Ditch the Fluff: CompTIA Network+ (N10-009) Practice That Actually Works

The CIA triad (Confidentiality, Integrity, Availability) is a foundational security model used in Network+ (N10-009) to evaluate risk and guide prioritization of mitigations. By categorizing assets and threats based on how they could impact confidentiality (data exposure), integrity (unauthorized alteration), or availability (service disruption), administrators can better understand which attacks from external actors matter most to the business and which controls to apply first. For example, a public-facing portal might prioritize availability protections (DDoS mitigation, redundancy), while sensitive customer records demand strong confidentiality controls (encryption, access control), and financial systems require integrity controls (logging, validation, change control). This model helps translate “threats” into business impact, which is central to deciding what to mitigate.

Compliance benchmarks support meeting regulatory/industry requirements, but they don’t inherently provide a conceptual lens for analyzing external attacker impact across all systems. SAML is a federation/authentication standard, not a risk model. A honeypot can provide insight into attacker behavior, but it doesn’t broadly structure risk prioritization the way CIA does. Therefore, CIA triad is the best answer.

===========

Definition of MAC Flooding:

MAC flooding is an attack where a malicious actor sends numerous fake MAC addresses to a switch, overwhelming its CAM table. The CAM table stores MAC addresses and their associated ports for efficient traffic forwarding.

Impact of MAC Flooding:

CAM Table Overflow: When the CAM table is full, the switch cannot learn new MAC addresses and is forced to broadcast traffic to all ports, leading to a degraded network performance and potential data interception.

Switch Behavior: The switch operates in a fail-open mode, treating the network as a hub, which can be exploited for eavesdropping on traffic.

Comparison with Other Attacks:

ARP Spoofing: Involves sending false ARP (Address Resolution Protocol) messages to associate the attacker ' s MAC address with the IP address of another device.

Evil Twin: Involves creating a rogue wireless access point that mimics a legitimate one to intercept data.

DNS Poisoning: Involves corrupting the DNS cache with false information to redirect traffic to malicious sites.

Preventive Measures:

Port Security: Configure port security on switches to limit the number of MAC addresses per port, preventing CAM table overflow.

Network Segmentation: Use VLANs to segment network traffic and limit the impact of such attacks.

The correct answer is public cloud. In public cloud models, a provider (such as AWS, Azure, or Google Cloud) hosts infrastructure and services that are shared across multiple customers, known as multitenancy. Each tenant is logically isolated, but physical infrastructure is shared, allowing providers to achieve economies of scale.

A. Private cloud is dedicated to one organization, not multitenant.

B. Community cloud is shared among organizations with common interests, but it’s less common than public multitenancy.

D. Hybrid cloud combines private and public but does not define tenancy alone.

Public cloud services are the most cost-effective and scalable because they spread costs across many customers, but they require strong security and isolation to protect tenants.

References (CompTIA Network+ N10-009):

Domain: Networking Concepts — Cloud models, multitenancy, public vs private.

When configuring a firewall, the first step is identifying which ports, protocols, and services are required for normal business operations. This ensures only legitimate traffic is allowed. After establishing the required rules, a default deny rule is added for security.

B. Deny all rule is important, but it should come after defining required rules.

C. VPN access is a service to configure, but only after determining baseline needs.

D. Outbound traffic policies are part of refinement, not the first consideration.

References (CompTIA Network+ N10-009):

Domain: Network Security — Firewall configuration, rule order, least privilege.

Dynamic routing is most beneficial in a growing/changing network because it can automatically learn, adapt, and update routes as the topology changes. In Network+ (N10-009) routing objectives, dynamic routing protocols exchange routing information between routers and recalculate paths when links go down, new networks are added, or metrics change. This reduces the operational burden and the risk of human error that increases as the environment scales. With dynamic routing, adding a new subnet or branch often requires far fewer manual updates because routers propagate new route information automatically, and convergence mechanisms help restore connectivity after failures.

Option A can be partly true in large environments, but the core “best reason” emphasized for dynamic routing is the automatic adaptation to topology changes. Option B is incorrect—dynamic routing may introduce additional security considerations (route filtering, authentication, neighbor control). Option C is not a defining advantage; monitoring visibility depends on tools/telemetry rather than routing type. Therefore, the strongest and most correct reason is automatic changes and updates in network topology.

===========

The correct answer is B. tcpdump. According to the CompTIA Network+ N10-009 objectives, troubleshooting network connectivity often requires validating whether traffic is actually reaching a device. tcpdump is a command-line packet analyzer that captures and displays packets being transmitted or received on a network interface in real time. This makes it the most effective tool among the options for verifying whether a server is receiving network traffic.

When using tcpdump, a technician can observe incoming packets, identify source and destination IP addresses, check protocols, and determine whether expected traffic (such as HTTP, ICMP, or DNS) is reaching the server. This directly helps isolate issues such as firewall blocking, routing problems, or application-layer failures.

The other options serve different purposes. traceroute is used to identify the path packets take across a network and diagnose routing issues, but it does not confirm packet arrival at the server interface. nslookup is used to query DNS servers for name resolution and is unrelated to packet capture. arp is used to view or manipulate the Address Resolution Protocol table, which maps IP addresses to MAC addresses, but it does not show live traffic flow.

Therefore, tcpdump is the most appropriate tool for confirming whether the server is receiving network traffic.

The first step in any troubleshooting process is to identify the problem. This includes gathering information from the user, reviewing logs, and observing the symptoms. In this case, identifying the scope and nature of the issue (e.g., signs of ransomware) is critical before forming any theories or plans.

From Andrew Ramdayal’s guide:

“The troubleshooting methodology begins with identifying the problem. This step involves questioning users, identifying user changes, and determining the symptoms.”

The CompTIA Troubleshooting Methodology states that after testing the theory, the next step is to establish a plan of action to resolve the issue.

Troubleshooting Steps:

Identify the problem.

Establish a theory of probable cause.

Test the theory to determine the cause.

Establish a plan of action and implement the solution. ✅ (Correct step)

Verify full system functionality.

Document findings, actions, and outcomes.

Breakdown of Options:

A. Verify full system functionality – Happens after implementing the solution.

B. Document the findings and outcomes – Final step, happens after resolving the issue.

C. Establish a plan of action – ✅ Correct answer. Comes immediately after confirming the cause.

D. Identify the problem – First step, already completed.

Availability refers to ensuring that data is accessible when needed. If a customer ' s data is accidentally deleted, it impacts availability, as the data can no longer be accessed.

=================

The correct answer is C. Compatibility . A SIEM is only effective if it can successfully collect, normalize, and analyze data from the systems the organization relies on. Since the question specifically says the department wants the SIEM to ingest and analyze logs from all core devices , the most important factor is whether the SIEM is compatible with those devices, their log formats, and their supported methods of exporting events.

This includes support for common logging methods such as syslog , SNMP traps, API integrations, agent-based collection, and vendor-specific event formats. Even a SIEM with excellent features will not deliver value if it cannot properly receive and interpret logs from firewalls, routers, switches, servers, and security appliances already in use.

The other choices matter, but they come after compatibility. Ease of management is helpful for daily operations. Cost is always a practical concern. Features can improve visibility and automation. However, none of those benefits matter much if the SIEM cannot integrate with the organization’s actual environment.

For Network+ exam purposes, when log ingestion across many device types is the requirement, the top selection criterion is compatibility . Without that foundation, correlation, alerting, and security analysis will be incomplete.

Unshielded cables (D) are more prone to interference and may not be suitable for certain environments, especially after a fire where interference could be heightened.

Using the wrong transceiver (E) for new terminations can lead to compatibility issues, causing network failures.

=================

A CNAME (Canonical Name) record is used in DNS to alias one domain name to another. This means that newapplication.comptia.org can be made to resolve to the same IP address as www.comptia.org by creating a CNAME record pointing newapplication.comptia.org to www.comptia.org. SOA (Start of Authority) is used for DNS zone information, MX (Mail Exchange) is for mail server records, and NS (Name Server) is for specifying authoritative DNS servers.

The correct answer is C. Elasticity . In cloud computing, elasticity refers to the ability to increase or decrease resources quickly based on current demand . If workloads rise, more compute resources can be allocated. If demand drops, those resources can be reduced again. That is exactly what the question is describing.

This is slightly different from scalability . Scalability is the broader idea that a system can grow to handle more workload. Elasticity focuses more on the dynamic, on-demand adjustment of resources as conditions change. In exam questions, wording like “add or remove based on need” usually points straight to elasticity.

The other answer choices do not fit. Availability is about uptime and service access. Multitenancy refers to multiple customers sharing underlying cloud infrastructure while remaining logically separated. Neither describes rapid expansion and contraction of compute resources.

From a Network+ study perspective, elasticity is one of the core cloud characteristics to remember because it explains why cloud services are useful for workloads that are unpredictable or variable. Instead of permanently building for peak demand, organizations can consume more or less compute as required. That makes elasticity the best answer.

The correct answer is A. Channel overlap . The signal strength numbers given, -50 to -65 dBm , are generally strong enough for normal client connectivity, so this does not point to weak coverage. The bigger clue is that the environment is a multitenant office building and the wireless network is using 2.4 GHz . That band is well known for congestion and overlapping channels, especially where many nearby businesses or tenants have their own access points.

In the 2.4 GHz range, there are only a few non-overlapping channels commonly used. When many APs operate close together on overlapping channels, clients can experience interference, retransmissions, poor throughput, buffering, and connection instability. Those symptoms fit the scenario very well.

The other options are less convincing. Insufficient wireless coverage does not line up with the reported signal levels. AP antenna type could matter in some designs, but there is nothing in the question pointing to a directional or placement issue. WPA2 is not the cause of the performance symptoms here; while it is older than WPA3, it does not normally create repeated buffering and disconnections in this way.

This is really a wireless interference question, and in a crowded 2.4 GHz building, channel overlap is the most likely reason.

Understanding Rack Size Determination:

The size of a rack for installation is determined by the dimensions of the equipment to be housed in it, primarily focusing on the depth and height of the devices.

Switch Depth:

Depth of Equipment: The depth of network switches and other rack-mounted devices directly influences the depth of the rack. If the equipment is deeper, a deeper rack is required to accommodate it.

Industry Standards: Most racks come in standard depths, but it is essential to match the depth of the rack to the deepest piece of equipment to ensure proper fit and airflow.

Server Height:

Height of Equipment: The height of servers and other devices is measured in rack units (U), where 1U equals 1.75 inches. The total height of all equipment determines the overall height requirement of the rack.

Rack Units: A rack ' s height is typically described in terms of the number of rack units it can accommodate, such as 42U, 48U, etc.

Why Other Options are Less Relevant:

KVM Size: While important for management, KVM (Keyboard, Video, Mouse) switches do not typically determine rack size.

Hard Drive Size: Individual hard drives are installed within servers or storage devices, not directly influencing rack dimensions.

Cooling Fan Speed: Fan speed affects cooling but not the physical size of the rack.

Outlet Amperage: Power requirements do not determine rack dimensions but rather the electrical infrastructure supporting the rack.