Pass the CompTIA CompTIA Network+ N10-009 Questions and answers with CertsForce

Content filtering blocks access to restricted or malicious websites. When a user attempts to visit a site that violates company policies, they are redirected to a restriction page.

This is a common security measure to prevent employees from accessing phishing or malware-infected sites.

Content filters work by scanning URLs, keywords, or categories and blocking inappropriate or harmful content.

Option A (DLP - Data Loss Prevention): Focuses on preventing sensitive data leaks rather than blocking web access.

Option B (Captive portal): Used mainly in public Wi-Fi to authenticate users before granting access, not to restrict sites.

Option D (DNS sinkholing): Redirects malicious domain requests to a safe address but is not responsible for policy-based restrictions on general content.

? Reference: CompTIA Network+ (N10-009) Official Study Guide – Section: Security Solutions

The CIA triad (Confidentiality, Integrity, Availability) is a foundational security model used in Network+ (N10-009) to evaluate risk and guide prioritization of mitigations. By categorizing assets and threats based on how they could impact confidentiality (data exposure), integrity (unauthorized alteration), or availability (service disruption), administrators can better understand which attacks from external actors matter most to the business and which controls to apply first. For example, a public-facing portal might prioritize availability protections (DDoS mitigation, redundancy), while sensitive customer records demand strong confidentiality controls (encryption, access control), and financial systems require integrity controls (logging, validation, change control). This model helps translate “threats” into business impact, which is central to deciding what to mitigate.

Compliance benchmarks support meeting regulatory/industry requirements, but they don’t inherently provide a conceptual lens for analyzing external attacker impact across all systems. SAML is a federation/authentication standard, not a risk model. A honeypot can provide insight into attacker behavior, but it doesn’t broadly structure risk prioritization the way CIA does. Therefore, CIA triad is the best answer.

===========

The correct answer is D. Administratively down . The question states that another technician had already turned off unused switchports as part of hardening. When a port is intentionally disabled by configuration, its status is described as administratively down . In other words, the switchport is not broken and has not failed on its own; it has simply been shut down by an administrator.

This is a common security practice. Unused ports are often disabled so unauthorized devices cannot be plugged in and gain access to the network. If a legitimate device later needs that port, the administrator must re-enable it before the link can come up.

The other answer choices do not line up as well with the scenario. Error disabled usually points to a protective shutdown caused by a violation or fault, such as port security or BPDU guard. Idle is not the standard description for a manually shut switchport in this context. Suspended can appear with certain switch features, but it is not the normal label for a port deliberately turned off as part of hardening.

The phrase “turned off unused switchports” is the key detail. That clearly indicates a manual administrative shutdown, so administratively down is the best answer.

MAC flooding overwhelms a switch’s CAM (Content Addressable Memory) table by sending a flood of frames with spoofed MAC addresses. Once the CAM table overflows, the switch cannot learn legitimate MAC addresses and defaults to flooding all frames out all ports, effectively turning it into a hub. This allows an attacker to capture traffic not originally destined for their port.

A. ARP poisoning corrupts ARP tables to redirect traffic but does not overflow the CAM table.

B. Evil twin is a wireless rogue AP attack, unrelated to switch behavior.

D. DNS spoofing redirects domain queries, not Layer 2 switching.

References (CompTIA Network+ N10-009):

Domain: Network Security — Switch security, CAM table attacks, MAC flooding.

Understanding Tracert:

tracert (Traceroute in Windows) is a command-line tool used to trace the path that packets take from the source to the destination. It records the route (the specific gateways at each hop) and measures transit delays of packets across an IP network.

Output Analysis:

The output shows a series of IP addresses with corresponding round-trip times (RTTs) in milliseconds.

The asterisks (*) indicate that no response was received from those hops, which is typical for routers or firewalls that block ICMP packets used by tracert.

Comparison with Other Tools:

netstat: Displays network connections, routing tables, interface statistics, and more, but does not trace packet routes.

tcpdump: Captures network packets for analysis, used for detailed network traffic inspection.

nmap: A network scanning tool used to discover hosts and services on a network, not for tracing packet routes.

Usage:

tracert helps identify the path to a destination and locate points of failure or congestion in the network.

SFTP (Secure File Transfer Protocol) operates over port 22, using SSH (Secure Shell) encryption for secure file transfers.

Breakdown of Options:

A. 22 – Correct answer. SFTP runs over SSH (port 22) for secure file transfers.

B. 80 – Used for HTTP, not SFTP.

C. 443 – Used for HTTPS (secure web traffic).

D. 3389 – Used for RDP (Remote Desktop Protocol).

On the first exhibit, the layout should be as follows

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

Exhibit 2 as follows

Access Point Name AP2

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

Exhibit 3 as follows

Access Point Name AP3

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

A screenshot of a computer AI-generated content may be incorrect.

The correct answer is C. Compatibility . A SIEM is only effective if it can successfully collect, normalize, and analyze data from the systems the organization relies on. Since the question specifically says the department wants the SIEM to ingest and analyze logs from all core devices , the most important factor is whether the SIEM is compatible with those devices, their log formats, and their supported methods of exporting events.

This includes support for common logging methods such as syslog , SNMP traps, API integrations, agent-based collection, and vendor-specific event formats. Even a SIEM with excellent features will not deliver value if it cannot properly receive and interpret logs from firewalls, routers, switches, servers, and security appliances already in use.

The other choices matter, but they come after compatibility. Ease of management is helpful for daily operations. Cost is always a practical concern. Features can improve visibility and automation. However, none of those benefits matter much if the SIEM cannot integrate with the organization’s actual environment.

For Network+ exam purposes, when log ingestion across many device types is the requirement, the top selection criterion is compatibility . Without that foundation, correlation, alerting, and security analysis will be incomplete.

The correct answer is SLA (Service Level Agreement) because it is a formal, documented contract between a service provider and a customer that defines expected service standards. According to CompTIA Network+ (N10-009) objectives under network operations and service management concepts, an SLA outlines measurable performance metrics such as uptime percentage, response time, throughput, support availability, escalation procedures, and responsibilities of both parties.

An SLA ensures accountability and establishes clear expectations for service delivery. For example, a vendor may guarantee 99.99% uptime, define maximum resolution times for incidents, and specify penalties or credits if performance targets are not met. SLAs are critical in cloud services, ISP agreements, managed services, and enterprise vendor contracts.

An MOU (Memorandum of Understanding) is a non-binding agreement outlining general terms between parties but does not define enforceable service metrics. EOL (End of Life) refers to when a product is no longer sold or supported. EOS (End of Support) indicates when a vendor stops providing updates or assistance for a product.

Therefore, an SLA is the correct document that defines vendor-delivered service requirements.

Top of Form

The netstat command provides information about network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. Running netstat on the server can help the administrator verify that the web server process is listening on the expected port (e.g., port 80 for HTTP or port 443 for HTTPS) and that there are no issues with network connections. This is a crucial first step in diagnosing why the web server is not accessible via a browser.References: CompTIA Network+ study materials. ​

The correct answer is 802.1X, which is an identity-based Network Access Control (NAC) framework emphasized in the CompTIA Network+ N10-009 objectives under network security and access control. 802.1X uses a policy-driven authentication process to determine whether a user or device is allowed network access based on verified credentials, such as usernames, passwords, or digital certificates.

802.1X operates using three main components: the supplicant (the client requesting access), the authenticator (the network device such as a switch or wireless access point), and the authentication server (typically a RADIUS server). Once the user’s identity is authenticated, predefined policies determine the level of access granted—full access, limited access, or denial. This makes 802.1X a cornerstone of zero trust and enterprise-grade NAC implementations.

A standard ACL controls traffic based on IP addresses and ports, not user identity. MAC filtering allows or denies access based on device MAC addresses, which can be easily spoofed and does not verify user identity. SSO (Single Sign-On) simplifies authentication across multiple systems but does not control network-layer access.

Network+ highlights 802.1X as a secure, scalable solution for enforcing identity-based network access policies in both wired and wireless environments.

Speed Mismatches: If NICs are set to different speeds (e.g., 100 Mbps on one side and 1 Gbps on the other), performance will degrade. Ensuring consistent speed settings between devices is crucial for optimal performance.

Load balancer settings (B): Applies to server load distribution, not endpoint speed.

Flow control settings (C): Can affect performance but is secondary to speed mismatches.

Infrastructure cabling grade (D): Relevant if the cables are unsuitable for gigabit speeds, but speed settings should be checked first.

Availability refers to ensuring that data is accessible when needed. If a customer ' s data is accidentally deleted, it impacts availability, as the data can no longer be accessed.

=================

Definition of MAC Flooding:

MAC flooding is an attack where a malicious actor sends numerous fake MAC addresses to a switch, overwhelming its CAM table. The CAM table stores MAC addresses and their associated ports for efficient traffic forwarding.

Impact of MAC Flooding:

CAM Table Overflow: When the CAM table is full, the switch cannot learn new MAC addresses and is forced to broadcast traffic to all ports, leading to a degraded network performance and potential data interception.

Switch Behavior: The switch operates in a fail-open mode, treating the network as a hub, which can be exploited for eavesdropping on traffic.

Comparison with Other Attacks:

ARP Spoofing: Involves sending false ARP (Address Resolution Protocol) messages to associate the attacker ' s MAC address with the IP address of another device.

Evil Twin: Involves creating a rogue wireless access point that mimics a legitimate one to intercept data.

DNS Poisoning: Involves corrupting the DNS cache with false information to redirect traffic to malicious sites.

Preventive Measures:

Port Security: Configure port security on switches to limit the number of MAC addresses per port, preventing CAM table overflow.

Network Segmentation: Use VLANs to segment network traffic and limit the impact of such attacks.

A honeypot is specifically designed to attract, isolate, and observe malicious activity so defenders can learn how an attacker is operating and determine attack techniques. In the context of Network+ (N10-009) security objectives, honeypots (and broader deception technologies) are defensive controls used to detect reconnaissance and exploitation attempts by presenting a decoy system or service that appears legitimate. Because a honeypot should not receive normal production traffic, any interaction is suspicious, making it valuable for identifying threat actors, collecting indicators of compromise, and analyzing the attacker’s tools, commands, and behavior patterns. This supports the goal of understanding the type of attack used (for example, credential stuffing, exploitation attempts, lateral movement probes) while keeping the attacker away from real assets.

MFA strengthens authentication but does not provide a controlled environment to observe attacker techniques. A screened subnet (DMZ) is for segmentation of public-facing services and reducing exposure of internal systems, but it is not primarily used to “bait” and analyze attackers. A captive portal enforces user acknowledgement/authentication for network access; it is not a deception/analysis system. Therefore, honeypot is the best match.

===========