N10-009 Exam Overview
Prepare for the Comptia N10-009 certification exam
with our comprehensive study guide. This study material contains 514 practice questions
sourced from real exams and expert-verified for accuracy. Each question includes the correct answer
and a detailed explanation to help you understand the material thoroughly.
The N10-009 exam — Network+ — is offered by Comptia.
Passing this exam earns you the CompTIA Network+ credential,
an industry-recognized certification that validates your expertise.
Our study materials were last updated on 2026-02-18 to reflect the
most recent exam objectives and content.
About the CompTIA Network+
The CompTIA Network+ is awarded by Comptia
to professionals who demonstrate competence in the skills measured by the N10-009 exam.
According to the
official Comptia certification page,
this certification validates your ability to work with the technologies covered in the exam objectives.
According to the
Global Knowledge IT Skills and Salary Report,
certified IT professionals earn 15-25% more than their non-certified peers.
Certifications from Comptia are among the most recognized credentials in the IT industry,
with strong demand across enterprise organizations worldwide.
Free Sample — 15 Practice Questions
Preview 15 of 514 questions from the N10-009 exam.
Try before you buy — purchase the full study guide for all 514 questions with answers and explanations.
Question 491
A network administrator needs to create an SVI on a Layer 3-capable device to separate voice and data traffic. Which of the following best explains this use case?
A. A physical interface used for trunking logical ports
B. A physical interface used for management access
C. A logical interface used for the routing of VLANs
D. A logical interface used when the number of physical ports is insufficient
Show Answer
Correct Answer: C
Explanation:
An SVI (Switch Virtual Interface) is a logical Layer 3 interface on a switch that represents a VLAN. It is used to provide IP addressing and routing between VLANs, enabling separation and inter-VLAN routing of voice and data traffic. It is not a physical interface nor related to port shortages.
Question 71
Which of the following is an example of a split-tunnel VPN?
A. Only public resources are accessed through the user’s internet connection.
B. Encrypted resources are accessed through separate tunnels.
C. All corporate and public resources are accessed through routing to on-site servers.
D. ACLs are used to balance network traffic through different connections.
Show Answer
Correct Answer: A
Explanation:
A split-tunnel VPN sends only selected traffic (typically corporate or private resources) through the VPN, while other traffic such as general internet access goes directly over the user’s local internet connection. Option A describes this behavior, whereas the other options describe full tunneling, multiple tunnels, or traffic management mechanisms unrelated to split tunneling.
Question 266
A network technician is troubleshooting network latency and has determined the issue to be occurring between two network switches (Switch10 and Switch11). Symptoms reported include poor video performance and slow file copying. Given the following information:
Which of the following should the technician most likely do to resolve the issue?
A. Disable automatic negotiation on Switch11.
B. Modify Switch10 MTU value to 1500.
C. Configure STP on both switches.
D. Change the native VLAN on the ports.
Show Answer
Correct Answer: B
Explanation:
The symptoms and logs indicate MTU mismatch between the two switches, causing dropped or fragmented frames (giants), which leads to latency, poor video, and slow file transfers. Setting Switch10’s MTU to the standard 1500 to match the peer resolves the issue. Other options (autonegotiation, STP, native VLAN) do not address MTU-related frame size problems.
Question 410
A network administrator notices uncommon communication between VMs on ephemeral ports on the same subnet. The administrator is concerned about that traffic moving laterally within the network. Which of the following describes the type of traffic flow the administrator is analyzing?
A. East-west
B. Point-to-point
C. Horizontal-scaling
D. Hub-and-spoke
Show Answer
Correct Answer: A
Explanation:
Traffic moving laterally between VMs on the same subnet is east-west traffic. East-west describes internal, VM-to-VM communication within a data center or cloud network, as opposed to north-south traffic entering or leaving the network.
Question 326
A small coffee shop wants to set up multiple 2.4GHz wireless access points. The access points will support a large number of users, and the network technician wants to mitigate interference as much as possible. Which of the following is the number of 22MHz channels that the equipment can support?
Show Answer
Correct Answer: C
Explanation:
In the 2.4 GHz band, although many channels are defined, each channel is about 22 MHz wide and they overlap significantly. To mitigate interference, only the non‑overlapping channels are usable. In practice, these are channels 1, 6, and 11, giving a total of three usable 22 MHz channels.
Question 92
A server administrator needs to add a record to the company’s DNS server to verify ownership of a web domain. The administrator has the record's name and value. Which of the following record types should the administrator use to add the record to the DNS server?
A. TXT
B. A
C. PTR
D. CNAME
Show Answer
Correct Answer: A
Explanation:
Domain ownership verification requires adding a DNS record that can store an arbitrary verification string provided by the service. TXT records are specifically designed for this purpose and are commonly used for domain verification, SPF/DKIM/DMARC, and similar checks. A records map hostnames to IPs, PTR records are for reverse lookups, and CNAME records create aliases, none of which are suitable for ownership verification.
Question 382
A network administrator logs on to a router and sees an interface with an IP address of 10.61.52.34 255.255.255.252. Which of the following best describes how this interface IP address is being used?
A. As a point-to-point connection
B. To connect to the internet
C. As a virtual address for redundancy
D. For out-of-band management
Show Answer
Correct Answer: A
Explanation:
The subnet mask 255.255.255.252 (/30) creates a network with only two usable IP addresses. Such small subnets are most commonly used for point-to-point links, for example between two routers, where only two interfaces need addressing. The other options typically use different addressing schemes or larger subnets.
Question 413
Which of the following network topologies contains a direct connection between every node in the network?
A. Mesh
B. Star
C. Hub-and-spoke
D. Point-to-point
Show Answer
Correct Answer: A
Explanation:
In a full mesh topology, every node has a direct point-to-point link to every other node in the network. Star and hub-and-spoke rely on a central device, and point-to-point connects only two nodes, not all nodes to each other.
Question 456
Which of the following appliances provides users with an extended footprint that allows connections from multiple devices within a designated WLAN?
A. Router
B. Switch
C. Access point
D. Firewall
Show Answer
Correct Answer: C
Explanation:
An access point extends the footprint of a wireless local area network by providing Wi‑Fi connectivity for multiple devices within its coverage area. It bridges wired networks to wireless clients, allowing users to connect from many devices across a designated WLAN.
Question 126
A network administrator is configuring a subnet that needs to support 13 usable IP addresses. Which of the following subnet masks best meets this requirement?
A. 255.255.255.128
B. 255.255.256.192
C. 255.285.256.224
D. 255.255.255.240
Show Answer
Correct Answer: D
Explanation:
The subnet must support at least 13 usable host IP addresses. A /28 subnet (255.255.255.240) provides 16 total addresses, of which 14 are usable after excluding the network and broadcast addresses. This is the smallest (most efficient) subnet that meets the requirement. The other options either provide far more addresses than needed or are invalid subnet masks.
Question 402
Which of the following should be configured so users can authenticate to a wireless network using company credentials?
A. SSO
B. SAML
C. MFA
D. RADIUS
Show Answer
Correct Answer: D
Explanation:
To allow users to authenticate to a wireless network using company credentials, an authentication backend is required that integrates with the organization’s directory (such as Active Directory). RADIUS provides centralized authentication, authorization, and accounting for network access and is commonly used with enterprise Wi‑Fi (e.g., 802.1X). SSO, SAML, and MFA are authentication concepts or enhancements, but they do not by themselves provide the network authentication service needed for wireless access.
Question 253
Which of the following disaster recovery concepts is calculated by dividing the total hours of operation by the total number of units?
A. MTTR
B. MTBF
C. RPO
D. RTO
Show Answer
Correct Answer: B
Explanation:
MTBF (Mean Time Between Failures) is calculated by dividing the total hours of operation by the total number of failures (or units failing), which matches the description given. MTTR focuses on repair time, while RPO and RTO relate to data loss and recovery time objectives, not operational averages.
Question 47
Clients report that phones are down. The network technicians determine that PCs and printers are online. However, the phones display the message Searching for service. Which of the following should the technicians check first?
A. PoE statistics on the switch
B. DHCP options
C. Data VLANs on switchports
D. The default gateway on the switch
Show Answer
Correct Answer: B
Explanation:
IP phones typically power on via PoE and obtain an IP address via DHCP, but they also rely on specific DHCP options (such as Option 66 or 150) to locate the TFTP/call manager. If these options are missing or incorrect, phones will power up yet remain stuck at "Searching for service," while PCs and printers continue to work normally.
Question 500
Which of the following technologies is the best choice to listen for requests and distribute user traffic across web servers?
A. Router
B. Switch
C. Firewall
D. Load balancer
Show Answer
Correct Answer: D
Explanation:
A load balancer is specifically designed to listen for incoming client requests and distribute traffic across multiple web servers, improving scalability, availability, and fault tolerance. Routers, switches, and firewalls handle networking and security functions but do not manage application-level traffic distribution.
Question 352
A network administrator is implementing security zones for each department. Which of the following should the administrator use to accomplish this task?
A. ACLs
B. Port security
C. Content filtering
D. NAC
Show Answer
Correct Answer: A
Explanation:
Security zones between departments are implemented by controlling and filtering traffic between network segments. Access Control Lists (ACLs) define permit/deny rules based on IPs, subnets, ports, and protocols, making them the standard mechanism to enforce inter-zone communication policies. Port security limits devices on a switch port, content filtering controls web content, and NAC governs device admission, not zone-to-zone traffic control.