CompTIA Updated N10-009 Exam Questions and Answers by asiya

The netstat output shows that multiple ports are open, including Telnet (23), FTP (20), and TFTP (69), which are potential security risks. Disabling unused ports minimizes the attack surface, reducing security vulnerabilities.

Breakdown of Options:

A. Disable the unused ports – Correct answer. Unused ports should be closed to prevent unauthorized access.

B. Enforce access control lists – ACLs help control access but do not disable unnecessary services.

C. Perform content filtering – Content filtering controls web traffic, not port security.

D. Set up a screened subnet – A DMZ (screened subnet) improves security but does not address open ports.

If a network appliance fails to start, standard remote access methods like SSH won't work. Instead, Out-of-Band (OOB) management provides a dedicated access path (e.g., a console port or iDRAC/iLO), allowing administrators to troubleshoot devices even when the network is down.

Breakdown of Options:

A. Crash cart – A physical monitor/keyboard setup, not a remote solution.

B. Jump box – A hardened system used for secure remote access but requires the device to be operational.

C. Secure Shell (SSH) – Requires the device to be fully booted and network-connected.

D. Out-of-band management – ✅ Correct answer. Provides independent access for troubleshooting failed network devices.

When dealing with troubleshooting and change management, the plan of action outlines the steps, risks, and mitigation strategies. A change advisory board (CAB) uses this documented plan to decide whether to approve the change.

A. Identify the problem is the first step in troubleshooting, not decision-making for CAB.

B. Develop a theory is diagnostic work, not planning.

C. Test the theory confirms causes but doesn’t provide actionable planning information.

References (CompTIA Network+ N10-009):

Domain: Network Operations — Change management, troubleshooting methodology, CAB processes.

VLAN hopping occurs when an attacker tricks a switch into believing the host is another switch by generating tagged frames or exploiting trunk negotiation (DTP). This allows the attacker to access traffic from multiple VLANs, potentially stealing sensitive data.

B. Evil twin is a rogue wireless AP attack, unrelated to switch impersonation.

C. DNS poisoning corrupts name resolution, not VLAN access.

D. ARP spoofing is a Layer 2 on-path attack, not masquerading as a switch.

References (CompTIA Network+ N10-009):

Domain: Network Security — VLAN hopping attacks, switch spoofing techniques.