// Exam Overview
| Detail | Value |
|---|---|
| Exam code | N10-009 |
| Number of questions | Up to 90 (multiple choice + performance-based) |
| Duration | 90 minutes |
| Passing score | 720 out of 900 |
| Recommended experience | 9�12 months in IT with networking exposure, CompTIA A+ helpful |
Domain 1
Networking Fundamentals � 23%
Domain 2
Network Implementation � 19%
Domain 3
Network Operations � 17%
Domain 4
Network Security � 16%
Domain 5
Network Troubleshooting � 25%
// OSI & TCP/IP Models
| OSI Layer | Name | Protocols / Examples | TCP/IP layer |
|---|---|---|---|
| 7 | Application | HTTP, FTP, DNS, SMTP, SNMP, Telnet | Application |
| 6 | Presentation | SSL/TLS, JPEG, MPEG, ASCII encoding | Application |
| 5 | Session | NetBIOS, RPC, SMB session management | Application |
| 4 | Transport | TCP, UDP � segments, ports, flow control | Transport |
| 3 | Network | IP, ICMP, OSPF, BGP � packets, routing | Internet |
| 2 | Data Link | Ethernet, Wi-Fi (802.11), ARP, MAC addresses � frames | Network Access |
| 1 | Physical | Cables, connectors, hubs, bits � electrical/optical signals | Network Access |
Mnemonic (top to bottom): "All People Seem To Need Data Processing" � Application, Presentation, Session, Transport, Network, Data Link, Physical.
TCP vs UDP
| TCP | UDP | |
|---|---|---|
| Connection | Connection-oriented � 3-way handshake (SYN, SYN-ACK, ACK) | Connectionless � fire and forget |
| Reliability | Guaranteed delivery � acknowledgements, retransmission | No guarantee � packets may be lost |
| Speed | Slower � overhead of handshake and ACKs | Faster � no overhead |
| Use cases | HTTP, HTTPS, FTP, SMTP, SSH � where accuracy matters | DNS, DHCP, streaming, VoIP, gaming � where speed matters |
// Subnetting
Subnetting is tested heavily � you need to be able to determine network address, broadcast address, usable host range, and subnet mask from a given IP/CIDR.
| CIDR | Subnet mask | Hosts per subnet | Subnets (from /24) |
|---|---|---|---|
| /24 | 255.255.255.0 | 254 | 1 |
| /25 | 255.255.255.128 | 126 | 2 |
| /26 | 255.255.255.192 | 62 | 4 |
| /27 | 255.255.255.224 | 30 | 8 |
| /28 | 255.255.255.240 | 14 | 16 |
| /29 | 255.255.255.248 | 6 | 32 |
| /30 | 255.255.255.252 | 2 | 64 |
| /32 | 255.255.255.255 | 1 (host route) | � |
Private IP ranges (RFC 1918)
| Range | CIDR | Class |
|---|---|---|
| 10.0.0.0 � 10.255.255.255 | 10.0.0.0/8 | A |
| 172.16.0.0 � 172.31.255.255 | 172.16.0.0/12 | B |
| 192.168.0.0 � 192.168.255.255 | 192.168.0.0/16 | C |
| 169.254.0.0 � 169.254.255.255 | 169.254.0.0/16 | APIPA (link-local) |
| 127.0.0.0 � 127.255.255.255 | 127.0.0.0/8 | Loopback |
APIPA (169.254.x.x) � a device assigns itself this address when it fails to obtain one via DHCP. If you see a 169.254.x.x address during troubleshooting, DHCP is the problem.
// Common Ports & Protocols
| Port | Protocol | Transport |
|---|---|---|
| 20 / 21 | FTP (data / control) | TCP |
| 22 | SSH / SFTP / SCP | TCP |
| 23 | Telnet (unencrypted) | TCP |
| 25 | SMTP (email sending) | TCP |
| 53 | DNS | UDP (queries) / TCP (zone transfers) |
| 67 / 68 | DHCP (server / client) | UDP |
| 69 | TFTP | UDP |
| 80 | HTTP | TCP |
| 110 | POP3 | TCP |
| 119 | NNTP | TCP |
| 123 | NTP (time sync) | UDP |
| 137�139 | NetBIOS | UDP / TCP |
| 143 | IMAP | TCP |
| 161 / 162 | SNMP (get / trap) | UDP |
| 389 | LDAP | TCP / UDP |
| 443 | HTTPS | TCP |
| 445 | SMB / Active Directory | TCP |
| 465 / 587 | SMTPS / SMTP submission | TCP |
| 514 | Syslog | UDP |
| 636 | LDAPS (secure) | TCP |
| 993 / 995 | IMAPS / POP3S | TCP |
| 1433 | Microsoft SQL Server | TCP |
| 1723 | PPTP VPN | TCP |
| 3306 | MySQL | TCP |
| 3389 | RDP | TCP |
| 5060 / 5061 | SIP (VoIP) | UDP / TLS |
| 8080 / 8443 | HTTP / HTTPS alternate | TCP |
// Network Devices
| Device | OSI Layer | Function |
|---|---|---|
| Hub | Layer 1 | Repeats signals to all ports � creates a single collision domain. Legacy, not used in modern networks. |
| Switch | Layer 2 | Forwards frames based on MAC address � each port is its own collision domain. Builds MAC address table. |
| Router | Layer 3 | Routes packets between networks based on IP address � connects subnets and to the internet |
| Multilayer switch (L3 switch) | Layer 2�3 | Switches at L2 speed but can also route at L3 � used for inter-VLAN routing |
| Firewall | Layer 3�7 | Filters traffic based on rules � stateful (tracks connections) or stateless (filters packets individually) |
| Proxy | Layer 7 | Intermediary between clients and servers � caching, content filtering, anonymisation |
| Load balancer | Layer 4�7 | Distributes traffic across multiple servers � improves availability and scalability |
| IDS / IPS | Layer 3�7 | IDS detects and alerts, IPS blocks � inline (IPS) or passive (IDS). NIDS = network, HIDS = host. |
| WAF | Layer 7 | Application-aware firewall � blocks SQLi, XSS, and other web attacks at HTTP layer |
| Access point (WAP) | Layer 2 | Wireless to wired bridge � extends network wirelessly |
// Wireless Standards
| Standard | Name | Frequency | Max speed |
|---|---|---|---|
| 802.11a | Wi-Fi 1 | 5 GHz | 54 Mbps |
| 802.11b | Wi-Fi 1 | 2.4 GHz | 11 Mbps |
| 802.11g | Wi-Fi 3 | 2.4 GHz | 54 Mbps |
| 802.11n | Wi-Fi 4 | 2.4 / 5 GHz | 600 Mbps |
| 802.11ac | Wi-Fi 5 | 5 GHz | 3.5 Gbps |
| 802.11ax | Wi-Fi 6 / 6E | 2.4 / 5 / 6 GHz | 9.6 Gbps |
Wireless security protocols
| Protocol | Status | Notes |
|---|---|---|
| WEP | Broken � do not use | RC4-based � crackable in minutes with tools like aircrack-ng |
| WPA | Weak � deprecated | TKIP encryption � improved over WEP but still vulnerable |
| WPA2 | Current minimum | AES-CCMP � KRACK vulnerability in 2017 but mitigated by patches |
| WPA3 | Recommended | SAE replaces PSK, protects against offline dictionary attacks, forward secrecy |
| WPA2-Enterprise | Required for corporate | 802.1X authentication against RADIUS � individual credentials, not shared PSK |
// Network Security
| Concept | Definition |
|---|---|
| NAC (802.1X) | Network Access Control � authenticates devices before granting network access. Uses RADIUS server and supplicant on client. |
| VLAN | Virtual LAN � logical network segmentation at Layer 2. Traffic between VLANs requires a router. |
| ACL | Access Control List � firewall or router rules permitting or denying traffic based on IP, port, protocol |
| VPN tunnelling protocols | IPSec (L3), SSL/TLS VPN (L7), OpenVPN, WireGuard, L2TP/IPSec (common combination) |
| Port security | Switch feature � limits MAC addresses allowed on a port, disables port on violation |
| DHCP snooping | Blocks rogue DHCP servers on switch ports not designated as trusted |
| Dynamic ARP inspection | Validates ARP packets against DHCP snooping table � prevents ARP poisoning |
| DNSSEC | Adds cryptographic signatures to DNS responses � prevents DNS spoofing |
// Troubleshooting Methodology
CompTIA's seven-step troubleshooting methodology is directly tested. Know the steps and order.
| Step | Action |
|---|---|
| 1 | Identify the problem � gather information, identify symptoms, question users |
| 2 | Establish a theory of probable cause � consider the obvious first |
| 3 | Test the theory � if confirmed, proceed; if not, establish a new theory |
| 4 | Establish a plan of action � consider effects of solution before implementing |
| 5 | Implement the solution or escalate |
| 6 | Verify full system functionality � ensure the problem is resolved and no new issues introduced |
| 7 | Document findings, actions, and outcomes |
Troubleshooting tools
| Tool | Use |
|---|---|
ping | Tests ICMP connectivity � basic reachability check |
traceroute / tracert | Shows the path packets take � identifies where connectivity fails |
nslookup / dig | DNS resolution testing � checks if DNS is resolving correctly |
ipconfig / ifconfig | Shows IP configuration � check for APIPA (169.254.x.x = DHCP failure) |
netstat / ss | Active connections, listening ports |
arp -a | ARP cache � check for duplicate MAC entries (ARP poisoning) |
route print / ip route | Routing table � check for missing or incorrect routes |
| Wireshark | Packet capture � full visibility into network traffic |
| Cable tester | Physical layer � verifies cable continuity and wiring |
// Exam Tips
Domain 5 (Troubleshooting) is 25% of the exam. Master the 7-step methodology and know which tool to use for which type of problem. Scenario questions will describe a symptom and ask you to pick the right next step or tool.
Know your port numbers cold. The exam will list a protocol and ask the port, or show a port and ask what's running. Port questions appear frequently � write out the top 30 ports from memory as a daily exercise until they're automatic.
Subnetting will appear. Practice until you can calculate the network address, broadcast address, and host range quickly. Use the "magic number" method: subtract the last non-zero octet of the subnet mask from 256 to find the subnet increment.
Understand the OSI model in context. Questions often describe a problem and ask at which layer it occurs. Physical issues = Layer 1. MAC/VLAN = Layer 2. IP routing = Layer 3. TCP/UDP/port = Layer 4. Application = Layers 5�7.