N10-009 Exam Dumps - CompTIA Network+ Certification Exam

This is a classic example of social engineering, where an attacker manipulates individuals into giving up confidential information, such as credentials, by pretending to be someone trustworthy (like help desk staff).

B. Tailgating involves physical access without authentication.

C. Shoulder surfing is spying over someone's shoulder to steal info.

D. Smishing is phishing via SMS.

E. Evil twin involves a rogue Wi-Fi access point impersonating a legitimate one.

📘 Reference:

CompTIA Network+ N10-009 Official Objectives: 4.2 – Identify common security threats and vulnerabilities.

===========

Malware refers to any malicious software that can exfiltrate confidential data, including spyware, trojans, and rootkits. This fits the scenario where unauthorized data transfer is occurring.

Breakdown of Options:

A. Adware – Displays ads, does not typically steal data.

B. Ransomware – Encrypts files but does not exfiltrate data.

C. Darkware – Not a real cybersecurity term.

D. Malware – Correct answer. Malicious software is responsible for unauthorized data exfiltration.

Comprehensive and Detailed Explanation From Exact Extract:

When a switch is improperly connected to a network, it can cause widespread connectivity issues, especially if there’s a misconfiguration in VLAN settings. A Native VLAN mismatch occurs when two switches connected via a trunk link have different native VLANs configured for untagged traffic. This can cause traffic to be sent to the wrong VLAN or dropped, resulting in connectivity loss for users.

Scenario Analysis: The intern likely connected the switch without ensuring that the trunk port’s native VLAN matched the existing network configuration. This is a common issue in Cisco-based networks when trunk links are misconfigured.

Why not VTP update? VLAN Trunking Protocol (VTP) updates propagate VLAN configurations across switches. While a VTP misconfiguration could cause issues, it’s less likely to immediately disrupt connectivity for many users unless the VTP server deleted critical VLANs, which is not implied here.

Why not Port security issue? Port security restricts access based on MAC addresses, typically affecting individual ports, not causing widespread outages.

Why not LLDP misconfiguration? Link Layer Discovery Protocol (LLDP) is used for device discovery, and misconfiguration is unlikely to cause a broad loss of connectivity.

GSM (Global System for Mobile communications) is the international standard that uses SIM cards to authenticate and connect phones to the cellular network. GSM allows users to place and receive calls while traveling globally, provided they have a SIM card. CDMA, on the other hand, does not use SIM cards in the same way and is primarily used in the United States. (Reference: CompTIA Network+ Study Guide, Chapter on Network Fundamentals)

To provide a complete solution for configuring the access layer switches, let's proceed with the following steps:

Identify the correct VLANs for each device and port.

Enable necessary ports and disable unused ports.

Configure fault-tolerant connections between the switches.

Port 1 Configuration (Uplink to Core Switch)

Status: Enabled

LACP: Enabled

Speed: 1000

Duplex: Full

VLAN Configuration: Tagged for VLAN60, VLAN90, VLAN120, VLAN150, VLAN220

Port 2 Configuration (Uplink to Core Switch)

Status: Enabled

LACP: Enabled

Speed: 1000

Duplex: Full

VLAN Configuration: Tagged for VLAN60, VLAN90, VLAN120, VLAN150, VLAN220

Port 3 Configuration (Server Connection)

Status: Enabled

LACP: Disabled

Speed: 1000

Duplex: Full

VLAN Configuration: Untagged for VLAN90 (Servers)

Port 4 Configuration (Server Connection)

Status: Enabled

LACP: Disabled

Speed: 1000

Duplex: Full

VLAN Configuration: Untagged for VLAN90 (Servers)

Port 5 Configuration (Wired Users and WLAN)

Status: Enabled

LACP: Enabled

Speed: 1000

Duplex: Full

VLAN Configuration: Tagged for VLAN60, VLAN120, VLAN150

Port 6 Configuration (Wired Users and WLAN)

Status: Enabled

LACP: Enabled

Speed: 1000

Duplex: Full

VLAN Configuration: Tagged for VLAN60, VLAN120, VLAN150

Port 7 Configuration (Voice and Wired Users)

Status: Enabled

LACP: Enabled

Speed: 1000

Duplex: Full

VLAN Configuration: Tagged for VLAN60, VLAN90, VLAN120, VLAN220

Port 8 Configuration (Voice, Printers, and Wired Users)

Status: Enabled

LACP: Enabled

Speed: 1000

Duplex: Full

VLAN Configuration: Tagged for VLAN60, VLAN90, VLAN120, VLAN220

Port 1 Configuration (Unused)

Status: Disabled

LACP: Disabled

Port 2 Configuration (Unused)

Status: Disabled

LACP: Disabled

Port 3 Configuration (Connection to Device)

Status: Enabled

LACP: Disabled

Speed: 1000

Duplex: Full

VLAN Configuration: Untagged for VLAN1 (Default)

Port 4 Configuration (Connection to Device)

Status: Enabled

LACP: Disabled

Speed: 1000

Duplex: Full

VLAN Configuration: Untagged for VLAN1 (Default)

Port 5 Configuration (Connection to Device)

Status: Enabled

LACP: Disabled

Speed: 1000

Duplex: Full

VLAN Configuration: Untagged for VLAN1 (Default)

Port 6 Configuration (Connection to Device)

Status: Enabled

LACP: Disabled

Speed: 1000

Duplex: Full

VLAN Configuration: Untagged for VLAN1 (Default)

Port 7 Configuration (Connection to Device)

Status: Enabled

LACP: Disabled

Speed: 1000

Duplex: Full

VLAN Configuration: Untagged for VLAN1 (Default)

Ports 1 and 2 on Switch 1 are configured as trunk ports with VLAN tagging enabled for all necessary VLANs.

Ports 3 and 4 on Switch 1 are configured for server connections with VLAN 90 untagged.

Ports 5, 6, 7, and 8 on Switch 1 are configured for devices needing access to multiple VLANs.

Unused ports on Switch 3 are disabled.

Ports 3, 4, 5, 6, and 7 on Switch 3 are enabled for default VLAN1.

Core Switch Ports should be configured as needed for uplinks to Switch 1.

Ensure LACP is enabled for redundancy on trunk ports between switches.

By following these configurations, each device will access only its correctly associated network, unused switch ports will be disabled, and fault-tolerant connections will be established between the switches.

•A. Isolate smart devices to their own network segment: Network segmentation using VLANs or separate SSIDs ensures that smart devices (like speakers) are not on the same network as guests, preventing unauthorized control.

•E. Change the default credentials: Many IoT devices (e.g., smart speakers) come with default usernames and passwords. If these are not changed, unauthorized users can easily take control.

•Why not the other options?

•B. Configure IPS: IPS (Intrusion Prevention System) detects threats but cannot block specific guest actions on an IoT device.

•C. Install a new AP: A new access point does not solve the unauthorized control issue.

•D. Set up a syslog server: Helps with logging, but does not prevent unauthorized access.

•F. Configure GRE: Generic Routing Encapsulation (GRE) is used for VPN tunneling, which is irrelevant in this case.

If a ping to 10.0.100.19 is unreachable, the most likely issue is that users are on the wrong subnet and cannot communicate with the server.

Breakdown of Options:

A. The users are on the wrong subnet. ✅ Correct answer. If users are on a different subnet without proper routing, they won't reach the server.

B. The DHCP server renewed the lease. – Would change the client’s IP, but the server’s static IP should remain unchanged.

C. The IP address was not reserved. – DHCP reservations matter for dynamic IPs, but RDP servers typically have static IPs.

D. The hostname was changed. – Would affect DNS resolution, but pinging the IP directly would still work.

The key difference is that an Intrusion Prevention System (IPS) is installed in line with network traffic, allowing it to actively block threats. In contrast, an Intrusion Detection System (IDS) only monitors and alerts without actively blocking traffic.

Breakdown of Options:

A. An IPS needs to be installed in line with traffic and an IDS does not. ✅ Correct answer. IPS actively prevents threats, while IDS only detects them.

B. An IPS is signature-based and an IDS is not. – False, both can use signature-based detection.

C. An IPS is less susceptible to false positives than an IDS. – False, both can produce false positives, depending on configurations.

D. An IPS requires less administrative overhead than an IDS. – False, IPS requires more administrative effort due to real-time blocking decisions.