performance functions in one device. Some of those services can
include load balancing, email security, URL filtration, and wireless security.
A multi-layer switch, in addition to working at the Data Link layer (Layer 2), also performs many Layer 3 router functions. When
ports on a multi-layer switch are configured as Layer 2 ports, traffic is routed based on the MAC address. When ports are
configured as Layer 3 ports, traffic is routed based on IP addresses. Multi-layer switches have the ability to route packets between
VLANs.
A load balancer can be used to divert incoming web traffic to specific servers based on its content, reducing the workload on the
primary server. The destination server is determined by data in Transport layer or Application layer protocols. Traffic distribution
can be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest
response time.
A Layer 7 firewall or Next Generation Firewall (NGFW) combines traditional firewall functionality with an Application layer firewall.
A traditional firewall that allows HTTP traffic on port 80 may also permit an SQL injection attack embedded in a properly formed
HTTP request. An Application layer firewall would perform a more intensive examination of the traffic instead of just allowing the
traffic on a given port. In this example, even though HTTP traffic on port 80 is allowed on a traditional firewall, the Application layer
firewall would look for an SQL injection attack, and block the data.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
The Difference Between a Next Generation Firewall and a UTM Appliance, https://www.volico.com/the-difference-between-a-nextgeneration-firewall-and-a-utm-appliance
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
53/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #52 of 200
Question ID: 1289281
Your organization has several wireless access points located in the building. Access point usage is based on department
membership. Many users report that they are able to see multiple access points. You research this issue and discover that their
computers are not connecting to the appropriate access point due to an SSID mismatch. You must ensure that the computers
connect to the correct access point if that access point is available. Computers should be able to connect to other access points
only if their main access point is down. What should you do?
A) Configure MAC filtering on the wireless access points.
B) Configure the preferred wireless network on the user's computer.
C) Reduce the signal strength on the wireless access points.
D) Ensure that the wireless access points in close proximity use different channels.
Explanation
You should configure the preferred wireless network on the user's computer. After this is completed, the user's computer will
automatically connect to the preferred wireless network if it is available. If a computer is connected to the wrong SSID, you need to
change to the correct access point and then set that access point as the preferred network.
You should not reduce the signal strength on the wireless access points. This could possible cause some users to be unable to
connect to their access point.
You should not configure MAC filtering on the wireless access points. Because the scenario specifically states that computers
should be able to connect to other access points, you would have to ensure that the MAC address of all possible computers are
configured on every access point. MAC filtering is a security mechanism that only allows connections that match the ACL.
You should not ensure that the wireless access points in close proximity use different channels. This would have no effect on which
access point the computers use. Each frequency has different channels that can be used. If the client attempts to connect to an
access point using an incorrect channel, the connection will be unsuccessful. The channel used by the clients and the access point
must be the same.
Keep in mind that you should not user overlapping channels when implementing access points that use the same frequency. For
each frequency, there is a certain number of non-overlapping channels that you should use.
If you implement wireless networks, you may want to include a wireless analyzer as part of your toolkit. A wireless analyzer can
identify problems such as signal loss, overlapping or mismatched channels, unacceptable signal to noise ratios, rogue APs, and
power levels.
For the Network+ exam, you also need to understand the following wireless issues:
Untested updates - Any updates to wireless network devices should be thoroughly tested before deployment on the network.
This includes any firmware updates.
Open networks - Open networks are commonly deployed in public areas, such as libraries, coffee shops, and retail
establishments, to provide a service to customers. However, you should use extreme caution when using open, unsecured
networks as any communication can be intercepted and read. Companies should adopt a policy that clearly states whether
personnel can connect to open networks using company-issued devices, including laptops, cell phones, and other mobile
devices.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
54/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Wrong antenna type - Antenna types can affect the area that a wireless signal will cover. Unidirectional antennas only transmit
in a single direction, while omnidirectional antennas transmit in a defined radius from the antenna placement. In both cases,
you should ensure that the wireless access point is placed in an area where the antenna type will be most effective.
Incompatibilities - Incompatibilities usually occur when you deploy a device, update, or application that is incompatible with the
clients on your wireless network. It may be necessary to roll back the update, remove the application, or reconfigure the
device. If you deploy devices, updates, or applications in a testing environment first, you should be able to discover these
issues before live deployment.
Multiple in, multiple out (MIMO) - MIMO is deployed in 802.11n wireless networks. It uses separate antennas for outgoing and
incoming transmissions. MIMO increases reliability and throughput.
Access point (AP) configurations
Lightweight Access Point Protocol (LWAPP) - LWAPP is a protocol that allows a wireless LAN controller (WAC) to manage
and control multiple wireless access points.
Control And Provisioning of Wireless Access Points (CAPWAP) is a newer alternative to LWAPP.
Thin vs thick - Thick access points handle a wide array of tasks in software, each a separate IP address wired directly into
Ethernet switches, If WLAN controller is deployed, the access points no longer have to handle as many tasks because
they can be handed off to the WLAN controller. When a WLAN controller is used, the APs are referred to as thin APs.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
Unified Wireless Network: Troubleshoot Client Issues,
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00809d45a2.shtml#c1
Question #53 of 200
Question ID: 1123366
Management has asked you to ensure that any traffic through the external firewall is allowed as long as it is the result of a previous
connection. Which type of firewall performs this assessment when it first encounters traffic?
A) packet-filtering firewall
B) circuit-level proxy firewall
C) application-level proxy firewall
D) stateful firewall
Explanation
When traffic is encountered, a stateful firewall first examines a packet to see if it is the result of a previous connection. Information
about previous connections is maintained in the state table.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
55/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You can configure the IDS to perform stateful packet matching and monitor for suspicious network activity. This is referred to as
stateful inspection. An IDS cannot perform authentication and encryption for a VPN and cannot block traffic based on the
application or port used.
None of the other firewalls first examines a packet to see if it is the result of a previous connection.
With a stateful firewall, a packet is allowed if it is a response to a previous connection. If the state table holds no information about
the packet, the packet is compared to the access control list (ACL). Depending on the ACL, the packet will be forwarded to the
appropriate host or dropped completely.
Stateful firewalls can be used to track connectionless protocols, such as the User Datagram Protocol (UDP), because they
examine more than the packet header.
Packet-filtering firewalls function at the Network layer of the OSI model. This type of firewall filters traffic based on rules defined by
the administrator.
Circuit-level firewalls function at the Session layer of the OSI model.
Stateless firewalls watch network traffic and control packets based on source and destination addresses or other static values.
They are not aware of traffic patterns. A stateless firewall uses simple rules that either allow or deny the traffic.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
References:
Stateful Inspection Firewall, http://www.unifiedthreatmanagement.com/stateful-inspection-firewall.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
Question #54 of 200
Question ID: 1123319
You decide to implement a DHCP server on your network. What is the purpose of a DHCP scope?
A) It is the range of IP addresses that a DHCP server can temporarily assign.
B) It is an IP address that cannot be assigned.
C) It is an IP address that is set aside for a certain device.
D) It is the temporary assignment of an IP address.
Explanation
The DHCP scope is the range of IP addresses that a DHCP server can temporarily assign to its clients. DHCP scopes are also
referred to as pools.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
56/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A DHCP lease is a temporary assignment of an IP address. A DHCP client's lease has an expiration date. Prior to the expiration
date, the lease can be renewed. If the lease expires, the client will have to request another lease from the server. The amount of
time that a lease can be used is set at the DHCP server. This time can be adjusted to suit your organization's needs. However, you
should keep in mind that if you set this time too low, DHCP traffic will increase because the leases will expire more often.
A DHCP reservation is an IP address that is set aside for a certain device. The lease is granted to the device's MAC address. If the
device's MAC address changes, the DHCP reservation will no longer work.
A DHCP exclusion is an IP address or group of addresses from within a scope that CANNOT be assigned. This is often used for
addresses within the scope that must be statically assigned to devices, such as routers and servers, that need a static address to
ensure that they can always be accessed using the same host name and IP address.
A DHCP server dynamically assigns the IP address, subnet mask, and default gateway to client computers. IP addresses may be
assigned statically rather than dynamically; however, assigning static IP addresses requires greater administrative effort. When IP
addresses are statically assigned, it is crucial to maintain a manual record of which client was assigned which IP address. If the
addressing scheme were to change, it might necessitate the manual reconfiguration of each computer.
HOSTS files map host names to IP addresses. HOSTS files contain IP addresses and their associated domain names. These files
are used when static IP addresses are used and when DHCP is NOT deployed.
Objective:
Networking Concepts
Sub-Objective:
Explain the functions of network services.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices
Question #55 of 200
Question ID: 1123557
You are the network administrator for your company's network. All servers run Windows Server 2008. All workstations run
Windows 7. The network diagram is shown in the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
57/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Workstation A2 cannot connect to Server B. Workstation B2 can connect to Server B. Workstation A2 can connect to Server A.
Which command should you run from Workstation A2 to test the connection from Workstation A2 to Server B?
A) ping 137.17.0.1
B) tracert 137.17.0.2
C) ping 137.17.0.2
D) ipconfig 137.17.0.1
Explanation
The IP address for Server B is 137.17.0.1; therefore, the ping 137.17.0.1 command will test the communication between
Workstation A2 and Server B. The ping 137.17.0.2 command will not test the communication between Workstation A2 and Server
B because 137.17.0.2 is Workstation B1's IP address.
The tracert 137.17.0.2 command will trace the number of router hops between Workstation A2 and Workstation B1. Using the
tracert command is more resource-intensive than using the ping command.
The ipconfig 137.17.0.1 command has an invalid command-line argument. The ipconfig command cannot be used to test
communications between computers.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
58/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #56 of 200
Question ID: 1123439
As part of monitoring network traffic, you need to determine the payload that is produced by using IPSec in tunnel mode with the
AH protocol. Which of the following best describes this payload?
A) an encapsulated packet that is digitally signed
B) an unencapsulated packet that is encrypted
C) an encapsulated packet that is encrypted
D) an unencapsulated packet that is digitally signed
Explanation
Internet Protocol Security (IPSec) in tunnel mode with the Authentication Header (AH) protocol produces an encapsulated packet
that is digitally signed. AH digitally signs a packet for authentication purposes. Tunnel mode encapsulates a packet within another
packet. Encapsulating Security Protocol (ESP) encrypts IPSec packets. Transport mode sends IPSec packets between two
computers without encapsulating packets. AH and ESP work in transport mode and tunnel mode.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use remote access methods.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks
Question #57 of 200
Question ID: 1289268
While troubleshooting a network outage on a 10GBaseSW network, a technician finds a 500-meter fiber cable with a small service
loop and suspects it might be the cause of the outage. Which of the following is MOST likely the issue?
A) maximum cable length exceeded
B) RF interference caused by impedance mismatch
C) dirty connectors
D) bend radius exceeded
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
59/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
The most likely cause of the issues is the maximum cable length has been exceeded. On a 10GBaseSW network, the maximum
cable length is 300 meters. A 10GBaseSW network uses multi-mode fiber cable. It is unlikely that the problem is a dirty connector.
Because most connectors spend the majority of the time plugged in, they don't tend to get dirty.
It is unlikely that RF interference caused by impedance mismatch has occurred. If this were the case, you would experience
intermittent problems rather than a network outage.
The bend radius exceeded could possibly be the problem if the maximum cable length wasn't exceeded. Remember fiber-optic
cable has maximum distances, depending on the type of cable used and the type of network being implemented.
For the Network+ exam, you also need to understand the following fiber cable issues:
Attenuation/Db loss - Attenuation is the reduction in power of the light signal as it is transmitted. Attenuation is caused by
passive media components, such as cables, cable splices, and connectors.
SFP/GBIC cable mismatch - This occurs when you use the wrong cable type. Make sure to ensure that you are using singlemode or multi-mode fiber cable based on the specification needed for the network type you deploy.
Bad SFP/GBIC cable or transceiver - If this occurs, you will need to replace the component that is bad.
Wavelength mismatch - Multi-mode fiber is designed to operate at 850 and 1300 nanometers (nm), while single-mode fiber is
optimized for 1310 and 1550 nm. If the wrong wavelength is implemented or a device is added to the network that operates at
the wrong wavelength, signal loss will occur.
Fiber type mismatch - If you use different types of fiber cable on the same network, you will experience Db loss. It can cause
systems to malfunction or have high error rates.
Connector mismatch - If you use the wrong connectors on your network, devices will be unable to communicate.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Principles of Ethernet, Distance and Speed Limitations
Question #58 of 200
Question ID: 1289060
Match the protocol from the left with the default port it uses on the right. Move the correct items from the left column to the column
on the right to match the protocol with the correct default port.
{UCMS id=5689560602247168 type=Activity}
Explanation
The protocols given use these default ports:
Port 20 - FTP
Port 23 - Telnet
Port 25 - SMTP
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
60/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Port 53 - DNS
Port 80 - HTTP
FTP also uses port 21, but it was not listed in this scenario.
Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented.
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137–139
IMAP – 143
SNMP – 161
LDAP – 389
HTTPS – 443
SMB – 445
LDAPS – 636
H.323 – 1720
MGCP – 2427/2727
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
Objective:
Networking Concepts
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications
List of TCP and UDP Port Numbers, http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Question #59 of 200
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
Question ID: 1123381
61/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You are documenting the network layout for your company. You have discovered a firewall that has two network interfaces. Which
firewall architecture have you discovered?
A) screened subnet
B) screened host
C) bastion host
D) dual-homed firewall
Explanation
A dual-homed firewall has two network interfaces. One interface connects to the public network, usually the Internet. The other
interface connects to the private network. The forwarding and routing function should be disabled on the firewall to ensure that
network segregation occurs.
A bastion host is a computer that resides on a network that is locked down to provide maximum security. These types of hosts
reside on the front line in a company's network security systems. The security configuration for this entity is important because it is
exposed to un-trusted entities. Any server that resides in a demilitarized zone (DMZ) should be configured as a bastion host. A
bastion host has firewall software installed, but can also provide other services.
A screened host is a firewall that resides between the router that connects a network to the Internet and the private network. The
router acts as a screening device, and the firewall is the screen host.
A screened subnet is another term for a demilitarized zone (DMZ). Two firewalls are used in this configuration: one firewall resides
between the public network and DMZ, and the other resides between the DMZ and private network.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
Firewall Topologies, http://www.firewall.cx/firewall_topologies.php
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
Question #60 of 200
Question ID: 1289154
Your client is experiencing what appears to be a decrease in network throughput. However, the symptoms the client is reporting to
you are not detailed enough for you to diagnose the issue and make a recommendation. What will best assist you in pinpointing
the bottleneck the next time it occurs?
A) Network configuration and performance baselines
B) Standard operating procedures/work instructions
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
62/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
C) Rack diagrams
D) Wiring and port locations
Explanation
Network configuration and performance baselines are parts of the network documentation that assist with troubleshooting. In
particular, performance baselines show how the network performs under typical loads, in terms of bandwidth used, packets
dropped, throughput, or other metrics, for a given period of time. Later, when network issues occur, such as a perceived drop in
network speed, the administrator can compare current conditions to the previously recorded baseline.
Standard operating procedures/work instructions represent key documents used to manage the network. While the two documents
are related, they each have a different purpose. Standard operating procedures (SOPs) indicate what is to be done, as well as the
responsible party. The work instructions describe how to execute the task identified in the SOP, but would not identify an active
issue with throughput.
Rack diagrams depict the placement of network equipment, such as routers, switches, hubs, patch panels, and servers, in a
standard 19” rack. Rack diagrams are particularly useful when planning server rooms and networking closets as the diagrams
allow the engineer to determine the proper placement of equipment prior to the physical buildout. They also serve as a tool to help
locate equipment for maintenance or repair, but not to identify an active issue with throughput.
Wiring and port locations should be a critical component of the network documentation. This documentation facilitates
troubleshooting connectivity by not only identifying the IP or MAC address where the problem is located, but also the physical
location of the problem. Wiring and port locations will not help you research performance issues until after the network
configuration and performance baselines examined and compared to current performance.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use appropriate documentation and diagrams to manage the network.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation
How to set a network performance baseline for network monitoring, https://searchnetworking.techtarget.com/How-to-set-a-networkperformance-baseline-for-network-monitoring
Question #61 of 200
Question ID: 1123444
To improve security, you change your Web server named Web1 to the HTTPS protocol. Shortly after implementing the change,
users report that they cannot access any Web sites hosted on Web1 by using their fully qualified domain names (FQDNs).
However, they can access other Web sites that are hosted on other Web servers by using their FQDNs. What is causing this
problem?
A) HTTPS is not a supported protocol.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
63/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
B) The DNS server is down.
C) The new Web address starts with https instead of http.
D) The local area network (LAN) is down.
Explanation
HTTPS is a supported protocol. When a Web server uses HTTPS technology, all the data transfer between clients and the server
is encrypted using Secure Sockets Layer (SSL) technology. Web pages using this technology begin their Uniform Resource
Locators (URLs) with https://. This technology is used frequently with e-commerce Web sites. In this scenario, users are probably
attempting to access the Web sites by typing http:// instead of https://.
Although users are unable to access any Web sites hosted on Web1 by using FQDNs, they are able to access other Web sites by
using their FQDNs. Therefore, the Domain Name Service (DNS) server is operational, as is the network.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use remote access methods.
References:
What is HTTPS?, https://www.instantssl.com/ssl-certificate-products/https.html
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, The Purpose of Reference Models
Question #62 of 200
Question ID: 1289296
You administer a LAN for your company. The LAN is connected to the Internet through a T1 connection. The network you
administer is displayed in the following exhibit:
The link light on the hub for the cable that connects the hub to the router is not lit. The link lights on the hub for Workstation A and
the Server computer are lit. Workstation A and Server can communicate with one another, but neither of these computers can
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
64/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
communicate with the Workstation B computer. Workstation B can connect to the Internet through the modem, but Workstation B
cannot communicate with either Workstation A or Server.
Which device is most likely causing the communications problem?
A) the hub
B) the router
C) Workstation A
D) the modem
Explanation
Of the choices available, the router is most likely causing the communications problem in this scenario. The router links the
company's LAN to the Internet. Server and Workstation A cannot communicate with Workstation B, and Workstation B cannot
communicate with the computers on the company's LAN, so the router is most likely malfunctioning. Workstation A and Server can
communicate with one another, so Workstation A and the hub appear to be functioning properly. Workstation B can connect to the
Internet, so the modem appears to be functioning properly.
End-to-end connectivity is a process whereby you troubleshoot connectivity issues from the host experiencing the connection
problem all the way through the network. You should always start at the local host and proceed through the network, through
routers and other devices, to the destination. Any connectivity problem could be at the host, the remote host, or anywhere in
between. Following a logical process will ensure that the exact issue will be located. As you move out from the local host, you
should keep in mind that other hosts will be experiencing the same problem. For example, if the problem is not with the local host
and you discover that the problem is with the router, all hosts that use that router should be experiencing the same problem.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #63 of 200
Question ID: 1289146
Which of these is NOT associated with data conversion between the ISP and the customer premise equipment?
A) ATM
B) Demarcation point
C) CSU/DSU
D) Smart jack
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
65/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Asynchronous Transfer Mode (ATM) is NOT associated with data conversion between the ISP and the customer premise
equipment. It is a network transmission model used in voice, video, and data communications. ATM uses equally sized cells that
are all 53 bytes long. The equal length of the data packets supports very high data rates. ATM is deployed in Optical Carrier (OC)
backbone network segments.
All of the other options are associated with data conversion between the ISP and the customer's on-premises equipment.
A demarcation point is where the division is made between the service responsibilities of the ISP and the service responsibilities of
the customer. It is often located at the CSU/DSU or smart jack. When a network problem occurs, the demarcation point will
determine which party is responsible for fixing it, such as the customer or the ISP.
A Channel Service Unit/Data Service Unit (CSU/DSU) is a device that connects a router to a digital circuit, such as a T1 line. The
CSU/DSU converts the signal from a wide area network into frames for a local area network.
A smart jack typically provides the conversion between a telecommunications T1 line and the customer’s network. Smart jacks can
also provide an alarm if the communications link is broken, diagnostic services such as loopback, or even act as a repeater.
Objective:
Infrastructure
Sub-Objective:
Compare and contrast WAN technologies.
References:
ATM In Computer Networks: History And Basic Concepts, https://fossbytes.com/atm-asynchronous-transfer-mode-history-basicconcepts/
Question #64 of 200
Question ID: 1289222
You are troubleshooting a workstation that is not communicating with the network. You try a different port within the wiring closet
hub, and this seems to fix the problem. What should you do next?
A) Connect to the network and try to transfer a file.
B) Document the problem and the solution.
C) Have other users reboot their workstations.
D) Replace all the patch cables.
Explanation
When troubleshooting a problem, you should try the obvious or quick fixes first. Once you have implemented a solution or
workaround, you will need to test the solution to be sure it resolved the problem. The troubleshooting order according to the
CompTIA Network+ blueprint is as follows:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
66/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
1. Identify the problem.
Gather information.
Duplicate the problem, if possible.
Question users.
Identify symptoms.
Determine if anything has changed.
Approach multiple problems individually.
1. Establish a theory of probable cause.
Question the obvious.
Consider multiple approaches.
Top-to-bottom/bottom-to-top OSI model
Divide and conquer
1. Test the theory to determine cause.
Once theory is confirmed, determine next steps to resolve problem.
If theory is not confirmed, re-establish new theory or escalate.
1. Establish a plan of action to resolve the problem and identify potential effects,
2. Implement the solution or escalate as necessary,
3. Verify full system functionality and if applicable implement preventive measures.
4. Document findings, actions, and outcomes.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Explain the network troubleshooting methodology.
References:
CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1)
Question #65 of 200
Question ID: 1289177
Which suppression methods are recommended for a fire in a facility that involves paper, laminates, and wooden furniture?
(Choose two.)
A) Dry powder
B) Soda acid
C) Water
D) Halon
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
67/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Water or soda acid should be used to suppress a fire that has wood products, laminates, and paper as its elements. The
suppression method should be based on the type of fire in the facility. The suppression substance should interfere with the
elements of the fire. For example, soda acid removed the fuel, while water reduces the temperature. Water or soda acid are used
to extinguish class A fires. Electrical wiring and distribution boxes are the most probable cause of fires in data centers. Class C fire
suppression agents, such as halon or carbon dioxide, are used when the fire involves electrical equipment and wires. They can
also be used to suppress Class B fires that include liquids, such as petroleum products and coolants. Never use water on a Class
B fire.
The production of halon gas was banned in 1987. Halon causes damage to the ozone layer and is harmful to humans. Halocarbon
agents or inert gas agents can be replacements for halon in gas-discharge fire extinguishing systems. Carbon dioxide, which is
used to extinguish class B and class C fires, eliminates oxygen. It is harmful to humans and should be used in unattended
facilities.
Dry powder is a suppression method for a fire that has magnesium, sodium, or potassium as its elements. Dry powder
extinguishes class D fires and is the only suppression method for combustible metals. It is important to select the appropriate fire
suppression system. Some systems will remove oxygen from a room. Therefore, they are harmful to humans.
For the Network+ exam, you also need to understand the importance of heating, ventilation, and air conditioning (HVAC) systems.
Because computer and network equipment generates a lot of heat, you need to ensure that you implement an HVAC solution that
can keep rooms and equipment properly cooled. Equipment rooms and data centers need their own HVAC system that is separate
from the rest of the building. You also need to understand emergency procedures. The building layout should be documented with
all safety/emergency exits noted. A fire escape plan should be written, with appropriate personnel training occurring at least
annually. Entrances/exits should be configured appropriately as fail open in the event of a fire. Fail close should only be used when
a physical security breach has occurred. An emergency alert system should be implemented to ensure that personnel are
appropriately alerted when an emergency occurs.
Objective:
Network Operations
Sub-Objective:
Identify policies and best practices.
References:
Classes of fires: A, B, C, D, K, http://www.falckproductions.com/resources/fire-safety-and-firewatch/classes-of-fire-a-b-c-d-and-k/
Question #66 of 200
Question ID: 1289151
Management has requested that you document the minimum level of security for all network devices. Which of the following will
this provide?
A) standards
B) procedures
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
68/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
C) guidelines
D) baselines
Explanation
A baseline defines the minimum level of security and performance of a system in an organization. A baseline is also used as a
benchmark for future changes. Any change made to the system should match the defined minimum security baseline. A security
baseline is defined through the adoption of standards in an organization.
Guidelines are the actions that are suggested when standards are not applicable in a particular situation. Guidelines are applied
where a particular standard cannot be enforced for security compliance. Guidelines can be defined for physical security, personnel,
or technology in the form of security best practices.
Standards are the mandated rules that govern the acceptable level of security for hardware and software. Standards also include
the regulated behavior of employees. Standards are enforceable and are the activities and actions that must be followed.
Standards can be defined internally in an organization or externally as regulations.
Procedures are the detailed instructions used to accomplish a task or a goal. Procedures are considered at the lowest level of an
information security program because they are closely related to configuration and installation problems. Procedures define how
the security policy will be implemented in an organization through repeatable steps. For instance, a backup procedure specifies the
steps that a data custodian should adhere to while taking a backup of critical data to ensure the integrity of business information.
Personnel should be required to follow procedures to ensure that security policies are fully implemented.
Procedural security ensures data integrity.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use appropriate documentation and diagrams to manage the network.
References:
Mandatory security baselines, https://security.web.cern.ch/security/rules/en/baselines.shtml
Question #67 of 200
Question ID: 1123608
A user is experiencing network connectivity issues after a faulty NIC was replaced. You want the user to have excellent throughput,
so you configure the NIC for full-duplex (auto configuration off). The corresponding switch port is configured as auto-config, so you
should be OK, but the throughput is lower than expected. What is the issue?
A) Duplex/speed mismatch
B) Bottlenecks
C) TX/RX reverse
D) Incorrect pin-out
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
69/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
When you manually set a device to full-duplex (auto-config off), the device will assume it should use half-duplex transmission.
Duplex/speed mismatch is a misconfiguration of an NIC, switch port, or router port. Duplex refers to whether the traffic is talk
only/listen only or bidirectional traffic, like a phone call. Speed relates to the data transfer rate, such as 100mbs or 1000mbs. If one
port is configured at half duplex and the other port is configured at full duplex, the user will notice a severe drop in performance,
because the network will operate at the slower half duplex speed.
Incorrect pin-out can be an issue if the wires in the UTP/STP cable are not laid out in accordance to the 568A or 568B standards.
Also, if the RJ-45 jack was not crimped properly or if one of the ends of the individual wires did not seat properly, you could have
an improper pinout. Communication will fail entirely if this occurs.
Bottlenecks occur where there is speed degradation in network traffic, like a traffic jam. The bottleneck can occur due to equipment
failure, an increase in network traffic, or a misconfiguration. TX/RX reverse can occur when patch cables are created, and the
transmit (Tx) and receive (Rx) pairs are criss-crossed or mismatched. Even though STP and UTP cables have four pairs of wires,
100BASE-TX only uses two pairs, with one pair used for data transmission (Tx) and the other pair used for data reception (Rx). If
the pairs are not aligned properly on both RJ-45 jacks, you can get a TX/RX reverse.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
Network Enemy #1: Duplex Mismatch, https://www.pathsolutions.com/network-enemy-1-duplex-mismatch/
Question #68 of 200
Question ID: 1289196
You are creating a wireless network for your company. You need to implement a wireless protocol that provides maximum security
to protect against wireless attack. However, you must provide support for older wireless clients. Which protocol should you
choose?
A) WPA
B) WAP
C) WEP
D) WPA2
Explanation
You should implement Wi-Fi Protected Access (WPA). WPA was created to fix core problems with WEP. WPA is designed to work
with older wireless clients while implementing the 802.11i standard.
Wireless Application Protocol (WAP) is the default protocol used by most wireless networks and devices. However, because WAP
can access Web pages and scripts, there is great opportunity for malicious code to damage a system. WAP is considered the
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
70/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
weakest wireless protocol.
Wired Equivalent Privacy (WEP) is the security standard for wireless networks and devices that uses encryption to protect data.
However, WEP does have weaknesses and is not as secure as WPA or WPA2. Wired Equivalent Privacy (WEP) should be
avoided because even its highest level of encryption has been successfully broken.
Wi-Fi Protected Access 2 (WPA2) completely implements the 802.11i standard. Therefore, it does not support the use of older
wireless cards. Identification and WPA2 are considered the best combination for securing a wireless network. WPA2 is much
stronger than WPA. In addition, you can implement WPA2 with Temporal Key Integrity Protocol (TKIP), also referred to as TKIPRC4, or Advanced Encryption Standard (AES), also referred to as CCMP-AES, to provide greater security. WPA2-AES is stronger
than WPA2-TKIP.
For the Network+ exam, you need to protect against the following wireless attacks or issues:
Evil twin - occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up
to look just like a valid network, including the same Set Service Identifier (SSID) and other settings.
Rogue access point (AP) - occurs when a wireless attack that is not under your control is connected to your network. With
these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access
point is valid. You can perform a site survey to detect rogue APs.
War driving - occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can
lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA
or WPA2 authentication.
War chalking - occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for
this type of information by periodically inspecting the outside of your facilities.
Bluejacking - the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when
not in use is the best protection against this.
Bluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connection. Once again,
turning off Bluetooth when not in use is the best protection against this.
WPA/WEP/WPS attacks - Any attacks against wireless protocols can usually be prevented by using a higher level of
encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided. Wi-Fi Protected Setup
(WPS) allow users to easily secure a wireless home network but is susceptible to brute force attacks. Wi-Fi Protected Access
(WPA) is more secure than WEP and WPS. WPA2 provides better security than WPA.
Objective:
Network Security
Sub-Objective:
Given a scenario, secure a basic wireless network.
References:
HTG Explains: The Difference Between WEP, WPA, and WPA2 Wireless Encryption (and Why It Matters),
http://www.howtogeek.com/167783/htg-explains-the-difference-between-wep-wpa-and-wpa2-wireless-encryption-and-why-itmatters/
WAP: Broken Promises or Wrong Expectations?, http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_6-2/wap.html
Wireless Security, http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=6
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
71/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Securing Wireless LANs
Question #69 of 200
Question ID: 1289284
A user has just returned from a week-long conference. While attending the conference, the user connected their work laptop to
both the hotel Wi-Fi and the conference Wi-Fi. Now the user cannot connect to the company's Wi-Fi. What is most likely the issue?
A) Wrong SSID
B) Latency
C) Jitter
D) Frequency mismatch
Explanation
The most likely issue is an incorrect Service Set Identifier (SSID). Most wireless devices remember the previous SSID, even if you
move to a new network, so you should always check the SSID when troubleshooting. Also, it is very easy for a user to select the
wrong SSID. They may not have the correct password or passphrase, and they may type in the SSID name incorrectly. Checking
for the correct SSID is often the first step to wireless troubleshooting. On most devices, you can set the device to remember an
SSID and its credentials. However, if the SSID or the credentials change, the device will be unable to automatically log in to the
wireless network.
Jitter is the variance in latency rates. In a wireless network, jitter is commonly the result of diffraction, reflection or absorption.
Different network segments may have different factors that affect latency. When the rate of latency is inconsistent, it can cause
service issues in latency-sensitive applications such as banking, e-commerce, and gaming. The symptom of jitter is fluctuating
transmission speeds.
Latency is the time it takes for network data to travel between the sender and the recipient. As wireless networks are slower than
wired networks, latency is an inherent issue in wireless networks. You can test and compare the latency of your wired and wireless
connections network by using the ping command. The time= notation in the result tells you the latency of that connection.
Frequency mismatch occurs when one device is operating at 2.4GHz and another device is operating at 5GHz. Both (or all)
devices must be on the same frequency to communicate. One solution to ensure coverage for all devices is to have one access
point operating at 2.4 GHz and another operating at 5 GHz. You could differentiate the access points by including the frequency in
the SSID, such as MyNetwork2.4 and MyNetwork5. If you must operate two wireless access points in close proximity on the same
frequency, you can configure the wireless access points to use different channels.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
72/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Should You Change the Default Name (SSID) of a Wireless Router?, https://www.lifewire.com/changing-default-name-ssidwireless-router-816568
Question #70 of 200
Question ID: 1123426
You need to collect management information on the routers and switches used on your company's network. You decide to use
SNMP. What is the name of the software component that runs on a managed device when you deploy this technology?
A) MIB
B) SNMP agent
C) SNMP manager
D) NMS
Explanation
The SNMP agent runs on a managed device, such as a router or switch. This agent collects management information. Network
management systems based upon SNMP contain two primary elements: a manager and agents. The manager is the console
through which a network administrator performs network management functions. Agents are the entities that interface to the actual
devices being managed. You would use an SNMP agent to monitor remote traffic through an access point. SNMP can monitor
almost any type of network device, such as hubs, servers, interface cards, repeaters, and bridges. Threshold alarms can be set for
all the parameters that the agent can monitor.
The management information is stored in the Management Information Base (MIB) on the agent or managed device. The
information in the MIB is then forwarded to the SNMP manager, where the network management application resides. The SNMP
manager is also referred to as the Network Management Server (NMS).
Managed devices will run the Simple Network Management Protocol (SNMP) agent. Unmanaged devices are not configured to run
this software. By using SNMP to manage devices, you can simplify administrative effort using a single management console
located at the SNMP manager. Often SNMP data is used to perform device diagnostics.
Objective:
Network Operations
Sub-Objective:
Explain common scanning, monitoring and patching processes and summarize their expected outputs.
References:
SNMP Components, http://docs.oracle.com/cd/E11036_01/alsb30/operations/snmpcomponents.html
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Monitoring Resources and Reports
Question #71 of 200
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
Question ID: 1289247
73/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Your company has recently replaced all the shielded twisted pair (STP) and unshielded twisted pair (UTP) cable with fiber optic
cable. You need to purchase a device to determine the length of the cables used on your network. Which tool do you need?
A) OTDR
B) TDR
C) butt set
D) toner probe
Explanation
An optical time domain reflectometer (OTDR) can be used to determine the length of the cables used on a fiber optic network. A
time domain reflectometer (TDR) determines the length of shielded twisted-pair (STP), unshielded twisted-pair (UTP), or coaxial
cables.
A butt set is used to test telephone lines. A toner probe is used to identify a single cable on the network. It is the best tool to use to
locate a bad CAT5 cable.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
TDR vs. OTDR, http://www.zostrich.com/Monitoring_PDF/tdrvsotdr.pdf
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #72 of 200
Question ID: 1289307
A new file server is configured to allow personnel within the company to store files. Users are reporting that they cannot upload
files to the file server. What might be the areas you should examine? (Choose two.)
A) Blocked TCP/UDP ports
B) Incorrect ACL settings
C) Duplicate IP addresses
D) Hardware failure
Explanation
The areas you should examine are blocked TCP/UDP ports and incorrect ACL settings. Blocked TCP/UDP ports are often
necessary to protect the network from insecure protocols that are easily exploited by hackers. Ports that are often blocked include
TCP port 23 (Telnet), TCP port 21 (FTP), TCP/UDP port 53 (DNS, as a post-attack exit port) and UDP port 161 (SNMP).
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
74/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
For ACLs on routers and firewalls, incorrect ACL settings would allow or prevent transmission of network traffic (inbound or
outbound). ACL settings on file servers can allow or deny access to the folders.
Duplicate IP addresses can occur when a DHCP server “thinks” an IP address is available. For example, a client machine requests
an IP address, and the DHCP server issues an address listed as available from the pool of addresses. A conflict may occur if a
dormant machine comes back online, with an IP address that the DHCP server thought was expired and added back into the
pool.
Hardware failure could be the NIC, cable, port on a switch, the switch itself, a port on the router of the router itself, to name a few.
You would first ping 127.0.0.1 to determine if the client machine is communicating with the NIC. Ping the default gateway, then the
router, and then a tracert to a website to identify the faulty piece of equipment.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
Securing risky network ports, https://www.csoonline.com/article/3191531/network-security/securing-risky-network-ports.html
Access Control List Explained with Examples, https://www.computernetworkingnotes.com/ccna-study-guide/access-control-listexplained-with-examples.html
Question #73 of 200
Question ID: 1289128
You are setting up a 10-Mbps SOHO network at a residence. What is the lowest category or level of UTP cable that you should
use as transmission medium for a small LAN communicating in the 10-Mbps range?
A) Category 4
B) Category 2
C) Category 1
D) Category 3
E) Category 5
Explanation
Although you could use Category 3 or Category 5 cable for the LAN, Category 3 is the lowest category cable that you could use for
the LAN.
Category 1 and Category 2 cable have maximum transmission rates of only 4 Mbps, so they would not be suitable for a 10-Mbps
network.
UTP transmission rates are listed below:
Category 1 - up to 4 Mbps
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
75/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Category 2 - up to 4 Mbps
Category 3 - up to 10 Mbps
Category 4 - up to 16 Mbps
Category 5 - up to 100 Mbps
Category 5e - up to 1000 Mbps
Category 6 - up to 1000 Mbps or 1 Gbps
Category 6a – up to 10 Gbps
Category 7 – up to 10 Gbps
Category 1 wiring consists of two pairs of twisted copper wire. It is rated for voice grade, not data communication. It is the oldest
UTP wiring and is used for communication on the Public Switched Telephone Network (PSTN).
Category 2 wiring consists of four pairs of twisted copper wire and is suitable for data communications of up to 4 Mbps.
Category 3 wiring consists of four pairs of twisted copper wire with three twists per foot. It is suitable for 10-Mbps data
communication, and has been used widely in 10-Mbps Ethernet networks.
Category 4 wiring consists of four pairs of twisted copper wire, and is rated for 16 Mbps. It was designed with 16-Mbps Token Ring
networks in mind.
Category 5 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. Category 5 cabling can support
frequencies of up to 100 MHz and speeds of up to 1,000 Mbps. It can be used for ATM, Token Ring, 1000Base-T, 100Base-T, and
10Base-T networking.
Category 6 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. It can supports speed of up to 1
Gbps or 1,000 Mbps. Category 6a wiring supports speed of up to 10 Gbps or 10,000 Mbps.
Category 7 wiring consists of four twisted pairs of copper wire terminated by RJ-45 connectors. It supports speed of up to 10 Gbps
or 10,000 Mbps.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media
Question #74 of 200
Question ID: 1289136
Your network contains four segments. You need to connect two or more of the LAN segments together. Which network devices can
you use? (Choose four.)
A) Router
B) Switch
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
76/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
C) Wireless Access Point
D) Bridge
E) Repeater
F) Hub
Explanation
Bridges, switches, and routers can be used to connect multiple LAN segments. For the Network+ exam, you need to understand
the placement of these devices. Bridges, switches, and routers are implemented on the perimeters of segments or subnetworks
and are used to connect those segments together.
Bridges and switches operate at the Data Link layer, using the Media Access Control (MAC) address for sending packets to their
destination.
Routers operate at the Network layer by using IP addresses to route packets to their destination along the most efficient path.
Backbone routers are the open shortest path first (OSPF) routers that are in Area zero. Area zero is considered the backbone of
an OSPF network. Internal routers are located in a single area within a single OSPF autonomous system. Area border routers
(ABRs) are located in more than one area within a single OSPF autonomous system. Autonomous system border routers (ASBRs)
connect multiple OSPF autonomous systems. A load balancer can be used to balance the workload between routers if more than
one router is connected to a subnetwork. Load balancers can also be used with other devices to perform the same function.
A Wireless Access Point (WAP) is essentially a translational bridge. One side is commonly connected to the wired LAN and the
other side communicates using IEEE 802.11b with a wireless connection. WAPs are not Physical layer devices like hubs or
repeaters. They selectively transmit traffic based upon MAC addresses. A WAP can also function as a repeater. WAPs are placed
in the center of an area to which you want to provide wireless access.
Hubs act as a central connection point for network devices on one network segment. They work at the Physical layer. The primary
reason for choosing a switch over a hub is bandwidth needs. Switches can greatly improve network performance because
switches do not broadcast the packets they receive. Hubs broadcast the packets they receive to all available ports on the hub,
thereby increasing network traffic. Hubs, like routers and switches, are placed on the perimeter of a single segment and only
control the traffic on that segment.
Both switches and hubs support the same protocols. Hubs are cheaper than switches, but can result in higher costs over time
when you consider the potential for issues with lower bandwidth. Both switches and hubs support different types of nodes.
Repeaters are used to extend the length of network beyond the cable's maximum segment distance. They take a received frame's
signal and regenerate it to all other ports on the repeater. They also work at the Physical layer. A repeater regenerates the signal
to all other ports on the device, thereby extending the length of the network beyond the maximum cable segment. Repeaters are
placed on a network at the point where the cable segment will exceed the maximum segment distance.
You may also need to understand network bridges, which operate at the OSI Data Link layer. They divide a network into segments,
keeping the appearance of one segment to the upper-layer protocols. Using MAC addresses, bridges determine which traffic
should pass through the bridge and which traffic should remain on the local segment. Keeping local traffic local can increase
network performance.
Bridges can be used to perform the following functions:
Expand the length of a segment
Provide for an increased number of computers on the network
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
77/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Reduce traffic bottlenecks resulting from an excessive number of attached computers
Split an overloaded network into two separate networks, reducing the amount of traffic on each segment and making each
network more efficient
Link different types of physical media, such as twisted-pair and coaxial Ethernet
Another device that you may need to understand is a Multistation Access Unit (MAU), which is also abbreviated as MSAU. This
term is synonymous with a passive "hub" in a Token Ring network. A MAU is a multiport device that connects the computers in a
physical star topology that functions as a logical ring.
Gateways allow two computers with no protocols in common to communicate. An analog modem converts analog signals
transmitted over telephone cabling into digital signals used by computers and computer networks.
A concept that you need to understand is traffic shaping, also known as packet shaping. A packet shaper delays data packets to
bring them into compliance with a desired traffic profile. Packet shaping optimizes or guarantees performance and improves
latency. The most common type of packet shaping is application-based traffic shaping. An example of this is P2P bandwidth
throttling. Many application protocols use encryption to circumvent application-based traffic shaping. Another type of packet
shaping is route-based traffic shaping that is conducted based on previous-hop or next-hop information.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
References:
Router, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212924,00.html
Router vs. Switch, http://compnetworking.about.com/od/homenetworkhardware/f/routervsswitch.htm
Switch, http://searchtelecom.techtarget.com/sDefinition/0,,sid103_gci213079,00.html
Bridge, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci211705,00.html
Wireless access points, http://compnetworking.about.com/cs/wireless/g/bldef_ap.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Network Infrastructure Devices
Question #75 of 200
Question ID: 1123289
Your company needs to deploy a wireless network to allow users to connect to the network using mobile devices. You are
concerned that the radio signal will not cover the amount of area you need. Another technician instructs you to research the angle
of radiation of the wireless access point's antenna. Which term is used to refer to this?
A) beamwidth
B) sensitivity
C) bandwidth
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
78/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) gain
Explanation
The term used to refer to the angle of radiation of an antenna is beamwidth.
There are many differences between the types of antennas that you can use, including beamwidth, gain, transmission angle, and
frequency. The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the
signal is defined in degrees. Antenna properties include the gain, beamwidth, and transmission angle. The gain is a measure of
how much of the input power is concentrated in a particular direction.
Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have a very narrow
beamwidth.
For example, typical 6-dBi patch antenna has a 65-degree beamwidth, but the 21-dBi parabolic dish antenna has a 12-degree
radiation pattern.
You also need to understand signal strength. In most wireless access points, you can adjust the signal strength. This feature is
particularly useful if you want to prevent the signal from reaching outside a building. Then you would adjust (lower) the signal
strength and possibly change the access point placement to prevent the signal from reaching there. The coverage of the signal
depends on the type of access point you are deploying, the location where it is deployed, and the frequency used.
Objective:
Networking Concepts
Sub-Objective:
Compare and contrast the characteristics of network topologies, types and technologies.
References:
Cisco Aironet Antennas and Accessories, https://www.cisco.com/c/en/us/products/collateral/wireless/aironet-antennasaccessories/product_data_sheet09186a008008883b.html
Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs
Question #76 of 200
Question ID: 1289228
You administer a network for your company. You determine that there is a network connectivity problem on one of the computers
on the network. You re-create the problem and determine that the problem is located in the NIC. You establish a theory of probable
cause. Which step should you take next to troubleshoot the problem?
A) Provide feedback to the users of the computer.
B) Implement a correction plan.
C) Form a correction plan.
D) Test the theory.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
79/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
The troubleshooting order according to the CompTIA Network+ blueprint is as follows:
1. Identify the problem.
Gather information.
Duplicate the problem, if possible.
Question users.
Identify symptoms.
Determine if anything has changed.
Approach multiple problems individually.
1. Establish a theory of probable cause.
Question the obvious.
Consider multiple approaches.
Top-to-bottom/bottom-to-top OSI model
Divide and conquer
1. Test the theory to determine cause.
Once theory is confirmed, determine next steps to resolve problem.
If theory is not confirmed, re-establish new theory or escalate.
1. Establish a plan of action to resolve the problem and identify potential effects,
2. Implement the solution or escalate as necessary,
3. Verify full system functionality and if applicable implement preventive measures.
4. Document findings, actions, and outcomes.
You have already identified the problem, re-created the problem, and established a theory of probably cause. You should now test
the theory. In this scenario, the correction plan might involve running diagnostics on the network interface card (NIC) or simply
replacing the NIC. If the test confirms you theory, you should then proceed through the other troubleshooting steps.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Explain the network troubleshooting methodology.
References:
CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1)
Question #77 of 200
Question ID: 1289056
Which well-known port is used to forward e-mail on the Internet between e-mail servers?
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
80/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) 23
B) 25
C) 110
D) 161
Explanation
Ports allow more than one service or application to communicate at the same time between computers. Simple Mail Transfer
Protocol (SMTP) uses port 25 to communicate e-mail transfers. Administrators can assign additional ports for communication on
an intranet and through the Internet.
There are a total of 65,536 ports each for TCP and UDP. Of these, only 1,024 ports are considered well known and, therefore
reserved for a particular service.
Port 23 is used by Telnet for remote administration.
Port 110 is used by Post Office Protocol Version 3 (POP3) for e-mail.
Port 161 is used by Simple Network Management Protocol (SNMP) for network diagnostics.
Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented.
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137–139
IMAP – 143
SNMP – 161
LDAP – 389
HTTPS – 443
SMB – 445
LDAPS – 636
H.323 – 1720
MGCP – 2427/2727
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
81/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Networking Concepts
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications
What is SMTP?, http://searchexchange.techtarget.com/sDefinition/0,,sid43_gci214219,00.html
Computer Network Glossary - Port Number: Ports 10-49, http://compnetworking.about.com/od/tcpip/l/blports_gl10.htm
Question #78 of 200
Question ID: 1123554
You install a second NIC in your Linux computer. Then, you log on to the computer as root. You want to configure the new NIC with
the IP address 192.168.0.1 and the subnet mask 255.255.255.0.Which command should you issue at a command prompt to
configure the NIC?
A) ifconfig eth0 192.168.0.1 subnet 255.255.255.0 up
B) ifconfig eth1 192.168.0.1 netmask 255.255.255.0 up
C) ipconfig eth0 192.168.0.1 subnet 255.255.255.0 up
D) ipconfig eth1 192.168.0.1 netmask 255.255.255.0 up
Explanation
On a Linux computer, you should use the ifconfig command to configure a network interface card (NIC). The first NIC in a Linux
computer is typically named eth0, and the second NIC is named eth1. Therefore, you should log on to the Linux computer as root,
which is also known as the superuser, and issue the command ifconfig eth1 192.168.0.1 netmask 255.255.255.0 to configure the
second NIC. The 192.168.0.1 portion of the command configures the IP address for the NIC, the netmask 255.255.255.0 portion of
the command configures the subnet mask for the NIC, and the up portion of the command activates the NIC. A similar procedure
would be used on a UNIX computer.
The command ifconfig eth0 192.168.0.1 subnet 255.255.255.0 up is not properly configured; the command uses the term subnet
rather than the proper term netmask, and the command would attempt to configure eth0 rather than eth1. The ipconfig command
can be used on Microsoft computers to view the TCP/IP protocol stack, but ipconfig cannot be used to configure a NIC.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Linux/Unix ifconfig tool, http://www.computerhope.com/unix/uifconfi.htm
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
82/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #79 of 200
Question ID: 1123285
Which of these has helped reduce wiring, weight, and cost in industrial applications?
A) SAN
B) MAN
C) CAN
D) PAN
Explanation
A controller area network (CAN) is used in industrial applications, originally in automotive systems. It replaces bulky wiring
systems, reducing weight and cost. A CAN builds a network between controllers, allowing them to share information. A railway
application, for example, might be a sensor that detects whether or not a door is closed, and locks the brakes until the sensor
indicates the door is closed.
A storage area network (SAN) creates a network among a pool of storage devices. It may be thought of as a RAID array that uses
network connections as opposed to data cables. The SAN pool appears as a single drive letter to the client.
A personal area network (PAN) is a network of devices that are in close proximity to a person, no more than a couple of meters
away. Devices that can be part of PANs include wireless headphones, wearable technology, and printers.
A metropolitan area network (MAN) connects several LANS together in an area roughly the size of a city. An example of a MAN
might be a large hospital with several satellite offices in various neighborhoods around the city.
CAN can also mean campus area network. This type of network encompasses a large campus that is usually located within a
several block radius. This type of CAN connects several LANs into a single CAN. Then multiple CANs can be connected using a
MAN or WAN.
Objective:
Networking Concepts
Sub-Objective:
Compare and contrast the characteristics of network topologies, types and technologies.
References:
Controller Area Network (CAN) Overview, http://www.ni.com/white-paper/2732/en/es
Question #80 of 200
Question ID: 1123314
Which of the following can be manipulated to reduce network traffic?
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
83/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) NTP
B) lower TTL
C) MAC reservations
D) increased lease time
Explanation
Lease time can be manipulated to reduce network traffic. Lease time is the amount of time a device maintains the IP address
assigned by the DHCP server. With Windows, the default lease time is 8 days. Lease times may be adjusted. As an example, if the
network configuration seldom changes and you have a large number of IP addresses, you might consider increasing the lease
time. The justification for doing so is that every lease must be renewed, and those renewals increase network traffic. Increasing the
duration of the lease reduces the amount of network traffic required for lease renewal.
MAC reservations allow you to permanently assign an IP address to the MAC address of a specific device. Web servers, mail
servers, copiers, printers, wireless access points, and projectors are all examples of devices that can benefit from having a
permanently assigned IP address. For each such device, a reservation (exclusion) would be made so that the IP address is
removed from (reserved) the pool of available IP addresses. Once a reservation is made, that device always uses that same
address. But configuring MA reservations will not affect network traffic as much as increasing the lease time.
Time To Live (TTL) specifies the length of time that a DNS name server must cache the name. By default, the TTL is 60 minutes,
but it may be modified in the DNS Management Console. Longer TTLs are best for more permanent records, such as MX records,
DKIM/SPF records, and TXT records. A lower TTL would mean additional network traffic.
Network Time Protocol (NTP) is used to synchronize the clocks of computers on the network. Synchronization of time is important
in areas such as event logs, billing services, e-commerce, banking, and HIPAA Security Rules. Implementing NTP would actually
increase network traffic.
Objective:
Networking Concepts
Sub-Objective:
Explain the functions of network services.
References:
What is DHCP Lease Time & What Should I Set it To?, http://homenetworkadmin.com/dhcp-lease-time/
Question #81 of 200
Question ID: 1289149
You have been given a drawing that shows the flow of network communication with symbols to indicate equipment function. Which
type of configuration management documentation have you been given?
A) physical network diagram
B) logical network diagram
C) wiring schematic
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
84/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) network baseline
Explanation
You have been given a wiring schematic. Schematics include the flow of network communication and symbols to indicate
equipment function. They use horizontal and vertical lines to show how the system flow functions, not the physical layout of the
devices in the network.
A wiring diagram emphasizes network connections and uses horizontal and vertical lines to represent network wires. Components
are represented by pictures instead of symbols.
A logical network diagram represents how the data will logically be transported through the network. It does not usually show the
actual interfaces and physical wires. It does include routing tables.
A physical network diagram represents the physical location of the network devices and how they are connected.
A network baseline is not really a type of diagram. It is actually performance statistics gathered for comparative purposes. By
establishing a network performance baseline, you can ensure that performance issues can be identified much more easily in the
future.
The naming conventions used in schematics and diagrams should allow quick identification of different components and devices.
Make sure to establish a standardized naming convention across your network.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use appropriate documentation and diagrams to manage the network.
References:
Types of Electrical Diagrams or Schematics, http://www.tpub.com/content/doe/h1016v1/css/h1016v1_105.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation
Question #82 of 200
Question ID: 1289127
You will have a very small wiring closet for your routers. While the company will use fiber-optic cabling, you would like to use the
smallest form connector to conserve space. The connector you plan to use should be roughly half the size of the other connectors.
Which fiber-optic connector should you use?
A) LC
B) SC
C) BNC
D) ST
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
85/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A Lucent Connector (LC) fiber-optic connector is roughly half the size of other fiber-optic connectors. Its smaller form allows for
more space in the wiring closet. An LC connector resembles the following exhibit:
The SC connector is a square, plug-in connector used with fiber-optic cable. It is a popular choice in 100Base-FX implementations.
SC stands for square connector. The SC connector uses a push to snap on and a push to snap off technology. It is larger than an
LC connector. An SC connector resembles the following exhibit:
There are two types of SC connectors: ultra physical contact (UPC) and angled physical contact (APC). APC connectors feature
an 8-degree angle, while UPC connectors have no angle. UPC adapters are blue, while APC adapters are green.
The ST connector is a round, bayonet type of connector used with fiber-optic cable, which uses a twist on-twist off technology. The
ST stands for straight tip, which refers to the white tip at the end of the connector. It is larger than an LC connector. An ST
connector resembles the following exhibit:
A BNC connector is used to connect a 10Base2 (ThinNet) cable to a computer or network device. It is also used to terminate DS3
connections in a telecommunications facility. It is not used by fiber-optic cable. A BNC connector resembles the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
86/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Another connector that is used with fiber-optic cabling is the Mechanical Transfer Registered Jack (MTRJ) connector. It more
closely resembles the RJ-45 connector used in UTP and STP cabling. An MTRJ connector resembles the following exhibit:
RJ-45 connectors are used to connect unshielded twisted-pair (UTP) and shielded twisted-pair (STP) cable to hubs, network
interface cards (NICs), and various other twisted-pair networking devices. RJ-45 connectors are shaped like RJ-11 connectors,
only larger. They use an 8-pin connector that house eight (four pair) wires. Registered Jack (RJ) connectors use a small tab to lock
the connector in place. An RJ-45 connector resembles the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
87/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
An RJ-11 connector is typically used to connect two pairs of UTP wiring to a voice-grade telephone system. They are smaller than
RJ-45 connectors. An RJ-11 connector resembles the following exhibit:
An RJ-48C connector at first glance will look exactly like an RJ-45 connector. However, on close examination, a technician will
notice that the wires are in a different order. It is mostly commonly used for T1 data lines for longer distances and when exposed to
the environment. To protect the integrity of the signal, RJ48 wirings use STP cabling.
A DB-9 connector, also referred to as an RS-232 connector, is a serial connector. A DB-9 connector resembles the following
exhibit:
Another serial connector is a DB-25 connector. A DB-25 cable resembles the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
88/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A UTP coupler is a small block for connecting two UTP cables to form a longer one. An RJ-45 UTP coupler is shown in the
following exhibit:
A BNC coupler works like a UTP coupler, only for BNC cables not UTP cables. A BNC couple is shown in the following exhibit:
An F connector, also referred to as F-type connector, is a connector for coaxial cable. An F connector is shown in the following
exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
89/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
An FC connector is used in fiber-optic networks. It has a threaded body that is useful in environments where vibrations occur. An
FC connector is shown in the following exhibit:
A fiber coupler, like a UTP and BNC coupler, is used to attach two separate fiber optic cables. Fiber couplers match the particular
type of fiber-optic connector that you use.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
LC Connector, http://encyclopedia2.thefreedictionary.com/LC+connector
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media
Question #83 of 200
Question ID: 1123249
Which metric is used by the Routing Information Protocol (RIP) Version 2 protocol to determine the network path?
A) convergence
B) delay
C) bandwidth
D) hop count
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
90/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Both Versions 1 and 2 of RIP use hop count as the primary metric to determine the most desirable network path. A metric is a
variable value assigned to routes and is a mechanism used by routers to choose the best path when there are multiple routes to
the same destination. Each router traversed by a packet from the source to the destination constitutes one hop. The lower the hop
count, the higher the preference given to that path. Using RIP, the hop count is limited to 15 hops. Any router beyond this number
of hops is marked as unreachable.
RIP does not use delay as its primary metric. Delay refers to the time an Internet Protocol (IP) packet takes to travel from source to
destination. Some dynamic protocols, such as Interior Gateway Routing Protocol (IGRP), use delay in combination with other
parameters to determine the best path to the destination.
RIP does not use bandwidth as its primary metric. Bandwidth refers to the maximum attainable throughput on a link. This metric is
used as a part of the metric calculation by some routing protocols, such as IGRP and Enhanced IGRP (EIGRP).
RIP does not use convergence as its primary metric. Convergence ensures that the status of a set of routers has the same
knowledge of the surrounding network topology. The goal of convergence is to ensure that data is transmitted at a steady state.
Link-state protocols provide faster convergence than distance-vector protocols. EIGRP provides faster convergence than OSPF,
but OSPF provides faster convergence than RIP. When convergence on a routed network occurs, all routers learn the route to all
connected networks.
RIP v1, RIP v2, and IGRP are considered distance vector protocols. Open Shortest Path First (OSPF) is a link-state protocol.
EIGRP is a balanced hybrid routing protocol, also referred to as an advanced distance vector protocol.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Routing Protocol Examples
TCP/IP Routing Information Protocol, http://www.tcpipguide.com/free/t_TCPIPRoutingInformationProtocolRIPRIP2andRIPng.htm
Question #84 of 200
Question ID: 1123548
A user in the Engineering department is unable to log on to the network. The network has eight subnets and uses TCP/IP. There
have been no other complaints from other departments. Which steps should help you isolate the cause of the problem? (Choose
two.)
A) Ping the server.
B) Configure a WINS server.
C) Establish whether other local-segment users are having the same problem.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
91/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) Replace all the patch cables.
Explanation
When troubleshooting a problem, you should try the obvious or quick fixes first. This is especially true when you are attempting to
correct a problem remotely with a non-technical and often impatient end user.
A logical first place to start troubleshooting would be to determine if the condition is network-wide or workstation-specific. You
should have other similar users attempt to perform the same actions. If they are able to do so, the problem is a local condition.
Next, you should ping the server from the user's computer.
A WINS server is only needed when you are using NetBIOS names for resolution. The patch cables should only be replaced if
more than one computer is experiencing the problem and only after determining that the cables are the problem.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Chapter 12: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #85 of 200
Question ID: 1289237
You are the network administrator for your company. You are in the process of verifying the configuration of the network devices to
ensure smooth network connectivity. You want information on the routes taken by packets from a Cisco router so that you are able
to identify the network points where packets are being dropped. Which command should you use to accomplish this task in the
most efficient manner?
A) tracert
B) traceroute
C) extended ping
D) ping
Explanation
You should use the traceroute command. The traceroute command finds the path a packet takes while being transmitted to a
remote destination. It is also used to track down routing loops or errors in a network. The following code is a sample output of the
traceroute command:
Type escape sequence to abort. Tracing the route to 33.0.0.4 1 11.0.0.2 4 msec 4 msec 4 msec 2 24.0.0.3
20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec Jan 20 16:42:48.611: IP: s=12.0.0.1 (local),
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
92/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
d=33.0.0.4 (Serial0), len 28,sendingJan 20 16:42:48.615: UDP src=39911, dst=33434Jan 20 16:42:48.635: IP:
s=11.0.0.2 (Serial0), d=11.0.0.1 (Serial0), len 56,rcvd 3Jan 20 16:42:48.639: ICMP type=11, code=0
The tracert command is incorrect because this command is used by Windows operating systems, not the Cisco command-line
interface. However, the purpose of the tracert command is similar to the Cisco traceroute utility, namely to test the connectivity or
"reachability" of a network device or host. The tracert command uses Internet Control Message Protocol (ICMP).
The extended ping Cisco command can be issued on a router to test connectivity between two remote routers. This option is
incorrect because you are not testing connectivity in this scenario; you want to determine the route a packet takes through the
internetwork.
The ping command is also incorrect because you are not testing connectivity in this scenario; you want to determine the route a
packet takes through the internetwork.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Cisco IOS Command Fundamentals Reference, Release 12.4: traceroute,
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_t1.html#wp1026406
Using the Extended ping and Extended traceroute Commands,
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #86 of 200
Question ID: 1289088
You are asked to acquire address space for a new network that must accommodate at least 12 subnets, each with at least 2,048
nodes. A total of 25,576 IP addresses are needed, but the available address space should leave some room for growth in each
subnet, and for the number of subnets to double (or more). The network must also support IPsec to the endpoints for security
reasons.
Which of the following options provides the best fit while minimizing costs?
A) Private IPv4 Class A network (10.0.0.0)
B) IPv6 network with a /56 global routing prefix
C) IPv6 network with a /64 global routing prefix
D) Public IPv4 Class B network, purchased on the open market
E) IPv6 network with a /48 global routing prefix
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
93/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
The IPv6 network with a /56 global routing prefix should impose little or no cost to obtain. It also provides 256 subnets, each with
millions of nodes, and supports IPsec end-to-end. Thus, it provides the best fit while minimizing costs because it meets the starting
requirements with ample room for growth. In fact, in a situation where IPsec is needed end-to-end, only IPv6 makes sense.
Private IP addresses do NOT support IPsec connections end-to-end. They require Network Address Translation (NAT) or some
equivalent, and will not work with IPsec. Thus, a Private IPv4 Class A address is not suitable.
If one could purchase a public IPv4 class B network address on the open market, it would cost at least $300,000, if not double that
amount or more (see References). A single class B address can only be subdivided into 14 subnets, if each one needs 2,048
nodes. Thus for both reasons of cost and capacity, a public IPv4 Class B network address is not suitable.
IPv6 network addresses are generally available for no cost or low cost, but one with a /64 global routing prefix provides exactly one
subnet (a single network, in other words). Thus it does not meet the stated requirements.
An IPv6 network with a /48 global routing prefix supports up to 65,000 subnets, each with millions of nodes. It is a popular choice
for single subscriber sites, but offers many more subnets than are needed. Thus, it does NOT meet the stated requirements.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
How to Buy (or Sell) IPv4 Addresses, http://www.gtri.com/how-to-buy-or-sell-ipv4-addresses/
“CIDR (Classless Inter-Domain Routing or supernetting)” http://searchnetworking.techtarget.com/definition/CIDR
"Understanding IP Addressing and CIDR charts" https://www.ripe.net/about-us/press-centre/understanding-ip-addressing
Question #87 of 200
Question ID: 1289231
You need to check for open circuits and short circuits on your network. Which tool should you use?
A) cable tester
B) toner probe
C) butt set
D) protocol analyzer
Explanation
A cable tester will check for open circuits and short circuits on your network. A cable tester typically includes an electric current
source, a volt meter, and an interface for connecting to the cable. An open circuit occurs when a needed connection is missing. A
short circuit occurs when an unidentified connection exists. A cable tester could be used if access to resources has slowed
considerably. It also tests the proper grounding of cabling.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
94/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A butt set is used to test telephone lines. It would be useful if you need to determine where a telephone line is plugged into a
punch block.
A toner probe is used to identify a single cable on the network. It would be useful if you need to determine where a network cable
is plugged into a punch block. It is the best tool to use to locate a bad CAT5 cable.
A protocol analyzer is software that enables you to view information about the network communications protocols that are used on
a network.
For the Network+ exam, you must also be familiar with the following troubleshooting tools:
Speed test sites - These sites are used to determine the speed of your Internet connection. They are a great method to help
you see if you are getting the speed promised by your Internet service provider (ISP). For a list of possible sites to use, please
see http://pcsupport.about.com/od/toolsofthetrade/tp/internet-speed-test.htm.
Looking glass sites - These sites view routing information from a server's perspective using Border Gateway Protocol (BGP)
routes. For a list of possible looking glass servers, please see http://www.bgp4.as/looking-glasses.
Wi-Fi analyzer - These tools are used to analyze the signal strength of your wireless access points. For a list of possible FREE
Wi-Fi analyzers for laptops or mobile devices, please see http://open-tube.com/free-wifi-analyzers-for-laptops-mobile-devices/
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Cable tester, http://en.wikipedia.org/wiki/Cable_tester
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #88 of 200
Question ID: 1289207
A user notifies you regarding the features that are available with his computer's video card. He says that the video card's
manufacturer has several new features for the video card that he is unable to locate or use. He needs access to these features.
What should you do?
A) Check for firmware updates.
B) Check for driver updates.
C) Upgrade the operating system.
D) Check for operating system updates.
Explanation
You should check for driver updates. Periodically, vendors may release new features for their products. For video cards, these new
features are part of the driver software. You should not check for operating system updates.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
95/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Operating system updates may include new operating system features, but the user is requesting new video card features. These
are usually offered as part of a new device driver.
You should not check for firmware updates. Firmware is used for routers, switches, mobile phones, and computers. They are not
used for video cards.
You should not upgrade the operating system. The new video card features are part of the device driver software, not the operating
system.
Objective:
Network Security
Sub-Objective:
Given a scenario, implement network device hardening.
References:
HTG Explains: When Do You Need to Update Your Drivers?, http://www.howtogeek.com/98465/htg-explains-when-do-you-need-toupdate-your-drivers/
Question #89 of 200
Question ID: 1289283
A user is complaining about wireless connectivity. Their cubicle is on a concrete wall, and the wireless access point is mounted on
the other side of the wall. What describes what is happening to the wireless signal that only has to travel a few inches?
A) Absorption
B) Frequency mismatch
C) Refraction
D) Attenuation
Explanation
Absorption occurs when an object does not reflect or refract a wireless signal, but rather absorbs a portion of it. Different materials
have different absorption rates. For example, drywall has a relatively low absorption rate, while concrete has a relatively high
absorption rate.
Refraction “bends” the signal as it passes through, or the signal curves as it tries to go around the object. Think of a stick where
part of the stick is in the water and part of the stick is out of the water. The stick appears ‘‘bent” because the water causes
refraction of the image. This may result in communication issues.
Frequency mismatch occurs when one device is operating at 2.4GHz and another device is operating at 5GHz, causing
communication to drop. Both (or all) devices must be on the same frequency to communicate. One solution to ensure coverage for
all devices is to have one access point operating at 2.4, and another operating at 5 is to differentiate the access points. This might
be achieved by including the frequency in the SSID, such as MyNetwork2.4 and MyNetwork5.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
96/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Attenuation is the degradation of a signal, typically occurring over distance. Wireless networks are particularly susceptible to
attenuation, due to their distance limitations. Typical effective indoor ranges for wireless signals are from 90-225 feet. Attenuation
is not caused by concrete walls.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
Do You Know The RF Fundamentals?, https://blog.aerohive.com/do-you-know-the-rf-fundamentals/
5 Phenomena That Impact Wi-Fi Signal, https://www.mirazon.com/5-phenomena-that-impact-wi-fi-signal/
Question #90 of 200
Question ID: 1123617
You are installing a second wireless access point in your office. When you place the second wireless access point, you notice it is
experiencing interference intermittently. You want to prevent the interference. Which method would NOT prevent interference?
A) Change the channel used on the new wireless access point.
B) Decrease the signal strength of the new wireless access point.
C) Increase the signal strength of the new wireless access point.
D) Move the new wireless access point.
Explanation
You should NOT increase the signal strength of the new wireless access point. This would probably increase the interference.
Decreasing the signal or power strength can ensure that the wireless LAN does not extend beyond a certain area.
You could move the new wireless access point, change the channel used on the new wireless access point, or decrease the signal
strength of the new wireless access point. One other method for preventing wireless interference is changing the wireless
telephone used. The scenario only stated that intermittent interference was occurring. It did not state what was causing the
interference.
Another potential wireless issue is the wrong antenna type. Antenna types can affect the area that a wireless signal will cover.
Unidirectional antennas only transmit in a single direction, while omnidirectional antennas transmit in a defined radius from the
antenna placement. In both cases, you should ensure that the wireless access point is placed in an area where the antenna type
will be most effective.
Objective:
Network Troubleshooting and Tools
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
97/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
HowTo: Prevent Wireless Interference, http://www.networkwebcams.com/ip-camera-learning-center/2008/05/09/howto-preventwireless-interference/
CompTIA Network+ N10-006 Cert Guide, Chapter 8: Wireless Technologies, Deploying Wireless LANs
Question #91 of 200
Question ID: 1289236
You are troubleshooting a network connectivity problem on a Windows 7 computer. You issue the following command at a
command prompt in command prompt window:
nbtstat -r
Which screen is displayed as a result of issuing this command?
A)
B)
C)
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
98/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D)
Explanation
A table of NetBIOS names resolution and registration statistics will be displayed when you issue the nbtstat -r command. This
screen displays NetBIOS connection statistics, such as the number of NetBIOS names resolved by broadcast and the number of
NetBIOS names resolved by a NetBIOS name server. This screen also displays the NetBIOS names that have been resolved.
The Active Connections screen is displayed when you issue the netstat -a or netstat -A command at a command prompt on a
Windows computer.
The Route Table screen is displayed when you issue the netstat -r or netstat -R command at a command prompt on a Windows
computer.
The NetBIOS Local Name Table screen is displayed when you issue the nbtstat -n or nbtstat -N command at a command prompt
on a Windows computer.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Troubleshooting Tools and Strategies, http://technet.microsoft.com/en-us/library/cc961857.aspx
Nbtstat switches and example output, http://www.hildrum.com/nbtstat.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #92 of 200
Question ID: 1289174
You work for a medium-sized company. You would like to provide secure, remote access between the company's three Internetconnected sites and their Windows client, servers, and domain controllers. Which option would provide adequate security and cost
the least overall?
A) Purchase WAN links between each pair of sites, and run a commercial VPN over IPSec.
B) Create a VPN, and run RDP over the VPN.
C) Use a freeware VNC to run TeamViewer over the Internet.
D) Use IPSec to secure RDP over the Internet with connection security rules and
associations.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
99/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
You should use Internet Protocol Security (IPSec) to secure Remote Desktop Protocol (RDP) over the Internet with connection
security rules and associations because it uses only Microsoft-supplied protocols and services. This is the only option that provides
an additional layer of encryption and security beyond what is included in RDP or Windows Remote Desktop Connections. The
connection security rules and associations work with IPSec to establish how to broker a legitimate RDP connection and to manage
proofs of identity and authentication between communicating parties.
Purchasing WAN links between each pair of sites and running a commercial virtual private network (VPN) over IPSec offers strong
security. However, doing so would require purchasing dedicated WAN links when Internet costs are lower or already covered
through the company’s existing Internet access. This solution also incurs additional costs for a commercial VPN in which to run
remote access.
Creating a VPN, and running RDP over the VPN eliminates the cost of WAN links, but incurs the costs for a commercial VPN.
Thus, it is not as cheap as the RDP option.
Using a freeware virtual network computing (VNC) to run TeamViewer over the Internet is not a cheaper option because
TeamViewer would incur costs to run. In addition, a VNC is not needed as Windows computers include RDP. VNC is an option to
use if other operating systems are included.
RDP does not offer complete security by itself. It also fails to provide authentication to verify the identity of RD session hosts. At a
minimum, TLS should be employed to strengthen RDP.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use remote access methods.
References:
Securing RDP with IPSec, https://blogs.technet.microsoft.com/askpfeplat/2017/07/24/securing-rdp-with-ipsec/
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Remote Access Methods
Question #93 of 200
Question ID: 1123318
What is the purpose of a pointer (PTR) DNS record?
A) It maps an IP address to a hostname.
B) It maps a hostname to an IPv6 address.
C) It contains an alias for an existing A record.
D) It contains information regarding a particular DNS zone's start of authority.
E) It maps a hostname to an IPv4 address.
F) It maps a domain name to an e-mail server.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
100/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
A pointer (PTR) record maps an IP address to a hostname.
A host or address (A) record maps a hostname to an IPv4 address. An AAAA record maps a hostname to an IPv6 address. A mail
exchange (MX) record maps a domain name to an e-mail server. A canonical name (CNAME) record contains an alias for an
existing A record. A start of authority (SOA) record contains information regarding a particular DNS zone's start of authority.
A Domain Name System (DNS) server is the authority for a DNS zone, which contains DNS records. DNS servers allow users to
request access to devices using either the devices' hostname or IP address. A DNS server stores fully qualified domain name
(FQDN) to IP address mappings. This server allows clients to use the easier-to-remember FQDNs to access remote devices.
Dynamic DNS is an implementation of DNS that allows real-time updates to DNS records. With Dynamic DNS (DDNS), devices
can automatically update their DNS records or allow a DHCP server to implement the updates on behalf of the DNS client.
Objective:
Networking Concepts
Sub-Objective:
Explain the functions of network services.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices
Question #94 of 200
Question ID: 1123387
Your company owns a single physical server. You need to ensure that Web services are hosted in a Linux environment while
Active Directory services are hosted in a Windows environment. In addition, you need to ensure that these services are hosted on
different broadcast domains. What should you do?
A) Implement virtual servers and PBXs.
B) Implement virtual servers and switches.
C) Implement virtual desktops and servers.
D) Implement virtual desktops and switches.
Explanation
You should implement virtual servers and switches. Implementing virtual servers would allow you to host a Linux environment for
Web services and a Windows environment for Active Directory services on the same physical server. Implementing virtual switches
will allow you to host the services on different broadcast domains.
You should not implement virtual desktops. Virtual desktops allow you to implement a uniform user environment.
You should not implement virtual PBXs. A virtual PBX allows you to outsource your telephony service to a service provider. This is
an example of software as a service (SaaS). A virtual PBX is usually a Voice over IP (VoIP) solution.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
101/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
When considering virtualization solutions, keep in mind that onsite services reside at your organization's corporate location or
branch facility. Offsite services are provided by service providers usually in cases where the leasing organization does not have the
means to implement its own data center. When a service provider provides these networking services, it is referred to as Network
as a Service (NaaS).
Objective:
Infrastructure
Sub-Objective:
Explain the purposes of virtualization and network storage technologies.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 3 Network Components, Virtual Network Devices
Question #95 of 200
Question ID: 1123443
Your company periodically exchanges confidential information with a third party via a single server at each company. Management
has recently become concerned that communications between the two servers have been intercepted and read. You have been
asked to ensure that messages between the two authenticated computers are encrypted to prevent attackers from reading the
messages. Which protocol should you use?
A) TFTP
B) DNS
C) TLS
D) UDP
Explanation
Transport Layer Security (TLS) encrypts the messages transmitted between two authenticated computers, preventing third parties
from reading the messages. TLS is the protocol being used when Secure Sockets Layer (SSL) is implemented. TLS works at the
Transport layer of the OSI model.
Domain Name System (DNS) is a database that translates a computer's fully qualified domain name (FQDN) to its IP address.
DNS works at the Application layer of the OSI model. A DNS database stores canonical records.
Trivial File Transfer Protocol (TFTP) is a connectionless version of the File Transfer Protocol (FTP). TFTP transfers files between a
client and a server. TFTP works at the Application layer of the OSI model.
User Datagram Protocol (UDP) is part of the TCP/IP protocol suite. UDP provides connectionless communication. UDP works at
Transport layer of the OSI model. It uses datagrams for communication.
Objective:
Network Operations
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
102/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Given a scenario, use remote access methods.
References:
What is Transport Layer Security?, http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci557332,00.html
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks
Question #96 of 200
Question ID: 1123221
You administer a TCP/IP network. You want to enable the hosts on your network to be automatically configured with IP
configurations, such as IP address, subnet mask, and default gateway address. The IP configurations should be leased to the
clients for a limited time.
Which protocol should you use to accomplish this task?
A) HTTP
B) SMTP
C) IPP
D) DHCP
E) BOOTP
Explanation
You should use Dynamic Host Configuration Protocol (DHCP) to automatically configure the hosts on your network with IP
configurations. DHCP was designed to automatically configure frequently moved, fully boot-capable computers, such as laptop
computers, with IP configurations. You can use DHCP to configure such IP settings as IP address, subnet mask, and default
gateway address. Typically, DHCP information is leased to a client for a limited period. DHCP clients usually release DHCP
information when they are shut down. When a DHCP client retrieves IP configurations from a DHCP server, the DHCP client is not
necessarily configured with the same IP configurations as on previous occasions.
BOOTstrap Protocol (BOOTP) is a host configuration protocol that was designed before DHCP. BOOTP was designed to configure
diskless workstations with IP configurations. BOOTP does not lease IP configurations as DHCP does. Instead, a BOOTP server
permanently assigns IP configurations to a BOOTP client. When a BOOTP client is started, the BOOTP server always assigns the
same IP configurations to the BOOTP client.
Hypertext Transfer Protocol (HTTP) is used to transfer Web pages on a TCP/IP network. Simple Mail Transfer Protocol (SMTP) is
used to transfer e-mail messages on a TCP/IP network. Internet Printing Protocol (IPP) is used to enable network printing through
a TCP/IP network such as the Internet. HTTP, SMTP and IPP are not used to automatically configure hosts on a TCP/IP network
with IP settings.
Objective:
Networking Concepts
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
103/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
TCP/IP Dynamic Host Configuration Protocol (DHCP),
http://www.tcpipguide.com/free/t_TCPIPDynamicHostConfigurationProtocolDHCP.htm
Question #97 of 200
Question ID: 1289168
Your company has decided to implement IPSec for all remote connections. Which three statements are true of Internet Protocol
Security (IPSec)? (Choose three.)
A) IPSec uses encapsulation security payload (ESP) and authentication header (AH) as
security protocols for encapsulation.
B) IPSec can work in either in tunnel mode or transport mode.
C) The IPSec framework is used in a virtual private network (VPN) implementation to secure
transmissions.
D) The IPsec framework uses L2TP as the encryption protocol.
E) IPSec ensures availability of information as a part of the CIA triad.
Explanation
Internet Protocol Security (IPSec) is an Internet Engineering Task Force (IETF) protocol and a security standard commonly
implemented to create virtual private networks (VPNs). IPSec can operate in tunnel mode or transport mode. In transport mode,
only the payload, that is, the message part of a packet is encrypted by encapsulating security payload (ESP). In IPSec tunnel
mode, the entire packet including the packet header and the routing information is encrypted. IPSec tunnel mode provides a higher
level of security. Either of the two modes can be used to secure gateway-to-gateway (site-to-site), host-to-gateway (host-to-site), or
host-to-host communication. If used in gateway-to-host communication, the gateway must act as the host.
IPSec allows packets to be securely exchanged over the Internet Protocol (IP) at the OSI Network layer rather than at the
Application layer. While the IETF developed the standard, Cisco has contributed to its emergence. Cisco routers have support for
IPSec built into the product. IPSec uses ESP and authentication header (AH) as security protocols. AH provides the authentication
mechanism, and ESP provides encryption, confidentiality, and message integrity. IPSec sets up a secure channel that uses a
strong encryption and authentication method between two network devices, such as routers, virtual private network (VPN)
concentrators, and firewalls.
IPSec can provide security between any two network devices running IPSec, but its chief implementation is in securing VPN
communications. IPSec provides security by protecting against traffic analysis and replay attacks. IPSec is primarily implemented
for data communication between applications that transfer data in plaintext. IPSec secures the network device against attacks
through encryption and encapsulation. The IPSec does not use the L2TP protocol to encrypt messages. L2TP is used for secure
communication in VPN networks and is a hybrid of Layer 2 Forwarding (L2F) and Point-to-Point Tunneling Protocol (PPTP).
IPSec ensures integrity and confidentiality of IP transmissions but cannot ensure availability of the information. Generic Routing
Encapsulation (GRE) is a tunneling protocol developed by Cisco Systems that can encapsulate a wide variety of network layer
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
104/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
protocols inside virtual point-to-point links over an Internet Protocol internetwork. GRE is an alternative to using IPSec.
Another VPN implementation is a Secure Sockets Layer (SSL) VPN. An SSL VPN is a VPN that can be used with a standard Web
browser. In contrast to an IPsec VPN, an SSL VPN does not require the installation of specialized client software on the end user's
computer.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use remote access methods.
References:
What is IPSec?, http://technet.microsoft.com/en-us/library/cc776369.aspx
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks
Question #98 of 200
Question ID: 1123507
Which of the following attacks directs user traffic to a malicious web site without any outside communication from an attacker?
A) Phishing
B) ARP poisoning
C) DNS poisoning
D) Ransomware
Explanation
DNS poisoning, also known as DNS cache poisoning, can direct user traffic to a malicious web site. The attack is accomplished by
inserting a bogus record in the DNS server cache, redirecting traffic from the "good" web site to the malicious web site.
Phishing is the action of sending out an email that is designed to trick the user into giving up their personal information. That
information is then exploited by criminal. Phishing emails appear to come from legitimate companies, and when the user clicks on
a link in the email, the user is directed to a website that appears authentic. The user then fills in account information, which is
captured by the criminal. However, this attacks requires outside communication from the attacker of some sort.
Address Resolution Protocol (ARP) poisoning occurs when an attacker sends counterfeit messages on the network, resulting in
the replacement of a legitimate user's MAC address with the attacker's MAC address. Once that happens, the attacker will begin
receiving traffic destined for the legitimate user.
Ransomware is an attack that holds a computer hostage until the user pays a fee. The attacks often begin as an urgent email,
where the user is directed to click a link or open a document to resolve the issue. Once the user completes the action, malicious
software is installed on the user's computer, often locking the user out of the system until a fee is paid.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
105/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Network Security
Sub-Objective:
Summarize common networking attacks.
References:
3 Common DNS Attacks and How to Fight Them, https://www.calyptix.com/top-threats/3-common-dns-attacks-and-how-to-fightthem/
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks
Question #99 of 200
Question ID: 1123555
You need to obtain the current protocol statistics and port connections for Windows and UNIX/Linux computers. Which tool should
you use?
A) netstat
B) nbtstat
C) ping
D) tracert
Explanation
Netstat is a TCP/IP utility that you can use to determine the computer's inbound and outbound TCP/IP connections. It displays
current connections and their listening ports.
Ping is a Windows and UNIX/Linux command that is used to test a connection between two computers.
Issuing nbtstat at a Windows command prompt will show NetBIOS information.
Issuing tracert at a Windows command prompt will trace the route a packet takes from the source computer to the destination host.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Netstat, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1270289,00.html
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
106/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #100 of 200
Question ID: 1123290
Your company has decided to implement a wireless network. The wireless network users must be able to connect to resources on
your internal network, including file, print, and DHCP services. All wireless clients will run the Windows operating system.
What should you implement? (Choose all that apply.)
A) Infrastructure mode
B) Ad hoc mode
C) Static IP addresses
D) A wireless access point
E) APIPA
Explanation
Infrastructure mode allows wireless computers to connect to a LAN, WAN, or the Internet. This means that infrastructure mode
wireless computers can access all computers on the LAN, WAN, and Internet. Infrastructure mode is much more expensive to
implement than ad hoc mode because you must configure wireless access points. While infrastructure mode is harder to set up
and configure, it is much easier to manage than ad hoc mode.
Ad hoc mode allows wireless computers to be configured much more quickly than infrastructure mode. Ad hoc mode wireless
computers all participate in the same network. This means that the ad hoc wireless computers can access each other, but cannot
access network resources on a LAN, WAN, or Internet. Ad hoc mode is much cheaper than infrastructure mode to implement. In
addition, it is easy to set up and configure and can provide better performance than infrastructure mode. However, it is difficult to
manage an ad hoc mode wireless network.
Static IP addresses should not be implemented because the corporate network contains a DHCP server. APIPA should not be
used for the same reason. In addition, APIPA is utilized only if a DHCP server is not found.
Objective:
Networking Concepts
Sub-Objective:
Compare and contrast the characteristics of network topologies, types and technologies.
References:
A Guide to Ad-Hoc Mode in Networking, https://www.lifewire.com/ad-hoc-mode-in-wireless-networking-816560
Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs
Question #101 of 200
Question ID: 1123260
You want to enable port authentication on your network switches. On which setting is port authentication based?
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
107/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) port number
B) MAC address
C) protocol
D) IP address
Explanation
Port authentication on your network switches is based on the switch's MAC address. If the switch is not specifically configured with
a MAC address, the MAC address communication is not allowed through the switch port.
Port authentication on a switch is not based on the IP address, protocol, or port number.
For the Network+ exam, you also need to understand managed versus unmanaged switches. Managed switches give you more
control over your traffic and offer advanced features to control that traffic. An unmanaged switch simply allows Ethernet devices to
communicate with one another. They are shipped with a fixed configuration and do not allow any changes to this configuration.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
Port-based Authentication, http://www.mcmcse.com/cisco/guides/port_based_authentication.shtml
CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features
Question #102 of 200
Question ID: 1123353
You are installing the wiring for a small office. You want to connect the fifty computers in the office to the switch. The Cat6 cables
that you plan to use have RJ-45 connectors on both ends.
Which component should you use?
A) 110 block
B) demarcation extension
C) 66 block
D) patch panel
Explanation
You should use a patch panel to connect the fifty computers in the office to the switch using Cat6 cables with RJ-45 connectors on
both ends. Patch panels help with cable management.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
108/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You should not use a 66 block or 110 block because these devices require that the cable be directly terminated into the device. If
the cables are terminated with a jack, such as an RJ-45 connector, a patch panel should be used.
You should not use a demarcation extension. A demarcation extension, often called a demarc extension, is used to extend a
leased line from its original demarcation point, often called a demarc. For example, suppose your network was located in a suite
on the 48th floor of a building and that the Internet Service Provider (ISP) technician connected your leased T1 line demarcation to
a central wiring closet located near the elevator shaft. If you needed to connect your suite to that demarcation point, a demarcation
extension should be used.
Another component is wiring distribution is a smart jack. A smart jack terminates a PRI/T1 at your location. The provider
designates everything connected to the inside of the smart jack as the local loop. The local loop equipment typically is the
customer's responsibility.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
Patch panel, http://en.wikipedia.org/wiki/Patch_panel
Question #103 of 200
Question ID: 1289110
Your company decides to implement a WLAN for usage by visitors. Management has requested that you implement a WLAN that
supports a maximum of 11 Mbps data rate. Which WLAN technology supports this data transmission rate?
A) 802.11g
B) 802.11e
C) 802.11a
D) 802.11b
Explanation
The 802.11b wireless local area network (WLAN) technology supports maximum data rates of 11 Mbps.
802.11b WLAN clients, access points, and bridges use the Direct Sequence Spread Spectrum (DSSS) for transmission through RF
ports. DSSS radio transmission provides data rates between 1 Mbps and 11 Mbps. DSSS uses three types of modulation schemes
for Radio Modulation:
Binary Phase Shift Keying (BPSK) for transmitting data rates at 1 Mbps.
Quadrature Phase Shift Keying (QPSK) for transmitting data rates at 2 Mbps.
Complementary Code Keying (CCK) for transmitting data rates at 5.5 Mbps and 11 Mbps.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
109/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
802.11a WLANs work in the 5-GHz Industrial, Scientific and Medical (ISM) frequency band with Orthogonal Frequency Division
Multiplexing (OFDM). OFDM supports a maximum data rate of 54 Mbps.
802.11g WLANs work in the 2.4-GHz frequency band and supports a maximum data rate of 54 Mbps. 802.11g is compatible with
802.11b. 802.11g hardware will work on an 802.11b network, and vice versa.
802.11e is a specification that was implemented to add quality of service (QoS) features to the 802.11 specification.
802.11n is a specification that was designed to replace 802.11a, 802.11b, and 802.11g. To achieve maximum throughput, 802.11n
should be implemented in the 5-GHz ISM frequency, but can be operated at the 2.4-GH ISM frequency for backwards compatibility.
This frequency is capable of up to 600 Mbps. 802.11provides faster throughput using multiple input, multiple output (MIMO) and
channel bonding. But if you implement an 802.11n wireless card on an existing wireless network and achieve only 11 Mbps with full
signal strength, the network is implementing 802.11b, making the network only capable of the lower speed.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, implement the appropriate wireless technologies and configurations.
References:
Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=2
Cisco Internetworking Technology Handbook: Introduction to QAM,
http://www.cisco.com/en/US/docs/internetworking/technology/handbook/wireless.html#wp1020600
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs
Question #104 of 200
Question ID: 1289170
You are deploying a virtual private network (VPN) for remote users. You want to meet the following goals:
The VPN gateway should require the use of Internet Protocol Security (IPSec).
All remote users must use IPSec to connect to the VPN gateway.
No internal hosts should use IPSec.
Which IPSec mode should you use?
A) host-to-gateway
B) host-to-host
C) gateway-to-gateway
D) This configuration is not possible.
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
110/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You should deploy host-to-gateway IPSec mode. In this configuration, the VPN gateway requires the use of IPSec for all remote
clients. The remote clients use IPSec to connect to the VPN gateway. Any communication between the VPN gateway and the
internet hosts on behalf of the remote clients does not use IPSec. Only the traffic over the Internet uses IPSec. In host-to-host
IPSec mode, each host must deploy IPSec. This mode would require that any internal hosts that communicate with the VPN
clients would need to deploy IPSec.
In gateway-to-gateway IPSec mode, the gateways at each end of the connection provide IPSec functionality. The individual hosts
do not. For this reason, the VPN is transparent to the users. This deployment best works when a branch office or partner company
needs access to your network.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use remote access methods.
References:
IPSec Overview Part Two: Modes and Transforms, http://www.ciscopress.com/articles/article.asp?p=25477
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks
Question #105 of 200
Question ID: 1289232
You install a network analyzer to capture your network's traffic as part of your company's security policy. Later, you examine the
captured packets and discover that the only packets that were captured are from Subnet 1. You need to capture packets from all
four subnets on your network. Two routers are used on your network.
What could you do? (Choose two. Each answer is a complete solution.)
A) Install the network analyzer on a router.
B) Install the network analyzer on the firewall.
C) Install the network analyzer on all four subnets.
D) Install a port scanner.
E) Install a distributed network analyzer.
Explanation
You could either install the network analyzer on all four subnets, or install a distributed network analyzer. Standard network
analyzers only capture packets on the local subnet. To capture packets on a multi-subnet network, you could install the network
analyzer on all four subnets. Alternatively, you could purchase a network analyzer that can capture all packets across the subnets.
Typically, a distributed network analyzer consists of a dedicated workstation network analyzer installed on one subnets and
software probes installed on the other subnets.
You should not install a port scanner. A port scanner reports which ports and services are being used on your network.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
111/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You should not install the network analyzer on a router. This will only allow you to capture packets on the subnets connected to the
router. The scenario indicates that there are two routers on your network.
You would need to install the network analyzer on both routers.
You should not install the network analyzer on the firewall. This will only allow you to capture packets on the subnets connected to
the firewall.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Network Monitoring Tools, http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #106 of 200
Question ID: 1289123
You must propose a cabling scheme for your company's new location. Several departments are located on the same floor with a
maximum distance of 61 meters (200 feet) between departments. You want a relatively easy, low-cost installation with simple
connections.
Which type of cabling would you propose?
A) ThinNet
B) ThickNet
C) Fiber-optic
D) Twisted-pair
Explanation
Twisted-pair cabling is the least expensive cabling media. Because unshielded twisted-pair (UTP) is commonly used in telephone
systems, it is mass-produced, making it inexpensive and widely available. In addition, twisted-pair cabling is very easy to work
with, meaning that very little training is required for its installation.
As in telephone systems, twisted-pair cabling uses Registered Jack (RJ) connectors to connect cables to components. Computer
networks use the larger RJ-45 connectors, which are very similar to the commonly known RJ-11 connectors used in telephone
systems; this adds to the simplicity of installing twisted-pair.
Twisted-pair has a maximum length of 100 meters (328 feet), which will work for the company in the scenario because the offices
are located within 61 meters (200 feet) of each other. It is important to note that twisted-pair is the networking-cable type most
susceptible to attenuation, which is why its maximum distance is 100 meters (328 feet).
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
112/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
The following is a table of network media comparisons:
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
CCNA: Network Media Types > Twisted-Pair Cable, http://www.ciscopress.com/articles/article.asp?p=31276
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Media
Question #107 of 200
Question ID: 1123438
You need to configure IPSec to digitally sign and encapsulate each packet within another packet. Which of the following should
you implement?
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
113/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) AH protocol in tunnel mode
B) ESP protocol in transport mode
C) ESP protocol in tunnel mode
D) AH protocol in transport mode
Explanation
Internet Protocol Security (IPSec) can be used in tunnel mode with the Authentication Header (AH) protocol to digitally sign and
encapsulate each packet sent from the network within another packet. A tunnel is a network communications construct that
transports encapsulated packets. AH does not really protect the packet information. Therefore, a simple packet sniffer can still read
the packet contents.
IPSec can be used in transport mode with AH to digitally sign and encrypt packets sent between two hosts. AH provides an
authentication security mechanism. Transport mode does not encapsulate packets within other packets. Encapsulating Security
Payload (ESP) can be used with IPSec to encrypt IPSec packets. ESP is not used to digitally sign packet headers. ESP works in
tunnel mode and transport mode. ESP protects the packet information using encryption.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use remote access methods.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Virtual Private Networks
Question #108 of 200
Question ID: 1123502
Which social engineering attack is typically considered the most dangerous?
A) physical penetration
B) Trojan horse
C) dumpster diving
D) social engineering
Explanation
Physical penetration is a social engineering attack that is typically considered the most dangerous attack that a targeted hacker
can use. A targeted hacker chooses a specific organization or target to attack. In a physical penetration attack, a targeted hacker
enters the premises of an organization and gains access to computer systems or plugs a laptop computer into an organization's
internal network. A physical penetration attack is considered the most dangerous type of targeted hacker attack because computer
network equipment is typically not well protected inside an organization's physical location.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
114/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
In a dumpster diving attack, a hacker searches through an organization's trash for sensitive information, such as user names,
passwords, and documents that were intended to be kept secret.
A social engineering attack occurs when a hacker pretends to be a member of an organization in an attempt to gain sensitive
information about an organization's network or operations. A hacker can perform social engineering by using methods such as
instant messaging, the telephone, and face-to-face communications. Employees should be trained to require some form of
identification before giving sensitive information about a company to a stranger. To protect your network against social engineering
attacks, you should enforce the security policy, provide user education, and limit available information.
A Trojan horse is a malicious program typically sent as an e-mail attachment that appears to the end user as a benign application.
A Trojan horse can be programmed to send sensitive information to a hacker.
Objective:
Network Security
Sub-Objective:
Summarize common networking attacks.
References:
Two methodologies for physical penetration testing using social engineering,
http://doc.utwente.nl/69064/1/Pentesting_methodology.pdf
Question #109 of 200
Question ID: 1289061
You are using DSL to connect to the Internet. You recently set up firewall software to protect your computer's resources from
external users. After setting up the firewall software, you can no longer access Web sites by name.
What is the problem?
A) You have a DHCP server on the network.
B) Your firewall software is blocking port 53.
C) Your firewall software is blocking port 25.
D) You do not have a static IP address.
Explanation
Port 53 is the port associated with the Domain Name Service (DNS). If this port is blocked by firewall software, you will not be able
to access computers on the Internet by their fully qualified domain names (FQDNs), such as www.comptia.org or
www.kaplanittraining.com.
With DSL service, you do not have to have a static IP address. It is not required for accessing Web sites by name.
If you have a DHCP server on the network, IP addresses on your network are automatically configured. This would not affect the
ability to connect to Web sites on the Internet.
Port 25 is associated with the SMTP protocol and would not cause this problem.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
115/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137–139
IMAP – 143
SNMP – 161
LDAP – 389
HTTPS – 443
SMB – 445
LDAPS – 636
H.323 – 1720
MGCP – 2427/2727
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
Objective:
Networking Concepts
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications
Blocking port 53 TCP, http://taosecurity.blogspot.com/2007/09/blocking-port-53-tcp.html
Network Ports Used by DNS, http://technet.microsoft.com/en-us/library/dd197515.aspx
Question #110 of 200
Question ID: 1289266
The network you administer is a Fast Ethernet network. Wall outlets are connected to patch panels by 90-meter cables. Patch
panels are connected to switches by 5-meter cables. The network uses Category 5 unshielded twisted-pair (CAT 5 UTP) cable.
You use a 15-meter patch cable to connect a server named Shipping to a wall outlet. You connect the Shipping computer to the
network, start the computer, and properly configure it. However, clients cannot connect to the Shipping server. Clients can connect
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
116/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
to other servers on the network. What will most likely solve the connection problem?
A) replacing the 15-meter patch cable with a 10-meter patch cable
B) replacing the 15-meter patch cable with a 3-meter patch cable
C) replacing the CAT 5 UTP with CAT 1 UTP
D) replacing the CAT 5 UTP with CAT 3 UTP
Explanation
On a Fast Ethernet network that uses unshielded twisted-pair (UTP) cables, such as a 100BaseTX Ethernet network, the
maximum length of the cable between a computer and a switch or hub is 100 meters. In this scenario, the total length of cable
between the Shipping server and the switch is 110 meters. You can solve the connection problem in this scenario by replacing the
15-meter patch cable that connects the Shipping server to the wall outlet with a patch cable that is no more than 5 meters in
length. Db loss in cabling (also called attenuation) occurs because the voltage decays slowly as the current travels the length of
the cable. If you replace the 15-meter patch cable with a 10-meter patch cable, then the connectivity problem will still occur
because the overall cable length between the server and the switch will still exceed 100 meters.
The following diagram illustrates the recommended cabling lengths for twisted-pair Ethernet.
The switch and patch panel are usually located within a telecommunications closet. A basic patch panel does not normally
contribute any networking services; it simply serves as a junction box between the switch and the various nodes on the network. A
patch panel provides a convenient interface from which you can arrange and rearrange connections between the switch and the
nodes.
Distance issues are caused when cable lengths exceed the maximum distance allowed by a particular media type. Ensure that
your cable runs do not exceed the maximum distance allowed. Repeaters could also be used to prevent this problem.
A 100BaseTX Ethernet network requires at least CAT 5 UTP cable. CAT 1 and CAT 3 UTP cannot support signaling on a
100BaseTX network. If you replaced all of the cable on the network with lower-grade cable, then none of the computers would be
able to connect to the network. Physical connectivity problems include the following:
Bad connectors
Bad wiring
Open circuits or short circuits
Split cables
Transmit (TX)/Receive (RX) ends reversed
Cable placement
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
117/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
EMI/Interference
Cross-talk
Db loss and attenuation
Distance limitations
Incorrect termination (mismatched standards)
Split pairs
Bad SFP/GBIC (cable or transceiver)
Often network cable testers can identify any of the above problems.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #111 of 200
Question ID: 1123564
You are troubleshooting a network connectivity problem on a Windows 7 Enterprise computer, and you need to view the MAC
address for the NIC installed in the computer. Which command should you use?
A) the arp command
B) the ipconfig /all command
C) the ping command
D) the tracert command
Explanation
Of the commands listed, you should use the ipconfig /all command to view the media access control (MAC) address of the network
interface card (NIC) installed in the Windows 7 Enterprise computer. The MAC address for the Ethernet adapter appears on the
line entitled Physical Address. TCP/IP uses Address Resolution Protocol (ARP) to resolve IP addresses to MAC addresses so that
TCP/IP and Ethernet, or another Physical layer protocol, can interoperate.
The arp command will not display the MAC address for the NIC in your Windows XP computer. If you issue the arp -a command,
then you can view the ARP cache for the computer, which displays the IP address and its corresponding MAC address for all
entries in the cache.
The tracert command and the ping command, when issued without switches, will display directions for using these commands. You
can use the tracert command with various switches and variables to determine the route a packet takes through a TCP/IP network,
and you can use the ping command with various switches and variables to test connectivity between hosts.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
118/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #112 of 200
Question ID: 1289180
Which four of the following statements explains why training employees about proper licensing and use of an organization's
software and hardware is important? (Choose four.)
A) To practice good organizational ethics and governance
B) To prevent unauthorized or improper consumption of licenses
C) To make effective use of automated license management
D) To promote minimal consumption of licenses
E) To comply with license restrictions or limitations
F) To avoid liability from violating license rules or restrictions
Explanation
Training employees about proper licensing and use of an organization’s software and hardware includes the following:
To prevent unauthorized or improper consumption of licenses
To avoid liability from violating license rules or restrictions
To comply with license restrictions or limitations
To practice good organizational ethics and governance
While promoting minimal consumption of licenses can be good for the bottom line, it has nothing to do with honoring or
disregarding licensing restrictions. Minimal licensing consumption is usually an IT department issue, not an issue for other
employees.
Making effective use of automated license management can check to ensure that licensing restrictions are observed and complied
with, but has nothing to do with honoring or disregarding them. Automated licensing is usually an IT department issue.
Objective:
Network Operations
Sub-Objective:
Identify policies and best practices.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
119/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Making Sense of Software Licensing https://www.techsoup.org/support/articles-and-how-tos/making-sense-of-software-licensing
TLDRLegal-Software Licenses Explained in Plain English https://tldrlegal.com/
A simple guide to understanding software licensing (Microsoft, PDF)
http://download.microsoft.com/documents/australia/licensing/licenseguide.pdf
CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Best Practices
Question #113 of 200
Question ID: 1123470
Which of these controls could be used to trigger an alarm in the event of unauthorized entry into a room or building?
A) Tamper detection
B) Motion detection
C) Smart cards
D) Asset tracking tags
Explanation
Motion detection sensors could be used to trigger an alarm in the event of unauthorized entry into a room or building. Motion
detection is the process of installing security devices that would detect movement and set off an alarm, create an alert, or even
trigger video recording. For example, if a business is closed over the weekend, the business can set up a motion detection system
to detect unauthorized activity in the premises during the closed period.
Tamper detection involves implementing a method to determine if something has been altered without authorization. The method
could be something as simple as a seal over a door. If the seal is broken, the door has been opened. Tamper detection can also be
used in surveillance cameras. If a camera is struck (changing its field of view) or no longer transmitting, an alert can be sent to the
monitoring console indicating that the camera has been tampered with. Tamper detection is commonly used on computer cases so
that technicians can detect if the case has been opened. Most tamper detection is manual and does not provide any mechanism
where an alarm is triggered.
Smart cards provide authentication using something you have in your possession. Items that fit within the "something you have"
authentication factor category include key fobs and USB dongles. While smart cards provide authentication, they do not trigger
alarms when unauthorized entry into a facility is detected.
Asset tracking tags are used to assign a number to particular piece of equipment (an asset) and monitor where the asset is. Asset
tags can be labels with barcodes or QR codes, or be equipped with radio frequency identification (RFID) chips that provide
electronic tracking. Asset tags can be used with geofencing to prevent devices from leaving a certain area, or with geolocation to
ensure that the asset can be located within a certain area. However, an asset tracking tag would not detect motion within a facility.
Motion detection, video surveillance, asset tracking tags, and tamper detection are all considered to be physical security detection
devices. They detect when a security event has occurred.
Objective:
Network Security
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
120/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Summarize the purposes of physical security devices.
References:
How Does an Alarm Motion Sensor Work?, https://www.cpss.net/about/blog/2013/11/how-does-an-alarm-motion-sensor-work/
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks
Question #114 of 200
Question ID: 1289139
You are explaining the function of a multi-layer switch to several junior administrators. On which data can multi-layer switches
make routing decisions? (Choose all that apply.)
A) IP address
B) MAC address
C) protocol
D) port number
Explanation
A multi-layer switch, which operates at Layers 2, 3, and 4 of the OSI model, can make routing decisions based on the following
criteria:
MAC address - a Data Link layer (Layer 2) function
IP address - a Network layer (Layer 3) function
Protocol - a Network layer (Layer 3) function
Port number - a Transport layer (Layer 4) function
A multi-layer switch has 24 collision domains.
You can also purchase switches that offer services at only one layer of the OSI model. Layer 2 switches only route based on the
MAC address. Layer 3 switches route based on the IP address or protocol. Layer 4 switches only route based on the port number.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
LAN Switching and Switch Types, http://www.tech-faq.com/lan-switching-and-switch-types.shtml
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Network Infrastructure Devices
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
121/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #115 of 200
Question ID: 1123245
Your company uses a single global IP address that maps to the company's local IP addresses. When requests are sent from the
internal network to destinations outside the company, those requests are mapped from the IP address of the local host that made
the request to the global IP address.
Which term describes this process?
A) Network Address Translation (NAT)
B) Network Access Server (NAS)
C) Network File System (NFS)
D) Network Access Point (NAP)
Explanation
NAT is a service that translates one or more global IP addresses to local IP addresses. This mapping is done through the NAT
router. For example, if a request is sent from the internal network to a destination outside the company, that request will be
mapped to the global IP address and then sent outside the company's network. To the outside world, only the global IP address is
known. NAT increases the security of a network because it hides the IP addresses of internal hosts from the Internet or other
public network.
NFS is an application that allows a network client to access and manipulate a file on another network client remotely.
NAP is one of the main connection points of the Internet's backbone.
NAS is a server used by an Internet Service Provider (ISP) to connect its clients to the Internet.
For the Network+ exam, you also need to understand Destination NAT (DNAT) and Static NAT (SNAT). DNAT transparently
changes the destination IP address of an end route packet and performs the inverse function for any replies. SNAT is a
counterpoint to DNAT.
Port forwarding or port mapping, an application of NAT, redirects a request from one address and port number combination to
another while the packets are traversing a network gateway, such as a router or firewall. Port forwarding allows remote computers
to connect to a specific computer or service within a private network.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Address Translation
Network Address Translation, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci214107,00.html
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
122/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #116 of 200
Question ID: 1289081
You have been hired as a network administrator for a large corporation. This network includes a large number of switches that
must be identically configured. In the past, this information has been configured manually. You want to automatically propagate the
VLAN information to all switches on the LAN. What should you use? (Choose two.)
A) STP
B) VTP
C) 802.1q
D) link aggregation
Explanation
To automatically propagate VLAN information to all switches on the LAN, you should use VLAN Trunking Protocol (VTP), which is
also referred to as 802.1q. VTP configuration will prevent the VLAN information from having to be manually configured on all of the
switches. VTP allows two switches to share VLAN information. One of the VLANs is called a native VLAN, also referred to a
default VLAN. Frames belonging to the native VLAN are sent unaltered over the trunk with no tags. However, to distinguish other
VLANs from one another, the remaining VLANs are tagged.
The native VLAN will default to VLAN 1. To separate out any of your user traffic from your network management traffic, you may
want to change the native VLAN number to be some other value. Changing your native VLAN is a common mitigation technique.
The VTP information is carried over a trunk connection that is implemented based on the 802.1q standard. This allows traffic for
multiple VLANs to travel over a single connection.
Link aggregation combines multiple physical connections into a single logical connection, thereby alleviating congestion on the
physical connections.
Spanning Tree Protocol (STP) is used to prevent loops by blocking data from flowing over one or more switch ports.
There are two types of STP: spanning tree (802.1d) and rapid spanning tree (802.1w). 802.1d is an older standard that was
designed when a minute or more of lost connectivity was considered acceptable downtime. In Layer 3 switching, switching now
competes with routed solutions where protocols such as Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing
Protocol (EIGRP) provide an alternate path in less time. A layer 3 switch is the best option when you need to re-route multicast
and unicast communication caused by a disruption of service when a network is failing redundancy at the main distribution frame
(MDF).
The 802.1w protocol was developed to improve performance. 802.1w bridges are fully distributed while 802.1d switches agree on
a root port. This root port acts differently than the other switches and is responsible for the network's connectivity.
802.1w defines roles for the ports and a new bridge protocol data unit (BPDU) format, which introduces the proposal/agreement
mechanism. BPDU's handling and convergence is different in each protocol. 802.1w introduces these new features:
Rapid Transition To Forwarding State - includes new Edge Ports and Link Types variables.
Uplink Fast - distinguishes between port roles and uses alternate ports.
By default, unknown unicast and multicast traffic is flooded to all Layer 2 ports in a VLAN. This unknown traffic flooding can be
prevented by blocking unicast or multicast traffic on the switch ports. However, keep in mind that there may be cases in which you
need to use unicast or multicast traffic.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
123/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You can also configure forwarding and blocking on a switch port. If you configure forwarding, certain types of traffic based on the
rules you configure will be forwarded to a certain port. If you configure blocking, certain types of traffic can be blocked from a
switch port.
For the Network+ exam, you also need to understand Link Aggregation Control Protocol (LACP), also referred to as 802.3ad.
LACP supports automatic link configuration and prevents an individual link from becoming a single point of failure. With this
protocol, traffic is forwarded to a different link if a link fails.
You can manually or automatically assign the IP address for the switch. Automatic configuration uses a DHCP server to obtain the
IP address and all other information that you have configured the DHCP server to assign. The DHCP server does not have to be
on the same subnetwork as the switch. If you manually configure the IP address, you need to ensure that all settings are correct.
Switches should be given their own IP address and default gateway to use so that they can be remotely managed.
For IP address assignment for devices attached to the switch, some switches can also be configured to act as a DHCP server and
assign IP addresses to attached devices. However, you must ensure that the DHCP ranges that are configured on the switch do
not overlap the ranges on other DHCP servers. Otherwise, you may have a single IP address assigned to multiple hosts on the
network, thereby affecting communication.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features
Question #117 of 200
Question ID: 1289199
To segregate employee traffic and guest traffic on your wireless network, you have decided to implement a plan whereby guest
traffic is quarantined in a separate part of the network. All employees have company-issued devices. What can you implement to
ensure that only employees have access to the non-quarantined areas of the wireless network?
A) MAC filtering
B) Shared or open authentication
C) TKIP-RC4
D) WPA
Explanation
Media Access Control (MAC) filtering allows the administrator to restrict device access to the network based on the MAC address
associated with the Network Interface Card (NIC) on that device. The administrator can set up a permission list (filter) on the router
where only devices with specific MAC addresses are allowed on the network. A MAC address is uniquely associated with a NIC,
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
124/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
and is analogous to a Vehicle Identification Number (VIN) on an automobile. In essence, the MAC address is the serial number of
the NIC.
Shared authentication and open authentication were the two insecure methods of authentication utilized under Wired Equivalent
Privacy (WEP). Neither of these allows you to limit access to certain areas of the network.
Authentication for wireless can be configured to OSA or open system authentication (no authentication), shared key authentication
(SKA), pre-shared key (PSK), or 802.1x/EAP. An open wireless network does not require any form of authentication. Wireless OSA
does not use an encryption key. Under SKA, all of the clients used the same key, making the key very vulnerable to being
cracked.
Temporal Key Integrity Protocol-Rivest Cipher 4 (TKIP-RC4) is an encryption method that was designed to provide security
enhancements to wireless networks using WEP. WEP was an extremely weak encryption standard. TKIP added a key distribution
method whereby each transmission had its own encryption key, an authentication method to verify message integrity, and an
encryption method called RC4 (Rivest Cipher 4). WEP is based on RC4, but was poorly designed and used a too-short IV of only
24 bits instead of the standard 64 bits used by RC4.
Wi-Fi Protected Access (WPA) was an interim security improvement over WEP. WPA was later replaced by Wi-Fi Protected Access
version 2 (WPA2), which is the most secure option for encrypting wireless.
Objective:
Network Security
Sub-Objective:
Given a scenario, secure a basic wireless network.
References:
https://www.linksys.com/us/support-article?articleNum=140065
Question #118 of 200
Question ID: 1289211
You have expanded the number of nodes on your network and have added a second 24-port switch. The new switch is in place
and has sufficient port capacity for another six nodes in the future. What should you do to increase the security of the switch?
A) Disable unused ports
B) Use secure protocols
C) Install patches and updates
D) Upgrade firmware
Explanation
Disabling unused ports is an excellent way to secure a switch. You should only enable designated active ports needed for network
connections. As an example, if you have a 24-port switch, but only 18 of those are needed for connected hosts, you should set the
status of the other six ports to “disabled.”
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
125/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Upgrading firmware is one way to ensure that the network component is performing properly, or to the current standard. Firmware
differs from a driver. A driver allows the hardware communicate with an operating system, such as Windows 10, Linux, or OSX.
Firmware is the software that allows the hardware device to operate. A simplified example of one aspect of firmware would be the
line of instruction on the NIC that causes the green light to blink when network traffic is present.
Using secure protocols is paramount to network security. In SOHO networks, routers (as an example) are shipped with insecure
protocols, such as WEP, enabled. While WEP is the easiest for consumer or novice to use while getting the network up and
running, it is inherently insecure and should be disabled in favor of a more secure protocol such as WPA2.
Installing patches and updates to the network hardware will ensure that the firmware is up to date and that any remedies to known
security issues will be corrected.
Objective:
Network Security
Sub-Objective:
Given a scenario, implement network device hardening.
References:
Cisco Networking Academy's Introduction to Basic Switching Concepts and Configuration,
http://www.ciscopress.com/articles/article.asp?p=2181836&seqNum=7
Question #119 of 200
Question ID: 1289253
As a new network technician, you have been given a flash drive that contains several commands that you will use on a regular
basis. You need to match the command to their purpose.
Move the correct items from the left column to the column on the right to match the commands to their purpose.
{UCMS id=5175882110992384 type=Activity}
Explanation
The following commands have the following purposes
ping - tests connectivity to a remote host
ipconfig - displays network configuration settings for the local computer
nslookup - verifies entries on a DNS server
nbtstat - diagnoses problems with NetBIOS name resolution
You should understand the purpose of these common troubleshooting tools. You should also familiarize yourself with the proper
command syntax for these commands.
Objective:
Network Troubleshooting and Tools
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
126/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Using the ping command, http://technet.microsoft.com/en-us/library/cc737478(v=ws.10).aspx
Ipconfig, https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig
Nbtstat, http://technet.microsoft.com/en-us/library/cc940106.aspx
Using nslookup.exe, http://support.microsoft.com/kb/200525
Question #120 of 200
Question ID: 1289291
The network administrator has changed the IP address of several servers on the network. Now a user named Jim is unable to
connect to file shares on those servers using the computer name. You need to run the appropriate command(s) on Jim's computer
to resolve the problem.
Select the appropriate command(s) from the left and place them in the appropriate order on the left. Only select commands that
are necessary for the scenario. The scenario may include one or more commands. Order is important.
{UCMS id=6227585786707968 type=Activity}
Explanation
All you need to do is flush the contents of the client computer's DNS cache. You do this by running the following command:
ipconfig /flushdns
The ipconfig /all command will display all the TCP/IP settings for the computers.
The ipconfig /registerdns command registers the computer's DNS host name with the DNS server.
The ipconfig /displaydns command displays the contents of the computer's DNS cache.
The ipconfig /renew command will renew the client's DHCP lease.
The ipconfig /release command will release the client's DHCP lease.
The ipconfig /showclassid command will display the DHCP class ID assigned to the client computer.
The ipconfig /setclassid command will configure the DHCP class ID for the client computer.
You should only select commands needed for the scenario. In some cases, only a single command may be necessary.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
127/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
References:
Ipconfig, https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/ipconfig
Question #121 of 200
Question ID: 1289239
You are investigating possible unauthorized access to a Windows Server 2008 computer. The first step in your company's
investigation policy states that the current network connections must be documented. Which command should you use?
A) ipconfig
B) netstat
C) tracert
D) ping
Explanation
You should use the netstat command. This tool displays incoming and outgoing connections, routing tables, and network interface
statistics. An example of the output of the netstat command is as follows:
The command parameters that can be used with the netstat command are as follows:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
128/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
The ping tool is used to test the availability of a computer over a network. You can ping computers based on their DNS host name
or IP address. The ipconfig tool displays a computer's IP address, subnet mask, and default gateway. It can also be used to
release and renew a Dynamic Configuration Host Protocol (DHCP) IP address lease. The UNIX equivalent tool is ifconfig. The
tracert tool is used to determine the route a packet takes across a Windows IP network. UNIX computers have a similar tool called
traceroute.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Netstat, http://www.netstat.net/
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #122 of 200
Question ID: 1289145
Which of the following uses cells that are equally sized at 53 bytes each?
A) ATM
B) DMVPN
C) SIP trunk
D) PPPoE
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
129/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Asynchronous Transfer Mode (ATM) is a network transmission model used in voice, video, and data communications that uses
equally sized cells that are all 53 bytes long. The equal length of the data packets supports very high data rates. ATM is deployed
in Optical Carrier (OC) backbone network segments.
Point-to-Point Protocol over Ethernet (PPPoE) encapsulates Point-to-Point Protocol (PPP) frames over Ethernet. It is typically
used in DSL to allow subscribers on Ethernet networks to connect over DSL modems.
Dynamic Multiport Virtual Private Network (DMVPN) allows an organization to exchange data over a secure network of VPNs,
without having to route the data through the organization’s primary VPN router. In essence, a DMVPN creates a mesh VPN
topology.
Session Initialization Protocol (SIP) trunking is used in Voice over IP telephony. The SIP trunk connects the incoming gateway with
the customer’s Private Branch Exchange (PBX).
Objective:
Infrastructure
Sub-Objective:
Compare and contrast WAN technologies.
References:
ATM In Computer Networks: History And Basic Concepts, https://fossbytes.com/atm-asynchronous-transfer-mode-history-basicconcepts/
Question #123 of 200
Question ID: 1289267
You have been hired as a network consultant by a company. You discover that the network's signal strength greatly weakens as
traffic travels over the network medium due to absorption and scattering. What is the term for this tendency?
A) Harmonic distortion
B) Attenuation
C) EMI
D) Intermodulation distortion
E) Refraction
Explanation
In networking, attenuation is the term for a loss of signal strength as data travels over the network medium (cable). The attenuation
rate is often the deciding factor when selecting the medium to use for a particular length of network cable. Attenuation is also
referred to a decibel (Db) loss.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
130/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
For example, unshielded twisted-pair (UTP) cable has the greatest susceptibility to attenuation. This is why the maximum
recommended segment length for UTP is limited to 100 meters (328 feet). ThinNet cable, on the other hand, has less susceptibility
to attenuation; the signal can travel a distance of 185 meters (607 feet) before being adversely affected by attenuation.
The opposite of attenuation is amplification. If you want to create a network that extends beyond the normally acceptable length of
a particular cable type, you would need to install a signal amplifier. In networking terms, this amplifier is called a "repeater."
All networks have a distance limitation based on the type of cable or wireless frequency that is used. If you attempt to go over this
limitation is a single cable run without using a repeater, signal attenuation will occur. Use repeaters to increase the distance for
wired networks. For wireless networks, you should move the connecting device closer to the wireless access point.
Electromagnetic interference (EMI) occurs when objects, such as fluorescent lighting, interfere with transmission over copper
cabling. Radio frequency interference (RFI) occurs when objects, such as cordless phones, interfere with transmission over
wireless radio frequencies.
Crosstalk is a specialized type of EMI caused by parallel runs of twisted-pair cables. The only solution to this problem is to change
the path of the cables.
Near end - Near-end crosstalk (NEXT) measures the ability of the cable to resist crosstalk. Most commercial cabling will give
you the minimum NEXT values that are guaranteed.
Far end - Far-end crosstalk (FEXT) measures interference between two pairs of a cable measured at the other end of the
cable with respect to the interfering transmitter.
EMI affects cable placement. You should arrange cables to minimize interference. Ideally, Ethernet cables should not be placed
close to high voltage cables, generators, motors, or radio transmitters.
Refraction is the bending of waves as they pass from one medium to another, due to a change in their speed. Harmonic distortion
is the distortion of a wave by unwanted multiples of an original frequency, causing interruptions to the way the wave form behaves
in electrical circuits, or sounds. Intermodulation distortion occurs when two different frequencies are simultaneously passed
through an amplifier
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
Attenuation, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci211613,00.html
Question #124 of 200
Question ID: 1289280
A contractor is unable to connect to your wireless network using his 802.11g wireless adapter. What is the most likely problem?
A) You have an 802.11a network.
B) You are using an incorrect channel on your network.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
131/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
C) You have an 802.11n network.
D) You have an 802.11b network.
Explanation
It is most likely that you have an 802.11a network because 802.11g devices are incompatible with 802.11a networks. The
frequency used by the different wireless networks is important. Some of them use the same frequency and can, therefore, be
considered compatible. However, keep in mind any other devices, such as cordless phones, that can use the same radio
frequency as they can cause interference.802.11g devices are compatible with 802.11b networks.802.11n networks allow the
usage of 802.11a, 802.11b, or 802.11g devices.
If you were using an incorrect channel on your network, other devices would have problems connecting to the network.
For the Network+ exam, you need to understand the following wireless standard considerations:
Throughput - Each wireless network type has a different maximum throughput. Keep in mind that this throughput is shared by
all the devices connected to the wireless access point.
Frequency - Each wireless network uses a certain frequency. Some network types may use the same frequency. Document
the frequencies used when you implement any wireless network so that you can ensure that future wireless networks do not
interfere with existing ones.
Distance - All wireless access points will have a limited distance for their signal. You can increase and decrease the signal
strength as needed, but the maximum distance will always remain. In most cases, companies decrease the signal strength to
limit the area covered by the wireless network.
Channels - Each wireless network can operate over several channels that can be used by that frequency. Research the
frequency in use to determine the non-overlapping channels. While there may be 10 channels available, usually only three or
four of the available channels are considered non-overlapping. Wireless access points that use the same frequency should be
configured to use different non-overlapping channels.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Introducing Wireless LANs
Question #125 of 200
Question ID: 1123262
Host A wants to communicate with Host B as shown in the following network exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
132/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Which three statements are true? (Choose three. Each answer is part of the solution.)
A) Host A will send an ARP request for the router's MAC address.
B) The switch will forward the frame to Host B.
C) The switch will forward the frame to the router.
D) Host A will send a frame with the destination MAC address of the router.
E) Host A will send a frame with the destination MAC address of Host B.
F) Host A will send an ARP request for Host B's MAC address.
Explanation
Host A will send out an ARP request for the MAC address of Host B. Host A will then send a data frame to the switch with a
destination MAC address of Host B. Finally, the switch will forward the frame to Host B.
Host A and Host B are connected to the same subnet, 192.168.1.32 /27, and are thus within the same VLAN. For this reason,
traffic between the two hosts does not need to be sent to their default gateway to be routed. Hosts are able to ARP and build
unicast frames for hosts on the same subnet. The switch will receive the frame and forward it to the appropriate host based on a
MAC address table lookup. The router is not involved in this scenario.
Host A will not send an ARP request for the router's MAC address because routing is not required between hosts on the same
subnet.
Host A will not send a frame with the destination MAC address of the router because routing is not required between hosts on the
same subnet.
The switch will not forward the frame to the router because routing is not required between hosts on the same subnet.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
133/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
References:
Routing Basics, http://docwiki.cisco.com/wiki/Routing_Basics
Question #126 of 200
Question ID: 1123589
While reviewing recent performance reports from your network devices, you notice that there are a high number of corrupt packets
reaching a router named Router34. What is most likely happening to them?
A) The packets are causing the duplexing method to change.
B) The packets are being forwarded to the next router upstream.
C) The packets are being dropped.
D) The packets are causing the interface to reset.
Explanation
Corrupt packets are being dropped. Packet drops occur for a variety of reasons, including packet corruption, speed mismatch, and
duplex mismatch. Corrupt packets are not forwarded by network devices. An interface only resets when a power outage occurs or
when an administrator initiates a reset. Packets cannot change the duplexing method. However, a packet that uses a different
duplexing than is the network supports is usually dropped.
As a network technician, you should perform interface monitoring. This includes being able to read errors and determine their
cause, understand network utilization reports, determine discards and packet drops and their cause, perform interface resets, and
ensure speed and duplex settings are appropriately configured.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
Troubleshooting packet drops, https://support.f5.com/kb/en-us/solutions/public/10000/100/sol10191.html
Question #127 of 200
Question ID: 1289076
You are the network administrator for an organization whose network uses the Open Shortest Path First (OSPF) routing protocol.
Which metric does this protocol use for optimal path calculation?
A) Delay
B) MTU
C) Cost
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
134/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) Hop count
Explanation
OSPF is a link-state routing protocol which uses cost as a metric for optimal path calculation. It is an open standard protocol based
on Dijkstra's Shortest Path First (SPF) algorithm. Routing metrics are used by routing protocols to determine the lowest cost path
to a network number, which is considered the optimal or "fastest" path. Cisco's implementation of OSPF calculates the cost
(metric) of a link as inversely proportional to the bandwidth of that interface. Therefore, a higher bandwidth indicates a lower cost
and a more favorable metric.
The following are characteristics of OSPF:
Uses Internet Protocol (IP) protocol 89.
Has a default administrative distance of 110.
Is an industry standard protocol (non-Cisco proprietary).
Supports Non-Broadcast Multi-Access (NBMA) networks such as frame relay, X.25, and Asynchronous Transfer Mode (ATM).
The default hello interval for NBMA networks is 30 seconds.
Supports point-to-point and point-to-multipoint connections.
Supports authentication.
Uses 224.0.0.6 as multicast address for ALL D Routers.
Uses 224.0.0.5 as multicast address for ALL SPF Routers.
Uses link-state updates and SPF calculation that provides fast convergence.
Recommended for large networks due to good scalability.
Uses cost as the default metric.
Maximum Transmission Unit (MTU), bandwidth, delay (latency), load, and reliability form a composite metric used by Interior
Gateway Routing Protocol (IGRP) and Enhanced Interior Gateway Routing Protocol (EIGRP). IGRP is a distance vector routing
protocol developed by Cisco Systems. Enhanced IGRP (EIGRP) is a Cisco-proprietary, hybrid routing protocol that combines
features of both distance-vector and link-state protocols.
Hop count is a metric used by Routing Information Protocol (RIP). The fewer hops between the routers, the better the path.
For the Network+ exam, you also need to understand the following routing concepts and protocols:
Loopback interface - allows you to test to ensure that the local network interface is working properly. The IPv4 address for the
locate loopback is 127.0.0.1, and the IPv6 address for the loopback is ::1. By pinging this address, you can determine whether
the local network interface is working.
Routing loop - a network problem that happens when a data packet continually loops through the same routers over and over.
This is a problem associated with Distance Vector Protocols, such as RIP and RIPv2. Methods for dealing with loops include:
maximum hop count, split horizon, route poisoning, and hold-down timers.
Routing table - a data table that lists the routes to particular network destinations. They can be stored on a router or computer.
The routes that are included can be manually configured by using the appropriate routing command or can be automatically
configured by the router.
Default route - the route that takes effect when no other route can be determined for a given destination. All packets for
destinations not established in the routing table are sent via the default route. In most cases, the default route is to the router
closest to the computer.
Interior Gateway Routing protocols versus Exterior Gateway Routing Protocols - protocols that route between autonomous
systems or routing domains are referred to as Exterior Gateway Routing Protocols. Interior Gateway Routing Protocols
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
135/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
discover paths between networks within the same organizational boundary, and EGPs discover paths between autonomous
systems.
Autonomous System (AS) Numbers - numbers assigned to network operators by the Internet Assigned Numbers Authority
(IANA) and the Regional Internet Registries (RIRs).
Route redistribution - when you take a route from one routing protocol and distribute it to another protocol. By default, routers
only advertise and share routes with other routers running the same protocol. If you have an OSPF router and an EIGRP
router and you want them to know each other's routes, you would implement route redistribution so the two different protocols
can share and advertise routes to each other.
High availability - can be ensured by implementing the following:
Virtual Router Redundancy Protocol (VRRP) - a protocol that manages virtual routers. VRRP sets up VRRP clusters.
Virtual IP - an address assigned to virtual routers.
Hot Standby Router Protocol (HSRP) - a Cisco proprietary first-hop redundancy protocol (FHRP) designed to allow for
transparent fail-over of the first-hop IP router.
Route aggregation - minimizes the number of routing tables required in an IP network organizing network layer IP addresses in
a hierarchical way so that addresses are topologically significant.
Shortest Path Bridging (SPB) - a routing protocol that identifies loop-free shortest paths to help with traffic engineering.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 6: Routing IP Packets, Routing Protocol Examples
Dynamic Routing Protocols, http://www.ciscopress.com/articles/article.asp?p=24090
Open Shortest Path First (OSPF), http://www.tcpipguide.com/free/t_OpenShortestPathFirstOSPF.htm
Question #128 of 200
Question ID: 1123556
You are the network administrator for your company's network. All servers run Windows Server 2008. All workstations run
Windows 7. The network diagram is shown in the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
136/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Workstation A2 is experiencing delays accessing Server B. Which utility should you run from Workstation A2 to determine the
source of the slowdown?
A) tracert
B) netstat
C) ping
D) ipconfig
Explanation
The tracert utility will provide a listing of all routers through which data from Workstation A2 must pass on its way to Server B. If
there are any problems along the way, they will show up in the output from the tracert command.
The ping utility is used to determine whether a specific IP address is accessible. It works by sending a packet to the specified
address and waiting for a reply. The ping utility is used primarily to troubleshoot Internet connections. It would not be useful in
determining the source of the slowdown in this scenario. However, it can be used to troubleshoot connectivity to specific devices.
Netstat is a TCP/IP utility that you can use to determine the computer's inbound and outbound TCP/IP connections. It displays
current connections and their listening ports. It cannot be used to troubleshoot this problem.
The ipconfig utility is used to display currently assigned TCP/IP network settings, such as IP address, subnet mask, and default
gateway, on Windows computers. It can be run from a command prompt. When issued with the /all switch, ipconfig displays
detailed information. It cannot be used to troubleshoot this problem.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
137/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #129 of 200
Question ID: 1149625
Which of the following attacks tricks the user in to giving up personal information?
A) Phishing
B) Brute force
C) Deauthentication
D) Ransomware
Explanation
Phishing is the action of sending out an email that is designed to trick the user into giving up personal information. That information
is then exploited by criminal. Phishing emails appear to come from legitimate companies, and when the user clicks on a link in the
email, the user is directed to a website that appears authentic. The user then fills in account information, which is captured by the
criminal.
All of the other attacks can take place without the user's knowledge, and therefore do not rely on tricking the user into taking an
action that reveals personal information.
Deauthentication attacks disassociate a user with a wireless access point, forcing them to retransmit their login credentials.
A brute force attack attempts to guess the user's password. This attack differs from a dictionary attack by using additional
(random) character combinations, often numbering in the millions. This attack takes significantly more time than a dictionary
attack.
Ransomware holds a computer hostage until the user pays a fee. The attacks often begin as an urgent email, where the user is
directed to click a link or open a document to resolve the issue. Once the user completes the action, malicious software is installed
on the user's computer, often locking the user out of the system until a fee is paid.
Objective:
Network Security
Sub-Objective:
Summarize common networking attacks.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
138/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
What Is Phishing?, http://www.phishing.org/what-is-phishing
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks
Question #130 of 200
Question ID: 1289157
Which option represents the amount of time that a system is expected to be operational over the course of a year?
A) High availability
B) Port aggregation
C) Load balancing
D) NIC teaming
Explanation
High availability refers to the amount of time that the system is expected to be operational over the course of a year. It is often
expressed in nines, as in “5 nines,” which would mean the system is up 99.999% of the time. This translates to about 5 minutes
and 15 seconds downtime per year, which may be too much downtime for some organizations.
Load balancing is the process of diverting network traffic from a server with a heavy workload to a server with a lighter workload. A
load balancer can be used to divert incoming web traffic, based on content, volume or other criteria, to specific servers. This will
reduce the workload on the primary server. The destination server is determined by data in transport layer or application layer
protocols. Distribution can be based on a number of algorithms, such as round robin, weighted round robin, least number of
connections, or shortest response time.
NIC teaming is binding two or more network interface cards (NICs) so they appear as one. If one of the cards fails, the others still
carry the traffic. Aggregation is also used for load balancing, and providing increased bandwidth.
Port aggregation is binding two or more network ports so they appear as one. If one of the aggregated ports fails, the others still
carry the traffic. Aggregation is also used for load balancing, and providing increased bandwidth. While NIC teaming can be
thought of as a RAID for NICs, port aggregation can be thought of as a RAID for switch ports.
Objective:
Network Operations
Sub-Objective:
Compare and contrast business continuity and disaster recovery concepts.
References:
High availability, http://searchdatacenter.techtarget.com/definition/high-availability
CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability
Question #131 of 200
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
139/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question ID: 1123423
Which of the following options would be the fastest to activate in the event of a disaster at the primary site?
A) Port aggregation
B) Cold site
C) Hot site
D) Warm site
Explanation
Hot sites would be the fastest to activate in the event of a disaster at the primary site. They have all the personnel, equipment, and
software installed and running in an off-site location. Hot sites are typically mirrors of the original site. When a disaster occurs,
operations are transferred to the hot site.
Cold sites are a disaster recovery concept where you have a remote location procured. In the event of a disaster, then the
equipment is installed and configured to get the enterprise back to a functional state. They are the slowest to activate because all
the resources and personnel have to be installed and activated.
Warm sites have all the equipment set up in an off-site location. When a disaster occurs, personnel are brought in, and the warm
site is updated with the most current information from backups. They are better than cold sites, and not as expensive to operate as
hot sites.
Port aggregation is binding two or more network ports so they appear as one. If one of the aggregated ports fails, the others still
carry the traffic. Aggregation is also used for load balancing, and providing increased bandwidth. Port aggregation is not a disaster
recovery solution.
Objective:
Network Operations
Sub-Objective:
Compare and contrast business continuity and disaster recovery concepts.
References:
Disaster recovery site options, http://searchdisasterrecovery.techtarget.com/tip/Disaster-recovery-site-options
CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability
Question #132 of 200
Question ID: 1289112
Your company needs to be able to provide employees access to a suite of applications. However, you do not want the employees
to install a local copy of the applications. Which method should you use to deploy the suite of applications?
A) IaaS
B) virtualization
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
140/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
C) SaaS
D) PaaS
Explanation
You should use Software as a Service (SaaS) to deploy the suite of applications. This will ensure on-demand, online access to the
suite without the need for local installation. Another example of this type of cloud computing deployment is when a company needs
to give employees access to a database but cannot invest in any more servers. WebMail is an example of this cloud computing
type.
Virtualization hosts one or more operating systems (OSs) within the memory of a single physical host computer. This mechanism
allows virtually any OS to operate on any hardware and allows multiple OSs to work simultaneously on the same hardware.
Virtualization would not be the best choice here because it would limit the number of users who could access the application suite.
In addition, the performance of the virtual machine would decline as more users simultaneously access the application suite.
Platform as a Service (PaaS) is not the best choice here. PaaS is a platform that provides not only a deployment platform but also
a value added solution stack and an application development platform. It provides customers with an operating system that is easy
to configure. It is on-demand computing for customers.
Infrastructure as a Service (IaaS) is not the best choice in this situation. IaaS is a platform that provides computer and server
infrastructure typically provided as a virtualization environment. The platform would provide the ability for consumers to scale their
infrastructure up or down by domain and pay for the resources consumed. This cloud computing model provides the greatest
flexibility but requires a greater setup and maintenance overhead than the other cloud computing models.
A part of the Network+ exam, CompTIA cover three main cloud models: SaaS, PaaS, and IaaS. The security control that is lost
when using cloud computing is physical control of the data. The main difference between virtualization and cloud computing is
location and ownership of the physical components. When virtualization is used, a computer uses its own devices to set up a
virtual machine. When cloud computing is used, a company pays for access to another company's devices.
Other cloud technologies that you need to be familiar with include:
Private cloud - a cloud infrastructure operated solely for a single organization that can be managed internally or by a third party
and host internally or externally.
Public cloud - when the cloud is rendered over a network that is open for public use.
Community cloud - shares infrastructure between several organizations from a specific community that can be managed
internally or by a third party and hosted internally or externally.
Hybrid cloud - two or more clouds (private, public, or community) that retain unique names but are bound together, offering the
benefits of multiple deployment models.
You also need to understand the following virtualization technologies: virtual switches, virtual routers, virtual firewall, virtual versus
physical NICs, and software defined networking. Virtual devices perform the same functions as their physical counterparts.
However, keep in mind that virtual devices share the resources of the physical device on which they are deployed. Therefore, with
each new virtual device deployed, the performance of all the virtual devices deployed on that physical device degrades. While
virtual NICs can make it appear that a machine has multiple NICs, each virtual device will still share only a single physical NIC,
possibly causing performance issues. If you have a single physical computer configured with multiple virtual machines, you may
want to install separate physical NICs for each virtual machine for increased throughput and load balancing.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
141/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Networking Concepts
Sub-Objective:
Summarize cloud concepts and their purposes.
References:
Could Computing Basic, http://cloudcomputingtechnologybasics.blogspot.com/2011/05/cloud-computing-comparing-saas-paasand.html
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Virtual Network Devices
Question #133 of 200
Question ID: 1289072
You are the network administrator for your company. As part of your job, you must understand how data is transmitted through the
different OSI layers. Move the OSI layers from the left column to the right column, and place them in the correct order, starting with
Layer 1 at the top.
{UCMS id=5110048852279296 type=Activity}
Explanation
The correct order for the layers in the OSI model is as follows:
Layer 1 - Physical
Layer 2 - Data Link
Layer 3 - Network
Layer 4 - Transport
Layer 5 - Session
Layer 6 - Presentation
Layer 7 - Application
Objective:
Networking Concepts
Sub-Objective:
Explain devices, applications, protocols and services at their appropriate OSI layers.
References:
OSI Model, http://en.wikipedia.org/wiki/OSI_model
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model
Question #134 of 200
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
Question ID: 1289101
142/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Which wireless communications mode enables wireless devices to communicate directly with each other?
A) infrastructure
B) transport
C) ad hoc
D) tunnel
Explanation
Ad hoc is a wireless communications mode that enables wireless devices to communicate directly with each other. The wireless
networking technology is sometimes referred to as Wi-Fi.
In infrastructure mode, wireless devices must communicate through wireless access points. Transport and tunnel modes are
provided by Internet Protocol Security (IPSec) to securely transmit Internet Protocol (IP) packets.
Objective:
Networking Concepts
Sub-Objective:
Compare and contrast the characteristics of network topologies, types and technologies.
References:
Ad-hoc mode, http://compnetworking.about.com/cs/wirelessfaqs/f/adhocwireless.htm
Wireless LANs: Extending the Reach of a LAN, http://www.ciscopress.com/articles/article.asp?p=1156068&seqNum=4
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Introducing Wireless LANs
Question #135 of 200
Question ID: 1289194
You have been hired as a network security consultant. The company that hires you has had multiple incidents where their wireless
network has been breached by hackers. You find out that they have a RADIUS authentication server that they use for the
corporate VPN. You decide to recommend using RADIUS authentication for the wireless network. Which WPA version should you
suggest?
A) WPA
B) WPA-PSK
C) WPA2
D) WPA-Enterprise
Explanation
WPA-Enterprise requires the use of a RADIUS authentication server. WPA-Enterprise is intended for large networks. It is also
referred to a WPA-802.1x.None of the other options is correct. WPA2 is more secure than WPA. WPA-Pre-shared Key (WPA-PSK),
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
143/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
also known as WPA-Personal, is for use in small home or office networks.
For the Network+ exam, you need to protect against the following wireless attacks or issues:
Evil twin - occurs when a wireless access point that is not under your control is used to perform a hijacking attack. It is set up
to look just like a valid network, including the same Set Service Identifier (SSID) and other settings.
Rogue access point (AP) - occurs when a wireless attack that is not under your control is connected to your network. With
these devices, they are not set up to look just like your network. This attack preys on users' failure to ensure that an access
point is valid. You can perform a site survey to detect rogue APs.
War driving - occurs when attackers seek out a Wi-Fi network with a mobile device or laptop while driving a vehicle. You can
lower the signal strength to help protect against this attack. You should also turn off the broadcasting of the SSID and use WPA
or WPA2 authentication.
War chalking - occurs when attackers place Wi-Fi network information on the outside walls of buildings. Keep an eye out for
this type of information by periodically inspecting the outside of your facilities.
Bluejacking - the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices. Turning off Bluetooth when
not in use is the best protection against this.
Bluesnarfing - the unauthorized access of information from a wireless device through a Bluetooth connection. Once again,
turning off Bluetooth when not in use is the best protection against this.
WPA/WEP/WPS attacks - Any attacks against wireless protocols can usually be prevented by using a higher level of
encryption or incorporating RADIUS authentication. Wired Equivalent Privacy (WEP) should be avoided because even its
highest level of encryption has been successfully broken. Wi-Fi Protected Setup (WPS) allow users to easily secure a wireless
home network but is susceptible to brute force attacks. Wi-Fi Protected Access (WPA) is more secure than WEP and WPS.
WPA2 provides better security than WPA.
Objective:
Network Security
Sub-Objective:
Given a scenario, secure a basic wireless network.
References:
Wi-Fi Protected Access, http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Securing Wireless LANs
Question #136 of 200
Question ID: 1289179
What is the aim of security awareness training?
A) All employees excluding top management should understand the legal implications of
loss of information.
B) All employees in the IT department should be able to handle security incidents.
C) All employees must understand their security responsibilities.
D) All employees in the IT department should be able to handle social engineering attacks.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
144/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
The primary aim of security awareness training is to ensure that all employees understand their security responsibilities, the ethical
conduct expected from them, and the acceptable use of an effective security program. It is important to understand the corporate
culture and its effect on the security of the organization.
User responsibilities for protection of information assets are defined in the organization's information security policies, procedures,
standards, and best practices developed for information protection. Security awareness training may be customized for different
groups of employees, such as senior management, technical staff, and users. Each group has different responsibilities and they
need to understand security from a perspective pertaining to their domain. For example, the security awareness training for the
management group should focus on a clear understanding of the potential risks, exposure, and legal obligations resulting from loss
of information. Technical staff should be well versed regarding the procedures, standards, and guidelines to be followed. User
training should include examples of acceptable and unacceptable activities and the implication of noncompliance. User training
might be focused on threats, such as social engineering, which can lead to the divulgence of confidential information that may
hamper business operations by compromising the confidentiality and the integrity of information assets. Staff members should
particularly be made aware of such attacks to avoid unauthorized access attempts. End user awareness and training is the
responsibility of management and should include training, policies, and procedures to ensure that organizational security is
understood by all personnel.
Before developing security awareness training, it is important that the corporate environment is fully understood. Let's look at an
example. Suppose an organization notices that a large amount of malware and virus infections have occurred at one satellite
office while there are hardly any at another almost identical office. If both sites are running the same company image and receive
the same company group policies, then it is most likely that the office with the most incidents should have their end-user
awareness training examined. End-user awareness training must be provided to all employees at all levels to provide the
protection for the company.
Objective:
Network Operations
Sub-Objective:
Identify policies and best practices.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks, User Training
Question #137 of 200
Question ID: 1123345
You are looking at implementing several different 10GBase networks. You need to implement the one that offers the longest cable
run because of the distances you must cover for your company's network. Which 10GBase specification should you select?
A) 10GBaseLX4
B) 10GBaseLR
C) 10GBaseER
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
145/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) 10GBaseSR
Explanation
The 10GBaseER designation allows a maximum cable run of up to 40 kilometers (25 miles ).using single-mode fiber optic cable.
The 10GBaseLR designation allows a maximum cable run of up to 25 kilometers (16 miles) using single-mode fiber optic cable.
The 10GBaseSR designation allows a maximum cable run of up to 25 meters (85 feet), 82 meters (270 feet), or 300 meters (980
feet), depending on which multi-mode cable is used. The 10GBaseLX4 designation allows a maximum cable run of either 240
meters (790 feet) or 300 meters (980 feet) using either single-mode or multi-mode fiber optic cable..
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
10GBase, http://www.ethermanage.com/ethernet/10gig.html
Question #138 of 200
Question ID: 1289276
Management has decided to implement a diversity antenna system at its main headquarters. What is the advantage of using this
system?
A) A diversity antenna system avoids multipath distortion.
B) A diversity antenna system increases the coverage area.
C) A diversity antenna system increases the transmission power.
D) A diversity antenna system adds more bandwidth.
Explanation
To avoid multipath distortion, you should use the diversity antenna system on 802.11b Wireless Local Area Network (WLAN)
access points and bridges. Multipath distortion is caused by the reflection of radio frequency (RF) signal on surfaces while
traveling between the transmitter and the receiver. The reflected signals reach the receiver with delay. This delayed signal adds
distortion to the non-reflected signal that is received by the antenna.
Multipath distortion can be avoided either by using an antenna diversity system or by changing the location of the antenna. To
provide antenna diversity, each access point has two antenna connectors. With the antenna diversity system, the signal is received
through both antennas and the best antenna is selected by comparing the distortion ratio. The antenna that receives the lowest
distortion signal is selected as the best antenna. This antenna is used to receive the signal continuously until there is a failure in
the received packet. If the received packet fails, the access point starts the process to select the best antenna again.
Diversity antennas do not add more bandwidth, increase the coverage area, or increase the transmission power.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
146/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
Cisco > Multipath and Diversity > Diversity, https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/27147multipath.html#diversity
Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4
Question #139 of 200
Question ID: 1289185
In the context of physical security, which statement related to security guard personnel is most appropriate?
A) Security guard personnel are a cost effective countermeasure to reduce physical security
risk.
B) Security guard personnel are one of the administrative controls in a layered security
architecture.
C) Security guard personnel are the most expensive countermeasure for reducing the
physical security risk.
D) Security guard personnel act as the last line of defense in securing the facility
infrastructure.
Explanation
Security guard personnel are the most expensive countermeasure used to reduce physical security risks. The cost of hiring,
training, and maintaining them can easily outweigh the benefits. Security guard personnel, in combination with other physical
security controls and technical controls such as fences, gates, lighting, dogs, CCTVs, alarms, and intrusion detection systems, act
as the first line of defense in maintaining the security of a facility infrastructure . Security guards are the best protection against
piggybacking.
Mantraps also provide protection against piggybacking. The last line of defense is the remaining workforce of the company,
excluding the security guards, in a layered security architecture. Personnel are an example of physical security controls and not
administrative controls.
Objective:
Network Security
Sub-Objective:
Summarize the purposes of physical security devices.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
147/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Security Guards, http://homesecurity.about.com/od/homesecurity/a/Security-Guards.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Categories of Network Attacks
Question #140 of 200
Question ID: 1289134
You work for a company that deploys wireless networks for your customers. You have been asked to deploy wireless range
extenders for several companies. For which of the following situations does deploying a wireless range extender make sense?
A) To add wireless coverage for an office expansion to 10th floor, where up to 40 users
might need wireless access at the same time
B) For the back porch of a coffee shop where as many as 30 users might need wireless
network access at the same time
C) For a sprawling small office/home office layout with no more than 10 devices active at
any given time, but with two dead spots in need of improved wireless network access
D) For a new branch office opening 7 km away from the main office, where 5-10 users will
need wireless network access at the same time
E) For a deli dining area in a grocery store, where up to 35 patrons may need wireless
access at the same time
Explanation
The only situation in which deploying a wireless range extender would make sense is for a sprawling small office/home office
layout (SOHO) with no more than 10 devices active at any given time, but with two dead spots in need of improved wireless
network access. A wireless range extender provides wireless coverage for a larger area than a single wireless access point can
handle on its own. Strategically placed range extenders can also deliver wireless coverage in areas where low-signal or no-signal
conditions may prevail when only a single WAP is used. In fact, wireless extenders will provide something less than the square of
the area that a single WAP covers, because they must stay close enough to the WAP to receive a strong enough signal for them to
meaningfully extend that signal further afield.
As the name indicates, a wireless range extender simply extends an existing wireless network, usually provided by a wireless
access point that also includes multiple switched ports and built-in router capabilities (along with USB ports, DHCP, address and
content filtering, and more). Low cost range extenders offer none of these additional functions; more expensive models may
include some of these. In general, a range extender should not be expected to handle more than 20 or 25 simultaneously
connected devices, whereas wireless access points can typically handle up to 60 devices each. Thus, wireless range extenders
apply only to small-scale, low-usage scenarios like the small office/home office situation described.
The coffee ship option is incorrect because it requires support for 30 simultaneous users/devices. It would be best served with a
wireless access point.
The office expansion to the 10th floor option is incorrect because it requires support for 40 simultaneous users/devices. Again, it
would be best served with a wireless access point.
The branch office option is incorrect because the distance between the two offices (7 km) is much further than the range of the
wireless access point can handle. The branch office will need its own Internet link, as well as one or more wireless access points to
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
148/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
service those wireless users.
The deli option is incorrect because the number of simultaneous users in the deli exceeds the recommended maximum for a
wireless range extender. It would be best served with another wireless access point.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, determine the appropriate placement of networking devices on a network and install/configure them.
References:
What is an Access Point and How is it Different from a Range Extender?, https://www.linksys.com/us/r/resource-center/what-is-awifi-access-point/
Wi-Fi Range Extender Best Setup Guide, https://routerguide.net/wifi-range-extender-best-setup-guide/
Question #141 of 200
Question ID: 1123372
Which system or device detects network intrusion attempts and controls access to the network for the intruders?
A) IPS
B) IDS
C) firewall
D) VPN
Explanation
An intrusion prevention system (IPS) detects network intrusion attempts and controls access to the network for the intruders. An
IPS is an improvement over an intrusion detection system (IDS) because an IPS actually prevents intrusion.
A firewall is a device that is configured to allow or prevent certain communication based on preconfigured filters. A firewall can
protect a computer or network from unwanted intrusion using these filters. However, any communication not specifically defined in
the filters is either allowed or denied. Firewalls are not used to detect and prevent network intrusion. Firewalls are used to keep a
private network secure from intruders trying to access it from the public network. Firewalls control the flow of traffic into a network
by filtering packets based on their type or their destination addresses. Only legitimate packets pass through the firewall. For
example, a firewall can be configured to deny access based on TCP port number or the IP address of the sender. A firewall can be
hardware-based, software-based, or a combination of both. Scanning services are used to verify updates on a firewall. A firewall
provides packet filtering. A firewall can admit packets to a network or deny a packet admission to a network based on several
criteria, including the domain name and the IP address of the host that sent the data packets to the network. The packet-filtering
functionality of a firewall and the HTTP proxy server functionality of an HTTP proxy server, as well as other functionality, is often
bundled into a single product that is referred to as either a firewall or a proxy server. In its simplest form, however, a firewall only
provides packet-filtering services. Packet filtering is also referred to as content filtering. A packet or content filter can be configured
based on IP address, MAC address, port number, protocol used, and other factors.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
149/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
An IDS only detects the intrusion and logs the intrusion or notifies the appropriate personnel.
A virtual private network (VPN) is a private network that users can connect to over a public network.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
What are the Different Types of Intrusion Prevention?, http://www.wisegeek.com/what-are-the-different-types-of-intrusionprevention.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Intrusion Detection and Prevention
Question #142 of 200
Question ID: 1289131
You have been hired as a network administrator. The company wants to implement a 10 Gigabit Ethernet designation for use with
a SONET network. Which of the following should you implement?
A) 10GBaseSR
B) 10GBaseLR
C) 10GBaseSW
D) 10GBaseLX4
Explanation
The 10GBaseSW designation is for use with Synchronous Optical Networking (SONET) networks. Other SONET network
designations include 10GBaseEW, 10GBaseLW, and 10GBaseZW. The W designation in the 10GBase specification includes
SONET usage. The 10GBase W specifications for a SONET network include the following:
10GBaseEW - This specification uses 1550 nanometer (nm) lasers over single-mode fiber optic cable up to 40 kilometers (25
miles) maximum cable run.
10GBaseLW - This specification uses 1310 nm lasers over single-mode fiber optic cable up to 25 kilometers (16 miles)
maximum cable run.
10GBaseSW - This specification uses 850 nm lasers over multi-mode fiber optic cable. The maximum cable run can be 25
meters (85 feet), 82 meters (270 feet), or 300 meters (980 feet), depending on which multi-mode cable is used.
The 10GBaseSR and 10GBaseLR designations are not for use with SONET networks. The 10GBase R specifications, which
include 10GBaseER, 10GBaseLR, and 10GBaseSR, are not used in SONET networks. These specifications have the same laser
type, cable type, and maximum cable run stipulations as their 10GBase W designation counterparts.
The 10GBaseLX4 designation is not for use with SONET networks. This specification is used when you need to support both
single-mode and multi-mode fiber optic cable. It uses four lasers in the 1300 nm range over single-mode or multi-mode fiber-optic
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
150/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
cable. When this specification is deployed using single-mode fiber optic cable, it can support a maximum cable run of 10
kilometers (6.2 miles). When deployed using multi-mode cable, this specification can support a maximum cable run of either 240
meters (790 feet) or 300 meters (980 feet).
For the Network+ exam, you also need to understand Data Over Cable Service Interface Specification (DOCSIS). This standard
supports up to 42.88 Mbps downstream and 27 Mbps upstream, depending on which version is implemented.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
10GBase, http://www.ethermanage.com/ethernet/10gig.html
Question #143 of 200
Question ID: 1123454
You are the network administrator for a manufacturing company. Technicians that work on computers used on the manufacturing
floor may come into contact with dangerous chemicals. You need to understand which chemicals they will come into contact with
and their associated safety issues. What should you consult?
A) ESD
B) ACL
C) HVAC
D) MSDS
Explanation
You should consult the material safety data sheet (MSDS) to understand which chemicals technicians will come into contact with
and any safety issues regarding those chemicals. If personnel come into contact with any chemicals, including thermal compound,
you should consult the MSDS.
An access control list (ACL) determines who has access to resources. Electrostatic discharge (ESD) can damage electronic and
computer components. Heating, ventilation, and air conditioning (HVAC) systems control the temperature and humidity.
For the Network+ exam, you need to understand installation safety. Lifting equipment requires that you use proper lifting
techniques, including lifting with your legs. You should ensure that procedures for rack installation are followed to ensure proper
ventilation. Device placement is important to ensure that proper ventilation occurs and that no electrical or radio interference is
present. Finally, you should be sure that you use the appropriate tools in a safe manner. Never use tools on a device that is still
plugged in.
Objective:
Network Operations
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
151/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Identify policies and best practices.
References:
What is Material Safety Data Sheet?, http://www.wisegeek.com/what-is-a-material-safety-data-sheet-msds.htm
Question #144 of 200
Question ID: 1289197
You support multiple wireless networks. You need to ensure that the protocols used offer the appropriate level of security. Match
the descriptions on the left with the Wireless Encryption Protocols on the right.
{UCMS id=5763076483710976 type=Activity}
Explanation
The Wireless Encryption Protocols should be matched with the descriptions in the following way:
WEP - Uses a 40-bit or 104-bit key
WPA/WPA2 Personal - Uses a 256-bit pre-shared key (PSK)
WPA/WPA2 Enterprise - Requires a RADIUS server
Objective:
Network Security
Sub-Objective:
Given a scenario, secure a basic wireless network.
References:
Wi-Fi Protected Access, http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
Wired Equivalent Privacy, http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless LANs, Securing Wireless LANs
Question #145 of 200
Question ID: 1289078
Which feature provides varying levels of network bandwidth based on the traffic type?
A) fault tolerance
B) traffic shaping
C) load balancing
D) QoS
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
152/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Quality of Service (QoS) provides varying levels of network bandwidth based on the traffic type. Each traffic type has its own
queue. Each traffic type queue is given its own priority. Traffic types with a higher priority are preferred over lower priority traffic
types.
Traffic shaping is a specialized type of QoS where traffic from each host is monitored. When traffic from the host is too high,
packets are then queued. Traffic shaping can also define how much bandwidth can be used by different protocols on the network.
Load balancing divides requests among several servers or resources. This ensures that no single server or resource is
overloaded.
Fault tolerance is the ability to respond to a single point of failure on a network. Fault tolerance on servers involves hardware
RAID, UPS systems, power conditioning, backups, and clustering.
QoS is used in a variety of networks, including VoIP, to ensure performance standards.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, QoS Technologies
What is QoS?, http://www.tech-faq.com/qos.shtml
Question #146 of 200
Question ID: 1123532
Which mitigation technique provides less restricted access to a system?
A) File integrity monitoring
B) Privileged user account
C) DMZ
D) Role separation
Explanation
A privileged user account is an account that has less restrictive access to a system. Examples of privileged user accounts include
domain administrators, local administrators, and application accounts. Users with privileged accounts can include systems admins,
management personnel, network administrators, and database administrators, among others.
File integrity monitoring helps to identify unauthorized changes to files. The monitoring process looks at such events as if or when
a file was changed, who made the change, the nature of the change, and what can be done to restore the file to the pre-change
state. File integrity monitoring does not provide access to systems, only to files.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
153/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Role separation involves dividing server duties amongst two or more servers to reduce an attack profile. For example, if a server
running the Active Directory, DNS, and DHCP roles went down, all those services would be unavailable. If, on the other hand,
Server A hosted Active Directory, Server B hosted DNS, and Server C hosted DHCP, an attack that brought Server B down would
not affect the other services. Role separation does not affect the levels of access granted to a system.
A demilitarized zone (DMZ) provides mitigation by placing two firewalls in the network. Critical servers such as email servers and
web servers are placed between the two firewalls. A DMZ imposes more restrictions to access, not fewer restrictions.
Objective:
Network Security
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
The threat of privileged user access - monitoring and controlling privilege users, https://www.scmagazineuk.com/the-threat-ofprivileged-user-access--monitoring-and-controlling-privilege-users/article/568624/
Question #147 of 200
Question ID: 1123309
Your company has a main office and three branch offices throughout the United States. Management has decided to deploy a
cloud solution that will allow all offices to connect to the same single-routed network and thereby connect directly to the cloud.
Which of the following is the BEST solution?
A) P2P
B) Client-to-site VPN
C) MPLS VPN
D) Site-to-site VPN
Explanation
The best solution is to deploy a Multiprotocol Label Switching Layer 3 (MPLS L3) virtual private network (VPN). This will allow all
offices to connect to the same single-routed network and connect directly to the cloud.
None of the other options allows all offices to connect to the same single-routed network and thereby connect directly to the cloud.
A point-to-point (P2P) allows each office to establish its own connection with the cloud. A client-to-site VPN allows each client to
establish its own VPN connection with the cloud, but it requires a separate connection. A site-to-site VPN allows each site or office
to establish its own VPN connection with the cloud, but each solution uses a different network.
The connection methods used to connect to the cloud include P2P, client-to-site VPN, site-to-site VPN, and MPLS L3 VPN.
Objective:
Networking Concepts
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
154/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Summarize cloud concepts and their purposes.
References:
Connecting to the cloud - Your options explained, http://blog.iomart.com/connecting-to-the-cloud-options-explained
Question #148 of 200
Question ID: 1289143
Which connection type allows for connections of up to 44.736 Mbps?
A) E3
B) T3
C) E1
D) T1
Explanation
A T3 connection allows for connections of up to 44.736 Mbps. The T-Carrier system offers several different levels of connections.
Each level has a different number of channels, which are separate paths through which signals flow. Having more channels
increases the bandwidth. However, T1 and T3 are the two most commonly used T-lines.
The equivalent of the North American T-carrier system is the European E-carrier system.
For testing purposes, you should understand the standards for the following carrier lines:
T1 - 1.544 Mbps, 650 feet maximum cable length, UTP/STP/coaxial cable
T3 - 44.736 Mbps, 450 feet maximum cable length, coaxial cable
E1 - 2.048 Mbps, 650 feet maximum cable length, UTP/STP/coaxial cable
E3 - 34.368 Mbps, 450 feet maximum cable length, coaxial cable
All of these carrier lines are circuit-switched networks.
Objective:
Infrastructure
Sub-Objective:
Compare and contrast WAN technologies.
References:
What are T1 and T3 lines?, http://compnetworking.about.com/od/networkcables/f/t1_t3_lines.htm
E-carrier, http://en.wikipedia.org/wiki/E-carrier
CompTIA Network+ N10-007 Cert Guide, Chapter 7: Wide Area Networks (WANs), WAN Technologies
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
155/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #149 of 200
Question ID: 1123550
You need to verify a network's transmission speed. Which tool should you use?
A) loopback plug
B) connectivity software
C) bit-error rate tester
D) throughput tester
Explanation
A throughput tester is best used to verify a network's transmission speed.
Connectivity software is any type of software that allows you to remotely connect to a network. Microsoft's proprietary Remote
Desktop Protocol (RDP) and Remote Desktop Connection (RDC) are both types of connectivity software.
Bit-error rate tester is a tool that contains a pattern generator and error detector to determine the bit-error rate.
A loopback plug is a device that is plugged into a network port to determine if the port is functional.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #150 of 200
Question ID: 1123256
You have decided to implement 802.1q. What does this standard do?
A) It forwards traffic based on priorities.
B) It implements MAC filtering.
C) It implements VLAN trunking.
D) It implements STP.
Explanation
If you implement 802.1q, you are implementing VLAN trunking. It allows traffic from all VLAN to cross a single cable between two
switches. If 802.1q were not implemented, each separate VLAN would require its own port connection.
Trunking (802.1q) allows different switches to support the same virtual LAN (VLAN) using frame-tagging. For example, when two
ports on Switch A are connected to one port on Switch B, trunking has been implemented. Frame tags will be used to route the
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
156/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
communication appropriately. If you need to add a switch to a room through which laptops can connect for full network access, you
should configure a trunk on a switch port for both switches, including the new switch in the room and the switch to which the new
switch connects.
The 802.1d standard implements Spanning Tree Protocol (STP), which prevents looping.
MAC filtering allows traffic to be permitted or denied based on the device's MAC address. MAC filtering is just one type of traffic
filtering that you can configure on devices. You can also configure traffic filtering based on other criteria, such as device name or
port used.
Quality of Service (QoS) forwards traffic based on pre-configured priorities.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 4: Ethernet Technology, Ethernet Switch Features
IEEE 802.1q, http://en.wikipedia.org/wiki/IEEE_802.1Q
Question #151 of 200
Question ID: 1123241
Which of the following options are relevant to network segmentation when using switches? (Choose all that apply.)
A) ARP tables
B) MAC address tables
C) Tagging and untagging ports
D) VLANs
Explanation
Virtual local area networks (VLANs) allow you to segment a network and isolate traffic to different segments. Each segment (such
as Sales, Administration, Manufacturing, or Accounting) can become its own VLAN. VLANs are created by tagging and untagging
ports on a switch. A trunk port, which serves as the connection between switches, tags the VLAN traffic. An access port, which is
the connection to an end device, does not tag. Port tagging and VLANs are not used in unsegmented networks.
MAC address tables contain the MAC address of any device on the network and the corresponding port on the switch to which it is
attached. In instances where a VLAN is implemented, the MAC address table will also have the associated VLAN for that port.
However, MAC address tables alone do not provide the network segmentation.
ARP tables show the relationship of IP addresses to MAC addresses and are located on most devices. While they help the devices
may routing decisions, they do not provide network segmentation.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
157/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
Fundamentals of 802.1Q VLAN Tagging,
https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Fundamentals_of_802.1Q_VLAN_Tagging
Question #152 of 200
Question ID: 1123378
A consultant recommends that your company implements an appliance firewall. To which type of firewall is this referring?
A) application
B) software
C) hardware
D) embedded
Explanation
A hardware firewall is also referred to as an appliance firewall. Appliance firewalls are often designed as stand-alone black box
solutions that can be plugged in to a network and operated with minimal configuration and maintenance.
An application firewall is typically integrated into another type of firewall to filter traffic that is traveling at the Application layer of the
Open Systems Interconnection (OSI) model. An embedded firewall is typically implemented as a component of a hardware device,
such as a switch or a router.
A software firewall is a program that runs within an operating system, such as Linux, Unix, or Windows 2000. If you set up a
subnet with computers that use peer-to-peer communication, a software firewall is probably the best firewall solution.
Firewalls can be used to create demilitarized zones (DMZs). A DMZ is a network segment placed between an internal network and
a public network, such as the Internet. Typically, either one or two firewalls are used to create a DMZ. A DMZ with a firewall on
each end is typically more secure than a single-firewall DMZ. However, a DMZ implemented with one firewall connected to a public
network, a private network and a DMZ segment is cheaper to implement than a DMZ implemented with two firewalls.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
Chapter 6: Firewalls, http://service.real.com/help/library/guides/helixuniversalproxy/htmfiles/firewall.htm
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
158/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Introduction to firewalls: Types of firewalls, http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1282044,00.html
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
Question #153 of 200
Question ID: 1289304
You originally configured a redundant server with a static IP address, and it has been offline for some time. When you power the
server up to performs some tests, what might be an unexpected consequence?
A) Incorrect host-based firewall settings
B) Blocked TCP/UDP ports
C) Duplicate IP addresses
D) Names not resolving
Explanation
The consequence may be duplicate IP addresses. Duplicate IP addresses can occur when a DHCP server “thinks” an IP address
is available. For example, a client machine requests an IP address, and the DHCP server issues an address listed as available
from the pool of addresses. A conflict may occur if a dormant machine comes back online with an IP address that the DHCP server
thought was expired and added back into the pool.
Names not resolving occurs when you enter a URL that you know to be valid, and the Domain Name System (DNS) does not
provide the corresponding IP address for that server. IP addresses, not the URLs we enter into the browser, are used to locate
machines throughout a LAN or over the Internet. DNS provides the translation of URLs to IP addresses and vice versa, known as
name resolution. This would not be an issue because the server should still be able to communicate with the DNS server.
Incorrect host-based firewall settings present security risks. Host-based firewalls are often configured by untrained users, and only
protect a single machine. Once that host-based firewall has been breached, the device on which the host-based firewall is installed
is at risk. The configuration of the firewall should be fine as it is a host-based firewall, meaning it is installed on the server.
Blocked TCP/UDP ports are often necessary to protect the network from insecure protocols that are easily exploited by hackers.
Ports that are often blocked include TCP port 23 (Telnet), TCP port 21 (FTP), TCP/UDP port 53 (DNS, as a post-attack exit port),
and UDP port 161 (SNMP). Blocked TCP/UDP ports were likely configured based on security policies and should not be changed
unless you are authorized to do so.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
Detect and Avoid IP Address Conflicts, https://technet.microsoft.com/en-us/library/ff606371.aspx
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
159/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #154 of 200
Question ID: 1123634
You are nearing the completion of a project that involves implementing a new network infrastructure and upgrading the operating
systems running on your network servers. Currently, static IP addresses and HOSTS files are used. The upgrade has included
implementing DNS, implementing DHCP, and moving servers and other resources to a new location with new IP addresses.
However, now you cannot access the resources that were moved using their host names from any of the client workstations. You
can access them by their IP addresses. What should you do first?
A) Configure DHCP to supply a different range of IP addresses to the workstations.
B) Delete the HOSTS file on each workstation.
C) Enable NetBIOS over TCP/IP.
D) Import the workstations' names and address mappings to DNS.
Explanation
Workstations read entries in their HOSTS files before making requests to DNS. In this scenario, this behavior would cause the
workstation to use the incorrect IP address when attempting to access a server by its host name. For example, suppose an FTP
server with an original IP address of 172.35.2.100 and the host name ftp.domain.com was moved and its address changed to
172.25.2.300. When a user typed in the URL for the server in a browser, the client would search its HOSTS file and find an entry
for ftp.domain.com at IP address 172.35.2.100. It would then attempt to contact the server using IP address 172.35.2.100, which is
the wrong IP address. However, if you delete the HOSTS file, or remove the entry for the server, the workstation will search DNS to
resolve the server's host name when it does not find an entry for the server the local HOSTS file.
Enabling NetBIOS over TCP/IP would not allow you to access hosts using their host names. NetBIOS allows you to browse for
resources using Windows machine names.
Importing the workstations' names and address mappings to DNS is not necessary for clients to connect to the servers. However, if
the wrong DNS information in configured, devices will be unable to properly resolve a DNS name. The device or host will need to
be reconfigured with the correct DNS information.
Configuring DHCP to supply a different range of IP addresses to the workstations is also not necessary. DHCP seems to be
configured properly given that the clients have connectivity and can access resources using IP addresses. If the DHCP server in
configured incorrectly, hosts will be obtaining incorrect IP information from this server. This could include incorrect IP address,
subnet mask, default gateway, and even DNS server information. While a DHCP server makes it much easier to configure client's
with their IP configuration information, a misconfigured component within the DHCP lease can cause communication problems
from all DHCP clients.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
LMHOSTS or HOSTS file: What is the difference?, http://www.tek-tips.com/faqs.cfm?fid=807
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
160/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #155 of 200
Question ID: 1123310
Which of the following is a security implication if your company uses a public cloud deployment?
A) Surges in demand require that company resources will need to be adjusted accordingly.
B) The local ISP and power grid can impact the availability of resources stored on the cloud.
C) Other tenants can gain physical access to the resources that store your company's data.
D) Security issues are the sole responsibility of the company's personnel.
Explanation
When using a public cloud deployment, other tenants can gain physical access to the resources that store your company's data.
All of the other statements are security implications of implementing a private cloud, not a public cloud.
For the Network+ exam, you need to understand the different security methods and considerations for each cloud deployment. In
most cases, a private cloud will have the opposite security implications and considerations from public cloud. For example, with a
private cloud, you retain complete physical control of the data. But with public cloud, the physical control of the data rests with the
cloud provider.
The relationship between the local and cloud resources is also important. Personnel will need to understand the transfer of data
between local and cloud resources and how the availability of local resources can affect the cloud deployment.
Objective:
Networking Concepts
Sub-Objective:
Summarize cloud concepts and their purposes.
References:
Security implications of public vs. private clouds, https://www.zdnet.com/article/security-implications-of-public-vs-private-clouds/
Question #156 of 200
Question ID: 1123400
What should a business with a main office downtown use to communicate with various offices in nearby suburban locations?
A) Cable broadband
B) MAN
C) CSU/DSU
D) DSL
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
161/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
A Metropolitan Ethernet, or Metropolitan Area Network (MAN), or Metro Ethernet, is a network encompassing a localized
geographic area, such as a city and its suburbs. Government entities, businesses, and hospitals (for example) can use a
Metropolitan Ethernet to interconnect a main office with satellite offices in the suburbs.
A Channel Service Unit/Data Service Unit (CSU/DSU) is a device that connects a router to a digital circuit, such as a T1 line. The
CSU/DSU converts the signal from a wide area network into frames for a local area network. CSU/DSUs are network components,
but do not create a network.
Cable broadband provides last-mile Internet service from the ISP to the subscriber. Because it is "broadband" as opposed to
"baseband", the coaxial cable used can carry internet data, TV signals and telephone service.
Digital Subscriber Line (DSL) provides broadband service over existing telephone lines. There are several varieties of DSL,
collectively called xDSL, where the x indicates different types of service. DSL is distance-sensitive, and subscribers must live
within 15000 feet of the ISP point-of-presence.
Objective:
Infrastructure
Sub-Objective:
Compare and contrast WAN technologies.
References:
What is Metro Ethernet?, https://www.juniper.net/us/en/products-services/what-is/metro-ethernet/
Question #157 of 200
Question ID: 1123612
An employee shows you a Web site that publishes the SSIDs and passwords for private wireless networks in your area. The
information on your company's wireless network is included. Of which type of attack is this an example?
A) war chalking
B) WPA cracking
C) evil twin
D) WEP cracking
Explanation
This scenario is an example of war chalking. War chalking originally occurred when hackers wrote SSID and security information
on the side of buildings. This attack has steadily evolved to the point where hackers are now publishing this information on Web
sites.
WEP cracking is the process of cracking WEP security. WPA cracking is the process of cracking WPA security.
War driving is also a wireless attack. However, with war driving, attackers drive around and attempt to discover wireless networks
that are transmitting.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
162/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
An evil twin attack occurs when a wireless access point that is not under your control is used to perform a hijacking attack. An evil
twin is a type of rogue access points. You should periodically perform a site survey to discover rogue access points. Rogue access
points can be connected to either the wired or wireless network.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
Warchalking, http://searchmobilecomputing.techtarget.com/definition/warchalking
Question #158 of 200
Question ID: 1123563
Your company's security policy states that passwords should never be transmitted in plain text. You need to determine if this policy
is being followed. Which tool should you use?
A) protocol analyzer
B) password cracker
C) network mapper
D) vulnerability scanner
Explanation
You should use a protocol analyzer to determine if passwords are being transmitted in plain text. Protocol analyzers capture
packets as they are transmitted on the network. If a password is transmitted in plain text, you will be able to see the password in
the packet. Protocol analyzers are also called network analyzers or packet sniffers. Protocol or network analyzers (or sniffers) can
be used to troubleshoot many problems. You can use sniffers to identify the MAC address causing a broadcast storm, to identify
the protocols is used on the network, or to observe connection setup, request, and response headers to a Web server.
A password cracker is used to test the strength of your passwords. It attempts to obtain a password by using dictionary or brute
force attacks.
A vulnerability scanner tests your network for known vulnerabilities and suggests ways to prevent the vulnerabilities.
A network mapper obtains a visual map of the topology of your network, including all devices on the network. A network mapper
will create a visual representation of the network map.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
163/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
References:
Network analyzer, http://searchnetworking.techtarget.com/sDefinition/0,sid7_gci1196637,00.html
On the Job with a Network Manager, http://www.ciscopress.com/articles/article.asp?p=680834&seqNum=2
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #159 of 200
Question ID: 1289094
Your company’s enterprise includes multiple subnets, each of them using a different addressing class. Match the IP addresses on
the left with the IP Address Class/Type on the right.
{UCMS id=5631435736088576 type=Activity}
Explanation
The IP addresses should be matched with the IP address classes in the following manner:
Class A Public - 77.24.16.74
Class A Private - 10.6.55.44
Class B Public - 143.91.63.19
Class B Private - 172.20.5.5
Class C Public - 204.29.83.91
Class C Private - 192.168.103.213
APIPA - 169.254.43.31
Class A addresses are in the 0.0.0.0 through 126.255.255.255 range. Class B addresses are in the 128.0.0.0 through
191.255.255.255 range. Class C addresses are in the 192.0.0.0 through 223.255.255.255 range.
There are three reserved private IP address ranges:
Class A - 10.0.0.0 through 10.255.255.255
Class B - 172.16.0.0 through 172.31.255.255
Class C - 192.168.0.0 through 192.168.255.255
Automatic Private IP Addressing (APIPA) addresses are in the 169.254.0.0 through 169.254.255.255 range
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
IP4 Address Classes, http://compnetworking.about.com/od/workingwithipaddresses/l/aa042400b.htm
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
164/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #160 of 200
Question ID: 1289224
A user is complaining that she cannot log on to the network server. What should you do first to resolve the problem?
A) Ensure that network server-access limits have not been exceeded.
B) Reboot the network server.
C) Ask the user reporting the problem to reboot her workstation.
D) Establish whether other users are experiencing the same problem.
Explanation
A logical first place to start troubleshooting would be to determine if the condition is network-wide or workstation-specific, for
example by having other similar users attempt to perform the same actions. If other users are unable to duplicate the problem, the
problem points to a workstation condition. Rebooting the server or the user's workstation are not good first steps in attempting to
resolve the problem. If the server's access limits had been exceeded, then no other users would be able to log on.
The troubleshooting order according to the CompTIA Network+ blueprint is as follows:
1. Identify the problem.
Gather information.
Duplicate the problem, if possible.
Question users.
Identify symptoms.
Determine if anything has changed.
Approach multiple problems individually.
1. Establish a theory of probable cause.
Question the obvious.
Consider multiple approaches.
Top-to-bottom/bottom-to-top OSI model
Divide and conquer
1. Test the theory to determine cause.
Once theory is confirmed, determine next steps to resolve problem.
If theory is not confirmed, re-establish new theory or escalate.
1. Establish a plan of action to resolve the problem and identify potential effects,
2. Implement the solution or escalate as necessary,
3. Verify full system functionality and if applicable implement preventive measures.
4. Document findings, actions, and outcomes.
Objective:
Network Troubleshooting and Tools
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
165/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Explain the network troubleshooting methodology.
References:
CompTIA.org - Network+ N10-007 Exam Objectives (Objective 5.1)
Question #161 of 200
Question ID: 1289288
You are moving several wireless access points to an outdoor location for a special event. What should be the primary concern to
ensure a positive experience for attendees?
A) Incorrect antenna placement
B) Signal-to-noise ratio
C) Power levels
D) Overcapacity
Explanation
The primary concern should be the power levels. You may need to boost the power levels. By nature, wireless access points have
greater coverage areas outdoors. Boosting the power level will provide a better experience for the event attendees. Power levels
can affect wireless network performance.
Overcapacity is an issue in wireless performance but usually is not the primary concern. The proliferation of wireless devices will
put an enormous drain on a wireless network originally designed for a few devices. In today’s environment, the network may need
to provide service to tablet computers, smartphones, personal performance monitors, and smart watches in addition to the few
laptops the network was originally designed to support. Always determine the number of expected devices to ensure that you
provide adequate connections.
The signal-to-noise ratio (SNR) is the relationship between the strength of the wireless signal compared to the amount of
background interference (noise). SNR is measured in decibels (dB). Devices such as microwaves, cordless phones, wireless
cameras, and fluorescent lights are all contributors. When using a Wi-Fi analyzer, any SNR below 25dB is considered poor, while a
reading above 41db is considered excellent. In outside spaces, SNR is not usually an issue.
Incorrect antenna placement can cause issues with Wi-Fi performance. Placing a wireless access point near metal ductwork,
larger metallic lamps, on top of a ceiling panel, or next to a thick wall can cause performance issues. Also, check the
manufacturer’s placement recommendation – some wireless access points are designed for wall mounting, while others are
designed for ceiling mounts. Antenna placement is not an issue in outdoor spaces as it is indoors.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
166/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
How to Fix Wi-Fi Range Issues in Windows 10, https://windowsreport.com/wi-fi-range-windows-10/
Question #162 of 200
Question ID: 1289068
You notice that several ping requests have been issued on your network in the past couple of hours. Which protocol responds to
these requests?
A) ICMP
B) RARP
C) ARP
D) TCP
Explanation
When you ping a host, Internet Control Message Protocol (ICMP) will respond to the request. ICMP works at the Network layer
(Layer 3) of the OSI model
If the ping is successful, the information returned will have this format:
Reply from 207.157.10.6: bytes=32 time<10ms TTL=128
Reply from 207.157.10.6: bytes=32 time<10ms TTL=128
Reply from 207.157.10.6: bytes=32 time<10ms TTL=128
Reply from 207.157.10.6: bytes=32 time<10ms TTL=128
"Reply" means that the host is reachable, and is responding to requests.
If the ping is unsuccessful, the information returned will have this format:
Pinging 192.168.1.5 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.5:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milliseconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Address Resolution Protocol (ARP) is responsible for mapping the hardware address of the hosts on broadcast networks with the
TCP/IP address of each host. The ARP utility allows you to view the ARP cache, which maps each IP address to a physical
address. ARP works at the Network layer of the OSI model.
Transmission Control Protocol (TCP) is a connection-oriented protocol operating at the Transport layer of the OSI model. TCP
works at the Transport layer of the OSI model.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
167/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Reverse Address Resolution Protocol (RARP) allows a host on a local area network to request its IP address from a gateway
server's Address Resolution Protocol (ARP) table or cache. RARP works at the Network layer of the OSI model.
For the Network+ exam, you must understand the basics of the following network theories and concepts:
Bit rates vs baud rate - Bit rate is the amount of bits being transferred within a unit time, where baud rate is the amount of
symbols being transferred. A symbol may contain one or more bits.
Sampling size - Sampling size is the amount of data that will be analyzed. If your sample size is too small, you will not get an
accurate estimation and may make wrong decisions based on insufficient data. If your sample size is too large, the amount of
time to obtain the data and its effect on network performance may be detrimental.
Wavelength - Wavelength is the distance between points in the contiguous cycles of a waveform signal broadcasted in space
or along a wire
Objective:
Networking Concepts
Sub-Objective:
Explain devices, applications, protocols and services at their appropriate OSI layers.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 10: Command-Line Tools, Windows Commands, ping
Ping, http://compnetworking.about.com/od/softwareapplicationstools/l/bldef_ping.htm
Cisco Guide to Troubleshooting TCP/IP: ping,
http://www.cisco.com/en/US/docs/internetworking/troubleshooting/guide/tr1907.html#wp1020819
Question #163 of 200
Question ID: 1123561
Your network is experiencing a problem that a technician suspects is concerning a Cisco router. The technician provides you the
following command results:
1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec
Which Cisco command produced the results you were given?
A) extended ping
B) traceroute
C) ping
D) tracert
Explanation
The output displayed is a part of the output from executing the traceroute command on a Cisco router. The traceroute command
finds the path a packet takes while being transmitted to a remote destination. It is also used to track down routing loops or errors in
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
168/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
a network. Each of the following numbered sections represents a router being traversed and the time the packet took to go through
the router:
1 14.0.0.2 4 msec 4 msec 4 msec 2 63.0.0.3 20 msec 16 msec 16 msec 3 33.0.0.4 16 msec * 16 msec
The output would not be displayed by the ping command. This command is used to test connectivity to a remote IP address. The
output from the ping command is as follows:
router1# ping 10.201.1.11Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.201.1.11,
timeout is 2 seconds:.....Success rate is 0 percent (0/5)The ping in this output was unsuccessful, as indicated by
the message Success rate is 0 percent.
The output would not be displayed by the tracert command. The tracert command is used by Windows operating systems, not the
Cisco command-line interface. However, the purpose of the tracert command is similar to the Cisco traceroute utility, which is to
test the connectivity or "reachability" of a network device or host. The tracert command uses Internet Control Message Protocol
(ICMP).
The output would not be displayed by the extended version of the ping command. This command can be issued on the router to
test connectivity between two remote routers. A remote execution means that you are not executing the command from either of
the two routers you are interested in testing, but from a third router. To execute an extended ping, enter the ping command from
the privileged EXEC command line without specifying the target IP address. The command takes the router into configuration
mode, where you can define various parameters, including the destination and target IP addresses, for example:
Protocol [ip]:Target IP address: 10.10.10.1Repeat count [5]:Datagram size [100]:Timeout in seconds
[2]:Extended commands [n]: ySource address or interface: 12.1.10.2 Type of service [0]:Set DF bit in IP
header? [no]:Validate reply data? [no]:Data pattern [0xABCD]:Loose, Strict, Record, Timestamp,
Verbose[none]:Sweep range of sizes [n]:Type escape sequence to abort.
Each line is a menu question allowing you to either accept the default setting (in parenthesis) of the ping, or to apply a different
setting. The real value of this command is that you can test connectivity between two remote routers without being physically
present at those routers, as would be required with the standard version of the ping command.
For the Network+ exam, you also need to understand the pathping command. The parameters that can be used with this
command are as follows:
This command produces results that are similar to the ping and tracert commands.
Objective:
Network Troubleshooting and Tools
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
169/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
Cisco IOS Command Fundamentals Reference, Release 12.4: ping,
http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_m1.html#wp1013837
Using the Extended ping and Extended traceroute Commands,
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f22.shtml
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #164 of 200
Question ID: 1123299
Your company is researching different wireless antennas. Antennas that you research are high-gain antennas. Which statement
describes a property of high-gain antennas?
A) High-gain antennas are best suited for point-to-multipoint bridging.
B) High-gain antennas avoid multipath distortion.
C) High-gain antennas provide a wide coverage area.
D) High-gain antennas provide a small vertical beamwidth.
Explanation
A high-gain antenna has a small vertical beamwidth.
The beamwidth parameter of the antenna defines the angle of the radio signal radiated. The angle of radiation of the signal is
defined in degrees. The antenna properties include the gain, beamwidth, and transmission angle.
Antennas with higher gain have less beamwidth than antennas with lower gain. The high-gain antennas have very narrow
beamwidth. For example, typical 6-dBi patch antenna has a 65-degree beamwidth, but the 21-dBi parabolic dish antenna has a 12degree radiation pattern.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, implement the appropriate wireless technologies and configurations.
References:
Cisco Aironet Antennas and Accessories Reference Guide, https://www.cisco.com/c/en/us/products/collateral/wireless/aironetantennas-accessories/product_data_sheet09186a008008883b.html
Deploying License-Free Wireless Wide-Area Networks, http://www.ciscopress.com/articles/article.asp?p=31731&seqNum=4
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
170/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #165 of 200
Question ID: 1289178
Management has decided to renovate a portion of the office. You have been asked to relocate several computers and other
network devices in the renovation area to another part of the building. After relocating the computers and devices, you document
the new location. What is the term used to describe the actions you took?
A) NAC
B) asset management
C) SLA
D) baseline
Explanation
Asset management involves documenting information regarding the company assets, including location, user, IP address, and
other information. Asset management is part of the network documentation that must be maintained. A service level agreement
(SLA) is an agreement from a service provider that details the level of service that will be maintained. Network access control
(NAC) is a method whereby an organization implements rules for security for devices that connect to the network. The rules
include all requirements for any device to connect to the network. If a device is compliant, it is given access to the network. If it is
not, it will be quarantined from the rest of the network. A baseline is a performance measurement against which all future
measurements are compared. Without a baseline, you have no way of knowing if performance is improving or degrading. For the
Network+ exam, you also need to understand the following documentation:
IP address utilization - You should always track your IP usage, particularly if you implement a network with multiple subnets.
Two devices on the same network cannot use the same IP address, even if you implement private IP addresses. Carefully
document your IP address usage to ensure communication. Implementing a DHCP server on your network is the best way to
do this. At any time, you will be able to view IP address utilization from the DHCP server.
Vendor documentation - Retain all vendor documentation for all devices, including computers. When it comes to configuration
management, vendor documentation can aid you in ensuring that you purchase hardware that is compatible with the device or
computer. In many cases, vendor documentation can be found online. But this isn't always the case, especially with older,
legacy hardware.
For the Network+ exam, you also need to understand the on-boarding and off-boarding of mobile devices. Mobile devices are
increasingly being used on corporate networks. Companies must consider the impact of these devices and create the appropriate
policies for their use. Formal on-boarding procedures should be developed and should include minimum security requirements for
the devices. Companies should implement some sort of mobile device management (MDM), which would allow you to manage
mobile devices from a central management console. MDM would allow you to on-board and off-board mobile devices quickly and
easily.
Objective:
Network Operations
Sub-Objective:
Identify policies and best practices.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
171/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation
Question #166 of 200
Question ID: 1289293
You are the network administrator for your company. One of your trainees configured the company's network. However, the
network is not working. You ran the ipconfig command on Host A and found that the subnet mask on Host A is not properly
configured. The network is shown in the following image:
Which subnet mask should you configure on Host A to solve the problem?
A) 255.255.254.0
B) 255.255.192.0
C) 255.255.0.0
D) 255.255.240.0
Explanation
According to the diagram in this scenario, the IP address configured on Host A is 172.32.2.3 and the broadcast address is
172.32.3.255. If the broadcast address for this network is 172.32.3.255, then the network ID of the next subnet in the series of
subnets created by the mask is 172.32.4.0. Because the gateway address (which must be in the same subnet as the hosts) is
172.32.2.1, it indicates that the subnet that contains the three addresses (IP address, gateway and broadcast address) has a
network ID of 172.32.2.0. The mask must be 255.255.254.0. It would yield the following subnet IDs:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
172/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
172.32.0.0
172.32.2.0
172.32.4.0
172.32.6.0
…and so on.
The mask could not be 255.255.0.0. This is a standard class B mask, and when used the broadcast address would be
172.32.255.255, not 172.32.3.255.
The mask could not be 255.255.240.0. This would create an interval of 16 between subnets in the third octet, which would yield the
following subnet IDs:
172.32.0.0
172.32.16.0
172.32.32.0
…and so on.
If this were the case, the broadcast address for these addresses' subnet would be 172.32.15.255, not 172.32.3.255.
The mask could not be 255.255.192.0. This would create an interval between subnets of 64 in the third octet, which would yield the
following subnet IDs:
172.32.0.0
172.32.64.0
172.32.128.0
…and so on.
If this were the case, the broadcast address for the subnet hosting these addresses would be 172.32.63.255, not 172.32.3.255.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
Understanding IP Addresses,
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml#ustand_ip_add
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #167 of 200
Question ID: 1289084
While designing an IPv6 addressing scheme for your network, you decide to use EUI for the host portion of each node’s address.
You need to derive a 64-bit EUI address for the hosts on your network as part of the overall IPv6 address for each node. What
should you do?
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
173/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) Use the host’s MAC address, and repeat the first two bytes of that address at the end.
B) Use the host’s MAC address with FFFE inserted in the middle.
C) Use the host’s MAC address preceded by 16 zero bits at the beginning.
D) Use the host’s MAC address with all 1s (FFFF) inserted in the middle.
E) Use the host’s MAC address with FFFE inserted in the middle, and invert the seventh
most significant bit in the MAC address.
Explanation
To derive a 64-bit Extended Unique Identifier (EUI) address, also referred to as EUI64, you need to use the host's MAC address
with FFFE inserted in the middle and the seventh most significant bit inverted in the MAC address.
EUI-64 is defined in RFC2373. It allows a host to assign itself a unique 64-bit IPv6 interface identifier. This uniquely identifies
individual IPv6 hosts on a network and eliminates the need for manual address configuration or use of DHCP.
The EUI-64 method is comprised of the final half an IPv6 network address. The full address is 128 bits, split into a 64-bit network
address, and a 64-bit host address. Because a MAC address is 48 bits long, it must first be transformed into a 64-bit string for IPv6
use. The proper formula for creating an EUI-64 host address involves splitting the MAC address in half, inserting the hexadecimal
value FFFE in the middle, and inverting the 7th most significant bit of the MAC address. The rationale for this bit inversion is fully
explained in section 2.5.1 of RFC 2373.
If you began with a network address of 2012:ABCD::/64 and a MAC address 1111:2222:3333, you would split the MAC address
into 1111:22 and 22:3333 and put FFFE in the middle, which makes the initial value 1111:22FF:FE22:3333.
Next, you must invert the seventh most significant bit in the MAC address. The seventh bit occurs in the left-most two numbers of
the MAC address 0x11. In binary, this translates to 00010001 (the seventh bit is bolded for easy visual identification). Inverting that
bit produces the value 00010011, which equals 0x13. Thus, the combined string 1111:22FF:FE22:3333 would be changed to
1311:22FF:FE22:3333 to produce the EUI-64 host ID.
Finally, you would precede that value with the network ID, producing 2012:ABCD::1311:22FF:FE22:3333. This is the complete
network address for this example node.
EUI-64 is also known as IPv6 autoconfiguration. Given a known network address and a MAC address, it permits a node to
generate its own unique IPv6 address without using DHCPv6. Like its IPv4 counterpart DHCP, DHCPv6 provides network nodes
that request IP addresses with such addresses, identifies, groups. It also manages IPv6 addresses within specific ranges under its
control, including granting, renewing, and revoking address leases and managing IPv6 configuration data for DNS/DNSv6 and
other network services. When you are using EUI-64 for automatic address generation, all subnets must be /64 (the least significant
half of the total IPv6 address). EUI-64 works equally well to create the host portion for link local (reachable within a local segment)
or global unicast (reached on the Internet) IPv6 network addresses.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
174/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
RFC 2373, http://tools.ietf.org/html/rfc2373#section-2.5.1
Cisco Learning Network Modified EUI-64, https://learningnetwork.cisco.com/thread/61508
Question #168 of 200
Question ID: 1123379
You have been asked to research the different firewall types and make recommendations on which type(s) to implement on your
company's network. You need to document how the firewalls affect network performance. Which type of firewall most detrimentally
affects network performance?
A) circuit-level proxy firewall
B) packet-filtering firewall
C) application-level proxy firewall
D) stateful firewall
Explanation
An application-level proxy firewall most detrimentally affects network performance because it requires more processing per packet.
The packet-filtering firewall provides high performance. Stateful and circuit-level proxy firewalls, while slower than packet-filtering
firewalls, offer better performance than application-level firewalls.
Kernel proxy firewalls offer better performance than application-level firewalls.
An application-level firewall, or Layer 7 firewall, creates a virtual circuit between the firewall clients. Each protocol has its own
dedicated portion of the firewall that is concerned only with how to properly filter that protocol's data. Unlike a circuit-level firewall,
an application-level firewall does not examine the IP address and port of the data packet. Often, these types of firewalls are
implemented as a proxy server.
A proxy-based firewall provides greater network isolation than a stateful firewall. A stateful firewall provides greater throughput and
performance than a proxy-based firewall. In addition, a stateful firewall provides some dynamic rule configuration with the use of
the state table.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
Firewall Q&A, http://www.vicomsoft.com/knowledge/reference/firewalls1.html
Types of firewalls, http://searchnetworking.techtarget.com/generic/0,295582,sid7_gci1282044,00.html
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
175/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #169 of 200
Question ID: 1289204
What is typically used to conceal the nature of a social engineering attack?
A) users' good intentions
B) believable language
C) excess bandwidth
D) encryption
Explanation
Believable language is typically used to conceal the nature of a social engineering attack. An example of a social engineering
attack is an e-mail hoax that is written in such a way that it causes non-technical users to panic because they think their computers
have been compromised by a virus. E-mail hoaxes typically use company names and technical language that are designed to
dupe non-technical users into believing the hoax. Phishing is a special type of social engineering attack that relies on deception
and misinformation. A social engineering attack involves acquiring information by means of an e-mail, phone call, or some other
method. Social engineering attacks are successful largely as a result of users' good intentions. Users want to warn others, so they
forward the e-mail message that contains the fraudulent virus warnings to others. A social engineering attack can create heavy
bandwidth loads on networks while users are replicating the message. Some social engineering attacks identify key system files as
viruses and direct users to delete these files. Virus warnings contained in unsolicited e-mail messages should be verified with virus
authorities, such as McAfee or Symantec, before those warnings are heeded. Encryption is not typically used to conceal the nature
of a social engineering attack.
Objective:
Network Security
Sub-Objective:
Summarize common networking attacks.
References:
Social engineering: Exploiting the weakest links, http://www.ifap.ru/library/book349.pdf
Question #170 of 200
Question ID: 1289295
The network you administer has two LANs connected by DSL routers through the Internet, as depicted in the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
176/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Client4 cannot connect to Client5. Client3 cannot connect to Client4, but Client3 can connect to Client2. Client2 can connect to
Server1, and Client1 can connect to Server2.Which device is most likely causing the connectivity problem on the network?
A) Client3
B) DSLRouter A
C) DSLRouter B
D) Hub B
E) Hub A
Explanation
Hub B is most likely causing the connectivity problem. Client4 cannot connect to Client5, which indicates that Hub B might be
defective. Client3 cannot connect to Client4, which indicates that there is a connectivity problem somewhere between Client3 and
Client4 on the network. Client3 can connect to Client2 and Client2 can connect to Server1, which indicates that Hub A is
functioning properly. Client1 can connect to Server2, which indicates that the devices between Client1 and Server2 are functioning
properly. These devices include the following: Hub A, Server1, DSL Router A, DSL Router B, and Server2.
End-to-end connectivity is a process whereby you troubleshoot connectivity issues from the host experiencing the connection
problem all the way through the network. You should always start at the local host and proceed through the network, through
routers and other devices, to the destination. Any connectivity problem could be at the host, the remote host, or anywhere in
between.
Following a logical process will ensure that the exact issue will be located. As you move out from the local host, you should keep in
mind that other hosts will be experiencing the same problem. For example, if the problem is not with the local host and you
discover that the problem is with the router, all hosts that use that router should be experiencing the same problem.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
177/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #171 of 200
Question ID: 1289067
You need to provide terminal emulation and remote login capability for one of the servers on your network. Which
Process/Application layer protocol should you use?
A) SMTP
B) TFTP
C) Tracert
D) Telnet
E) FTP
Explanation
Telnet is a user command and an underlying TCP/IP protocol for accessing remote hosts. The HTTP and FTP protocols allow you
to request specific files from remote hosts without having to log on as a user of that host computer. The Telnet protocol, however,
allows you to log on as a regular user with the associated privileges that you have been granted to the specific application and
data on that host. In other words, you appear to be locally attached to the remote system.
The Telnet command syntax is as follows:
telnet abcdef.com [port #]
This results in a logon screen with user ID and password prompts.
Telnet is most likely to be used by program developers and anyone who has a need to use specific applications or data located on
a particular host computer. A subset of the Telnet protocol is also used in other application protocols, such as FTP and SMTP.
File Transfer Protocol (FTP) is a useful and powerful tool for the general user. FTP allows a user to upload and download files
between local and remote hosts. Anonymous FTP access is commonly available at many sites to allow users access to public files
without establishing an account. Users will often be required to enter their e-mail address as a password.
Trivial File Transfer Protocol (TFTP) is a simple protocol used to transfer files. It is used to move files between machines on
different networks implementing UDP. It lacks most of the features of FTP and only provides the services of reading and writing
files and sending mail to and from a remote server.
Simple Mail Transport Protocol (SMTP) is an application protocol, so it operates at the top layer of the OSI model (Layer 7). SMTP
is the default protocol for sending e-mail in Microsoft operating systems. POP3 and IMAP are the most popular protocols for
receiving e-mail protocols. SMTP provides client and server functions and works with the Internet and UNIX. It is used to send and
receive messages.
Traceroute or Tracert identifies the route that packets take between your computer and a host. Traceroute is a utility that records
the route across the Internet that the packets take to reach the specified host. It also calculates and displays the amount of time
each hop took.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
178/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You should keep in mind that TCP connections provide large data size manageability using segmentation and error recovery for all
application-layer protocols.
The following protocols are considered unsecure:
TELNET
HTTP
SLIP
FTP
TFTP
SNMPv1 and SNMPv2
If you use any of these protocols, you should use a version that includes SSL or some other cryptography. For example, secure
shell (SSH) is a secure alternative to Telnet.
For the Network+ exam, you must understand the following vulnerabilities:
Unnecessary running services - Disable all unnecessary services on every device. Hackers will search for all used services
and attempt to employ known vulnerabilities for those services.
Open ports - Close all ports that are not used. Hackers can also use these open ports to break into your network.
Unpatched/legacy systems - Older systems provide an easy target to hackers, especially those with unsupported operating
systems or applications. For example, Windows XP is no longer supported by Microsoft. Service packs and updates are no
longer issued for this operating system. You should get rid of legacy systems that run software that is no longer supported by
the vendor or else you should find a way to isolate them from the rest of the network.
Unencrypted channels - Unencrypted channels are paths along which data can be intercepted. While it would adversely affect
the performance of the network to encrypt every single channel, you should encrypt every single channel through which
confidential or private data is sent.
Clear text credentials - Some protocols send credentials over the network in clear text. This allows an attacker to intercept the
communications to obtain the credential information. You should eliminate the use of any protocols that use clear text
credentials by replacing them with more secure protocols.
TEMPEST/RF emanation - Tempest studied the susceptibility of some devices to emit electromagnetic radiation (EMR) in a
manner that can be used to reconstruct intelligible data. Radio frequency information can be captured in a similar manner. You
should use shielding to protect against these vulnerabilities.
Objective:
Networking Concepts
Sub-Objective:
Explain devices, applications, protocols and services at their appropriate OSI layers.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications
What is Telnet?, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci213116,00.html
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
179/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #172 of 200
Question ID: 1289098
You have been hired as a contractor to implement a small office home office (SOHO) network for a small business. While gathering
the requirements and constraints regarding the network, you decide to implement two subnets on the network.
What are valid reasons for implementing subnets on an IP network? (Choose two.)
A) to increase network security
B) to reduce congestion by increasing network media bandwidth
C) to configure a greater number of hosts
D) to use more than one server on each segment of an IP LAN
E) to reduce congestion by decreasing network traffic
Explanation
The subnet mask enables TCP/IP to find the destination host's location on either the local network or a remote location.
Subnets are used for the following reasons:
to expand the network
to reduce congestion
to reduce CPU use
to isolate network problems
to improve security
to allow combinations of media, because each subnet can support a different medium
Keep in mind that the first step in designing any network, including a SOHO network, is to gather the requirements and constraints
of the network. These requirements and constraints will then guide you in how to design the network and in what hardware and
software must be purchased. Make sure to fully document all requirements, as these are vital to proper design.
In addition, you should document the size of the area to be networked, including possible cable lengths. This will ensure that you
will select the appropriate network medium. The documentation will affect the device requirements and may limit the device types
that you can implement.
Compatibility requirements with existing hardware, software, and business needs should be documented to ensure interoperability.
Equipment limitations should also be noted as these may affect purchase decisions.
Finally, you should document any environment limitations. This includes heating/air-conditioning, humidity, and power
considerations. Computer and network hardware can generate a lot of heat, resulting in problems for current HVAC systems. Also,
this hardware may require more power than the electricity system is capable of providing.
SOHO networks do not generally use any specialized hardware that is not implemented in LANs or WANs. It is important that you
understand all hardware limitations, including maximum cable lengths and other limiting factors.
When implementing SOHO networks, you need to have a clear understanding of the following concepts:
List of requirements - This list will guide you to select the appropriate network media, devices, and services. The best way to
ensure that this list is comprehensive is to interview different personnel for their opinions. Also, you need to assess the facility
that will contain the network. The facility itself may cause certain requirements or restrictions to be in place.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
180/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Device types/requirements - Once you document the network requirements, these requirements will help you to determine
which devices you need on your network. If you need to divide your network into areas of traffic isolation, you may want to
implement a switch. Otherwise, you may simply need a router. Keep in mind that you should document availability and speed
needs so that you can ensure that the network you implement can support them.
Environment limitations - Record any environment limitations. Is the location dusty? Is it dry or humid? What about the HVAC
considerations? Also, you should check for electrical outlets and any electromagnetic or radio interference that exists. When
determining where to install a server, you should first consider environmental limitations because servers will have definite
cooling needs.
Equipment limitations - Does any of the current or planned equipment have connection limitations, performance limitations, or
any other limiting factor? For example, routers only support a certain number of connections. It may be better to purchase a
router with more connections just to ensure that the network is capable of growth, even if this means increasing the budget.
Compatibility requirements - You must ensure that any devices, equipment, or media are compatible with the network and its
hosts. You should analyze all of the computers and devices currently in use, no matter how insignificant they are.
Wired/wireless considerations - You need to determine if you want to use a wired network, a wireless network, or both. Perform
a site survey to determine if there are other wireless networks in the area, which will affect your choice of wireless frequency
and channel. You should also document any objects that will cause electromagnetic and radio frequency interference.
Security considerations - Document any security issues that you expect. Of course, this includes virus and malware issues, but
it goes so much further than that. Will you allow guest access to the network? Will you allow personnel to use personal mobile
devices or flash drives? Can closets that will contain network devices be locked? Is there a secure room to contain the
servers?
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
Cisco Support: IP Addressing and Subnetting for New Users,
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800a67f5.shtml
Question #173 of 200
Question ID: 1123320
You need to ensure that the Web server always receives the same IP address from the DHCP server. What should you do?
A) Create a DHCP reservation.
B) Create a DHCP exclusion.
C) Create a scope option.
D) Create a DHCP scope.
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
181/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
To ensure that a Web server always receives the same IP address from the DHCP server, you should create a DHCP reservation.
A DHCP reservation is created at the DHCP server and is based on the MAC address of the leasing device. When the device
connects to the network, it sends a DHCPRequest message that contains its MAC address. The DHCP server will then assign the
IP address that is stipulated in the DHCP reservation. If the MAC address in the device changes for any reason, the DHCP
reservation must be re-created. DHCP reservations are also referred to as MAC reservations.
You should not create a DHCP scope. A DHCP scope is a range of IP addresses that a DHCP server can lease.
You should not create a DHCP exclusion. A DHCP exclusion is an IP address that is in the configured DHCP scope that should not
be assigned. Often IP addresses are excluded from a DHCP scope because the address is configured statically at a device. DHCP
exclusions are also referred to as IP exclusions.
You should not create a scope option. Scope options are configured for a scope to ensure that all devices that are part of the
scope will receive certain settings. This is particularly useful for assigning the DNS server, router, and domain name information.
By using scope settings, all devices that utilize DHCP will obtain these settings during the DHCP login process.
Computers on your network can use static or dynamic IP address. If static addressing is used, all devices on the network will need
to be manually configured with all IP address information, including IP address, default gateway, and subnet mask. This can
require a large amount of administrative effort. In addition, it is often considered an inefficient use of an organization's allotted IP
addresses because the IP addresses can only be used by the device on which they are statically configured. If that device in nonoperational, the IP address is not available for any other device to use.
Dynamic addressing, on the other hand, allows a DHCP server to dynamically assign IP addresses when device's request them.
The DHCP leases the IP address to the DHCP client. When the client device is turned off, it releases the IP address back to the
DHCP server, thereby allowing another client device to lease that same address. The DHCP server can also assign other settings
using server or scope options. Server options apply to all DHCP clients, regardless of which scope the clients are in. Scope
options apply to all DHCP clients within a single scope.
In some cases, your organization may need to deploy a DHCP relay agent. The DHCP relay agent permits DHCP clients and
servers to be placed on separate networks. DHCP messages are IP broadcast to all computers on the subnetwork. But if your
organization has multiple subnets, things get a bit complex because DHCP broadcast messages do not cross router boundaries.
You can either deploy a DHCP server on each subnet (very expensive) or deploy DHCP relay agents on the subnets that do not
have a DHCP server. DHCP IP helper addresses are IP addresses configured on a routed interface that allow the router to act as
a DHCP relay agent.
Objective:
Networking Concepts
Sub-Objective:
Explain the functions of network services.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 3: Network Components, Specialized Network Devices
Question #174 of 200
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
Question ID: 1123422
182/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Which of the following would be the best recovery solution in the event that a network segment is unavailable?
A) Redundant circuits
B) Battery backup/UPS
C) Power generators
D) Dual power supplies
Explanation
Redundant circuits would be the best recovery solution in the event that a network segment becomes unavailable. The redundant
circuit can provide a backup route if a NIC, cable, router, or switch fails. You can create a redundant circuit buy installing an
additional NIC in a computer and connecting the second NIC to a different port on another switch.
Battery backups or uninterruptable power supplies (UPSs) provide temporary power to a limited number of systems. UPSs are
designed to provide enough power to allow an orderly shutdown of a system in the event of a power failure.
Power generators activate when there is a loss of power. Power generators are usually gasoline or diesel engines, and will run as
long as they have fuel and do not break down. They provide power for much longer periods of time than a battery backup or UPS.
Dual power supplies provide redundancy in the event of a failure of one of the power supply units internally within a computer. The
failure of the power supply on a mission-critical server can be catastrophic. Equipping such a server with a dual power supply will
provide redundancy and increase uptime.
Objective:
Network Operations
Sub-Objective:
Compare and contrast business continuity and disaster recovery concepts.
References:
Build Redundancy into Your LAN/WAN, http://www.itprotoday.com/management-mobility/build-redundancy-your-lanwan
CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability
Question #175 of 200
Question ID: 1123398
Which technology allows using label switching for routing frames?
A) packet-switching
B) circuit-switching
C) MPLS
D) point-to-multipoint
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
183/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Multiprotocol Label Switching (MPLS) is a WAN technology that allows using label switching for routing frames. It uses labelswitching routers and label-edge routers to forward traffic.
In circuit-switching networks, the path over which communication occurs is decided upon before the data transmission starts. For
the entire communication session between the two communicating bodies, the route is dedicated and exclusive, and released only
when the session terminates.
In packet-switching networks, the packets are sent towards the destination irrespective of each other. Each packet has to find its
own route to the destination and finds its way using the information it carries, such as the source and destination IP addresses.
A point-to-multipoint connection refers to communication between one station and many other stations. A point-to-multipoint
connection can be a broadcast or non-broadcast communication. A point-to-point connection refers to a communications
connection between two nodes or endpoints.
Objective:
Infrastructure
Sub-Objective:
Compare and contrast WAN technologies.
References:
Multiprotocol label switching, http://en.wikipedia.org/wiki/Multiprotocol_Label_Switching
Question #176 of 200
Question ID: 1289212
What is a correct description of a honeypot system?
A) a computer used to entice an attacker
B) a test methodology used to reveal vulnerabilities
C) a type of attack in which the target system is flooded with unauthorized service requests
D) a tool used to detect alterations in system files
Explanation
A honeypot system is installed to entice potential attackers. A honeypot system is generally installed together with popular services
and enabled ports behind a firewall in a demilitarized zone (DMZ). This system should be isolated to prevent it from hampering the
operations of a protected network. The implementation of this system underlines the difference between the concepts of
entrapment and enticement. Entrapment refers to inducing an intruder to commit an unintended crime. Enticement refers to the
process of rendering a computer vulnerable to attacks by making popular ports and services available on the computer.
A file integrity checker is a tool used to determine whether attackers have altered any files. Commonly they will alter either a
computer's event and application logs or the critical system files. A file integrity checker allows quick analysis of a file to see if it
has changed in any way. When security is compromised, an attacker often alters certain key files to provide continued access and
prevent detection. First, you apply a message digest hash to key files at initial system creation. Later, you can check the files
periodically to ensure that the file has not been altered.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
184/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Penetration testing is used to assess a system's capability to resist an attack and to reveal any system or network vulnerability.
Penetration testing, which is also called ethical hacking, is the vulnerability assessment procedure performed by security
professionals after receiving the management's approval. Penetration testing is the process in which security experts use security
tools to identify system vulnerabilities. Ethical hackers use tools that have the potential to assess security flaws without exploiting
the vulnerabilities in an organization's network infrastructure. The primary objective of penetration testing or ethical hacking is to
assess the capability of the system to resist attacks and to reveal system and network vulnerabilities. Examples of penetration
testing include war dialing, sniffing, and scanning. In a denial-of-service (DoS) attack, the target computer is flooded with
unauthorized service requests. In this type of attack, an attacker floods target computers with multiple service requests until they
run out of resources and cause the computer to either freeze or crash.
A honeynet is an entire system or network of honeypots that are set up to entice attackers.
Objective:
Network Security
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
Honeypot (computing), https://en.wikipedia.org/wiki/Honeypot_(computing)
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Defending Against Attacks
Question #177 of 200
Question ID: 1123420
Which term is used to describe the ability to respond to a single point of failure on a network?
A) Loopback
B) RAID
C) Fault tolerance
D) Clustering
Explanation
The ability to respond to a single point of failure on a network is called fault tolerance. Fault tolerance on servers involves
hardware RAID, UPS systems, power conditioning, backups, and clustering.
Fault tolerance refers to making sure that devices are safe from any kind of problem that might occur with them. It carries with it
the ideas of redundancy, backups, clustering, power conditioning, RAID, and UPS systems that can keep computers up and
running.
Clustering and RAID are associated with fault tolerance on servers, rather than fault tolerance on a network.
Loopback is a test in which data is sent from a source to a destination and then back to its source to determine if the path is
working properly and data is accurate.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
185/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Network fault tolerance amounts to redundancy in both the network gear and the backbone links that connect wiring closets
together. The key component for routers, switches, and hubs are redundant parts. Your goal with network gear is to look for single
points of failure (SPOFs), and provide redundancy to make sure the network remains up and functional. To ensure a company's
long term health in the event of a disaster, redundancy and offsite backups are two of the best tools to implement.
Objective:
Network Operations
Sub-Objective:
Compare and contrast business continuity and disaster recovery concepts.
References:
What is fault tolerance, http://www.webopedia.com/TERM/F/fault_tolerance.html
CompTIA Network+ N10-007 Cert Guide, Chapter 9: Network Optimization, High Availability
Question #178 of 200
Question ID: 1289089
Currently, your company uses IPv4 across its enterprise. Your company is considering using IPv6 instead of IPv4. Which
improvements does IPv6 provide over IPv4? (Choose two.)
A) Some header fields have been dropped or made optional.
B) Header fields have been made mandatory to reduce processing requirements.
C) A new type of address is used to deliver a packet to a specific address node.
D) The IP header options allow more efficient forwarding and less rigid length limits.
E) The IP address size is increased from 64 bits to 128 bits with simpler auto-configuration
of addresses.
F) The IP address size increased from 128 bits to 156 bits with simpler auto-configuration of
addresses.
Explanation
IPv6 (version 6), or IPng (next generation), offers the following improvements over IPv4:
The IP address size increases from 32 bits to 128 bits.
Some of the header fields have been dropped.
Version 6 has less rigid length limits and the ability to introduce new options.
Packets will indicate particular traffic type.
Support will be provided for data integrity and confidentiality.
The IPv6 header is 40 fixed bytes and has eight fields of information.
Objective:
Networking Concepts
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
186/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
IPv4 or IPv6 - Myths and Realities, http://www.ciscopress.com/articles/article.asp?p=1215643
Cisco Press article: Internet Addressing and Routing First Step, http://www.ciscopress.com/articles/article.asp?
p=348253&seqNum=7
CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IP Version 6
Question #179 of 200
Question ID: 1289214
Which protocol is NOT capable of preventing a man-in-the-middle attack?
A) IPSec
B) rsh
C) SSH
D) HTTPS
Explanation
The remote shell (rsh) protocol is used to log on to remote computers and can be easily exploited by a man-in-the middle (MITM)
attack because it neither provides encryption nor authentication of data. In a MITM attack, an intruder captures the traffic of an
established connection to intercept the messages being exchanged between the sender and the receiver. The rsh protocol does
not provide security because the traffic flows in clear text and not ciphertext. You can defend against a MITM attack by using
strong encryption.
Secure shell (SSH) provides security by authenticating before the exchange of secret keys. SSH is also known as encrypted telnet
because it provides encryption of traffic exchanged between the sender and the receiver. Because encryption is used, SSH can
prevent MITM attacks better than rsh can.
HTTP Secure (HTTPS) is based on the secure socket layer (SSL) protocol. SSL is a two-layered protocol that contains the SSL
Record Protocol and the SSL Handshake Protocol. SSL handshake provides an authentication mechanism before the exchange of
credentials and prevents attacks, such as man-in-the-middle attacks, and uses certificates to validate the identities of both parties.
HTTPS is used for online transactions.
Internet Protocol Security (IPSec) is a security framework established to secure communication over insecure networks, such as
the Internet. IPSec deploys an Internet key exchange (IKE) for key exchange and management. IKE manages the first phase of
the key negotiation agreement and the secure exchange of keys as a part of the IPSec framework. IPSec prevents man-in-themiddle attacks through encryption and authentication.
Objective:
Network Security
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
187/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
What is a Man-in-the-Middle Attack and How Can You Prevent It?, https://www.globalsign.com/en/blog/what-is-a-man-in-themiddle-attack/
Question #180 of 200
Question ID: 1123411
You have changed the IP address scheme for two of your company's networks. In addition, the names of two servers have
changed. Which change management documentation should you revise?
A) network baseline
B) logical network diagram
C) wiring schematic
D) physical network diagram
Explanation
You should only revise the physical network diagram. The physical network diagram includes cable lengths and types, server
names, IP addresses, server roles, network equipment locations, and number of network users. An example of a physical network
diagram is shown in the following exhibit:
You should not revise the logical network diagram. The logical network diagram includes server roles, domain architecture,
protocols used, and trust relationships. Server names and IP addresses are not included in the logical network diagram. An
example of a logical network diagram is shown in the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
188/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You should not revise the network baseline. A network baseline includes performance statistics for your network. Changing the IP
address scheme and server names will not affect the network baselines. A network baseline is not an exhibit, but a listing of
performance statistics.
You should not revise the wiring schematic. The wiring schematic emphasizes the flow of the network. It includes equipment
symbols and lines that indicate the flow. Changing the IP address scheme and server names will not affect the wiring schematic.
An example of a wiring schematic is shown in the following exhibit:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
189/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Network Operations
Sub-Objective:
Given a scenario, use appropriate documentation and diagrams to manage the network.
References:
What is a logical network diagram?, http://www.wisegeek.com/what-is-a-logical-network-diagram.htm
What is a network diagram?, http://www.wisegeek.com/what-is-a-network-diagram.htm
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Network Documentation
Question #181 of 200
Question ID: 1123252
You are configuring a new small office home office (SOHO) at a small insurance office. After documenting the network
requirements, you decide to use Network Address Translation (NAT) so that only one public address will be needed. You want to
use the IANA-designated private IP address range that provides host IP addresses with a maximum of 16 bits.
What is a valid host IP address in this range?
A) 172.30.250.10
B) 11.0.1.0
C) 192.168.0.1
D) 10.251.250.100
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
190/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Of the IP addresses listed, 192.168.0.1 is a valid host address within the range of IANA-designated private IP addresses that
provide a maximum of 16 bits per host address. The IP address 11.0.1.0 is a public, or external, IP address.
The Internet Engineering Task Force (IETF) is a working group that creates standards for the Internet. The IETF is divided into a
number of smaller committees, including the Internet Assigned Numbers Association (IANA), which decides how the IP address
space is used. The IANA has reserved three address spaces for private or internal IP addressing. Internal IP addresses are never
assigned by the IANA for use on the public Internet. The private IP address ranges are as follows: 10.0.0.0/8, 172.16.0.0/12, and
192.168.0.0/16. Note that the number after the slash (/) character is referred to as the network address prefix, which indicates the
number of bits in the network address.
Private IP addresses in the range 192.168.0.0/16 can be used as a Class B address space with a 16-bit network address and a
16-bit host address, or they can be subnetted into Class C addresses. Valid host IP addresses in this address space range from
192.168.0.1 through 192.168.255.254. The first 16 bits in the address correspond to the network address and the last 16 bits in the
address correspond to the host address.
The internal IP address range 10.0.0.0/8 provides IP addresses with an 8-bit network address and a 24-bit host address. The first
8 bits of a 10.0.0.0/8 internal IP address correspond to the network address, and the last 24 bits correspond to the host address.
Valid host IP addresses in this address space range from 10.0.0.1 through 10.255.255.254. The address 10.251.250.100 is a valid
host IP address in this range.
The 172.16.0.0/12 private IP address range provides a 12-bit network address and a 20-bit host address. IP addresses in the
range of 172.16.0.1 through 172.31.255.254 are valid host IP addresses for this address space; the first 12 bits correspond to the
network address, and the last 20 bits correspond to the host address. The IP address 172.30.250.10 is a valid host IP address in
the range 172.16.0.0/12.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 5: IPv4 and IPv6 Addresses, IPv4 Addressing
What is a Private IP Address?, http://compnetworking.about.com/od/workingwithipaddresses/f/privateipaddr.htm
Question #182 of 200
Question ID: 1123475
Which technology provides centralized remote user authentication, authorization, and accounting?
A) VPN
B) Single sign-on
C) RADIUS
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
191/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
D) DMZ
Explanation
Remote Authentication Dial-In User Service (RADIUS) provides centralized remote user authentication, authorization, and
accounting.
A virtual private network (VPN) is a technology that allows users to access private network resources over a public network, such
as the Internet. Tunneling techniques are used to protect the internal resources.
A demilitarized zone (DMZ) is an isolated subnet on a corporate network that contains resources that are commonly accessed by
public users, such as Internet users. The DMZ is created to isolate those resources to ensure that other resources that should
remain private are not compromised. A DMZ is usually implemented with the use of firewalls.
Single sign-on is a feature whereby a user logs in once to access all network resources.
RADIUS is defined by RFC 2138 and 2139. A RADIUS server acts as either the authentication server or a proxy client that
forwards client requests to other authentication servers. The initial network access server, which is usually a VPN server or dial-up
server, acts as a RADIUS client by forwarding the VPN or dial-up client's request to the RADIUS server. RADIUS is the protocol
that carries the information between the VPN or dial-up client, the RADIUS client, and the RADIUS server. The centralized
authentication, authorization, and accounting features of RADIUS allow central administration of all aspects of remote login. The
accounting features allow administrators to track usage and network statistics by maintaining a central database.
Objective:
Network Security
Sub-Objective:
Explain authentication and access controls.
References:
An Analysis of the RADIUS Authentication Protocol, http://www.untruth.org/~josh/security/radius/radius-auth.html
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Remote-Access Security
Question #183 of 200
Question ID: 1289162
You have been hired as a consultant for the medium-sized business. As part of your duties, you need to make recommendations
on changes to the network. You decide that you want to install agents on the network devices to monitor network traffic and record
the behavior of network components. You will then use the statistical data that is gathered to make your recommendations. Which
standard should you deploy?
A) SMTP
B) SNMP
C) Token Ring
D) X.25
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
192/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Simple Network Management Protocol (SNMP) is a protocol that governs network management. The protocol reports on whether a
device is functioning properly.
Network management systems based upon SNMP contain two primary elements: a manager and agents. The manager is the
console through which a network administrator performs network management functions. Agents are the entities that interface to
the actual devices being managed. You would use an SNMP agent to monitor remote traffic through an access point. SNMP can
monitor almost any type of network device, such as hubs, servers, interface cards, repeaters, and bridges. Threshold alarms can
be set for all the parameters that the agent can monitor.
X.25 is a WAN protocol that is used to create a continuous link between two offices. It employs switches, routes, and circuits to
produce the best route to transfer data at any given time.
Simple Mail Transport Protocol (SMTP) is an application protocol, so it operates at the top layer of the OSI model. SMTP is the
default protocol for sending e-mail in Microsoft operating systems. POP3 and IMAP are the most popular protocols for receiving email protocols. SMTP provides client and server functions and works with the Internet and UNIX. It is used to send and receive
messages.
Token Ring networks follow the standards set forth in the IEEE 802.5 specification.
SNMP has three versions: version 1, 2, and 3. SNMPv1 is widely used and is the de facto network-management protocol. SNMP is
a simple request/response protocol. The network-management system issues a request, and managed devices return responses.
This behavior is implemented by using one of four protocol operations: Get, GetNext, Set, and Trap. SNMPv1 used only one form
of security, community names. Community names are similar to passwords. The main problems in version 1 are 1) the
authentication of the message source, 2) protecting the messages from disclosure, and 3) placing access controls on the
Management Interface Base database.
SNMP v2 adds and enhances some protocol operations. SNMPv2 defines two new protocol operations: GetBulk and Inform.
SNMP v2 also offered improved security. With SNMP v2, everything in the packet except for the destination address is
encryptedSNMP v3 provides additional security and administrative capabilities. SNMPv3 provides three levels of security. The
highest level is with authentication and privacy, the middle level is with authentication and no privacy, and the bottom level is
without authentication or privacy. SNMP v3 is the best tool to use if you need to examine interface settings throughout various
network devices in a secure manner.
Objective:
Network Operations
Sub-Objective:
Explain common scanning, monitoring and patching processes and summarize their expected outputs.
References:
What is SNMP?, http://www.tech-faq.com/snmp.shtml Comparison of SNMP v1, v2, and v3,
http://www.linuxsecurity.com/content/view/122997/169/
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Monitoring Resources and Reports
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
193/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #184 of 200
Question ID: 1289074
If your IPv6 host uses IPv6 Stateless Address Autoconfiguration, how does it install a default IPv6 route?
A) Tunneling
B) Router advertisement
C) Dual stack
D) Broadcasting
Explanation
IPv6 hosts use router advertisement to install a default IPv6 route when the hosts use IPv6 Stateless Address Autoconfiguration.
When a device that uses both IPv4 and IPv6 joins a network, it sends a router solicitation (RS) message using ICMP to contact the
local IPv6-capable router on the network. The local router is tuned into the all-router’s multicast group address, which is ff02::2,
and will receive the RS message. The router immediately answers with a routing advertisement (RA) message using ICMP to the
all nodes on the network. This uses the all nodes multicast group address, which is ff02::1. The router also sends the RA
messages periodically (to keep the nodes informed of any changes to the addressing information for the LAN.
Dual stack configurations are networks that run IPv4 and IPv6 simultaneously. When IPv6 is available, it becomes the primary
protocol. Dual stack configuration is not a method of installing an IPv6 route.
Tunneling allows you to transmit IPv6 traffic on an IPv4 network. The IPv6 traffic is encapsulated within an IPv4 packet. It is not an
IPv6 addressing protocol.
Broadcasting has been eliminated in IPv6 in favor of multicast.
Objective:
Networking Concepts
Sub-Objective:
Explain the concepts and characteristics of routing and switching.
References:
IPv6 Router Lifetime in Router Advertisements, https://support.symantec.com/en_US/article.TECH244214.html
Question #185 of 200
Question ID: 1289198
You need to deploy 802.1x authentication that supports client-side digital certificates for authentication with access points. Which
technology should you deploy?
A) EAP-TLS
B) WEP
C) EAP-PEAP
D) Cisco LEAP
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
194/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Extensible Authentication Protocol with Transport Layer Security (EAP-TLS) authentication supports client-side digital certificates
for authentication with access points. You can configure Cisco Aironet wireless clients with digital certificates for authentication with
EAP-TLS authentication. The Cisco EAP-TLS authentication type can be configured on wireless clients that run Windows. If the
wireless clients are working with other operating systems, a third-party software package must be installed to support EAP-TLS
authentication. The EAP-TLS authentication type operates with a dynamic session-based WEP key. The dynamic session-based
WEP key encrypts data with the key that is generated from the RADIUS authentication server or the client adapter. EAP-TLS uses
Public Key Infrastructure (PKI) for encryption of data over the RF channel. You integrate the EAP-TLS authentication type with the
use of Lightweight Directory Access Protocol (LDAP) for server-based authentication.
WEP authentication does not work with client-side digital certificates. In WEP authentication, the client must be authenticated
using the WEP key.
EAP-PEAP authentication does not work with wireless access points. EAP-PEAP works with RADIUS servers.
Cisco LEAP authentication does not work with client-side digital certificates. Both sides of the communication using Cisco LEAP
share a per-session, per-user encryption key, not a digital certificate.
For the Network+ exam, you also need to understand Extensible Authentication Protocol - Flexible Authentication via Secure
Tunneling (EAP-FAST) and Protected Extensible Authentication Protocol (PEAP). PEAP will form an encrypted TLS tunnel using a
certificate on the server. After the tunnel has been formed, PEAP will authenticate the client using EAP within the outer tunnel.
EAP-FAST is Cisco’s alternative to PEAP.
Objective:
Network Security
Sub-Objective:
Given a scenario, secure a basic wireless network.
References:
802.1x Offers Authentication and Key Management > 802.1x not the whole solution, http://www.wifiplanet.com/tutorials/article.php/1041171
Wireless Security, http://www.ciscopress.com/articles/article.asp?p=177383&seqNum=6
Question #186 of 200
Question ID: 1123575
You have been hired as a network technician. As part of your technician's kit, you have been issued a basic digital multimeter with
no extra probes. What is the primary function of this device?
A) connects RJ-45 jacks to an Ethernet cable
B) measures the temperature of a chip on motherboard
C) measures the light signal energy
D) tests voltage
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
195/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
A digital multimeter is a tool that can test voltage. For example, you can use a digital multimeter to test the voltage output of a
power supply or to test for breakage in a telephone or Ethernet cable. To use a digital multimeter to measure light signals or
temperatures, you will need a light signal probe or temperature probe.
A wire crimper is used to connect an RJ-45 connector to an Ethernet cable. An optical tester tool measures the amount of light
signal energy being emitted from an optical cable. It is similar to a cable tester that is used for twisted-pair cable. This can also be
referred to as a light meter.
A digital infrared thermometer measures the temperature of a chip or motherboard system chassis.
A punchdown tool is used to attach network wires to a punchdown block. A loopback adapter is used to test the functionality of a
network port.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, use the appropriate tool.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #187 of 200
Question ID: 1289264
Technicians have recently reported to you that the type of lighting in your company’s building can affect the network
communication. Which of the following statements is TRUE?
A) Incandescent bulbs emit high frequency electromagnetic waves that can resonate with
100 Mbps transmissions, causing them to amplify beyond the capacity of the media.
B) The outer jacket of UTP and STP cable deteriorates when exposed to some types of
fluorescent lighting.
C) Halogen lights emit a full spectrum of light that can interfere with fiber-optic
transmissions.
D) Fluorescent lighting fixtures emit high levels of EMI.
Explanation
Fluorescent light fixtures emit high levels of electromagnetic interference (EMI). EMI is essentially noise that is picked up on the
network cable. EMI from fluorescent lights can corrupt data; therefore, you should consider your choice of network cable carefully if
you must place the cable near fluorescent lights. Halogen lights and incandescent bulbs do not interfere with fiber-optic
transmissions. UTP and STP cable does NOT deteriorate in the presence of fluorescent lighting. EMI affects cable placement.
Cable placement issues may vary depending on the type of media (twisted pair, coaxial, or fiber) used. You should avoid running
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
196/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
cables near objects that may cause problems with the cabling. You should arrange cables to minimize interference. Ideally,
Ethernet cables should not be placed close to high voltage cables, generators, motors, or radio transmitters. Often using shielded
cabling will prevent this problem. You could also move the interfering device or the cable.
Cross-talk is a specialized type of EMI caused by parallel runs of twisted-pair cables. The only solution to this problem is to change
the path of the cables. Near-end crosstalk (NEXT) measures the ability of the cable to resist crosstalk. Most commercial cabling
will give you the minimum NEXT values that are guaranteed. Far-end crosstalk (FEXT) measures interference between two pairs
of a cable measured at the other end of the cable with respect to the interfering transmitter.
Db loss (attenuation) in cabling occurs because the voltage decays slowly as the current travels the length of the cable. Therefore,
the longer the cable run, the more Db loss occurs. The loss is predictable based on cable length. You should either decrease the
cable length or install repeaters to reduce Db loss. Ensure that your cable runs do not exceed the maximum distance allowed.
Repeaters could also be used to prevent this problem.
Other physical connectivity problems can be caused by bad connectors, bad wiring, open or short circuits, splits in the cable,
incorrect termination, incorrect use of crossover or straight-through cables (Tx/Rx reversal), split pairs in wiring, or SFP/GBIC
(cable or transceiver) module failure.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
Choosing an Optimal Location for Your Data Center: Electromagnetic Interference, http://www.ciscopress.com/articles/article.asp?
p=417091
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #188 of 200
Question ID: 1289297
You are troubleshooting a network problem in which users cannot connect to the Internet. The network diagram is as shown.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
197/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
The activity lights on the hubs' ports connected to the router and the lights on the router's ports connected to the hubs are not lit.
All other lights on both devices are lit. Which component is most likely to have failed?
A) NICs
B) modem
C) hubs
D) router
Explanation
A good troubleshooting step is to shorten the network and isolate the problem. You should first go to the middle of the network,
disconnect the connections to the Internet, and start working backwards from the known good point. If the network operates, you
know the problem is in the part of the network that you disconnected. This process can be repeated until the problem area is
pinpointed. Once the connectivity problem is identified and corrected, re-initiate the devices so that they can update their network
information.
Because the activity lights are not lit on the connection between the router and hub, you can assume that the router is the problem.
The hub is not the problem because the lights on the hub that connect the LAN computers are lit.
Because you can see lights on the modem side of the router, you know the modem is working. If hardware failure occurs, then all
the hosts that connect to the failed device will have issues. Once you isolate which device is having the problem, you should then
troubleshoot that device to determine which hardware within the device has failed. For example, you might trace an issue to the
switch and discover that a single GBIC module has gone bad. In this case, you would simply replace the GBIC module.
Power failure is another common device issue, and can result in routers and switches being reset to the default factory settings. To
prevent this problem, you should attach routers and switches to uninterruptible power supplies. In addition, you should back up the
router and switch configuration to ensure that it can be easily restored if the configuration is reset to the default.
Here are more common router and switch problems and their causes that you will need to be familiar with for the Network+ test:
Switching loop - Because the Layer 2 header does not support a time to live (TTL) value, if a frame is sent into a looped
topology, it can loop forever. You can implement the scanning tree protocol (STP) to prevent this looping.
Port configuration - Each switch port is a single collision domain. If you improperly configure the ports, then communication on
the appropriate domain may not be possible.
VLAN assignment - This problem occurs when configuring the VLAN assignment on a client computer or device. Each VLAN is
a separate collision domain. Make sure that client computers are configured with the appropriate VLAN to ensure that they can
communicate within the collision domain.
Bad/missing routes - This problem will cause routers to incorrectly forward packets. If bad routes are configured, the bad
routes should either be reconfigured or deleted. Missing routes should be added. This is more of a problem on statically
configured routers.
Misconfigured DNS - If the wrong DNS information in configured, devices are unable to resolve a DNS name properly. The
device or host will need to be reconfigured with the correct DNS information. For example, if an MX record is entered
incorrectly, devices will be unable to access the mail server.
Misconfigured DHCP - If the DHCP server in configured incorrectly, hosts will be obtaining incorrect IP information from this
server. This could include incorrect IP address, subnet mask, default gateway, and even DNS server information. While a
DHCP server makes it much easier to configure client's with their IP configuration information, a misconfigured component
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
198/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
within the DHCP lease can cause communication problems from all DHCP clients. Also keep in mind that rogue DHCP
servers, which are unauthorized DHCP servers, can also cause problems. If you suspect that there is an unauthorized DHCP
server on the network, you will need to establish a plan to locate the rogue DHCP server.
Cable placement - Cable placement issues vary depending on the type of media (twisted pair, coaxial, or fiber) used. You
should avoid running cables near objects that may cause problems with the cabling.
Simultaneous wired/wireless connections - Some organizations have both wired and wireless networks in use. Client
computers, though, should connect to only one of these types of networks. If you want to use a wired connection, you should
plug into that network. If a wireless network is in range, your computer may attempt to connect to the wireless network as well
if you have enabled the connect automatically feature.
Discovering neighboring devices/nodes - Most devices have the ability to discover neighboring devices or nodes by using the
appropriate routing protocol. It may be necessary to enable multiple routing protocols based on the types of devices to which
you must connect.
NIC teaming misconfiguration - Also known as load balancing and failover (LBFO), NIC teaming allows multiple network
interface cards (NICs) in the same computer to be placed into a team for bandwidth aggregation and traffic failover to prevent
connectivity loss in the event of a network component failure.
Active-active versus active-passive - In an active-active NIC team, both NICs work together managing network traffic. In an
active-passive NIC team, one NIC is the primary NIC. The other NIC is only brought over in a failover situation when the
primary NIC is down.
Multicast versus broadcast - Multicast enables a single device to communicate with multiple hosts. Broadcast occurs when
a single device communicates with a single host.
Other issues you should consider are bad cables, bad modules, improper cable selection, interface errors, incorrectly configured
interfaces, incorrectly configured subnet masks or gateways, and duplicate IP addresses.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common network service issues.
References:
Chapter 13: Network Troubleshooting, http://www.cisco.com/en/US/docs/voice_ip_comm/bts/5.0/troubleshooting/guide/13tg01.html
CompTIA Network+ N10-007 Cert Guide, Chapter 14: Network Troubleshooting
Question #189 of 200
Question ID: 1289219
Which one of the following mitigation techniques reduces the attack profile of a device or network?
A) Role separation
B) Honeypot
C) File integrity monitoring
D) Penetration testing
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
199/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
Role separation involves dividing server duties amongst two or more servers to reduce an attack profile. For example, if a server
running the Active Directory, DNS, and DHCP roles went down, all those services would be unavailable. If, on the other hand,
Server A hosted Active Directory, Server B hosted DNS, and Server C hosted DHCP, an attack that brought Server B down would
not affect the other services. Because fewer services are hosted on a single device or network, there are fewer services to attack.
Attack profiles are also referred to as attack surfaces. Other ways to reduce the attack surface include disabling scripting types,
closing unneeded ports, and turning off unneeded virtual servers.
Penetration testing is using hacking methodologies and tools to test the security of a client’s network on behalf of the client.
Penetration testing can also be provided by in-house experts. Penetration testing does not affect an attack profile.
File integrity monitoring helps to identify unauthorized changes to files. The monitoring process looks at such events as if or when
a file was changed, who made the change, the nature of the change and what can be done to restore the file to the pre-change
state. File integrity monitoring does not affect an attack profile.
Honeypots and honeynets are closely related concepts. A honeypot is a file or object on a network designed to lure in a hacker,
often to divert attention from other resources. An example would be a directory called “Passwords” containing useless passwords.
The hacker would spend a lot of time on unsuccessful login attempts. A honeynet is a network of honeypots. Honeypots and
honeynets increase the attack surface by providing false targets for an attacker.
Objective:
Network Security
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
Best Practices for Securing Site Systems, https://technet.microsoft.com/en-us/library/bb694127.aspx
Question #190 of 200
Question ID: 1289260
You are troubleshooting a connectivity problem on an Ethernet network that contains both NetWare and Windows servers. A
Windows 7 client cannot connect to the Internet or any network resources. However, other computers on the same subnet as the
client can access network resources and the Internet. You issue the ipconfig command at the workstation and find that the IP
address is 169.254.184.25 and the subnet mask is 255.255.0.0. This IP network and subnet are different from the IP network and
subnet that other computers on the same segment are using. What is the most likely problem?
A) The client obtained the IP address from a NetWare server.
B) The client obtained the IP address from a Windows server.
C) The client selected the IP address using APIPA.
D) The client obtained the IP address from a DHCP server it found on the Internet.
Explanation
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
200/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Automatic Private IP Addressing (APIPA) is a feature of Windows operating systems that enables a system to automatically assign
itself an IP address when a DHCP server is not available. APIPA acts as a DHCP failover mechanism, making support easier for
small local area networks. If APIPA addresses are in use, you should discover why the DHCP server cannot be contacted. The
problem could be with the connection to the DHCP server or with the DHCP server itself.
APIPA uses the Address Resolution Protocol (ARP) to select a unique IP address in the reserved address range of 169.254.0.0 to
169.254.255.255 and a subnet mask of 255.255.0.0 when no DHCP server is available. Once the system has assigned itself an IP
address, it can communicate with other devices on the LAN using TCP/IP, provided the devices are either configured for APIPA or
manually set to the correct address range and a subnet mask.
NetWare and Windows servers do not issue IP addresses to clients unless DHCP services are running on the server. If DCHP
services were running and properly configured on one of the servers, the client would have obtained an IP address in the proper
address range.
It is unlikely that the client obtained the IP address from a DHCP server it found on the Internet because firewalls normally restrict
DHCP requests to the local networks, and because the address is within a reserved IP address range.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wired connectivity and performance issues.
References:
APIPA, http://compnetworking.about.com/cs/protocolsdhcp/g/bldef_apipa.htm
How to use automatic TCP/IP addressing without a DHCP server, http://support.microsoft.com/kb/220874
CompTIA Network+ N10-007 Cert Guide, Chapter 11: Network Management, Maintenance Tools
Question #191 of 200
Question ID: 1289118
Your company wants to upgrade its twisted pair (TP) cable network to handle up to 10 GB data rates over the same distances (up
to 90 meters) from switches to network nodes. Which TP category type must the company deploy to meet its requirements?
A) Cat4
B) Cat6a
C) Cat3
D) Cat6
E) Cat5e
Explanation
The company must deploy Cat6a to meet its requirements. Cat6a, which stands for Category 6 Augmented, makes use of better
conductors and shielding to support the nominal 100 meter (90 meter cable run) distances for data rates up to 10 Gbps. Thus, it is
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
201/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
the only correct answer to the question.
Cat6 cables can support data rates of up to 10 Gbps, but only over nominal cable runs of up to 55 meters. A nominal cable run of
up to 55 meters means physical cable runs of only 45 meters, with the standard holdovers for access to the patch panel on one
end, and the device on the other end. Cat6 cannot accommodate the 10 Gbps data rate over distances of up to 90 physical /100
nominal meters.
Cat5e stands for Category 5 Extended. Cat 5e reflects this modified version of Cat5 cable’s ability to accommodate date rate of up
to 1 Gbps. By contrast, standard Cat5 supports data rates only up to 100 Mbps. Cat5e, while still very popular, cannot
accommodate the 10 Gbps data rate required.
Cat3 cables can deliver data rates up to 10 Mbps over nominal cables runs of up to 100 meters. Cat3 cannot support the required
data rate.
There is no wiring technology referred to as Cat4 cables.
The increasing numbers for the twisted pair cable categories indicate increasing bandwidth handling capabilities and maximum
data rates (aka data transmission speeds) for those types of wiring. Thus, a reasonably knowledgeable networker would be able to
guess that given a requirement for 10 GB data rates in a new deployment, only the highest numbered TP categories – namely
Cat6 and Cat7 – might be able to meet them. In fact, Cat6, Cat6a, and Cat7 all can handle 10 GB data rates, but only Cat6a and
Cat7 can deliver them over wire runs of up to 100 meters. Of those 100 meters, 90 count for the cable run from the patch panel to
the wall jack, plus an additional 5 meters between each jack and its attached device (there are usually two of these, so the longest
cable run must be reduced accordingly).
Cat7 is not offered as an option here, because its ability to deliver 10 Gbps over the required cable run lengths is contingent upon
using all conductors in the Cat7 GigaGate45 (GG45) connectors it uses, which are not backwards compatible with standard RJ-45
connectors for such usage. However, the GG45 conductor works fine at 1 Gbps rates in standard RJ-45 connectors.
Objective:
Infrastructure
Sub-Objective:
Given a scenario, deploy the appropriate cabling solution.
References:
Demystifying Ethernet Types—Difference Between Cat5e, Cat6, and Cat7, https://planetechusa.com/blog/ethernet-differentethernet-categories-cat3-vs-cat5e-vs-cat6-vs-cat6a-vs-cat7-vs-cat8/
Unshielded Twisted Pair (UTP) – CAT 1 to CAT5, 5E, CAT6 & CAT7, http://www.firewall.cx/networking-topics/cabling-utp-fibre/112network-cabling-utp.html
Question #192 of 200
Question ID: 1123409
You have recently been hired as a network administrator. Soon after starting at the new company, you realize that not all
appropriate network documentations has been created. Specifically, you need to set for the network rules, including the who, what,
and when of the rules. Which configuration management documentation should you create?
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
202/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
A) policies
B) baselines
C) procedures
D) regulations
Explanation
Policies set forth the network rules, including the who, what, and when of the rules. Policies tell what the rules are, who is covered
by the rule, and when the rule applies.
Baselines are primarily used to identify performance issues. They are actually performance statistics used for comparative
purposes. By establishing a performance baseline, you can ensure that performance issues are identified much more easily in the
future.
Procedures set forth the steps that must be taken to enforce the policies. Procedures tell how to achieve the desired results.
Regulations are governmental guidelines that are written by federal or state agencies based on the laws passed by federal or state
government. Regulations are established by entities outside the network owner.
Objective:
Network Operations
Sub-Objective:
Given a scenario, use appropriate documentation and diagrams to manage the network.
References:
Difference between policy and procedure, http://www.differencebetween.net/miscellaneous/difference-between-policy-andprocedure/
Question #193 of 200
Question ID: 1289163
You have recently been hired by a small company to assess its network security. You need to determine which TCP/IP ports are
open on the network. Which tool should you use?
A) a wardialer
B) a packet analyzer
C) whois
D) a port scanner
Explanation
You can use a port scanner to determine which Transmission Control Protocol (TCP) ports are open on a private network. A port
scanner is a device that automatically attempts to communicate with different protocols over all ports and records which ports are
open to which protocols. For example, File Transfer Protocol (FTP) generally communicates over port 21. For security reasons,
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
203/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
however, an administrator might close port 21 and map FTP traffic to a different port. By attempting FTP communications over all
ports, a port scanner might allow a hacker to find the open FTP port and bypass the security measure. You can also use stealth
scanning and port scanning to determine which operating systems are being used on a network.
You can use a packet analyzer to capture packets on a network to analyze the types of messages that are being transmitted over
your network. Keep in mind that a packet analyzer will allow you to obtain lots of information about your network, including IP
addresses and MAC addresses. Protocol analyzers can assist in identifying top talkers (sources), top listeners (destinations), and
top protocols in use. A network analyzer is similar to a packet analyzer but gathers overall information about the network, instead
of individual packets. Network analyzers are useful when needing to locate possible outages when trying to reach a cloud-based
system.
You can use wardialing to determine the telephone numbers of the modems on a company network.
Whois can be used to determine information about a Domain Name Service (DNS) domain, such as contact information for domain
administrators and the DNS name servers that are used to resolve a domain name to an Internet Protocol (IP) address.
Other tools that you need to be familiar with for the Network+ exam include:
Interface monitoring tools - monitors interfaces on switches, routers, or other network devices to obtain statistics.
Packet flow monitoring tools - monitors the flow of traffic to help you determine the types of traffic that are being transmitted
over your network. This tool is particularly useful in helping you to determine when to isolate certain devices and computers on
a separate network or virtual LAN (VLAN).
Security Information and Event Management (SIEM) - provides real-time analysis of security alerts generated by network
hardware and applications. It is a software tool, an appliance, or a managed service. It allows a company to aggregate its
security logs to make analysis easier.
Environmental monitoring tools - includes tools that are used to monitor temperature and humidity. These can be used in data
centers or manufacturing facilities to maintain a certain temperature and humidity level for proper operation of machinery or
computers. Facilities managers are most often responsible for operating and managing these tools.
Power monitoring tools - monitors the power that is supplied. These tools can monitor an entire facility, an individual room or
data center, or even an individual device. They can even be configured to trigger a backup generator or power supply in the
event that a blackout or brownout occurs.
Wireless survey tools - provides analysis of what radio frequency is currently in use. They can also identify wireless channels
in use. These tools are used to carry out war-dialing attacks. These tools perform site surveys.
Wireless analyzers - identifies wireless problems, including signal loss, overlapping channels, unacceptable signal to noise
ratios, rogue APs, and power levels.
Objective:
Network Operations
Sub-Objective:
Explain common scanning, monitoring and patching processes and summarize their expected outputs.
References:
Introduction to Port Scanning, http://netsecurity.about.com/cs/hackertools/a/aa121303.htm
Penetration Testing and Network Defense: Performing Host Reconnaissance, http://www.ciscopress.com/articles/article.asp?
p=469623&seqNum=3
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
204/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #194 of 200
Question ID: 1289087
You need to assign a virtual IP address to an Internet server. What are valid reasons for doing so? (Choose all that apply.)
A) To permit multiple servers to share the same address
B) To provide a generic address for immediate access
C) To permit the same address to access multiple domain names
D) To permit a single network interface to service multiple incoming service requests
E) To eliminate host dependencies on specific, individual network interfaces
Explanation
Usually abbreviated VIPA, a virtual IP address is a single IP address that may be shared among multiple domain names or
servers. By assigning a virtual IP address to a host, it no longer needs to depend on specific individual network interfaces.
Incoming packets target the host’s VIPA, but all are routed through to actual, specific network interfaces. VIPA thus helps to
provide load balancing for incoming traffic, where switches or routers behind the scenes can distribute them evenly among a pool
of available network interfaces.
Although a VIPA does provide a kind of generic address for multiple domain names or servers, it does not guarantee immediate
access. Access will always depend on queue depth and latency of the receiving switch or router that handles and forwards
incoming service requests.
A VIPA does not permit a single network interface to service multiple incoming service requests. A single network interface can
only service one incoming service request at a time. The VIPA allows a device to hand off incoming service requests quickly to
multiple network interfaces, thereby giving the appearance of multiplicity, but this does NOT mean a single network interface can
handle more than one incoming request at a time. Fast serialization is not equivalent to parallel processing.
A primary advantage of VIPA is to eliminate host dependencies on specific, individual network interfaces.
Objective:
Networking Concepts
Sub-Objective:
Given a scenario, configure the appropriate IP addressing components.
References:
Virtual IP address, http://tools.ietf.org/html/rfc2373#section-2.5.1
Virtual IP address, https://www.pcmag.com/encyclopedia/term/53922/virtual-ip-address
Question #195 of 200
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
Question ID: 1289277
205/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
You have discovered that hackers are gaining access to your WEP wireless network. After researching, you discover that the
hackers are using war-driving methods. You need to protect against this type of attack.
What should you do? (Choose all that apply.)
A) Disable SSID broadcast.
B) Configure the network to use authenticated access only.
C) Change the default SSID.
D) Configure the WEP protocol to use a 128-bit key.
Explanation
You should complete the following steps to protect against war-driving attacks:
Change the default SSID.
Disable SSID broadcast.
Configure the network to use authenticated access only.
You should not configure the WEP protocol to use a 128-bit key. In recent years, WEP has been proven to be an ineffective
security protocol for wireless networks, regardless of whether you use low or high encryption. It is a protocol that is very easy to
crack using a brute force attack.
Some other suggested steps include the following:
Implement Wi-Fi Protected Access (WPA) or WPA2 instead of WEP.
Reduce the access point's signal strength.
Use MAC filtering.
War driving is a method of discovering 802.11 wireless networks by driving around and looking for open wireless networks.
NetStumbler is a common war-driving tool.
For the Network+ exam, you need to understand the following wireless security concepts and how to harden the wireless network:
WEP, WPA/WPA2, TKIP, AES, 802.1x, TLS/TTLS, and MAC filtering.
WEP - You should avoid this protocol because it is easy to crack. Instead you should use WPA or WPA2. WEP uses a 64-bit
(low encryption mode) or 128-bit (high encryption mode) key.
WPA/WPA2 - WPA uses Temporal Key Integrity Protocol (TKIP) while WPA2 is capable of using TKIP or the more Advanced
Encryption Standard (AES) algorithm. WPA was created as a more secure alternative to WEP. WPA2 is stronger than WPA but
requires more processing power. Use WPA2 if all the devices are capable of it because it provides the maximum protection.
The only time that using WPA would be sufficient is when your access point or other devices are not capable of supporting
WPA2.
Enterprise - This version of WPA2 uses security certificates and requires the use of a Remote Authentication Dial-In User
Service (RADIUS) authentication server.
Personal - This version of WPA2 provides adequate protection for a small office or home network.
802.1x is an authentication method that can be used on both wired and wireless LANS. An 802.1x client attaches to an 802.1x
supplicant (a wireless router or switch), which then forwards the request to an authenticator (a RADIUS server). Transport Layer
Security (TLS) and Tunneled Transport Layer Security (TTLS) can be implemented with EAP. TLS requires a client certificate,
while TTLS does not. TTLS uses a tunnel to connect the server to the client.MAC filtering allows or denies a wireless connection
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
206/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
based on the client's Media Access Control (MAC) address. The most popular form of MAC filtering will only allow connections to
devices that are contained in the list. In this case, you must add any new devices specifically to the MAC filter list on the access
point to allow the devices to connect. In contrast, you can configure a deny list, which specifically denies connections to devices
with the MAC addresses listed. This form of MAC filtering is not used as much.
Let's look at an example regarding MAC filtering. Suppose encrypted wireless access points are used at a retail location for
inventory and price verification. If the retail location is located in a mall, unauthorized access to the wireless network could be a
constant problem. If a finite known number of approved mobile devices are allowed to access the store's wireless network, the best
security method to implements on the access points would be MAC filtering whereby only those specifically allowed devices would
be able to connect.
Objective:
Network Troubleshooting and Tools
Sub-Objective:
Given a scenario, troubleshoot common wireless connectivity and performance issues.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 8: Wireless Technologies, Securing Wireless LANs
Question #196 of 200
Question ID: 1289054
You administer your company's network, which is connected to the Internet. A firewall is configured between the company network
and the Internet. You want to prevent users on the Internet from using HTTP to connect to computers on the company network.
Which well-known TCP port should you block to prevent Internet users from entering the company's network on that port?
A) 80
B) 21
C) 23
D) 119
Explanation
You should configure the firewall to block access to Transmission Control Protocol (TCP) port 80 in order to prevent Internet users
from using HTTP to enter the company's network on that port. Because TCP port 80 is the well-known port number that is
assigned to Hypertext Transfer Protocol (HTTP), configuring the firewall to block transmissions through port 80 will prevent HTTP
communications from entering the network.
Although well-known ports have been established as the standard ports for certain protocols, a protocol does not have to use the
well-known port. For example, HTTP is often reconfigured to use port 8080.
File Transfer Protocol (FTP) uses two TCP ports: port 20, which is used for data transmissions, and port 21, which is used for
control information. If you block port 21, then FTP control information cannot be transferred to the network.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
207/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
If you block port 23, then Internet users will not be able to connect to computers on the company's network by using the Telnet
protocol.
Network News Transfer Protocol (NNTP), which uses port 119, is the protocol in the TCP/IP protocol suite that enables the transfer
of network news files between network news clients and network news servers. If you block port 119, then users on the Internet will
not be able to use NNTP to connect to servers on the company's network.
Protocols can use either User Datagram (UDP) or TCP to communicate. UDP is connectionless, while TCP is connection-oriented.
For the Network+ exam, you need to know the following protocols and their default ports:
FTP – 20, 21
SSH, SFTP – 22
TELNET – 23
SMTP – 25
DNS – 53
DHCP – 67, 68
TFTP – 69
HTTP – 80
POP3 – 110
NTP – 123
NetBIOS – 137–139
IMAP – 143
SNMP – 161
LDAP – 389
HTTPS – 443
SMB – 445
LDAPS – 636
H.323 – 1720
MGCP – 2427/2727
RDP – 3389
RTP – 5004/5005
SIP – 5060/5061
Objective:
Networking Concepts
Sub-Objective:
Explain the purposes and uses of ports and protocols.
References:
CompTIA Network+ N10-007 Cert Guide, Chapter 2: The OSI Reference Model, Table 2-1 Application Layer Protocols/Applications
What is port 80?, http://searchnetworking.techtarget.com/sDefinition/0,,sid7_gci212808,00.html
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
208/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Question #197 of 200
Question ID: 1123380
Your company has implemented a firewall that only examines the packet header information. Of which type of firewall is this an
example?
A) kernel proxy firewall
B) stateful firewall
C) packet-filtering firewall
D) application-level proxy firewall
Explanation
A packet-filtering firewall only examines the packet header information.
A stateful firewall usually examines all layers of the packet to compile all the information for the state table. A kernel proxy firewall
examines every layer of the packet, including the data payload. An application-level proxy firewall examines the entire packet.
Packet-filtering firewalls are based on access control lists (ACLs). They are application independent and operate at the Network
layer of the OSI model. They cannot keep track of the state of the connection.
A packet-filtering firewall only looks at a data packet to obtain the source and destination addresses and the protocol and port
used. This information is then compared to the configured packet-filtering rules to decide if the packet will be dropped or forwarded
to its destination. When implemented on a firewall, port security specifically allows or denies traffic based on which port is being
used.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes and use cases for advanced networking devices.
References:
Firewall, http://www.topbits.com/firewall.html
CompTIA Network+ N10-007 Cert Guide, Chapter 12: Network Security, Firewalls
Question #198 of 200
Question ID: 1123390
Which of these provides the communication framework for data transfer in a storage area network (SAN) while minimizing costs?
A) FCoE
B) Load balancer
C) InfiniBand
D) iSCSI
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
209/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Explanation
The Internet Small Computer Systems Interface (iSCSI) protocol is used in storage area networks (SANs), local area networks
(LANs), wide area networks (WANs), and the Internet. It provides the communication framework, allowing SCSI commands to
transmit over an IP network.
Fiber Channel over Ethernet (FCoE), as the name implies, deploys Fiber Channel frames in Ethernet networks. By encapsulating
the frames, Fiber Channel can utilize 10Gb Ethernet. FCoE is more expensive than iSCSI.
A load balancer can be used to divert incoming web traffic, based on content, to specific servers. This will reduce the workload on
the primary server. The destination server is determined by data in Transport layer or Application layer protocols. Distribution can
be based on a number of algorithms, such as round robin, weighted round robin, least number of connections, or shortest
response time.
InfiniBand provides high-speed, low latency, communication between CPUs and input/out devices. InfiniBand allows for 2.5 Gb/s
and supports up to 64,000 addressable devices.
Objective:
Infrastructure
Sub-Objective:
Explain the purposes of virtualization and network storage technologies.
References:
iSCSI and FCoE: A Comparison, https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-seriesswitches/white_paper_c11-495142.html
Question #199 of 200
Question ID: 1123522
Which of the following systems would be best isolated on a separate network segment?
A) Kerberos
B) VoIP
C) RADIUS
D) legacy systems
Explanation
Legacy systems would be best isolated on a separate network segment. Network segmentation limits the exposure of these
systems and reduces the attack surface by limiting it to only specific groups of users. In addition, you could configure the legacy
systems so that they can only be accessed remotely using secure shell (SSH) or some other secure remote access technology.
It is not necessary to isolate any of the other listed systems on a separate network. Kerberos, Remote Authentication Dial-In User
Service (RADIUS), and Voice over Internet Protocol (VoIP) are designed to be implemented on corporate networks without
segmenting them from regular network traffic.
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
210/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Objective:
Network Security
Sub-Objective:
Explain common mitigation techniques and their purposes.
References:
Network Segmentation Solution Brief, https://www.paloaltonetworks.de/content/dam/paloaltonetworks-com/en_US/assets/pdf/techbriefs/network-segmentation-solution-brief.pdf
Question #200 of 200
Question ID: 1289182
Which of the following computing technologies is most likely to fall under the U.S. government's export administration regulations
designed to protect the sale or transfer of commodities, technology, information, or software considered of strategic importance to
the U.S.?
A) Web page design tools
B) Encryption tools
C) File compression techniques
D) Deduplication software
Explanation
Encryption tools are most likely to fall under the U.S. government’s export administration regulations. Since the days of the Cold
War, the US and western powers established a variety of export control regulations to keep cryptography out of the hands of the
Soviet bloc countries. To this day, the US Commerce department maintains restrictions on cryptographic methods for applying
security to data communications or storage, proofs of identity, or public/private key management and exchange.
Web page design tools do not embed, include or make use of encryption technologies. They use commercially available options
that are already regulated. Web page design tools are not subject to export administration regulations from the U.S. government.
File compression tools are only used to make the size of files needing to be transmitted or stored. They are not subject to export
administration regulations from the U.S. government.
Deduplication software prevents the duplication of software. It is not subject to export administration regulations from the U.S.
government.
Objective:
Network Operations
Sub-Objective:
Identify policies and best practices.
References:
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
211/212
4/18/22, 4:08 PM
N10-007 Exam Simulation
Encryption and Export Administration Regulations (EAR) https://www.bis.doc.gov/index.php/policy-guidance/encryption
Crytography Export Restrictions https://technet.microsoft.com/en-us/library/cc962022.aspx
CompTIA Network+ N10-007 Cert Guide, Chapter 13: Network Policies and Best Practices, Best Practices
https://www.knowledgehub.com/education/test/print/61961273?testId=205855659
212/212
Related documents
Activity 2
Activity 2
fifth generation
fifth generation
Untitled document
Untitled document
Cylo
Cylo
isitvivid
isitvivid
Chapter 10
Chapter 10
Download
advertisement