A customer needs six usable IP addresses. Which of the following best meets this requirement?
Correct Answer: D
Reference: CompTIA Network+ Certification Exam Objectives - IP Addressing section.
N10-009 Exam Question 222
A company's network is experiencing high levels of suspicious network traffic. The security team finds that the traffic is coming from an unknown, foreign IP address. Which of the following is the most cost-efficient way to mitigate this threat?
Correct Answer: A
The correct answer is ACL (Access Control List). According to the CompTIA Network+ N10-009 objectives, ACLs are a fundamental and cost-effective method for controlling traffic flow at routers and firewalls. An ACL allows administrators to permit or deny traffic based on source IP address, destination IP address, protocol, or port number. In this scenario, the suspicious traffic is identified as originating from a specific unknown foreign IP address. The most direct and economical mitigation strategy is to configure an ACL rule that denies traffic from that specific IP address (or subnet) at the network perimeter. This approach leverages existing network infrastructure without requiring additional hardware or licensing costs. An IDS (Intrusion Detection System) monitors and alerts on malicious activity but does not actively block traffic unless paired with IPS functionality, and it may involve additional cost and complexity. NAT is used for address translation and does not provide traffic filtering based on threat intelligence. DoS prevention solutions are typically more advanced, specialized, and costly, often intended for large-scale distributed denial-of-service attacks rather than blocking traffic from a single suspicious IP. The Network+ objectives emphasize implementing layered security controls, starting with simple and effective measures. In this case, applying an ACL at the firewall or router is the most cost-efficient and immediate method to mitigate the identified threat.
N10-009 Exam Question 223
A user tries to visit a website, but instead of the intended site, the page displays vmw.cba.com. Which of the following should be done to reach the correct website?
Correct Answer: A
A CNAME (Canonical Name) record maps an alias to the correct fully qualified domain name (FQDN). If a user is redirected to the wrong hostname, correcting or updating the CNAME ensures the alias points to the proper domain. B). PTR record maps IP to hostname (reverse DNS), not forward website resolution. C). NTP relates to time sync, irrelevant to DNS resolution. D). TXT record stores metadata like SPF or DKIM info, not used for hostname aliasing. References (CompTIA Network+ N10-009): Domain: Network Standards, Protocols, and Implementations - DNS record types (A, AAAA, CNAME, PTR, TXT).
N10-009 Exam Question 224
A company implements a new network utilizing only IPv6 addressing and needs to connect to the internet. Which of the following must be enabled in order for the internal network to contact servers on the internet?
Correct Answer: B
The correct answer is NAT64, which is required when an IPv6-only internal network needs to communicate with IPv4-based servers on the internet. According to the CompTIA Network+ N10-009 objectives, NAT64 is a translation technology that enables interoperability between IPv6 clients and IPv4 resources during the ongoing transition from IPv4 to IPv6. Although IPv6 is widely deployed, a significant portion of internet services still operate exclusively on IPv4. An IPv6-only host cannot natively communicate with an IPv4 server because the protocols use different addressing formats. NAT64 solves this problem by translating IPv6 packets into IPv4 packets and translating the responses back into IPv6, allowing seamless communication without requiring dual-stack configuration on internal hosts. The other options do not address this requirement. MPLS is a WAN forwarding technology used by service providers and does not provide protocol translation. GRE is a tunneling protocol used to encapsulate traffic and does not enable IPv6-to-IPv4 communication. Static routing determines packet paths but does not resolve protocol incompatibility between IPv4 and IPv6. The Network+ N10-009 exam places strong emphasis on IPv6 transition mechanisms, including NAT64, DNS64, and dual stack. In this scenario, NAT64 is the essential component that enables IPv6-only networks to access legacy IPv4 internet services.
N10-009 Exam Question 225
Which of the following provides an opportunity for an on-path attack?
Correct Answer: C
An evil twin is a rogue Wi-Fi access point that mimics a legitimate network. Attackers use it to intercept and manipulate traffic, making it an on-path (formerly MITM) attack opportunity. Breakdown of Options: A: Phishing - Tries to steal credentials through fake emails/websites but does not intercept network traffic. B: Dumpster diving - Involves physical security breaches, not network interception. C: Evil twin - # Correct answer. A rogue Wi-Fi AP impersonates a real network, allowing traffic interception. D: Tailgating - Involves physical access security, not network interception. Reference: CompTIA Network+ (N10-009) Official Study Guide - Domain 3.3: Explain common network security threats.