CompTIA Network+ Practice Test for Subdomain 3.5 #02

Welcome to today’s CompTIA Network+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 3.5 (Compare and contrast network access and management methods) from the CompTIA Network+ N10-009 objectives.

This beginner-level practice test is inspired by the CompTIA Network+ (N10-009) exam and is designed to help you reinforce key networking concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Network+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Network+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Network+ practice tests based on specific domains/subdomains, click that link.

CompTIA Network+ Practice Test for Subdomain 3.5 #02

10 questions • Single best answer

Question 1

The network team at a financial services company needs to provide branch office employees with secure remote access to the corporate network. Each employee works from a personal laptop and must have all traffic -- including internet browsing -- routed through the corporate firewall and inspection systems. The team wants to prevent split traffic paths that could allow users to bypass corporate security controls. Which VPN configuration should be deployed?

A. Split tunnel VPN, which routes corporate-bound traffic through the VPN while allowing internet traffic to exit directly from the client's local ISP connection B. Full tunnel VPN, which routes all client traffic including internet access through the corporate VPN tunnel and corporate security infrastructure C. Site-to-site VPN, which connects two fixed network locations over an encrypted tunnel without requiring per-user client software D. Clientless VPN, which provides browser-based access to specific internal web applications without routing all traffic through the corporate network

Question 2

A network engineer at a retail chain needs to establish an encrypted connection between the company's headquarters and a remote distribution center. Both sites have static IP addresses and dedicated internet connections. The solution must transparently extend the corporate network between both sites so that systems at the distribution center can communicate with headquarters servers using private IP addresses, without requiring end-user VPN client software. Which VPN type addresses this requirement?

A. Client-to-site VPN, which requires individual users to install and authenticate with VPN client software on their workstations B. Clientless VPN, which uses a web browser to provide remote users access to specific published internal applications C. Site-to-site VPN, which creates a persistent encrypted tunnel between two network gateways, extending the private network transparently between both locations D. Split tunnel VPN, which selectively routes traffic to the headquarters network while allowing local internet traffic to bypass the tunnel

Question 3

A network administrator is managing a fleet of network devices spread across multiple remote branch offices. The administrator needs to access router command-line interfaces from the central office to perform configuration changes. The connection must be encrypted to prevent interception of configuration commands and credentials in transit. Which remote access method should the administrator use?

A. Telnet, which provides plain-text terminal access to remote device command-line interfaces over TCP port 23 B. SSH (Secure Shell), which provides encrypted terminal access to remote device command-line interfaces over TCP port 22 C. RDP (Remote Desktop Protocol), which provides an encrypted graphical desktop session to a remote Windows host over TCP port 3389 D. HTTP, which allows browser-based access to device management interfaces over TCP port 80 without encryption

Question 4

A network operations team is evaluating management access options for a new generation of campus switches. A junior engineer proposes using the graphical user interface (GUI) web interface on each switch for routine configuration changes, arguing that it is easier to use than CLI. A senior engineer counters that for bulk configuration changes across dozens of switches, a different approach is more efficient. Which access method would allow the senior engineer to script and automate configuration changes across all switches simultaneously?

A. Graphical user interface (GUI), which provides point-and-click configuration but requires manual interaction with each switch's web interface individually B. Console port access, which provides direct physical terminal access to each switch and requires on-site presence for each change C. API (Application Programming Interface) access, which allows automated scripts and tools to programmatically push configuration changes to multiple devices simultaneously D. Telnet access, which provides remote CLI access to each switch but requires manual command entry on each device separately

Question 5

A security-conscious network engineer is designing the out-of-band management network for a new data center. The design ensures that management traffic -- SSH sessions, SNMP polling, and console server connections -- travels on a physically separate network that is completely isolated from production data traffic. What is the primary security benefit of this out-of-band management architecture?

A. Out-of-band management reduces the number of IP addresses required because management interfaces share the production network's address space B. Out-of-band management ensures that a production network outage or security incident does not prevent administrators from accessing and recovering devices through the management plane C. Out-of-band management automatically encrypts all SSH and SNMP traffic using hardware-based encryption built into the management switch fabric D. Out-of-band management eliminates the need for authentication on management interfaces because physical access to the management network is inherently trusted

Question 6

A network technician needs to perform emergency configuration recovery on a branch office router after a misconfiguration made the device unreachable via SSH and the management VLAN. The router is physically accessible on-site. The technician connects a laptop to the router using a DB-9 to RJ-45 serial cable and a terminal emulation program. Which type of access is the technician using?

A. Out-of-band management via the dedicated management VLAN configured on the router's Ethernet interface B. In-band management via SSH over the production network to restore access to the misconfigured interface C. Console port access, which provides direct local terminal access to the device CLI independent of any network configuration D. API access via a REST call sent over the serial interface to retrieve and modify the running configuration

Question 7

A network architect is reviewing the VPN strategy for a professional services firm where consultants frequently access client-specific portals through the corporate network. The security team wants consultants' corporate email and internal application traffic to flow through the VPN, but they want to reduce the VPN bandwidth load by allowing consultants to access non-corporate internet resources directly from their local ISP connection. Which VPN configuration implements this traffic model?

A. Full tunnel VPN, which routes all traffic through the corporate network and maximizes security policy enforcement for all connections B. Split tunnel VPN, which routes only traffic destined for corporate resources through the VPN while allowing other internet traffic to exit locally C. Clientless VPN, which provides browser-based access to internal applications without any client software and requires no tunnel configuration D. Site-to-site VPN, which creates a fixed encrypted path between two network locations and cannot selectively route individual user traffic

Question 8

A network administrator at an enterprise is evaluating secure access options for vendors who need occasional read-only access to specific internal web-based management portals. The vendors use company-issued devices managed by the IT department. The administrator wants a solution that does not require installing additional client software on the vendor devices and limits access to only the approved portals. Which access method best satisfies these requirements?

A. Full tunnel client-to-site VPN, which routes all vendor traffic through the corporate network and provides access to all internal resources B. Clientless VPN, which provides browser-based access to specific published internal applications without requiring a VPN client software installation C. SSH access to an internal jump server, which then provides CLI-based access to internal management systems D. Site-to-site VPN between the vendor's office network and the enterprise, providing full Layer 3 connectivity to all internal subnets

Question 9

A network technician is working from the central NOC and needs to access the CLI of a router located in a secured network segment that is not directly reachable from the NOC workstation. The router can only be accessed from a single hardened Linux server that has a network interface in both the NOC subnet and the secured segment. The technician SSH's to the Linux server and then SSH's from there to the router. Which access architecture does this describe?

A. Out-of-band management, because the Linux server provides a physically separate management path to the router B. Jump box or jump host, which serves as an intermediate bastion host providing controlled access to devices in a restricted network segment C. API gateway, which translates the technician's SSH session into API calls directed at the router's management interface D. Console server, which aggregates serial console connections from multiple devices into a single network-accessible management point

Question 10

A compliance officer at a healthcare organization is reviewing remote access controls for network administrators. The officer notes that some administrators connect to internal devices directly over the production network using SSH, while others use a dedicated out-of-band management network. The officer asks the IT team to clarify the difference between in-band and out-of-band management. Which statement correctly distinguishes these two approaches?

A. In-band management uses dedicated physical management interfaces that are completely isolated from the production network, while out-of-band uses the production network for management traffic B. In-band management sends management traffic over the same network infrastructure used for production data, while out-of-band management uses a separate, dedicated channel that is independent of the production network C. In-band management requires a VPN connection for all management sessions, while out-of-band management allows direct unencrypted access to device interfaces D. In-band and out-of-band management are identical in security posture but differ only in the protocols used -- SSH for in-band and Telnet for out-of-band

CompTIA Network+ Practice Test for Subdomain 3.5 #02

Related Posts

Leave a Comment Cancel Reply