CompTIA Updated N10-009 Exam Questions and Answers by raiden

A split-tunnel VPN allows certain traffic (e.g., cloud-based services) to bypass the VPN and go directly to the Internet. This reduces the amount of traffic that needs to traverse the company's VPN and Internet connection, conserving bandwidth and reducing costs. It also means that not all traffic is subject to the same level of inspection or filtering, which can improve performance for cloud-based services.References: CompTIA Network+ study materials.

Wi-Fi 6E is the best choice for high-density environments, such as a university campus. It:

Supports more devices with OFDMA (Orthogonal Frequency-Division Multiple Access)

Uses the 6GHz band, reducing congestion

Provides faster speeds and lower latency

This makes Wi-Fi 6E ideal for large networks with high-bandwidth demands, like those in a university setting.

Breakdown of Options:

A. Bluetooth – Used for short-range, low-power connections, not large-scale wireless networks.

B. Wi-Fi 6E – ✅ Correct answer. Designed for high-density environments, improving speed and efficiency.

C. 5G – Used for mobile networks, but not ideal for campus-wide local wireless infrastructure.

D. LTE – Used for cellular data, not for campus-wide Wi-Fi.

Port mirroring, also known as SPAN (Switched Port Analyzer), is used to send a copy of network packets seen on one switch port (or an entire VLAN) to another port where the IDS is connected. This allows the IDS to passively inspect network traffic without interfering with the actual traffic flow. Port mirroring is an essential feature for implementing IDS in a network for traffic analysis and security monitoring.References: CompTIA Network+ study materials.

The correct solution is a Data Center Interconnect (DCI). DCIs extend Layer 2 networks across geographically dispersed data centers, enabling seamless replication of services such as SAN storage, backup synchronization, or VM migrations. This ensures workloads and data can move between sites while maintaining the same VLANs and addressing.

A. Security Service Edge (SSE) provides cloud-delivered security functions like secure web gateways and CASB, not Layer 2 extension.

C. Infrastructure as code (IaC) automates deployment and management of network infrastructure but is unrelated to extending Layer 2 domains.

D. Zero Trust architecture is a security framework ensuring strict access control but doesn’t address network connectivity between sites.

In scenarios where backups need replication between sites, Layer 2 extension is often required so systems can communicate as if they are in the same broadcast domain. DCI is specifically designed to provide this functionality reliably and securely.

References (CompTIA Network+ N10-009):

Domain: Network Infrastructure — WAN technologies, data center interconnect, backup replication.