Questions for the N10-009 were updated on : Nov 23 ,2025
Which of the following best describes the amount of time between a disruptive event and the point
that affected resources need to be back to fully functional status?
A
Explanation:
The correct metric is RTO (Recovery Time Objective). RTO defines the maximum acceptable time to
restore services after a disruption, ensuring business continuity. For example, if the RTO is 4 hours,
systems must be back online within that timeframe after an outage.
B . MTBF (Mean Time Between Failures) measures reliability by calculating the average time
between hardware failures.
C . RPO (Recovery Point Objective) defines how much data loss (in terms of time, such as last backup
point) is acceptable.
D . MTTR (Mean Time to Repair) measures the average time taken to fix a failure but is not a
predefined business requirement like RTO.
Organizations define RTOs during disaster recovery planning to align IT recovery capabilities with
business needs.
Reference (CompTIA Network+ N10-009):
Domain: Networking Concepts — Business continuity metrics (RTO, RPO, MTBF, MTTR).
A network technician installs a new 19.7ft (6m), Cat 6, UTP cable for the connection between a
server and a switch. Communication to the server is degraded, and the NIC statistics show dropped
packets and CRC errors. Which of the following cables would the technician most likely use instead to
reduce the errors?
D
Explanation:
The errors described — dropped packets and CRC (Cyclic Redundancy Check) errors — often indicate
electromagnetic interference (EMI) on unshielded twisted pair (UTP) cabling. The correct
replacement is STP (Shielded Twisted Pair), which has shielding that protects signals from external
interference, ensuring better reliability in noisy environments such as data centers or near heavy
electrical equipment.
A . Coaxial is not used for modern Ethernet server-switch links.
B . Shorter UTP cable does not solve EMI issues.
C . Plenum cable refers to cable jacket type for fire safety, not electrical shielding.
STP cabling reduces interference and ensures reliable gigabit+ Ethernet connections between servers
and switches.
Reference (CompTIA Network+ N10-009):
Domain: Network Troubleshooting — Cabling issues, UTP vs. STP, EMI.
Which of the following technologies is most appropriate for a business that requires high-speed
access to frequently used web content, such as images and videos?
A
Explanation:
The correct solution is a Content Delivery Network (CDN). A CDN caches web content (like images,
videos, scripts) on distributed servers close to end users. This reduces latency, improves load times,
and decreases the load on origin servers. For a business requiring high-speed access to media-rich
content, a CDN is the most effective option.
B . SAN (Storage Area Network) is used for storage in a data center, not for distributing web content.
C . Firewall secures traffic but doesn’t accelerate content delivery.
D . Switches forward packets within a LAN, not globally distribute content.
By leveraging CDNs, businesses can handle large traffic volumes efficiently while improving user
experience.
Reference (CompTIA Network+ N10-009):
Domain: Network Infrastructure — CDNs, caching, performance optimization.
A support engineer is troubleshooting a network outage that is affecting 3,000 users. The engineer
has isolated the issue to the internet firewall. Packet captures confirm that the firewall is blocking the
traffic. Which of the following is the next step in troubleshooting?
B
Explanation:
The troubleshooting methodology requires following a logical sequence. In this case, the engineer
has already identified the problem (firewall blocking traffic) and confirmed it with evidence (packet
captures). The next appropriate step is to create a plan of action that outlines how to resolve the
issue and considers potential effects.
A . Implementing the solution is premature without planning.
C . Establishing a theory was already completed during problem isolation.
D . Documentation occurs after resolution.
By carefully planning, the engineer ensures that corrective action won’t cause additional outages or
security issues, especially given the scale of the incident (3,000 users).
Reference (CompTIA Network+ N10-009):
Domain: Network Troubleshooting — Troubleshooting methodology, plan of action.
Which of the following internal routing protocols is best characterized as having fast convergence
and being loop-free?
C
Explanation:
The correct answer is OSPF (Open Shortest Path First). OSPF is a link-state routing protocol known for
its fast convergence and use of the Dijkstra algorithm to calculate the shortest loop-free path. It
efficiently scales to large enterprise networks and avoids routing loops by maintaining a complete
topology map.
A . BGP is primarily an external routing protocol used between ISPs, not internal.
B . STP is not a routing protocol; it prevents loops at Layer 2.
D . RIP is an older distance-vector protocol with slower convergence and a maximum hop limit of 15.
OSPF’s design makes it the preferred internal gateway protocol (IGP) for medium-to-large
organizations requiring speed and loop-free reliability.
Reference (CompTIA Network+ N10-009):
Domain: Networking Concepts — IGPs, OSPF, routing protocols.
Which of the following objectives does an evil twin achieve?
B
Explanation:
An evil twin attack is when an attacker sets up a rogue access point (AP) with the same SSID as a
legitimate one to trick users into connecting. Once users connect, attackers often present fake login
pages or capture unencrypted session data to steal login credentials.
A . DNS poisoning manipulates DNS resolution but is not inherent to evil twin.
C . ARP spoofing is a Layer 2 attack involving MAC/IP mapping manipulation.
D . Denial of service can be a side effect but is not the primary objective of evil twin attacks.
The main purpose of an evil twin is credential theft, enabling further unauthorized access to
networks or systems.
Reference (CompTIA Network+ N10-009):
Domain: Network Security — Wireless attacks, rogue APs, evil twins.
A network technician is adding a new switch to increase capacity on the network. The technician
connects the two switches using a single cable. Several hosts are moved to the new switch, but none
of the hosts can access the network or internet. Which of the following should the technician do to
resolve the issue?
A
Explanation:
The correct solution is to configure the connecting ports as trunk ports. When connecting switches,
the uplink ports must be configured to carry traffic for multiple VLANs (trunking), not just a single
access VLAN. Without trunking, VLAN tags may be dropped, and traffic from hosts will not reach the
rest of the network or internet.
B . STP cables is a misnomer — STP refers to Spanning Tree Protocol or Shielded Twisted Pair cables,
neither of which solves this logical configuration issue.
C . PoE budget is irrelevant because switches and hosts in this context don’t require PoE.
D . Link aggregation (LACP, EtherChannel) is for increasing bandwidth/redundancy across multiple
links, not required with a single cable.
By enabling trunking on the uplink ports, the switches can pass VLAN-tagged traffic, ensuring hosts
connected to the new switch have access to the same resources as those on the existing switch.
Reference (CompTIA Network+ N10-009):
Domain: Network Troubleshooting — VLAN trunking, inter-switch connectivity.
An organization is struggling to get effective coverage using the wireless network. The organization
wants to implement a solution that allows for continuous connectivity anywhere in the facility.
Which of the following should the network administrator suggest to ensure the best coverage?
C
Explanation:
The correct answer is deploying a mesh network. A mesh wireless network uses multiple
interconnected access points that automatically route traffic through the best available path. This
ensures seamless coverage throughout a facility, even when users move between APs. Mesh APs can
extend coverage without requiring each AP to be directly wired, making them ideal for large or hard-
to-wire environments.
A . Ad hoc access points are peer-to-peer connections and cannot provide enterprise-grade
continuous coverage.
B . Ethernet drops provide wired connectivity but do not solve wireless coverage issues.
D . Changing the frequency (from 2.4 GHz to 5 GHz or vice versa) may reduce interference but will
not guarantee building-wide seamless connectivity.
Mesh networks are particularly effective in environments with roaming devices (smartphones,
tablets, handheld scanners) and ensure that there are no dead spots, thereby delivering continuous
wireless access.
Reference (CompTIA Network+ N10-009):
Domain: Network Infrastructure — Wireless architectures, mesh networking, seamless connectivity.
A company recently experienced outages of one of its critical, customer-facing applications. The root
cause was an overutilized network router, but the Chief Technology Officer is concerned that the
support staff was unaware of the issue until notified by customers. Which of the following is the best
way to address this issue in the future?
B
Explanation:
The best answer is SNMP (Simple Network Management Protocol). SNMP enables monitoring of
network devices (routers, switches, firewalls, servers) and provides performance data such as CPU
usage, bandwidth utilization, and interface status. In this scenario, if SNMP monitoring had been in
place, administrators would have received alerts that the router was overutilized before customers
noticed outages.
A . Packet capture (e.g., Wireshark) is useful for deep troubleshooting but is reactive, not proactive,
and not scalable for continuous monitoring.
C . Syslog collects log messages but generally does not provide proactive resource utilization metrics.
It is complementary but not the best fit for this problem.
D . SIEM aggregates logs and security events for analysis, but the primary requirement here is
performance and availability monitoring.
By implementing SNMP monitoring (and potentially integrating it with a network monitoring tool
such as Nagios, PRTG, or SolarWinds), the organization can track utilization trends, set thresholds,
and automatically generate alerts, thereby preventing downtime from going unnoticed.
Reference (CompTIA Network+ N10-009):
Domain: Network Operations — SNMP monitoring, proactive network performance management.
Which of the following cloud deployment models is most commonly associated with multitenancy
and is generally offered by a service provider?
C
Explanation:
The correct answer is public cloud. In public cloud models, a provider (such as AWS, Azure, or Google
Cloud) hosts infrastructure and services that are shared across multiple customers, known as
multitenancy. Each tenant is logically isolated, but physical infrastructure is shared, allowing
providers to achieve economies of scale.
A . Private cloud is dedicated to one organization, not multitenant.
B . Community cloud is shared among organizations with common interests, but it’s less common
than public multitenancy.
D . Hybrid cloud combines private and public but does not define tenancy alone.
Public cloud services are the most cost-effective and scalable because they spread costs across many
customers, but they require strong security and isolation to protect tenants.
Reference (CompTIA Network+ N10-009):
Domain: Networking Concepts — Cloud models, multitenancy, public vs private.
A security administrator is creating a new firewall object for a device with IP address
192.168.100.1/25. However, the firewall software only uses dotted decimal notation in configuration
fields. Which of the following is the correct subnet mask to use?
C
Explanation:
A /25 subnet mask means 25 bits are reserved for the network portion, leaving 7 bits for host
addresses. In dotted decimal, that is:
11111111.11111111.11111111.10000000
Decimal equivalent: 255.255.255.128
A . 255.255.254.0 corresponds to /23.
B . 255.255.255.1 is invalid as a subnet mask.
D . 255.255.255.192 corresponds to /26.
Thus, the correct subnet mask for a /25 network is 255.255.255.128.
Reference (CompTIA Network+ N10-009):
Domain: Networking Concepts — Subnetting, CIDR notation, dotted decimal.
Which of the following is used most often when implementing a secure VPN?
A
Explanation:
The most common protocol for secure VPNs is IPsec (Internet Protocol Security). IPsec provides
confidentiality, integrity, and authentication for VPN traffic, typically using ESP (Encapsulating
Security Payload). It is used in both site-to-site and remote access VPNs.
B . GRE encapsulates traffic but does not provide encryption.
C . BGP is a routing protocol, not a VPN technology.
D . SSH can be used for secure tunneling but is not the standard for VPN deployment.
IPsec is the industry standard because it operates at Layer 3, securing IP traffic regardless of the
application, making it highly versatile.
Reference (CompTIA Network+ N10-009):
Domain: Network Security — VPN protocols, IPsec, ESP.
A company's Chief Information Security Officer requires that servers and firewalls have accurate time
stamps when creating log files so that security analysts can correlate events during incident
investigations. Which of the following should be implemented?
C
Explanation:
The correct solution is NTP (Network Time Protocol). Accurate timestamps across servers, firewalls,
and network devices are critical for correlating logs during incident response. NTP synchronizes
device clocks to a trusted time source, ensuring consistency across the network.
A . Syslog centralizes logs but does not synchronize time.
B . SMTP is email transfer, unrelated to time.
D . SNMP monitors devices but does not correct time discrepancies.
By implementing NTP, analysts can ensure that logs from different devices are time-aligned, which is
essential for reconstructing attack timelines and detecting anomalies.
Reference (CompTIA Network+ N10-009):
Domain: Network Operations — Time synchronization, NTP, log correlation.
Which of the following is an XML-based security concept that works by passing sensitive information
about users, such as login information and attributes, to providers?
D
Explanation:
The correct answer is SAML (Security Assertion Markup Language). SAML is an XML-based standard
used for single sign-on (SSO) and identity federation. It allows identity providers (IdPs) to share
authentication and authorization data with service providers (SPs), passing secure tokens containing
user attributes and credentials.
A . IAM (Identity and Access Management) is the broader framework, not specifically XML-based.
B . MFA enforces multiple factors for authentication but does not involve XML assertions.
C . RADIUS is an AAA protocol, but it uses UDP, not XML assertions.
SAML is widely used in federated identity systems, enabling secure authentication across different
domains and applications without requiring multiple credentials.
Reference (CompTIA Network+ N10-009):
Domain: Network Security — Authentication methods, SAML, SSO.
A network administrator is conducting an assessment and finds network devices that do not meet
standards. Which of the following configurations is considered a set of rules that devices should
adhere to?
D
Explanation:
The correct answer is golden configuration. This is a reference standard or baseline that defines the
approved settings and rules devices should follow. Any deviation from the golden configuration
indicates drift or misconfiguration that must be remediated.
A . Production refers to the live environment but doesn’t define a standard.
B . Backup configurations are stored copies, not the standard rules.
C . Candidate configuration is a proposed change being tested, not the final baseline.
By enforcing golden configurations, administrators ensure compliance, maintain security standards,
and improve consistency across the enterprise.
Reference (CompTIA Network+ N10-009):
Domain: Network Operations — Configuration standards, golden images/configs.