This free CompTIA Network+ study guide walks through every content domain the Network+ (N10-009) exam tests, organized to the current CompTIA exam objectives.[1]
It’s interactive, not a wall of text: every module has built-in checkpoint quizzes, flashcards, and practice questions, so you learn by doing — not just reading.
The Network+ tests five official domains, and we teach them as five study modules, leading with the heaviest-weighted content (Troubleshooting and Networking Concepts together are nearly half the exam). Read a module, test yourself at each checkpoint, then drill gaps with our free practice test and flashcards. This guide is a high-yield overview that maps the official content — not a full networking textbook.
CompTIA Network+ is one of the 14 CompTIA certifications — explore our CompTIA study guides to compare and prep across the whole family.
Network+ Exam Snapshot
| Detail | Network+ Exam |
|---|---|
| Exam code | N10-009 (current; replaced N10-008) |
| Questions | Maximum of 90 (multiple choice + performance-based) |
| Time | 90 minutes |
| Passing score | 720 on a 100–900 scale (scaled score, not a percentage) |
| Certifying body | CompTIA |
| Cost | About $369 (single voucher; varies by region/promo) |
| Prerequisites | None required (CompTIA A+ and 9–12 months' experience recommended) |
| Validity | 3 years |
| Renewal | 30 CEUs over 3 years, or pass a higher CompTIA cert |
The Network+ covers five domains. Two of them — Network Troubleshooting and Networking Concepts — together make up nearly half the exam (47%), so that is where to invest first.[1] Study by weight:
Module 1 · Networking Concepts
One official domain, 23% of the exam. This is the foundation — the models, addressing, protocols, and media that everything else builds on. Master the OSI model and subnetting here and the rest of the exam gets dramatically easier.
1.1 The OSI Model & TCP/IP
The is the single most important framework on the exam — a seven-layer map of how data moves across a network. Each layer does one job and serves the layer above it, and Network+ uses it as a troubleshooting tool: isolate a problem to a layer, then fix it there.[11]
- L7
Application · PDU: Data
End-user protocols (HTTP, FTP, DNS, SMTP). The interface to network services.
- L6
Presentation · PDU: Data
Translation, encryption/decryption, and compression (TLS, ASCII, JPEG).
- L5
Session · PDU: Data
Sets up, manages, and tears down sessions between applications (RPC, NetBIOS).
- L4
Transport · PDU: Segment
End-to-end delivery, segmentation, ports. TCP (reliable) and UDP (fast).
- L3
Network · PDU: Packet
Logical addressing and routing between networks. IP, ICMP, routers.
- L2
Data Link · PDU: Frame
Physical (MAC) addressing on the local link. Switches, frames, 802.3/802.11.
- L1
Physical · PDU: Bits
Bits on the wire — cables, connectors, radio, voltage, hubs, NICs.
As data moves down the stack it undergoes : each layer wraps the data in its own header, producing a different at each level — bits (L1), a frame (L2), a packet (L3), and a segment (L4). The receiving host de-encapsulates in reverse going up. The real internet runs on the leaner four-layer , which maps directly onto the OSI layers.
At Layer 4, the two transport protocols are the most-tested distinction in the domain. is connection-oriented and reliable — it opens a connection with the (SYN → SYN-ACK → ACK), acknowledges data, and retransmits losses. is connectionless and best-effort: no handshake, no acknowledgments, just speed.[5]
- 1. SYN
Client → Server: “Can we talk?” Sends an initial sequence number.
- 2. SYN-ACK
Server → Client: acknowledges and sends its own sequence number.
- 3. ACK
Client → Server: acknowledges. Connection established — data flows.
TCP (Transmission Control Protocol)
- Connection-oriented (three-way handshake)
- Reliable — acknowledgments + retransmission
- Ordered, error-checked delivery
- Higher overhead, slower
- Web (HTTP/S), email, file transfer, SSH
UDP (User Datagram Protocol)
- Connectionless — no handshake
- Best-effort — no acknowledgments
- No ordering or retransmission
- Low overhead, fast
- DNS, DHCP, VoIP, streaming, TFTP
| Layer | Name | Job | Examples / devices |
|---|---|---|---|
| 7 | Application | User-facing network services | HTTP, FTP, DNS, SMTP |
| 6 | Presentation | Translation, encryption, compression | TLS, ASCII, JPEG |
| 5 | Session | Set up / manage / tear down sessions | RPC, NetBIOS |
| 4 | Transport | End-to-end delivery, ports | TCP, UDP |
| 3 | Network | Logical addressing, routing | IP, ICMP, routers |
| 2 | Data Link | Local (MAC) addressing, frames | Switches, 802.3, 802.11 |
| 1 | Physical | Bits on the medium | Cables, connectors, hubs, NICs |
1.2 IPv4 Addressing & Subnetting
An is 32 bits written as four octets. A (or its prefix, like /24) marks which bits are the network and which are the host. A device compares its mask against a destination to decide whether to deliver locally or send it to the .
breaks a network into smaller pieces. The exam-critical formula: usable hosts = 2ⁿ − 2 (n = host bits; you subtract the network address and the broadcast address). For a /26, there are 6 host bits, so 2⁶ − 2 = 62 usable hosts.
Know your special ranges cold. ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) are internal-only and reach the internet via .[3] An address (169.254.x.x) means a host couldn’t reach a DHCP server — a classic troubleshooting clue. And 127.0.0.1 (loopback) tests the local TCP/IP stack.
| Range | Name | Meaning |
|---|---|---|
| 10.0.0.0/8 | Private (RFC 1918) | Large private network; not internet-routable |
| 172.16.0.0/12 | Private (RFC 1918) | Medium private network |
| 192.168.0.0/16 | Private (RFC 1918) | Small/home private network |
| 169.254.0.0/16 | APIPA | Self-assigned when no DHCP server answers |
| 127.0.0.0/8 | Loopback | Tests the local TCP/IP stack (127.0.0.1) |
1.3 Ports, Protocols & Media
Memorizing the common ports and protocols is non-negotiable — they appear throughout the exam. Learn the port number, the protocol, and its transport (TCP/UDP) together.
| Port | Protocol | Transport | Purpose |
|---|---|---|---|
| 20 / 21 | FTP | TCP | File transfer (data / control) |
| 22 | SSH / SFTP | TCP | Secure remote shell and file transfer |
| 23 | Telnet | TCP | Insecure remote shell (avoid) |
| 25 | SMTP | TCP | Sending email |
| 53 | DNS | UDP/TCP | Name resolution |
| 67 / 68 | DHCP | UDP | Automatic IP assignment |
| 80 | HTTP | TCP | Web (unencrypted) |
| 123 | NTP | UDP | Time synchronization |
| 161 / 162 | SNMP | UDP | Network management / traps |
| 389 / 636 | LDAP / LDAPS | TCP | Directory services (secure on 636) |
| 443 | HTTPS | TCP | Web (TLS-encrypted) |
| 445 | SMB | TCP | Windows file sharing |
| 3389 | RDP | TCP | Remote Desktop |
On the physical side, know your media. Twisted-pair copper (Cat 5e/6/6a/8) is cheap and common but limited to ~100 m; fiber (single-mode for long distances, multimode for shorter, high-speed runs) is immune to and spans far greater distances. Transceivers (SFP, SFP+, QSFP) connect devices to fiber, and connectors (RJ45 for copper; LC/SC for fiber) are common exam IDs.
1.4 Topologies, Cloud & SDN
Recognize the classic topologies — star (the dominant LAN layout), mesh (max redundancy), point-to-point, and spine-and-leaf (modern data centers) — and the three-tier hierarchical design that organizes enterprise networks into core, distribution, and access layers.
- 1
Core layer
The high-speed backbone. Fast switching and routing between distribution blocks — no packet manipulation.
- 2
Distribution layer
Policy, routing between VLANs, ACLs, and aggregation. The boundary between access and core.
- 3
Access layer
Where end devices connect — switches, APs, PoE, port security, and VLAN assignment.
N10-009 leans heavily on modern environments. separates the control plane (the brain that decides where traffic goes) from the data plane (which forwards it), managing the network centrally in software. extends that idea across WAN links.
Cloud concepts — public/private/hybrid deployment, IaaS/PaaS/SaaS service models, elasticity, and multitenancy — plus and infrastructure as code are all fair game.
| Topology | Description | Trade-off |
|---|---|---|
| Star | All nodes connect to a central switch | Simple; central device is a single point of failure |
| Mesh | Many/all nodes interconnect | Maximum redundancy; expensive and complex |
| Point-to-point | A direct link between two nodes | Simple, dedicated; doesn't scale |
| Spine-and-leaf | Each leaf connects to every spine | Predictable, low-latency data-center fabric |
Checkpoint · Networking Concepts
Question 1 of 10
Which IEEE standard defines the protocol and compatible interconnection for data communication devices using a method of carrier-sensing multiple access with collision detection CSMA/CD?
Module 2 · Network Implementation
One official domain, 20% of the exam. This is where concepts become configuration — routing between networks, switching within them, and wireless. Expect performance-based questions here.
2.1 Routing Technologies
A forwards packets between networks using a routing table. Routes are learned two ways: a you configure by hand (predictable, but no automatic failover), or a dynamic routing protocol that adapts to changes. The two you must know best are (a fast link-state interior protocol that uses cost and runs inside one organization) and (the path-vector protocol of the internet, routing between autonomous systems).[1]
When a router learns the same destination from multiple sources, it picks the most trusted one by (lower wins), then the best metric within that protocol. And almost every network uses — PAT (overload) lets many private hosts share one public IP by tracking port numbers.
| Protocol | Type | Scope | Metric |
|---|---|---|---|
| OSPF | Link-state (IGP) | Within an autonomous system | Cost (bandwidth) |
| EIGRP | Advanced distance-vector (IGP) | Within an AS (Cisco) | Composite (BW + delay) |
| RIP | Distance-vector (IGP) | Small networks | Hop count (max 15) |
| BGP | Path-vector (EGP) | Between autonomous systems | Path attributes / policy |
2.2 Switching, VLANs & STP
A forwards frames within a network using a table; it learns MACs from incoming frames and floods only when a destination is unknown. maps an IP to a MAC so the switch knows where to send the frame.
logically split one switch into multiple broadcast domains — boosting security and cutting broadcast traffic. tags frames so VLANs cross a between switches, and inter-VLAN routing connects them.[8] Because redundant links create loops, elects a root bridge and blocks backup paths until they’re needed.
| Feature | What it does |
|---|---|
| VLAN (802.1Q) | Logically segments a switch into broadcast domains |
| Trunk port | Carries multiple VLANs between switches (tagged) |
| STP / RSTP | Prevents Layer 2 loops; RSTP converges faster |
| Link aggregation (LACP) | Bundles links for more bandwidth + redundancy |
| Port mirroring (SPAN) | Copies traffic to a monitoring port |
| PoE (802.3af/at/bt) | Delivers power + data over one cable |
2.3 Wireless Networking
Wireless follows the family. Know the bands: 2.4 GHz gives longer range but only three non-overlapping channels (1, 6, 11) and lower speed; 5 GHz is faster with many channels but shorter range; 6 GHz (Wi-Fi 6E/7) adds clean spectrum. Wireless uses because stations can’t detect collisions on the air.[9]
For security, always prefer (SAE, forward secrecy) over WPA2-AES; WEP and TKIP are insecure and deprecated. An is the network name; a rogue AP or evil twin is a wireless you defend against with 802.1X and WPA3.
| Standard | Marketing name | Band(s) | Max rate (approx.) |
|---|---|---|---|
| 802.11n | Wi-Fi 4 | 2.4 / 5 GHz | 600 Mbps |
| 802.11ac | Wi-Fi 5 | 5 GHz | ~3.5 Gbps |
| 802.11ax | Wi-Fi 6 / 6E | 2.4 / 5 / 6 GHz | ~9.6 Gbps |
Checkpoint · Network Implementation
Question 1 of 10
Which type of cable is used to connect a computer to a switch in a typical Ethernet network?
Module 3 · Network Operations
One official domain, 19% of the exam. Operations is about keeping a network documented, available, monitored, and managed — the day-to-day discipline that prevents outages.
3.1 Documentation & Availability
Good operations start with documentation: physical and logical diagrams, IP address management (IPAM), rack/floor plans, and written policies and SLAs. Then comes availability — designing so a single failure doesn’t take the network down.
Know the recovery metrics: RTO (how fast you must recover), RPO (how much data loss is acceptable), MTTR (mean time to repair), and MTBF (mean time between failures). High availability uses redundancy — active-active (both run) or active-passive (a standby takes over) — plus and protocols like VRRP/HSRP for gateway failover.
| Metric | Meaning |
|---|---|
| RTO (Recovery Time Objective) | Maximum acceptable time to restore service after an outage |
| RPO (Recovery Point Objective) | Maximum acceptable amount of data loss (how far back you recover) |
| MTTR (Mean Time To Repair) | Average time to fix a failed component |
| MTBF (Mean Time Between Failures) | Average operating time between failures (reliability) |
3.2 Monitoring & Management
You can’t manage what you don’t measure. lets a manager poll devices (UDP 161) and receive traps (UDP 162); pair it with syslog (UDP 514) for event logging, flow data (NetFlow) for traffic analysis, and a SIEM for correlation.[1] Establish baselines so you can spot when latency, utilization, or errors drift abnormally.
Modern operations also automate. Infrastructure as code manages device configs as version-controlled files, and APIs let tools push changes consistently — reducing the human error that causes most outages. Harden management with 802.1X, NAC, and by disabling unused ports.
| Tool / protocol | Use it for |
|---|---|
| SNMP (UDP 161/162) | Polling device health; receiving traps/alerts |
| Syslog (UDP 514) | Centralized event and error logging |
| NetFlow / flow data | Analyzing who is sending how much traffic |
| SIEM | Correlating logs and alerts for security and ops |
| Baseline | A normal reference to detect anomalies |
Checkpoint · Network Operations
Question 1 of 10
What is the primary purpose of an SNMP (Simple Network Management Protocol) in a network?
Module 4 · Network Security
One official domain, 14% of the exam. Security on Network+ is about concepts, common attacks, and the hardening techniques that defend a network — not deep cryptography.
4.1 Security Concepts
Everything anchors to the — Confidentiality, Integrity, and Availability. Access is governed by (Authentication, Authorization, Accounting), enforced by RADIUS or TACACS+, and strengthened by MFA and least privilege. The defining modern model is : never trust, always verify, and assume breach.[10]
| Concept | What it means |
|---|---|
| CIA triad | Confidentiality, Integrity, Availability — the three security goals |
| AAA | Authentication (who), Authorization (what), Accounting (logging) |
| Zero trust | Trust nothing by default; verify every request continuously |
| Least privilege | Grant only the access a role actually needs |
| Defense in depth | Layer multiple controls so no single failure exposes the network |
4.2 Attacks & Hardening
Recognize the common attacks: floods, interception, ARP and DNS poisoning, MAC flooding, VLAN hopping, and rogue APs/evil twins. Most have a matching defense.
Hardening combines a stateful and to filter traffic, network segmentation (including a DMZ/screened subnet), encrypted (IPsec or SSL/TLS), and port-level control with and NAC. Disable unused ports and services.
| Attack | Defense |
|---|---|
| DDoS | Rate limiting, traffic filtering, upstream/cloud scrubbing |
| On-path (MITM) / ARP spoofing | Encryption (TLS/IPsec), dynamic ARP inspection, DHCP snooping |
| DNS poisoning | DNSSEC, trusted resolvers, secured DNS servers |
| MAC flooding | Port security (limit MACs per port) |
| VLAN hopping | Disable DTP, set a unique native VLAN, prune trunks |
| Rogue AP / evil twin | 802.1X, WPA3, wireless intrusion detection |
Checkpoint · Network Security
Question 1 of 10
Which wireless encryption standard is considered the most secure as of the latest CompTIA Network+ examination?
Module 5 · Network Troubleshooting
One official domain, 24% of the exam — the single heaviest. Network+ rewards a disciplined process and knowing which tool reveals which problem. Expect performance-based questions here.
5.1 The Troubleshooting Methodology
CompTIA tests an exact, ordered . Knowing the order — and that verification and documentation always come last — is one of the most reliable points on the test.[1]
- 1
Identify the problem
Gather information, question users, identify symptoms, determine if anything changed, duplicate the problem.
- 2
Establish a theory of probable cause
Question the obvious; consider multiple approaches (top-to-bottom or bottom-to-top the OSI stack; divide and conquer).
- 3
Test the theory to determine cause
If confirmed, move on. If not, establish a new theory or escalate.
- 4
Establish a plan of action
Plan to resolve the problem and identify potential effects of the fix.
- 5
Implement the solution or escalate
Apply the fix — or escalate to someone with more access or expertise.
- 6
Verify full system functionality
Confirm the fix works and, if applicable, implement preventive measures.
- 7
Document findings, actions & outcomes
Record the cause, the solution, and lessons learned for next time.
5.2 Cabling & Physical Issues
Many real problems live at Layer 1. Know the symptoms: attenuation (signal loss over distance), crosstalk and EMI (interference), a (causing collisions and errors), TX/RX reversed, or simply a bad cable, port, or transceiver. The matching tools are a cable tester, a tone generator/probe (toner), an OTDR and light meter for fiber, and a multimeter.
| Symptom / issue | Likely cause | Tool |
|---|---|---|
| Intermittent or no link | Bad cable, connector, or port | Cable tester |
| Can't find which cable is which | Unlabeled runs | Tone generator + probe (toner) |
| Fiber signal loss / break location | Attenuation or a break | OTDR / light meter |
| Slow throughput, many collisions | Duplex/speed mismatch | Check interface settings |
| High error counts (CRC, runts) | EMI, crosstalk, bad cable | Cable tester; reroute away from EMI |
5.3 Services, Performance & Tools
Above Layer 1, the usual suspects are network services and performance. problems show as an address or scope exhaustion; a wrong gateway, mask, or server breaks connectivity in telltale ways (can ping by IP but not by name = DNS).[6] Performance problems are , , , and bandwidth saturation.
Command-line tools isolate the layer. tests reachability; maps the path to find where traffic stops; nslookup/dig diagnose DNS; ipconfig/ifconfig/ip show local addressing; arp and netstat inspect mappings and connections.
| Command | What it tells you |
|---|---|
| ping | Basic reachability and round-trip time (ICMP) |
| traceroute / tracert | The per-hop path — where traffic stops |
| nslookup / dig | DNS resolution problems |
| ipconfig / ifconfig / ip | Local IP, mask, gateway (spot APIPA) |
| arp | IP-to-MAC mappings on the local network |
| netstat | Active connections and listening ports |
| tcpdump / Wireshark | Capture and inspect actual packets |
Checkpoint · Network Troubleshooting
Question 1 of 10
In a network, what is the main function of a protocol analyzer?
How to Use This Network+ Study Guide
This guide is built to be worked, not just read. The most efficient path to a pass:
- Study by weight. Network Troubleshooting (24%) and Networking Concepts (23%) are nearly half the exam — master the OSI model, subnetting, ports, and the 7-step troubleshooting method first.
- Check off as you go. Use the Study Guide Contents to mark each section done; it raises your exam-readiness score.
- Take every checkpoint. The end-of-module quizzes show you exactly which domains need another pass.
- Drill the weak domain. Send your weak area into the flashcards and a practice test until the score climbs.
- Practice the PBQs. Performance-based questions reward hands-on skill — subnet by hand, read a config, and walk the OSI model until it’s automatic.
Network+ Concept Questions
Common Network+ concepts candidates search while studying — each answered briefly and backed by an official source. Test yourself, then drill them as flashcards.
Network+ Glossary
The high-yield Network+ terms in one place — hover any dotted term in the guide, or flip the whole deck here as a self-grading flashcard set.
- 802.11
- The IEEE family of wireless LAN standards (a/b/g/n/ac/ax); ax is Wi-Fi 6.
- 802.1Q
- The IEEE standard that tags Ethernet frames with a VLAN ID so VLANs span trunk links between switches.
- 802.1X
- Port-based network access control that authenticates a device before granting network access, often via RADIUS.
- AAA
- Authentication, Authorization, and Accounting — enforced by protocols such as RADIUS and TACACS+.
- ACL
- Access Control List — an ordered set of permit/deny rules filtering traffic by address, port, or protocol.
- Administrative distance
- A router's trust ranking of routing sources; lower is preferred when multiple protocols offer a route.
- APIPA
- Automatic Private IP Addressing — the 169.254.0.0/16 address a host self-assigns when no DHCP server responds; a DHCP-failure clue.
- ARP
- Address Resolution Protocol — maps a known IPv4 address to its MAC address on the local network.
- BGP
- Border Gateway Protocol — the path-vector exterior gateway protocol that routes between autonomous systems across the internet.
- CIA triad
- The core security goals: Confidentiality, Integrity, and Availability.
- CIDR
- Classless Inter-Domain Routing — slash notation (e.g., /24) showing how many leading bits are the network portion.
- CSMA/CA
- Carrier-Sense Multiple Access with Collision Avoidance — the access method wireless uses because collisions can't be detected on air.
- DDoS
- Distributed Denial of Service — many compromised hosts flood a target to exhaust its resources and deny service.
- Default gateway
- The router IP a host sends traffic to when the destination is on a different subnet.
- DHCP
- Dynamic Host Configuration Protocol — auto-assigns IP, mask, gateway, and DNS via the DORA exchange (Discover, Offer, Request, Acknowledge); UDP 67/68.
- DNS
- Domain Name System — resolves names to IP addresses using a hierarchy of resolvers and authoritative servers; mainly UDP 53.
- Duplex mismatch
- When two link ends disagree on half/full duplex, causing collisions, errors, and poor performance.
- Encapsulation
- Wrapping data with each layer's header as it moves down the stack (segment → packet → frame → bits); reversed (de-encapsulation) going up.
- Firewall
- A device or software that permits or blocks traffic by rules; stateful firewalls track connection state, stateless ones filter each packet.
- IPv4 address
- A 32-bit logical address written as four dotted-decimal octets (e.g., 192.168.1.10), split into network and host portions by a subnet mask.
- Jitter
- Variation in packet delay over time — disruptive to real-time traffic such as VoIP and video.
- Latency
- The delay for data to travel from source to destination, measured as round-trip time.
- Link aggregation (LACP)
- Bundling multiple physical links into one logical link for more bandwidth and redundancy (IEEE 802.3ad / LACP).
- MAC address
- A 48-bit hardware address burned into a NIC, used for Layer 2 delivery on the local link.
- NAT
- Network Address Translation — maps private addresses to public ones; PAT (overload) shares one public IP across many hosts using ports.
- On-path attack
- An attacker positioned between two parties to intercept or alter traffic (formerly 'man-in-the-middle'); e.g., ARP spoofing, evil twin.
- OSI model
- A seven-layer conceptual framework (Physical, Data Link, Network, Transport, Session, Presentation, Application) describing how data moves across a network.
- OSPF
- Open Shortest Path First — a fast, link-state interior gateway protocol that uses cost as its metric within an autonomous system.
- Packet loss
- Packets that fail to reach the destination; caused by congestion, errors, or faulty hardware.
- PDU
- Protocol Data Unit — the name for data at a given OSI layer: bits (L1), frame (L2), packet (L3), segment/datagram (L4).
- Ping
- An ICMP echo tool that tests reachability and round-trip time between hosts.
- PoE
- Power over Ethernet — delivers electrical power and data over one cable (802.3af/at/bt) to APs, phones, and cameras.
- Private IP (RFC 1918)
- Non-internet-routable ranges 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, used internally and translated by NAT.
- Router
- A Layer 3 device that forwards packets between different networks using IP addresses and a routing table.
- SD-WAN
- Software-Defined WAN — uses software to manage and optimize traffic across multiple WAN links (broadband, MPLS, LTE).
- SDN
- Software-Defined Networking — separates the control plane from the data plane, managing the network centrally via software.
- SNMP
- Simple Network Management Protocol — monitors and manages devices; manager polls UDP 161, agents send traps on UDP 162. Use v3 for security.
- SSID
- Service Set Identifier — the human-readable name of a wireless network.
- Static route
- A manually configured route; predictable but does not adapt automatically to topology changes.
- STP
- Spanning Tree Protocol — prevents Layer 2 loops by electing a root bridge and blocking redundant paths; RSTP (802.1w) converges faster.
- Subnet mask
- A value that marks which bits of an IP address are the network portion (1s) and which are the host portion (0s).
- Subnetting
- Dividing a network into smaller subnetworks; usable hosts = 2ⁿ − 2, where n is the number of host bits.
- Switch
- A Layer 2 device that forwards frames within a network using MAC addresses and a MAC address table.
- TCP
- Transmission Control Protocol — a connection-oriented, reliable Layer 4 protocol using a three-way handshake, acknowledgments, and retransmission.
- TCP/IP model
- The practical four-layer model (Link, Internet, Transport, Application) that the internet actually runs on; maps onto the OSI layers.
- Three-way handshake
- TCP's connection setup: SYN, then SYN-ACK, then ACK.
- Traceroute
- A tool that maps the per-hop path to a destination to locate where traffic stops.
- Troubleshooting methodology
- CompTIA's 7 steps: identify the problem; theorize a cause; test it; plan; implement or escalate; verify; document.
- Trunk
- A switch link that carries traffic for multiple VLANs (tagged with 802.1Q); the native VLAN carries untagged traffic.
- UDP
- User Datagram Protocol — a connectionless, best-effort Layer 4 protocol with low overhead; used for DNS, DHCP, VoIP, and streaming.
- VLAN
- Virtual LAN — a logical Layer 2 segment that splits one switch into multiple broadcast domains; tagged with 802.1Q.
- VPN
- Virtual Private Network — an encrypted tunnel (IPsec or SSL/TLS) carrying private traffic over a public network.
- WPA3
- The current Wi-Fi security standard; uses SAE to resist offline password guessing and adds forward secrecy. WPA2 (AES) is the older minimum.
- Zero trust
- A model that trusts no user or device by default and verifies every access request (identity, posture, least privilege); see NIST SP 800-207.
Network+ Study Guide FAQ
The Network+ N10-009 exam has a maximum of 90 questions and you get 90 minutes. Questions are a mix of multiple choice (single and multiple response) and performance-based questions (PBQs) that require hands-on simulations.
You need a scaled score of 720 on a scale of 100 to 900. It is not a simple percentage — CompTIA converts your raw score so all exam forms demand the same ability level, so don't try to estimate it as a percent right.
Networking Concepts (23%), Network Implementation (20%), Network Operations (19%), Network Security (14%), and Network Troubleshooting (24%). Troubleshooting and Concepts are the two heaviest domains — together nearly half the exam.
Study by weight: lead with Troubleshooting (24%) and Networking Concepts (23%) — master the OSI model, subnetting, ports, and the 7-step troubleshooting method first. Read each module, take the checkpoint, then drill gaps with our free practice test and flashcards.
N10-009 is the current version and replaced N10-008. It refreshed coverage of modern topics — cloud and SDN, SD-WAN, SASE/SSE, zero trust, and infrastructure as code — and reorganized the domains. Study to N10-009 objectives, not the retired N10-008.
A single exam voucher is about $369 USD (it varies by region and promotion). There are no required prerequisites, though CompTIA recommends CompTIA A+ and roughly 9 to 12 months of networking experience.
The certification is valid for three years. You renew through the CompTIA Continuing Education program — earning 30 continuing-education units (CEUs) over the three years, or by passing a higher-level CompTIA certification.
Yes — this study guide, the module checkpoints, the glossary, the concept questions, the practice test, and the flashcards are 100% free with no account required.
Network+ is considered moderately challenging — its difficulty is breadth (the OSI model, IP addressing and subnetting, routing, switching, wireless, security, and troubleshooting) plus performance-based questions that test applied skills. Broad, organized review and lots of practice questions are the key.
References
- 1.CompTIA. “Network+ (N10-009) Certification Exam Objectives.” comptia.org. ↑
- 2.CompTIA. “CompTIA Continuing Education (renewal & CEUs).” comptia.org. ↑
- 3.Internet Engineering Task Force. “RFC 1918 — Address Allocation for Private Internets.” rfc-editor.org. ↑
- 4.Internet Engineering Task Force. “RFC 791 — Internet Protocol.” rfc-editor.org. ↑
- 5.Internet Engineering Task Force. “RFC 9293 — Transmission Control Protocol.” rfc-editor.org. ↑
- 6.Internet Engineering Task Force. “RFC 2131 — Dynamic Host Configuration Protocol.” rfc-editor.org. ↑
- 7.Internet Engineering Task Force. “RFC 1034 — Domain Names: Concepts and Facilities.” rfc-editor.org. ↑
- 8.Institute of Electrical and Electronics Engineers. “IEEE 802.1Q — Bridges and Bridged Networks (VLANs).” standards.ieee.org. ↑
- 9.Institute of Electrical and Electronics Engineers. “IEEE 802.11 — Wireless LAN MAC and PHY Specifications.” standards.ieee.org. ↑
- 10.National Institute of Standards and Technology. “SP 800-207 — Zero Trust Architecture.” csrc.nist.gov. ↑
- 11.ISO/IEC. “ISO/IEC 7498-1 — OSI Basic Reference Model.” iso.org. ↑
- 101.Internet Engineering Task Force (IETF). “RFC 768 — User Datagram Protocol.” rfc-editor.org, accessed 19 June 2026. ↑
- 102.Institute of Electrical and Electronics Engineers (IEEE). “IEEE 802.1D — Media Access Control (MAC) Bridges.” standards.ieee.org, accessed 19 June 2026. ↑
- 103.Internet Engineering Task Force (IETF). “RFC 4271 — A Border Gateway Protocol 4 (BGP-4).” rfc-editor.org, accessed 19 June 2026. ↑
- 104.Institute of Electrical and Electronics Engineers (IEEE). “IEEE 802.3 — Ethernet.” standards.ieee.org, accessed 19 June 2026. ↑

Career Employer
Career Employer is the ultimate resource to help you get started working the job of your dreams. We cover topics from general career information, career searching, exam preparation with free study materials, career interviewing, and becoming successful in your career of choice.
All PostsCareer Employer’s Editorial Process
Here at Career Employer, we focus a lot on providing factually accurate information that is always up to date. We strive to provide correct information using strict editorial processes, article editing, and fact-checking for all of the information found on our website. We only utilize trustworthy and relevant resources. To find out more, make sure to read our full editorial process page here.
