CompTIA Network+ N10-010: Network Operations

Topic snapshot

Sample questions

These original IT Mastery practice questions are aligned to this topic area. Use them for self-assessment, scope review, and deciding what to drill next.

Question 1

Topic: Network Operations

A network operations team wants to use an AI assistant to draft incident summaries and recommended remediation steps from logs and tickets. Which operational setting best verifies the AI results while addressing bias, hallucinations, ethics, and overreliance?

Options:

• A. Accept summaries that match prior ticket wording

• B. Auto-apply recommendations with high confidence scores

• C. Submit raw logs to a public AI system

• D. Require human review against source evidence before action

Best answer: D

Explanation: AI-assisted network operations should use verification controls before the output affects tickets, changes, or incident decisions. A sound process requires a person to compare the AI draft with source logs, monitoring data, runbooks, and policy requirements. The reviewer should also check whether sensitive data is handled appropriately, whether the conclusion unfairly assumes a cause, and whether the recommendation is supported by evidence. Confidence scores and fluent wording are not proof of accuracy because AI can hallucinate or reflect bias from training data or prior examples. The key takeaway is to treat AI output as an aid, not an authority.

• Confidence automation fails because a high score does not prove the recommendation is accurate or ethical.
• Public raw-log sharing fails because it can expose sensitive operational or customer data.
• Prior ticket wording fails because similar language can repeat old mistakes or bias without validating current evidence.

Question 2

Topic: Network Operations

A network administrator is reviewing a disaster recovery exercise record. Based on the exhibit, which DR testing activity was performed?

Exhibit:

DR exercise notes
- Restored backups to recovery servers in an isolated VLAN
- No routes from the test VLAN to production networks
- Application owners logged in and verified test transactions
- Production users and systems remained on the primary site

Options:

• A. Parallel test

• B. Tabletop exercise

• C. Vendor-consideration review

• D. Bubble test

Best answer: D

Explanation: A bubble DR test restores or exercises recovery components inside an isolated network so testing cannot affect production traffic, data, or users. The exhibit shows a restored recovery environment in an isolated VLAN with no routes to production, while production remains active at the primary site. That isolation is the key clue. The application logins and test transactions help validate the restored services, but the overall activity is still a bubble test because of where and how the test is run. A parallel test would run production and recovery side by side and compare results, while a tabletop is only a guided discussion.

• Tabletop exercise fails because the exhibit shows systems being restored and tested, not just a discussion-based walkthrough.
• Parallel test fails because production is not being compared with a live recovery system processing equivalent work.
• Vendor review fails because the notes do not focus on provider contracts, support contacts, SLAs, or third-party recovery dependencies.

Question 3

Topic: Network Operations

A junior network administrator reviews the asset inventory before the next quarterly maintenance window. The core access switches are marked end-of-life in 3 months but have vendor support and firmware updates for 18 more months. The Internet-edge firewall reached end-of-support last month and no longer receives security patches. The budget allows one replacement this quarter, and company policy prohibits unsupported Internet-facing devices. Which action is the BEST professional decision?

Options:

• A. Keep all devices until connectivity or performance problems appear.

• B. Replace the firewall now and schedule the switches before support ends.

• C. Disable firmware updates on the switches to match the firewall state.

• D. Replace the switches now because end-of-life occurs sooner.

Best answer: B

Explanation: End-of-life and end-of-support have different operational implications. End-of-life commonly means a product is being retired from sale or lifecycle development, but it may still receive vendor support, firmware, or security updates for a defined period. End-of-support is higher risk because the vendor no longer provides support or security fixes. In this scenario, the firewall is both Internet-facing and already unsupported, which violates policy and increases exposure to unpatched vulnerabilities. The switches need lifecycle planning, but they are not yet unsupported. The best action prioritizes the unsupported edge device now and plans the supported EOL devices before their support window closes.

• Sooner EOL date is tempting, but end-of-life alone is less urgent than an already unsupported Internet-edge firewall.
• Wait for symptoms fails because lifecycle risk includes missing security patches, not just visible outages.
• Stopping updates increases risk and does not make supported devices equivalent to an unsupported device.

Question 4

Topic: Network Operations

A company is refreshing 18 branch access switches. The current models reach end of support in 6 months, each branch requires next-business-day hardware replacement, procurement wants to avoid unnecessary vendor lock-in, and legal requires an NDA before sharing topology diagrams or configuration exports. Which action is the BEST professional decision before approving the change?

Options:

• A. Standardize on a proprietary platform to simplify all future purchases

• B. Choose the lowest-cost switches and add support contracts after deployment

• C. Send diagrams to preferred vendors first to speed up quote turnaround

• D. Complete a vendor review covering NDA, licensing, warranty support, and lock-in risk

Best answer: D

Explanation: Vendor management is part of operational change planning, not an afterthought. In this scenario, the organization must validate that the vendor can meet next-business-day replacement needs, confirm which features require licenses or subscriptions, respect the NDA requirement before sharing sensitive network documentation, and evaluate whether the solution creates avoidable lock-in. These checks help prevent hidden costs, unsupported hardware, legal exposure, and future purchasing constraints. The best decision is to complete the vendor-management review before approving the change, then document any risks or exceptions in the change record.

• Lowest upfront cost fails because delayed support planning may leave branches without the required replacement coverage.
• Sharing diagrams early violates the stated NDA requirement and exposes sensitive network information.
• Proprietary standardization may simplify procurement, but it ignores the explicit concern about unnecessary lock-in.

Question 5

Topic: Network Operations

A clinic is updating its network availability plan. The requirement is to keep VoIP and patient-record access available during a primary ISP outage by automatically using a secondary circuit. Restoring failed servers from backup is handled in a separate runbook. Which planning concept best fits this requirement?

Options:

• A. Disaster recovery

• B. Business continuity

• C. Incident response

• D. Backup retention

Best answer: B

Explanation: Business continuity is about maintaining essential business functions during an outage or disruption. In this scenario, the goal is not to rebuild systems after a disaster; it is to keep voice and patient-record access working by failing over to a secondary ISP circuit. Disaster recovery is related, but it focuses on restoration after a failure, such as rebuilding services, restoring backups, or recovering at an alternate site. Backup retention supports recovery, but it does not by itself keep services available during the outage.

• Disaster recovery is tempting because outages are involved, but the requirement is continued operation, not post-outage restoration.
• Backup retention supports data recovery objectives, but it does not provide live network failover.
• Incident response addresses detection, containment, and handling of incidents, not routine availability planning for ISP loss.

Question 6

Topic: Network Operations

A branch office reports slow access to cloud applications every weekday afternoon. The WAN router interface shows high utilization during the same period. The network team needs to identify which internal hosts and application types are consuming the most bandwidth, without storing full packet payloads. Which monitoring technology should be configured?

Options:

• A. Synthetic path monitoring

• B. NetFlow/IPFIX export

• C. SNMP interface polling

• D. Syslog forwarding

Best answer: B

Explanation: Flow-based traffic analysis, such as NetFlow or IPFIX, is the best fit when the goal is to identify top talkers, application types, and bandwidth usage patterns across an interface. It records metadata about network conversations, such as source and destination addresses, ports, protocols, timestamps, and byte counts. That makes it useful for finding congestion sources without the storage and privacy impact of full packet capture. SNMP can confirm that an interface is busy, but it usually does not show which hosts or applications caused the load. The key takeaway is to match the monitoring tool to the question being asked: utilization counters show how much, while flow data shows who and what.

• SNMP counters can show high interface utilization, but they do not usually identify the hosts and applications creating the traffic.
• Syslog events are useful for device messages and faults, but they are not a traffic conversation summary.
• Synthetic monitoring tests reachability or performance along a path, but it does not identify top bandwidth consumers.

Question 7

Topic: Network Operations

A network team is closing a decommissioning ticket for an unsupported badge-reader controller in a branch office. Management approved removal, but the technician must avoid leaving unmanaged connectivity or stale security access behind.

Exhibit:

What is the best next action?

Options:

• A. Keep the firewall rule but rename the DHCP reservation.

• B. Delete the asset inventory record and close the ticket.

• C. Leave the switch port active until the next patch cycle.

• D. Verify dependencies, then disable the port and remove the network entries.

Best answer: D

Explanation: A safe decommission removes the unsupported asset and any network paths or permissions that could remain usable afterward. Here, the asset is approved for removal, but the switch port is still up with a learned MAC, the DHCP/IPAM reservation remains active, and a firewall rule still permits traffic from that address. The next step should verify that no approved dependency still needs the device, then disable or disconnect the access port and remove stale IPAM, DHCP, and firewall entries. Updating documentation and inventory should follow the technical cleanup. Simply marking the asset retired is not enough if the network still allows an unknown or unsupported device to communicate.

• Inventory-only cleanup fails because it removes the record but leaves a live switch port and permitted traffic path.
• Delayed port shutdown fails because the exhibit already shows active unsupported connectivity that should be controlled during decommissioning.
• Renaming records fails because it preserves the DHCP reservation and firewall access instead of removing stale permissions.

Question 8

Topic: Network Operations

A network operations team wants to use AI to summarize troubleshooting notes and draft change documentation. The company policy says internal hostnames, IP plans, customer data, and credentials must not be sent to public AI services. Which operational setting best meets acceptable use and proper tool use expectations?

Options:

• A. Let agentic AI update change records without technician review

• B. Allow public AI tools if prompts mention that data is confidential

• C. Permit raw logs in any AI tool when troubleshooting is urgent

• D. Use an approved private AI workspace with redaction and human verification

Best answer: D

Explanation: Acceptable AI use in network operations requires both data protection and output verification. Network staff should use only approved tools that match the organization’s data-handling rules, especially when prompts may include hostnames, IP addressing, customer information, logs, or credentials. Redacting sensitive details reduces exposure, and human review helps catch hallucinations, incorrect assumptions, or incomplete documentation before the information is used in tickets, runbooks, or change records.

The key takeaway is that AI can assist analysis and documentation, but it should not bypass access control, privacy rules, or technician validation.

• Public prompt warning fails because telling a public tool the data is confidential does not control where the data is processed or stored.
• No review fails because AI-generated changes and documentation still require technician validation.
• Urgency exception fails because urgent troubleshooting does not justify exposing raw sensitive logs to unapproved tools.

Question 9

Topic: Network Operations

A company manages switches and firewalls at a small branch office. Recent routing failures have prevented administrators from reaching devices over the production VPN. Security policy prohibits exposing management interfaces directly to the internet, but the network team must still be able to troubleshoot outages remotely. Which approach is the BEST professional decision?

Options:

• A. Use an out-of-band console server reachable through a secured VPN with MFA

• B. Allow SSH to each device from the internet using local passwords

• C. Use only the production VPN and improve monitoring alerts

• D. Disable all remote management and require onsite access

Best answer: A

Explanation: The core concept is secure remote management with troubleshooting resilience. In-band management depends on the production network, so a routing or VPN outage can block administrators from reaching the devices that need repair. An out-of-band path, such as a console server on a separate management connection, provides access even when production connectivity is impaired. That path should still be protected with strong controls, such as a VPN, MFA, restricted accounts, and logging, rather than being exposed directly to the internet. The key takeaway is to separate emergency management access from user traffic without weakening authentication or access control.

• Direct internet SSH violates the policy and increases attack surface, even if passwords are used.
• Production VPN only remains unavailable during the same routing failures that prompted the requirement.
• Onsite-only access protects devices but fails the remote troubleshooting requirement and slows recovery.

Question 10

Topic: Network Operations

A company is deploying switches at a remote branch. Network administrators must be able to reach the devices even if a production VLAN or routing change breaks user connectivity. Management traffic should also be isolated from normal data traffic. Which management approach best meets these requirements?

Options:

• A. In-band HTTPS management on the default user VLAN

• B. Out-of-band management through a dedicated console or management network

• C. Remote desktop to a workstation on the branch LAN

• D. In-band SSH to each switch SVI on the production network

Best answer: B

Explanation: Out-of-band management provides a management path that is separate from the production data network, such as a dedicated management interface, console server, or separate access circuit. This fits the requirement because administrators need access during production VLAN or routing failures and want management traffic isolated from user traffic. In-band management, such as SSH or HTTPS over the same routed network that users depend on, is simpler but can fail when the production path fails. The key distinction is whether the management connection depends on the production network being healthy.

• SSH to an SVI is in-band because it depends on the production switching and routing path.
• HTTPS on a user VLAN exposes management over normal data traffic and does not provide isolation.
• Remote desktop on the LAN still depends on branch production connectivity, so it does not solve access during network outages.

Continue with full practice

Use the CompTIA Network+ N10-010 Practice Test page for the full IT Mastery practice bank, mixed-topic practice, timed mock exams, explanations, and web/mobile app access.

Try CompTIA Network+ N10-010 on Web View CompTIA Network+ N10-010 Practice Test

Related focused pages

• Free CompTIA Network+ N10-010 Full-Length Practice Exam
• Networking Concepts
• Network Implementation
• Network Security
• Network Troubleshooting

Free review resource

Use the full IT Mastery practice page above for the latest review links and practice page.