CompTIA Network+ Practice Test for Subdomain 3.2 #02

Welcome to today’s CompTIA Network+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 3.2 (Given a scenario, use network monitoring technologies) from the CompTIA Network+ N10-009 objectives.

This beginner-level practice test is inspired by the CompTIA Network+ (N10-009) exam and is designed to help you reinforce key networking concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Network+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Network+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Network+ practice tests based on specific domains/subdomains, click that link.

CompTIA Network+ Practice Test for Subdomain 3.2 #02

10 questions • Single best answer

Question 1

A network operations center analyst at a managed services provider needs to be immediately notified when CPU utilization on a managed router exceeds 90% or when an interface transitions to a down state. The analyst wants the router to proactively send an alert to the NMS when these conditions occur, rather than waiting for the NMS to discover the issue during its next polling cycle. Which SNMP mechanism allows the managed device to initiate this notification?

A. SNMP GET requests sent by the NMS to the device on a configurable short polling interval B. SNMP traps sent asynchronously by the managed device to the NMS when a defined event or threshold condition is triggered C. SNMP community strings configured on the device to authorize the NMS to read threshold and performance data D. SNMP MIB walks performed by the NMS to enumerate all available OIDs and detect changes from the previous poll

Question 2

A security engineer auditing SNMP configurations on production network devices finds that all devices use SNMPv2c with community strings transmitted in cleartext over the management network. The engineer wants to upgrade to an SNMP version that provides cryptographic authentication to verify the identity of the NMS and optional encryption to protect data in transit. Which SNMP version satisfies both requirements?

A. SNMPv1, which introduced community strings as an authentication mechanism for management access B. SNMPv2c, which improved error handling and added 64-bit counters compared to SNMPv1 C. SNMPv3, which introduces user-based security with cryptographic authentication and optional privacy encryption D. SNMPv2u, which provides user-level authentication without the overhead of full encryption

Question 3

A network monitoring engineer is configuring a new NMS to collect performance and status data from managed switches and routers. The NMS needs to know which specific data objects are available on each device, what data type each object contains, and how each object is uniquely identified using an object identifier (OID). Which SNMP component provides this structured, hierarchical database of manageable objects for a given device type?

A. The community string, which serves as the password authorizing access to device data objects via SNMP B. The SNMP trap receiver, which maintains a catalog of incoming event notifications from managed devices C. The Management Information Base (MIB), which defines the hierarchy, naming, and data types of manageable objects available on a device D. The SNMP agent, which actively polls the device hardware and compiles performance data into reports for the NMS

Question 4

A network administrator reviewing SNMPv2c configurations on legacy distribution switches notices that several devices still use the factory-default read community string. An attacker who discovers this string could send SNMP GET requests and retrieve detailed configuration data from the switch. Which SNMPv2c mechanism controls read and write access to SNMP-managed objects on these devices?

A. Digital certificates that authenticate the NMS identity before it is permitted to query the device B. Community strings that function as shared plaintext passwords controlling read and write access levels to SNMP data C. SNMP traps that notify the NMS when an unauthorized polling attempt from an unknown source is detected D. MIB filtering that restricts which object identifiers are accessible to specific management station IP addresses

Question 5

A network operations team wants to implement centralized logging so that event messages from all routers, switches, and firewalls are forwarded to a single platform for storage, search, and alerting, rather than being stored locally in device flash memory. The team needs a component that listens for incoming log messages, indexes them, and makes them available for review. Which component should be deployed to fulfill this role?

A. An SNMP trap receiver to collect and store threshold-based performance alerts from all managed devices B. A packet capture appliance to store raw network traffic streams alongside device event logs C. A syslog collector to receive, store, and index log messages forwarded from network devices D. A flow collector to aggregate NetFlow records and session metadata from routers and switches

Question 6

A security operations team needs to detect coordinated attacks that span multiple systems simultaneously, where the evidence is distributed across firewall logs, switch authentication records, and endpoint security alerts. No single device's logs contain the full attack picture. The team needs a platform that ingests logs from all these sources, normalizes the data into a common format, applies correlation rules, and generates alerts when multi-source patterns indicate a threat. Which solution addresses this requirement?

A. A centralized syslog server to aggregate raw log messages from all network devices and endpoints in one searchable repository B. An SNMP NMS to poll performance counters and flag devices that exceed threshold values defined for each monitored metric C. A Security Information and Event Management (SIEM) platform to correlate events from multiple sources and identify threat patterns D. A network performance monitor to baseline traffic levels and generate alerts when bandwidth or latency deviates from normal

Question 7

A network engineer needs to capture and analyze traffic on a specific switch port connected to a server that is suspected of communicating with unauthorized external hosts. The engineer does not want to disrupt normal traffic flow to or from the server. The engineer connects a packet analyzer device to a separate, dedicated switch port and needs to configure the switch to copy all traffic from the server's port to the analyzer port. Which switch feature should be configured to accomplish this?

A. VLAN tagging on the server's access port to forward a tagged copy of all frames to the analyzer's VLAN B. Link aggregation between the server port and the analyzer port to distribute traffic across both interfaces C. Port mirroring (SPAN) configured to copy traffic from the monitored source port to the designated analyzer destination port D. SNMP polling on the server's switch port to export detailed per-frame traffic statistics to the packet analyzer

Question 8

A security analyst suspects that a workstation is communicating with a known malicious IP address. To confirm this, the analyst needs to see the actual payload content, source and destination IP addresses, port numbers, protocol flags, and complete session details of the traffic being exchanged. Which monitoring method provides this level of detail?

A. Flow data analysis using NetFlow records exported by the router to review session-level metadata and byte counts B. SNMP performance monitoring to check interface error and utilization counters on the workstation's switch port C. Packet capture using a protocol analyzer to record and inspect the full content of individual frames and sessions D. Syslog review to check if the workstation's switch port has generated authentication or access-related log events

Question 9

A network operations team needs to review all TCP sessions that traversed the core router during the previous 24 hours, including source and destination IP addresses, port numbers, total bytes exchanged, and session duration for each flow. The team does not need to inspect packet payloads, only the connection-level summary data. The router already exports this data to a dedicated collector. Which monitoring technology produces these connection summary records?

A. A full packet capture solution recording complete frame contents on all interfaces of the core router B. Flow data such as NetFlow or IPFIX exported by the router, providing connection-level metadata summaries without payload content C. SNMP traps generated by the router whenever a new TCP session is established on a monitored interface D. Syslog messages generated by the router's ACL for each connection permitted or denied at the interface

Question 10

A network monitoring engineer has spent two weeks collecting performance data and establishing reference values for normal CPU utilization, interface error rates, and traffic volume across all managed devices during typical business operations. The engineer then configures the NMS to automatically alert the team whenever current measurements deviate significantly from these reference values. Which network monitoring concept do these reference measurements represent?

A. Flow data, which provides connection-level traffic summaries used as the standard reference for acceptable session counts B. Baseline metrics, which represent the established normal operating values used to detect deviations and identify anomalies C. MIB data, which provides the threshold values hardcoded in SNMP standards for each monitored performance object D. Syslog severity levels, which define the expected frequency range of log messages from each device under normal conditions

CompTIA Network+ Practice Test for Subdomain 3.2 #02

Related Posts

Leave a Comment Cancel Reply