Networking Concepts
Domain 1 — 23% of Exam
Question 01
Which layer of the OSI model is responsible for logical addressing and routing packets between different networks?
AData Link Layer
BTransport Layer
CNetwork Layer ✅
DSession Layer
💡 Explanation: The Network Layer (Layer 3) handles logical addressing using IP addresses and determines the best path (routing) for data packets to travel between different networks. Routers operate at this layer. The Data Link Layer (Layer 2) handles MAC addressing within a local network, while the Transport Layer (Layer 4) manages end-to-end communication reliability.
Question 02
A network uses the address range 192.168.10.0/26. How many usable host addresses are available per subnet?
💡 Explanation: A /26 subnet mask means 6 host bits (32 – 26 = 6). Total addresses = 2^6 = 64. Subtract 2 for the network address and broadcast address, giving 62 usable host addresses. Subnetting is a critical Network+ skill — remember the formula: usable hosts = 2^(host bits) – 2.
Question 03
Which protocol operates at Layer 4 of the OSI model and provides connectionless, unreliable data delivery?
💡 Explanation: UDP (User Datagram Protocol) operates at Layer 4 and provides connectionless, fast data delivery without guaranteed reliability. Unlike TCP which uses a three-way handshake and ensures ordered delivery, UDP simply sends datagrams without acknowledgment — making it ideal for real-time applications like VoIP, video streaming, and DNS queries where speed matters more than reliability.
2
Network Implementation
Domain 2 — 20% of Exam
Question 04
A network administrator needs to connect two switches together so they can carry traffic for multiple VLANs simultaneously. Which technology should be configured on the link between the switches?
APort mirroring
BLink aggregation (LACP)
C802.1Q trunking ✅
DSpanning Tree Protocol
💡 Explanation: IEEE 802.1Q trunking allows a single physical link between switches to carry traffic for multiple VLANs by adding a VLAN tag to each Ethernet frame. This is essential in enterprise networks where multiple VLANs need to communicate across switches. LACP combines physical links for bandwidth, STP prevents loops, and port mirroring copies traffic for monitoring.
Question 05
Which wireless standard operates exclusively in the 6 GHz frequency band and is designed to reduce congestion in dense environments?
AWi-Fi 5 (802.11ac)
BWi-Fi 6 (802.11ax)
CWi-Fi 6E (802.11ax extended) ✅
DWi-Fi 4 (802.11n)
💡 Explanation: Wi-Fi 6E extends 802.11ax into the 6 GHz band, providing up to 1,200 MHz of additional spectrum with 59 non-overlapping 20 MHz channels. This dramatically reduces congestion in dense environments like stadiums and offices. Wi-Fi 6 (without E) uses 2.4 GHz and 5 GHz, while Wi-Fi 5 only uses 5 GHz. Wi-Fi 4 operates on both 2.4 GHz and 5 GHz but at slower speeds.
Question 06
A company needs to deploy a cable that supports up to 10 Gbps speeds over a maximum distance of 100 meters. Which cable type should the technician install?
ACat 5e
BCat 5
CCat 6a ✅
DCat 6
💡 Explanation: Cat 6a (Category 6 augmented) supports 10 Gbps speeds at the full 100-meter distance. While Cat 6 also supports 10 Gbps, it is limited to only 55 meters at that speed. Cat 5e supports up to 1 Gbps, and Cat 5 is rated for only 100 Mbps. For the Network+ exam, remember the cable categories and their maximum speeds and distances.
3
Network Operations
Domain 3 — 20% of Exam
Question 07
A network administrator wants to monitor bandwidth utilization across all switch interfaces in real-time. Which protocol should be used to collect this data from managed network devices?
ASyslog
BSNMP ✅
CNetFlow
DNTP
💡 Explanation: SNMP (Simple Network Management Protocol) is designed specifically for monitoring and managing network devices. It collects data like bandwidth, CPU usage, and interface status from devices using a manager-agent model. Syslog is for centralized logging, NetFlow analyzes traffic flow patterns, and NTP synchronizes clocks. SNMP uses UDP ports 161 (queries) and 162 (traps).
Question 08
Which disaster recovery metric defines the maximum amount of data loss an organization can tolerate, measured in time?
ARTO (Recovery Time Objective)
BRPO (Recovery Point Objective) ✅
CMTTR (Mean Time to Repair)
DMTBF (Mean Time Between Failures)
💡 Explanation: RPO (Recovery Point Objective) defines the maximum acceptable amount of data loss measured in time. For example, an RPO of 4 hours means backups must happen at least every 4 hours. RTO is the maximum acceptable downtime, MTTR is the average repair time, and MTBF measures reliability between failures. All four are critical disaster recovery metrics for the exam.
Question 09
An organization wants to ensure high availability for its network by implementing a warm site. What does a warm site typically include?
AFully operational duplicate of the primary site with live data replication
BPre-installed hardware and connectivity but requires data restoration before going live ✅
CAn empty building with only power and cooling available
DA cloud-only virtual infrastructure with no physical components
💡 Explanation: A warm site has pre-installed hardware, networking equipment, and connectivity but does not have live data — backups must be restored before operations resume. A hot site (option A) is a fully live duplicate with real-time replication. A cold site (option C) is basically an empty facility. Warm sites balance cost and recovery time — typically hours to bring online versus minutes for hot and days/weeks for cold.
4
Network Security
Domain 4 — 17% of Exam
Question 10
An attacker floods a switch’s MAC address table with thousands of fake MAC addresses, causing the switch to behave like a hub. What type of attack is this?
AARP spoofing
BVLAN hopping
CMAC flooding ✅
DDNS poisoning
💡 Explanation: MAC flooding overwhelms a switch’s CAM (Content Addressable Memory) table with fake MAC addresses. When the table is full, the switch can no longer learn new addresses and starts forwarding all frames to all ports — effectively becoming a hub. This allows the attacker to sniff all network traffic. Prevention includes port security, which limits the number of MAC addresses per port.
Question 11
Which security protocol should be used to encrypt network management traffic when configuring devices remotely via command line?
ATelnet
BSSH ✅
CHTTP
DTFTP
💡 Explanation: SSH (Secure Shell) encrypts all command-line management traffic including login credentials and commands. It uses TCP port 22 and should always be used instead of Telnet (port 23), which transmits everything in plaintext. HTTP (port 80) is unencrypted web traffic, and TFTP (port 69) is an unencrypted file transfer protocol. Always prefer encrypted alternatives: SSH over Telnet, HTTPS over HTTP, SFTP over TFTP.
Question 12
A company wants to implement a network access control solution that authenticates users before granting them access to the wired or wireless network. Which IEEE standard defines port-based network access control?
A802.1X ✅
B802.1Q
C802.11ac
D802.3af
💡 Explanation: IEEE 802.1X provides port-based Network Access Control (NAC). It uses three components: the supplicant (client device), the authenticator (switch or access point), and the authentication server (typically RADIUS). Users must authenticate before the port grants network access. 802.1Q is VLAN trunking, 802.11ac is Wi-Fi 5, and 802.3af is Power over Ethernet (PoE).
5
Network Troubleshooting
Domain 5 — 20% of Exam
Question 13
A user reports they cannot access any network resources. The technician runs ipconfig and sees the IP address 169.254.45.12. What does this indicate?
AThe computer has a static IP address configured
BThe DNS server is unreachable
CThe DHCP server is unavailable and APIPA assigned the address ✅
DThe network cable is disconnected
💡 Explanation: An IP address in the 169.254.x.x range indicates APIPA (Automatic Private IP Addressing). When a DHCP-configured client cannot reach the DHCP server, it self-assigns an address from 169.254.0.1 to 169.254.255.254. This is a link-local address that only allows communication with other APIPA devices on the same segment. The fix is to restore DHCP server connectivity or assign a static IP.
Question 14
A technician needs to identify which device along a network path is causing packet loss. Which command-line tool should be used?
Aping
Bnslookup
Ctraceroute / tracert ✅
Dnetstat
💡 Explanation: Traceroute (Linux/Mac) or tracert (Windows) maps the path packets take to a destination, showing every hop (router) along the way with round-trip times. If a specific hop shows high latency or timeouts, that device is likely causing the issue. Ping only tests end-to-end connectivity, nslookup queries DNS, and netstat shows active connections and listening ports on the local machine.
Question 15
Users on one floor of an office building report intermittent wireless disconnections. The access points are functioning normally and the signal strength is adequate. A spectrum analyzer reveals interference at 2.4 GHz. Which device is MOST likely causing the interference?
AA laser printer
BA microwave oven in the break room ✅
CA UPS battery backup
DAn Ethernet switch
💡 Explanation: Microwave ovens operate at 2.45 GHz — directly in the 2.4 GHz Wi-Fi band — and are a classic source of wireless interference. When in use, they can cause significant signal degradation for nearby Wi-Fi devices. The solution is to switch affected devices to 5 GHz or 6 GHz bands, or relocate APs away from the break room. This is a very common Network+ exam scenario.
Question 16
A newly installed Ethernet cable is not providing a network connection. A cable tester shows that pins 1 and 2 are mapped to pins 3 and 6 on the other end. What type of cable was created?
AStraight-through cable
BCrossover cable ✅
CRollover / console cable
DLoopback cable
💡 Explanation: A crossover cable swaps the transmit and receive pairs — pins 1,2 connect to pins 3,6 on the opposite end. Crossover cables are used to directly connect two similar devices (switch-to-switch, PC-to-PC). Straight-through cables have identical pin mappings on both ends and connect dissimilar devices (PC-to-switch). Note: most modern devices support Auto-MDI/MDI-X, automatically detecting and adjusting for either cable type.
How hard is the CompTIA Network+ exam? The CompTIA Network+ (N10-009) is considered a moderately difficult exam. It contains up to 90 questions including multiple-choice and performance-based questions, with a 90-minute time limit. The passing score is 720 out of 900. Most candidates need 2-4 months of preparation with hands-on lab practice alongside study materials. It is harder than A+ but easier than Security+ for most test-takers.
Is CompTIA Network+ worth it in 2026? Yes — Network+ remains one of the most respected vendor-neutral networking certifications globally. It is recognized by the US Department of Defense under DoD 8140, required or preferred by many employers for network administrator and support roles, and serves as a foundation for advanced certifications like CCNA and Security+. The average salary for Network+ certified professionals ranges from $55,000 to $75,000 depending on experience and location.
What is the difference between N10-008 and N10-009? The N10-009 is the latest version of Network+ and includes updated coverage of cloud networking, software-defined networking (SDN), Wi-Fi 6/6E, Zero Trust architecture, and modern network automation tools. It also restructured the domains, reducing from 5 to a more focused 5-domain layout with adjusted weighting. The N10-008 has been retired — all new test-takers must take the N10-009.
Does CompTIA Network+ expire? Yes, CompTIA Network+ certification is valid for 3 years. To renew, you can earn 30 Continuing Education Units (CEUs) through approved activities, pass a higher-level CompTIA certification (like Security+ or CySA+), or retake the Network+ exam. CompTIA also offers an annual subscription CertMaster CE program that automatically renews your certification upon completion.
Leave a Comment