CompTIA N10-009 Network+ Exam Dumps and Practice Test Questions Set 8 Q106-120

Visit here for our full CompTIA N10-009 exam dumps and practice test questions.

Question 106

Which type of wireless security protocol provides strong encryption using the Advanced Encryption Standard (AES) for protecting Wi-Fi networks?

A) WEP
B) WPA
C) WPA2
D) WPA3

Answer: C) WPA2

Explanation:

Wi-Fi Protected Access 2, or WPA2, is a wireless security protocol designed to provide robust encryption and authentication mechanisms for protecting wireless local area networks. WPA2 replaced the earlier WEP and WPA standards, addressing the vulnerabilities and weaknesses inherent in those protocols. The core feature of WPA2 is the use of the Advanced Encryption Standard (AES), which is a symmetric encryption algorithm widely recognized for its strength and reliability. AES ensures that transmitted data remains confidential, and the protocol also provides mechanisms for authenticating users and devices attempting to connect to the wireless network. WPA2 can operate in two primary modes: Personal mode, which uses a pre-shared key (PSK) for authentication, and Enterprise mode, which relies on 802.1X authentication through a RADIUS server. The use of AES and robust key management in WPA2 ensures that unauthorized users cannot easily decrypt or access network communications.

WEP, or Wired Equivalent Privacy, is an outdated protocol that relies on the RC4 encryption algorithm and static keys. WEP is highly vulnerable to attacks due to weak initialization vectors and predictable key streams, making it unsuitable for modern networks. WPA, or the original Wi-Fi Protected Access, improved security over WEP by introducing the Temporal Key Integrity Protocol (TKIP), which dynamically changes keys and prevents some attacks, but it still relied on weaker encryption and is no longer recommended. WPA3 is the latest standard, providing additional protections such as enhanced authentication, stronger encryption, and protection against offline dictionary attacks, but WPA2 remains widely deployed and supported across most existing devices.

WPA2 provides both data confidentiality and integrity, preventing unauthorized modification of network traffic and ensuring that communications between wireless devices are secure. AES encryption ensures strong cryptographic protection against eavesdropping, while message integrity codes (MICs) prevent tampering. WPA2 also supports enterprise-level authentication using 802.1X and Extensible Authentication Protocol (EAP), allowing organizations to centrally manage credentials and enforce security policies. Key management, including periodic rekeying and proper configuration of pre-shared keys, enhances security and reduces the risk of compromise.

The correct answer is WPA2 because it specifically implements AES-based encryption to secure wireless communications while providing authentication mechanisms suitable for personal and enterprise networks. Network administrators must ensure that WPA2 is configured correctly, with strong passwords or enterprise authentication, to prevent unauthorized access. Regular firmware updates, monitoring of connected devices, and enforcement of strong security policies further enhance network security. Understanding the differences between WEP, WPA, WPA2, and WPA3 helps professionals select appropriate encryption protocols based on device compatibility, security requirements, and network design considerations.

WPA2’s widespread adoption and proven security make it a cornerstone of Wi-Fi network protection. While WPA3 introduces advanced protections and better resistance to attacks, WPA2 remains the minimum recommended standard for most enterprise and consumer networks. Knowledge of WPA2 is essential for configuring secure wireless access points, troubleshooting connectivity issues, and auditing wireless networks. Security best practices include using strong passwords for personal mode, implementing 802.1X with enterprise mode, regularly monitoring network traffic, and combining WPA2 with other security measures such as VPNs, firewalls, and intrusion detection systems to ensure comprehensive protection.

Question 107

Which network attack involves overwhelming a system with excessive traffic by exploiting reflection techniques from third-party servers?

A) Smurf Attack
B) Amplification DDoS
C) SYN Flood
D) Phishing

Answer: B) Amplification DDoS

Explanation:

Amplification Distributed Denial-of-Service (DDoS) attacks are a type of network attack in which attackers exploit vulnerable third-party servers to generate massive volumes of traffic directed at a target, overwhelming its resources and disrupting normal operations. The attacker sends a small request to a third-party server, spoofing the source IP address to appear as if it originated from the victim. The server responds with a much larger reply, amplifying the traffic and sending it to the victim’s IP address. This reflection and amplification mechanism allows attackers to multiply the volume of traffic using minimal resources, making such attacks particularly effective and difficult to mitigate. Protocols commonly exploited for amplification include DNS, NTP, and Memcached due to their ability to generate large responses from small requests.

Smurf attacks also involve reflection, but they primarily use ICMP Echo Requests sent to network broadcast addresses to overwhelm a target. SYN floods exploit the TCP handshake by sending numerous incomplete connection requests to a server, consuming system resources, but do not rely on third-party reflection. Phishing targets human behavior, deceiving users into revealing sensitive information rather than exploiting network protocols to generate traffic. Amplification DDoS specifically leverages the disparity between request and response sizes in network protocols to overwhelm targets efficiently.

Amplification attacks are highly effective against networks and services with limited bandwidth or processing capacity. Attackers can coordinate multiple compromised systems in a botnet to launch distributed attacks, exponentially increasing traffic volume and impact. Mitigation strategies include filtering spoofed traffic, configuring servers to prevent exploitation, limiting response rates, and deploying DDoS protection services that absorb or deflect malicious traffic. Network engineers must monitor for abnormal traffic patterns, unusually high response rates from servers, and sudden spikes in network utilization to detect potential amplification attacks early.

The correct answer is amplification DDoS because it relies on exploiting third-party servers to multiply attack traffic, reflecting it toward the victim and overwhelming network or system resources. Understanding the mechanisms, exploited protocols, and defense strategies is critical for network security professionals. Preventive measures include ingress and egress filtering to prevent IP address spoofing, patching vulnerable servers, implementing rate limiting, and utilizing specialized DDoS mitigation appliances or cloud services. Organizations must also maintain incident response plans to respond promptly to high-volume attacks, minimizing downtime, protecting sensitive systems, and ensuring continuity of services.

Amplification DDoS attacks demonstrate the importance of securing network infrastructure, monitoring traffic, and educating administrators about common attack vectors. By understanding reflection techniques, attack amplification factors, and vulnerable protocols, professionals can design resilient networks and protect critical assets from both volumetric and resource-based attacks. Combining network architecture best practices, traffic analysis, and automated mitigation tools provides a layered defense against amplification-based DDoS attacks. Effective response requires collaboration between network teams, service providers, and security operations centers to detect, mitigate, and prevent future attacks. The high efficiency and potential disruption caused by amplification DDoS make it one of the most significant threats to enterprise networks and online services, requiring ongoing vigilance, configuration hardening, and monitoring.

Question 108

Which type of network protocol is connectionless and does not guarantee delivery of packets, often used for streaming and real-time communication?

A) TCP
B) UDP
C) ICMP
D) ARP

Answer: B) UDP

Explanation:

User Datagram Protocol, or UDP, is a connectionless transport-layer protocol that provides minimal overhead and does not guarantee the delivery, order, or integrity of transmitted data. UDP is part of the TCP/IP suite and operates alongside IP to enable communication between applications on networked devices. Because it does not establish a formal connection like TCP, UDP is faster and more efficient for applications where speed is critical and occasional packet loss is acceptable. Typical use cases include streaming audio and video, online gaming, VoIP, and broadcasting services. UDP packets, called datagrams, contain source and destination ports along with the payload, but there is no acknowledgment, retransmission, or sequencing built into the protocol.

TCP, or Transmission Control Protocol, is connection-oriented and ensures reliable, in-order delivery of data with acknowledgment and retransmission mechanisms. TCP is suitable for applications like web browsing, email, and file transfers, where data integrity and delivery are essential. ICMP, or Internet Control Message Protocol, is used for network diagnostics and error reporting, such as ping and traceroute, and does not transport application data. ARP, or Address Resolution Protocol, operates at Layer 2 to resolve IP addresses to MAC addresses on a local network and is not a transport protocol.

UDP’s simplicity allows high-performance communication for applications that require low latency rather than guaranteed delivery. Real-time communication applications, such as VoIP and live video streaming, prioritize timely delivery over reliability. UDP’s lack of retransmission prevents delays caused by waiting for acknowledgments, enabling smooth streaming and interactive sessions. Applications using UDP often implement their own mechanisms for error detection and correction, such as forward error correction (FEC), packet sequencing, and jitter buffering, to improve the user experience while maintaining low latency.

The correct answer is UDP because it provides connectionless, low-overhead communication suitable for streaming and real-time applications where occasional packet loss is tolerable. Network administrators and engineers must understand UDP behavior when designing systems for multimedia, teleconferencing, gaming, and broadcasting. Configuring Quality of Service (QoS), bandwidth allocation, and prioritization can improve UDP application performance, as these applications are sensitive to packet loss, delay, and jitter. Monitoring network performance and implementing traffic shaping ensures that UDP traffic receives appropriate treatment alongside TCP traffic.

UDP also enables multicast and broadcast communication, allowing a single packet to reach multiple recipients efficiently. This is critical for applications like IPTV, live streaming events, and service discovery protocols. Understanding UDP’s stateless design, packet structure, and behavior in various network environments allows administrators to optimize infrastructure for high-performance applications. Security considerations include filtering UDP traffic to prevent amplification-based attacks, such as DNS and NTP reflection attacks, and monitoring for anomalous patterns that could indicate misuse or attacks.

UDP’s characteristics, including its connectionless nature, minimal overhead, and tolerance for packet loss, make it indispensable for modern network applications that prioritize low latency over reliability. Network engineers must balance performance, reliability, and security when deploying UDP-dependent services, ensuring optimal functionality while minimizing risks and congestion. Proper design and monitoring of UDP traffic contribute to smooth operation of real-time communication systems, supporting critical business and consumer applications worldwide.

Question 109

Which type of network attack exploits the ARP protocol to intercept and modify traffic between devices on a local network?

A) ARP Spoofing
B) DNS Poisoning
C) Man-in-the-Middle
D) SYN Flood

Answer:  A) ARP Spoofing

Explanation:

ARP Spoofing, also called ARP poisoning, is a network attack in which an attacker manipulates the Address Resolution Protocol (ARP) to associate their MAC address with the IP address of another device, usually the default gateway or a critical server. This allows the attacker to intercept, monitor, modify, or drop network traffic between devices on a local network. ARP is a protocol used to map IP addresses to MAC addresses within a local subnet, enabling proper delivery of Layer 2 frames. Because ARP does not include authentication, it is vulnerable to spoofing attacks, making ARP spoofing a common technique in local area network attacks.

DNS poisoning, also called cache poisoning, targets the Domain Name System to redirect users to malicious websites but does not manipulate MAC-to-IP mappings. Man-in-the-Middle attacks involve intercepting communication between two parties and can include ARP Spoofing as a technique, but ARP Spoofing specifically targets local network MAC-to-IP associations. SYN Flood attacks target the TCP handshake process to exhaust server resources and are unrelated to ARP manipulation.

In ARP Spoofing, the attacker sends forged ARP replies to the network, causing devices to update their ARP tables with the attacker’s MAC address. Once successful, all traffic destined for the spoofed IP address is redirected through the attacker’s device. This allows the attacker to perform packet sniffing, session hijacking, or data modification. Attackers can also conduct Denial-of-Service (DoS) by intercepting and dropping traffic instead of forwarding it. ARP Spoofing is commonly used in combination with other attacks to gain unauthorized access, extract sensitive information, or disrupt network operations.

The correct answer is ARP Spoofing because it specifically exploits the ARP protocol to redirect traffic through an attacker-controlled device on a local network. Mitigation strategies include implementing dynamic ARP inspection, static ARP entries for critical devices, VLAN segmentation, port security, and continuous network monitoring for suspicious ARP activity. Network administrators can deploy intrusion detection systems (IDS) and packet sniffers to detect anomalies such as duplicate IP addresses or sudden ARP table changes. Education on recognizing symptoms of ARP Spoofing, including intermittent connectivity issues, network slowdowns, or unexpected ARP entries, helps administrators respond promptly to potential attacks.

ARP Spoofing illustrates the vulnerabilities inherent in protocols designed without authentication mechanisms. Network engineers must combine preventive measures, monitoring, and secure configurations to protect local networks from this threat. Proper network segmentation, regular audits, and robust security policies reduce the risk of successful ARP Spoofing attacks. Understanding ARP Spoofing is essential for maintaining confidentiality, integrity, and availability in enterprise and small networks, ensuring that sensitive communications remain protected from interception and tampering. The attack’s local nature highlights the importance of securing internal network infrastructure, controlling device access, and deploying detection mechanisms to maintain secure, reliable network operation.

Question 110

Which type of attack attempts to gain unauthorized access to a system by trying all possible password combinations systematically?

A) Brute Force
B) Phishing
C) Dictionary Attack
D) Cross-site Scripting

Answer:  A) Brute Force

Explanation:

A brute force attack is a method used to gain unauthorized access to a system by systematically trying all possible password combinations until the correct one is found. Brute force attacks are highly resource-intensive because they rely on computational power and time to exhaustively attempt every possible combination. Attackers may use automated tools that can rapidly generate and test thousands or millions of password permutations. These attacks can target login pages, network devices, encrypted files, or any system where a password or cryptographic key is required for authentication. While brute force attacks are simple in concept, they can be effective against weak or short passwords, especially if there are no account lockout policies, multi-factor authentication, or rate-limiting mechanisms in place.

Phishing relies on deceiving users into voluntarily providing sensitive information, such as passwords, and does not involve systematic attempts to guess credentials. A dictionary attack uses a precompiled list of commonly used words or phrases, often including variations with numbers or symbols, to guess passwords more efficiently than a pure brute force approach. Cross-site scripting targets web applications by injecting malicious scripts to manipulate users’ browsers, steal cookies, or hijack sessions, and does not involve password guessing.

Brute force attacks are often mitigated through strong password policies that require complex combinations of letters, numbers, and special characters, increasing the total number of possible password permutations and making brute force attacks computationally infeasible. Implementing account lockouts after a certain number of failed login attempts, using multi-factor authentication, and deploying rate-limiting mechanisms on authentication interfaces significantly reduce the risk of successful brute force attacks. Monitoring login attempts for unusual patterns and employing intrusion detection systems can help identify ongoing brute force attempts in real time.

The correct answer is brute force because it specifically describes the method of systematically attempting all possible combinations to gain access. Organizations must educate users on creating strong passwords, enforce password rotation policies, and utilize password management systems to reduce reliance on easily guessable credentials. Brute force attacks may target weak points in remote access, cloud services, VPNs, or legacy systems with minimal security protections. Understanding the mechanics of brute force attacks enables administrators to design more secure authentication systems and prevent unauthorized access.

Advanced techniques, such as hybrid brute force attacks, combine dictionary attacks with brute force strategies to attempt variations of common words and passwords, increasing the likelihood of success against poorly configured systems. Attackers may also leverage botnets to distribute the computational load, allowing parallelized attacks that can target multiple systems simultaneously. Organizations must adopt layered security strategies, including strong password enforcement, monitoring, anomaly detection, and multi-factor authentication, to defend against brute force attacks effectively.

Brute force attacks highlight the critical importance of balancing security and usability. While highly complex passwords provide strong protection, they can be difficult for users to remember, increasing the likelihood of unsafe practices like password reuse or insecure storage. Deploying password managers, educating users, and implementing adaptive authentication policies allow organizations to maintain security without compromising usability. By understanding brute force methods, their potential impact, and mitigation strategies, security professionals can ensure robust defenses against one of the oldest and most straightforward attack techniques, safeguarding systems, data, and network infrastructure.

Question 111

Which network protocol is responsible for resolving human-readable hostnames into IP addresses to enable communication across networks?

A) DHCP
B) DNS
C) ARP
D) ICMP

Answer: B) DNS

Explanation:

Domain Name System, or DNS, is a hierarchical and distributed protocol used to translate human-readable domain names into IP addresses, enabling devices to communicate across networks. Without DNS, users would need to remember numerical IP addresses for every website or network service, which is impractical and prone to error. When a client attempts to access a domain, such as a website, it queries a DNS resolver, which traverses the DNS hierarchy, including root servers, top-level domain (TLD) servers, and authoritative name servers, to locate the corresponding IP address. Once the IP is returned, the client can establish communication with the target server using protocols such as TCP or UDP.

DHCP is responsible for dynamically assigning IP addresses and network configuration to devices, but does not resolve hostnames. ARP maps IP addresses to MAC addresses within a local network, facilitating Layer 2 communication but not translating human-readable names to IP addresses. ICMP provides network diagnostics, error reporting, and connectivity checks, such as ping and traceroute, but does not perform name resolution.

DNS is critical for the functioning of the internet and internal networks, supporting both forward resolution (hostname to IP address) and reverse resolution (IP address to hostname). The protocol can operate over UDP for simple queries or TCP for larger data transfers and zone transfers. DNS also supports advanced features such as caching, load balancing, redundancy, and security extensions, including DNSSEC, which ensures the integrity and authenticity of DNS responses. Misconfigurations, cache poisoning, or attacks targeting DNS infrastructure can result in service disruption, traffic redirection, or exposure to malicious sites, highlighting the importance of securing DNS servers and monitoring queries.

The correct answer is DNS because it directly enables the translation of human-readable hostnames into IP addresses, allowing network devices to locate and communicate with each other. Administrators must configure DNS servers carefully, implement redundancy, enforce security measures such as DNSSEC, and monitor for anomalous queries to ensure the reliability and integrity of name resolution. DNS servers may also be integrated with DHCP to provide dynamic updates, ensuring that hostname-to-IP mappings remain accurate and current in environments where devices frequently join or leave the network.

Understanding DNS operation, including hierarchical resolution, caching, and propagation delays, is essential for troubleshooting network issues, designing scalable infrastructures, and optimizing performance. DNS performance can significantly affect user experience, application response times, and overall network efficiency. Security concerns include DNS spoofing, amplification attacks, and cache poisoning, which can be mitigated through access control, monitoring, and using recursive or authoritative DNS appropriately. Knowledge of DNS record types, query mechanisms, and resolution strategies allows administrators to design robust, secure, and resilient networks capable of supporting both internal and external communications.

Question 112

Which type of network device separates collision domains while maintaining a single broadcast domain, improving performance in Ethernet networks?

A) Hub
B) Switch
C) Router
D) Bridge

Answer: B) Switch

Explanation:

A network switch is a device that operates primarily at Layer 2 of the OSI model, forwarding Ethernet frames between devices based on their MAC addresses. Unlike hubs, which repeat incoming frames to all ports and create a single collision domain, switches maintain separate collision domains for each connected device. This segmentation reduces collisions, increases available bandwidth per port, and significantly improves network performance. Although a switch separates collision domains, all devices connected to the switch remain part of the same broadcast domain, meaning broadcast frames are forwarded to all ports unless VLANs are implemented. Switches can also operate at Layer 3 in the case of multilayer switches, performing routing functions alongside traditional switching.

Hubs operate at Layer 1 and simply repeat electrical signals to all ports without examining MAC addresses, creating a single collision domain for all connected devices, which leads to collisions under heavy traffic. Routers operate at Layer 3 and separate broadcast domains, forwarding packets between different subnets based on IP addresses, which is different from the function of switches. Bridges are Layer 2 devices that connect two network segments, forwarding frames based on MAC addresses, but are typically limited in scale compared to modern switches.

Switches enhance network performance by allowing simultaneous communication between multiple devices. Full-duplex operation enables each port to transmit and receive simultaneously without collisions. Switches use MAC address tables to intelligently forward frames only to the port associated with the destination address, minimizing unnecessary traffic on other ports. Advanced features such as VLANs allow administrators to segment a single physical switch into multiple logical broadcast domains, improving security and reducing broadcast traffic. Quality of Service (QoS) features prioritize traffic types to ensure performance for latency-sensitive applications like VoIP and video streaming.

The correct answer is switch because it uniquely separates collision domains while maintaining a single broadcast domain, unlike hubs or routers. Switches are fundamental in modern Ethernet networks, supporting enterprise, campus, and data center environments. Network administrators must understand switching behavior, MAC address table management, and broadcast handling to optimize network performance, troubleshoot connectivity issues, and prevent broadcast storms. Proper switch configuration, including port security, VLAN segmentation, and Spanning Tree Protocol (STP) deployment, ensures network stability and reduces risks of loops or unauthorized access.

Switches have evolved to include advanced features such as link aggregation for increased bandwidth, port mirroring for monitoring, and multicast support for efficient distribution of data to multiple recipients. Power over Ethernet (PoE) enables switches to provide electrical power to connected devices such as IP phones, cameras, and wireless access points, reducing the need for separate power infrastructure. Understanding switch operation is critical for network design, performance optimization, and security management. Switches also support redundancy and failover configurations to ensure high availability, prevent downtime, and maintain network reliability during hardware failures.

A switch’s ability to reduce collisions, intelligently forward traffic, and support segmentation makes it a central component of high-performance Ethernet networks. By understanding how switches manage MAC addresses, handle broadcast traffic, and interface with routers and other devices, network professionals can design scalable, resilient, and efficient networks. Proper monitoring, configuration, and maintenance of switches ensures optimal throughput, security, and reliability, supporting both user and application requirements while minimizing network congestion and operational disruptions.

Question 113

Which type of wireless network mode allows devices to communicate directly without using an access point?

A) Infrastructure
B) Ad Hoc
C) Mesh
D) Repeater

Answer: B) Ad Hoc

Explanation:

Ad Hoc mode is a wireless networking mode in which devices communicate directly with each other without relying on a central access point. Each device in an ad hoc network can send and receive data to and from other devices within its radio range, forming a peer-to-peer network. Ad hoc networks are often used for temporary, small-scale deployments, such as connecting laptops for collaborative work, gaming, or emergency situations where infrastructure is unavailable. Ad hoc mode eliminates the need for wireless access points, enabling devices to establish connections dynamically and independently. Security, performance, and coverage limitations exist because each device participates in routing and forwarding data, and the absence of centralized control can make administration and monitoring more challenging.

Infrastructure mode, the most common wireless mode, relies on an access point to manage communication between devices and connect them to a wired network or other segments. Mesh networks use multiple interconnected access points or nodes to extend coverage and provide redundant paths, often requiring specialized hardware and routing protocols. Repeaters extend the range of an existing wireless network by retransmitting signals, but devices still rely on a central access point for communication.

Ad hoc networks are suitable for scenarios where quick, temporary connectivity is needed. They are flexible and simple to set up, requiring minimal configuration, which makes them useful in conferences, disaster recovery situations, or remote locations without network infrastructure. However, ad hoc networks are generally less secure than infrastructure networks because there is no centralized authentication or access control, and traffic may be more easily intercepted. They are also limited in scalability, as the addition of more devices can increase contention and reduce performance.

The correct answer is ad hoc because it specifically enables direct device-to-device communication without the need for an access point. Administrators and users should understand the benefits, limitations, and security considerations of ad hoc networks before deployment. Security measures, such as WPA2 encryption, VPN usage, and proper firewall configurations, can mitigate risks, while careful planning ensures optimal performance. Knowledge of ad hoc networking principles is essential for designing temporary, flexible wireless environments, supporting peer-to-peer applications, and facilitating rapid deployment in environments lacking infrastructure.

Ad hoc networks demonstrate the importance of understanding wireless modes and their impact on performance, security, and usability. By recognizing when and how to use ad hoc networking, organizations can provide temporary connectivity, enable collaboration in dynamic environments, and adapt to situations where infrastructure is impractical or unavailable. Combining knowledge of ad hoc, infrastructure, and mesh network modes allows network professionals to design hybrid solutions that balance flexibility, coverage, security, and performance, ensuring reliable wireless communication for various use cases and deployment scenarios.

Question 114

Which type of IP address is used to communicate with all devices on a specific subnet simultaneously?

A) Unicast
B) Broadcast
C) Multicast
D) Anycast

Answer: B) Broadcast

Explanation:

A broadcast address is a special type of IP address used to send data to all devices on a specific subnet simultaneously. In IPv4, the broadcast address for a subnet is determined by setting all the host bits in the subnet to 1. For example, in a network with IP address 192.168.1.0 and subnet mask 255.255.255.0, the broadcast address is 192.168.1.255. When a packet is sent to the broadcast address, every device within that subnet receives and processes the packet. Broadcast communication is essential for functions such as ARP requests, DHCP discovery, routing updates, and network announcements. However, excessive broadcast traffic can lead to broadcast storms, consuming bandwidth and processing resources and degrading overall network performance.

Unicast communication sends data to a single, specific IP address. Only the device assigned the destination address processes the packet, making it suitable for point-to-point communication. Multicast sends data to a group of devices that have explicitly subscribed to a multicast group address, allowing efficient transmission to multiple recipients without reaching all devices in the subnet. Anycast delivers data to the nearest device in a group of devices sharing the same address, typically used in load balancing and content delivery networks, not in general subnet-wide communication.

Broadcast addresses are vital for network services and protocols that require interaction with all devices on a subnet. ARP, for instance, uses broadcast to query the MAC address corresponding to a specific IP address. DHCP clients send broadcast discovery messages to locate available DHCP servers. Routing protocols, such as RIP or OSPF in some configurations, use broadcast or multicast mechanisms to share routing updates. Administrators must manage broadcast traffic carefully, segmenting networks with VLANs or subnetting to prevent excessive broadcasts from affecting performance.

The correct answer is broadcast because it ensures delivery to all devices within a subnet. Network professionals must understand broadcast behavior, address calculation, and traffic implications to design efficient networks. Proper segmentation, monitoring, and management of broadcast domains help prevent performance degradation and network congestion. While broadcasts are necessary for network operation, uncontrolled or excessive broadcast traffic can lead to collisions, processing delays, and diminished user experience. Tools such as network analyzers and monitoring systems help administrators measure broadcast traffic and identify potential issues.

Modern networks often employ VLANs, private VLANs, and layer 3 switching to control broadcast domains, reducing the impact of broadcast traffic. Additionally, protocols such as IGMP for multicast help limit unnecessary traffic to non-participating devices, enhancing efficiency. Understanding the differences between unicast, broadcast, multicast, and anycast is essential for network design, performance optimization, and troubleshooting. Network engineers must consider broadcast traffic when planning subnet sizes, implementing access control, and deploying services that rely on broadcast messages to ensure reliable, scalable, and efficient communication.

Broadcast communication remains a fundamental concept in networking, especially for IPv4 networks, where devices rely on broadcast mechanisms for core services like ARP and DHCP. Network segmentation, traffic analysis, and best practices for minimizing unnecessary broadcasts are crucial to maintaining optimal performance and reliability. By comprehensively understanding broadcast addresses and their applications, administrators can optimize network architecture, prevent congestion, and ensure effective delivery of essential network services to all devices within the subnet.

Question 115

Which type of network topology provides high redundancy and fault tolerance by connecting every device to multiple other devices?

A) Star
B) Mesh
C) Bus
D) Ring

Answer: B) Mesh

Explanation:

A mesh topology is a network design in which every device is connected to multiple other devices, creating redundant paths for data transmission. This configuration provides high fault tolerance, as the failure of a single device or link does not disrupt overall network connectivity. Mesh networks can be either full mesh, where every device is connected to every other device, or partial mesh, where only some devices have multiple connections. Full mesh topologies maximize redundancy and reliability, while partial mesh topologies balance redundancy with cost and complexity. Mesh networks are often used in critical systems, data centers, enterprise backbones, wireless sensor networks, and metropolitan area networks to ensure continuous connectivity and resilience against failures.

Star topology connects all devices to a central hub or switch, creating a single point of failure if the central device fails. Bus topology connects devices along a single communication line with terminators at each end, which is cost-efficient but highly vulnerable to cable faults. Ring topology connects devices in a closed loop, where each device has two neighbors; a single link failure can disrupt communication unless dual rings or bypass mechanisms are implemented.

Mesh topologies provide significant advantages in terms of reliability and redundancy. Each device can communicate through multiple paths, allowing automatic rerouting of traffic in case of a failure. Mesh networks are ideal for applications requiring high availability, minimal downtime, and mission-critical operations. In wireless implementations, mesh networking supports dynamic self-healing, where nodes can detect failures and adjust routing paths automatically. While mesh networks require more cabling, hardware, and configuration complexity in wired implementations, the benefits of high fault tolerance often outweigh the costs, particularly in environments where network availability is crucial.

The correct answer is mesh because it is uniquely characterized by multiple redundant connections between devices, ensuring continuous network operation despite individual failures. Network engineers designing mesh topologies must consider scalability, cabling requirements, routing protocols, and redundancy planning to maintain efficiency and minimize latency. Mesh networks also support load balancing, distributing traffic across multiple paths to prevent congestion and optimize performance. Administrators may implement partial mesh in larger networks to reduce complexity while still providing sufficient redundancy for critical devices and segments.

Mesh networks require careful planning for addressing, routing, and failover strategies. Routing protocols such as OSPF or BGP can optimize path selection in wired mesh networks, while wireless mesh networks often rely on protocols like HWMP or proprietary self-organizing routing methods. Security considerations include protecting multiple communication paths, monitoring traffic for anomalies, and ensuring that redundancy mechanisms do not introduce vulnerabilities. Understanding mesh topologies, their advantages, limitations, and applications is essential for network professionals designing resilient, high-availability infrastructures capable of supporting enterprise, industrial, and service provider requirements.

By leveraging multiple paths, mesh topologies enhance reliability, provide fault tolerance, and support continuous operations even under adverse conditions. Proper configuration, monitoring, and maintenance of mesh networks ensure high performance, stability, and security while accommodating growth and evolving requirements. Knowledge of mesh network principles allows administrators to implement robust infrastructures, reduce downtime, and deliver reliable services across mission-critical and high-demand environments.

Question 116

Which protocol is used to securely transfer files over a network by encrypting both commands and data?

A) FTP
B) SFTP
C) TFTP
D) HTTP

Answer: B) SFTP

Explanation:

SFTP, or Secure File Transfer Protocol, is used to securely transfer files over a network while encrypting both commands and data. Unlike FTP, which sends data in plaintext and is vulnerable to interception, SFTP operates over SSH (Secure Shell), ensuring confidentiality, integrity, and authentication. SFTP allows users to upload, download, and manage files remotely in a secure manner.

FTP provides basic file transfer capabilities but does not encrypt traffic, making it susceptible to eavesdropping and man-in-the-middle attacks. TFTP, Trivial File Transfer Protocol, is lightweight and simple, designed for tasks such as booting devices, but lacks encryption and authentication. HTTP is used for web communication and does not inherently provide secure file transfer unless combined with HTTPS.

SFTP supports features like file permission management, directory listings, and secure authentication, making it suitable for enterprise environments. It ensures that sensitive files, such as configuration data or personal information, remain protected during transfer. Proper SFTP configuration involves using strong SSH keys, enforcing user permissions, and monitoring transfer activity to prevent unauthorized access.

The correct answer is SFTP because it provides encryption and secure authentication for file transfers. Network administrators prefer SFTP over FTP or TFTP for transmitting sensitive information. Using SFTP helps maintain compliance with regulations, such as GDPR or HIPAA, that require protection of transmitted data. Its integration with SSH makes it versatile and widely supported across platforms and devices. Understanding SFTP, its benefits, and security considerations is essential for network and system administrators managing file transfers securely.

Question 117

Which type of cable is most commonly used for connecting devices in a structured Ethernet LAN using 1 Gbps speeds?

A) Cat3
B) Cat5e
C) Cat6
D) Fiber Optic

Answer: B) Cat5e

Explanation:

Cat5e, or Category 5e, cable is the most commonly used twisted-pair cabling for structured Ethernet LANs at speeds up to 1 Gbps. It has improved specifications over Cat5, reducing crosstalk and supporting higher frequencies, making it suitable for gigabit Ethernet.

Cat3 is an older standard supporting only 10 Mbps or 100 Mbps speeds, making it unsuitable for modern networks. Cat6 supports higher frequencies and speeds up to 10 Gbps over short distances but is more expensive and less commonly deployed for standard gigabit LANs. Fiber optic cables support higher bandwidths and longer distances, but they are typically used for backbone or long-distance connections rather than standard LAN wiring.

Cat5e is preferred in enterprise and office environments for cost-effective installation, reliability, and compatibility with network devices. Correct termination, quality connectors, and proper grounding are essential to maintain performance and reduce errors. It supports both full-duplex and half-duplex communication and is backward compatible with older Ethernet standards.

The correct answer is Cat5e because it provides reliable gigabit Ethernet connectivity for LANs while being cost-effective and widely available. Understanding cable categories, performance limitations, and deployment scenarios is essential for network planning, installation, and maintenance. Proper use ensures optimal network performance and reduces troubleshooting issues related to cabling.

Question 118

Which device provides a secure connection for remote users to access a private network over the Internet?

A) Firewall
B) VPN Concentrator
C) Switch
D) Router

Answer: B) VPN Concentrator

Explanation:

A VPN concentrator is a device that establishes secure connections for remote users to access a private network over the Internet. It uses encryption, authentication, and tunneling protocols to protect data and maintain confidentiality.

Firewalls filter traffic and enforce security policies but do not provide encrypted remote access. Switches operate at Layer 2 to forward Ethernet frames within a LAN. Routers connect networks and route traffic but lack specialized features for secure remote access.

VPN concentrators support multiple protocols, such as IPsec or SSL, and can handle numerous simultaneous connections. They are commonly deployed in enterprise networks to provide secure access to internal resources for remote employees, contractors, or branch offices. Security best practices include strong authentication, regular updates, and monitoring of VPN traffic to prevent unauthorized access.

The correct answer is VPN concentrator because it is specifically designed for secure remote access over public networks. Administrators must understand its configuration, capabilities, and security considerations to ensure safe and reliable remote connectivity.

Question 119

Which network component stores frequently accessed data closer to clients to reduce latency and bandwidth usage?

A) Proxy Server
B) Load Balancer
C) Cache Server
D) Firewall

Answer: C) Cache Server

Explanation:

A cache server stores frequently accessed data locally to reduce latency and save bandwidth. By keeping copies of commonly requested content, it improves response times and reduces load on origin servers.

Proxy servers forward requests and may provide caching, but their primary function is traffic mediation. Load balancers distribute traffic across servers to optimize resource utilization and availability. Firewalls enforce security policies and filter traffic but do not store data for reuse.

Cache servers are widely used for web content, software updates, and streaming media. They reduce network congestion, accelerate access for users, and improve overall network efficiency. Administrators must configure caching rules, expiration policies, and storage allocation to ensure effective operation.

The correct answer is cache server because it directly stores and serves data locally to enhance performance and reduce repeated network requests. Effective use of cache servers improves user experience and optimizes network resource utilization.

Question 120

Which protocol provides secure web communication by encrypting HTTP traffic between clients and servers?

A) FTP
B) HTTPS
C) Telnet
D) SMTP

Answer: B) HTTPS

Explanation:

HTTPS, or Hypertext Transfer Protocol Secure, encrypts HTTP traffic between clients and servers using TLS or SSL, protecting data from eavesdropping, tampering, and interception. It ensures secure communication for web browsing, online banking, and e-commerce.

FTP transfers files and is not inherently secure. Telnet provides remote command-line access but sends data in plaintext. SMTP handles email transmission but does not encrypt messages by default.

HTTPS relies on digital certificates to authenticate servers and, optionally, clients, ensuring users connect to legitimate sites. It uses asymmetric and symmetric encryption for secure key exchange and fast communication. Proper implementation, certificate management, and protocol configuration are critical to maintain security and prevent vulnerabilities.

The correct answer is HTTPS because it provides encrypted, secure communication over the web, ensuring confidentiality, integrity, and authentication. Administrators must monitor certificate validity, enforce strong TLS versions, and configure secure cipher suites to maintain secure web communications.