CompTIA N10-009 Network+ Exam Dumps and Practice Test Questions Set 14 Q196-210

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 196

Which protocol is used to securely manage network devices over an encrypted channel?

A) Telnet
B) SSH
C) SNMPv1
D) FTP

Answer: B) SSH

Explanation:

Secure Shell (SSH) is a network protocol used to securely manage network devices over an encrypted channel. SSH provides confidentiality, integrity, and authentication by encrypting all traffic between the client and server. Network administrators use SSH to remotely access routers, switches, firewalls, servers, and other devices for configuration, management, troubleshooting, and monitoring. SSH replaces insecure protocols such as Telnet, which transmits credentials and data in plaintext, leaving them vulnerable to interception and man-in-the-middle attacks.

Telnet is an older protocol that allows remote device management but lacks encryption. Any data sent over Telnet, including usernames and passwords, can be captured by attackers using packet sniffers. SNMPv1 is a management protocol that enables monitoring of network devices, but is limited in security because community strings are transmitted in plaintext. SNMPv3 introduces encryption and authentication, but SNMPv1 does not provide secure management. FTP is a file transfer protocol and not intended for remote device management.

The correct answer is SSH because it ensures secure remote access and encrypted communication. SSH uses public key cryptography for authentication and symmetric encryption for session data. Administrators can authenticate using passwords, key pairs, or a combination of both. The protocol typically operates over TCP port 22, providing secure terminal access, file transfer through SFTP or SCP, and tunneling capabilities for other protocols. SSH supports key-based authentication, which eliminates the need to transmit passwords over the network, reducing the risk of compromise.

SSH plays a critical role in maintaining network security. Encrypting management traffic prevents attackers from intercepting sensitive configuration information, device credentials, and administrative commands. SSH also ensures integrity, so commands sent to network devices cannot be modified or tampered with during transmission. Additionally, SSH can be used to create secure tunnels for other applications, allowing encrypted communication for protocols that do not natively support security.

Administrators must implement best practices to maintain SSH security. This includes disabling Telnet and other unencrypted management protocols, using strong key lengths, enforcing key rotation policies, and restricting SSH access using firewalls, access control lists, or VPNs. Logging and monitoring SSH sessions are also critical to detect unauthorized access attempts and maintain accountability. Many enterprise networks integrate SSH with centralized authentication systems such as RADIUS, TACACS+, or LDAP for consistent access control and auditing.

SSH supports multiple use cases beyond interactive management. For example, it can securely copy configuration files or backups using SCP, transfer files using SFTP, and tunnel other insecure protocols through encrypted channels. SSH also supports automation and scripting for repetitive tasks, enabling network administrators to efficiently manage large numbers of devices while maintaining security and compliance standards.

The benefits of SSH include secure communication, authentication, data confidentiality, integrity, and the ability to automate administrative tasks. SSH reduces the risk of credential theft, unauthorized access, and data interception. By adopting SSH as the standard protocol for device management, organizations enhance their security posture while maintaining efficient network operations. SSH is widely supported by network devices, servers, and client applications, making it a universal choice for secure remote management.

SSH is the protocol used to securely manage network devices over an encrypted channel. It provides confidentiality, integrity, and authentication, replacing insecure protocols like Telnet. Proper deployment, strong authentication practices, session monitoring, and integration with centralized access control ensure secure remote management and protection of critical network infrastructure. SSH remains a fundamental tool for administrators in modern, secure network environments, enabling reliable, encrypted, and efficient management of network devices across distributed infrastructures.

Question 197

Which attack occurs when an attacker floods a network with excessive traffic to disrupt service availability?

A) Man-in-the-Middle
B) Denial of Service
C) Phishing
D) ARP Spoofing

Answer: B) Denial of Service

Explanation:

A Denial of Service (DoS) attack occurs when an attacker floods a network, server, or application with excessive traffic to disrupt service availability. The objective of a DoS attack is to consume resources such as bandwidth, CPU, memory, or application connections, making the targeted system unable to respond to legitimate users. DoS attacks can take many forms, including volumetric attacks that overwhelm network bandwidth, protocol attacks that exploit weaknesses in TCP/IP protocols, and application-layer attacks that exhaust application resources. Distributed Denial of Service (DDoS) attacks are a variant in which multiple compromised devices, often part of a botnet, simultaneously target a victim, significantly amplifying the attack’s impact.

Man-in-the-Middle attacks intercept and potentially alter communications between two parties, but do not primarily focus on disrupting service availability. Phishing attacks trick users into revealing sensitive information through deceptive communications or websites. ARP spoofing involves sending falsified ARP messages to manipulate network traffic or redirect packets, but it is not specifically intended to overwhelm resources to deny service.

The correct answer is Denial of Service because it directly describes the intentional overloading of resources to prevent legitimate users from accessing network services. DoS attacks are prevalent in modern networks due to the ease of launching attacks using publicly available tools and scripts. They can target websites, email servers, DNS servers, or enterprise networks, disrupting operations, causing financial losses, and damaging organizational reputation. Understanding attack vectors and deploying mitigation strategies is essential for network resilience.

DoS mitigation strategies include implementing firewalls, intrusion prevention systems, rate limiting, traffic filtering, content delivery networks (CDNs), and anomaly detection systems. Network administrators may also deploy DDoS mitigation services from specialized providers to absorb attack traffic and maintain availability. Proactive measures such as network segmentation, redundancy, and proper capacity planning further reduce the impact of attacks. Monitoring and logging network activity is critical for early detection of unusual traffic patterns that may indicate a DoS attempt.

DoS attacks exploit weaknesses in network protocols and devices. For example, SYN floods exploit TCP handshake processes, UDP floods consume bandwidth by sending excessive datagrams, and HTTP floods overload web servers with repeated requests. Effective mitigation requires understanding both the attack types and normal traffic patterns to differentiate between legitimate usage spikes and malicious activity. Administrators must configure network infrastructure, such as routers, switches, and load balancers, to detect and respond to abnormal traffic conditions without affecting service performance.

Denial of Service attacks overload network resources to disrupt service availability. They can occur in various forms, including volumetric, protocol, and application-layer attacks, and are often amplified in distributed scenarios. Effective mitigation relies on traffic monitoring, security infrastructure, redundancy, and proactive network design. Understanding DoS attack vectors and implementing prevention measures ensures network availability, reliability, and operational continuity in the face of intentional disruptions, making DoS a critical concern in network security management.

Question 198

Which type of address is assigned to multiple devices but delivers traffic only to the nearest one based on routing metrics?

A) Unicast
B) Broadcast
C) Multicast
D) Anycast

Answer: D) Anycast

Explanation:

Anycast addressing is a network addressing technique in which multiple devices share the same IP address, but traffic is delivered to the nearest device based on routing metrics. This approach is commonly used in content delivery networks, DNS services, and distributed services to improve performance, reduce latency, and provide redundancy. Routers determine the best path to reach an anycast address using standard routing protocols, and traffic is automatically directed to the closest or most optimal instance.

Unicast addresses deliver traffic to a single interface or device. Broadcast addresses deliver traffic to all devices on a subnet or broadcast domain. Multicast addresses deliver traffic to a group of devices that have subscribed to a specific multicast group. Anycast differs because the same IP address exists on multiple devices, but only one, typically the closest based on routing distance, receives the traffic.

The correct answer is anycast because it ensures traffic reaches the nearest instance of multiple devices sharing the same IP. Anycast improves redundancy, load balancing, and fault tolerance, as if one instance fails, routers automatically direct traffic to the next closest instance. This addressing method is extensively used in global DNS services, content caching, and geographically distributed server networks.

Administrators deploying anycast must consider routing protocol behavior, address assignment strategies, and monitoring to ensure efficient traffic distribution. BGP is commonly used to advertise anycast prefixes in wide-area networks, enabling dynamic routing adjustments based on network topology changes. Security considerations include ensuring proper route validation, monitoring for misconfigurations or route hijacking, and preventing unintended traffic redirection.

Anycast addresses are assigned to multiple devices but deliver traffic only to the nearest one based on routing metrics. This approach enhances redundancy, performance, and reliability in distributed networks, particularly for DNS, CDNs, and global services. Proper configuration, monitoring, and routing management are essential for efficient and secure anycast deployment.

Question 199

Which type of attack uses deceptive emails or messages to trick users into revealing sensitive information?

A) Phishing
B) DoS
C) ARP Spoofing
D) MITM

Answer:  A) Phishing

Explanation:

Phishing is a social engineering attack that uses deceptive emails, messages, or websites to trick users into revealing sensitive information, such as passwords, credit card numbers, or personal identification data. Attackers often impersonate legitimate entities, such as banks, organizations, or service providers, to gain users’ trust. Phishing attacks can include malicious links, attachments, or fake login pages designed to harvest credentials. These attacks rely on human error and manipulation rather than exploiting technical vulnerabilities directly.

DoS attacks overwhelm resources to deny service, ARP spoofing manipulates network traffic, and MITM intercepts communications, but none rely primarily on deceiving users into providing information.

The correct answer is phishing because it specifically targets users with deceptive communications to extract sensitive data. Organizations must implement user education, email filtering, anti-phishing solutions, and multi-factor authentication to mitigate the risk of successful attacks. Monitoring for unusual access patterns and credential use can help detect compromised accounts quickly.

Phishing can take many forms, including spear phishing, whaling, and clone phishing, each targeting specific users or high-value targets. Spear phishing is highly targeted, often using personal information to increase credibility. Whaling targets executives or high-profile individuals. Clone phishing replicates legitimate emails to trick recipients into performing actions. Attackers may combine phishing with malware delivery or social engineering to maximize impact.

Administrators can deploy technical controls such as SPF, DKIM, and DMARC to verify email authenticity and reduce spoofing risks. Anti-phishing training teaches users to recognize suspicious links, verify senders, and report attempts promptly. Incident response procedures are essential to contain phishing impacts, reset compromised credentials, and prevent further data breaches.

Phishing attacks manipulate users into revealing sensitive information using deceptive communications. Successful mitigation relies on education, technical controls, monitoring, and incident response planning. Organizations must maintain awareness, continuously update security measures, and cultivate a culture of vigilance to reduce exposure to phishing threats, ensuring the protection of sensitive information and organizational assets.

Question 200

Which type of cable supports high-frequency signals, is resistant to electromagnetic interference, and is commonly used for broadband Internet?

A) Coaxial
B) Twisted Pair
C) Fiber Optic
D) Serial

Answer:  A) Coaxial

Explanation:

Coaxial cable is a type of copper-based cable that supports high-frequency signals and is resistant to electromagnetic interference due to its shielding design, which includes a central conductor, dielectric insulation, a metallic shield, and an outer jacket. Coaxial cables are widely used for broadband Internet, cable television, and certain legacy LAN connections. Their design reduces signal leakage and allows reliable transmission over longer distances compared to unshielded twisted pair cables. Coaxial cables can support frequencies from a few MHz to several GHz depending on quality, and they are commonly terminated with connectors such as F-type or BNC.

Twisted pair cables, including CAT5e or CAT6, are widely used in LANs but are more susceptible to EMI compared to coaxial due to the absence of continuous shielding. Fiber optic cables transmit data using light, providing immunity to EMI, extremely high bandwidth, and long-distance capabilities, but they are more expensive and require specialized equipment. Serial cables are used primarily for low-speed communication or legacy device connections and do not support high-frequency broadband signals effectively.

The correct answer is coaxial because it combines high-frequency support, EMI resistance, and practicality for broadband Internet deployment. Coaxial networks can carry television, voice, and data signals simultaneously using different frequency bands, making them versatile for consumer and business services. Cable modems and DOCSIS standards utilize coaxial cabling to provide high-speed Internet over existing cable TV infrastructure.

Administrators and technicians must ensure proper installation, grounding, and maintenance of coaxial cabling to maximize performance and prevent signal degradation. Signal amplification may be required for long distances, and splitters must be carefully installed to avoid signal loss. Coaxial remains relevant in hybrid fiber-coaxial (HFC) networks, connecting neighborhoods to central distribution nodes before fiber deployment to the home.

Coaxial cable is used for high-frequency signals, provides EMI resistance, and is commonly employed in broadband Internet delivery. Proper installation, maintenance, and signal management ensure reliable communication, supporting multiple services over the same physical medium and maintaining consistent network performance.

Question 201

Which protocol provides secure file transfer over an encrypted SSH connection?

A) FTP
B) SFTP
C) TFTP
D) SMTP

Answer: B) SFTP

Explanation:

SFTP, or Secure File Transfer Protocol, is a protocol that provides secure file transfer over an encrypted SSH connection. Unlike FTP, which transmits files in plaintext, SFTP encrypts both authentication credentials and data, protecting sensitive information during transit. This encryption prevents unauthorized access, eavesdropping, or tampering, making SFTP ideal for transferring confidential files between systems. SFTP operates over the SSH protocol, typically using TCP port 22, and leverages the encryption, authentication, and integrity features provided by SSH to ensure secure communication.

FTP, or File Transfer Protocol, allows for file transfers between client and server but does not provide encryption. Credentials and files sent via FTP are vulnerable to interception by attackers using packet sniffing tools. TFTP, or Trivial File Transfer Protocol, is a lightweight protocol used for transferring small files, often in embedded devices or for bootstrapping systems, but it lacks encryption and authentication, making it unsuitable for secure transfers. SMTP is an email transmission protocol and is not designed for file transfers.

The correct answer is SFTP because it provides secure file transfer over an encrypted channel using SSH. SFTP supports commands such as uploading, downloading, renaming, deleting, and managing files securely on remote servers. Administrators can control permissions, authenticate users with passwords or SSH keys, and enforce strict access control policies to ensure that only authorized personnel can access sensitive files. SFTP is widely adopted in enterprises, financial institutions, and government organizations where confidentiality and data integrity are critical.

Security is a primary advantage of SFTP. By encrypting both credentials and data, SFTP mitigates risks associated with eavesdropping, credential theft, and data tampering during transmission over unsecured networks, such as the Internet. Additionally, SFTP logs all transactions, providing accountability and traceability for file access and transfer activities. Network administrators often configure SFTP servers to enforce secure authentication methods, such as public key authentication, and restrict access based on IP address or user roles.

SFTP also supports automation and scripting, enabling administrators to schedule secure file transfers without manual intervention. Scripts can integrate with backup systems, application deployments, or synchronization processes while ensuring encrypted data transfer. Many SFTP clients and libraries are available for multiple platforms, allowing consistent and secure file transfer across heterogeneous environments.

Performance considerations include managing encryption overhead, network latency, and server resources. High-volume file transfers may require performance tuning, including parallel connections, compression, or optimizing SSH encryption algorithms to balance security and speed. Proper server configuration, certificate management, and monitoring help maintain the integrity, reliability, and security of the SFTP service.

Compliance requirements often mandate secure file transfer mechanisms like SFTP. Regulations such as GDPR, HIPAA, and PCI DSS require protection of sensitive data during transmission. Using SFTP ensures that organizations comply with these standards, avoid data breaches, and maintain customer and stakeholder trust. Administrators must also ensure proper key management, auditing, and secure storage of transferred files to maintain a comprehensive security posture.

SFTP provides secure file transfer over an encrypted SSH connection, offering confidentiality, authentication, integrity, and accountability. It is superior to FTP and TFTP in terms of security and is widely used for sensitive file transfers. Proper implementation, including secure authentication, access control, monitoring, and automation, ensures that file transfers are reliable, compliant, and resistant to interception or tampering. SFTP remains a foundational tool for secure file management in modern network environments, supporting enterprise, government, and critical infrastructure operations.

Question 202

Which network topology connects all devices in a single continuous loop for signal transmission?

A) Star
B) Mesh
C) Ring
D) Bus

Answer: C) Ring

Explanation:

A ring topology is a network topology in which all devices are connected in a single continuous loop for signal transmission. In a ring, each device is connected to two other devices, forming a circular data path. Data travels in one or both directions around the loop, passing through each device until it reaches the intended recipient. Ring topologies are commonly used in certain LAN implementations and metropolitan area networks (MANs). They rely on devices or network nodes to regenerate and forward signals, ensuring data reaches its destination without degradation.

Star topology connects all devices to a central hub or switch, making the hub a single point of failure but simplifying management and troubleshooting. Mesh topology connects devices with multiple redundant paths to ensure high availability and fault tolerance, often used in WANs or critical network segments. Bus topology uses a single shared communication line to which all devices are connected; signals propagate along the bus but can lead to collisions and require terminators at each end.

The correct answer is ring because it establishes a continuous loop where each device forwards data to the next until it reaches its destination. Ring topologies can be implemented using token-passing mechanisms, such as in Token Ring networks, where a token circulates around the loop granting permission to transmit. This method eliminates collisions and ensures orderly data transmission. Modern implementations may use fiber or Ethernet-based ring topologies in MANs and industrial networks.

Ring topology provides deterministic data delivery and can support high-speed communication over medium-length distances. It allows equal access for all devices and predictable latency, making it suitable for time-sensitive applications. Redundant ring designs, often called dual rings, enhance fault tolerance by providing an alternative path if a segment fails, ensuring continuous network operation. Network administrators must plan ring topology deployment carefully, considering node placement, data flow direction, and failure recovery mechanisms.

Maintenance and troubleshooting in a ring topology involve monitoring signal integrity, token circulation, or data forwarding issues. A break in the loop can disrupt communication unless redundancy or bypass mechanisms are implemented. Some modern ring networks use optical transport networks with self-healing capabilities, automatically rerouting traffic in case of failures. Ring topology also requires that devices actively participate in forwarding data, which can impact performance if nodes fail or are misconfigured.

A ring topology connects all devices in a single continuous loop for signal transmission, supporting orderly, collision-free communication and predictable performance. It contrasts with star, mesh, and bus topologies, each with unique characteristics. Proper deployment, redundancy, monitoring, and maintenance are essential to ensure ring networks operate efficiently and reliably, making ring topology a suitable choice for specific LAN, MAN, and industrial network implementations.

Question 203

Which device functions at Layer 2 of the OSI model to forward frames based on MAC addresses?

A) Router
B) Switch
C) Hub
D) Firewall

Answer: B) Switch

Explanation:

A switch is a network device that functions at Layer 2 of the OSI model, the data link layer, and forwards frames based on MAC addresses. Unlike hubs, which broadcast incoming frames to all ports, a switch uses its MAC address table to identify the destination port associated with a specific MAC address, ensuring efficient and direct frame delivery. By learning and storing the MAC addresses of connected devices, switches reduce unnecessary traffic, improve bandwidth utilization, and enable segmentation of collision domains.

Routers operate at Layer 3, the network layer, and forward packets based on IP addresses. While routers connect different networks and make forwarding decisions using logical addressing, switches operate within a single network segment, managing frame-level communication. Hubs are basic Layer 1 devices that repeat electrical signals to all connected ports, creating collision domains and leading to inefficient use of bandwidth. Firewalls filter traffic based on policies, access control rules, or packet inspection, providing security but not primarily forwarding frames based on MAC addresses.

The correct answer is switch because it forwards frames using MAC addresses, learning which addresses are reachable through which ports, and building a MAC address table dynamically. When a switch receives a frame, it inspects the source and destination MAC addresses. If the destination address is in the table, the switch forwards the frame to the correct port. If it is unknown, the switch floods the frame to all ports except the source, enabling communication while learning the new MAC address.

Switches improve network efficiency by segmenting collision domains, allowing multiple devices to communicate simultaneously without interfering with each other. Each switch port typically represents a separate collision domain, reducing collisions compared to shared media like hubs. Switches also support VLANs, which logically segment a single physical network into multiple virtual networks, isolating traffic and enhancing security. Advanced switches can operate at Layer 3, providing routing capabilities between VLANs, but their fundamental function remains frame forwarding based on MAC addresses at Layer 2.

Switches can operate in full-duplex mode, allowing simultaneous transmission and reception of frames on each port, further improving network performance. Managed switches provide additional features, including VLAN configuration, port security, Quality of Service (QoS), SNMP monitoring, and link aggregation. These features allow administrators to optimize performance, secure network access, and troubleshoot issues effectively. Monitoring the MAC address table, learning rates, and port statistics helps maintain efficient network operation and detect potential issues, such as MAC flooding attacks.

In modern networks, switches form the backbone of enterprise LANs, connecting end devices, servers, and other network infrastructure. Proper switch configuration ensures reliable connectivity, efficient bandwidth utilization, and secure communication between devices. Switches also support technologies like Spanning Tree Protocol (STP) to prevent loops in redundant topologies, enabling fault tolerance and network resilience. Switches remain a foundational component of LAN design, bridging devices at the data link layer while optimizing traffic flow and network performance.

A switch functions at Layer 2 of the OSI model, forwarding frames based on MAC addresses. It improves network efficiency, reduces collisions, supports VLANs, and enables secure and reliable communication within a LAN. Understanding switch operation, MAC address learning, and traffic forwarding is essential for network administrators to design, maintain, and troubleshoot modern Ethernet networks. Switches remain a critical building block in enterprise networking, providing efficient, secure, and scalable connectivity for end devices and infrastructure.

Question 204

Which IP address class supports more than 16 million hosts per network?

A) Class A
B) Class B
C) Class C
D) Class D

Answer:  A) Class A

Explanation:

Class A IP addresses are designed to support extremely large networks, with more than 16 million hosts per network. In the traditional classful addressing scheme, Class A addresses range from 1.0.0.0 to 126.255.255.255, using the first octet as the network portion and the remaining three octets for host addressing. This allows for 2^24 minus 2 host addresses per network, resulting in 16,777,214 usable addresses. Class A addresses are typically assigned to very large organizations, governments, or ISPs that require vast numbers of host addresses within a single network.

Class B addresses range from 128.0.0.0 to 191.255.255.255 and support 16,382 host addresses per network using two octets for network identification and two for hosts. Class C addresses range from 192.0.0.0 to 223.255.255.255 and support 254 host addresses per network, suitable for small organizations. Class D addresses, ranging from 224.0.0.0 to 239.255.255.255, are reserved for multicast groups and do not represent standard unicast networks with host counts.

The correct answer is Class A because it provides the largest host capacity per network. These addresses are allocated to networks with extremely high demands, such as ISPs or multinational enterprises. Class A networks facilitate direct addressing of millions of devices without requiring extensive subnetting. However, due to the scarcity of IPv4 addresses and inefficient utilization, Class A allocations are now carefully managed by Internet registries.

Subnetting can divide Class A networks into smaller subnets, allowing organizations to manage host allocation, improve routing efficiency, and enhance security by isolating network segments. Network administrators must design subnets thoughtfully to maximize address utilization and avoid waste. Class A networks typically use a default subnet mask of 255.0.0.0, but custom subnetting can adjust the balance between host and network bits.

Class A addresses, combined with modern practices like CIDR (Classless Inter-Domain Routing), allow flexible allocation and efficient routing across the Internet. CIDR eliminates rigid class boundaries, allowing networks to aggregate multiple Class A, B, or C blocks to simplify routing tables and optimize address usage. Administrators working with large networks must understand the implications of Class A addressing, subnetting, and route aggregation for network scalability and performance.

Class A IP addresses support more than 16 million hosts per network, making them suitable for large-scale networks. They provide extensive host capacity, flexibility for subnetting, and compatibility with modern CIDR-based routing. Understanding Class A addressing, default subnet masks, and efficient allocation strategies is essential for network administrators managing enterprise-level or ISP-scale networks. Proper planning ensures optimal utilization, scalability, and reliability in large networks.

Question 205

Which technology allows multiple VLANs to communicate through a single physical link between switches?

A) Trunking
B) Port Mirroring
C) STP
D) Link Aggregation

Answer:  A) Trunking

Explanation:

Trunking is a network technology that allows multiple VLANs to communicate over a single physical link between switches. In a trunked link, frames from different VLANs are tagged with a VLAN identifier, allowing the receiving switch to identify the VLAN membership of each frame and forward it appropriately. The most commonly used VLAN tagging protocol is IEEE 802.1Q, which inserts a four-byte tag into Ethernet frames to identify the VLAN. Trunking is essential in enterprise networks where multiple VLANs span across different switches but share a common physical infrastructure.

Port mirroring is used for monitoring network traffic by duplicating packets from one port to another for analysis. It does not carry multiple VLANs over a single link. STP, or Spanning Tree Protocol, prevents network loops in redundant topologies but does not facilitate multi-VLAN communication. Link aggregation, also known as EtherChannel or port-channel, combines multiple physical links into a single logical link to increase bandwidth and provide redundancy, but it does not inherently carry multiple VLANs unless configured as a trunk.

The correct answer is trunking because it enables multiple VLANs to traverse a single link while maintaining logical separation between VLAN traffic. Trunking reduces cabling complexity, allows for scalable VLAN deployment, and supports network designs where VLANs must extend across multiple switches. Administrators configure trunk ports on both ends of a link, ensuring compatible tagging protocols and allowed VLAN lists to prevent miscommunication or traffic leakage between VLANs.

Trunking plays a crucial role in maintaining network segmentation and security. By tagging VLANs, trunk links ensure that broadcast, multicast, and unicast traffic remain isolated within their respective VLANs. This prevents unauthorized access to sensitive network segments and reduces broadcast traffic across the network. Proper configuration and monitoring of trunk ports are essential, as misconfigured trunks can result in VLAN leaks, loops, or security vulnerabilities.

In addition to VLAN tagging, trunking supports dynamic negotiation using protocols like Dynamic Trunking Protocol (DTP), which can automatically configure trunking between switches. Administrators must manage DTP carefully to prevent unauthorized VLAN propagation or misconfigurations. Trunking also interacts with Layer 3 routing for inter-VLAN communication, as routed interfaces or Layer 3 switches provide connectivity between VLANs while preserving the isolation and segmentation benefits of trunked links.

Trunk links often carry traffic for dozens of VLANs, requiring careful bandwidth planning and monitoring to prevent congestion or packet loss. Administrators may implement Quality of Service (QoS) on trunk ports to prioritize critical VLAN traffic, such as voice or video, ensuring reliable performance across the network. Additionally, security mechanisms, such as VLAN pruning and allowed VLAN lists, prevent unnecessary traffic from traversing trunk links, enhancing efficiency and reducing potential attack surfaces.

Trunking allows multiple VLANs to communicate over a single physical link between switches. It uses VLAN tagging to maintain logical separation, enhances network efficiency, simplifies cabling, and supports scalable enterprise network designs. Proper configuration, monitoring, and security practices ensure trunk links operate reliably, maintain VLAN integrity, and optimize traffic flow in modern switched networks, making trunking an essential component of VLAN deployment and enterprise network architecture.

Question 206

Which wireless security protocol provides encryption using CCMP with AES and is considered secure for modern networks?

A) WEP
B) WPA
C) WPA2
D) WPA3

Answer: C) WPA2

Explanation:

WPA2, or Wi-Fi Protected Access 2, is a wireless security protocol that provides encryption using CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) with AES (Advanced Encryption Standard). WPA2 is widely regarded as secure for modern networks and addresses vulnerabilities present in older protocols such as WEP and WPA. CCMP ensures both data confidentiality and integrity, making it suitable for protecting sensitive wireless communication in enterprise and home networks.

WEP, or Wired Equivalent Privacy, is an outdated protocol that uses weak RC4 encryption and is highly susceptible to attacks such as key recovery and packet injection. WPA, the predecessor to WPA2, improved security by introducing TKIP (Temporal Key Integrity Protocol), but it still relies on RC4 and has known vulnerabilities. WPA3 is the newest standard that improves upon WPA2 with enhanced encryption, forward secrecy, and protection against offline dictionary attacks, but WPA2 remains widely deployed and secure when properly configured.

The correct answer is WPA2 because it implements strong AES encryption with CCMP, ensuring confidentiality, integrity, and authentication for wireless networks. WPA2 supports both Personal (pre-shared key) and Enterprise (802.1X with RADIUS authentication) modes. In Personal mode, a strong passphrase protects the network, while Enterprise mode provides centralized authentication, granular access control, and enhanced logging, suitable for business environments. WPA2 mitigates risks such as eavesdropping, man-in-the-middle attacks, and unauthorized access, offering robust protection for both client devices and network infrastructure.

WPA2 requires proper configuration to maximize security. Administrators should disable outdated protocols like WEP and WPA, enforce strong passwords or passphrases, use AES-only encryption, and configure Enterprise authentication for large or sensitive networks. Network monitoring helps detect rogue access points or unauthorized connections, while periodic key changes enhance security. WPA2 also supports 802.11i features, including mutual authentication, integrity checks, and session key management, ensuring secure communication even in complex network environments.

While WPA3 introduces improvements such as Simultaneous Authentication of Equals (SAE) for better resistance to password guessing attacks, WPA2 remains highly secure and widely used. Properly configured WPA2 networks are resilient against most common wireless attacks, including packet sniffing, replay attacks, and unauthorized access. Integration with VLANs, firewalls, and intrusion detection systems further strengthens the security posture of a WPA2 wireless network.

WPA2 provides encryption using CCMP with AES and is considered secure for modern networks. By replacing outdated protocols like WEP and WPA, WPA2 ensures confidentiality, integrity, and authentication for wireless communications. Proper configuration, monitoring, and integration with network security controls maintain robust wireless network security, protecting sensitive data and enabling reliable connectivity. WPA2 remains a cornerstone of secure Wi-Fi deployment in homes, enterprises, and public networks, providing effective encryption and protection against evolving threats.

Question 207

Which routing protocol is classified as a link-state protocol and uses Dijkstra’s algorithm to determine the shortest path?

A) RIP
B) OSPF
C) EIGRP
D) BGP

Answer: B) OSPF

Explanation:

OSPF, or Open Shortest Path First, is a routing protocol classified as a link-state protocol that uses Dijkstra’s algorithm to determine the shortest path to each network destination. In a link-state protocol, each router maintains a complete map of the network topology by exchanging link-state advertisements (LSAs) with other routers in the same area. This comprehensive view allows OSPF to calculate the most efficient routes dynamically, considering factors such as link cost, bandwidth, and network topology changes.

RIP, or Routing Information Protocol, is a distance-vector protocol that uses hop count as the metric and sends periodic updates without a full network topology view. EIGRP, or Enhanced Interior Gateway Routing Protocol, is an advanced distance-vector protocol with some link-state characteristics but relies on the Diffusing Update Algorithm (DUAL) rather than Dijkstra’s algorithm. BGP, or Border Gateway Protocol, is a path-vector protocol used for routing between autonomous systems on the Internet and does not perform shortest-path calculations based on link-state information.

The correct answer is OSPF because it builds a complete link-state database, enabling precise calculation of the shortest path to each network destination. OSPF divides networks into areas to reduce routing table size, optimize performance, and localize routing updates. Routers within the same area exchange LSAs to maintain a synchronized network map, while area border routers (ABRs) connect multiple areas and summarize routing information between them. This hierarchical design improves scalability and reduces the processing overhead of large networks.

OSPF supports various features that enhance network efficiency and reliability. For example, OSPF allows for equal-cost multipath (ECMP) routing, which enables traffic to be distributed across multiple paths with the same cost, improving bandwidth utilization and redundancy. OSPF also includes fast convergence mechanisms, quickly recalculating routes in response to link failures or topology changes, ensuring minimal downtime and consistent network performance. Additionally, OSPF authentication mechanisms, such as MD5 or SHA-based authentication, prevent unauthorized devices from injecting false routing information.

Proper OSPF deployment requires careful planning of network areas, router IDs, and interface costs. Administrators must configure OSPF timers, such as hello and dead intervals, to optimize stability and responsiveness. LSAs can be filtered or summarized to reduce unnecessary updates and control routing table size. OSPF supports multiple types of LSAs for different purposes, including intra-area, inter-area, and external route advertisement, which allows integration with external routing protocols like BGP while maintaining consistent internal routing.

OSPF’s link-state approach provides significant advantages over distance-vector protocols, including faster convergence, loop-free routing, and precise path selection based on link metrics rather than simple hop count. By maintaining a complete topology map, OSPF ensures deterministic routing, predictable behavior, and efficient use of network resources. This makes OSPF suitable for large enterprise networks, service provider environments, and mission-critical infrastructure where reliability and performance are paramount.

OSPF is a link-state routing protocol that uses Dijkstra’s algorithm to determine the shortest path to each network destination. It provides fast convergence, loop-free routing, and efficient use of network resources through a hierarchical design with areas, LSAs, and link-state databases. Proper planning, authentication, and monitoring are essential for OSPF deployment, ensuring optimal routing performance, network reliability, and security. OSPF remains a fundamental interior gateway protocol in modern enterprise and service provider networks, providing scalable, efficient, and resilient routing solutions.

Question 208

Which type of NAT allows multiple internal devices to share a single public IP address while maintaining unique port assignments?

A) Static NAT
B) Dynamic NAT
C) PAT
D) SNAT

Answer: C) PAT

Explanation:

Port Address Translation (PAT), also known as NAT overload, is a type of Network Address Translation that allows multiple internal devices to share a single public IP address while maintaining unique port assignments. PAT modifies both the source IP address and source port of outgoing packets, mapping each internal device’s connection to a unique port number on the public IP address. This enables hundreds or thousands of devices to access the Internet using a single public address while ensuring responses are correctly routed back to the originating device.

Static NAT maps a single internal IP address to a single public IP address, providing a one-to-one translation. Dynamic NAT uses a pool of public addresses and assigns them to internal devices on a first-come, first-served basis, but it does not support sharing a single public IP for multiple devices simultaneously. SNAT, or Source NAT, generally refers to modifying the source IP address of packets, but PAT specifically extends this by translating ports to allow multiple devices to use a single address.

The correct answer is PAT because it provides address conservation and scalability. PAT tracks connections using a NAT table, recording the internal IP address and source port, the translated public IP address, and the mapped port. When a response is received, the router consults the NAT table to forward traffic to the correct internal host. This makes PAT highly efficient for small organizations or networks with limited public IP address availability.

PAT is commonly deployed in home networks, small offices, and enterprise edge devices to enable Internet access without requiring a large pool of public IP addresses. It also provides a basic layer of security, as internal device addresses are hidden from external networks. Administrators can configure PAT on routers or firewalls, specifying the public interface for translation, port ranges, and connection limits to optimize performance and reliability.

While PAT enables efficient IP address usage, it has limitations. For example, it can complicate inbound connections because external systems cannot initiate communication with internal devices unless specific port forwarding or static mappings are configured. Overloading a single public IP with thousands of connections may introduce latency or NAT table exhaustion if not properly managed. Monitoring NAT tables and connection usage helps administrators maintain network performance and prevent resource exhaustion.

PAT interacts with other network services such as VPNs, firewalls, and application-level protocols. Certain protocols, like FTP, SIP, or VoIP, may require NAT traversal mechanisms to ensure proper operation when PAT modifies port assignments. Network administrators must configure NAT helpers, ALG (Application Layer Gateway), or port forwarding rules to maintain compatibility and connectivity for such services.

PAT allows multiple internal devices to share a single public IP address while maintaining unique port assignments. It provides efficient address utilization, hides internal addresses, and supports scalable Internet connectivity for networks with limited public IP resources. Proper configuration, monitoring, and integration with other network services ensure reliable and secure operation, making PAT a widely adopted NAT technique in modern enterprise, small office, and home networks.

Question 209

Which wireless standard operates in the 5 GHz band and supports speeds up to 1.3 Gbps?

A) 802.11a
B) 802.11b
C) 802.11g
D) 802.11ac

Answer: D) 802.11ac

Explanation:

802.11ac is a wireless networking standard that operates primarily in the 5 GHz band and supports data transfer speeds up to 1.3 Gbps in its initial implementations, with higher throughput in later wave 2 versions. It is part of the IEEE 802.11 family and builds upon 802.11n, introducing technologies such as wider channel bandwidths (80 MHz and 160 MHz), higher-order modulation (256-QAM), and multiple-input multiple-output (MIMO) with multiple spatial streams. These enhancements significantly increase wireless network capacity, efficiency, and performance for high-bandwidth applications such as video streaming, online gaming, and large file transfers.

802.11a operates in the 5 GHz band but supports lower speeds, typically up to 54 Mbps, using OFDM modulation. 802.11b operates in the 2.4 GHz band with speeds up to 11 Mbps using DSSS. 802.11g also operates in the 2.4 GHz band, achieving speeds up to 54 Mbps with OFDM. Compared to these earlier standards, 802.11ac provides substantially higher throughput, reduced interference due to 5 GHz operation, and advanced features designed for modern network demands.

The correct answer is 802.11ac because it combines 5 GHz frequency, high data rates, and MIMO technology to deliver gigabit-class wireless connectivity. The 5 GHz band is less congested than 2.4 GHz, resulting in reduced interference from devices like Bluetooth equipment, microwaves, and legacy Wi-Fi networks. Wider channels and multiple spatial streams allow simultaneous transmission of multiple data streams, enhancing capacity and supporting multiple devices without significant degradation in performance.

Deployment of 802.11ac requires compatible access points and client devices. Administrators must consider channel selection to avoid overlapping frequencies, ensure proper signal coverage, and optimize MIMO configurations for multiple users. 802.11ac access points often support beamforming, which focuses signal strength toward active clients, improving range, throughput, and reliability. Network design should account for obstacles, building materials, and interference sources, especially since higher frequency signals experience more attenuation compared to 2.4 GHz.

Security is a critical consideration in 802.11ac deployments. Access points should use WPA2 or WPA3 encryption to protect communications from unauthorized access, eavesdropping, and man-in-the-middle attacks. Enterprise networks typically employ WPA2-Enterprise with 802.1X authentication and RADIUS servers to manage user access, while home networks use strong passphrases to secure personal devices. Proper wireless site surveys, channel planning, and power settings help maintain optimal coverage, minimize co-channel interference, and ensure reliable connectivity.

Advanced features of 802.11ac, such as MU-MIMO (Multi-User MIMO), allow simultaneous communication with multiple clients, improving throughput for dense networks. This is particularly important in offices, conference centers, or public hotspots, where many devices compete for bandwidth. Administrators should configure Quality of Service (QoS) policies to prioritize latency-sensitive traffic such as voice or video, ensuring smooth performance even under heavy network load.

802.11ac operates in the 5 GHz band and supports speeds up to 1.3 Gbps, offering high throughput, reduced interference, and enhanced performance compared to previous standards. It incorporates wide channel bandwidths, 256-QAM, MIMO, and beamforming technologies to optimize wireless connectivity. Proper deployment, security configuration, and network planning ensure reliable, high-speed Wi-Fi suitable for modern applications, making 802.11ac a cornerstone of enterprise and home wireless networking.

Question 210

Which type of firewall examines traffic at the application layer and can filter based on specific protocols or content?

A) Packet-filtering firewall
B) Stateful firewall
C) Proxy firewall
D) Circuit-level firewall

Answer: C) Proxy firewall

Explanation:

A proxy firewall, also known as an application-level firewall, examines traffic at the application layer of the OSI model and can filter based on specific protocols, applications, or content. Unlike packet-filtering or stateful firewalls, which primarily inspect headers and connection states, proxy firewalls analyze the payload of network traffic to enforce more granular policies. This allows administrators to control access to web, email, FTP, or other application-specific traffic, block malicious content, and prevent attacks such as SQL injection, cross-site scripting, or malware downloads.

Packet-filtering firewalls operate at the network layer and make decisions based on source and destination IP addresses, ports, and protocol types. They are fast, but cannot inspect the actual content of traffic. Stateful firewalls operate at the transport layer and track connection states, providing better protection than simple packet filters but still limited to headers and session information. Circuit-level firewalls monitor TCP or UDP sessions at a higher level than packet filtering but do not inspect application payloads.

The correct answer is proxy firewall because it inspects traffic at the application layer, making filtering decisions based on content, application type, or protocol-specific details. Proxy firewalls can terminate client connections, act as intermediaries between internal users and external servers, and generate sanitized requests to reduce exposure to threats. By mediating traffic, proxy firewalls can provide user authentication, content caching, logging, and malware detection.

Proxy firewalls offer advantages such as hiding internal network addresses, enforcing detailed security policies, and monitoring application-specific behaviors. They can prevent access to malicious or unauthorized websites, enforce acceptable use policies, and provide advanced reporting for administrators. These firewalls are particularly useful in enterprise networks, educational institutions, and government environments where controlling specific application traffic and content is critical.

Performance considerations include the processing overhead of inspecting application payloads, which may introduce latency. High-capacity deployments may require load balancing, clustering, or hardware acceleration to maintain performance while applying deep packet inspection. Administrators must also regularly update signatures, policies, and filtering rules to adapt to evolving threats and new applications.

Proxy firewalls support protocols such as HTTP, HTTPS, FTP, SMTP, and POP3, providing protocol-specific filtering, authentication, and content inspection. SSL/TLS decryption may be required to inspect encrypted traffic, which necessitates careful certificate management and privacy considerations. Combining proxy firewalls with other security technologies, such as intrusion detection systems, antivirus scanning, and data loss prevention, creates a layered defense model for comprehensive network protection.

Proxy firewalls examine traffic at the application layer and can filter based on specific protocols, applications, or content. They provide granular control, hide internal addresses, enforce security policies, and monitor traffic for threats. Proper deployment, configuration, performance optimization, and integration with other security measures ensure reliable, secure network operations, making proxy firewalls an essential component of modern enterprise security architecture.