CompTIA Network+ Practice Test for Subdomain 4.2 #02

Welcome to today’s CompTIA Network+ practice test!

This practice test uses our new UI!

Today’s practice test is based on Subdomain 4.2 (Summarize various types of attacks and their impact to the network) from the CompTIA Network+ N10-009 objectives.

This beginner-level practice test is inspired by the CompTIA Network+ (N10-009) exam and is designed to help you reinforce key networking concepts on a daily basis.

These questions are not official exam questions, nor are they brain dumps, but they reflect topics and scenarios relevant to the Network+ certification. Use them to test your knowledge, identify areas for improvement, and build daily cybersecurity habits.

Note: CompTIA and Network+ are registered trademarks of CompTIA. This content is not affiliated with or endorsed by CompTIA.

To choose CompTIA Network+ practice tests based on specific domains/subdomains, click that link.

CompTIA Network+ Practice Test for Subdomain 4.2 #02

10 questions • Single best answer

Question 1

A network engineer at an e-commerce company notices that the company's web servers are suddenly receiving millions of HTTP requests per second from thousands of different source IP addresses around the world, causing the servers to become unresponsive to legitimate customers. The traffic volume far exceeds what a single attacker machine could generate. Which type of attack is being described?

A. DNS poisoning, in which an attacker corrupts cached DNS records to redirect customers to a fraudulent site B. ARP spoofing, in which an attacker sends false ARP replies to associate the attacker's MAC address with the web server's IP address C. Distributed Denial-of-Service (DDoS), in which traffic from many compromised or coordinated sources overwhelms the target's resources simultaneously D. VLAN hopping, in which an attacker crafts frames to access network segments beyond their authorized VLAN boundary

Question 2

A network administrator is reviewing switch logs after several workstations in a floor segment reported intermittent connectivity problems. The administrator notices that the switch's content-addressable memory (CAM) table has been flooded with tens of thousands of MAC addresses, causing the switch to behave like a hub and broadcast frames out all ports. Which attack caused this behavior?

A. ARP poisoning, in which the attacker sent gratuitous ARP replies to overwrite legitimate IP-to-MAC mappings on all segment hosts B. MAC flooding, in which the attacker sent large numbers of frames with spoofed source MAC addresses to exhaust the switch's CAM table capacity C. VLAN hopping using switch spoofing, in which the attacker negotiated a trunk link to gain access to all VLANs on the switch D. DNS spoofing, in which the attacker injected false DNS responses to redirect workstation traffic to attacker-controlled servers

Question 3

A security analyst at a logistics company captures network traffic and discovers that a workstation is sending unsolicited ARP reply packets claiming that its MAC address corresponds to the IP address of the default gateway. Multiple hosts on the subnet have updated their ARP caches with the attacker's MAC address, causing all outbound traffic to be sent to the attacker's machine instead of the actual gateway. Which attack is being executed?

A. DNS poisoning, where cached DNS records are replaced with attacker-controlled entries to redirect hostname resolution B. MAC flooding, where random MAC addresses are injected into the switch's CAM table to cause indiscriminate traffic flooding C. ARP poisoning or ARP spoofing, where an attacker sends fraudulent ARP replies to corrupt the ARP cache of hosts on the segment D. VLAN hopping, where the attacker uses double-tagging to place frames into a VLAN beyond the attacker's authorized access boundary

Question 4

A penetration tester is evaluating a switched network environment and identifies a switch port that has been left in the default dynamic trunking (DTP) negotiation state. The tester sends DTP negotiation frames from a connected laptop, and the switch port transitions to trunk mode, providing the tester with access to all VLANs configured on the switch. Which attack technique did the tester exploit?

A. MAC flooding, in which the tester sent a high volume of frames with spoofed source MAC addresses to overflow the CAM table B. VLAN hopping via switch spoofing, in which the attacker negotiated a trunk link by exploiting the switch port's default DTP negotiation setting C. ARP poisoning, in which the tester sent gratuitous ARP packets to redirect traffic from all VLANs to the tester's machine D. DNS spoofing, in which the tester injected false DNS replies to redirect VLAN management traffic to a rogue server

Question 5

A corporate IT security team receives an alert that a user clicked a link in an email, which redirected the browser to a spoofed login page that looked identical to the company's internal portal. The user entered their credentials, which were captured by the attacker. The attack relied on sending a deceptive email designed to trick the user into revealing sensitive information. Which attack category does this describe?

A. Dumpster diving, in which an attacker searches discarded physical materials for sensitive documents or credentials B. Tailgating, in which an unauthorized individual follows a legitimate employee through a secured physical access point C. Phishing, in which the attacker sends a deceptive message that impersonates a trusted entity to trick the recipient into disclosing credentials or clicking malicious links D. Evil twin, in which the attacker deploys a rogue wireless access point with the same SSID as the corporate network to intercept wireless traffic

Question 6

A security consultant is reviewing physical security practices at a professional services firm. During the assessment, the consultant observes that visitors and delivery personnel regularly observe employees entering PINs and badge numbers at the front door security terminal because there is no physical barrier preventing people in the waiting area from watching. Which social engineering threat does this represent?

A. Tailgating, in which an attacker physically follows an authorized employee into a secured area without presenting credentials B. Shoulder surfing, in which an attacker observes a target entering credentials or viewing sensitive information by watching from nearby C. Phishing, in which an attacker sends deceptive messages to trick employees into disclosing their PIN or access codes D. Dumpster diving, in which an attacker searches discarded materials near the entrance for access codes written on paper

Question 7

A network security team identifies that an attacker has set up a wireless access point in the lobby of their office building using the same SSID as the corporate Wi-Fi network. The rogue AP has a stronger signal than the legitimate APs in that area, causing employee devices to associate with the attacker's AP instead. The attacker is now positioned to intercept all wireless traffic from those employees. Which attack is being conducted?

A. DNS spoofing, in which the attacker intercepts DNS queries on the wireless network and returns malicious IP addresses B. Evil twin attack, in which a rogue access point impersonates a legitimate wireless network to intercept client traffic C. VLAN hopping, in which the attacker uses the rogue AP to gain access to all VLANs on the corporate wired network D. Rogue DHCP attack, in which the attacker's AP assigns IP addresses to clients that route all traffic through the attacker's gateway

Question 8

A threat intelligence analyst at a healthcare organization is briefing the incident response team on a recent attack in which the attacker was positioned between the organization's DNS resolver and an authoritative DNS server. The attacker injected a forged DNS response that substituted a malicious IP address for a legitimate external domain. The healthcare system's resolver cached the fraudulent record and began directing all users who queried that domain to the malicious server. Which attack is described?

A. ARP poisoning, in which the attacker corrupted ARP cache entries on network hosts to redirect local traffic to the attacker's machine B. DNS poisoning, in which the attacker injected forged DNS records into a resolver's cache to redirect hostname lookups to a malicious IP address C. VLAN hopping, in which the attacker used crafted frames to bypass VLAN segmentation and intercept DNS traffic between resolvers D. MAC flooding, in which the attacker overwhelmed the switch CAM table to cause DNS response frames to be flooded to all ports

Question 9

A SOC analyst is reviewing malware telemetry from an endpoint detection system. The report shows that malware was installed on several workstations after users received emails from what appeared to be the IT department requesting password resets. The malware is classified as self-replicating software that spreads to other systems on the network without user interaction after the initial installation. Which malware classification best describes this behavior?

A. Ransomware, which encrypts files on the infected system and demands payment in exchange for the decryption key B. Worm, which is self-replicating malware that propagates across networks autonomously after initial infection without requiring further user action C. Trojan, which disguises itself as legitimate software and requires the user to execute it before it can compromise the system D. Spyware, which silently monitors user activity and transmits credentials and behavioral data to an attacker-controlled server

Question 10

A network security engineer is presenting the concept of on-path attacks to a junior team member. The engineer explains that in this attack, an adversary positions themselves between two communicating parties and secretly intercepts, reads, and potentially modifies the traffic exchanged between them, without either party being aware of the interception. Both parties believe they are communicating directly with each other. Which attack type is the engineer describing?

A. DoS (Denial-of-Service) attack, in which the attacker floods the target with traffic to exhaust its resources and prevent legitimate communication B. On-path attack (formerly man-in-the-middle), in which an attacker secretly intercepts and potentially modifies traffic between two communicating parties C. DNS spoofing, in which the attacker injects false DNS responses to redirect hostname lookups without intercepting the actual communication session D. Evil twin attack, in which a rogue wireless AP intercepts all wireless traffic from clients that associate with it instead of the legitimate AP

CompTIA Network+ Practice Test for Subdomain 4.2 #02

Related Posts

Leave a Comment Cancel Reply