[2026年更新]CNX-001はCloudNetXリアルな無料試験練習テスト [Q10-Q32]

Share

[2026年更新]CNX-001はCloudNetXリアルな無料試験練習テスト

無料CloudNetX CNX-001試験問題を提供します


CompTIA CNX-001 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Network Operations, Monitoring, and Performance: This section of the exam measures skills of Network Operations Specialists and covers day-to-day operational management of network environments. It involves configuring monitoring tools, analyzing performance data, and responding to alerts. Candidates are evaluated on their ability to maintain network health, optimize throughput, and ensure consistent uptime by applying best practices for proactive performance tuning and operations management.
トピック 2
  • Network Troubleshooting: This section of the exam measures the skills of Network Support Engineers and covers diagnosing and resolving connectivity and performance issues across various network layers. It focuses on identifying root causes, using diagnostic tools, and applying systematic troubleshooting methodologies. The goal is to ensure that professionals can minimize downtime, restore service quickly, and prevent recurring problems by maintaining a resilient and stable network environment.
トピック 3
  • Network Architecture Design: This section of the exam measures the skills of Network Architects and covers the ability to design scalable, secure, and efficient network architectures. It focuses on understanding design principles, selecting appropriate network components, and aligning architecture decisions with organizational needs. Candidates are expected to demonstrate a solid grasp of topology planning, high-availability configurations, and integration of cloud and on-premise systems to ensure reliability and performance.
トピック 4
  • Network Security: This section of the exam measures the skills of Security Engineers and covers core practices for protecting network infrastructure. It includes applying firewall rules, implementing access control measures, and designing secure segmentation strategies. The content emphasizes threat mitigation techniques, secure configuration of networking devices, and adherence to compliance frameworks, preparing professionals to safeguard both internal and external network assets effectively.

 

質問 # 10
A network administrator receives a ticket from one of the company's offices about video calls that work normally for one minute and then get very choppy. The network administrator pings the video server from that site to ensure that it is reachable:

Which of the following ismostlikely the cause of the video call issue?

  • A. Latency
  • B. Jitter
  • C. Throughput
  • D. Loss

正解:B

解説:
The wildly varying ping response times (from 11 ms up to 849 ms) indicate high packet-delay variation, which causes the video stream to become choppy after a short period. That fluctuation in latency is known as jitter.


質問 # 11
End users are getting certificate errors and are unable to connect to an application deployed in a cloud. The application requires HTTPS connection. A network solution architect finds that a firewall is deployed between end users and the application in the cloud. Which of the following is the root cause of the issue?

  • A. The firewall has an expired certificate while SSL/HTTPS inspection is enabled.
  • B. The end users do not have certificates on their laptops.
  • C. The firewall on the application server has port 443 blocked.
  • D. The firewall has port 443 blocked while SSL/HTTPS inspection is enabled.

正解:A

解説:
Comprehensive and Detailed Explanation From Exact Extract:
When SSL/HTTPS inspection is enabled on a firewall, it intercepts and decrypts HTTPS traffic. This requires the firewall to present its own trusted certificate to the client device. If that certificate is expired, the client browser will display a certificate error and block access to the application. This is a common misconfiguration that breaks HTTPS communication.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "TLS/SSL Inspection and Certificate Management":
"SSL inspection appliances must have valid certificates installed. Expired or untrusted certificates will result in browsers rejecting the HTTPS session and displaying errors to users." Other options:
* A. Would prevent connection, but not result in certificate errors.
* B. Blocked port 443 would prevent any connection, not cause cert errors.
* C. Client-side certificates are not required unless mutual TLS is configured, which is not stated here.


質問 # 12
Server A (10.2.3.9) needs to access Server B (10.2.2.7) within the cloud environment since they are segmented into different network sections. All external inbound traffic must be blocked to those servers.
Which of the following need to be configured to appropriately secure the cloud network? (Choose two.)

  • A. Network security group rule:
    deny 10.2.0.0/16 to 0.0.0.0/0
  • B. Network security group rule:
    allow 10.2.0.0/16 to 0.0.0.0/0
  • C. Network security group rule:
    allow 10.2.3.9 to 10.2.2.7
  • D. Firewall rule:
    deny 10.2.0.0/16 to 0.0.0.0/0
  • E. Network security group rule:
    deny 0.0.0.0/0 to 10.2.0.0/16
  • F. Firewall rule:
    allow 10.2.0.0/16 to 0.0.0.0/0

正解:C、E

解説:
Network security group rule: allow 10.2.3.9 to 10.2.2.7
Explicitly permits Server A's IP to reach Server B.
Network security group rule: deny 0.0.0.0/0 to 10.2.0.0/16
Blocks all inbound traffic from any external source into the 10.2.0.0/16 address space, ensuring no external access.


質問 # 13
An application is hosted on a three-node cluster in which each server has identical compute and network performance specifications. A fourth node is scheduled to be added to the cluster with three times the performance as any one of the preexisting nodes. The network architect wants to ensure that the new node gets the same approximate number of requests as all of the others combined. Which of the following load- balancing methodologies should the network architect recommend?

  • A. Round-robin
  • B. Weighted
  • C. Least connections
  • D. Load-based

正解:B

解説:
Assign each of the three original nodes a weight of 1 and the new high-performance node a weight of 3. With weighted balancing, the new node will receive 3 / (1 + 1 + 1 + 3) = 50% of traffic - equal to the combined load on the other three.


質問 # 14
An administrator logged in to a cloud account on a shared machine but forgot to log out after the session ended. Which of the following types of security threats does this action pose?

  • A. Privilege escalation
  • B. On-path attack
  • C. IP spoofing
  • D. Zero-day

正解:B

解説:
By leaving an active session open on a shared machine, an attacker with access to that machine can intercept or hijack the administrator's session tokens or credentials - classic on-path behavior - allowing them to impersonate the admin without needing elevated exploits.


質問 # 15
A network engineer is setting up guest access on a Wi-Fi network. After a recent network analysis, the engineer discovered that a user could access the guest network and attack the corporate network, since the networks share the same VLAN. Which of the following should the engineer do to prevent an attack like this one from happening?

  • A. Set up a MAC filtering rule and add the MAC addresses of all corporate devices to the allow list.
  • B. Set up a captive portal so all guest users have to register before gaining access to the wireless network.
  • C. Configure Layer 2 client isolation for the wireless network.
  • D. Set up a strong password on the guest wireless network.

正解:C

解説:
By enabling client isolation at Layer 2, guest clients can still reach the Internet but cannot directly communicate with any other device on that VLAN, including your corporate endpoints, stopping lateral attacks without needing MAC whitelists or overly complex captive-portal setups.


質問 # 16
A network architect is working on a physical network design template for a small education institution's satellite campus that is not yet built. The new campus location will consist of two small buildings with classrooms, one screening room with audiovisual equipment, and 200 seats for students. Which of the following enterprise network designs should the architect suggest?

  • A. Hybrid
  • B. Three-tier
  • C. Collapsed core
  • D. Dual-layer

正解:C

解説:
In a small satellite campus with limited buildings and user density, a collapsed-core (two-tier) design combines the core and distribution layers into a single set of switches. This minimizes hardware, simplifies management, and still provides the necessary segmentation and resiliency for the classrooms, screening room, and student seating areas.


質問 # 17
After a malicious actor used an open port in a company's lobby, a network architect needs to enhance network security. The solution must enable:
* Security posture check
* Auto remediation capabilities
* Network isolation
* Device and user authentication
Which of the following technologies best meets these requirements?

  • A. Microsegmentation
  • B. 802.1X
  • C. IPS
  • D. NAC

正解:D

解説:
Comprehensive and Detailed Explanation From Exact Extract:
Network Access Control (NAC) evaluates the posture of a device before allowing access to the network. It can enforce security policies, authenticate users and devices, and isolate or remediate non-compliant devices.
NAC is widely used in enterprise environments to secure access at the network edge, such as in guest or public areas.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Access Control and Posture Assessment":
"NAC provides device authentication, security posture validation, and can enforce automated remediation or quarantine actions based on policy compliance." Other options:
* A. IPS detects and prevents known threats but does not perform access control or posture checks.
* B. Microsegmentation isolates workloads but lacks posture checks and auto-remediation.


質問 # 18
An organization wants to evaluate network behavior with a network monitoring tool that is not inline. The organization will use the logs for further correlation and analysis of potential threats. Which of the following is thebestsolution?

  • A. Syslog to a common dashboard used in the NOC
  • B. SNMP trap with log analytics
  • C. SSL decryption of network packets with preconfigured alerts
  • D. NetFlow to feed into the SIEM

正解:D

解説:
NetFlow provides detailed, flow-level metadata (source/destination IPs, ports, protocols, byte counts, timestamps) without sitting inline. By exporting these records into your SIEM, you gain centralized logging and can correlate network behaviors with other security events for threat detection and analysis.


質問 # 19
A company is experiencing multiple switch failures. The network analyst discovers the following:
Network recovery time is unacceptable and occurs after the shutdown of some switches.
Some loops were detected in the network.
No broadcast storm was detected.
Which of the following is the most cost-effective solution?

  • A. Implement tagging.
  • B. Add multiple VLANs.
  • C. Add a new Layer 3 switch.
  • D. Implement STP.

正解:D

解説:
Spanning Tree Protocol prevents and automatically resolves layer-2 loops without requiring new hardware. It also improves convergence times after a link or switch failure, meeting the recovery and loop-avoidance requirements most cost-effectively.


質問 # 20
A company just launched a cloud-based application. Some users are reporting the application will not load. A cloud engineer investigates the issues and reports the following:
* Not all users are experiencing the issue.
* The application infrastructure is optimal.
* Users experiencing the issue belong to the company's remote sales team.
Which of the following is most likely misconfigured?

  • A. Application load balancers
  • B. IP addressing
  • C. Geolocation rules
  • D. Ports and protocols

正解:C

解説:
Since only the remote sales team is affected and the infrastructure and network settings are correct, it's most likely that your geolocation or geo-restriction policies are blockingtraffic from the regions where those users are located. Correcting those rules to allow their locations should restore access without impacting other users.


質問 # 21
A network engineer is working on securing the environment in the screened subnet. Before penetration testing, the engineer would like to run a scan on the servers to identify the OS, application versions, and open ports. Which of the following commands should the engineer use to obtain the information?

  • A. hping3 -1 10.10.10.x -rand-dest -I eth0
  • B. nmap -A 10.10.10.0/28
  • C. tcpdump -ni eth0 src net 10.10.10.0/28
  • D. nc -v -n 10.10.10.x 1-1000

正解:B

解説:
Comprehensive and Detailed Explanation From Exact Extract:
nmap -A performs aggressive scanning, which includes OS detection, version detection, script scanning, and traceroute - exactly what is required in this case. It's the most effective and commonly used tool for comprehensive network reconnaissance prior to security testing.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Security Scanning and Reconnaissance Tools":
"Nmap supports comprehensive scanning options, including OS fingerprinting, service version detection, and port scanning, enabling detailed pre-penetration testing assessments." Other options:
* A. tcpdump is for packet capture, not scanning.
* C. nc (netcat) is a port scanning tool, but it lacks OS/app detection.
* D. hping3 is a packet generator, not suitable for full-service scanning.


質問 # 22
A network architect is choosing design options for a new SD-WAN installation that has the following requirements:
All network traffic from the cloud must pass through inspection devices in a dedicated data center.
Ensure redundancy.
Centralize egress traffic.
Which of the following network topologies best meets these requirements?

  • A. Hub-and-spoke
  • B. Point-to-point
  • C. Star
  • D. Partial mesh

正解:A

解説:
A hub-and-spoke design sends all branch and cloud traffic into the central hub (your data center) for inspection, then back out, meeting the requirement for centralized egress and security inspection. By deploying multiple hub nodes and using dynamic path selection, you also achieve redundancy without losing the centralized control plane.


質問 # 23
A network administrator recently deployed new Wi-Fi 6E access points in an office and enabled 6GHz coverage. Users report that when they are connected to the new 6GHz SSID, the performance is worse than the 5GHz SSID. The network administrator suspects that there is a source of 6GHz interference in the office.
Using the troubleshooting methodology, which of the following actions should the network administrator do next?

  • A. Test to see if the changes have improved network performance.
  • B. Document the list of channels that are experiencing interference.
  • C. Change the channels being used by the 6GHz radios in the APs.
  • D. Use a spectrum analyzer and check the 6GHz spectrum.

正解:D

解説:
Comprehensive and Detailed Explanation From Exact Extract:
Using a spectrum analyzer to inspect the 6GHz frequency range allows the administrator to confirm the presence and source of interference. This step aligns with the "identify the problem" phase of the CompTIA troubleshooting methodology. Before making changes or documenting channels, the administrator must validate whether interference exists and collect diagnostic data.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Troubleshooting Methodology and Wireless Interference":
"Spectrum analyzers provide a visual representation of frequency usage and interference in wireless bands, allowing administrators to isolate the root cause of degraded performance before implementing corrective actions." Other options:
* A. Testing performance (Step 5 in the methodology) comes after identifying and resolving the issue.
* C. Documentation is performed during the final step of troubleshooting.
* D. Changing channels without evidence may worsen interference if the problem is not confirmed.


質問 # 24
A company is expanding its network and needs to ensure improved stability and reliability. The proposed solution must fulfill the following requirements:
Detection and prevention of network loops
Automatic configuration of ports
Standard protocol (not proprietary)
Which of the following protocols is the most appropriate?

  • A. BGP
  • B. STP
  • C. SIP
  • D. RTSP

正解:B

解説:
The Spanning Tree Protocol (IEEE 802.1D) is a non-proprietary standard that automatically detects Layer 2 loops and dynamically places redundant switch ports into a blocking or forwarding state, ensuring loop prevention and automatic port configuration.


質問 # 25
A network load balancer is not correctly validating a client TLS certificate. The network architect needs to validate the certificate installed on the load balancer before progressing. Which of the following commands should the architect use to confirm whether the private key and certificate match?

  • A. openssl-rsa -noout -modulus -in cert.crt | openssl md5
    openssl-verify -noout -modulus -in privkey.txt | openssl md5
  • B. openssl-list -noout -modulus -in cert.crt | openssl md5
    openssl rsa -noout -modulus -in privkey.txt | openssl md5
  • C. openssl req -in certificate.csr -verify
    openssl-verify -noout -modulus -in privkey.txt | openssl md5
  • D. openssl x509 -noout -modulus -in cert.crt | openssl md5
    openssl rsa -noout -modulus -in privkey.txt | openssl md5

正解:D

解説:
Comprehensive and Detailed Explanation From Exact Extract:
To verify that the certificate and the private key match, one can extract the modulus from both files and compare their hash values. The correct syntax involves using openssl x509 to extract the modulus from the certificate, and openssl rsa to extract the modulus from the private key, followed by an MD5 hash to ensure they match.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "TLS/SSL Certificate Validation and Troubleshooting":
"To verify that the private key and certificate match, compare the modulus values. A mismatch results in failed TLS handshakes." Other options:
* A & C: Incorrect syntax (openssl-list and openssl-rsa are not valid commands).
* B: The commands shown are used to verify CSRs, not matching keys.


質問 # 26
A network administrator is troubleshooting a user's workstation that is unable to connect to the company network. The results of ipconfig and arp -a are shown. The user's workstation:

A router on the same network shows the following output:

* Has an IP address of 10.21.12.8
* Has subnet mask 255.255.255.0
* Default gateway is 10.21.12.254
* ARP table shows 10.21.12.8 mapped to 1A-21-11-31-74-4C (a different MAC address than the local adapter)

  • A. Broadcast storm
  • B. DHCP server down
  • C. Asynchronous routing
  • D. IP address conflict

正解:D

解説:
Comprehensive and Detailed Explanation From Exact Extract:
The local machine has the IP address 10.21.12.8 and the physical address 1A-21-11-33-44-5A.However, the ARP table shows that 10.21.12.8 is mapped to a different MAC address (1A-21-11-31-74-4C), meaning another device on the network is responding to ARP requests for the same IP. This is a clear sign of an IP address conflict, which would prevent the workstation from functioning properly on the network.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Troubleshooting IP Addressing Issues":
"An IP conflict occurs when two devices on the same network are assigned the same IP address. Symptoms include connectivity loss, duplicate ARP entries, and inconsistent routing behavior." Other options:
* A. Asynchronous routing refers to packets taking different return paths, which is unrelated to ARP inconsistencies.
* C. DHCP server issues would affect IP assignment but are not indicated here - the workstation has an IP address assigned.


質問 # 27
A global company has depots in various locations. A proprietary application was deployed locally at each of the depots, but issues with getting the consolidated data instantly occurred. The Chief Information Officer decided to centralize the application and deploy it in the cloud. After the cloud deployment, users report the application is slow. Which of the following is most likely the issue?

  • A. Overutilization
  • B. Packet loss
  • C. Throttling
  • D. Latency

正解:D

解説:
Comprehensive and Detailed Explanation From Exact Extract:
When an application is moved from local deployment to a centralized cloud deployment, remote users must connect over the WAN. If the application is sensitive to delays, latency becomes a significant issue, especially across geographically distributed regions. This is a common performance concern for centralized applications serving remote offices.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "Cloud Performance and WAN Connectivity":
"Cloud-hosted applications accessed by remote users may suffer from latency-related performance issues.
Optimization strategies may include CDN, caching, or edge deployment."
Other options:
* A. Throttling usually refers to bandwidth or rate-limiting, not general slowness.
* B. Overutilization is possible, but infrastructure was said to be centralized and new.
* C. Packet loss would likely cause disconnects or failures, not just slowness.


質問 # 28
Throughout the day, a sales team experiences videoconference performance issues when the accounting department runs reports. Which of the following is the best solution?

  • A. ConfiguringQoS on the corporate network switches
  • B. Increasing the throughput on the network by purchasing high-end switches
  • C. Using a load balancer to split the video traffic evenly
  • D. Running the accounting department's reports outside of business hours

正解:A

解説:
By implementing Quality of Service rules, you can prioritize videoconference packets over the bulk data transfers generated by accounting reports, ensuring consistent call quality without disrupting either department's workflows.


質問 # 29
An organization with an on-premises data center is adopting additional cloud-based solutions. The organization wants to keep communication secure between remote employees' devices and workloads. Which of the following ZTA featuresbestachieves this goal?

  • A. Secure service edge
  • B. Identity as the perimeter
  • C. Principle of least privilege
  • D. Cloud access security broker

正解:B

解説:
Shifting to "identity as the perimeter" means that each remote user and device's identity (and context) becomes the basis for granting secure, encrypted access directly to workloads, regardless of the underlying network, ensuring communications are authenticated and authorized per-session.


質問 # 30
A network engineer is designing a Layer 2 deployment for a company that occupies severalfloors in an office building. The engineer decides to make each floor its own VLAN but still allow for communication between all user VLANs. The engineer also wants to reduce the time necessary for STP convergence to occur when new switches come online. Which of the following should the engineer enable to accomplish this goal?

  • A. Portfast
  • B. Priority
  • C. BPDU Guard
  • D. Tagging

正解:A

解説:
Comprehensive and Detailed Explanation From Exact Extract:
PortFast is a feature in Spanning Tree Protocol (STP) that allows switch ports connected to end devices (like user workstations) to bypass the usual STP states (Listening and Learning) and transition immediately to the Forwarding state. This significantly reduces convergence time and speeds up the network availability when new switches or ports are introduced.
Relevant Extract from CompTIA CloudNetX CNX-001 Study Guide - under "STP Optimization Techniques":
"PortFast reduces STP convergence time by immediately placing access ports into the forwarding state, useful in environments where rapid network availability is required." Other options:
* A. BPDU Guard is used to disable ports that receive Bridge Protocol Data Units, enhancing security but not STP speed.
* B. Priority modifies bridge priority but doesn't reduce convergence time.
* C. Tagging relates to VLAN identification, not STP behavior.


質問 # 31
A company is experiencing Wi-Fi performance issues. Three Wi-Fi networks are available, each running on the 2.4 GHz band and on the same channel. Connecting to each Wi-Fi network yields slow performance.
Which of the following channels should the networks be configured to?

  • A. Channel 2, Channel 4, and Channel 9
  • B. Channel 1, Channel 6, and Channel 11
  • C. Channel 3, Channel 5, and Channel 10
  • D. Channel 1, Channel 2, and Channel 3

正解:B

解説:
Comprehensive and Detailed Explanation From Exact Extract:
In the 2.4 GHz Wi-Fi band, channels overlap due to how the frequency spectrum is divided. To prevent co- channel and adjacent-channel interference, only non-overlapping channels should be used. According to the IEEE 802.11 standard and best practices outlined in the CompTIA CloudNetX CNX-001 Study Guide under
"Wireless Network Optimization," the three non-overlapping channels in the 2.4 GHz band are:
* Channel 1 (2.412 GHz)
* Channel 6 (2.437 GHz)
* Channel 11 (2.462 GHz)
These channels are spaced far enough apart to avoid interference, even when operating in close proximity.
Using overlapping channels (as in options A, B, and D) causes signal degradation and poor performance due to increased contention and retransmissions.
Relevant Extract from CompTIA CloudNetX CNX-001:
"Wi-Fi networks operating on the 2.4 GHz band should use channels 1, 6, and 11 to ensure maximum throughput and minimal interference in environments with multiple access points."


質問 # 32
......

CompTIA CNX-001リアルな問題と知能問題集:https://jp.fast2test.com/CNX-001-premium-file.html

CNX-001問題集でCloudNetX高確率練習問題集:https://drive.google.com/open?id=1gNcPfpjVlo9z9B30IgncRDGRqJ-Z0syv


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어