CompTIA Network Plus Study Guide

Contents
Lesson 1: Comparing OSI Model Network Functions...................................................................................2
Lesson 2: Deploying Ethernet Cabling.........................................................................................................3
Lesson 3: Deploying Ethernet Switching......................................................................................................5
Lesson 4: Troubleshooting Ethernet Networks............................................................................................7
Lesson 5: Explaining IPv4 Addressing..........................................................................................................8
Lesson 6: Supporting IPv4 and IPv6 Networks...........................................................................................10
Lesson 7: Configuring and Troubleshooting Routers..................................................................................11
Lesson 8: Explaining Network Topologies and Types.................................................................................13
Lesson 9: Explaining Transport Layer Protocols.........................................................................................15
Lesson 10: Explaining Network Services....................................................................................................16
Lesson 11: Explaining Network Applications..............................................................................................17
Lesson 12: Ensuring Network Availability..................................................................................................19
Lesson 13: Explaining Common Security Concepts....................................................................................21
Lesson 14: Supporting and Troubleshooting Secure Networks..................................................................23
Lesson 15: Deploying and Troubleshooting Wireless.................................................................................24
Lesson 16: Comparing WAN Links and Remote Access Methods...............................................................27
Lesson 17: Explaining Organizational and Physical Security Concepts.......................................................28
Lesson 18: Explaining Disaster Recovery and High Availability Concepts...................................................30
Lesson 19: Applying Network Hardening Techniques................................................................................31
Lesson 20: Summarizing Cloud and Datacenter Architecture....................................................................33

Western Governors University September 2023

CompTIA Network Plus Study Guide
Lesson 1: Comparing OSI Model Network Functions
1. A networking engineer is troubleshooting issues with a router. At which layer of the OSI model
is the engineer troubleshooting?
a. Layer 3, Network; The main appliance working at layer 3 is the router; The network layer
is responsible for moving data around a system of networks, known as internetwork or
the Internet.
2. A systems admin wants to ensure that port numbers are being appropriately assigned for each
type of network application. What layer of the OSI model should the admin be reviewing to
ensure these actions are taken?
a. Layer 4, Transport; At the transport layer on the sending host, the system packages data
from the upper layers as a series of layer 4 protocol data units (PDUs). It is critical at this
layer that all types of network applications be assigned the correct port number.
3. A communications engineer notices that every time it rains the signal becomes very degraded.
Which layer of the OSI model is the engineer most likely troubleshooting?
a. Layer 1, Physical; The physical layer of the OSI model is responsible for the transmission
and receipt of the signals that represent bits of data from one node to another node;
Wireless is considered a layer one medium.
4. A network admin configures a SOHO router for a small business. Which zone and IP address
information is configured on the router for proper functionality for users to access all internal
resources and the Internet?
a. Zone: private, Internal IP range 192.168.51.0/24, Zone: public, External IP 209.0.113.1;
For the SOHO router to function properly for both internal network communications and
access to the Internet, a private zone would use a private IP address range (192.168. 0.0
to 192.168. 255.255.) while a public zone would use a public IP (198.20.0.0;
223.255.255.255).
5. An application developer is attempting to troubleshoot issues with ASCII conversion for their
application. At which layer of the OSI model are they troubleshooting?
a. Layer 6, Presentation; The presentation layer of the OSI model transforms data between
the format required for the network and the format required for the application.
6. A security engineer implements port security on a hardware firewall. Which OSI model layer
identifies the application ports to configure?
a. Layer 4, Transport; The transport layer manages end-to-end communications. At layer 4,
a port number identifies each application, such as 80 for HTTP web traffic.
7. A network engineer is analyzing a specific network protocol. What are the principal functions
of a network protocol?
a. Addressing and Encapsulation; Addressing describes where data messages should go. At
each layer, there are different mechanisms for identifying nodes and rules on how they
can send and receive messages. Encapsulation describes how the system should package
data messages for transmission. Encapsulation is like an envelope for a letter, with the
distinction that each layer requires its own envelope.
8. Which networking component would connect to a SOHO router, operating at the first layer of
the OSI model?
a. RJ-45; Several RJ-45 ports (typically four) connect to a local cable network. These are
typically labeled as LAN ports and operate at the physical layer.

Western Governors University September 2023

CompTIA Network Plus Study Guide
9. A systems engineer configures IP addresses for a SOHO router. In doing so, the engineer uses
calculations to determine addresses for two subnets. Which value does the engineer
determine the binary value of 1 0 1 0 relates to in hexadecimal?
a. A; Character A is the hexadecimal representation of the decimal value of 10 and the
binary value of 1 0 1 0.
10. A junior IT tech configures a private computer network for a small bakery. What is a SOHO
router considered to be once it is placed in the building?
a. CPE; Customer premises equipment is equipment owned, managed, and supported by
the customer as it falls beyond the demarcation point.

Lesson 2: Deploying Ethernet Cabling

1. A project manager is preparing a team to set up cabling infrastructure in a new building. What
tools should they order to be able to create patch cords?
a. Crimper/Cable stripper; A cable crimper creates a patch cord that fixes a plug to a cable.
Many crimpers also come with cable stripping capabilities.
2. A company has called a consultant to replace STP cabling and is looking at the varying types.
What is the most challenging to install?
a. Legacy STP; Legacy shielded twisted pair cable could be complex to install, as it requires
bonding each element to ground manually. Using screened or shielded cable means the
consultant must also use screened or shielded connectors.
3. A solutions architect is designing a cable management solution. What is the most common
wiring distribution method?
a. Patch panel; A patch panel or patch bay is a type of distribution block with insulation-
displacement connections (IDCs) on one side and pre-terminated RJ-45 modular ports
on the other.
4. A network tech needs a cost-effective solution that can multiplex up to 16 wavelengths on an
SFP/SFP+ interface. Which multiplexing technique should the network tech use?
a. Coarse Wavelength Division Multiplexing (CWDM) supports up to 16 wavelengths and
typically deploys four or eight bidirectional channels over a single fiber strand (LINK).
5. A solutions architect is determining where to use fiber cabling and wireless networks to
deploy an infrastructure efficiently and cost-effectively. What would most likely best suit use
of wireless connectivity?
a. IOT; Many people and businesses are deploying Internet of Things (IoT) devices in their
homes and offices, these are usually wireless, through routers, or Ethernet-based.
6. What two termination schemes should be used to terminate twisted pair cabling in
accordance with the TIA/EIA-568 standard as they set up a new office network for their
company?
a. T568A and T568B are the two termination schemes used for terminating twisted pair
cabling in accordance with the TIA/EIA-568 standard. Both schemes are equivalent in
performance and differ only in color coding.
7. A network tech is looking over diagrams for special types of equipment rooms that mark the
point at which external cabling joins to internal cabling. What is this called?
a. Demarc; Demarcs are special types of equipment rooms marking the point at which
external cabling joins to the internal cabling, located on premise.

Western Governors University September 2023

CompTIA Network Plus Study Guide
8. A network tech is researching standards for the physical and data link layer. Which standard,
developed to implement the functions of the physical and data link layers of the OSI model, is
the most important?
a. 8 0 2.3; The most important standard developed is the Institute of Electrical and
Electronics Engineers 8 0 2.3 Ethernet standards.
9. A project manager is working on a project using fiber optic cabling. They are looking for the
cabling core ferrule which has the tightest connection and best return loss performance. What
should they use?
a. APC; The angled faces of Angled Physical Contacts make for a tight connection and
better return loss performance. APCs cannot mix with PC faces or UPCs.
10. A project manager is preparing for an upcoming work assignment by comparing available
cable types for use within the project. What is NOT a benefit of using fiber optic cabling?
a. Cost; Fiber optic cabling costs more than copper cabling. This is the main downside for
organizations, as most organizations tend to go with the lowest cost options to support
operations.
11. A network tech is laying out coaxial cables and needs to order more termination connectors.
What should they order?
a. F-type; You would usually terminate coaxial cables using F-type connectors, which are
secured by screwing into place. Coax cables are categorized using the Radio Grade (RG)
standard.
12. A systems admin is looking at technology in the organization's environment and finds Fast Link
Pulse. What does this technology do?
a. Sends link integrity test signals; Fast Ethernet codes a 16-bit data packet into this signal
to advertise its service capabilities. This is known as the Fast Link Pulse.
13. A network engineer is deploying an architecture using Carrier Sense Multiple Access with
Collision Detection. How does the CSMA/CD protocol work?
a. The following steps are the correct order of a CSMA/CD protocol: Data, check network,
transmit data, collision, wait, retransmit.
14. A network admin is setting up cabling between buildings and needs to transmit the maximum
distance possible. Which type of cabling would be most suitable?
a. Single Mode (SMF) fiber optic cable supports higher bandwidth over longer links than
multimode fiber optic and copper cabling.
15. In fiber optic cable construction, what reflects signals back into the waveguide as efficiently as
possible so that the light signal travels along the waveguide by multiple internal reflections?
a. Cladding reflects signals back into the waveguide as efficiently as possible so that the
light signal travels along the waveguide by multiple internal reflections.
16. A cable operator is assessing the use of UTP cabling in an office building. What is true
regarding UTP?
a. Unshielded Twisted Pair cable is more susceptible to interference and crosstalk than
shielded twisted pair cabling. In considering UTP, Modern buildings are often flood-wired
using UTP cabling. Additionally, this flood-wire approach of using UTP involves cables
being laid to every location in the building that may need to support a telephone or
computer.
17. What fiber optic connector form factor features a push-pull mechanism?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. The Subscriber Connector (SC) is a popular type of fiber optic connector that has a
square snap-in design. It features a push-pull coupling mechanism, which allows for easy
insertion and removal of the connector. The SC connector is available in both single-
mode and multimode versions, making it versatile for various fiber optic applications.
18. What is true about Gigabit Ethernet?
a. Works over Cat 5e or newer
Maximum distance of 100 meters for UTP cabling between two ports, and
Supports rates up to 1000 Mbps.
19. A project manager is ordering equipment to set up fiber cabling in a new building. What tools
will allow a more permanent join with lower insertion loss?
a. A fusion splicer achieves a more permanent join with lower insertion loss ( less than or
equal to 0.1 dB). The fusion splicing machine performs a precise alignment between the
two strands and then permanently joins them together.
20. A network tech in Germany is setting up Cat 7 cabling in an organization. To comply with
installation standards what types of termination connectors should be used?
a. TERA and GG45 connectors can terminate Cat 7 cabling.

Lesson 3: Deploying Ethernet Switching

1. A networking admin is trying to power off a Cisco switch, but it is not working. The admin
needs to be in which mode to perform this task?
a. Privileged EXEC mode (or enable mode) allows the user to reboot or shut down the
appliance and to backup and restore the system configuration.
2. A cable operator needs to transition a cable from one type to another. What would best help?
a. Media converter; A media converter transitions from one cable type to another. Media
converters also work at the Physical layer of the OSI model.
3. A systems admin is trying to troubleshoot frames moving over a 10 gigabit network using the
most optimal solution. What should they use?
a. Active tap; An active tap is a powered device that performs signal regeneration.
Gigabit signaling over copper wire is too complex for a passive tap to monitor.
4. A network architect is assessing network performance. What is part of the CSMA/CD protocol
to identify collisions early?
a. Preamble and SFD; The preamble and start frame delimiter (SFD) are used for clock
synchronization and are part of the Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) protocol to identify collisions early.
5. A network tech wants to upgrade the company's hub to isolate collision domains from each
other and allow for Gigabit Ethernet. Which solution would help the tech to accomplish this?
a. Switch; An Ethernet layer 2 switch performs a similar function as a bridge, but in a more
granular way, and for many more ports than bridges support.
Gigabit Ethernet and Ethernet 10 GbE cannot be deployed without using switches.
6. A server admin needs to allow a server to instruct the switch to pause traffic temporarily to
avoid overwhelming its buffer and causing it to drop frames. What should they set up?
a. Flow control; IEEE 802.3x flow control allows a server to instruct the switch to pause
traffic temporarily to avoid overwhelming its buffer and causing it to drop frames.

Western Governors University September 2023

CompTIA Network Plus Study Guide
7. A help desk operator is trying to identify the vendor for a piece of equipment. What could they
check to determine the vendor?
a. OUI; The first six hex digits of a MAC address, also known as the Organizationally Unique
Identifier, identifies the manufacturer of the equipment.
8. A network admin is setting up connection points for multiple devices to connect. What device
cannot be configured?
a. Hubs; Hubs have no configuration options. The tech connects the device to a power
source and then connects the network cables for the hosts, which then become part of
the network segment served by the hub.
9. A network tech wants to upgrade the company's hub to avoid collisions. Which solution would
help the tech fully accomplish this?
a. Switch; An Ethernet layer 2 switch performs a similar function as a bridge, but in a more
sophisticated way, and for many more ports than bridges support. Each switch port is a
separate collision domain.
10. A network tech is setting up a connection between switches, but the switches cannot establish
a connection. What would be the most likely cause of the switch's inability to establish a
connection?
a. Dual MDI-X ports; When a switch needs to connect to another switch, communications
would fail if both interfaces used media dependent interface crossover (MDI-X).
11. A systems admin needs to combine multiple 1 Gbps connections to be able to support 2 Gbps
connections. What should they set up?
a. NIC teaming; Port aggregation combines two or more separate cabled links into a single
logical channel.
12. A network tech has set up a link where the cable length exceeds the distance limitation and
may not achieve the required speed or be unreliable. What should be used in this case?
a. Repeaters overcome distance limitations by boosting the signal somewhere along the
cable run. A repeater works at the physical layer (Layer 1) of the OSI model and is
transparent concerning the rest of the network infrastructure.
13. A networking project manager needs switches that can connect and operate as a group. What
should they use?
a. Stackable means that switches can connect and operate as a group. The system admin
can manage the switch stack as a single unit.
14. Due to budgetary restraints, a systems admin is setting up servers with standard network
interface cards (NICs) using the most cost-effective methods. What do most standard NICs
support?
a. Gigabit Ethernet and Fast Ethernet; Most Ethernet adapters support Fast Ethernet,
meaning that they support Fast Ethernet and 10BASE-T. In addition to Gigabit Ethernet,
the Fast Ethernet standard is also useful in this instance as the improved encoding
methods raise the bit rate from 10 Mbps to 100 Mbps.
15. A network engineer is setting up MTU sizes to follow most Ether products. In normal
conditions, what is the maximum size of a standard Ethernet frame, excluding the preamble?
a. The maximum size of an Ethernet frame is normally 1518 bytes, excluding the preamble.

Western Governors University September 2023

CompTIA Network Plus Study Guide
Lesson 4: Troubleshooting Ethernet Networks
1. A systems manager is preplanning for the event that critical servers will fail. What would be
the most likely plan of action?
a. Replace; In the case of critical servers, the systems manager would have duplicate
servers on hand to replace them since the cost of the time it would take to repair the
servers would be unknown.
2. A help desk tech is helping to troubleshoot a switch's connectivity issues. Users report that
they are receiving a blinking amber light. This is indicative of what type of issue?
a. Fault detected; A blinking amber light indicates that the system has detected a fault,
such as a duplex mismatch or a spanning tree blocking.
3. A help desk tech is trying to troubleshoot the end of a cable but is uncertain where the other
end is. What could they use to help find the other end of the cable?
a. Fox and Hound; A network tone generator and probe trace a cable from one end to the
other. This device is also known as a Fox and Hound or a tone probe.
4. A help desk tech is troubleshooting communications between a client and print server. They
are trying to perform the step to identify symptoms and duplicate the problem. What does
NOT fall under this step?
a. Questioning the obvious falls under establishing a theory of probable cause.
5. A network tech is troubleshooting a connection from a client and decides to use the bottom to
top troubleshooting methodology. Which step would the tech perform first?
a. Deciding whether the problem is hardware-related would be the first step. The physical
layer (layer 1) is at the bottom of the OSI model.
6. A network operator is trying to troubleshoot issues in cabling that could affect performance.
What should the network operator use to test the cabling?
a. TDR; A cable tester might incorporate the function of a time domain reflectometer
(TDR). A TDR measures the length of a cable run and locates kinks and other
imperfections in cables that could affect performance.
7. A help desk operator is troubleshooting a site that is no longer responsive. What is the last
step the operator should perform?
a. Document findings; The last step in troubleshooting is to document findings. This gives
you the opportunity to add a complete description of the problem and its solution,
including findings, actions, and outcomes.
8. A help desk operator is troubleshooting a site that is no longer responsive. What is the first
step the operator should perform?
a. Identify the problem; Identifying the problem includes, but is not limited to, gathering
information, duplicating the problem if possible, and determining if anything has
changed. Identifying the problem is the first step in the troubleshooting methodology.
9. A network tech is trying to troubleshoot attenuation and measure accordingly. What unit of
measurement expresses attenuation?
a. dB; Attenuation is the loss of signal strength, measured in decibels (dB). dB expresses
the ratio between two measurements, and in this case, signal strength at origin and
destination.
10. A network operator is troubleshooting connectivity issues and suspects that the transceiver is
the source of the problem. What should the network operator perform?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. Use a loopback tool; If the problem is not the patch cords, then test the transceivers.
The network operator can use a loopback tool to test for a bad port.

Lesson 5: Explaining IPv4 Addressing

1. A network admin wants to use a subnet mask containing 62 usable addresses. What subnet
masks should the admin use?
a. A subnet mask of 255.255.255.192 has 62 usable addresses. Subnet addressing has
three hierarchical levels: a network ID, subnet ID, and host ID.
2. A client is trying to connect to a network. The client can get an IP address but does not have
internet access and decides to see if they are issued an APIPA address. Which of the following
would fall under the APIPA range?
a. 169.254.0.0 through 169.254.255.255; The APIPA range is from 169.254.0.0 through
169.254.255.255. Microsoft developed Automatic Private IP Addressing (APIPA) for
clients that could not contact a Dynamic Host Configuration Protocol (DHCP) server.
3. A systems admin is looking into communications issues on a server. If the destination IPv4
address is on a different IP network or subnet, where will the host send the traffic?
a. Default gateway; When the destination IPv4 address is on a different IP subnet, the host
forwards the packet to its default gateway rather than trying to deliver it locally. The
default gateway is a router configured with a path to remote networks.
4. A helpdesk operator is troubleshooting communication issues for devices in different
broadcast domains. Which device is necessary in order for nodes to communicate in separate
broadcast domains?
a. Router; Nodes within each subnet can address one another directly since they are in the
same broadcast domain, but they can only communicate with nodes in other subnets via
the router.
5. A security admin is investigating a CAM table flooded by an attacker. In the packet capture,
what protocol should the security admin filter on to look at related traffic?
a. ARP; The Transmission Control Protocol/Internet Protocol (TCP/IP) suite includes the
Address Resolution Protocol (ARP). The ARP performs the task of resolving an IP address
to a hardware address. ARP messaging is only available to use with Ethernet.
6. A helpdesk tech is reviewing the network layout in various areas. What is the purpose of
subnetting?
a. Layer 3 segments
7. A security architect is dividing a network into logically distinct zones for security and
administrative control. Which of the following should the security architect use?
a. V LANs; V LANs are useful to divide a network into logically distinct zones for security
and administrative control.
8. A security analyst is reviewing various subnets that are set aside for various purposes. What is
the subnet 192.0.2.0/24 and 198.51.100.0/24 set aside for?
a. Documentation and examples; The subnets 192.0.2.0/24, 198.51.100.0/24,
203.0.113.0/24 are all set aside for use in documentation and examples. These are other
IPv4 address ranges reserved for special use and are not publicly routable.
9. A security analyst is reviewing malicious packets and trying to understand the IPv4 header.
What is the first field in an IPv4 header?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. Version; The Version field is the first field in an IPv4 packet and indicates the version of
the Internet Protocol in use, which in the case of IPv4 is 4.
10. A network architect is planning a new setup for a new company that has yet to build buildings.
Which of the following would the architect set up for a /16 network?
a. Class B; Class B: 255.255.0.0 (/16). The first octet for class B is from 128 - 191. The only
remaining use of classful terminology is to describe the default subnet masks.
11. A systems admin attempts to allow one host on the Internet to send content to other hosts
that have identified themselves as interested in receiving the originating host's content. What
should the admin use to accomplish this?
a. Multicast; IPv4 multicasting allows one host on the Internet (or private IP network) to
send content to other hosts that have identified themselves as interested in receiving
the originating host's content.
12. A network admin is working for a large company on a subnet that requires an 8 bit mask.
Which of the following would that be?
a. 255.0.0.0; 255.0.0.0 is an 8-bit mask. A short netmask (255.0.0.0) allows for millions of
hosts per network but only 126 possible network addresses.
13. A security analyst is looking at traffic directed to 0.0.0.0/8. For what purpose is this IP range
typically used?
a. Source address by client seeking a DHCP lease; The system uses the subnet 0.0.0.0/8
when a specific address is unknown and typically used as a source address by a client
seeking a Dynamic Host Configuration Protocol (DHCP) lease.
14. A network admin wants to be able to address multiple address hosts. Which of the following
would accomplish this task?
a. Broadcast and/or ff:ff:ff:ff:ff:ff; One method of addressing multiple hosts is to perform a
broadcast. An admin performs a broadcast by sending a packet to the network or
subnet's broadcast address. Implemented broadcasts occur at layer 2 by sending them
to MAC address ff:ff:ff:ff:ff:ff. All hosts connected to the switch (or in the same VLAN)
will receive them.
15. A security tech is looking at binary and trying to convert it to an IP address. The first field is
00110011. What does this translate to in decimal?
a. 51; The IP address 00110011 would be 51 in decimal. The place values are powers of 2
(2^1=2, 2^2=4, 2^3=8, 2^4=16, and so on). The tech should memorize these values to
perform binary/decimal conversions using the columnar method.

Subnetting Conversion Tables

Address Class Default Subnet Mask Assignable IP Calculation Assignable IP Addresses
24
Class A 255.0.0.0 2 –2= 16,777,214
Class B 255.255.0.0 216 – 2 = 65,534
Class C 255.255.255.0 28 – 2 = 254

Western Governors University September 2023

CompTIA Network Plus Study Guide
Dotted Decimal Notation * CIDR Binary Notation
255.0.0.0 /8 11111111.00000000.00000000.00000000
CLASS
FUL
255.255.0.0 /16 11111111.11111111.00000000.00000000
255.255.255.0 /24 11111111.11111111.11111111.00000000
255.255.255.128 /25 11111111.11111111.11111111.10000000
255.255.255.192 /26 11111111.11111111. 11111111.11000000
CLASSLESS

255.255.255.224 /27 11111111.11111111. 11111111.11100000

255.255.255.240 /28 11111111.11111111. 11111111.11110000
255.255.255.248 /29 11111111.11111111. 11111111.11111000
255.255.255.252 /30 11111111.11111111. 11111111.11111100
!!!!! IMPORTANT 32 TOTAL BITS HERE (8X4)

Formulas for Calculating the Number of Subnets and Assignable Hosts

Example:
Created Subnets
s = number of borrowed bits
2s CIDR is /25 > Binary conversion is 10000000
1 = number of borrowed bits
Example:
CIDR is /25 > Binary conversion is 10000000
Assignable IP addresses 27 – 2
h = number of host bits
2h - 2
32 total – 25 network = 7 host
27 – 2 converts to 128 – 2 = 126 assignable IP addresses
Network ID (first IP address) & Broadcast ID (last IP address) are always reserved
so they must be subtracted from the total number available

Lesson 6: Supporting IPv4 and IPv6 Networks

1. A network tech is setting up IPv6 global addressing. What is NOT part of an IPv6 unicast
address?
a. Starts with fe80; Link local addresses start with a leading fe80, but global IPv6 addresses
begin with 001.
2. A project manager is visiting a new building and connects to the network. The manager
performs all connectivity tests by IP address but cannot ping by host name. What is most likely
the problem?
a. DNS; If the project manager can successfully perform all connectivity tests by IP address
but cannot ping by host name, then this suggests a name resolution problem.
3. A network admin is diagnosing a suspected problem with local addressing and packet delivery.
What commands would the admin use to flush the ARP cache?
a. arp -d; The arp -d deletes all entries in the ARP cache, and the network admin can also
use it with an IPAddress to delete a single entry.
4. A helpdesk tech is trying to troubleshoot a client who is having issues with its network
adapter. What should the tech try first?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. Driver; A bad or missing driver can cause a hardware device to function improperly or to
not function at all. Installing the latest driver is a good first troubleshooting step.
5. A network admin is diagnosing a suspected problem with local addressing and packet delivery.
What commands would the admin use to add an entry to the ARP cache?
a. arp -s; The arp -s IPAddress MACAddress adds an entry to the ARP cache. Under
Windows, the network admin needs to enter the MACAddress with hyphens between
each hex byte.
6. A network tech is trying to diagnose a network where something is consuming a lot of
bandwidth and slowing down the network. What would point to this?
a. Multicast transmissions; At layer 2, if a switch is not multicast-aware, it treats multicast
transmissions as broadcasts and floods them across all ports, consuming a lot of
bandwidth and slowing down the network.
7. A security engineer is analyzing IPv6 packets. What header fields is for quality of service?
a. Flow label; The flow label is for quality of service (QoS) management, such as for real-
time streams. The security engineer sets the flow label to 0 for packets not part of any
delivery sequence or structure.
8. A consultant is visiting a new project and forgot to take the manual configurations off the
computer from the last project. The client receives issues due to a disabled IP. What does the
client most likely have?
a. Duplicate IP; If Windows detects a duplicate IP address, it will display a warning and
disable the IP. Linux does not typically check for duplicate IP addresses.
9. A network admin is setting up router advertisements through Neighbor Discovery protocol on
an IPv6 network. What is NOT one of the main functions?
a. Error messaging; Error messaging is one of the new features of Internet Control Message
Protocol version 6 (ICMPv6). One change is the introduction of a Packet Too Big class of
error. Under IPv6, routers are no longer responsible for packet fragmentation and
reassembly.
10. A helpdesk operator is troubleshooting communications between devices in the same
location, but one is having issues communicating with the others. What will have issues?
a. Host D: IP: 192.168.0.10, Mask: 255.255.255.0; Host D will not be able to communicate
with the others. Host C cannot contact host D, as it thinks that host D is on the same
local network. In fact, Host C needs to route messages for 192.168.0.0/24 via the default
gateway.
11. A Linux systems admin wants to interface correctly with modern network configuration
manager packages. What would be best to accomplish this?
a. iproute2; The iproute2 package can interface correctly with modern network
configuration manager packages. Running the ip addr command performs the basic
reporting functionality of ifconfig that shows the current address configuration.
12. A security tech is analyzing packets on an IPv6 network. What headers would indicate a
multicast packet?
a. 1111 1111 or ff; The first 8 bits indicate that the address is within the multicast scope
1111 1111. A multicast address sends a packet from a single source to multiple network
interfaces. Another way to indicate a multicast IPv6 address is ff, which is the same as
1111 1111. Unlike IPv4, IPv6 routers must support multicast.

Western Governors University September 2023

CompTIA Network Plus Study Guide
13. A security tech is analyzing IPv6 traffic and looking at incomplete addresses. What is a correct
IPv6 address?
a. 2001:db8:abc:def0::1234, The address 2001:db8:abc:def0::1234 is a correct address.
The double colon (::) compression can only be used once in a given address.
14. A helpdesk tech is setting up a new IP configuration for a new Ethernet adapter on a client
using PowerShell. Which command should the tech use?
a. New-NetIPAddress, A new Ethernet adapter configuration can be applied using New-
NetIPAddress in PowerShell.
15. A helpdesk tech is troubleshooting issues on a Windows client. Which command does the tech
use to clear the current IP address so that a new one may be obtained?
a. The ipconfig /release interface command releases the IP address obtained from a
Dynamic Host Configuration Protocol (DHCP) server so that the interface(s) will no
longer have an IP address.

Lesson 7: Configuring and Troubleshooting Routers

1. A network architect is comparing RIP vs. EIGRP. What is the key difference between the two?
a. Full vs incremental routing updates; Where one sends periodic updates of its entire
routing information base, the other sends a full update when it first establishes contact
with a neighbor, and afterward, only sends updates when there is a topology change.
2. A network admin is looking through routing tables to troubleshoot issues. What is NOT an
entry in the routing table?
a. Traffic class; Traffic class is not part of a routing table. Traffic class is part of the IPv6
packet fields, which describe the packet’s priority.
3. A network tech is attempting to prevent poorly addressed packets from permanently
circulating the network. What will not decrease when it passes through switches?
a. Neither hop count nor TTL will decrease when passing through a switch, only when it
passes through routers.
4. A network admin is setting up an Exterior Gateway Protocol (EGP). What protocols is part of
the EGP class?
a. BGP; The Border Gateway Protocol is a path vector type that is part of the Exterior
Gateway Protocol class and runs over Transmission Control Protocol (TCP) port 179.
5. A network tech is looking at various protocols which support subnetting and super netting.
What protocol does NOT support subnetting and super netting?
a. Interior Gateway Routing Protocol (IGRP) is an older routing protocol, which is classful.
Classful routing protocols do not carry subnet masks.
6. A network architect is looking at the topology and metrics used to build and update a routing
information base. Most routing information bases get classified as What?
a. Distance vector is one of the most classed algorithms. Some protocols use a hybrid of
different methods to perform path selection more efficiently. Link state is also one of the
most classed algorithms. The algorithms for path selection are built according to the
topology and metrics that they use to build and update a routing information base.
7. A network architect is researching distance vector protocols to use. What should the architect
investigate?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. The Routing Information Protocol (RIP) is a distance vector type that is part of the IGP
class and runs over User Datagram Protocol (UDP) ports 520 or 521. The Enhanced
Interior Gateway Routing Protocol (EIGRP) is a distance vector/hybrid type that is part of
the Interior Gateway Protocol (IGP) class and runs over native IP (88).
8. A network tech is looking at a router configuration. What is NOT a mechanism for preventing
routing loops?
a. Convergence; Convergence is the process where routers running dynamic routing
algorithms agree on the network topology.
9. A Windows server admin wants to view the routing table of end systems. Which command
should the admin use?
a. route print; In Windows, to show the routing table, run route print. Apart from loopback
addresses and the local subnet, the routing table for an end system generally contains a
single entry for the default route.
10. A network operator is calculating the amount of loss suffered by all components along a fiber
transmission path. What is this called?
a. Loss budget; An optical link budget, or loss budget, is the amount of loss suffered by all
components along a fiber transmission path.
11. A network admin is troubleshooting the whole path between two Windows nodes with a view
to isolating the node or link that is causing the problem. Which command should they use?
a. Tracert; On a Windows system, the tracert command performs the same function as
traceroute. The command tracert uses Internet Control Message Protocol (ICMP) Echo
Request probes by default.
12. A network tech is looking at the interfaces on an edge router. The tech comes across a
customer's router. What is this side of the interface called?
a. CE; The customer's router is known as the customer edge (CE). Routers designed to
service medium to large networks are complex and expensive appliances.
13. A network tech is looking at the route configurations for the organization's environment. What
is it called when the IP network or subnet for each active router interface gets automatically
added to the routing table?
a. Directly connected routes; The IP network or subnet for each active router interface gets
automatically added to the routing table. These are known as directly connected routes.
14. A storage admin notices that packets from their storage devices are often fragmented. What
would be the cause of this?
a. MTU; It is possible that due to limitations in the underlying network, IP may fragment
the packet into more manageable pieces to fit within the Maximum Transmission Unit
(MTU) of the Data Link protocol frame.
15. A security engineer is looking at IPv6 packets and observes packets for a default route. What
represents a default route?
a. ::/0, The destination address 0.0.0.0/0 (IPv4) or ::/0 (IPv6) represents the default route.
A default route is a special type of static route that identifies the next hop router for a
destination that the system cannot match by another routing table entry.

Western Governors University September 2023

CompTIA Network Plus Study Guide
Lesson 8: Explaining Network Topologies and Types
1. A security architect is looking over network topologies where each endpoint node connects to
a central forwarding node. What is this called?
a. Star; In a star topology, each endpoint node connects to a central forwarding node, such
as a hub, switch, or router. The central node mediates communications between the
endpoints.
2. A network tech is studying a network topology where each node wires to its neighbor in a
closed loop. What is this called?
a. Ring; In a physical ring topology, each node wires to its neighbor in a closed loop. A node
receives a transmission from its upstream neighbor and passes it down until the
transmission reaches its intended destination.
3. A network engineer is looking at a local area network (LAN) which uses structured cabling, two
24-port switches and a router to provide connectivity. What type of LAN is this most likely?
a. SME; Small and medium-sized enterprise (SME) networks are networks supporting
dozens of users. Such networks would use structured cabling and multiple switches and
routers to provide connectivity.
4. A network admin is looking at a network where network utilization approaches maximum
capacity, and the CPU utilization of the switches jumps to 80 percent or more. What is this
called?
a. Broadcast storm; A broadcast storm will cause network utilization to approach maximum
capacity and the CPU utilization of the switches to jump to 80 percent or more.
5. A network architect is researching VLAN IDs (VID) for each frame, to preserve them for the
receiving switch to forward them correctly. The network architect should look at which
standard.
a. 802.1Q; The IEEE 802.1Q standard normally defines VIDs under 802.1Q. A tag inserted in
the Ethernet frame, between the Source Address and EtherType fields, identifies each
VLAN traffic.
6. A network admin is setting up Virtual Local Area Networks (VLANs) for various segments, such
as voice and data. What IDs is the default VLAN?
a. 1- The VLAN with ID 1 is known as the default VLAN. Unless configured differently, all
ports on a switch default to being in VLAN 1.
7. A network admin is determining untagged port logic for a frame addressed to a port in the
same VLAN on the same switch. What would happen?
a. No tag is added; If the frame gets addressed to a port in the same VLAN on the same
switch, then the admin does not need to add a tag to the frame.
8. A network operator is reviewing a network topology where all nodes share the bandwidth of
the media. What is this called?
a. Bus; A physical bus topology with more than two nodes is a shared access topology,
meaning that all nodes share the bandwidth of the media.
9. A network admin is trying to figure out which switch will be rooted in a spanning tree protocol
set up. What would determine the root?
a. Lowest ID; The switch with the lowest ID, comprising a priority value and the MAC
address, will be selected as the root.

Western Governors University September 2023

CompTIA Network Plus Study Guide
10. A network analyst is looking at traffic from switches to other switches, which determines the
shortest path. What is this called?
a. BPDU; The spanning tree protocol (STP) information gets packaged as bridge protocol
data unit (BPDU) multicast frames. Each switch then determines the shortest path to the
root bridge by exchanging information with other switches.
11. A network architect is reviewing a network where application services and resources are
centrally provisioned, managed, and secured. What is this called?
a. Client server; A client-server network is one where some nodes, such as PCs, laptops,
and smartphones, act mostly as clients. Application services and resources are centrally
provisioned, managed, and secured.
12. A network tech does not have enough ports on a single switch and has to connect multiple
switches. What should the tech research for interconnections between switches?
a. Trunks; The interconnections between switches are known as trunks. The network tech
should configure one of the ports on each switch as a trunk port for this purpose.
13. A network admin is looking at a switch where the network is not converged. What does this
mean?
a. Regular communications are not taking place; When the network is not converged, no
communications can take place. Under the original 802.1D standard, this made the
network unavailable for extended periods (tens of seconds) during configuration
changes.
14. A network admin wants to set up a switch with a voice or auxiliary Virtual Local Area Network
(VLAN) to distinguish the PC and VoIP traffic without having to set up a trunk port. What
commands should the admin perform first?
a. interface Gigabit Ethernet 0/0; The interface Gigabit Ethernet 0/0 is the first command.
Normally, for a switch interface to process tagged frames, it would have to be configured
as a trunk port. This adds a lot of configuration complexity.
15. A network architect is reviewing the architecture for a large company. What tiers is NOT part
of the traditional three-tiered network hierarchy?
a. Bus; A bus is a type of topology and is not part of the traditional three-tiered network. A
physical bus topology with more than two nodes is a shared access topology, meaning
that all nodes share the bandwidth of the media.

Lesson 9: Explaining Transport Layer Protocols

1. A systems engineer is looking at running services on the company's Linux hosts and wants to
include ports in the listening state in the output. Which netstat switch should the engineer
use?
a. -a, Using the -a switch includes ports in the listening state in the output. The netstat
command allows the admin to check the state of ports on the local host.
2. A security engineer is looking at Transmission Control Protocol (TCP) traffic headers. What
allows the receiver to rebuild the message correctly?
a. Sequence number, The sequence number allows the receiver to rebuild the message
correctly and deal with out-of-order packets.
3. A security analyst wants to reconstruct the packet contents for a Transmission Control Protocol
(TCP) session in Wireshark. Which function should the security analyst use?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. Follow TCP Stream, A useful option is to use the Follow TCP Stream context command to
reconstruct the packet contents for a TCP session.
4. A network admin is looking at packet captures from the network and trying to isolate email
traffic. What should the network admin include?
a. TCP 25, TCP 143; Transmission Control Protocol (TCP) 25 is Simple Mail Transfer Protocol
(SMTP) traffic which the network admin should include when searching for email traffic.
TCP 143 is Internet Message Access Protocol (IMAP) traffic which would also be email
traffic, and the admin should include it as well.
5. A penetration tester has performed a quick service enumeration with Nmap and now wants to
further enumerate the findings. Which parameter should the pen tester use in the command?
a. -sV, When services get discovered, the pen tester can use Nmap with the -sV switch to
probe a host more intensively to discover the software or software version operating
each port.
6. A security analyst is looking at traffic from older devices between ports 2,000; 3,000. What is
this traffic most likely?
a. Client ports, OS implementations of Transmission Control Protocol/Internet Protocol
(TCP/IP) have not always conformed to recommendations. For example, earlier versions
of Windows and UNIX/Linux used 1,024—5,000 for client ports
7. A penetration tester wants to perform remote port scanning. Which Nmap scan fast technique
as the scanning host requests a connection without acknowledging it?
a. -sS, TCP SYN (-sS) is a fast technique (also referred to as half-open scanning) as the
scanning host requests a connection without acknowledging it. The target's response to
the scan's SYN packet identifies the port state.
8. A server admin is analyzing a normal Transmission Control Protocol (TCP) Teardown
connection to their servers. How many FIN-WAIT states does the client go through during this
process?
a. Two, The client goes through two FIN-WAIT states. In the first step, the client sends a FIN
segment to the server and then enters the FIN-WAIT1 state.
9. A security analyst is reviewing UDP traffic headers. What is NOT a field in a UDP traffic header?
a. Window, The window field is in Transmission Control Protocol (TCP) traffic, not User
Datagram Protocol (UDP) traffic. It is the amount of data the host is willing to receive
before sending another acknowledgment. TCP's flow control mechanism means if it is
getting overwhelmed, one side can slow the sending rate.
10. A systems admin needs network visibility to establish the logical topology of routers and
subnets. What is a lightweight standalone tool which will allow the admin to easily scan for
IPs?
a. PRTG, IP scanning uses lightweight standalone open source or commercial tools, such as
Nmap, AngryIP, or PRTG. An IP scanner is a tool that performs host discovery.

Lesson 10: Explaining Network Services

1. A client is attempting to renew its lease with the DHCP server so that it can keep the same IP
addressing information. How much of the lease duration has lapsed?
a. At least 50%, A client can renew the lease when at least half the lease's period has
elapsed so that it keeps the same IP addressing information.

Western Governors University September 2023

CompTIA Network Plus Study Guide
2. An admin is configuring the TCP/IP settings in workstations and wants to use the solution with
the least amount of overhead. What setting will the admin select?
a. DHCP, The admin will use Dynamic Host Configuration Protocol (DHCP) which provides
an automatic method for allocating an IP address, subnet mask, and other optional
parameters.
3. An admin is configuring a DHCP server. What configurations must the admin apply to the
server?
a. The server must receive a static IP address and the admin must configure a scope.
4. An organization has multiple subnets but only using one DHCP server. How is this possible?
a. DHCP relay and UDP forwarding. Admins can configure a DHCP relay agent to provide
forwarding of DHCP traffic between subnets to avoid provisioning and configuring DHCP
servers on every subnet. UDP forwarding is a more general application of a DHCP relay,
but UDP forwarding forwards DHCP, the Network Time Protocol (NTP), and other
broadcast-based applications.
5. An admin configures a new mail server to meet the organization's goals. Which record lists the
IP addresses or names of servers that can send email from a particular domain and combats
the sending of spam?
a. SPF, A Sender Policy Framework (SPF) is a TXT-based record that lists the IP addresses or
names of servers that can send email from a particular domain and combats the sending
of spam.
6. A user has typed www.network.com into a web browser. The domain name server cannot
resolve the name, so it is querying other name servers to try to find it. What kind of lookup is
the domain name server performing?
a. Recursive, A recursive lookup means that if the queried server is not authoritative, it
does take on the task of querying other name servers until it finds the requested record
or times out.
7. An admin is using DHCP and wants to retain centralized management of IP addressing but
needs to ensure that specific devices that supply always-on functionality have static IP address
assignments. What is the best solution?
a. Create reservations, To retain centralized management of IP addressing, the admin can
create a reservation which is a mapping of a MAC address or interface ID to a specific IP
address within the DHCP server's address pool.
8. ICANN is a non-profit organization that’s dedicated to keeping the Internet secure. What does
ICANN manage?
a. Generic TLDs and DNS, ICANN (Internet Corporation for Assigned Names and Numbers)
manages the generic TLDs (top level domains) such as .com, .org, .net, .info, and .biz.
ICANN also manages the Domain Name System (DNS) which is a global hierarchy of
distributed name server databases that contain information on domains and hosts
within those domains.
9. An organization is using IPv4 addresses. What records will resolve a hostname to the IP
address?
a. A, Admins use an address (A) record in the domain name system to resolve a hostname
to an IPv4 address using the UDP transport protocol over port 53 by default.

Western Governors University September 2023

CompTIA Network Plus Study Guide
10. An admin ran a command and determined that the FQDN of a client is forbes.sales.realty.com.
What is the hostname of the client?
a. Forbes, A fully qualified domain name (FQDN) consists of the hostname and a domain
suffix. In this domain, forbes is the hostname and the domain suffix is sales.realty.com.
11. During an office upgrade, a tech is tasked with configuring the DNS server. What ports can be
used when configuring a DNS service?
a. UDP port 53 and TCP port 53

Lesson 11: Explaining Network Applications

1. A growing organization wants an elementary web presence for its business. They do not intend
to perform any e-commerce with their website. What is the best option for the organization to
move forward with?
a. Shared hosting, Shared hosting is the best and most cost-effective solution for the
organization's needs. With shared hosting, your website is hosted within a private
directory on a shared server.
2. An admin is uploading configuration files to a web server using an FTP client. The client sent a
PORT command to the server that contained the connection port number. Then the server
opened the connection using that port number on the client and port 20 on the server. What
type of FTP connection is the admin using?
a. Active FTP, The admin is using active FTP in which the client sends a PORT command
specifying its chosen port and the server opens the data connection between that port
and TCP port 20 on the server.
3. An admin updated an A (address) record, but it took the client computers approximately five
minutes to recognize the change. What update can the admin make on the resource record to
allow changes to propagate through the network more quickly?
a. Decrease the TTL, The admin can decrease the time to live (TTL) value, measured in
seconds, on the resource record. This value instructs how long resolvers can keep a
query in cache.
4. What remote print protocols allows secure connections to a print device and allows it to
advertise service capabilities over the network, provide plug-and-play installation for
Windows and iOS devices, and use bidirectional status messaging?
a. Web Services for Devices (WSD)/Air Print, Web Services for Devices (WSD)/Air Print
allows for secure connections to a print device and allows it to advertise service
capabilities over the network, provides plug-and-play installation for Windows and iOS
devices, and uses bidirectional status messaging.
5. An organization is working to secure email traffic. What are some methods the organization
could use to do this?
a. STARTTLS and SMTPS, The organization could use STARTTLS which is a command that
upgrades an existing unsecure connection to use TLS. This is also known as explicit TLS or
opportunistic TLS OR The organization could use SMTPS, the TLS version of SMTP, which
establishes the secure connection before the exchange of any SMTP commands. This is
also known as implicit TLS.

Western Governors University September 2023

CompTIA Network Plus Study Guide
6. An organization is converting from landline telephones to VoIP handsets, but still needs to use
fax machines in many of the offices. What can the organization use to allow the fax machines
to operate on the new VoIP system?
a. VoIP gateway, The organization can use a VoIP gateway to connect fax machines to a
VoIP PBX. This type of device is also known as a Foreign Exchange Subscriber (FXS)
gateway.
7. What tools can a Windows admin use to troubleshoot DNS issues without installing additional
software?
a. Nslookup and ipconfig /all, In a Windows environment, admins can troubleshoot DNS
name resolution with the nslookup command. The first step in troubleshooting DNS
issues is to verify the name configured on a host. In Windows, you can use the command
ipconfig /all to display the FQDN of the local host.
8. A mail admin configured the DNS server to allow connections on TCP port 53. Why would the
admin make this kind of configuration?
a. The network is using IPv6, Admins may configure some DNS servers to allow connections
over TCP port 53, as this allows larger record transfers (over 512 bytes) which may be
necessary if the network is using IPv6.
9. An organization needs to use shared mailboxes for managing customer inquiries. What
mailbox access protocol should the clients utilize to retrieve the mail over secured
connections?
a. IMAPS, The clients should use IMAPS which is the Internet Message Access Protocol
(IMAP) secured with TLS that supports permanent connections to a server and
connecting multiple clients to the same mailbox simultaneously.
10. A server is running Microsoft SQL Server and is replicating the data to other Microsoft SQL
servers on the network. The application service is using which principal port?
a. TCP 1433, Microsoft SQL Server uses TCP/1433 to allow clients to connect to the
database server over the network and allow replication traffic to move between
database servers. Microsoft SQL Server uses TCP/1433.
11. An organization has secured its website with SSL/TLS (Secure Sockets Layer/Transport Layer
Security). By default, what port will this encrypted traffic use?
a. TCP port 443, Hypertext transfer protocol (HTTP) is an application protocol used to
provide web content to browsers. By default, HTTP traffic encrypted with SSL/TLS uses
TCP port 443.
12. An organization is converting from landline telephones to VoIP handsets. Some of the current
landline locations do not have electrical outlets nearby. What can the organization use to
power the replacement handsets in these cases?
a. PoE and Batteries, Handsets can use batteries or Power over Ethernet (PoE), if available
and there is no other power source available nearby.
13. A client’s browser has requested a web page. What protocol, at the Application layer of the
OSI model, makes the request?
a. HTTP, The foundation of web technology is the HyperText Transfer Protocol (HTTP). HTTP
enables clients (typically web browsers) to request resources from an HTTP server.

Western Governors University September 2023

CompTIA Network Plus Study Guide
14. An organization is using video conferencing to conduct meetings between different locations.
What protocols provides information that allows the network stacks to adjust the quality of
service parameters?
a. RTCP, RTP Control Protocol (RTCP) is a session on each RTP stream that monitors the
quality of the connection and provides reports that the network stacks can use to tune
Quality of Service (QoS) parameters.

Lesson 12: Ensuring Network Availability

1. An organization is using the Simple Network Management Protocol (SNMP) for remote
management and monitoring of servers and network appliances and must deploy an agent to
each device. Where are the statistics relating to the activity of each device kept?
a. MIB, The SNMP agent maintains a database called a Management Information Base
(MIB) that holds statistics relating to the activity of the device, such as the number of
frames per second handled by a switch.
2. A server is using its host key to establish a secure channel for clients to authenticate to the
secure shell (SSH) server. What methods can establish the channel?
a. Username/password, Public key authentication, and Kerberos. Username/password is
when the client submits credentials that the SSH server verifies either against a local
user database or using a network authentication server and is a valid method. In public-
key authentication, each remote user's public key appends to a list of keys authorized for
each local account on the SSH server and is a valid method. In Kerberos, the client
submits a Ticket Granting Ticket, and the SSH server contacts the Ticket Granting Service
to validate the credential. This is a valid method.
3. An admin has blocked access to port 23 to prevent users from using an unsecure terminal
emulation software and protocol. What is the admin blocking the use of?
a. Telnet, The admin is blocking Telnet which is both a protocol and a terminal emulation
software tool that insecurely transmits shell commands and output between a client and
the remote host on port 23.
4. An organization is designing a new data center. What types of environmental issues should the
organization implement sensors for?
a. Temperature, Humidity, and Electrical.
5. An admin received a Syslog alert, code 2. What level does this indicate the issue is?
a. Critical, A code 2 level alert indicates a critical level alert meaning that a fault that will
require immediate remediation is likely to develop and the admin should investigate
immediately.
6. An organization deployed components so that they could use NetFlow to measure network
traffic statistics. Which of the deployed components needs a high bandwidth network link and
substantial storage capacity?
a. NetFlow collector, A NetFlow collector needs a high bandwidth network link and
substantial storage capacity because it aggregates flows from multiple exporters and a
large network can generate huge volumes of flow traffic and data records.
7. A Windows admin needs to perform administrative tasks on servers at a different location and
prefers to use a graphical user interface. What is the best tool for the admin to use?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. RDP, The best tool for the admin to use is Remote Desktop Protocol (RDP) which is
Microsoft's protocol for operating remote GUI connections to a Windows machine. RDP
uses TCP port 3389.
8. An organization has ten employees in the finance department that all use the accounting
system for different purposes. An admin is reviewing logs and has discovered that all of the
finance employees are using the same login to access the accounting system. Which log was
the admin reviewing?
a. Audit log, The admin was reviewing the audit log which records the use of
authentication and authorization privileges, and the admin can configure it to perform at
a per-application level.
9. A file server on the network is receiving synchronized time so that it can communicate
properly, however it cannot provide synchronized time for other devices on the network. Why
is this?
a. The server supports only SNTP, The server supports only Simple Network Time Protocol
(SNTP). SNTP works over the same port as NTP, UDP port 123. A host that supports only
SNTP cannot act as a time source for other hosts.
10. An admin is monitoring the performance metrics for a server and notices that the system
memory utilization is very high. What does this indicate?
a. The system needs an upgrade, In performance metrics, if the system memory utilization
(measured as a percentage) is very high, an admin needs to upgrade the system
memory.
11. An admin needs to access servers using a key pair. What command can the admin use to create
the key pair?
a. ssh-keygen, The ssh-keygen command creates a key pair to use to access servers. The
private key stays securely on the local computer and the ssh-copy-id command copies
the public key to the server.

Lesson 13: Explaining Common Security Concepts

1. An organization hired a security firm to hack into its systems to determine what type of
exploitable weaknesses the organization was vulnerable to. What kind of testing is this?
a. Penetration testing, this kind of testing is penetration testing, also known as a pen test,
which uses authorized hacking techniques to discover exploitable weaknesses in the
target's security systems.
2. An employee logs into their computer when they arrive at work and, regardless of what
network resources they access throughout the day, they do not have to log in to anything else.
What type of authentication is this?
a. Single sign-on, A single sign-on (SSO) system allows the user to authenticate once to a
local device and it authorizes them to access compatible application servers without
having to enter credentials again.
3. The amount of data traffic both sent and received or calculated as a percentage of the
available bandwidth is known as which interface monitoring metric?
a. Utilization, Utilization is the amount of data traffic both sent and received or is
calculated as a percentage of the available bandwidth.

Western Governors University September 2023

CompTIA Network Plus Study Guide
4. An organization has identified that they must be able to continually process customer
payments and pay employee salaries to keep the business running even in the event of a
service disruption as mission essential functions. What kind of assessment did the
organization use to make these determinations?
a. Process assessment, the organization used a process assessment which involves
identifying critical systems and assets that support mission essential functions.
5. A system admin is looking into bandwidth management. Which kind of bandwidth
management technology uses a header field to indicate a priority value for a layer 3 (IP)
packet?
a. DiffServ, The Differentiated Services (DiffServ) framework classifies each packet passing
through a layer 3 device and can use defined router policies to use packet classification
to prioritize delivery.
6. An organization that issues public keys should obtain a digital certificate. What does the digital
certificate contain?
a. Information on the certificate’s guarantor, information about the subject, and the
subject’s public key
7. An organization is using Lightweight Directory Access Protocol (LDAP) to update the directory
database. The admin insists that steps to ensure access to the directory has already been
completed and is secure. What authentication methods will the admin disable?
a. Simple bind and No authentication – With simple bind the client must supply its
distinguished name (DN) and password, but these are plaintext – and with no
authentication, anonymous access can be granted to the directory, on the server.
8. A security admin is studying the relationship between vulnerabilities, threats, and risks. What
is a true statement regarding these categories?
a. A threat is a potential for an entity to breach security; A threat is a potential for
someone or something to exploit a vulnerability and breach security. A threat may be
intentional or unintentional. The person or thing that poses the threat is called a threat
actor or threat agent. The path or tool used by a malicious threat actor can be referred
to as the attack vector.
9. A security professional is working to identify all the ways a threat agent can breach security.
What security concept does the threat actor represent?
a. This represents a threat which is the potential for someone or something to exploit a
vulnerability and breach security. A threat may be intentional or unintentional.
10. A security company is working with a new customer and is describing different kinds of attacks
they have discovered through research. What form of threat research does this represent?
a. This represents behavioral threat research, which is a narrative commentary describing
examples of attacks and the tactics, techniques, and procedures (TTPs) gathered through
primary research sources.
11. An admin needs to perform maintenance on routers and switches and authenticate them over
TCP port 49. What protocol is the admin using?
a. TACACS+, The admin is using TACACS+ which is a protocol used in authenticating
administrative access to routers and switches and uses TCP over port 49.
12. An organization hires a new Marketing department head from outside the company. The new
employee is surprised to learn that they cannot assign permissions to the Marketing folders to

Western Governors University September 2023

CompTIA Network Plus Study Guide
employees that work in other areas of the company. What kind of access management is the
organization using?
a. The organization is using role-based access which defines a set of organizational roles
and allocates users to those roles. Under this system, only the system owner has the
right to modify roles.
13. Network users are reporting issues with videos constantly buffering. What kinds of issues
should the admin test for?
a. Packet loss, Latency, and Jitter; packet loss is a delay which, when excessive, can exhaust
the buffer and cause noticeable audio or video problems for users; latency is the time it
takes for a transmission to reach the recipient, measured in milliseconds; jitter is a
variation in the delay and manifests as an inconsistent rate of packet delivery.
14. What processes of an identity and access management (IAM) system proves that the user is
who they say they are?
a. The authentication process proves that a subject is who or what it claims to be when it
attempts to access a resource.

Lesson 14: Supporting and Troubleshooting Secure Networks

1. An admin can ping a server by IP address but cannot ping the server by its name. What are
some areas the admin should check to find out why the name isn’t resolving to the IP address?
a. Check the local cache, Check the HOSTS file, and Query DNS
2. An organization is using Dynamic Host Configuration Protocol (DHCP) to centrally manage IP
addressing. All clients on the network are receiving IP address autoconfiguration except the
clients on a new subnet. What is the most likely reason?
a. The router on that subnet doesn't support BOOTP forwarding so DHCP traffic cannot get
through to the clients.
3. An admin is configuring a new network from the ground up. Which servers would the admin
configure as bastion hosts?
a. Proxy servers and Web servers, Bastion servers are hosts in the perimeter and are not
fully trusted. Proxy servers are bastion servers because they take internal requests and
transmit them to the Internet to protect the internal host. The admin will configure
servers that provide public access services, such as web servers, in a perimeter network.
Therefore, these are bastion servers.
4. Which service maps ports and documents the mappings for new webserver connections and
then substitutes the private IP address for a public IP address before sending the request to
the public Internet?
a. PAT and NAPT; These terms are interchangeable. PAT (port address translation) or NAPT
(network address port translation), allocates connections a port mapping in its state
table then substitutes the private IP for the public IP and forwards it to the public
Internet.
5. An admin received an alert regarding suspicious activity on the network. The system is logging
the activity and the admin must determine how to handle the situation. What kind of system
most likely sent the alert?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. This system is most likely an intrusion detection system (IDS), which performs real-time
analysis of either network traffic or system and application logs. It raises an alert and can
log activity when it detects suspicious activity.
6. An admin is configuring a firewall at the Session layer of the OSI model. What kind of firewall
is the admin implementing?
a. Stateful inspection firewall; A stateful inspection firewall operates at Layer 5 (Session) of
the OSI model. The firewall checks incoming packets to confirm whether it belongs to an
existing connection.
7. An admin has plugged in a new security camera, but when accessing the camera’s web
management interface, the admin encounters a self-signed certificate error. What should the
admin do?
a. Replace the default certificate, On a self-signed certificate, the holder is both the issuer
and the subject of the certificate. The admin should replace the default certificate with
one trusted by the enterprise.
8. A user is attempting to access a government network, but the network will not allow the
user’s device to connect until the user updates the operating system. What kind of defense
mechanism is this?
a. Network Access Control (NAC) is a system for authenticating endpoints at the point they
connect to the network and can ensure that clients are running an authorized OS and
have up-to-date patches and security scanner configurations.
9. An organization purchased a new router with built-in firewall features. The admin configured
the new appliance and it worked as expected. However, after 90 days the firewall stopped
working. What is the most likely cause?
a. The license trial period ended; The most likely cause is that there was a 90-day license
trial period for the firewall software and the trial expired.
10. A Windows user is trying to remote desktop into an application server. Although the user can
ping the FQDN, they are unable to establish a connection. What is most likely the cause?
a. Firewall blocking TCP port 3389, The most likely cause is that the firewall is blocking TCP
port 3389 which is the port used for remote desktop protocol (RDP) traffic.

Lesson 15: Deploying and Troubleshooting Wireless

1. An admin responsible for implementing network coverage in a historical monument cannot
install cabling in many areas of the building. What are some ways the admin can take
advantage of wireless distribution systems (WDS) to help?
a. To create an ESA or a bridge; The admin can use WDS to create an extended service area
(ESA). The admin must set the APs to use the same channel, SSID, and security
parameters. The admin can also use WDS to bridge two separate cabled segments.
When WDS is in bridge mode, the access points will not support wireless clients; they
simply forward traffic between the cabled segments.
2. Wi-Fi 6 uses complex modulation and signal encoding. Why did Wi-Fi 6 reinstate operation in
the 2.4 GHz band?
a. To support IoT, The reason Wi-Fi 6 reinstates operation in the 2.4 GHz band is to support
Internet of Things (IoT) device connectivity.

Western Governors University September 2023

CompTIA Network Plus Study Guide
3. A wireless admin is receiving reports that users cannot connect to the wireless network in
certain areas of the building. What can the admin use to locate dead zones?
a. Heat map, A heat map shows the signal strength within a particular channel obtained in
different locations graphically and shows areas with a strong signal and warnings where
signal strength drops off.
4. An admin is testing the signal strength in a concrete building and measures a 12 dB loss
between the office where the access point is located and the office next door. What is the
cause of the decibel loss?
a. Absorption; Absorption is causing decibel loss. Absorption refers to the degree to which
walls and windows will reduce signal strength when passing through construction
materials.
5. The IEEE 802.11 standards use two frequency bands. What statements regarding the frequency
bands are true?
a. The 2.4 GHz band is ideal for providing the longest signal range and The 5 GHz band
supports a high number of individual channels
6. An admin is configuring a wireless LAN (WLAN) extended service area. What will the admin
need to configure the same on each access point?
a. ESSID and Security information; The admin will need to configure the same Extended
Service Set Identifier (ESSID) on each access point in the extended service area. The
ESSID is the network name configured on multiple devices. The admin will also need to
configure the same security information on each access point in the extended service
area.
7. What standards are most wireless LANs based on?
a. Most wireless LANs (WLANs) are based on the IEEE 802.11 standards which define the
physical layer media by which data encodes into a radio carrier signal by using a
modulation scheme.
8. A small organization is securing their wireless network with Wi-Fi Protected Access 3 (WPA3)
personal. What are some of the issues with this method of authentication?
a. Group authentication and No accountability; WPA3 is a personal mode of authentication,
is group authentication is an issue because the admin must configure the same secret on
the access point and on each node that joins the network. Additionally, there is no
accountability for individual user actions as all users share the same credential.
9. An admin is implementing encryption on the wireless network. What standard should the
admin implement?
a. WPA2, The admin should implement Wi-Fi Protected Access 2 (WPA2) which provides
authenticated encryption and makes replay attacks harder.
10. A wireless admin is troubleshooting dead zones in a building. Although the admin used a heat
map to determine the optimum position for access points (APs), some areas that should have
coverage have very low signal strength which is unusable to clients. What should the admin
check?
a. Antenna placement, antenna cable attenuation, and EIRP; The admin should check the
antenna placement as incorrect antenna placement could cause or exacerbate
attenuation and interference problems and cause issues with the signal strength;
antenna cable attenuation is signal loss caused by an external antenna connected to an

Western Governors University September 2023

CompTIA Network Plus Study Guide
access point over cabling; Effective Isotropic Radiated Power (EIRP) is the sum of
transmit power, antenna cable/connector loss, and antenna gain and can affect wireless
coverage.
11. An admin is investigating issues with users experiencing minimal connectivity to the wireless
network. The admin has verified that the access point configurations and uptime are correct.
However, the admin suspects that there may be other issues causing the problem. What are
some areas the admin should investigate?
a. Signal strength and Interference
12. What are formats for 2G cellular communications?
a. GSM and CDMA; Global System for Mobile Communication (GSM) is a format for 2G and
a standard for cellular radio communications and data transfer. Code Division Multiple
Access (CDMA) is a format for 2G and means that each subscriber uses a code to key the
modulation of their signal and the receiver uses this "key” to extract the subscriber's
traffic from the radio channel.
13. A library user connected their tablet to the library’s open access point. What items will NOT
secure the open connection and protect the user’s communications?
a. Using a screen protector
14. What protocol can an admin configure in a wireless mesh network (WMN) to allow the
stations to perform path discovery and forwarding between peers?
a. HWMP; The admin can configure the Hybrid Wireless Mesh Protocol (HWMP), which is a
routing protocol, to allow the mesh stations to perform path discovery and forwarding
between peers.
15. A wireless installer is networking a conference room with 9’ ceilings. What is the best type of
antenna for wireless devices?
a. Vertical rod; The wireless devices should have vertical rod antennas which receive and
send signals in all directions more-or-less equally and the installer should mount them
on the ceiling for the best coverage, unless the ceiling is particularly high.
16. What are reasons why a client would unexpectedly disassociate from an access point?
a. Access Point Proximity, MAC spoofing, and Interference
17. An admin wants the ability to centrally configure and manage access points (APs). What are
some solutions the admin could use for this?
a. Hardware or software; The admin could use a dedicated hardware device called a
wireless LAN controller to centralize the management and monitoring of the APs on the
network. Alternatively, the admin could use a software application, which the admin can
run on a server or workstation, to centralize the management of APs.
18. An admin is configuring wireless coverage for a public library where visitors are not expected
to have pre-existing accounts. What type of authentication should the admin implement?
a. Captive portal via HTTPS; In an environment such as a public library, where users don't
have pre-existing accounts, a captive portal can provide a convenient method for guest
access. This authentication method redirects users to a web page for authentication
before they can access the internet. Using HTTPS ensures that the interaction with the
portal is encrypted and secure.
19. 802.11 relies on a shared physical bus running at half-duplex. How does this standard manage
contention?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. CSMA/CA; 802.11 uses Carrier Sense Multiple Access with Collision Avoidance
(CSMA/CA) where clients avoid collisions by waiting until the channel is idle before
sending.
20. An admin is evaluating the wireless coverage in a conference hall. There are enough access
points to provide for 25 clients per access point, but many users are finding the wireless
network to be unresponsive and timing out requests. What could be causing this issue?
a. CCI, ACI, and Bandwidth saturation; Co-channel interference (CCI) could be causing this
issue. It occurs when multiple access points use the same channel, and it reduces the
opportunities for devices to transmit. Adjacent channel interference (ACI) could be
causing this issue. It occurs when access points use different but overlapping channels
and it raises noise levels. Bandwidth saturation could be causing this issue. Wireless is a
broadcast medium and all clients share the available bandwidth so if one client is a
bandwidth hog the others may not get a reliable connection.

Lesson 16: Comparing WAN Links and Remote Access Methods

1. An organization tasks a network consultant with comparing costs for the business to acquire a
technology that allows data to transfer over voice-grade telephone lines. What is this
technology?
a. Digital Subscriber Line; Digital subscriber line (DSL) is a technology that can transfer data
over voice-grade telephone lines, often referred to as the local loop.
2. An organization tasks a network consultant with comparing the costs and requirements for the
various types of Carrier Ethernet. The consultant selects a carrier ethernet that uses digital
subscriber line (DSL) variants such as single-pair high-speed DSL (SHDSL) and very high-speed
DSL (VDSL) to overcome the usual distance limitations of copper Ethernet. What type of carrier
ethernet was selected by the consultant?
a. Ethernet over Copper; Ethernet over Copper uses DSL variants such as single-pair high-
speed DSL (SHDSL) and very high-speed DSL (VDSL) to overcome the usual distance
limitations of copper Ethernet. This does not support the same speeds as LAN Ethernet
(more typically 2-10 Mbps), but the organization can combine multiple pairs for higher
bandwidth.
3. A network tech is assigned to find the fastest solution, regarding bandwidth capabilities,
closest to Local Area Network (LAN) speeds for an office building. What is the most expensive
solution the network tech can consider?
a. FTTP; The major obstacle to providing WAN access that can approach LAN performance
is bandwidth in the last mile. The most expensive solution is Fiber to the Premises
(FTTP).
4. A network engineer wants to establish data communications over a greater distance than a
Local Area Network (LAN). What can the engineer use to gain the desired distance?
a. WAN; Wide area network (WAN) technologies support data communications over
greater distances than LANs. Long-distance communications usually involve the use of
public networks. Public networks are owned by telecommunications (telco) companies
and provide WAN services to businesses and households.
5. A network engineer is assigned to locate and acquire a data communications network
controlled by a single organization. What is the name for this type of network?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. Enterprise WAN; The term enterprise WAN describes a WAN operated and controlled by
a single organization.
6. A network architect creates a site-to-site VPN involving multiple remotes to a headquarters
site by using static tunnels configured between the remote sites and the headquarters site.
What is the name of this VPN configuration?
a. Hub and Spoke VPN; A site-to-site VPN that involves more than two sites connects the
remote sites (or spokes) to a headquarters site (hub) by using static tunnels configured
between the hub and each spoke. This is referred to as a hub and spoke topology.
7. A network engineer installs a new Virtual Private Network (VPN) set up dynamically according
to traffic requirements and demand. What is the type of VPN installed?
a. Dynamic Multipoint VPN; A dynamic multipoint VPN (DMVPN) allows VPNs to be set up
dynamically according to traffic requirements and demand.
8. A company tasks a network tech with installing a VPN router onto one of the company's larger
machines capable of aggregating high traffic volumes. What is the name of this router?
a. VPN headend; The VPN router installed in the central office or hub needs to be a
powerful machine capable of aggregating high traffic volumes. This VPN router is also
known as a VPN headend. VPN headends would typically install in groups for load
balancing and fault tolerance.
9. A company tasks a network specialist to purchase an access solution that uses internet access
infrastructure and a secure tunnel to connect private communications through the internet.
What is this access solution?
a. VPN; Most modern remote network access solutions use Internet access infrastructure
and set up a secure tunnel for private communications through the internet. This is
known as a virtual private network (VPN).
10. An organization tasks a network engineer with purchasing an access/gateway that extends the
local network access over an intermediate public network so a remote computer can join the
local network. What access/gateway will the engineer acquire?
a. Remote Access VPN; A remote access VPN refers to extending local network access over
an intermediate public network so that a remote computer can join the local network.

Lesson 17: Explaining Organizational and Physical Security Concepts

1. A network consultant needs to create a documentation process that minimizes the risk of
unscheduled downtime by implementing changes in a planned and controlled way. What is
the name of this process?
a. Change Management; A documented change management process minimizes the risk of
unscheduled downtime by implementing changes in a planned and controlled way.
2. A network consultant needs to develop a plan that sets out the procedures, tools, methods of
communication, and guidelines when mitigating a problem. What is the name of this plan?
a. Incident Response Plan; An incident response plan sets out the procedures, tools,
methods of communication, and guidelines for dealing with security incidents.
3. Due to an increase in foot traffic from outside groups throughout the building, the
organization asks the security office to employ equipment that will allow visual monitoring
across the organization. What equipment would best be suited to manage this request?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. Cameras; A security camera is either fixed or operated using Pan-Tilt-Zoom (PTZ)
controls. Different cameras suit different purposes. A fixed, narrow focal length camera
positioned on the doorway is adequate to record images of individuals entering through
an access control vestibule.
4. A security consultant needs to add a security system to the doors of a secured room. What
system will the security consultant install that meets the requirement and protects against
tampering?
a. Closed-Circuit; A closed-circuit alarm is more secure because cutting the circuit can
defeat an open-circuit alarm. The security consultant can use this type of system for
tamper detection.
5. A company tasks its network specialist with configuring a steel shelving system for patch
panels, switches and routers, and server devices. What is the name of this system?
a. Rack; A rack system is a specially configured steel shelving system for patch panels,
switches and routers, and server devices. Racks are standard widths and can fit
appliances using standard height multiples of 1.75" called units (U).
6. A network specialist reviews the organization's cellular technology and discovers that the
current contract uses a low-power system service but supports higher bandwidth up to
1Mbps. What baseband radio technology service is the organization using for cellular service?
a. LTE-M; LTE Machine Type Communication (LTE-M) is a low-power system but supports
higher bandwidth (up to about 1 Mbps).
7. A network manager needs to create a document that shows detailed information about the
termination of twisted pairs in an RJ-45 or RJ-48C jack or Insulation Displacement Connector
(IDC). What is the name of this document?
a. Wiring Diagram; A wiring diagram (or pin-out) shows detailed information about the
termination of twisted pairs in an RJ-45 or RJ-48C jack or Insulation Displacement
Connector (IDC).
8. An organization tasked its network analyst with reviewing the system that monitors the
building's locks, intruder alarms, and video surveillance cameras. What is the name of this
system?
a. PACS; A physical access control system (PACS) is a network of monitored locks, intruder
alarms, and video surveillance cameras.
9. Due to concerns of losing or misplacing equipment, the organization asks the network office to
track all electrical equipment. What will the office use to track the organization's equipment?
a. Asset Tags; An asset tag shows the ID of a device or component and links it to an
inventory management database. Radio Frequency ID (RFID) asset tracking tags allow
electronic surveillance of managed assets and are detectable at entry/exit points to
prevent theft.
10. A network consultant considers using a wireless communications protocol mainly used in
home automation but believes it could support the organization's mission. What is the name
of this protocol?
a. Z-Wave; Z-Wave is a wireless communications protocol used primarily for home
automation and creates a mesh network topology. The Z-Wave Alliance operates a
device and software certification program.

Western Governors University September 2023

CompTIA Network Plus Study Guide
11. A network manager is asked to create a document that provides a detailed diagram of the
wiring and port locations for the building. What is the name of this document?
a. Floor Plan; A floor plan is a detailed diagram of wiring and port locations. Physically
accurate floor plans are hard to design and are likely to require the help of an architect
or graphics professional.
12. An organization tasked its network consultant with reviewing the system that provides
workflow and process automation mechanisms. What is the name of this system?
a. ICS; An industrial control system (ICS) provides mechanisms for workflow and process
automation. An ICS controls machinery used in critical infrastructures, like power
suppliers, water suppliers, health services, telecommunications, and national security
services.
13. A security consultant needs to add a security system to an office space that triggers an alarm
while someone occupies the room. What type of equipment would the security install?
a. Motion Detection; A motion-based alarm is an alarm linked to a detector triggered by
movement within a relatively large area, such as a room. The sensors in these detectors
are either microwave radio reflection (similar to radar) or passive infrared (PIR), which
detect moving heat sources.
14. A network specialist reviews the organization's cellular technology and discovers that the
current contract uses a service that provides a low-power version of the Long Term Evolution
(LTE) or 4g cellular standard and currently has a limited data rate between 20-100 kbps. What
baseband radio technology service is the organization now using for cellular service?
a. NB-IoT; Narrowband-IoT (NB-IoT) refers to a low-power version of the Long Term
Evolution (LTE) or 4G cellular standard. The signal occupies less bandwidth than regular
cellular. This means that data rates are limited (20-100 kbps), but most sensors send
small packets with low latency rather than making large data transfers.
15. A network engineer needs to decommission a server and wipe all custom configurations. The
servers are decommissioned through a process which helps local schools receive IT equipment.
What routine will the engineer use to wipe the server?
a. Factory Reset; An asset tag shows the ID of a device or component and links it to an
inventory management database.

Lesson 18: Explaining Disaster Recovery and High Availability

Concepts
1. While evaluating load balancers, a network engineer needs to acquire a switch that can handle
complex logic. Which switch would the engineer use for this requirement?
a. Layer 7 Switch; As web applications have become more complex, modern load balancers
need to make forwarding decisions based on application-level data. This requires more
complex logic, but the processing power of modern appliances is sufficient.
2. A network engineer decides that the organization needs to purchase a device that "cleans" the
power signal, provides protection against spikes, surges, and brownouts, and can integrate
with an uninterruptible power supply (UPS). What is the name of this device?
a. PDU; A power distribution unit (PDU) has circuitry to "clean" the power signal. It also
provides protection against spikes, surges, and brownouts and can integrate with an
uninterruptible power supply (UPS).

Western Governors University September 2023

CompTIA Network Plus Study Guide
3. A network tech needs to install a load balancer onto the network as the department has
experienced issues with streaming media servers. What switches could the tech use to support
this request?
a. Layer 4 Switch and Layer 7 Switch; Layer 4 switch—Basic load balancers make forwarding
decisions on IP address and TCP/UDP header values, working at the transport layer of
the OSI model. Layer 7 switch (content switch)—As web applications have become more
complex, modern load balancers need to make forwarding decisions based on
application-level data.
4. A network tech confirms that the server room has adequate environmental controls to
mitigate the loss of availability through mechanical issues with equipment, such as
overheating. What service provides environmental control in the room?
a. HVAC; Environmental controls mitigate the loss of availability through mechanical issues
with equipment, such as overheating. Building control systems maintain an optimum
working environment for different parts of the building. The acronym HVAC (Heating,
Ventilation, Air Conditioning) describes these services.
5. A network consultant is looking for a device that will serve as a temporary power source in the
event of a blackout. What is the name of this device?
a. UPS; At the system level, an uninterruptible power supply (UPS) will provide a temporary
power source in the event of a blackout. UPS runtime may range from a few minutes for
a desktop-rated model to hours for an enterprise system.
6. A network specialist wants to provision two load balancer appliances so that if one fails, the
other can still handle client connections. What type of load balancer distribution method
should the network specialist use?
a. Virtual IP; A virtual IP or shared or floating address uses a public IP to access the service
shared between the two instances in the cluster, unlike load balancing with a single
appliance. This allows the network specialist to provision two load balancer appliances.
If one fails, the other can still handle client connections.
7. A network contractor evaluates a protocol that allows multiple physical routers to serve as a
single default gateway for a subnet. What is the name of this protocol?
a. Hot Standby Router; Cisco's proprietary Hot Standby Router Protocol (HSRP) allows
multiple physical routers to serve as a single default gateway for a subnet. Each router
must have an interface connected to the subnet, with its own unique MAC address and
IP address.
8. A network contractor reviews key performance indicators regarding the time taken to correct a
fault and restore the system to full operation. What is the name of this process?
a. MTTR; Mean Time to Repair (MTTR) measures the time to correct a fault and restore the
system to full operation. This can also include the mean time to replace or recover.
MTTR is the total number of hours of unplanned maintenance divided by the number of
failure incidents.
9. A network engineer deploys a hardware appliance to distribute client requests across server
nodes in a farm or pool. What is the name of this appliance?
a. Load Balancer; A load balancer can be deployed as a hardware appliance or software
instance to distribute client requests across server nodes in a farm or pool. A network

Western Governors University September 2023

CompTIA Network Plus Study Guide
engineer can also use a load balancer in any situation with multiple servers providing the
same function.
10. A network specialist analyzes the key performance indicators associated with the component
reliability regarding the expected lifetime of repairable products. What reliability analysis is
the network specialist conducting?
a. MTBF; Mean Time Between Failures (MTBF) represents the expected lifetime of a
product. The calculation for MTBF is the total operational time divided by the number of
failures.

Lesson 19: Applying Network Hardening Techniques

1. A network tech needs to strengthen the security of the company network by minimizing the
amount of traffic required for the operation of the valid network services, and no additional
access to be permitted. What is the tech placing into the network?
a. Firewall access control lists (ACLs); A network tech configures firewall access control lists
(ACLs) based on the principle of least access. This is the same as the principle of least
privilege; only allow the minimum amount of traffic required to operate valid network
services and no more.
2. A cyber security tech speaks with a department that has voiced concern regarding tech issues.
The tech discovered that the employee had received an email containing an attachment from
an outside party. Curious about what the document contained, the employee clicked on the
link. The next day, the employee noticed that some of the software was not working correctly,
and some important documents were no longer accessible. What was likely the cause of this
issue?
a. Malware; Many of the intrusion attempts perpetrated against computer networks
depend on malicious software or malware. Malware can be defined simply as software
that does something bad from the perspective of the system owner.
3. A cyber consultant needs to modify the company's access control lists to minimize network
traffic. During configuration, the consultant can use a command-line utility provided by many
Linux distributions that allow admins to edit the rules enforced by the Linux kernel firewall.
What is the command-line utility used?
a. Iptables; iptables is a command-line utility provided by many Linux distributions that
allow admins to edit the rules enforced by the Linux kernel firewall. Iptables works with
the firewall chains, which apply to the different types of traffic passing through the
system.
4. An organization contacts the cyber security team and requests a feature to provide secure
wireless network access. Select the appropriate answers that support this request.
a. Pre-shared keys, Captive Portal, and Geofencing; Group authentication allows stations to
connect to the network using a shared passphrase, which generates a pre-shared key
(PSK). A guest network might redirect stations to a secure web page to perform
authentication. The user must authenticate to the page and meet other admin-set
requirements, such as accepting a use policy, before the station can use the network.
Geofencing can be used to ensure that the station is within a valid geographic area to
access the network, such as ensuring the device is within a building rather than trying to
access the WLAN from a car park or other external location.

Western Governors University September 2023

CompTIA Network Plus Study Guide
5. A cyber security tech is requested to investigate a matter in which several customers have
lodged complaints about computer issues after visiting the company site. Upon closer
observation, the tech discovers that an unknown IP address replaced the valid IP address.
What type of attack occurred in this incident?
a. DNS Poisoning; DNS poisoning is an attack that compromises the name resolution
process.
6. A cyber security tech responds to a department experiencing degraded network bandwidth,
and customers call the department saying they cannot visit the company website. What is
likely causing the issue?
a. Distributed Denial of Service; A distributed DoS attack is launched simultaneously by
multiple hosts. Some types of DoS attacks aim to consume network bandwidth, denying
it to legitimate hosts.
7. During a routine investigation of the network, the cyber specialist identifies that an on-path
attack has compromised the network. What is another name for this type of attack?
a. Man in the Middle; On-path attacks are also called Man-in-the-Middle attacks.
8. A cyber consultant is brought into a department to create security procedures and
technologies designed to restrict network access at an end user device level. What is the
consultant focusing on?
a. Endpoint security ; Endpoint security is a set of security procedures and technologies
designed to restrict network access at a device level.
9. A department head contacts a cyber consultant declaring that the team is locked out and
cannot conduct any activity. While working on the system, the consultant notices a demand
for money, or the department will never get their data back. What is this type of attack called?
a. Ransomware; Ransomware is malware that extorts money from victims. One class
displays threatening messages, requiring Windows be reactivated or suggesting police
locked the computer for illegal activity.
10. A cyber tech needs to draft a policy for the organization to mitigate the risk from route
processor vulnerabilities. What is the name of this type of policy?
a. Control plane policing; A control plane policing policy mitigates the risk from route
processor vulnerabilities. Such a policy can use ACLs to allow or deny control traffic from
certain sources and apply rate-limiting if a source threatens to overwhelm the route
processor.

Lesson 20: Summarizing Cloud and Datacenter Architecture

1. A network consultant is considering what technologies to use when adding a storage area
network (SAN). What are the two most popular SAN connection types?
a. Fibre Channel and iSCSI; Fibre Channel is a high-speed network technology specifically
designed for connecting storage devices, servers, and other networked devices in a SAN.
It provides high performance, low latency, and dedicated bandwidth for storage traffic.
iSCSI is a storage networking protocol that allows block-level storage to be transmitted
over Ethernet networks. It uses IP networks to provide storage connectivity, making it
more accessible and cost-effective compared to dedicated Fibre Channel networks.

Western Governors University September 2023

CompTIA Network Plus Study Guide
2. While looking for a cloud deployment model for business operations, the network specialist
looks for a model that offers pay-as-you-go financing. Which cloud deployment model meets
the network specialist's and businesses' needs?
a. Public (or multitenant); With the public or multitenant model, the businesses can use
subscriptions or pay-as-you-go financing while at the same time providing lower-tier
services free of charge.
3. While looking for a cloud deployment model for business operations, the network specialist
looks for a model where several organizations share the costs of either a hosted private or
fully private cloud. Which cloud deployment model meets the network specialist's and
businesses' needs?
a. Community; In a community cloud model, several organizations share the costs of either
a hosted private or fully private cloud. This can pool resources for common concerns,
like standardization and security policies.
4. During work, a network specialist uses an IP tunneling protocol to transfer SCSI data over an
IP-based network. iSCSI can be used to link SANs but also is an alternative to which of the
following?
a. Fibre Channel; Fibre Channel is in the T11 ANSI standard. The deliberate British spelling
of "fibre" distinguishes the standard from fiber optic cabling, which it often uses but
does not rely on.
5. A network architect analyzes the software-defined networking model and reviews the layer
that applies the business logic to decide how to prioritize traffic, secure data, and where to
switch data. What is the appropriate layer for this description?
a. Application layer; The application layer applies the business logic to decide how to
prioritize traffic and secure data and where the data should switch.
6. A network architect analyzes the software-designed networking model and reviews the layer
that handles the actual forwarding (switching and routing) of traffic and imposition of ACLs
and other policy configurations for security. What is the appropriate layer for this description?
a. Infrastructure Layer; The infrastructure layer contains devices (physical or virtual) that
handle the actual forwarding (switching and routing) of traffic and imposition of ACLs
and other policy configurations for security.
7. A network architect analyzes the software-designed networking model and reviews the layer
that exposes an application programming interface (API) that can be automated by scripts that
call functions in the layer above or below. What is the appropriate layer for this description?
a. Control Layer; The principal innovation of SDN is to insert a control layer between the
application layer and the infrastructure layer. The functions of the control plane are
implemented by a virtual device referred to as the SDN controller.
8. A cyber architect is reviewing the topologies that support the east-west activity for the
software-defined networking model. Which topology comprises a backbone of top-tier
switches?
a. Spine; The spine layer comprises a backbone of top-tier switches. While this is described
as a backbone, the spine switches are not linked to one another.
9. A network engineer is configuring a switch to make it only usable to the VMs. The engineer
confirms that they cannot use the switch to communicate with the host. What type of switch
is the engineer configuring?

Western Governors University September 2023

CompTIA Network Plus Study Guide
a. Private; Private switches create a switch that is usable only by the VMs. They cannot use
the switch to communicate with the host.
10. While looking for a cloud deployment model for business operations, the network specialist
looks for a model that a third party hosts for the organization's exclusive use. Which cloud
deployment model meets the network specialist's and businesses' needs?
a. Hosted Private; A third party hosts the hosted private model for the exclusive use of the
organization. This is more secure and can guarantee a better level of performance, but it
is correspondingly more expensive.
11. While looking for a cloud deployment model for business operations, the network specialist
looks for a completely private model owned by the organization. Which cloud deployment
model meets the network specialist's and businesses' needs?
a. Private; In a private cloud model, the cloud infrastructure is entirely private to and
owned by the organization. In this case, there is likely to be one business unit dedicated
to managing the cloud while other business units use it.
12. When configuring connectivity with a virtual switch that bridges the virtual and physical
networks via the host computer's physical NIC, a network consultant creates a virtual switch
that creates a bridge that is usable only by VMs on the host and the host itself. What switch
did the network engineer create?
a. Internal; Internal switches create a bridge that is usable only by VMs on the host and the
host itself. This type of switch does not permit access to the wider physical network.
13. A cyber architect is reviewing the topologies that support the east-west activity for the
software-defined networking model. Which topology contains access switches.
a. Leaf; The leaf layer contains access switches. Each access switch connects to every spine
switch in a full mesh topology. The access switches never have direct connections to one
another.
14. When configuring connectivity with a virtual switch that bridges the virtual and physical
networks via the host computer's physical NIC, a network engineer creates a virtual switch
that binds to the host's NIC to allow the VM to communicate on the physical network. What
switch did the network engineer create?
a. External; External switches bind to the host's NIC to allow the VM to communicate on
the physical network.
15. While looking for a cloud service model for business, the network specialist looks for a model
that allows the organization to rent components and internet links on an as-needed basis from
the service provider's datacenter. Which cloud service model meets the network specialist's
and businesses' needs?
a. Infrastructure as a Service; Infrastructure as a Service (IaaS) quickly provides rentable IT
resources such as servers, load balancers, and storage area network (SAN) components.

Western Governors University September 2023