Free Practice Questions for CompTIA N10-009 Exam

The correct answer is EOL discontinues the product but may offer support. According to CompTIA Network+ (N10-009) objectives related to lifecycle management and vendor support policies, End of Life (EOL) indicates that a product is no longer being manufactured or sold by the vendor. However, after EOL is declared, the vendor may continue to provide limited support, updates, or warranty services for a defined period.

In contrast, End of Support (EOS) means the vendor has stopped providing technical assistance, patches, firmware updates, and security fixes for the product. Once a product reaches EOS, organizations are responsible for maintaining it without vendor assistance, which can introduce operational and security risks.

Option B is incorrect because EOS does not typically convert support into a subscription model—it signifies the termination of support. Option C is incorrect because EOS applies to both hardware and software products. Option D is incorrect because warranty terms depend on vendor policy and are not guaranteed after EOL status.

Therefore, the key distinction is that EOL ends product sales, while EOS ends vendor support.

A /25 subnet mask means 25 bits are reserved for the network portion, leaving 7 bits for host addresses. In dotted decimal, that is:

11111111.11111111.11111111.10000000

Decimal equivalent: 255.255.255.128

A. 255.255.254.0 corresponds to /23.

B. 255.255.255.1 is invalid as a subnet mask.

D. 255.255.255.192 corresponds to /26.

Thus, the correct subnet mask for a /25 network is 255.255.255.128.

References (CompTIA Network+ N10-009):

Domain: Networking Concepts — Subnetting, CIDR notation, dotted decimal.

The correct answer is Full-tunnel because the policy requires all network traffic from remote corporate laptops to pass through the company’s VPN. In a full-tunnel VPN configuration, once the VPN connection is established, all traffic—including internet-bound traffic—is routed through the corporate network before reaching its destination. This ensures centralized monitoring, content filtering, logging, and enforcement of security controls such as IDS/IPS and firewalls.

According to CompTIA Network+ (N10-009) security objectives, full-tunnel VPNs enhance security by preventing users from directly accessing the internet from their local connection, thereby reducing exposure to local network threats (e.g., public Wi-Fi attacks).

A split-tunnel VPN (Option D) allows users to access the internet directly while only sending corporate-bound traffic through the VPN, which does not meet the “all traffic” requirement. A site-to-site tunnel (Option C) connects entire networks rather than individual remote users. A clientless VPN (Option A) typically provides web-based access without a full network tunnel and does not necessarily route all traffic.

Therefore, full-tunnel best matches the policy requirement.

A full-tunnel VPN forces a remote user’s traffic—including access to public internet resources—to traverse the corporate VPN tunnel and egress from the organization’s network. This is commonly required to ensure consistent enforcement of corporate security controls such as web filtering, IDS/IPS inspection, DLP policies, logging, and access control. In Network+ terms, full-tunnel VPNing routes the user’s default gateway through the VPN, meaning both internal traffic (to corporate subnets) and external traffic (to internet destinations) is sent through the encrypted tunnel.

By contrast, a split-tunnel VPN (not listed) would send only corporate-bound traffic through the VPN while allowing internet traffic to go directly out the user’s local ISP—reducing corporate bandwidth usage but also reducing centralized inspection and control. Clientless VPN usually refers to browser-based access to specific internal applications without a full network tunnel for all traffic. Site-to-site VPN connects entire networks to each other (e.g., branch office to HQ) rather than an individual remote user. SSE (Security Service Edge) is a cloud security framework/service model, not the classic VPN configuration described in the question. Hence, full-tunnel is the correct answer.

Quality of Service (QoS) is used to prioritize certain types of traffic to ensure critical applications receive the bandwidth, low latency, and low jitter they need—especially during congestion. Network+ objectives cover QoS concepts such as classification, marking, queuing, and policing/shaping to manage how traffic is handled on interfaces and across links. If the requirement is to prioritize “classified services and applications,” QoS policies can match traffic using ports, protocols, DSCP markings, VLAN tags, or application identifiers and then place that traffic into higher-priority queues or reserve bandwidth for it. Load balancing distributes traffic across multiple servers/paths but does not inherently prioritize one class of traffic over another on congested links. TTL (time to live) is an IP header field used to prevent routing loops and is unrelated to prioritization. A CDN improves content delivery and caching for distributed users, but it is not a traffic-prioritization mechanism within an organization’s network. Therefore, QoS is the correct technology for prioritizing specific services and applications.

EIGRP(Enhanced Interior Gateway Routing Protocol) supports bothIPv4 and IPv6. While OSPFv3 is specific to IPv6 and RIPv2 only supports IPv4, EIGRP was extended to handle dual-stack environments efficiently.

NetFlow (and similar flow technologies like IPFIX/sFlow in concept) is used to collect traffic-flow metadata such as source/destination IPs, ports, protocols, interfaces, and byte/packet counts over time. In Network+ (N10-009) operations and monitoring objectives, flow data is ideal for identifying top talkers and top destinations across the network on a given day because it provides summarized, queryable information at scale without capturing every packet payload. An administrator can review reports to determine which destination IPs/hosts consumed the most bandwidth, which applications were most active, and what time ranges saw spikes—perfect for historical analysis.

SNMP is great for polling device counters (interface utilization, errors, CPU) but it does not natively tell you the “top destination” by conversation/flow without additional flow awareness. Packet capture can reveal exact conversations and payloads, but it is heavy, localized, and not efficient for infrastructure-wide daily top-destination reporting. traceroute maps the path to a destination and helps isolate routing/path issues; it does not provide usage statistics. Therefore, NetFlow is the best fit.

===========

The correct answer is Integrity because a hashing algorithm ensures that data has not been altered. According to CompTIA Network+ (N10-009) security objectives, hashing is a cryptographic process that takes input data of any size and produces a fixed-length output known as a hash value or digest. If even a single bit of the original data changes, the resulting hash value will be significantly different.

Hashing is commonly used to verify file integrity, validate message authenticity, and securely store passwords. For example, when downloading software, the vendor may publish a hash value so users can calculate the hash of the downloaded file and confirm it matches, ensuring the file was not tampered with.

Non-repudiation (Option A) typically requires digital signatures that combine hashing with asymmetric encryption to verify the sender’s identity. Confidentiality (Option C) is achieved through encryption, which protects data from unauthorized access. Availability (Option D) refers to ensuring systems and data are accessible when needed and is not related to hashing functions.

Therefore, hashing primarily provides data integrity verification.

A screenshot of a computer screen AI-generated content may be incorrect.

IPSec (Internet Protocol Security) is the best choice for secure communication over the internet, as it provides encryption, authentication, and data integrity. It is widely used in VPNs and site-to-site secure tunnels.

Breakdown of Options:

A. DCI (Data Center Interconnect) – A general term for linking data centers, but it doesn’t specify a secure tunneling protocol.

B. GRE (Generic Routing Encapsulation) – Encapsulates traffic but lacks encryption, making it less secure than IPSec.

C. VXLAN (Virtual Extensible LAN) – Used for Layer 2 network overlays, not for securing communication over the internet.

D. IPSec – ✅ Correct answer. Provides encryption, authentication, and integrity for data over the internet.

Port 587 is used for secure email submission. This port is designated for message submission by mail clients to mail servers using the SMTP protocol, typically with STARTTLS for encryption.

Port 25: Traditionally used for SMTP relay, but not secure and often blocked by ISPs for outgoing mail due to spam concerns.

Port 110: Used for POP3 (Post Office Protocol version 3), not typically secured.

Port 143: Used for IMAP (Internet Message Access Protocol), which can be secured with STARTTLS or SSL/TLS.

Port 587: Specifically used for authenticated email submission (SMTP) with encryption, ensuring secure transmission of email from clients to servers.

Network References:

CompTIA Network+ N10-007 Official Certification Guide: Discusses email protocols and ports, including secure email transmission.

Cisco Networking Academy: Provides training on securing email communications and the use of appropriate ports.

Network+ Certification All-in-One Exam Guide: Explains email protocols, ports, and security considerations for email transmission.

An incorrect pinout on the patch cable could prevent network connectivity due to mismatched wiring. Even if the cables are the correct length and type, a pinout issue can cause continuity problems and prevent data transmission. Proper crimping with the correct pinout is essential for network cables to function. (Reference: CompTIA Network+ Study Guide, Chapter on Network Media and Topologies)

Link Layer Discovery Protocol (LLDP) is a network protocol used for discovering devices and their capabilities on a local area network, primarily at the data link layer (Layer 2). It helps in identifying the connected switch and the specific port to which a device is connected. When troubleshooting a VoIP handset connection, the technician can use LLDP to determine the exact switch and port where the handset is connected. This protocol is widely used in network management to facilitate the discovery of network topology and simplify troubleshooting.

Other options such as IKE (Internet Key Exchange), VLAN (Virtual LAN), and netstat (network statistics) are not suitable for identifying the switch and port information. IKE is used in setting up secure IPsec connections, VLAN is used for segmenting networks, and netstat provides information about active connections and listening ports on a host but not for discovering switch port details.

Network Address Translation (NAT) is a process that allows a device, typically a firewall or router, to map private IP addresses to public IP addresses. This enables internal network devices to communicate over the internet using a single or a limited number of public IP addresses.

Static NAT (One-to-One Mapping): Maps a single private IP address to a single public IP address, commonly used for servers that need to be accessible from the internet.

Dynamic NAT (Many-to-Many Mapping): Dynamically assigns a public IP from a pool to internal devices.

PAT (Port Address Translation): A type of NAT where multiple private IPs share a single public IP using different port numbers.

Incorrect Options:

B. VIP (Virtual IP Address): Used in load balancing and high-availability configurations, not for NAT.

C. PAT (Port Address Translation): A specific form of NAT, but the question refers to general NAT, making option A the best choice.

D. BGP (Border Gateway Protocol): A routing protocol used to exchange information between different networks, not related to NAT.