Free Practice Questions for CompTIA CNX-001 Exam

Comprehensive and Detailed Explanation From Exact Extract:

Privileged Access Management (PAM) is the optimal solution to control, audit, and secure administrative access to systems and services. PAM enables role-based approval workflows, time-limited access, auditing, and credential rotation, fully aligning with the requirements.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “Identity and Access Controls”:

“Privileged Access Management allows fine-grained control over administrator-level access, supports just-in-time access provisioning, password rotation, and audit logging.”

Other options:

B. Session-based tokens allow temporary access but do not enforce policies or auditing.

C. Conditional access provides policy enforcement based on context but lacks full PAM features.

D. ACLs control access to resources but don’t manage privilege workflows or audits.

Comprehensive and Detailed Explanation From Exact Extract:

STP (Spanning Tree Protocol) is a Layer 2 standard protocol that prevents switching loops in Ethernet networks by creating a loop-free logical topology. It can automatically block and unblock redundant paths based on network changes, ensuring reliability and avoiding broadcast storms.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “Ethernet Loop Prevention and Switching Protocols”:

“STP is a standard Layer 2 protocol used to detect and prevent network loops, enhancing network stability in switched topologies.”

Other options:

B. SIP is a signaling protocol used in VoIP.

C. RTSP is for media streaming control.

D. BGP is a routing protocol, not for Layer 2 loop prevention.

Comprehensive and Detailed Explanation From Exact Extract:

A mesh topology allows every site to connect directly to every other site, enabling the shortest and lowest-latency path between locations. This is ideal for SD-WAN deployments that must minimize latency for inter-site communication globally. In contrast, hub-and-spoke models force all traffic through a central hub, increasing latency.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “WAN Technologies and Topologies”:

“Mesh topologies offer direct connectivity between all participating sites, reducing latency and avoiding single points of failure. They are optimal for SD-WAN deployments requiring performance and resilience.”

Other options:

A. Star topology routes all traffic through a central node, introducing latency.

B. Spine-and-leaf is used in data center architectures, not global WANs.

D. Hub-and-spoke centralizes routing and increases latency between remote sites.

A full-mesh SD-WAN topology allows each site to establish direct overlays with every other site, minimizing the number of hops and avoiding backhauling through a central hub, thereby delivering the lowest latency paths between Asia, Europe, and the US.

Comprehensive and Detailed Explanation From Exact Extract:

NetFlow provides flow-level metadata about IP traffic without requiring inline deployment. It summarizes who is talking to whom, for how long, and how much data was exchanged. It’s ideal for behavior monitoring and threat detection when sent to a SIEM for correlation and analysis.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “NetFlow and Network Telemetry”:

“NetFlow provides visibility into traffic patterns, which can be used for anomaly detection and security analysis when integrated with SIEM platforms.”

Other options:

A. Syslog shows event-level data, but not network behavior.

B. SNMP traps monitor device status, not traffic behavior.

C. SSL decryption is complex and requires inline positioning.

================================================

Comprehensive and Detailed Explanation From Exact Extract:

A. An explicit allow rule in the Network Security Group (NSG) permitting Server A (10.2.3.9) to communicate with Server B (10.2.2.7) ensures intra-cloud communication between segments.

C. A deny rule that blocks any inbound access from external sources (0.0.0.0/0 → internal range 10.2.0.0/16) effectively prevents unsolicited inbound traffic from the public internet, securing the internal servers.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “Cloud Security Groups and Firewall Policies”:

“NSGs should be configured with least privilege principles. Allow intra-subnet or intra-application communication while explicitly denying unsolicited internet traffic.”

“Ingress and egress filtering policies should block all traffic by default and permit only what’s required.”

Other options:

B. Incorrect – this allows internal range to internet, which is not requested.

D & E. Apply to outbound policies, not relevant to the need to block inbound external access.

F. Incorrect – this denies internal resources from going outbound, not inbound protection.

================================================

Comprehensive and Detailed Explanation From Exact Extract:

Using a spectrum analyzer to inspect the 6GHz frequency range allows the administrator to confirm the presence and source of interference. This step aligns with the “identify the problem” phase of the CompTIA troubleshooting methodology. Before making changes or documenting channels, the administrator must validate whether interference exists and collect diagnostic data.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “Troubleshooting Methodology and Wireless Interference”:

“Spectrum analyzers provide a visual representation of frequency usage and interference in wireless bands, allowing administrators to isolate the root cause of degraded performance before implementing corrective actions.”

Other options:

A. Testing performance (Step 5 in the methodology) comes after identifying and resolving the issue.

C. Documentation is performed during the final step of troubleshooting.

D. Changing channels without evidence may worsen interference if the problem is not confirmed.

================================================

Comprehensive and Detailed Explanation From Exact Extract:

WAF (Web Application Firewall) protects web applications by inspecting HTTP/S traffic to and from the application. It filters, monitors, and blocks malicious traffic and exploits targeting web application vulnerabilities. WAFs are deployed at the edge, often in conjunction with load balancers, and are ideal for mitigating threats like SQL injection, cross-site scripting, and protocol violations.

NSG (Network Security Group) is a native security feature offered by many cloud providers (such as Azure), functioning similarly to a firewall. NSGs control inbound and outbound traffic at the virtual network interface, subnet, or VM level, allowing engineers to define allowed or denied traffic rules.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide under “Cloud Workload Protection & Security Tools”:

“WAFs are critical for protecting web-facing applications in public cloud environments.”

“Network Security Groups (NSGs) are used to enforce access policies on cloud-based virtual networks, providing filtering and segmentation at the instance or subnet level.”

================================================

Comprehensive and Detailed Explanation From Exact Extract:

Since payments are working and orders are being recorded in the cloud, the issue likely lies in the local wireless network between the tablets and the kitchen printers. If the issue only occurs during high usage periods, it’s likely a congestion or signal quality issue. Adding a dedicated access point for the kitchen can isolate printer traffic and improve reliability.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — under “Wireless Performance and Interference Management”:

“Segmenting traffic or deploying dedicated APs for mission-critical devices can reduce contention and ensure reliability in congested wireless environments.”

Other options:

A. App updates won’t fix wireless interference.

C. Dongle upgrades may help but don’t isolate the traffic.

D. Static IPs help with addressing, not with wireless reliability.

Comprehensive and Detailed Explanation From Exact Extract:

Video surveillance (A) provides continuous monitoring and allows for real-time, remote visibility of secure locations, such as computer rooms. When integrated with analytics, video surveillance systems can detect movement after hours or unauthorized access and generate immediate alerts. These systems also maintain video logs that can be audited later.

NFC access cards (B) allow controlled access to physical areas, generating time-stamped logs for each entry attempt. When connected to an access control system, these cards can trigger alerts for unauthorized access attempts, such as the use of expired credentials or access during restricted hours.

Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide — Security Controls and Physical Security Section:

“Security access systems using NFC or smart cards allow traceability of personnel entry through electronic logs, while surveillance systems provide visibility and support forensic investigations.”

“Video surveillance allows real-time monitoring of physical environments and helps detect unauthorized presence or access in sensitive locations.”

================================================