Free CompTIA Network+ Practice Test (N10-009)

The CompTIA Network+ Practice Test is the essential tool you need to validate your networking knowledge and prepare for the rigorous N10-009 exam. Whether you are a budding network administrator or a seasoned technician looking to recertify, realistic practice questions are the key to transitioning from theory to application.

Note: You can access the full, free interactive practice test at the bottom of this post.

Why You Need a CompTIA Network+ Practice Test

The CompTIA Network+ certification validates the technical skills needed to securely establish, maintain, and troubleshoot the essential networks that businesses rely on. It covers a broad range of topics, from network architecture and topologies to security and troubleshooting.

Our CompTIA Network+ Practice Test is designed to mirror the complexity and scenario-based nature of the actual exam. By testing your knowledge against these realistic scenarios, you can identify your weak areas before exam day. Below, we explore several critical topics covered in the exam to give you a taste of what you need to master.

Mastering Network Topologies for Resilience

One of the fundamental skills of a network administrator is designing networks that can withstand failures. A common scenario you might face involves designing an office layout that requires high availability.

For example, if you need to ensure a network is resilient to a single cable failure between switches, you must choose the right topology. While a Star topology is common, a Mesh topology provides the highest level of redundancy. In a mesh setup, devices are connected to multiple other devices, creating multiple paths for data to travel. This comes at the cost of increased complexity and cabling, but for mission-critical reliability, it is the superior choice.

Troubleshooting Network Connectivity: The APIPA Address

Troubleshooting is a massive component of the Network+ exam. You must be able to interpret command-line output to diagnose connectivity issues.

Imagine a user reports they cannot access any websites. You run ipconfig on their Windows machine and see an IP address of 169.254.10.23. To a trained eye, this is an immediate red flag. The 169.254.0.0/16 range is reserved for Automatic Private IP Addressing (APIPA). This indicates that the client attempted to contact a DHCP server to get an IP address but failed. Knowing this helps you immediately narrow your focus to the DHCP server or the connection to it, rather than wasting time checking DNS settings or the website itself.

Securing Remote Access: SSH vs. Telnet

Security is woven into every domain of the N10-009 exam. A classic question involves securing remote management of network devices like routers and switches.

If a security audit reveals that administrators are using a protocol that exposes credentials in plaintext, you need to know the secure alternative. Telnet sends everything, including passwords, in cleartext, making it vulnerable to sniffing attacks. The correct remediation is to implement Secure Shell (SSH). SSH provides an encrypted channel for remote command-line administration, ensuring that sensitive session data and credentials remain protected from prying eyes.

Network Architecture and Security Zones

Protecting internal assets while hosting public-facing services is a balancing act. When an organization sets up a web server or email server that must be accessible from the internet, they cannot simply place it on the internal LAN.

The industry-standard solution is to place these servers in a Screened Subnet, also commonly known as a Demilitarized Zone (DMZ). This architecture acts as a buffer zone between the untrusted public internet and the trusted internal network. If an attacker compromises the web server in the DMZ, they are still isolated from the core internal network, limiting the potential damage. https://csrc.nist.gov/pubs/sp/800/215/final

Understanding Duplex Mismatches and Performance

Not all network issues result in a total loss of connectivity; some just cause frustrating performance degradation. You might encounter a scenario where a connection is functioning, but data transfer is slow, and users complain of lag.

If you investigate and find that data is being sent and received, but not at the same time, you are likely dealing with Half-duplex communication. Unlike Full-duplex, which allows simultaneous two-way transmission, Half-duplex is like a walkie-talkie: only one party can speak at a time. This inefficiency leads to collisions and degraded performance in modern switched networks. Identifying this mode allows you to correct the interface settings to Full-duplex and restore optimal speed.

Conclusion

Passing the Network+ exam requires more than just memorizing acronyms; you must understand how these technologies work together in a live environment. The concepts discussed above—topologies, addressing, security protocols, and architecture—are just the tip of the iceberg. Please do not forget to checkout other free CompTIA Certifications on CertyBuddy.com: https://certybuddy.com/practice-tests/?vendor=comptia

Ready to prove your skills? Take the free CompTIA Network+ Practice Test, Quiz, and Flashcards below to start your journey to certification success!

/64

Pass Your Exam with This Free CompTIA Network+ Practice Test

This protocol is essential for centralizing event information from routers, switches, and firewalls.

1 / 64

What is the function of Syslog in network management?

To manage the distribution of IP addresses and network configuration settings.

To synchronize the clocks of all devices on the network for accurate time stamping.

To securely transfer configuration files to and from network devices.

To provide a standard for sending and receiving log messages from network devices to a central server.

This functionality allows a firewall to be application-aware.

2 / 64

A network security device inspects the entire content of packets, including the application data, to identify and block threats. This capability is known as:

Port Forwarding

Network Address Translation (NAT)

Stateful Packet Inspection

Deep Packet Inspection (DPI)

This handheld device is a fundamental tool for verifying the physical integrity of a newly made network cable.

3 / 64

A technician is using a tool to check the wiring of a network cable. The tool can identify shorts, opens, crossed pairs, and incorrect pinouts. What is this tool?

Protocol analyzer

Cable tester

Tone generator and probe

OTDR (Optical Time-Domain Reflectometer)

This tool helps you see the journey your data takes across the internet.

4 / 64

What is the primary function of the `traceroute` (or `tracert` on Windows) command?

To test the end-to-end connectivity and latency to a specific host.

To resolve a domain name to its corresponding IP address.

To display the active TCP connections and listening ports on the local machine.

To map the path that packets take from the source to a destination host, showing each router hop along the way.

Think of this process as putting a letter (data) into an envelope (header), then putting that envelope into a larger package (another header).

5 / 64

What is the term for the process of combining data from multiple sources into a single packet at the sending host, and then separating it back out at the receiving host?

Fragmentation

Translation

Encapsulation

Segmentation

This feature operates at Layer 2 and uses a unique, hard-coded address to identify and filter devices.

6 / 64

A network engineer is configuring a switch and wants to prevent unauthorized devices from connecting to the network. The engineer decides to implement a feature that restricts port access based on the physical address of the devices. What is this feature called?

VLAN Tagging

Spanning Tree Protocol (STP)

Port Security

DHCP Snooping

Look for the most recent and secure version of the standard protocol for network device management.

7 / 64

A company wants to manage its network devices centrally. The network administrator needs a protocol that can securely query device status and modify configurations. Which protocol should be used?

RDP

SNMPv1

Telnet

SNMPv3

Think about the transmission medium that is not affected by electrical noise and can cover long distances.

8 / 64

A technician needs to connect a new building 500 meters away from the main office. The connection requires high bandwidth and must be immune to electromagnetic interference (EMI) from a nearby power station. Which cable type is the best choice?

Multi-Mode Fiber (MMF)

Coaxial

Cat 6 UTP

Single-Mode Fiber (SMF)

This command-line utility can both display and modify entries in the network routing tables.

9 / 64

A network administrator is troubleshooting a connectivity issue and wants to view the local computer’s routing table to see how traffic is being directed. Which command would be used on a Windows machine to display this information?

ipconfig /all

nslookup

arp -a

netstat -r

Think about the different ways data can flow over a communication channel.

10 / 64

A technician is troubleshooting a network connection and notices that data is being sent and received, but not at the same time. The connection is functioning, but performance is degraded. This mode of communication is known as:

Multiplex

Half-duplex

Full-duplex

Simplex

This layer acts as the ‘translator’ for the network.

11 / 64

Which of the following OSI layers is responsible for data formatting, compression, and encryption?

Session Layer (Layer 5)

Transport Layer (Layer 4)

Application Layer (Layer 7)

Presentation Layer (Layer 6)

This technology was crucial for conserving the limited supply of IPv4 addresses.

12 / 64

What is the primary purpose of Network Address Translation (NAT)?

To translate private, non-routable IP addresses to a public, routable IP address.

To dynamically assign IP addresses to hosts on a local network.

To encrypt traffic between two networks over the internet.

To filter incoming and outgoing network traffic based on a set of security rules.

This type of firewall remembers the ‘conversation’ between two hosts.

13 / 64

A firewall that keeps track of the state of network connections (such as TCP streams) traveling across it is known as what type of firewall?

Stateless

Next-Generation (NGFW)

Stateful

Proxy

Look for a protocol specifically designed for secure, encrypted remote shell access.

14 / 64

During a network security audit, it was discovered that an insecure protocol is being used for remote command-line access to routers, exposing credentials in plaintext. Which protocol should be implemented as a secure replacement?

FTP

HTTP

Telnet

SSH

This protocol is often called the ‘protocol of the Internet’ because it manages routing between major service providers.

15 / 64

Which of the following is an example of a dynamic routing protocol?

BGP

STP

ARP

NAT

Think about the evolution from IPv4 to the much larger address space of its successor.

16 / 64

Which of the following DNS record types is used to resolve a domain name into an IPv6 address?

AAAA

CNAME

This layer acts as the bridge between the network-focused lower layers and the application-focused upper layers, managing end-to-end communication.

17 / 64

In the OSI model, which layer is responsible for creating a connection, maintaining the session, and ensuring data is delivered reliably using acknowledgements and flow control?

Network Layer

Session Layer

Data Link Layer

Transport Layer

Think about the complete set of information a computer needs to communicate on a TCP/IP network.

18 / 64

What does a DHCP server provide to a client besides an IP address?

The correct VLAN tag for network access

Subnet mask, default gateway, and DNS server addresses

A security certificate and encryption key

MAC address and hostname

This 8-pin connector is ubiquitous in modern LANs.

19 / 64

Which of the following cable connector types is used for modern Ethernet connections with twisted-pair cabling?

RJ-11

F-type

BNC

RJ-45

Think of this as creating a malicious doppelgänger of a trusted network access point.

20 / 64

An attacker sets up a fraudulent wireless access point with the same SSID as a legitimate corporate network to trick users into connecting and capturing their data. This type of attack is known as:

Evil twin

Deauthentication attack

Bluejacking

War driving

This service model provides the basic building blocks of computing infrastructure.

21 / 64

A company is using a public cloud provider for its computing needs. They have deployed virtual machines and have full control over the operating systems and installed applications, but the cloud provider manages the underlying physical servers, storage, and networking. What cloud service model is this?

SaaS (Software as a Service)

FaaS (Function as a Service)

PaaS (Platform as a Service)

IaaS (Infrastructure as a Service)

Think of services like Google Docs or Microsoft 365, where you use the application directly through a web browser.

22 / 64

Which cloud computing service model provides customers with a fully functional application that is accessed over the internet, without the customer managing the underlying infrastructure?

Platform as a Service (PaaS)

Anything as a Service (XaaS)

Software as a Service (SaaS)

Infrastructure as a Service (IaaS)

RFC 1918 defines three specific ranges of addresses for private network use.

23 / 64

Which of the following is a private IPv4 address and is not routable on the public internet?

172.16.30.5

127.0.0.1

151.101.65.121

8.8.8.8

Consider the different states data can be in: stored, moving, or being actively processed.

24 / 64

A company has implemented a policy where financial data must be encrypted both when it is stored on a server and when it is transmitted over the network. These two states are referred to as:

Data at rest and data in process

Data at rest and data in transit

Data in process and data on disk

Data in use and data in motion

This part of the IPsec suite is responsible for the ‘Security Payload’.

25 / 64

A company is using IPsec VPNs to connect its branch offices. Which of the following is a core component of IPsec that provides confidentiality by encrypting the packet payload?

ESP (Encapsulating Security Payload)

AH (Authentication Header)

SSL (Secure Sockets Layer)

IKE (Internet Key Exchange)

This configuration error leads one device to transmit whenever it wants, while the other expects to listen before transmitting.

26 / 64

A network is experiencing high rates of collisions and errors. A technician inspects a connection where one side is configured for Full-Duplex and the other is set to Half-Duplex. What is this problem called?

Crosstalk

Duplex mismatch

Broadcast storm

Split pair

The name of this protocol explicitly states which OSI layer’s data it tunnels.

27 / 64

A VPN technology encapsulates Layer 2 frames to be sent over a Layer 3 network. It is often used with IPsec to provide security. What is this tunneling protocol?

GRE (Generic Routing Encapsulation)

PPTP

L2TP (Layer 2 Tunneling Protocol)

SSL/TLS

This diagnostic step tests the software configuration of the local host without sending any packets onto the network.

28 / 64

A technician uses the command `ping 127.0.0.1` and receives a successful reply. What does this confirm?

The DNS server is resolving names correctly.

The computer has a valid IP address from the DHCP server.

The computer can reach the default gateway.

The TCP/IP protocol stack is correctly installed and functioning on the local machine.

Consider the topology that offers the most redundancy and fault tolerance by design.

29 / 64

A network administrator is designing a new office layout and wants to ensure that the network is resilient to a single cable failure between switches. Which topology would best achieve this by providing multiple paths between devices, at the cost of increased complexity and cabling?

Mesh

Star

Ring

Bus

This ‘fire-and-forget’ protocol is often used for real-time applications where retransmitting lost packets would be detrimental.

30 / 64

Which protocol provides connectionless, unreliable data delivery at the Transport Layer?

IP (Internet Protocol)

UDP (User Datagram Protocol)

ICMP (Internet Control Message Protocol)

TCP (Transmission Control Protocol)

Think about how this modern WAN approach uses software to make networking more intelligent and flexible.

31 / 64

Which of the following is a primary advantage of a software-defined wide area network (SD-WAN) over a traditional WAN architecture?

It guarantees end-to-end performance with zero latency.

It is inherently more secure because it doesn't use the public internet.

It eliminates the need for physical cabling between sites.

It provides centralized control and dynamic path selection based on application needs.

This is the foundational software layer that makes virtualization possible.

32 / 64

Which of the following describes the function of a hypervisor in a virtualized environment?

It is a software application running inside a virtual machine.

It creates and manages virtual machines, allocating hardware resources to them.

It is a physical network switch that connects virtual machines.

It provides a centralized storage location for virtual machine disk files.

Think about how to logically separate different groups of users on the same physical network hardware.

33 / 64

A company wants to provide wireless access to visitors without allowing them access to the internal corporate network. The most effective way to achieve this is by configuring:

A guest network on a separate VLAN

A very strong pre-shared key for the main SSID

Disabling the SSID broadcast

MAC address filtering on the main SSID

This older, less efficient device creates a large collision domain because it broadcasts all traffic.

34 / 64

What type of network device operates at Layer 1 of the OSI model and simply regenerates and forwards all incoming signals to every connected port?

Switch

Router

Hub

Firewall

This protocol is the bridge between Layer 3 logical addresses and Layer 2 physical addresses on a local network segment.

35 / 64

What is the function of ARP in an IPv4 network?

To assign an IP address to a host.

To resolve a known IP address to an unknown MAC address.

To provide a secure, encrypted tunnel between two hosts.

To determine the best path to a destination network.

This is the name you look for when you’re connecting your device to a Wi-Fi network.

36 / 64

A user on a laptop moves from their desk to a conference room and seamlessly maintains their wireless network connection. This is possible because multiple access points are configured with the same network name. What is this network name called?

BSSID

RADIUS

Channel

SSID

This type of system is focused on the administration and security of smartphones and tablets in an enterprise environment.

37 / 64

A company policy requires that all employees who use their personal devices for work must have their devices managed by the company’s IT department. This includes the ability to enforce screen locks, encrypt data, and remotely wipe the device if it’s lost. What type of solution is needed to enforce this policy?

VPN Concentrator

Network Access Control (NAC)

Intrusion Prevention System (IPS)

Mobile Device Management (MDM)

This standard is focused on improving efficiency in crowded Wi-Fi environments like stadiums and airports.

38 / 64

Which wireless standard, also known as Wi-Fi 6, introduces features like OFDMA and improved MU-MIMO to increase efficiency and performance in dense environments?

802.11ax

802.11g

802.11n

802.11ac

This technology adds a ‘tag’ to Ethernet frames to identify which logical network they belong to.

39 / 64

Which technology allows a network administrator to logically segment a single physical switch into multiple, separate broadcast domains?

Port Mirroring

VLANs

Subnetting

Link Aggregation

This term describes a single piece of hardware that ‘unifies’ many different security functions.

40 / 64

A network security appliance is placed at the network perimeter and provides a combination of services including firewall, VPN, intrusion detection/prevention, and content filtering in a single device. What is this device best described as?

Layer 3 Switch

Proxy Server

Load Balancer

Unified Threat Management (UTM)

This standard distance limit applies to most categories of UTP copper cabling in an Ethernet channel.

41 / 64

What is the maximum distance for a Cat 6 UTP Ethernet cable according to TIA/EIA standards?

100 meters

90 meters

550 meters

185 meters

This security tool is designed to be an attractive but fake target for hackers.

42 / 64

Which of the following best describes a honeypot?

A firewall rule that drops all traffic from a known malicious IP address.

A secure, isolated environment for testing untrusted applications.

A system intentionally made vulnerable to attract and study attackers.

A centralized server for collecting and analyzing security logs.

This standard, also known as Wi-Fi 5, was developed to avoid the interference common in the 2.4 GHz band.

43 / 64

Which of the following IEEE 802.11 standards operates exclusively in the 5 GHz frequency band?

802.11b

802.11n

802.11ac

802.11g

With a `/24` subnet mask, the first three octets must match for two devices to be on the same local network.

44 / 64

A network technician is setting up a new server and assigns it the IP address `192.168.1.50` with a subnet mask of `255.255.255.0`. The default gateway is `192.168.1.1`. Which of the following IP addresses is on the same subnet as the new server?

192.168.0.50

192.168.1.100

10.10.1.50

192.168.1.255

Consider the special IP address range Windows uses when it fails to obtain an address automatically.

45 / 64

A user reports they cannot access any websites. A technician runs `ipconfig` on the user’s Windows machine and sees an IP address of `169.254.10.23`. What is the most likely cause of this issue?

The computer's network interface card (NIC) has failed completely.

The computer has a static IP address assigned in the wrong subnet.

The DHCP server is down or unreachable.

The router's DNS server is misconfigured.

This type of protocol allows every router to have a complete picture of the network’s topology.

46 / 64

Which of the following is an example of a link-state routing protocol?

EIGRP

BGP

OSPF

RIPv2

This layer is concerned with physical addressing, framing, and media access control.

47 / 64

At which layer of the OSI model does a standard Layer 2 switch operate?

Layer 1 (Physical)

Layer 4 (Transport)

Layer 2 (Data Link)

Layer 3 (Network)

This network architecture acts as a buffer zone between the untrusted internet and the trusted internal network.

48 / 64

An organization is setting up a publicly accessible server for their website and DNS. To protect their internal network, they plan to place these servers in a separate network segment. What is this type of segmented network commonly called?

Screened Subnet (DMZ)

Honeypot

Private Cloud

VLAN

Think about the special safety requirements for running cables in spaces that handle building airflow.

49 / 64

A network technician needs to run a new cable in the plenum space (the area above a dropped ceiling used for air circulation). What type of cable jacket rating is required for this installation to comply with fire safety codes?

Plenum-rated

Shielded (STP)

Riser-rated

PVC (Polyvinyl Chloride)

This middle layer acts as an aggregation point for the layer below it.

50 / 64

In a three-tier hierarchical network design, which layer is responsible for high-speed, redundant connectivity between distribution layer devices and provides a path to the network core?

Spine Layer

Core Layer

Access Layer

Distribution Layer

Think about which service prioritizes speed and efficiency over the guaranteed delivery provided by a three-way handshake.

51 / 64

Which of the following protocols uses UDP as its transport protocol by default?

FTP

DNS

HTTP

SMTP

Consider how the transmit and receive pins need to be wired when connecting two ‘like’ devices.

52 / 64

An administrator needs to create a cable to connect two switches directly together without using an uplink port. Which type of twisted-pair cable should be used?

Rollover

Straight-through

Crossover

Coaxial

Count the number of ‘1’ bits from left to right in the binary representation of the subnet mask.

53 / 64

A network uses the IP address range `10.10.0.0` with a subnet mask of `255.255.240.0`. What is the CIDR notation for this subnet?

/20

/22

/24

/16

Consider the latest generation of Wi-Fi security standards.

54 / 64

An administrator wants to implement a wireless security protocol that offers the most robust security, including protection against replay attacks using Perfect Forward Secrecy (PFS). Which protocol should be chosen?

WPA2

WPA3

WEP

WPA

This device acts as the gatekeeper, passing authentication requests between the client and the central server.

55 / 64

In the context of 802.1X authentication, what is the role of the wireless access point or switch that the end-user device connects to?

Authenticator

Authentication Server

Supplicant

Accounting Server

Accurate timestamps are critical for logging and security event correlation.

56 / 64

Which protocol is responsible for providing synchronized time to devices across a network?

SFTP

NTP

DHCP

SNMP

This is the ‘exit door’ a computer uses to communicate with the rest of the world outside its local subnet.

57 / 64

What is the purpose of a default gateway for a host on a TCP/IP network?

To provide the host with its IP address configuration.

To forward packets destined for hosts on other networks.

To resolve domain names into IP addresses.

To store and forward email messages.

This is a list of rules processed in sequential order on a router or firewall.

58 / 64

A network security policy states that a ‘least privilege’ model must be enforced for network traffic. Which network device feature is primarily used to implement this policy by explicitly permitting or denying traffic based on IP address, port number, and protocol?

Virtual Local Area Network (VLAN)

Network Address Translation (NAT)

Quality of Service (QoS)

Access Control List (ACL)

This framework is ‘extensible’ because it allows for new authentication methods to be added without changing the core framework.

59 / 64

Which of the following is an authentication framework, not a specific protocol, that is commonly used in wireless networks and point-to-point connections?

RADIUS

Kerberos

EAP (Extensible Authentication Protocol)

TACACS+

This function is necessary because routers typically block broadcast traffic from passing between subnets.

60 / 64

What is the purpose of a DHCP relay agent?

To provide a backup DHCP server in case the primary one fails.

To forward DHCP broadcast messages across different subnets.

To encrypt DHCP traffic between the client and server.

To filter and block requests from unauthorized clients.

This technology comes in different ‘levels’ (e.g., RAID 1, RAID 5) that offer different balances of redundancy and performance.

61 / 64

Which of the following is a mechanism used to provide fault tolerance for a server by combining multiple physical hard drives into a single logical unit?

Clustering

Load Balancing

RAID (Redundant Array of Independent Disks)

UPS (Uninterruptible Power Supply)

This technology allows a single piece of hardware to act as multiple, independent network segments.

62 / 64

What is the term for a logical grouping of switch ports that allows traffic to be isolated as if the ports were on physically separate switches?

Trunk

VLAN (Virtual LAN)

Subnet

Collision Domain

This protocol creates a logical tree structure out of a physically meshed switched network.

63 / 64

Two switches are connected with redundant links to provide fault tolerance. However, this has created a situation where broadcast frames are endlessly circling between them, consuming all available bandwidth. What protocol must be enabled to resolve this issue?

ARP

NAT

RIP

STP

Consider the fundamental difference in how these two cable types transmit signals.

64 / 64

Which of the following is a benefit of using fiber-optic cable over copper twisted-pair cable?

Easier to terminate

Lower installation cost

Immunity to electromagnetic interference (EMI)

Ability to be powered using Power over Ethernet (PoE)

Your score is

Why You Need a CompTIA Network+ Practice Test

Mastering Network Topologies for Resilience

Troubleshooting Network Connectivity: The APIPA Address

Securing Remote Access: SSH vs. Telnet

Network Architecture and Security Zones

Understanding Duplex Mismatches and Performance

Conclusion

Related Posts

Free CompTIA PenTest+ Practice Test to Ace the (PT0-003) Exam

Master the Exam with This Free CompTIA CySA+ (CS0-003) Practice Test

65+ Essential CompTIA Security+ Practice Questions to Conquer the Exam