Q: SIMULATION A network technician needs to resolve some issues with a customer's SOHO network. The customer reports that some of the PCs are not connecting to the network, while others appear to be working as intended. INSTRUCTIONS Troubleshoot all the network components. Review the cable test results first, then diagnose by clicking on the appropriate PC, server, and Layer 2 switch. Identify any components with a problem and recommend a solution to correct each problem. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_60_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_61_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_62_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_63_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_64_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_65_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_66_img_1.jpg

PC2 IDENTIFIED PROBLEM: OPEN/SHORT RECOMMENDED SOLUTION: REPLACE THE PATCH CABLE. PC4 IDENTIFIED PROBLEM: INCORRECT VLAN ASSIGNMENT RECOMMENDED SOLUTION: CHANGE VLAN TO 10 PC5 IDENTIFIED PROBLEM: INCORRECT PIN-OUT RECOMMENDED SOLUTION: REPLACE THE PATCH CABLE. Explanation: The cable test for PC2 indicates an open circuit on pin 3. This means there is a break in the physical continuity of that specific wire within the cable or a bad connection at the connector. An open circuit prevents the electrical signals from traversing the full length of the wire, leading to a complete loss of connectivity. Replacing the faulty patch cable with a known good one is the most direct solution. The test result for PC4 shows it is assigned to VLAN 11 , while all other devices intended for communication on that subnet are on VLAN 10 . Virtual LANs (VLANs) segment a physical network into separate logical broadcast domains. Devices in different VLANs cannot communicate directly at Layer 2. To resolve this logical connectivity issue, the switch port connected to PC4 must be reconfigured from VLAN 11 to VLAN 10. The cable test for PC5 reveals a miswired cable with an incorrect pin-out. The diagram shows that the wire pairs are not mapped correctly according to the T568A or T568B wiring standards (e.g., it appears to have split pairs). This physical layer fault disrupts the differential signaling used by Ethernet, leading to excessive crosstalk and preventing a stable network link, especially at Gigabit speeds. The cable must be re-terminated correctly or, more simply, replaced.

Q: SIMULATION A network administrator has been tasked with configuring a network for a new corporate office. The office consists of two buildings, separated by 50 feet with no physical connectivity. The configuration must meet the following requirements: . Devices in both buildings should be able to access the Internet. . Security insists that all Internet traffic be inspected before entering the network. . Desktops should not see traffic destined for other devices. INSTRUCTIONS Select the appropriate network device for each location. If applicable, click on the magnifying glass next to any device which may require configuration updates and make any necessary changes. Not all devices will be used, but all locations should be filled. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_188_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_189_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_190_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_191_img_1.jpg

THE NETWORK SHOULD BE CONFIGURED AS FOLLOWS: TOP BOX (INTERNET ENTRY): FIREWALL SECOND BOX (CORE DISTRIBUTION): ROUTER THIRD BOX (BUILDING A LAN): SWITCH FOURTH BOX (LINK FROM A TO B): WAP FIFTH BOX (BUILDING B LAN): WIRELESS RANGE EXTENDER THE FOLLOWING CONFIGURATION CHANGE MUST BE MADE: ON THE WIRELESS RANGE EXTENDER , THE KEY OR PASSPHRASE MUST BE CHANGED FROM N@EN71$90*HA TO S3CRETKEY! TO MATCH THE WAP'S PASSPHRASE. Explanation: A Firewall is required at the network edge to inspect all incoming Internet traffic, satisfying the security requirement. A Router is then used to handle traffic between the internal network and the firewall. Inside Building A, a Switch is the appropriate device to connect desktops. Unlike a hub, a switch intelligently forwards traffic only to the specific destination port, preventing other devices on the network from seeing that traffic. To connect Building B wirelessly, a Wireless Access Point (WAP) is placed in Building A. A Wireless range extender in Building B receives this signal and provides access to local wireless devices. For the extender to connect to the WAP, the SSID, security mode, and security key must match. The simulation shows a mismatched Key or Passphrase , which must be corrected.

Question 1

A network technician is troubleshooting network latency and has determined the issue to be
occuring two network switches( Switch10 and Switch11). Symptoms reported included poor video
performance and slow file copying. Given the following informtion:
Network+ N10-009 practice exam questions

Network+ N10-009 practice exam questions

Which of the following should the technician most likely do to resolve the issue?

Accepted Answer

B

Explanation: The provided command output shows a Maximum Transmission Unit (MTU) mismatch between the two switches. Switch10 is configured with an MTU of 9000 bytes (for jumbo frames), while Switch11 is configured with a standard MTU of 1500 bytes. When Switch10 sends a frame larger than 1500 bytes, Switch11's interface correctly identifies it as a "giant" frame and discards it, incrementing the "Input errors" and "Giants" counters. This packet loss forces retransmissions at the transport layer, causing the observed latency, poor video performance, and slow file transfers. Modifying Switch10's MTU to 1500 will align the settings and resolve the issue.

Question 2

A network administrator is notified that a user cannot access resources on the network. The network
administrator checks the physical connections to the workstation labeled User 3 and sees the
Ethernet is properly connected. However, the network interface’s indicator lights are not blinking on
either the computer or the switch. Which of the following Is the most likely cause?

Accepted Answer

C

Explanation: The absence of indicator lights (link/activity lights) on both the network interface card (NIC) and the switch port signifies a problem at the Physical Layer (Layer 1) of the OSI model. This means no electrical signal is being successfully negotiated between the two devices. While a faulty cable or hardware could be the cause, an administratively shut down port is a very common and likely reason. When a network administrator disables a port on a managed switch (e.g., using a shutdown command), the port stops transmitting or receiving data, and the physical link is severed, causing the indicator lights to go out.

Question 3

A network technician needs to install patch cords from the UTP patch panel to the access switch for a
newly occupied set of offices. The patch panel is not labeled for easy jack identification. Which of the
following tools provides the easiest way to identify the appropriate patch panel port?

Accepted Answer

A

Explanation: A toner, which consists of a tone generator and an inductive probe, is the most efficient tool for this task. The tone generator is connected to the network jack in the office, sending an electrical signal through the U-T-P cable. The technician then uses the probe at the patch panel. By sweeping the probe across the ports, it will emit an audible tone when it detects the signal from the generator, thus quickly and easily identifying the correct port without needing to physically plug into each one. This process is known as "toning out" a cable and is the standard industry practice for tracing unlabeled wires.

Question 4

SIMULATION A network technician needs to resolve some issues with a customer's SOHO network. The customer reports that some of the PCs are not connecting to the network, while others appear to be working as intended. INSTRUCTIONS Troubleshoot all the network components. Review the cable test results first, then diagnose by clicking on the appropriate PC, server, and Layer 2 switch. Identify any components with a problem and recommend a solution to correct each problem. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_60_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_61_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_62_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_63_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_64_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_65_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_66_img_1.jpg

Accepted Answer

PC2

IDENTIFIED PROBLEM: OPEN/SHORT

RECOMMENDED SOLUTION: REPLACE THE PATCH CABLE.

PC4

IDENTIFIED PROBLEM: INCORRECT VLAN ASSIGNMENT

RECOMMENDED SOLUTION: CHANGE VLAN TO 10

PC5

IDENTIFIED PROBLEM: INCORRECT PIN-OUT

RECOMMENDED SOLUTION: REPLACE THE PATCH CABLE.

Explanation: The cable test for PC2 indicates an open circuit on pin 3. This means there is a break in the physical continuity of that specific wire within the cable or a bad connection at the connector. An open circuit prevents the electrical signals from traversing the full length of the wire, leading to a complete loss of connectivity. Replacing the faulty patch cable with a known good one is the most direct solution. The test result for PC4 shows it is assigned to VLAN 11 , while all other devices intended for communication on that subnet are on VLAN 10 . Virtual LANs (VLANs) segment a physical network into separate logical broadcast domains. Devices in different VLANs cannot communicate directly at Layer 2. To resolve this logical connectivity issue, the switch port connected to PC4 must be reconfigured from VLAN 11 to VLAN 10. The cable test for PC5 reveals a miswired cable with an incorrect pin-out. The diagram shows that the wire pairs are not mapped correctly according to the T568A or T568B wiring standards (e.g., it appears to have split pairs). This physical layer fault disrupts the differential signaling used by Ethernet, leading to excessive crosstalk and preventing a stable network link, especially at Gigabit speeds. The cable must be re-terminated correctly or, more simply, replaced.

Question 5

SIMULATION A network administrator has been tasked with configuring a network for a new corporate office. The office consists of two buildings, separated by 50 feet with no physical connectivity. The configuration must meet the following requirements: . Devices in both buildings should be able to access the Internet. . Security insists that all Internet traffic be inspected before entering the network. . Desktops should not see traffic destined for other devices. INSTRUCTIONS Select the appropriate network device for each location. If applicable, click on the magnifying glass next to any device which may require configuration updates and make any necessary changes. Not all devices will be used, but all locations should be filled. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_188_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_189_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_190_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_191_img_1.jpg

Accepted Answer

THE NETWORK SHOULD BE CONFIGURED AS FOLLOWS:

TOP BOX (INTERNET ENTRY): FIREWALL
SECOND BOX (CORE DISTRIBUTION): ROUTER
THIRD BOX (BUILDING A LAN): SWITCH
FOURTH BOX (LINK FROM A TO B): WAP
FIFTH BOX (BUILDING B LAN): WIRELESS RANGE EXTENDER

THE FOLLOWING CONFIGURATION CHANGE MUST BE MADE:

ON THE WIRELESS RANGE EXTENDER, THE KEY OR PASSPHRASE MUST BE CHANGED FROM N@EN71$90*HA TO S3CRETKEY! TO MATCH THE WAP'S PASSPHRASE.

Explanation: A Firewall is required at the network edge to inspect all incoming Internet traffic, satisfying the security requirement. A Router is then used to handle traffic between the internal network and the firewall. Inside Building A, a Switch is the appropriate device to connect desktops. Unlike a hub, a switch intelligently forwards traffic only to the specific destination port, preventing other devices on the network from seeing that traffic. To connect Building B wirelessly, a Wireless Access Point (WAP) is placed in Building A. A Wireless range extender in Building B receives this signal and provides access to local wireless devices. For the extender to connect to the WAP, the SSID, security mode, and security key must match. The simulation shows a mismatched Key or Passphrase , which must be corrected.

Question 6

A wireless technician wants to implement a technology that will allow user devices to automatically
navigate to the best available frequency standard. Which of the following technologies should the
technician use?

Accepted Answer

A

Explanation: Band steering is a technology used by dual-band (2.4 GHz and 5 GHz) access points to encourage or force client devices to connect to the less-congested and higher-performance 5 GHz frequency band. The access point identifies dual-band capable clients and actively "steers" them away from the 2.4 GHz band. This automatic process optimizes the wireless experience by balancing the client load and utilizing the best available frequency, which directly addresses the technician's requirement.

Question 7

A network administrator needs to create a way to redirect a network resource that has been on the
local network but is now hosted as a SaaS solution. Which of the following records should be used to
accomplish the task?

Accepted Answer

D

Explanation: A CNAME (Canonical Name) record is a type of DNS record that maps an alias name to a true or canonical domain name. In this scenario, the network resource has moved to a SaaS provider, which will provide a new hostname (e.g., company.saasprovider.com). The administrator can create a CNAME record to point the old, familiar internal hostname (e.g., resource.company.com) to the new SaaS hostname. This acts as a redirection, ensuring that when users try to access the old name, the DNS resolver provides the address of the new SaaS location. This is the standard method for handling such migrations.

Question 8

A company’s Chief Information Security Officer requires that servers and firewalls have accurate
timestamps when creating log files so that security analysts can correlate events during incident
investigations. Which of the following should be implemented?

Accepted Answer

D

Explanation: The Network Time Protocol (NTP) is specifically designed to synchronize the clocks of computer systems over a packet-switched, variable-latency data network. For security incident investigations, having precisely synchronized time across all devices, such as servers and firewalls, is critical. It allows security analysts to accurately correlate log entries from different sources to create a coherent timeline of events. Without synchronized time, determining the correct sequence of actions during an attack becomes extremely difficult, if not impossible.

Question 9

A client wants to increase overall security after a recent breach. Which of the following would be best to implement? (Select two.)

Accepted Answer

A, C

Explanation: Following a security breach, implementing foundational security principles is paramount. The principle of least privilege ensures that users, applications, and systems are granted only the specific access rights and permissions necessary to perform their required tasks. This drastically limits the potential damage an attacker can inflict if they compromise an account. Central policy management allows an organization to define, distribute, and enforce security policies consistently across the entire network from a single point of control. This is critical for rapidly deploying new, stronger security rules and ensuring there are no gaps in coverage, which is a common issue discovered after a breach.

Question 10

SIMULATION You are tasked with verifying the following requirements are met in order to ensure network security. Requirements: Datacenter Ensure network is subnetted to allow all devices to communicate properly while minimizing address space usage Provide a dedicated server to resolve IP addresses and hostnames correctly and handle port 53 traffic Building A Ensure network is subnetted to allow all devices to communicate properly while minimizing address space usage Provide devices to support 5 additional different office users Add an additional mobile user Replace the Telnet server with a more secure solution Screened subnet Ensure network is subnetted to allow all devices to communicate properly while minimizing address space usage Provide a server to handle external 80/443 traffic Provide a server to handle port 20/21 traffic INSTRUCTIONS Drag and drop objects onto the appropriate locations. Objects can be used multiple times and not all placeholders need to be filled. Available objects are located in both the Servers and Devices tabs of the Drag & Drop menu. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_90_img_1.jpg

Accepted Answer

THE COMPLETED NETWORK CONFIGURATION IS AS FOLLOWS:

DATACENTER:
SUBNET: 192.168.11.0/28
ADDED SERVER: DNS SERVER IS PLACED IN ONE OF THE EMPTY SERVER SLOTS. THE SECOND SLOT IS LEFT EMPTY.
BUILDING A:
SUBNET: 10.72.63.0/28
REPLACED SERVER: THE TELNET SERVER IS REPLACED WITH AN SSH SERVER.
ADDED DEVICES: THE SIX DEVICE SLOTS ARE FILLED WITH FIVE WORKSTATIONS AND ONE LAPTOP.
SCREENED SUBNET:
SUBNET: 206.208.134.0/24
ADDED SERVERS: A WEB SERVER AND AN FTP SERVER ARE PLACED IN THE EMPTY SERVER SLOTS. THE THIRD SLOT IS LEFT EMPTY.

Explanation: The configuration is based on fulfilling each area's specific requirements for subnetting, server roles, and device allocation while adhering to security best practices. Subnetting: The DataCenter has 5 existing devices and a new DNS server, plus a gateway, for a total of 7 required IP addresses. The 192.168.11.0/28 subnet, matching the existing switch IP range, provides 14 usable hosts and is the most efficient choice. Building A needs to support 11 hosts (4 existing/replaced devices, 6 new users, 1 gateway). The 10.72.63.0/28 subnet provides 14 usable hosts, matching the switch's IP range and minimizing waste. The Screened Subnet requires at least 5 IPs (1 existing server, 2 new servers, switch, firewall). The 206.208.134.0/30 subnet is too small (2 hosts), making 206.208.134.0/24 the only available option that can accommodate the required devices. Server & Device Placement: A DNS Server is added to the DataCenter to handle hostname resolution on port 53. In Building A, an SSH Server replaces the insecure Telnet server, as SSH provides encrypted communication. Five Workstations and one Laptop are added to support the new office and mobile users. In the Screened Subnet, a Web Server is added to handle HTTP/HTTPS traffic (ports 80/443), and an FTP Server is added for file transfers (ports 20/21).

Question 11

SIMULATION
You have been tasked with implementing an ACL on the router that will:
1. Permit the most commonly used secure remote access technologies from the management
network to all other local network segments
2. Ensure the user subnet cannot use the most commonly used remote access technologies in the
Linux and Windows Server segments.
3. Prohibit any traffic that has not been specifically allowed.
INSTRUCTIONS
Use the drop-downs to complete the ACL
If at any time you would like to bring back the initial state of the simulation, please click the Reset All
button.
Network+ N10-009 practice exam questions

Accepted Answer

THE ACCESS CONTROL LIST (ACL) SHOULD BE CONFIGURED WITH THE FOLLOWING RULES IN ORDER:

Explanation: This ACL configuration directly implements the specified security policy. Permit Management Access: The first two rules allow secure remote access from the management network ( 192.168.255.0/24 ) to all other subnets. This is achieved by permitting SSH (TCP port 22) and RDP (TCP port 3389) , which are the standard secure protocols for managing Linux and Windows systems, respectively. Deny Workstation Access: Rules 3 through 6 explicitly deny workstation users ( 192.168.1.0/24 ) from using SSH or RDP to access the server segments ( 192.168.25.0/24 and 192.168.26.0/24 ), enforcing the separation of duties. Default Deny: The final rule, DENY IP ANY ANY , is a crucial implementation of the principle of least privilege. It ensures that any traffic not explicitly permitted by the preceding rules is dropped, fulfilling the requirement to prohibit all other traffic.

Question 12

SIMULATION SIMULATION You have been tasked with setting up a wireless network in an office. The network will consist of 3 Access Points and a single switch. The network must meet the following parameters: The SSIDs need to be configured as CorpNet with a key of S3cr3t! The wireless signals should not interfere with each other The subnet the Access Points and switch are on should only support 30 devices maximum The Access Points should be configured to only support TKIP clients at a maximum speed INSTRUCTONS Click on the wireless devices and review their information and adjust the settings of the access points to meet the given requirements. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_166_img_1.jpg https://kxbjsyuhceggsyvxdkof.supabase.co/storage/v1/object/public/file-images/N10-009/page_167_img_1.jpg

Accepted Answer

COMMON AP SETTINGS:

SSID: CORPNET
SECURITY SETTINGS: WPA
KEY OR PASSPHRASE: S3CR3T!
WIRELESS MODE: G
SUBNET MASK: /27

UNIQUE AP SETTINGS:

AP1: IP ADDRESS = 192.168.1.2, CHANNEL = 1
AP2: IP ADDRESS = 192.168.1.3, CHANNEL = 6
AP3: IP ADDRESS = 192.168.1.4, CHANNEL = 11

Explanation: The solution configures the three access points (APs) to meet all specified requirements: Subnet: A CIDR notation of /27 is used for the IP addresses (e.g., 192.168.1.2/27 ). This creates a subnet with a mask of 255.255.255.224 , which provides exactly 30 usable host IP addresses (25−2=30), satisfying the maximum device requirement. Interference: The APs are set to channels 1, 6, and 11 . In the 2.4 GHz spectrum, these are the standard three non-overlapping channels, which prevents co-channel interference and ensures stable performance. Security & Speed: The security is set to WPA using the passphrase S3cr3t! . This is because the requirement is to support only TKIP , which is the encryption protocol native to WPA. The wireless mode is set to G (802.11g) to provide the maximum possible speed (54 Mbps) for a TKIP-based configuration.

Question 13

A company is hosting a secure that requires all connections to the server to be encrypted. A junior
administrator needs to harded the web server. The following ports on the web server. The following
ports on the web server are open:
Network+ N10-009 practice exam questions

Which of the following ports should be disabled?

Accepted Answer

B

Explanation: Port 80 is assigned to HTTP, which transmits data in clear text. Because the stated security policy mandates that every connection to the web server be encrypted, any unencrypted protocol must be disabled. HTTPS traffic on port 443, SSH administration on port 22, and SMTP message-submission on port 587 can all be protected with encryption (TLS or inherent in the protocol), so only port 80 violates the requirement.

Question 14

A network technician sets up a computer on the accounting department floor for a user from the
marketing department. The user reports that they cannot access the marketing department’s shared
drives but can access the internet. Which of the following is the most likely cause of this issue?

Accepted Answer

C

Explanation: The user's computer is physically connected to a network port on the accounting department's floor. Network ports are typically pre-configured and assigned to a specific Virtual LAN (VLAN) based on their physical location and departmental function. In this case, the port is likely assigned to the "Accounting" VLAN. This places the user's computer on the accounting logical network, separate from the "Marketing" VLAN where the required shared drives reside. While the accounting VLAN is configured to allow internet access through its default gateway, inter-VLAN routing to the marketing network segment may be restricted by access control lists (ACLs) for security purposes, thus blocking access to those specific resources.

Question 15

An ISP provided a company with a pre-configured modem and five public static IP addresses. Which of the following does the company's firewall require to access the internet? (Select TWO).

Accepted Answer

B, D

Explanation: For a firewall, or any network device, to communicate with the internet, it requires two fundamental pieces of information for its external-facing (WAN) interface. First, it needs a unique public IP address to be identifiable on the internet; the scenario specifies the ISP provided static IPs for this purpose. Second, it needs a Default Gateway, which is the IP address of the next-hop router on the ISP's network. The firewall sends all traffic destined for non-local networks (i.e., the internet) to this gateway. These two components are the minimum requirements for establishing basic IP routing and internet access.

Free CompTIA Network+ N10-009 Actual Exam Questions