CompTIA Network+ (N10-008) Study Notes
Structured notes aligned to the Network+ exam domains
Table of Contents
1.0 Networking Fundamentals (24%)
OSI Model + Encapsulation
- OSI model: A 7-layer reference model (Physical, Data link, Network, Transport, Session, Presentation, Application) that describes how data moves across networks.
- Layer 1 - Physical: Moves bits over media; defines cables, connectors, voltages, and RF signals.
- Layer 2 - Data link: Frames data, uses MAC addresses, and handles switching/loop control.
- Layer 3 - Network: Provides logical addressing and routing between networks (IP).
- Layer 4 - Transport: End-to-end delivery, segmentation, reliability, and flow control (TCP/UDP).
- Layer 5 - Session: Establishes, manages, and tears down sessions between hosts.
- Layer 6 - Presentation: Data translation, compression, and encryption (e.g., formats like JPEG/MP3).
- Layer 7 - Application: User-facing network services like HTTP, DNS, FTP, and SSH.
- Encapsulation/decapsulation: Adding/removing headers and trailers as data moves down/up the stack.
- Ethernet header: L2 header with source/destination MAC and type/length.
- IP header: L3 header with source/destination IP, TTL, and protocol fields.
- TCP/UDP headers: L4 headers with ports; TCP adds sequencing/flags, UDP is lightweight.
- TCP flags: URG (urgent), ACK (acknowledgment), PSH (push), RST (reset), SYN (start), FIN (finish).
- Payload: The actual data carried in the frame/packet.
- MTU: Maximum packet size before fragmentation.
Topologies
- Mesh: Every node connects to many others for redundancy and fault tolerance; complex and expensive.
- Star/hub-and-spoke: Devices connect to a central switch/router; easy to manage but a single point of failure.
- Bus: Single shared backbone cable; inexpensive but breaks/collisions affect all nodes.
- Ring: Nodes form a loop; a break interrupts traffic flow.
- Hybrid: Combination of multiple topologies, often used in WANs.
Network Types
- Peer-to-peer: Devices share resources directly without a central server.
- Client-server: Clients request services from a centralized server.
- LAN: Local area network within a small area (home/office).
- MAN: Metropolitan area network covering a city/region.
- WAN: Wide area network connecting distant locations.
- WLAN: Wireless LAN using RF and access points.
- PAN: Personal area network (Bluetooth/NFC, wearables).
- CAN: Campus area network across a campus/site.
- SAN: Storage area network providing block-level storage.
- SD-WAN: Software-defined WAN optimized for cloud traffic.
- MPLS: Label-based forwarding to select optimal paths.
- mGRE: Multipoint GRE tunnels for DMVPN-style connections.
Provider Links
- Satellite: Internet via satellites; high latency, good for rural areas.
- DSL: Internet over phone lines; distance-sensitive (ADSL asymmetric).
- Cable: DOCSIS broadband over coax; supports data/voice/video.
- Leased line: Dedicated point-to-point circuit (e.g., T1–T4).
- Metro-optical: Metro fiber networks interconnecting businesses/data centers.
Service-related Entry Points
- Demarcation point: ISP/Telco entry point (ONT/modem/phone box).
- Smartjack/NID: Loopback tests, amplification, alarms, surge protection.
Virtual Network Concepts
- vSwitch: Virtual switch with features like port mirroring and NetFlow.
- vNIC: Virtual NIC that connects a VM to a virtual network.
- NFV: Virtualized network functions like routers, firewalls, VPNs, and load balancers.
- Hypervisor: VM manager; Type 1 runs on hardware, Type 2 runs on a host OS.
Cabling, Connectors, and Standards
- Cat 5: UTP copper, up to 100 Mbps at 100m.
- Cat 5e: Enhanced Cat 5, up to 1 Gbps at 100m.
- Cat 6: 1 Gbps at 100m; 10 Gbps up to ~55m (UTP).
- Cat 6a: 10 Gbps at 100m.
- Cat 7: Shielded, up to 10 Gbps at 100m.
- Cat 8: 25/40 Gbps up to ~30m.
- Coax/RG-6: Coax cable used for cable TV/broadband.
- Twinax: Dual-conductor coax for short high-speed links.
- TIA/EIA-568A: Wiring pinout with green pair on pins 1/2.
- TIA/EIA-568B: Wiring pinout with orange pair on pins 1/2.
- Single-mode fiber: Long-distance fiber with a single light path.
- Multimode fiber: Shorter-distance fiber with multiple light paths.
- LC: Small-form-factor fiber connector.
- ST: Bayonet-style fiber connector.
- SC: Square, snap-in fiber connector.
- MT/MTRJ: Small multi-fiber connector for duplex links.
- RJ11: Telephone connector (2 pairs).
- RJ45: Ethernet connector (8P8C).
- F-type: Coax connector for TV/cable.
- APC: Angled fiber connector with low back-reflection.
- UPC: Flat fiber connector with higher back-reflection than APC.
- SFP: 1 Gbps small form-factor transceiver.
- SFP+: 10 Gbps enhanced SFP.
- QSFP: Quad SFP transceiver, 4 lanes.
- QSFP+: Quad SFP+ transceiver, 4x10 Gbps.
- Patch panel/patch bay: Cable termination and organization panel.
- Fiber distribution panel: Fiber termination/management panel.
- 66 block: Older punchdown for voice lines.
- 110 block: Common punchdown for data cabling.
- Krone: Alternative punchdown system (international).
- Bix: Older punchdown system.
- 10BASE-T: 10 Mbps over copper, 100m.
- 100BASE-TX: 100 Mbps over Cat 5, 100m.
- 1000BASE-T: 1 Gbps over Cat 5e+, 100m.
- 10GBASE-T: 10 Gbps over Cat 6a/7, 100m.
- 40GBASE-T: 40 Gbps over Cat 8, ~30m.
- 100BASE-FX: 100 Mbps over MMF, up to ~2 km.
- 100BASE-SX: 100 Mbps over MMF, ~300 m.
- 1000BASE-SX: 1 Gbps over MMF, ~220–550 m.
- 1000BASE-LX: 1 Gbps over SMF/MMF, up to ~5 km on SMF.
- 10GBASE-SR: 10 Gbps over MMF, short range.
- 10GBASE-LR: 10 Gbps over SMF, up to 10 km.
- CWDM: Coarse wavelength multiplexing for multiple channels.
- DWDM: Dense wavelength multiplexing for many channels.
- WDM (bidirectional): Different wavelengths for each direction on one fiber.
IP Addressing + Protocols
- RFC1918: Private IPv4 ranges 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
- NAT: Translates private IPs to a public IP for Internet routing.
- PAT: NAT with port translation so many hosts share one public IP.
- APIPA: Self-assigned IPv4 address in 169.254.0.0/16 when DHCP fails.
- EUI-64: Method to build IPv6 interface IDs from a MAC address.
- Unicast: One-to-one communication.
- Multicast: One-to-many (group) communication.
- Anycast: One-to-nearest of many targets.
- Broadcast: One-to-all within a subnet (IPv4 only).
- Link-local: Addresses valid only on the local segment (IPv6 FE80::/10).
- Loopback: Localhost testing address (IPv4 127.0.0.0/8, IPv6 ::1).
- Default gateway: Router used to reach other networks.
- Classful A/B/C/D/E: Legacy IPv4 classes (A/B/C unicast, D multicast, E reserved).
- CIDR: Classless notation using prefix length (e.g., /24).
- Tunneling: Encapsulate IPv6 in IPv4 (or other) to traverse networks.
- Dual stack: Run IPv4 and IPv6 simultaneously.
- Shorthand notation: IPv6 compression rules (drop leading zeros, use :: once).
- Router advertisement: IPv6 NDP messages that announce prefixes.
- SLAAC: IPv6 stateless auto-configuration without DHCPv6.
- VIP: Virtual IP not tied to one interface.
- Subinterfaces: Logical interfaces on one physical port (often for VLANs).
Ports, Protocols, and Services
- FTP (20/21): Insecure file transfer protocol.
- SSH (22): Secure remote shell access.
- SFTP (22): Secure file transfer over SSH.
- Telnet (23): Insecure remote shell.
- SMTP (25): Server-to-server email transfer.
- DNS (53): Domain name resolution (UDP/TCP).
- DHCP (67/68): Dynamic IP addressing.
- HTTP (80): Web traffic without encryption.
- POP3 (110): Email retrieval (download).
- NTP (123): Time synchronization.
- IMAP (143): Email retrieval with server sync.
- SNMP (161/162): Network management and traps.
- HTTPS (443): HTTP over TLS encryption.
- SMB (445): Windows file/printer sharing.
- Syslog (514): Log transport protocol.
- SMTP TLS (587): Secure email submission.
- LDAPS (636): LDAP over SSL/TLS.
- IMAP/POP SSL (993/995): Secure IMAP/POP3.
- SQL Server (1433): Microsoft SQL database traffic.
- SQLnet (1521): Oracle database traffic.
- MySQL (3306): MySQL database traffic.
- RDP (3389): Remote Desktop Protocol.
- SIP (5060/5061): VoIP call signaling.
- ICMP: Control messages (e.g., ping).
- TCP: Connection-oriented, reliable transport.
- UDP: Connectionless, low-overhead transport.
- GRE: Tunneling protocol without encryption.
- IPSec: L3 security; AH authenticates, ESP encrypts.
- Connection-oriented: Requires a session (TCP).
- Connectionless: Sends without a session (UDP).
- DORA: DHCP Discover, Offer, Request, Acknowledge.
- Scope: Pool of available DHCP addresses.
- Exclusion: IPs excluded from DHCP leasing.
- Reservation: DHCP-assigned static IP based on MAC.
- Lease: Time-limited DHCP assignment.
- DHCP relay: Forwards DHCP across subnets.
- IP helper: Router feature for relaying DHCP/UDP broadcasts.
- A/AAAA: DNS record mapping to IPv4/IPv6.
- CNAME: Alias record for another name.
- MX: Mail exchange server record.
- SOA: Start of authority for a zone.
- PTR: Reverse DNS record (IP → name).
- TXT: Text record (often verification).
- SRV: Service/port record.
- NS: Authoritative name server record.
- TTL: DNS cache lifetime.
- DNS caching: Temporary storage of lookups.
- Zone transfer: Replicate DNS zone data.
- Forward lookup: Name → IP resolution.
- Reverse lookup: IP → name resolution.
- Recursive lookup: DNS server resolves on behalf of client.
- Iterative lookup: DNS server refers client to other servers.
- NTP stratum: Time-source hierarchy level (0 = most accurate).
- NTP client: Device syncing time from a server.
- NTP server: Device providing time to clients.
2.0 Network Implementations (19%)
Architecture + Data Center
- Core: High-speed backbone of the network.
- Distribution/aggregation: Policy and routing layer between core and access.
- Access/edge: Layer where end devices connect.
- Application layer (SDN): Centralized management/automation layer.
- Control layer (SDN): Logic that programs the data plane.
- Infrastructure layer (SDN): Physical/virtual devices that forward traffic.
- Management plane (SDN): Monitoring and configuration plane.
- Spine and leaf: Leaf switches connect to every spine for predictable paths.
- North-South: Traffic entering/exiting a data center.
- East-West: Traffic between internal data center systems.
- Branch office: Remote site outside HQ.
- On-prem: Data center owned/operated by the organization.
- Colocation: Shared facility renting space/power/network.
- FCoE: Fibre Channel over Ethernet for SAN traffic.
- Fibre Channel: Dedicated SAN fabric technology.
- iSCSI: SAN protocol over IP networks.
Cloud Concepts
- Public cloud: Shared cloud services over the Internet.
- Private cloud: Cloud dedicated to one organization.
- Hybrid cloud: Mix of public and private clouds.
- Community cloud: Shared cloud for similar organizations.
- SaaS: Provider-hosted applications delivered to users.
- IaaS: Provider-hosted compute/network/storage resources.
- PaaS: Platform for deploying apps without managing servers.
- DaaS: Hosted virtual desktop environments.
- Infrastructure as code: Provision infrastructure using code.
- Automation: Execute tasks with minimal manual input.
- Orchestration: Coordinate automated tasks/workflows.
- VPN: Encrypted tunnel to a private network.
- Private-direct connection: Dedicated link to a cloud provider.
- Multitenancy: Multiple customers share infrastructure securely.
- Elasticity: Scale resources up/down quickly.
- Scalability: Ability to grow capacity over time.
- VM escape: Attack where a VM breaks into the host.
Devices + Infrastructure
- Layer 2 switch: Forwards frames using MAC addresses.
- Layer 3 switch: Switch with routing capability.
- Router: Forwards packets between networks.
- Hub: L1 device that repeats traffic to all ports.
- Access point (AP): Bridges wired LAN to wireless clients.
- Bridge: Connects two LAN segments at Layer 2.
- Wireless LAN controller (WLC): Central AP management device.
- Load balancer: Distributes traffic across servers.
- Proxy server: Intermediary that forwards client requests.
- Cable modem: Internet access over DOCSIS coax.
- DSL modem: Internet access over phone lines.
- Repeater: Regenerates signals at Layer 1.
- IPS: Detects and blocks malicious traffic.
- IDS: Detects and alerts on malicious traffic.
- Firewall: Filters traffic by policy.
- VPN headend: Terminates VPN tunnels.
- VoIP phone: Phone using IP networks.
- Printer: Networked output device.
- Physical access control: Locks/badges/biometrics for entry control.
- Cameras: Surveillance endpoints.
- HVAC sensors: Environmental monitoring devices.
- IoT devices: Internet-connected sensors/appliances.
- Smart appliances: Consumer IoT like thermostats/speakers.
- SCADA: Industrial control/monitoring systems.
Routing + Bandwidth Management
- Dynamic routing: Routers learn routes automatically.
- RIP: Distance-vector routing using hop count.
- OSPF: Link-state routing using cost metrics.
- EIGRP: Cisco hybrid routing protocol.
- BGP: Exterior routing protocol for Internet paths.
- Static route: Manually configured route.
- Default route: Catch-all route (0.0.0.0/0 or ::/0).
- Administrative distance: Route preference when multiple sources exist.
- IGP: Interior gateway protocol within an organization.
- EGP: Exterior gateway protocol between organizations (BGP).
- TTL: Time-to-live hop limit to prevent loops.
- QoS: Policies that prioritize critical traffic.
- Traffic shaping: Rate-limits traffic to smooth bursts.
Switching Features
- Data VLAN: VLAN for regular user data traffic.
- Voice VLAN: VLAN dedicated to VoIP traffic.
- 802.1Q tagging: VLAN tagging on trunk links.
- Port aggregation (LACP): Bundles links for more bandwidth and redundancy.
- Duplex: Half vs full duplex communication mode.
- Speed: Link data rate (e.g., 1G/10G).
- Flow control: Prevents sender from overrunning receiver.
- Port mirroring: Copies traffic to a monitor port.
- Port security: Restricts MACs allowed on a port.
- Jumbo frames: Frames larger than 1500 bytes for efficiency.
- Auto MDI-X: Auto-corrects cable pinouts.
- MAC address table: Switch table mapping MACs to ports.
- PoE: Power over Ethernet (up to 15.4W).
- PoE+: Enhanced PoE (up to 25.5W).
- STP: Spanning Tree prevents switching loops.
- CSMA/CD: Collision detection on shared Ethernet.
- ARP: Resolves IP to MAC in IPv4.
- Neighbor Discovery: IPv6 replacement for ARP.
Wireless
- 802.11a: 5 GHz Wi-Fi, up to 54 Mbps.
- 802.11b: 2.4 GHz Wi-Fi, up to 11 Mbps.
- 802.11g: 2.4 GHz Wi-Fi, up to 54 Mbps.
- 802.11n (Wi-Fi 4): 2.4/5 GHz, MIMO, higher throughput.
- 802.11ac (Wi-Fi 5): 5 GHz, higher throughput with MU-MIMO.
- 802.11ax (Wi-Fi 6): 2.4/5 GHz, higher efficiency and speed.
- 2.4 GHz: Longer range, fewer non-overlapping channels (1/6/11).
- 5 GHz: Shorter range, more channels, higher speeds.
- Channel bonding: Combines channels to increase throughput.
- SSID: Wireless network name.
- BSSID: MAC address of a wireless AP.
- ESSID: SSID shared across multiple APs.
- Ad-hoc: Peer-to-peer wireless network without an AP.
- Roaming: Client moves between APs on same SSID.
- Omni antenna: Radiates in all directions.
- Directional antenna: Focuses signal in one direction.
- WPA/WPA2: Wireless security protocols.
- AES: Strong encryption used by WPA2.
- TKIP: Legacy encryption (weaker than AES).
- Enterprise (802.1X): Auth via RADIUS/EAP.
- CDMA: Cellular tech using code division.
- GSM: Cellular tech using SIMs and TDMA.
- 3G/4G/5G: Generations of cellular data networks.
- MIMO: Multiple antennas to increase throughput.
- MU-MIMO: MIMO serving multiple clients at once.
3.0 Network Operations (16%)
Monitoring + Metrics
- Bandwidth: Amount of data per second a link can carry.
- Latency: Time it takes data to travel end-to-end.
- Jitter: Variation in packet delay.
- Temperature: Device thermal health indicator.
- CPU usage: Processor utilization on a device.
- Memory usage: RAM consumption on a device.
- SNMP: Management protocol for monitoring devices.
- Traps: SNMP alerts sent from devices to managers.
- OIDs: Object identifiers for SNMP metrics.
- MIBs: Databases describing SNMP objects.
- Traffic logs: Records of network flows/usage.
- Audit logs: Security/administrative activity logs.
- Syslog: Standardized logging protocol.
- Severity levels: Log priority scale (debug → critical).
- Link state: Interface up/down status.
- Speed/duplex: Interface rate and duplex mode.
- Interface traffic: Bytes/packets in/out.
- CRCs: Cyclic redundancy check errors.
- Errors/alerts: Interface fault counters/alarms.
- Humidity: Environmental moisture level.
- Electrical: Power/voltage monitoring.
- Flooding: Water detection sensors.
- Baseline: Normal performance reference point.
- NetFlow: Flow telemetry for traffic analysis.
- Uptime/downtime: Time a system is available/unavailable.
Plans, Policies, and Documentation
- Change management: Formal process for approving and tracking changes.
- Incident response: Steps to detect, contain, and recover from incidents.
- Disaster recovery (DR): Restoring systems after major outages.
- Business continuity (BCP): Keeping critical operations running.
- System life cycle: Asset planning, deployment, maintenance, retirement.
- SOPs: Standard operating procedures for consistent tasks.
- Password policy: Rules for password length/complexity/rotation.
- AUP: Acceptable use policy for resources.
- BYOD policy: Rules for personal devices on the network.
- Remote access policy: Requirements for remote connectivity.
- Onboarding/offboarding: Access changes when staff join/leave.
- Security policy: Organization-wide security rules.
- DLP: Data loss prevention controls.
- Physical diagram: Shows physical device/cable layout.
- Logical diagram: Shows logical flows and IP/VLANs.
- Floor plan: Shows device and cable placement in rooms.
- Rack diagram: Shows device layout in racks.
- IDF: Intermediate distribution frame (floor wiring closet).
- MDF: Main distribution frame (central wiring point).
- Wiring diagram: Cable paths and termination details.
- Site survey: RF/environmental assessment.
- Audit/assessment: Review of controls and compliance.
- Baseline configs: Approved standard configurations.
- NDA: Non-disclosure agreement.
- SLA: Service-level agreement with performance targets.
- MOU: Memorandum of understanding.
High Availability + DR Concepts
- Load balancing: Spreads traffic across systems.
- Multipathing: Multiple paths to storage/network.
- NIC teaming: Combines NICs for redundancy/bandwidth.
- Redundant hardware: Duplicate switches/routers/firewalls.
- UPS: Battery backup power.
- PDU: Power distribution unit.
- Generator: Backup power source.
- HVAC: Environmental cooling/heating.
- Fire suppression: Fire detection/extinguishing systems.
- Cold site: Empty facility ready for equipment.
- Warm site: Partially equipped recovery site.
- Hot site: Fully equipped recovery site.
- Cloud site: Recovery environment in cloud.
- Active-active: Both systems handle traffic simultaneously.
- Active-passive: Standby system takes over on failure.
- ISP diversity: Multiple ISPs for redundancy.
- VRRP/FHRP: First-hop redundancy using a virtual gateway.
- MTTR: Mean time to repair.
- MTBF: Mean time between failures.
- RTO: Recovery time objective.
- RPO: Recovery point objective.
- Backup/restore: Save and recover device configs/state.
4.0 Network Security (19%)
4.1 Security concepts
- Confidentiality: Keep data private (encryption).
- Integrity: Prevent unauthorized changes (hashing).
- Availability: Ensure systems/data are accessible.
- Internal threat: Risk from insiders with access.
- External threat: Risk from outside attackers.
- CVE: Public catalog of known vulnerabilities.
- Zero-day: Vulnerability unknown to the vendor.
- Exploit: Technique that leverages a vulnerability.
- Least privilege: Minimal access needed to do a job.
- Role-based access: Permissions tied to job roles.
- Zero trust: Verify all access, trust none by default.
- Defense in depth: Multiple layers of security controls.
- Segmentation: Separate networks to limit access.
- DMZ: Perimeter network for public-facing services.
- Separation of duties: Split tasks to reduce fraud/errors.
- NAC: Network access control based on device/user posture.
- Honeypot: Decoy system to detect attacks.
Authentication methods
- MFA: Uses two or more authentication factors.
- TACACS+: AAA protocol (typically over TCP; device admin).
- SSO: One login for multiple services.
- RADIUS: AAA protocol for network access (UDP).
- LDAP: Directory protocol for user/auth data.
- Kerberos: Ticket-based authentication system.
- Local authentication: Credentials stored on the device.
- 802.1X: Port-based network access control.
- EAP: Extensible authentication framework used with 802.1X.
Risk management
- Threat assessment: Identify likely threats and impact.
- Vulnerability assessment: Find and prioritize weaknesses.
- Penetration testing: Authorized exploitation to validate risk.
- Posture assessment: Review overall security controls.
- Process assessment: Risk review of business processes.
- Vendor assessment: Evaluate third-party risk.
- SIEM: Collects/correlates logs for detection and response.
Technology-based attacks
- DoS: Flooding a target to make it unavailable.
- DDoS: Distributed DoS using many compromised hosts.
- Botnet: Network of compromised systems.
- C2: Command-and-control server for botnets.
- On-path (MITM): Attacker intercepts traffic between hosts.
- DNS poisoning: Redirecting DNS to malicious targets.
- VLAN hopping: Accessing other VLANs via spoofing/double tagging.
- ARP spoofing: Poisoning ARP to redirect traffic.
- Rogue DHCP: Unauthorized DHCP server issuing IPs.
- Rogue AP: Unauthorized wireless access point.
- Evil twin: Fake AP with the same SSID.
- Ransomware: Encrypts data to demand payment.
- Brute-force: Tries all password combinations.
- Dictionary attack: Tries common words/passwords.
- MAC spoofing: Fakes a device MAC address.
- IP spoofing: Fakes a source IP address.
- Deauthentication: Forces clients off a Wi-Fi network.
- Virus: Malware that attaches to files.
- Worm: Self-replicating malware.
- Trojan: Malicious software disguised as legitimate.
- Rootkit: Stealth malware with deep access.
- Adware: Malware that serves unwanted ads.
- Spyware: Malware that secretly collects data.
- Keylogger: Captures keystrokes.
Human & environmental
- Social engineering: Manipulating people to gain access.
- Phishing: Fraudulent messages to steal info.
- Tailgating: Following someone into a secure area.
- Piggybacking: Entering with consent of an authorized user.
- Shoulder surfing: Observing credentials being entered.
Best practices
- Secure SNMP: Use SNMPv3 with auth/encryption.
- RA Guard: Blocks rogue IPv6 router advertisements.
- Port security: Restrict MAC addresses per switch port.
- Dynamic ARP inspection: Validates ARP against trusted bindings.
- Control plane policing: Rate-limits traffic to device CPU.
- Private VLANs: Isolate hosts within a VLAN.
- Disable unused switchports: Reduce attack surface.
- Disable unused services: Reduce exploitable services.
- Change default passwords: Prevent known-credential access.
- Change default VLAN: Reduce VLAN hopping risk.
- Password complexity/length: Require strong passwords.
- DHCP snooping: Block rogue DHCP servers.
- Patch/firmware management: Keep systems updated.
- ACLs: Filter traffic by IP/port/protocol.
- Role-based access: Limit access by job role.
- Explicit deny: Rule that blocks specific traffic.
- Implicit deny: Block anything not explicitly allowed.
Wireless security
- MAC filtering: Allow/deny Wi-Fi by device MAC.
- Antenna placement: Optimize coverage and reduce interference.
- Power levels: Adjust transmit power to control range.
- Wireless client isolation: Block client-to-client traffic.
- Guest network isolation: Separate guest traffic from internal.
- PSKs: Pre-shared keys for WPA/WPA2-Personal.
- EAP: Enterprise auth framework for Wi-Fi.
- Geofencing: Restrict access by location.
- Captive portal: Login/acceptance page before access.
- IoT access considerations: Isolate IoT on separate VLANs.
Remote access
- Site-to-site VPN: Encrypted tunnel between networks.
- Client-to-site VPN: Remote user to corporate network.
- Clientless VPN: Browser-based VPN access.
- Split tunnel: Only corporate traffic goes through VPN.
- Full tunnel: All traffic goes through VPN.
- Remote desktop: Remote control of a system.
- Remote desktop gateway: Secure broker for RDP sessions.
- SSH: Secure remote command-line access.
- VNC: Cross-platform remote desktop protocol.
- VDI: Hosted virtual desktops delivered to users.
- Authentication: Verifies identity.
- Authorization: Grants access based on identity.
- In-band management: Manage devices via production network.
- Out-of-band management: Manage via a separate network.
Detection & prevention (physical)
- Camera: Visual surveillance for monitoring.
- Motion detection: Alerts on movement in secure areas.
- Asset tags: Labels to track equipment.
- Tamper detection: Alerts if devices are opened/moved.
- Employee training: Security awareness to reduce risk.
- Badge readers: Card-based access control.
- Biometrics: Finger/face/voice identity verification.
- Locking racks/cabinets: Physical protection for gear.
- Smart lockers: Secured storage with access control.
- Mantrap: Two-door vestibule to prevent tailgating.
- Factory reset/wipe: Remove configs/data before disposal.
- Sanitize devices: Securely erase sensitive data.
5.0 Network Troubleshooting (22%)
5.1 Troubleshooting methodology
- Identify the problem: Gather info, question users, identify symptoms, and check recent changes.
- Establish a theory: Form a likely cause using top-down/bottom-up or divide-and-conquer.
- Test the theory: Validate or adjust the hypothesis with evidence.
- Plan of action: Define fix steps and potential impact.
- Implement solution/escalate: Apply fix or escalate if needed.
- Verify functionality: Confirm system works and apply preventive measures.
- Document findings: Record actions, outcomes, and lessons learned.
5.2 Cable connectivity issues
- Throughput: Actual data rate achieved.
- Speed: Link rate capability.
- Distance: Maximum supported cable run length.
- STP: Shielded twisted pair reduces interference.
- UTP: Unshielded twisted pair (common Ethernet).
- Foil shield: Additional EMI protection layer.
- Plenum-rated: Fire-safe cable for air spaces.
- Riser-rated: Cable rated for vertical runs.
- Rollover/console: Ethernet-to-serial for device config.
- Crossover: Connects like devices without a switch.
- PoE: Power and data over one Ethernet cable.
- Attenuation: Signal loss over distance.
- Interference: EMI/RFI degrading signal.
- Decibel loss: Measure of signal reduction.
- Incorrect pinout: Miswired cable pairs.
- Bad ports: Faulty interface on a device.
- Open/short: Broken or shorted conductors.
- LED indicators: Port status lights for link/activity.
- Incorrect transceivers: Incompatible optics/modules.
- Duplex mismatch: Half/full duplex mismatch causing errors.
- TX/RX reversed: Transmit/receive pairs swapped.
- Dirty optics: Contamination on fiber ends.
- Crimper: Attaches RJ connectors.
- Punchdown tool: Seats wires into blocks.
- Tone generator: Finds cable endpoints.
- Loopback adapter: Tests port transmit/receive.
- OTDR: Measures fiber length/defects.
- Multimeter: Measures voltage/resistance.
- Cable tester: Validates continuity/pinout.
- Wire map: Shows pair mapping graphically.
- Tap: Passive device to capture traffic.
- Fusion splicer: Joins fiber by fusing ends.
- Spectrum analyzer: RF signal analysis tool.
- Snips/cutters: Cable cutting tools.
- Cable stripper: Removes cable jacket.
- Fiber light meter: Measures optical signal power.
5.3 Software tools & commands
- WiFi analyzer: Measures wireless signal/channel usage.
- Protocol analyzer/packet capture: Captures and decodes network traffic.
- Bandwidth speed tester: Measures Internet throughput.
- Port scanner: Identifies open ports on hosts.
- iperf: Active bandwidth testing tool.
- NetFlow analyzer: Analyzes flow telemetry.
- TFTP server: Simple file transfer server for devices.
- Terminal emulator: CLI access to network gear (e.g., PuTTY).
- IP scanner: Finds active hosts on a subnet.
- ping: ICMP reachability test.
- ipconfig: Windows IP configuration tool.
- ifconfig: Legacy Unix/Linux IP config tool.
- ip: Modern Linux IP configuration tool.
- nslookup: DNS query tool.
- dig: DNS query tool with detailed output.
- traceroute: Unix path tracing tool.
- tracert: Windows path tracing tool.
- arp: View or manage ARP cache.
- netstat: Show connections and routing stats.
- hostname: Show/set host name.
- route: View or edit routing table.
- telnet: Insecure remote shell/testing tool.
- tcpdump: CLI packet capture tool.
- nmap: Network mapper/scanner.
- show interface: Display interface statistics.
- show config: Display device configuration.
- show route: Display routing table.
5.4 Wireless connectivity issues
- Throughput: Actual wireless data rate achieved.
- Speed: Link rate negotiated with the AP.
- Distance: Range between client and AP.
- RSSI: Received signal strength indicator.
- EIRP: Effective isotropic radiated power output.
- Antenna placement: Physical location for optimal coverage.
- Antenna type: Omni vs directional radiation pattern.
- Polarization: Orientation of the radio wave.
- Channel utilization: How busy a channel is.
- AP association time: Time to connect a client to an AP.
- Site survey: RF mapping and planning assessment.
- Interference: Competing RF signals causing noise.
- Channel overlap: Adjacent channel interference.
- RF attenuation: Signal loss from distance/obstructions.
- Wrong SSID: Client targeting the wrong network.
- Incorrect passphrase: Authentication failure due to key mismatch.
- Encryption mismatch: Client/AP use different security types.
- Insufficient coverage: Weak signal in parts of the area.
- Captive portal issues: Login page not loading or blocked.
- Client disassociation: Random client disconnects.
5.5 General networking issues
- Device config review: Validate settings and recent changes.
- Routing tables: Check learned/static routes.
- Interface status: Verify link up/down and errors.
- VLAN assignment: Confirm correct VLAN membership.
- Baseline: Compare against normal performance.
- Collisions: Simultaneous transmissions causing loss.
- Broadcast storm: Excessive broadcast traffic saturating a LAN.
- Duplicate MAC: Two devices share same MAC (often spoofing).
- Duplicate IP: Two devices share same IP address.
- Multicast flooding: Multicast sent to all ports.
- Asymmetrical routing: Different paths for send/receive.
- Switching loop: L2 loop causing endless frames.
- Routing loop: L3 loop causing packet cycling.
- Rogue DHCP: Unauthorized DHCP server on the network.
- Scope exhaustion: DHCP pool has no free IPs.
- Incorrect gateway: Wrong default router configured.
- Incorrect subnet mask: Bad network mask configuration.
- Incorrect IP: Wrong IP address on a host.
- Incorrect DNS: Wrong DNS server configured.
- Missing route: No path to a destination network.
- Low optical link budget: Fiber signal too weak.
- Certificate issues: Expired/mismatched TLS certs.
- Hardware failure: Faulty device or component.
- Firewall settings: Rules blocking required traffic.
- Blocked ports/addresses: ACLs/filters blocking services.
- Incorrect VLAN: Host placed in wrong VLAN.
- DNS issues: Resolution failures or outages.
- NTP issues: Time sync failures or drift.
- BYOD challenges: Security/compatibility of personal devices.
- Licensed feature issues: Features disabled due to licensing.
- Performance issues: High CPU, bandwidth, or connectivity problems.