Which of the following does a full-tunnel VPN provide?
Correct Answer: C
A full-tunnel VPN routes all of a user's network traffic through the corporate network. This means that the organization can inspect all network traffic for security and compliance purposes, as all data is tunneled through the VPN, allowing for comprehensive monitoring and inspection.References:CompTIA Network+ study materials.
N10-009 Exam Question 142
Which of the following is the most closely associated with segmenting compute resources within a single cloud account?
Which of the following routing protocols uses an autonomous system number?
Correct Answer: D
BGP (Border Gateway Protocol) uses an Autonomous System (AS) number for its operations. An AS is a collection of IP networks and routers under the control of a single organization that presents a common routing policy to the Internet. BGP is used to exchange routing information between different ASes on the Internet, making it the only protocol among the listed options that uses an AS number.References:CompTIA Network+ study materials and RFC 4271.
N10-009 Exam Question 144
A customer calls the help desk to report that resources are no longer reachable. The resources were available before network changes were made. The technician verifies the report, investigates, and discovers that a new logical layout is segmenting the network using tagging. Which of the following appliances most likely needs to be reviewed to restore the connections?
Correct Answer: C
The correct answer is Switch because the question references a new logical layout segmenting the network using tagging, which indicates VLAN (Virtual Local Area Network) configuration. VLAN tagging (IEEE 802.1Q) is performed on switches to logically separate broadcast domains within the same physical infrastructure. According to CompTIA Network+ (N10-009) objectives under switching technologies, VLANs are used to improve security, reduce broadcast traffic, and logically segment network traffic. When VLAN tagging is misconfigured-such as incorrect trunk ports, access port assignments, or mismatched VLAN IDs-devices may lose connectivity to required network resources. Since the issue began after changes involving tagging, the most likely cause is an incorrect switch configuration, such as improper VLAN assignments or trunking settings. An access point (Option A) may use VLANs for SSID segmentation, but core tagging configuration is handled at the switch. A firewall (Option B) filters traffic but does not control VLAN tagging at Layer 2 in typical deployments. A load balancer (Option D) distributes traffic among servers and is unrelated to VLAN segmentation. Therefore, reviewing the switch configuration is the appropriate action to restore connectivity.
N10-009 Exam Question 145
Which of the following is a type of NAC that uses a set of policies to allow or deny access to the network based on the user's identity?
Correct Answer: C
The correct answer is 802.1X, which is an identity-based Network Access Control (NAC) framework emphasized in the CompTIA Network+ N10-009 objectives under network security and access control. 802.1 X uses a policy-driven authentication process to determine whether a user or device is allowed network access based on verified credentials, such as usernames, passwords, or digital certificates. 802.1X operates using three main components: the supplicant (the client requesting access), the authenticator (the network device such as a switch or wireless access point), and the authentication server (typically a RADIUS server). Once the user's identity is authenticated, predefined policies determine the level of access granted-full access, limited access, or denial. This makes 802.1X a cornerstone of zero trust and enterprise- grade NAC implementations. A standard ACL controls traffic based on IP addresses and ports, not user identity. MAC filtering allows or denies access based on device MAC addresses, which can be easily spoofed and does not verify user identity. SSO (Single Sign-On) simplifies authentication across multiple systems but does not control network-layer access. Network+ highlights 802.1X as a secure, scalable solution for enforcing identity-based network access policies in both wired and wireless environments.