CompTIA Network+ N10-009 Study Guide: How to Pass the Exam

Overview

The CompTIA Network+ (N10-009) is the most widely recognised vendor-neutral networking certification. It validates that you can configure, manage, troubleshoot, and secure both wired and wireless networks and is a common stepping stone before the Security+, CCNA, and other advanced networking certifications.

The exam has up to 90 questions (multiple choice and performance-based), a 90-minute time limit, and a passing score of 720/900. The 2024 revision expanded coverage of SD-WAN, cloud networking, VxLAN, and infrastructure as code alongside the foundational networking topics.

Exam Domains

Network Troubleshooting is the largest domain. Subnetting and protocol knowledge underpin most of the other domains.

Domain 1: Networking Concepts (23%)

OSI Model

The OSI model appears constantly in exam questions, both directly and as context for understanding where protocols and technologies operate.

A common question type: "A technician is installing a new switch to segment network traffic. At which OSI layer does a switch operate?" (Layer 2, Data Link).

IPv4 Subnetting

Subnetting is a guaranteed part of the exam and requires you to calculate without a calculator. Practice until it's fast.

Key formulas:

• Hosts per subnet = 2^(host bits) - 2
• Number of subnets = 2^(borrowed bits)

Common subnet masks:

IPv6

• 128-bit address, written in hexadecimal colon notation
• Abbreviation rules: Leading zeros in a group can be dropped; one run of consecutive all-zero groups can be replaced with ::
• Link-local: fe80::/10 (auto-configured, not routed)
• Global unicast: 2000::/3 (equivalent to public IPv4)
• Multicast: ff00::/8 (no broadcast in IPv6)
• EUI-64: Derives interface ID from the 48-bit MAC address

Common Ports

Domain 2: Network Implementation (20%)

Routing Protocols

Exam tip: Questions that mention "large enterprise network" and "fast convergence" point to OSPF. Questions about "routing between internet service providers" or "connecting to multiple ISPs" point to BGP.

VLANs and Trunking

• VLANs: Logical segmentation of a physical network; separate broadcast domains without additional hardware
• Trunk links: Carry multiple VLANs between switches; 802.1Q tagging adds a 4-byte header to identify the VLAN
• Native VLAN: Untagged traffic on a trunk; must match on both ends to avoid mismatches
• Voice VLAN: Separate VLAN for VoIP traffic to enable QoS prioritisation
• Inter-VLAN routing: Requires a Layer 3 switch or router (router-on-a-stick configuration)

Wireless Standards

MU-MIMO: Multiple User, Multiple Input, Multiple Output — allows the access point to serve multiple clients simultaneously; critical in high-density environments.

Wireless Security

• WPA2 (CCMP/AES): Current enterprise standard; uses 802.1X for enterprise authentication
• WPA3 (SAE): Replaces PSK with Simultaneous Authentication of Equals; resistant to offline dictionary attacks
• WEP: Broken, deprecated — exam distractor only
• 802.1X/EAP: Port-based authentication using a RADIUS server; required for WPA2/WPA3 Enterprise

Domain 3: Network Operations (19%)

Network Monitoring

• SNMP (Simple Network Management Protocol): v3 is the secure version; MIB defines variables agents can report; OIDs identify specific data points
• NetFlow / IPFIX: Traffic analysis — source/destination IPs, ports, protocol, byte counts; used for capacity planning and anomaly detection
• Syslog: Centralised logging from network devices; severity levels 0 (Emergency) through 7 (Debug)
• NTP: Network Time Protocol — critical for log correlation and Kerberos authentication

High Availability

• HSRP / VRRP / GLBP: First-hop redundancy protocols; present a virtual gateway IP to clients; one router is active, others are standby
• Port aggregation (LACP/802.3ad): Bond multiple physical links into one logical link; increases bandwidth and provides redundancy
• Spanning Tree (STP/RSTP): Prevents Layer 2 loops in networks with redundant switch paths; RSTP (802.1w) converges faster than classic STP

DNS Operation

• Record types:

  • A: IPv4 address
  • AAAA: IPv6 address
  • CNAME: Canonical name (alias)
  • MX: Mail server
  • PTR: Reverse lookup
  • TXT: Arbitrary text (used for SPF, DKIM, DMARC)
  • NS: Name server
  • SOA: Start of authority

• Resolution process: Client checks local cache → checks OS hosts file → queries recursive resolver → resolver queries root → TLD → authoritative

Domain 4: Network Security (14%)

Firewall Types

• Packet filtering: Examines header information only (source/destination IP, port); stateless
• Stateful inspection: Tracks connection state; can distinguish established connections from new ones
• NGFW (Next-Generation Firewall): Application awareness, IPS integration, user identity awareness, SSL inspection
• WAF (Web Application Firewall): Layer 7 inspection of HTTP/HTTPS traffic; OWASP Top 10 protection

VPN Technologies

• IPSec: Network-layer encryption; two modes — Transport (encrypts payload) and Tunnel (encrypts entire packet); IKE for key exchange
• SSL/TLS VPN: Application-layer; works through firewalls on port 443; clientless options available
• WireGuard: Modern, fast VPN protocol; lower overhead than IPSec; increasingly common in new deployments
• Site-to-site vs remote access: Site-to-site connects fixed locations permanently; remote access connects individual users

Common Network Attacks

• ARP poisoning: Mapping a legitimate IP to an attacker's MAC address to intercept traffic; mitigate with Dynamic ARP Inspection
• VLAN hopping: Switch spoofing or double tagging to access traffic on another VLAN; mitigate by disabling DTP and using a non-default native VLAN
• DNS poisoning: Injecting false records into a DNS resolver's cache; mitigate with DNSSEC
• MAC flooding: Filling a switch's CAM table to force it to broadcast all traffic; mitigate with port security

Domain 5: Network Troubleshooting (24%)

CompTIA Troubleshooting Methodology

1. Identify the problem (gather information, symptoms, recent changes)
2. Establish a theory of probable cause
3. Test the theory to determine the cause
4. Establish a plan of action and identify potential effects
5. Implement the solution or escalate
6. Verify full system functionality and implement preventive measures
7. Document findings, actions, and outcomes

The exam asks about the correct next step in a troubleshooting scenario. Know which step each action belongs to.

Troubleshooting Commands

Cable and Physical Layer

• Cat5e: Up to 1 Gbps, 100m; adequate for most LAN deployments
• Cat6: Up to 10 Gbps, 55m (or 1 Gbps at 100m); improved crosstalk resistance
• Cat6A: Up to 10 Gbps at 100m; required for full 10GBase-T runs
• TDR (Time Domain Reflectometer): Finds breaks and impedance mismatches in copper cables
• OTDR (Optical Time Domain Reflectometer): Same for fibre optic cables

Common Exam Traps

• Hub vs Switch: Hubs operate at Layer 1 and broadcast to all ports; switches operate at Layer 2 and forward based on MAC address
• OSPF vs BGP: OSPF is for internal routing within an organisation (IGP); BGP is for routing between organisations and ISPs (EGP)
• WPA2 Personal vs Enterprise: Personal uses a pre-shared key; Enterprise uses 802.1X with a RADIUS server
• VLAN vs Subnet: VLANs are Layer 2 segments; subnets are Layer 3 segments. They often align, but are not the same thing
• Latency vs Bandwidth: Bandwidth is the capacity of the connection; latency is the delay. A high-bandwidth link can still have high latency

Study Plan (6 Weeks)

Practice Exam Strategy

• Subnetting questions should be answered quickly. If they're taking more than 90 seconds, practise more until they're fast
• For troubleshooting scenarios, apply the CompTIA methodology before looking at answers
• Performance-based questions appear at the start. Budget 5–10 minutes each and move on if stuck
• Keywords: "fastest convergence" → OSPF; "connecting to multiple ISPs" → BGP; "high-density wireless" → Wi-Fi 6 + MU-MIMO

Use the N10-009 practice exams throughout your preparation to identify gaps across all five domains. Aim for 80%+ consistently before booking.