CompTIA Network+ · Domain 4 · 14% of exam

Network Security

Drill 20 practice questions focused entirely on Network Security for the CompTIA N10-009 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.

Verified answer20 questions
Question 1 of 20

A security team wants to ensure that every device connecting to a wired switch port must present valid credentials before it is granted any network access. Devices that fail authentication should be denied or placed into a restricted VLAN. Which technology best meets this requirement?

Reviewed for accuracy · Report an issue
Question 2 of 20

A network administrator is deploying port-based authentication so that laptops must prove their identity before gaining LAN access. In the 802.1X framework, the switch relays credentials but does not validate them itself. Which component is responsible for actually verifying the submitted credentials and returning an accept or reject decision?

Reviewed for accuracy · Report an issue
Question 3 of 20

During a compliance audit, an assessor asks the network administrator to produce a report showing which administrators logged into the core switches, what commands they executed, and how long each session lasted. The organization uses a centralized AAA server. Which component of the AAA framework provides this information?

Reviewed for accuracy · Report an issue
Question 4 of 20

A network administrator configures an ACL on a router interface to permit HTTP and HTTPS traffic from the guest VLAN to a specific web server. After applying the ACL, guest users report they can no longer reach the DNS server or any other internal resources, even though no explicit deny statement was written for those. What is the MOST likely cause of this behavior?

Reviewed for accuracy · Report an issue
Question 5 of 20

Users on a corporate LAN report intermittent connectivity, and a security analyst notices that the gateway's MAC address in several hosts' ARP caches keeps changing to an unexpected value. Traffic that should reach the internet appears to be routed through an unknown internal host first. Which type of attack is most likely occurring?

Reviewed for accuracy · Report an issue
Question 6 of 20

A security team distributes firmware updates to remote branch routers. They want a way to let each branch verify that the downloaded firmware file has not been altered in transit or tampered with before installation. Which aspect of the CIA triad are they primarily addressing, and which technique best supports it?

Reviewed for accuracy · Report an issue
Question 7 of 20

A security auditor reviews a company's network and notes that it relies on a single perimeter firewall as its only protective measure. If an attacker bypasses this firewall, they gain unrestricted access to all internal systems. The auditor recommends adding endpoint antivirus, internal network segmentation, host-based firewalls, and access controls at multiple layers. Which security concept is the auditor promoting?

Reviewed for accuracy · Report an issue
Question 8 of 20

Users on a corporate VLAN report intermittent connectivity and are receiving IP addresses from an unknown gateway. Investigation reveals an employee plugged in a consumer wireless router that is handing out DHCP leases. Which switch security feature should the network administrator enable to prevent unauthorized devices from distributing DHCP addresses in the future?

Reviewed for accuracy · Report an issue
Question 9 of 20

Users on a branch office VLAN report they cannot obtain IP addresses. A network technician reviews the DHCP server and finds the entire scope has been leased out within a few minutes, with hundreds of leases tied to randomized, spoofed MAC addresses. Which type of attack is most likely occurring?

Reviewed for accuracy · Report an issue
Question 10 of 20

A company hosts a public-facing web server that customers on the internet must reach, but the server also needs limited, controlled access to an internal database. Security policy requires that a compromise of the web server must NOT give an attacker direct access to the internal LAN. Which network design best satisfies these requirements?

Reviewed for accuracy · Report an issue
Question 11 of 20

During a security audit, a penetration tester demonstrates that they can send frames from an access port on VLAN 10 and have those frames delivered to hosts on VLAN 20 without crossing a router. The tester accomplished this by inserting two 802.1Q tags into a single frame. Which action BEST mitigates this specific attack?

Reviewed for accuracy · Report an issue
Question 12 of 20

A security team wants to detect attackers who have already breached the perimeter and are attempting to move laterally through the internal network. They deploy a decoy server that mimics a vulnerable database host, containing fake data and no legitimate business use, and configure alerts on any connection attempts to it. Which security concept does this describe?

Reviewed for accuracy · Report an issue
Question 13 of 20

A financial services company hires a new intern who will only need to view read-only reports in a single accounting application. During onboarding, the IT administrator is deciding what level of access to grant. Which security principle should guide the administrator to assign only the minimum permissions required for the intern to perform their job?

Reviewed for accuracy · Report an issue
Question 14 of 20

A security analyst notices that a network switch is suddenly broadcasting all frames out of every port, and traffic captures show that a single connected host is sending thousands of frames per second, each with a different randomly generated source MAC address. Internal traffic that should be unicast is now visible to an attacker's sniffer on another port. Which attack is most likely occurring?

Reviewed for accuracy · Report an issue
Question 15 of 20

A financial company's data center has experienced several incidents where unauthorized individuals followed authorized employees through secured doors before they closed. Management wants a physical control that ensures only one person can pass through an entry point at a time, requiring authentication before the second door opens. Which control best addresses this requirement?

Reviewed for accuracy · Report an issue
Question 16 of 20

A company requires employees to log in using their username, a password, and a one-time code generated by a hardware token fob. The security team wants to add a fingerprint scan to further strengthen authentication. Once the fingerprint scan is added, how many distinct authentication factor categories will the login process use?

Reviewed for accuracy · Report an issue
Question 17 of 20

A company requires that every laptop connecting to the corporate LAN have an up-to-date antivirus signature and the latest OS patches. Devices that fail these checks must be automatically placed on a restricted remediation segment where they can only reach the patch and update servers. Which security solution provides this capability?

Reviewed for accuracy · Report an issue
Question 18 of 20

A network administrator needs to implement centralized AAA for a fleet of routers and switches. A key requirement is granular per-command authorization, so that junior technicians can execute only a specific subset of CLI commands while senior engineers retain full access. Which protocol best satisfies this requirement?

Reviewed for accuracy · Report an issue
Question 19 of 20

During a routine security walkthrough, a network technician performs a wireless scan and discovers an unauthorized access point broadcasting an SSID identical to the corporate network. The device is connected to a wall jack in an unused conference room and is not managed by the wireless controller. Which type of threat has the technician most likely identified?

Reviewed for accuracy · Report an issue
Question 20 of 20

A network administrator notices that the company's edge router is being overwhelmed by a flood of ICMP echo replies from many hosts across the internet, none of which the internal network actually pinged. Investigation reveals an attacker is sending spoofed ICMP echo requests using the company's public IP as the source address, directed to the broadcast addresses of misconfigured remote networks. Which configuration change on the company's routers BEST prevents their own network from being used as an amplifier in this type of attack?

Reviewed for accuracy · Report an issue

More N10-009 practice

Keep going with the other CompTIA Network+ domains, or take a full timed mock exam.

← Back to N10-009 overview