RT
RontechmediaTechnology Education
× PracticeTest360
⚡ Take Practice Test
🌐 CompTIA Network+ Certification · N10-009

Complete Network+
Study System

Master all 5 domains of the N10-009 exam with comprehensive study notes, 200+ interactive flashcards, domain quizzes, and a full-length practice test. Everything you need for first-attempt success.

200+
Flashcards
90
Practice Qs
5
Domains
720
Pass Score
⚡ Practice Test
🌐
Exam N10-009
90 questions · 90 minutes · Pass score 720/900. Covers networking concepts, implementation, operations, security, and troubleshooting across 5 weighted domains.
90 minPass: 7205 Domains
📡
Networking Concepts
OSI & TCP/IP models, all critical ports, IPv4/IPv6 addressing, subnetting, routing protocols, network topologies, and WAN technologies.
23%Largest Domain
🔒
Network Security
Attack types, network hardening, firewalls, IDS/IPS, AAA (RADIUS/TACACS+), 802.1X, VPNs, cryptography, and PKI infrastructure.
22%Critical Domain
🛠️
Troubleshooting
7-step CompTIA methodology, CLI tools (ping, tracert, nmap, netstat), hardware tools (OTDR, toner probe), wired & wireless symptoms.
22%High Value
🃏
Interactive Flashcards
200+ cards covering ports, subnetting, protocols, routing, security, and troubleshooting. Filter by domain, track confidence, shuffle deck.
200+ CardsFilterable
🎯
Full Practice Exam
90-question timed exam matching the real N10-009 format with scaled scoring, per-domain breakdown, and explanations for every answer.
⚡ Launch Now
Ready to Test Your Network+ Knowledge?
Take our full-length CompTIA Network+ practice exam with authentic N10-009 scoring, timing, and detailed explanations for every question.
⚡ Launch Full Practice Test
Exam Info

CompTIA Network+ Overview

Full breakdown of the N10-009 exam — format, domains, scoring, prerequisites, and test-day strategy to maximize your score.

🌐 Exam Details N10-009
Max Questions90
Time Limit90 Minutes
Passing Score720 / 900
Question TypesMCQ + PBQ
Number of Domains5
Exam CodeN10-009
📋 Certification Info
VendorCompTIA
Exam Cost~$358
Valid For3 Years
Testing PartnerPearson VUE
CEUs to Renew30 CEUs
DoD 8570.01-MIAT Level II
🎯 Prerequisites
Hard PrerequisiteNone Required
Recommended PriorCompTIA A+
Experience Rec.9–12 months
Study Hours60–100 hrs
Vendor-NeutralYes
Career TargetNetwork Admin
💡 Skills Validated
ConfigureRouters & switches
ManageNetwork infrastructure
TroubleshootConnectivity issues
SecureNetwork environments
MonitorNetwork performance
DocumentChanges & diagrams

N10-009 Domain Weights

1.0 Networking Concepts23%
2.0 Network Implementation19%
3.0 Network Operations14%
4.0 Network Security22%
5.0 Network Troubleshooting22%
💡 Scaled Scoring: CompTIA uses a scale of 100–900. You need 720 to pass. Scaled scoring accounts for question difficulty — aim for 80%+ on practice tests to feel confident. A straight percentage does not equal your scaled score.
⚠️ PBQ Strategy: Performance-Based Questions appear early and simulate real tasks (configure a device, identify a topology, subnet a network). They carry high point values. If stuck, flag and skip — finish all MCQs first, then return to PBQs with remaining time.
Simulate the Real Exam Experience
Our full practice test mirrors the N10-009 with timed questions, domain performance tracking, and explanations for every question.
⚡ Start Practice Test Now
Study Guide

Comprehensive Study Guide

Deep-dive notes for all 5 Network+ domains. Reference tables, mnemonics, exam tips, and everything you need to master N10-009.

📡

Domain 1.0 — Networking Concepts

OSI model, TCP/IP, ports, IPv4/IPv6, subnetting, routing, topologies, WAN technologies

23%
OSI Model — All 7 Layers
#LayerPDUKey Protocols / Devices
7ApplicationDataHTTP, HTTPS, DNS, FTP, SMTP, SNMP, RDP
6PresentationDataTLS, SSL, JPEG, ASCII, encryption formats
5SessionDataNetBIOS, RPC, SQL sessions, NFS
4TransportSegmentTCP, UDP — ports live at this layer
3NetworkPacketIP, ICMP, OSPF, BGP — Routers
2Data LinkFrameEthernet, ARP, PPP — Switches, MACs
1PhysicalBitCables, hubs, NICs, repeaters, signals
Mnemonics: Top→Bottom: "All People Seem To Need Data Processing" | Bottom→Top: "Please Do Not Throw Sausage Pizza Away"
Critical Ports — Must Memorize All
Port(s)ProtocolPurposeTCP/UDP
20/21FTPFile transfer (data/control)TCP
22SSH / SCP / SFTPEncrypted remote access & file transferTCP
23TelnetUnencrypted CLI — avoid!TCP
25SMTPSend outbound emailTCP
53DNSName resolution (zone xfer = TCP)TCP+UDP
67/68DHCPServer/client IP assignmentUDP
69TFTPTrivial file transfer (no auth)UDP
80HTTPUnencrypted web trafficTCP
110POP3Download email from serverTCP
119NNTPNetwork news / UsenetTCP
123NTPTime synchronizationUDP
143IMAPSync email, stays on serverTCP
161/162SNMPGet/Trap network managementUDP
389LDAPDirectory service queriesTCP/UDP
443HTTPSEncrypted web (TLS)TCP
445SMBWindows file/printer sharingTCP
465/587SMTPSSecure outbound emailTCP
514SyslogCentralized log forwardingUDP
636LDAPSSecure LDAP over TLSTCP
993/995IMAPS/POP3SSecure email retrievalTCP
3389RDPRemote Desktop ProtocolTCP
5060/5061SIPVoIP signalingTCP/UDP
IPv4 Addressing & Classes
  • Class A: 1–126.x.x.x · Default /8 (255.0.0.0) · ~16M hosts/network
  • Class B: 128–191.x.x.x · Default /16 (255.255.0.0) · ~65K hosts
  • Class C: 192–223.x.x.x · Default /24 (255.255.255.0) · 254 hosts
  • Class D: 224–239.x.x.x · Multicast only — not unicast
  • Class E: 240–255.x.x.x · Reserved/experimental
  • Private (RFC 1918): 10.0.0.0/8 · 172.16–31.x.x/12 · 192.168.x.x/16
  • Loopback: 127.0.0.1 — tests local TCP/IP stack (entire 127.0.0.0/8 reserved)
  • APIPA: 169.254.x.x/16 — self-assigned when DHCP fails
  • Network address: First IP in subnet — identifies the network, not assignable
  • Broadcast: Last IP in subnet — sends to all hosts, not assignable
  • Usable hosts: Formula = 2n – 2 (n = host bits)
Subnetting Quick Reference
CIDRSubnet MaskBlock SizeUsable Hosts
/24255.255.255.0256254
/25255.255.255.128128126
/26255.255.255.1926462
/27255.255.255.2243230
/28255.255.255.2401614
/29255.255.255.24886
/30255.255.255.25242
/16255.255.0.06553665534
/8255.0.0.016M16,777,214
Magic Number Trick: 256 minus the subnet mask octet = block size. For /26 (255.255.255.192): 256–192 = 64. Subnets start at 0, 64, 128, 192. Always subtract 2 from block size for usable hosts.
IPv6 Essentials
  • Format: 128-bit · 8 groups of 4 hex digits · :: compresses consecutive all-zero groups (once only)
  • ::1/128 — Loopback (equivalent to 127.0.0.1)
  • fe80::/10 — Link-local: auto-configured on all interfaces, not routable
  • fd00::/8 — Unique local: private range (equivalent to RFC 1918)
  • 2000::/3 — Global unicast: internet-routable addresses
  • ff00::/8 — Multicast: replaces broadcast in IPv6
  • SLAAC: Stateless Address Autoconfiguration — device builds its own address from router prefix + EUI-64 from MAC
  • DHCPv6: Stateful address assignment, also provides DNS server info
  • NDP: Neighbor Discovery Protocol — replaces ARP in IPv6; uses ICMPv6
  • Dual-stack: Device runs both IPv4 and IPv6 simultaneously — most common transition method
Routing Protocols & Concepts
  • Static routing: Manually configured, no overhead, best for small networks or stub connections
  • Default route: 0.0.0.0/0 — "gateway of last resort" for all unknown destinations
  • RIP v2: Distance-vector · Metric = hop count · Max 15 hops · AD 120 · Slow convergence
  • OSPF: Link-state · Metric = cost (bandwidth-based) · AD 110 · Dijkstra algorithm · Fast convergence · Scalable
  • EIGRP: Cisco hybrid · Bandwidth + delay metric · AD 90 internal · Very fast convergence
  • BGP: Path-vector · Internet backbone (eBGP) · AD 20 · Policy-based · Extremely scalable but slow
  • Admin Distance order: Connected=0 · Static=1 · EIGRP=90 · OSPF=110 · RIP=120 · eBGP=20
  • NAT/PAT: Translates private IPs to public. PAT = many-to-one using port numbers
  • CIDR: Classless Inter-Domain Routing — allows any prefix length, not just classful boundaries
TCP vs UDP & Key Transport Concepts
  • TCP: Connection-oriented · 3-way handshake (SYN → SYN-ACK → ACK) · Reliable, ordered, error-checked · Slower
  • UDP: Connectionless · No handshake · Fast, low overhead · Used for DNS, DHCP, VoIP, TFTP, streaming
  • ICMP: Network control messages · Ping = echo request/reply · Traceroute = TTL exceeded responses
  • ARP: Resolves IPv4 → MAC · Broadcasts on local segment · Cached in ARP table
  • NDP (IPv6): Replaces ARP · Uses ICMPv6 Neighbor Solicitation / Advertisement messages
  • DHCP DORA: Discover (broadcast) → Offer → Request → Acknowledge
  • DNS records: A (IPv4) · AAAA (IPv6) · CNAME (alias) · MX (mail) · PTR (reverse lookup) · NS (name server) · SOA · TXT
Network Topologies & WAN Technologies
  • Star: All devices → central switch/hub. Most common LAN. Hub failure = all down
  • Bus: Single shared cable. Legacy (10Base2). One break = total failure
  • Ring: Token passing. Each device connected to two neighbors. FDDI standard
  • Full Mesh: Every device connects to every other. Formula: n(n-1)/2 links. Maximum redundancy
  • Partial Mesh: Only critical nodes fully meshed. Balance of cost and redundancy
  • Hub-and-Spoke: Central hub, remote branches as spokes. Common WAN design
  • Spine-Leaf: Modern data center. Leaf = edge switches to servers. Spine = interconnects leaf switches
  • MPLS: Multi-Protocol Label Switching — carrier WAN. Labels for fast packet forwarding
  • SD-WAN: Software-Defined WAN — centrally manages multiple WAN link types
  • DSL / Cable / Fiber / Cellular: Consumer/business broadband options. Fiber (FTTH) = fastest, lowest latency
🎯 Most-Tested: Know every port number cold. Know which OSI layer each device operates at (hub=L1, switch=L2, router=L3, firewall=L3-L7). Master subnetting — /24 through /30 especially. Know the difference between TCP (reliable, connection-oriented) and UDP (fast, connectionless) and which protocols use each.
🔧

Domain 2.0 — Network Implementation

Switching, VLANs, STP, wireless standards, cable types, and network services deployment

19%
Switching Fundamentals
  • Layer 2 switch: Forwards frames by MAC address. Builds CAM table by learning source MACs. Separates collision domains
  • Layer 3 switch: Can route between VLANs using SVIs (Switch Virtual Interfaces). Has IP interfaces per VLAN
  • CAM table: MAC-to-port mappings. Populated automatically. If MAC unknown, switch floods all ports
  • STP (802.1D): Prevents Layer 2 broadcast loops by blocking redundant paths. Elects root bridge
  • RSTP (802.1w): Rapid Spanning Tree. Converges in ~1–2 seconds vs ~50 seconds for classic STP
  • Root bridge election: Lowest Bridge ID wins. Bridge ID = priority (default 32768) + MAC address
  • STP port states: Blocking → Listening → Learning → Forwarding → Disabled
  • PortFast: Skips STP listening/learning states for access ports. Only use on end-device ports
  • BPDU Guard: Err-disables a port if an STP BPDU is received. Protects against rogue switch connections
  • MAC flooding attack: Fills CAM table so switch broadcasts all traffic like a hub (MitM opportunity)
VLANs & Trunking (802.1Q)
  • VLAN: Logically separates broadcast domains on the same physical switch. Layer 2 segmentation
  • Access port: Carries traffic for ONE VLAN only. Untagged. Connects end devices (PCs, phones)
  • Trunk port: Carries traffic for MULTIPLE VLANs. 802.1Q tagged. Connects switches to switches or routers
  • 802.1Q tag: 4-byte header inserted into Ethernet frame containing VLAN ID (1–4094)
  • Native VLAN: Traffic sent untagged on trunk. Default VLAN 1. Security risk — always change native VLAN
  • Inter-VLAN routing: Option 1: Router-on-a-stick (router with sub-interfaces). Option 2: Layer 3 switch with SVIs
  • Voice VLAN: Separate VLAN for IP phones for QoS prioritization and security isolation
  • VLAN hopping: Attack using double-tagging or switch spoofing to reach another VLAN. Prevent by changing native VLAN + disabling DTP
  • VTP (Cisco): VLAN Trunking Protocol — propagates VLAN config between switches. Modes: server, client, transparent
802.11 Wireless Standards
StandardNameBandMax SpeedKey Feature
802.11a5 GHz54 Mbps5 GHz only, shorter range
802.11b2.4 GHz11 MbpsFirst widely adopted
802.11g2.4 GHz54 MbpsBackward compatible with b
802.11nWi-Fi 42.4/5 GHz600 MbpsFirst dual-band, MIMO
802.11acWi-Fi 55 GHz3.5 GbpsMU-MIMO, beamforming
802.11axWi-Fi 6/6E2.4/5/6 GHz9.6 GbpsOFDMA, dense environments
802.11beWi-Fi 72.4/5/6 GHz46 GbpsMulti-link operation
  • Non-overlapping 2.4GHz channels: 1, 6, 11 only (North America) — use only these to prevent co-channel interference
  • 5 GHz: More non-overlapping channels, less interference, but shorter range than 2.4 GHz
  • SSID: Network name broadcast by AP. Can be hidden (minor security through obscurity)
  • BSS vs ESS: BSS = single AP. ESS = multiple APs sharing same SSID for roaming
Wireless Security Standards
  • WEP: Wired Equivalent Privacy · RC4 cipher with weak IVs · Completely broken — never use
  • WPA: TKIP encryption · Better than WEP but still deprecated · Do not use
  • WPA2-Personal: AES-CCMP + PSK (pre-shared key) · Vulnerable to offline dictionary attacks if PSK is weak
  • WPA2-Enterprise: AES-CCMP + 802.1X + RADIUS · Individual user authentication · Corporate wireless standard
  • WPA3-Personal: SAE (Simultaneous Authentication of Equals) replaces PSK · Immune to offline dictionary attacks
  • WPA3-Enterprise: 192-bit security suite · Strongest available option
  • 802.1X: Port-based NAC · Three roles: Supplicant (client) + Authenticator (AP/switch) + Auth Server (RADIUS)
  • EAP variants: EAP-TLS (cert on both sides), PEAP (cert on server only), EAP-FAST (Cisco, no cert needed)
  • Captive portal: Browser-based guest authentication. Redirects HTTP to login page
Cable Standards & Connectors
CategoryMax SpeedMax DistanceBandwidth
Cat 5100 Mbps100 m100 MHz
Cat 5e1 Gbps100 m100 MHz
Cat 61 Gbps / 10G*100 m / 55 m250 MHz
Cat 6a10 Gbps100 m500 MHz
Cat 710 Gbps100 m600 MHz
Cat 840 Gbps30 m2000 MHz
  • SMF (Single-Mode Fiber): Yellow jacket · Laser light source · Long distances (km to 100 km) · Used in WAN/telecom
  • MMF (Multi-Mode Fiber): Orange or aqua jacket · LED source · Short distance (up to ~2 km) · Data centers
  • LC connector: Small form-factor, push-pull latch. Most common in data centers with SFP transceivers
  • SC connector: Square, push-pull. "Stick and Click." Also widely used
  • ST connector: Bayonet twist-lock. Older multimode installations
  • Plenum cable: Fire-retardant, low-smoke jacket. Required in HVAC/air-handling plenum spaces
  • Riser cable: CMR rated. Runs vertically between floors in non-plenum vertical shafts
Network Services
  • DHCP scope: Pool of IP addresses available for assignment in a subnet
  • DHCP reservation: MAC address permanently bound to specific IP. Always receives same address
  • DHCP exclusion: IPs within scope withheld from assignment (reserved for static use)
  • DHCP snooping: Validates DHCP messages. Blocks rogue DHCP servers on untrusted ports. Builds binding table
  • DNS hierarchy: Root (.) → TLD (.com/.org) → Authoritative nameserver → Resolver cache
  • Split DNS: Internal queries resolve to private IPs; external queries resolve to public IPs
  • NTP (UDP 123): Synchronizes clocks. Critical for authentication (Kerberos), certificates, and log correlation. Stratum 0=atomic clock, Stratum 1=NTP server
  • SNMP v3: Adds authentication (SHA) + encryption (AES). v1/v2c send community strings in cleartext — never use on production
  • Syslog (UDP 514): Centralized log collection. Severity 0 (Emergency) through 7 (Debug). Lower = more critical
🔑 802.1Q Native VLAN Security: The native VLAN sends untagged frames on trunk ports. VLAN hopping via double-tagging exploits this default. Always change native VLAN to an unused VLAN (e.g., VLAN 999), assign no user ports to it, and disable DTP (auto-trunking) on access ports. This is a common exam scenario.
⚙️

Domain 3.0 — Network Operations

Documentation, high availability, disaster recovery, network monitoring, and QoS

14%
Network Documentation Types
  • Physical diagram: Shows hardware locations, cable runs, rack equipment, floor plans
  • Logical diagram: Shows IP addressing, VLANs, routing paths — how traffic flows, not physical layout
  • Wiring diagram: Floor plan with cable paths from outlets to patch panels
  • Rack diagram: Equipment placement in server racks with U-height positions
  • Baseline: Documented normal performance metrics. Critical reference point for anomaly detection
  • Network inventory: List of all hardware: model, firmware, IP, location, warranty
  • Change log: Records every configuration change: who, what, when, why, result
  • SOP: Standard Operating Procedure — step-by-step documented processes for routine tasks
  • MDF/IDF: Main Distribution Frame (central hub) / Intermediate Distribution Frame (floor-level closet)
High Availability & Redundancy
  • HSRP (Cisco): Hot Standby Router Protocol. Active + Standby pair share virtual IP/MAC. Active fails → standby takes over. Cisco-proprietary
  • VRRP (Open Standard): Virtual Router Redundancy Protocol. Master + backup(s). RFC 5798. Vendor-neutral equivalent to HSRP
  • GLBP (Cisco): Gateway Load Balancing Protocol. Load-balances AND provides redundancy across multiple gateways simultaneously
  • LACP / 802.3ad: Link Aggregation Control Protocol. Bonds multiple physical links into one logical link for bandwidth AND redundancy
  • NIC teaming: Multiple NICs in a server operating as one logical interface. Active-active (load balance) or active-passive (failover)
  • Redundant paths + STP: Multiple physical paths between switches managed by STP to prevent loops while maintaining redundancy
  • UPS: Uninterruptible Power Supply. Battery backup + voltage regulation. Provides time for graceful shutdown
  • Generator: Long-term power for data centers. Takes ~30–60 sec to start — UPS bridges the gap
Disaster Recovery Concepts
  • RTO (Recovery Time Objective): Maximum acceptable downtime — how quickly must systems be restored?
  • RPO (Recovery Point Objective): Maximum acceptable data loss — how old can the recovered data be?
  • MTBF: Mean Time Between Failures — measures equipment reliability/expected lifespan
  • MTTR: Mean Time To Repair — measures average time to restore service after a failure
  • Hot site: Fully replicated, immediately operational backup facility. Highest cost. Zero or near-zero RTO
  • Warm site: Partial infrastructure ready. Hours to bring online. Moderate cost
  • Cold site: Physical space only. No pre-configured equipment. Cheapest but slowest (days to weeks)
  • 3-2-1 Backup Rule: 3 copies · 2 different media types · 1 copy stored offsite
  • BCP: Business Continuity Plan — broader plan to maintain operations during and after disasters
Network Monitoring Tools & Protocols
  • SNMP v3: Agents on devices report to NMS. Traps = unsolicited alerts from device. v3 adds SHA auth + AES encryption
  • NetFlow / IPFIX: Collects IP flow metadata (src/dst IP, port, bytes, protocol) without capturing full packets. Top-talker analysis
  • Syslog: Centralized log forwarding from all network devices. Filter by severity for alerting. RFC 5424
  • SPAN port: Switched Port Analyzer. Mirrors traffic from one/more ports to a monitor port for Wireshark analysis. Non-intrusive
  • Network TAP: Hardware inline device. Passively copies all traffic. More reliable than SPAN at high speeds
  • Packet capture: Full packet capture with Wireshark. Requires SPAN port or TAP on the switch
  • Bandwidth monitoring: SNMP interface polling, NetFlow analysis. Identify saturation and top talkers
QoS — Quality of Service
  • QoS: Prioritizes network traffic to guarantee performance for critical applications like VoIP and video
  • CoS (802.1p): Layer 2 marking. 3-bit field in 802.1Q VLAN tag. Values 0–7. "Class of Service"
  • DSCP: Differentiated Services Code Point. Layer 3 IP header field. 6 bits, values 0–63. More granular than CoS
  • EF (Expedited Forwarding): DSCP 46. Highest priority queue. Used for VoIP RTP audio streams
  • Traffic shaping: Queues and delays excess traffic to smooth bursts. Avoids drops
  • Traffic policing: Drops or re-marks excess traffic exceeding a defined rate. More aggressive than shaping
  • VoIP requirements: One-way latency <150ms · Jitter <30ms · Packet loss <1% · Bandwidth: ~87 Kbps per G.711 call
  • Jitter: Variable delay between packets. Damaging to real-time traffic. Jitter buffers compensate (add latency)
Physical Infrastructure
  • 568A pin order: White-Green · Green · White-Orange · Blue · White-Blue · Orange · White-Brown · Brown
  • 568B pin order: White-Orange · Orange · White-Green · Blue · White-Blue · Green · White-Brown · Brown
  • Straight-through cable: Same standard both ends (568B–568B). PC to switch, switch to router
  • Crossover cable: Different standards (568A–568B). Switch-to-switch, PC-to-PC (legacy; most modern devices auto-MDIX)
  • Rollover/console cable: Pin 1↔8 reversed. Cisco console access. RJ-45 to USB/DB-9
  • Patch panel: Central termination point. Connects wall outlet runs to switch ports in MDF/IDF
  • Structured cabling: Horizontal cabling (floor to wall outlets) + backbone cabling (between floors/MDF-IDF)
💡 HSRP vs VRRP: Both provide default gateway redundancy. HSRP is Cisco-proprietary with active/standby roles. VRRP is the open standard (RFC 5798) with master/backup roles. Both create a virtual IP used as the default gateway — if the primary router fails, the backup seamlessly assumes the virtual IP. GLBP goes further by also load-balancing traffic across multiple gateways simultaneously.
🔒

Domain 4.0 — Network Security

Attack types, hardening techniques, firewalls, IDS/IPS, AAA, VPNs, cryptography, and PKI

22%
Common Network Attacks
  • DoS: Single attacker floods target with traffic/requests, exhausting resources
  • DDoS: Botnet of thousands floods target simultaneously. Much larger scale than DoS
  • ARP spoofing/poisoning: Attacker sends fake ARP replies to link their MAC to a legitimate IP. Traffic redirected through attacker (MitM)
  • DNS poisoning: Corrupts resolver cache with false DNS records. Redirects users to malicious sites
  • VLAN hopping: Double-tagging or switch spoofing to access restricted VLANs
  • Man-in-the-Middle (MitM): Attacker intercepts communications between two parties silently
  • Replay attack: Captures and retransmits valid auth credentials or session tokens
  • Evil twin AP: Rogue AP with same SSID as legitimate AP. Clients connect and expose traffic
  • Deauth attack: Sends spoofed 802.11 deauthentication frames to disconnect wireless clients
  • SYN flood: Sends massive SYN packets without completing handshake. Exhausts TCP connection table
  • Smurf attack: ICMP echo to broadcast with spoofed source IP. Amplifies traffic toward victim
Network Hardening Techniques
  • Disable unused ports: Shutdown unneeded switch ports to prevent unauthorized physical access
  • Port security: Limits MAC addresses allowed on a port. Sticky MAC learning. Violation actions: protect / restrict / shutdown
  • DHCP snooping: Blocks rogue DHCP servers on untrusted switch ports. Builds binding table (IP+MAC+port)
  • Dynamic ARP Inspection (DAI): Validates ARP packets against DHCP snooping table. Prevents ARP spoofing
  • IP Source Guard: Validates source IP against DHCP binding. Prevents IP address spoofing
  • BPDU Guard: Err-disables port if BPDU received on PortFast-enabled port. Protects STP topology
  • Disable Telnet — use SSH: Telnet sends credentials in cleartext. SSH encrypts entire session
  • Change default credentials: All devices ship with default passwords — always change immediately
  • ACLs: Access Control Lists filter traffic. Standard ACL = source IP only. Extended ACL = src+dst+port+protocol
  • NTP authentication: Prevents time manipulation attacks. Critical for logs and Kerberos authentication
Firewalls & IDS/IPS
  • Packet filtering (stateless): Checks individual packets against ACL rules. Fast but no session awareness
  • Stateful firewall: Tracks TCP/UDP sessions. Automatically allows return traffic. Most common type
  • NGFW (Next-Generation Firewall): Deep packet inspection + app awareness + IPS + SSL/TLS inspection + URL filtering
  • WAF (Web Application Firewall): Layer 7 protection. Blocks SQL injection, XSS, CSRF. Protects web applications
  • IDS (Intrusion Detection System): Monitors and ALERTS only. Passive — does not block traffic
  • IPS (Intrusion Prevention System): Inline deployment. ACTIVELY blocks detected threats in real time
  • NIDS/NIPS: Network-based. Monitors traffic flows across the network
  • HIDS/HIPS: Host-based. Runs on individual endpoints. Monitors OS calls and file changes
  • Signature-based detection: Matches known attack patterns. Fast but cannot detect zero-day attacks
  • Anomaly-based detection: Establishes baseline, flags deviations. Detects novel attacks but higher false positives
  • UTM: Unified Threat Management — all-in-one device combining firewall + IPS + AV + web filter
AAA Framework — Authentication, Authorization, Accounting
  • Authentication: Verify identity — "Who are you?" (username/password, cert, biometric)
  • Authorization: What are you permitted to do? (VLAN assignment, privilege level, access rights)
  • Accounting: What did you do? (session logs, commands run, data accessed — audit trail)
  • RADIUS: UDP 1812 (auth) / 1813 (accounting). Encrypts password only. Combines authentication + authorization. Best for network access (VPN, Wi-Fi, 802.1X)
  • TACACS+: Cisco proprietary. TCP port 49. Encrypts ENTIRE payload. Separates AAA functions. Best for device administration (privileged CLI access)
  • RADIUS vs TACACS+ summary: RADIUS = network access, UDP, password-only encryption. TACACS+ = device admin, TCP, full encryption, granular control
  • 802.1X: Port-based Network Access Control. Supplicant (client) + Authenticator (switch/AP) + Authentication Server (RADIUS)
  • EAP-TLS: Strongest EAP. Mutual certificate authentication (both client and server need certs)
  • PEAP: Protected EAP. Server cert only. Client uses username/password inside TLS tunnel
  • MFA: Multi-Factor Authentication — combines 2+ factors: something you know + have + are
VPN Technologies
  • Site-to-site VPN: Permanently connects two network sites. Router-to-router. Transparent to end users
  • Remote access VPN: Individual users tunnel into corporate network. Requires client software
  • IPsec: Suite of protocols for encrypted/authenticated IP communications
  • IPsec Transport mode: Encrypts payload only. Used for host-to-host communication
  • IPsec Tunnel mode: Encrypts entire original packet. Used in site-to-site VPNs
  • IPsec components: IKE (key exchange) + AH (auth, no encryption) + ESP (encryption + auth)
  • SSL/TLS VPN: Uses HTTPS (port 443). Browser-based or thin client. Easiest through firewalls
  • WireGuard: Modern, lightweight, fast VPN protocol. Simple codebase. Uses UDP
  • Split tunneling: Only corporate-bound traffic goes through VPN. Internet traffic goes directly. More efficient
  • Full tunnel: All traffic routed through VPN. More secure but higher latency and bandwidth overhead
Cryptography & PKI
  • Symmetric encryption: Same key encrypts AND decrypts. Fast. Key distribution challenge. Algorithms: AES, 3DES
  • Asymmetric encryption: Public key encrypts, private key decrypts. Slow. Solves key distribution. Algorithms: RSA, ECC
  • Hashing: One-way function producing fixed-length digest. Verifies integrity. MD5 (broken) · SHA-1 (deprecated) · SHA-256/512 (current)
  • PKI: Public Key Infrastructure — framework of CAs, certificates, and keys for establishing trust
  • CA (Certificate Authority): Trusted third party that issues and signs digital certificates. Root CA → Intermediate CA
  • X.509 digital certificate: Binds public key to an identity. Contains: subject, issuer, validity period, public key, signature
  • TLS handshake: ClientHello → ServerHello + Certificate → Key exchange → ChangeCipherSpec → Finished (encrypted)
  • CRL: Certificate Revocation List — list of revoked certificates published by the CA
  • OCSP: Online Certificate Status Protocol — real-time certificate validity check (more efficient than CRL)
  • Perfect Forward Secrecy (PFS): New session keys generated per session. Past sessions not compromised even if long-term key is leaked
🚨 RADIUS vs TACACS+ — Exam Favorite: RADIUS (UDP 1812/1813) encrypts only the password and is best for network access (Wi-Fi, VPN, 802.1X). TACACS+ (Cisco, TCP 49) encrypts the entire payload, separates AAA into three independent functions, and is best for device administration. If an exam question asks about granular command authorization for privileged CLI access — the answer is TACACS+. If it asks about 802.1X or wireless authentication — the answer is RADIUS.
🛠️

Domain 5.0 — Network Troubleshooting

7-step methodology, CLI tools, hardware tools, wired & wireless symptoms, and Wireshark basics

22%
CompTIA 7-Step Troubleshooting Methodology
  • Step 1 — Identify the problem: Gather info from user. Check error messages, logs, recent changes. Define the exact symptoms
  • Step 2 — Establish a theory of probable cause: Question the obvious. Consider multiple causes. Think about what changed recently
  • Step 3 — Test the theory: Confirm or deny your theory. If confirmed, move to step 4. If denied, establish new theory or escalate
  • Step 4 — Establish a plan of action: Identify the best fix, assess potential side effects, get approval if changes are significant
  • Step 5 — Implement the solution: Apply fix or escalate if beyond scope. Make one change at a time
  • Step 6 — Verify full system functionality: Confirm fix resolved the issue AND did not break anything else
  • Step 7 — Document findings: Record problem, root cause, solution, steps taken, and time. Essential for knowledge base
Essential CLI Troubleshooting Commands
  • ping — ICMP echo test. ping -t (continuous Windows). Tests Layer 3 connectivity to a host
  • tracert / traceroute — Shows each hop to destination with latency. Identifies where connectivity breaks
  • pathping — Windows: combines ping + traceroute. Shows packet loss percentage at each hop
  • ipconfig /all — Shows IP, MAC, DHCP server, DNS, gateway. First step in connectivity troubleshooting
  • ipconfig /flushdns — Clears Windows DNS resolver cache. Fix for stale DNS records
  • nslookup / dig — DNS query tool. Verifies name resolution and queries specific record types
  • netstat -an — Shows all active TCP/UDP connections and listening ports with numerical addresses
  • arp -a — Displays ARP cache (IP-to-MAC mappings). Useful for spotting ARP spoofing
  • route print / ip route — Displays routing table entries. Verify default gateway and specific routes
  • nmap — Port scanner and host discovery. Identifies open ports, services, OS. Security + admin use
  • show interfaces — Cisco: interface status, speed, duplex, input/output errors, CRC errors
  • show ip route — Cisco: displays full routing table including source protocol
  • show mac address-table — Cisco: CAM table showing which MACs are on which switch ports
  • show vlan brief — Cisco: lists all VLANs and port assignments in summary form
  • show spanning-tree — Cisco: STP status, root bridge, port roles and states
Hardware Troubleshooting Tools
  • Cable tester: Verifies wire continuity and correct pinout (568A/B). Identifies opens, shorts, and miswires
  • Toner probe (fox & hound): Injects an audible tone at one end; probe locates cable at other end through walls and ceilings
  • OTDR (Optical Time Domain Reflectometer): Locates breaks, splices, and bends in fiber by measuring reflected light pulses. Shows distance to fault
  • Optical power meter: Measures light signal strength (dBm). Used to calculate fiber insertion loss in a link
  • Multimeter: Measures voltage, current, resistance. Tests PoE voltage, cable continuity, electrical grounding
  • PoE tester: Verifies correct PoE voltage and power class on a switch port before connecting device
  • Wi-Fi analyzer: Shows SSIDs, signal strength (dBm), channel utilization, and interference sources. Essential for wireless troubleshooting
  • Spectrum analyzer: Displays full RF spectrum. Identifies non-802.11 interference (microwave, Bluetooth, cordless phones)
  • Loopback plug: Tests NIC port by looping traffic back. Confirms physical port is functional
Wired Network Symptoms & Solutions
  • No connectivity: Check cable, port LED, switch port status, IP config. Ping default gateway first
  • APIPA (169.254.x.x): DHCP server unreachable. Check: cable, DHCP server running, scope exhaustion, relay agent
  • IP address conflict: Two devices with same IP. Check DHCP exclusions and static assignments. ARP conflict visible in logs
  • Intermittent connectivity: Suspect bad cable, faulty port, duplex mismatch, or interface flapping
  • Duplex mismatch: One side full-duplex, other half. Results in late collisions, CRC errors, slow speeds. Fix: match both sides or set both to auto
  • High latency / slow network: Link saturation, inefficient routing, QoS misconfiguration, or overloaded device
  • Packet loss / CRC errors: Faulty cable, bad NIC, duplex mismatch, noisy connection, or congestion
  • Broadcast storm: STP failure created a loop. Network-wide slowdown or outage. Unplug redundant links to break loop immediately
  • Wrong subnet / can't reach gateway: Verify IP, subnet mask, and default gateway configuration match the intended subnet
Wireless Troubleshooting Scenarios
  • Cannot connect to SSID: Check password, band selection (2.4 vs 5 GHz), MAC filtering, SSID broadcast enabled
  • Weak signal / poor performance: Move device closer, check AP placement, antenna orientation, check for interference
  • Co-channel interference: Multiple APs on same channel fighting for airtime. Use non-overlapping channels (1, 6, 11 for 2.4 GHz)
  • Adjacent channel interference: Overlapping channel frequencies. Use proper channel spacing — stick to 1, 6, 11
  • Sticky client: Device holds onto distant AP instead of roaming to closer one. 802.11r (fast BSS transition) or band steering may help
  • DHCP exhaustion: Scope has no IPs available. Expand scope, reduce lease time, or check for rogue DHCP clients
  • Wrong passphrase: Authentication failure. Most common wireless issue. Verify PSK on client and AP match
  • Hidden SSID: Network not visible in scan. Must manually enter SSID on client to connect
  • RF interference: Bluetooth, microwave ovens, cordless phones on 2.4 GHz. Use 5 GHz or Wi-Fi 6 for dense environments
Wireshark & Packet Analysis Basics
  • Capture filter: Applied BEFORE capture to limit what is collected. Example: host 192.168.1.1 or port 443
  • Display filter: Applied AFTER capture to filter what is shown. Example: http, tcp.port == 80, ip.addr == 10.0.0.1
  • Follow TCP stream: Reassembles entire TCP session for application-layer data viewing. Essential for HTTP analysis
  • Protocol hierarchy: Statistics → Protocol Hierarchy. Shows breakdown of all protocols in capture by percentage
  • SPAN/mirror port required: Must configure SPAN on switch to copy traffic to Wireshark host. Cannot see other ports' traffic without it
  • TCP retransmissions: Indicate packet loss. Visible in the Info column. Sign of congestion or bad link
  • RST packets: Abrupt connection termination — firewall block, port closed, or application crash
  • DNS NXDOMAIN: Non-existent domain response. Name resolution failure. Check DNS config or connectivity to DNS server
🎯 OSI-Layer Troubleshooting Approach: Always work bottom-up: Layer 1 (cable/LED/physical) → Layer 2 (switch port, VLAN, duplex) → Layer 3 (IP config, ping gateway, routing table) → Layer 4 (can you reach the port? netstat/nmap) → Layer 7 (application issue). This systematic approach eliminates guessing and is exactly what exam questions test. "Divide and conquer" by testing midpoint of path first is also acceptable.
Apply Your Knowledge — Take the Practice Test
Test everything you just studied with our full-length CompTIA Network+ practice exam featuring authentic N10-009 scoring and domain-level feedback.
⚡ Take the Full Practice Test
Flashcards

Interactive Flashcards

200+ cards covering all five Network+ domains. Click to flip. Rate your confidence. Filter by domain. Shuffle for variety.

Card 1 of 200
0 Know   0 Review
QUESTION — Click card to reveal answer
Loading...
ANSWER
👆 Click card to flip  |  Rate your confidence after reviewing
Quick Quiz

Quick Quiz Mode

Test your knowledge with 20 questions and instant feedback. Great for focused daily study sessions.

Choose a quiz focus area to begin:

🎯 All Domains
Mixed questions from all 5 domains
📡 Concepts Focus
OSI, TCP/IP, subnetting, routing
🔒 Security Focus
Attacks, VPNs, AAA, cryptography
🛠️ Troubleshooting
Tools, symptoms, methodology
Resources

Study Resources

The best tools, courses, labs, and communities to accelerate your Network+ preparation.

🎯 PracticeTest360 Full Network+ Exam
90-question timed practice exam matching the real N10-009 experience with per-domain performance tracking and detailed answer explanations.
⚡ Launch Practice Test
📋
Official CompTIA Objectives
Download the official N10-009 exam objectives PDF directly from CompTIA — the definitive guide to exactly what will be tested.
CompTIA Network+ Page →
🎓
Professor Messer (Free)
Completely free, high-quality N10-009 video training from one of the most trusted names in CompTIA exam prep. Covers every objective.
Professor Messer N10-009 →
📚
Mike Meyers All-in-One Guide
CompTIA Network+ All-in-One Exam Guide by Mike Meyers — extremely comprehensive with hundreds of practice questions included.
Find on Amazon →
🧪
CompTIA CertMaster Labs
Official hands-on virtual lab environments from CompTIA. Configure routers, switches, and firewalls in simulated environments without real hardware.
CertMaster Labs →
🌐
Cisco Packet Tracer (Free)
Cisco's free network simulation tool for hands-on practice. Build, configure, and troubleshoot networks — essential for visual and hands-on learners.
Cisco NetAcad →
💬
r/CompTIA Community
Active Reddit community of current and aspiring IT professionals. Read exam experiences, find study partners, share resources, and get motivated.
Reddit Community →
🌍
PracticeTest360.com
More practice tests for CompTIA A+, Security+, Linux+, PenTest+, ASVAB, TEAS, ASWB, and many more certifications. Free access available.
PracticeTest360.com →
🏆
Schedule Your Exam
Register for the N10-009 through Pearson VUE — CompTIA's official testing partner. Available at testing centers worldwide or online proctored.
Pearson VUE →
🗓️ Recommended 8-Week Study Plan: Week 1–2: Domain 1 — Networking Concepts (OSI, ports, TCP/IP, subnetting, IPv6). Week 3: Domain 2 — Network Implementation (switching, VLANs, wireless standards, cables). Week 4: Domain 3 — Operations (documentation, HA/DR, SNMP, QoS). Week 5–6: Domain 4 — Security (attacks, hardening, firewalls, AAA, VPNs, crypto). Week 7: Domain 5 — Troubleshooting (tools, methodology, wired/wireless scenarios). Week 8: Full practice exams, review weak domains, schedule real exam.
RONTECHMEDIA × PRACTICETEST360
CompTIA Network+ Complete Study System · N10-009 · For educational use only. Not affiliated with CompTIA.
PracticeTest360.com Practice Test Study Guide Flashcards Quick Quiz