Network+ has a breadth problem. The exam covers networking from physical cables through cloud networking concepts, wireless standards, network security, and troubleshooting methodology. A candidate who studies every topic with equal depth will spend three months preparing for an exam that could be passed in eight weeks with smart prioritization.
The domains are not equal in difficulty, weight, or how frequently specific topics appear in questions. Here's where to focus and what you can skim.
The Current Exam: N10-009
The N10-009 version launched in June 2024, replacing N10-008. This is an important transition — study materials published for N10-008 may miss content added in the new version.
What changed in N10-009 vs N10-008:
- Increased emphasis on cloud networking concepts
- Updated wireless coverage (Wi-Fi 6E, 6 GHz band)
- Expanded network automation and intent-based networking
- Updated security threats aligned with current threat landscape
- Some legacy protocol coverage reduced
| Domain | Weight |
|---|---|
| Networking Concepts | 23% |
| Network Implementation | 19% |
| Network Operations | 17% |
| Network Security | 20% |
| Network Troubleshooting | 21% |
Domain 1: Networking Concepts (23%)
This is the theory foundation. It tests whether you understand how networking works, not how to configure anything.
OSI model: the exam references OSI layer numbers constantly. You need to recall which layer handles what without hesitation:
| Layer | Number | Function | Protocols/Devices |
|---|---|---|---|
| Physical | 1 | Bit transmission | Cables, hubs, repeaters |
| Data Link | 2 | Frame delivery, MAC addressing | Switches, NICs, Ethernet |
| Network | 3 | IP addressing, routing | Routers, IP |
| Transport | 4 | End-to-end communication, ports | TCP, UDP |
| Session | 5 | Session management | NetBIOS, RPC |
| Presentation | 6 | Data format, encryption/decryption | SSL/TLS, JPEG, ASCII |
| Application | 7 | User-facing network services | HTTP, FTP, DNS, SMTP |
IP addressing: subnetting at the Network+ level is lighter than CCNA — the exam tests whether you can identify subnet membership and basic CIDR notation, not the rapid calculation speed CCNA demands.
Ports and protocols: know the port numbers cold. The exam presents scenarios — "a firewall blocks port 443" means HTTPS is blocked — and you need to instantly know the service associated with common ports.
High-priority ports:
- 20/21 FTP (data/control)
- 22 SSH
- 23 Telnet
- 25 SMTP
- 53 DNS
- 67/68 DHCP
- 80 HTTP
- 110 POP3
- 143 IMAP
- 443 HTTPS
- 3389 RDP
- 161/162 SNMP
What to skim in Domain 1: OSI layer 5 (Session) details. The exam rarely drills into specific session layer protocols. You need to know the layer exists and roughly what it handles — detailed session protocol knowledge is wasted study time.
Domain 2: Network Implementation (19%)
This domain covers actual network configuration concepts. Heavy on wireless and switching.
Wireless Standards
Wireless gets significant coverage on N10-009. The exam tests IEEE 802.11 standard evolution:
| Standard | Band | Max speed | Key feature |
|---|---|---|---|
| 802.11a | 5 GHz | 54 Mbps | First 5 GHz |
| 802.11b | 2.4 GHz | 11 Mbps | First widely adopted |
| 802.11g | 2.4 GHz | 54 Mbps | Backward compatible with b |
| 802.11n | 2.4/5 GHz | 600 Mbps | MIMO, dual band |
| 802.11ac | 5 GHz | 6.9 Gbps | MU-MIMO, beamforming |
| 802.11ax | 2.4/5/6 GHz | 9.6 Gbps | Wi-Fi 6, OFDMA, BSS coloring |
Wi-Fi 6E (802.11ax in 6 GHz band): added in recent exam updates. The 6 GHz band provides more channels and less interference than 2.4 GHz or 5 GHz — important for dense wireless environments.
Channel overlap: the exam tests 2.4 GHz channel overlap. Only channels 1, 6, and 11 are non-overlapping in North America — using adjacent channels creates co-channel interference. 5 GHz has more non-overlapping channels available.
Routing Protocols
Network+ tests routing protocols at a conceptual level — not the configuration depth CCNA requires:
- Static routing: manually configured, no overhead, doesn't adapt to failures
- Dynamic routing: protocols (OSPF, RIP, BGP) automatically exchange routing information
- OSPF: link-state, uses Dijkstra's algorithm, sends Link State Advertisements
- RIP: distance-vector, uses hop count as metric, maximum 15 hops (16 = unreachable)
- BGP: exterior gateway protocol, used between autonomous systems (ISPs), path vector
What to skim: RIP version specifics. RIP is largely obsolete in enterprise networks and tested lightly. Know it uses hop count and has a 15-hop limit. Don't spend time on RIPv1 vs RIPv2 differences.
Domain 4: Network Security (20%)
Network security receives 20% weight and includes content that's directly applicable to current threats.
Defense in Depth and Security Frameworks
Defense in depth: multiple layers of security controls so that failure of any single layer doesn't compromise the system. Physical security + network security + endpoint security + application security.
Zero trust: security model where no user or device is trusted by default, even on the internal network. "Never trust, always verify." Requires authentication and authorization for every access request.
CIA triad: Confidentiality (data accessible only to authorized users), Integrity (data not modified without authorization), Availability (systems accessible when needed). The exam maps security controls to CIA triad components.
Common Attack Vectors
The exam tests attack recognition and mitigation:
Social engineering:
- Phishing: mass email impersonating legitimate entities
- Spear phishing: targeted phishing with personalization
- Vishing: voice phishing (phone calls)
- Smishing: SMS phishing
- Pretexting: fabricated scenario to gain trust
Network attacks:
- MITM (Man-in-the-Middle): intercepts communication between two parties
- DNS poisoning: injects false DNS records to redirect traffic
- ARP poisoning: associates attacker's MAC with legitimate IP address
- DoS/DDoS: overwhelms a service with traffic
- VLAN hopping: switching attack that bypasses VLAN isolation
Mitigation tools the exam tests: IDS/IPS (detect/prevent intrusions), firewalls (stateless vs stateful), honeypots, network segmentation, 802.1X (port-based NAC).
"Network+ security questions test whether you can match an attack description to its name and identify the appropriate countermeasure. The exam rarely goes deeper — you don't need to know how to execute ARP poisoning, just what it is, how it works conceptually, and that dynamic ARP inspection on a switch prevents it." — Darril Gibson, CompTIA author and exam prep instructor
Domain 5: Network Troubleshooting (21%)
The largest single domain by weight. Candidates who study troubleshooting methodology and common symptoms pass Network+ more reliably than those who focus on protocol theory.
The CompTIA Troubleshooting Methodology
Network+ uses the same seven-step methodology as A+:
- Identify the problem
- Establish a theory of probable cause
- Test the theory to determine the cause
- Establish a plan of action
- Implement the solution or escalate
- Verify full system functionality and document
- Document findings, actions, and outcomes
The exam presents scenarios: "A user can't access the internet but can ping the default gateway. A technician checks the router and finds the correct configuration. Which step is the technician performing?" Testing a theory (Step 3).
Common Troubleshooting Scenarios
Connectivity issues:
- Can ping local machine, can't ping anything else → check default gateway configuration
- Can ping by IP, can't ping by name → DNS issue
- Can ping gateway, can't reach internet → routing issue upstream or ISP
- Intermittent drops on wired connection → duplex mismatch, cable fault, or switch port flapping
Wireless issues:
- Poor signal in specific areas → coverage gap, interference, or antenna orientation
- Slow speeds despite good signal → channel congestion (move to less-congested channel), interference from other devices
- Can't connect to SSID → wrong SSID or hidden SSID, wrong security type/password
Cable troubleshooting: the exam tests cable types and common faults.
- Straight-through (T568A/B at both ends): connects unlike devices (PC to switch)
- Crossover (T568A one end, T568B other): connects like devices (switch to switch) — less relevant with modern auto-MDI-X
- Rollover (console cable): Cisco console access
- Attenuation: signal degradation over distance — use a cable tester or TDR
What to Skip on Network+
Token Ring: mentioned in history but not meaningfully tested. One sentence of familiarity is enough.
SONET/SDH in detail: you need to know these are WAN fiber standards — not the framing details.
OSI layer 5 (Session) specific protocols: know the layer, know its function, skip memorizing session layer protocol details.
Vintage wireless standards (802.11a/b/g specifics): know they exist and roughly when they were superseded. Don't memorize channel counts for 802.11b.
IPv6 beyond the basics: understand IPv6 address format, know it's 128-bit, know the difference between global unicast and link-local. Detailed IPv6 subnetting is minimal on Network+.
Study Resources for N10-009
Professor Messer (professormesser.com): free video course matched to N10-009 objectives. Updated immediately when new versions launch — critical for the N10-009 transition.
Mike Meyers' CompTIA Network+ Study Guide (Sybex): most comprehensive textbook option. Includes practice questions and lab exercises.
Jason Dion's Udemy practice exams: most candidates report Dion's practice exam difficulty is accurate to the real exam. His explanations for wrong answers are detailed.
Target practice score: 80%+ on Dion or Professor Messer practice before booking. N10-009 passes at 720/900.
N10-009 Domain Weights and What Changed from N10-008
The N10-009 domain structure shifted from its predecessor in both weight distribution and content emphasis:
| Domain | N10-008 Weight | N10-009 Weight | What Changed |
|---|---|---|---|
| Networking Fundamentals | 24% | 23% | Slight reduction; cloud basics added |
| Network Implementation | 19% | 19% | Wi-Fi 6E (6 GHz band) added; some legacy wireless removed |
| Network Operations | 16% | 17% | Network automation tools expanded |
| Network Security | 19% | 20% | Current threat landscape updated; zero trust expanded |
| Network Troubleshooting | 22% | 21% | Troubleshooting methodology unchanged; new scenarios |
The most significant content additions in N10-009:
Wi-Fi 6E (802.11ax in 6 GHz band): N10-008 covered Wi-Fi 6 (2.4/5 GHz). N10-009 adds Wi-Fi 6E with its 6 GHz band operation — more spectrum, more non-overlapping channels, reduced interference in dense environments. This is tested as a distinct technology, not just a footnote to Wi-Fi 6.
Network automation and intent-based networking: N10-009 expands automation concepts. REST APIs for network configuration, infrastructure as code concepts, Ansible for network automation are all more prominent. This reflects the real-world shift in network engineering toward automation.
Updated cloud networking: virtual network overlays, SD-WAN, cloud connectivity options (direct connect, VPN, peering) received expanded coverage to reflect how enterprise networks now include cloud segments.
Reduced legacy content: N10-008 still tested Token Ring, older WAN technologies (Frame Relay, ATM), and some older wireless standards at more depth. N10-009 de-emphasizes these further. If your N10-008 materials have significant sections on Frame Relay, that time is better spent on cloud networking and automation in N10-009.
Network+ Topics That Appear on Security+
Network+ is widely recommended as a Security+ prerequisite because approximately 30-35% of Security+ content requires networking foundations. Specifically:
| Network+ Topic | Where It Appears on Security+ |
|---|---|
| OSI model and Layer 3/4 concepts | Security architecture questions; understanding where firewalls/IDS operate |
| Ports and protocols | Firewall rule questions; identifying attack traffic by port number |
| VLANs and network segmentation | Defense in depth; DMZ configuration; microsegmentation |
| Wireless security (WPA2/WPA3, authentication) | Domain 3: Security Architecture |
| DNS, DHCP, and basic TCP/IP | DNS poisoning, DHCP starvation attacks, network-layer attacks |
| Network devices (firewalls, IDS/IPS, WAF) | Security Operations domain; security architecture design |
| NAT and private addressing | Network security architecture; understanding what's exposed |
| VPN technologies | Remote access security; encryption in transit |
Candidates who attempt Security+ without Network+ foundations consistently report that they have to learn networking concepts while trying to learn security concepts — doubling the cognitive load. Network+ candidates moving to Security+ find approximately 25-30% of Security+ material familiar, which allows them to focus study on the security-specific content.
"Security+ questions frequently embed the answer in understanding basic networking. 'A packet is captured with a source IP of 192.168.1.1 and destination of 8.8.8.8 on port 53. What type of traffic is this?' You need to know DNS uses port 53, which is Network+ content. Security+ doesn't re-teach port numbers — it assumes them." — Darril Gibson, CompTIA Network+ and Security+ author
Troubleshooting Commands Tested on N10-009
Network+ tests command-line diagnostic tools at a conceptual level — understanding what each command reveals and what its output indicates. These appear in both Domain 5 (Network Troubleshooting) and scenario questions in other domains.
ipconfig (Windows) / ifconfig (Linux)
Reveals IP address, subnet mask, and default gateway configured on network interfaces.
Windows ipconfig /all output tested:
- IP Address: 192.168.1.50
- Subnet Mask: 255.255.255.0
- Default Gateway: 192.168.1.1
- DNS Servers: 8.8.8.8, 8.8.4.4
- Physical Address (MAC): 00-1A-2B-3C-4D-5E
Exam scenario: "A user can ping other hosts on the local network but can't reach the internet." Check ipconfig /all first — the default gateway may be incorrect or absent. If it shows 0.0.0.0 or is missing, the user has no path to external networks.
ping
Tests connectivity by sending ICMP echo requests. The exam tests interpreting ping results:
- Successful replies: basic Layer 3 connectivity confirmed
- Request timed out: ICMP blocked (firewall) or host unreachable
- "Destination host unreachable": no route to host from your local router
- Ping by IP succeeds, ping by name fails: DNS resolution issue
traceroute (Linux/Mac) / tracert (Windows)
Reveals the path packets take to a destination, showing each hop with round-trip time. The exam tests:
- Which hop has high latency or packet loss indicates where a network problem exists
- If tracert stops at the gateway, the problem is upstream of your network
- If a hop shows
* * *, ICMP is blocked at that hop but traffic may still flow through it
netstat
Displays active network connections, listening ports, and routing tables.
netstat -an: all connections with numerical addresses (no name resolution)netstat -r: routing table (equivalent toroute printon Windows)netstat -b(Windows): shows which executable has each port open
Exam use: "A user reports unusual outbound connections from their workstation. Which command reveals active network connections and the processes using them?" netstat -an or netstat -b.
nslookup
DNS query tool. Tests resolution and identifies the DNS server being used.
nslookup example.com
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: example.com
Address: 93.184.216.34
Exam scenario: "A user can ping 8.8.8.8 but cannot reach www.company.com." Run nslookup www.company.com — if it returns an error, DNS is the problem. If it resolves correctly but the connection fails, the problem is at a higher layer.
arp -a
Displays the ARP cache — the table mapping IP addresses to MAC addresses the host has resolved.
Exam use: "A user reports they can ping the default gateway by IP but receive no response from some hosts on the local segment." Check arp -a — if the target host has an incorrect MAC address in the ARP cache, ARP poisoning may have occurred. Clearing the ARP cache (arp -d on Windows) and retesting is the appropriate next step.
Domain-by-Domain Weight Analysis: High-Yield vs Low-Yield Topics
Not all topics within each domain carry equal exam weight. This breakdown guides study time allocation:
Domain 1: Networking Concepts (23%) — Study Distribution
| Topic | Exam emphasis | Study priority |
|---|---|---|
| OSI model layer functions | Very high — referenced in nearly every domain | High |
| Port numbers for common protocols | Very high — appears throughout | High |
| IPv4 subnetting (basic CIDR) | High | High |
| TCP vs UDP characteristics | High | High |
| IPv6 addressing basics | Moderate | Medium |
| OSI layer 5 (Session) specifics | Low | Low — know the layer, skip protocol details |
| IPv6 subnetting | Low | Low |
Domain 2: Network Implementation (19%) — Study Distribution
| Topic | Exam emphasis | Study priority |
|---|---|---|
| Wireless standards (802.11ax, Wi-Fi 6/6E) | High | High |
| VLAN configuration concepts | High | High |
| Spanning Tree Protocol (STP/RSTP) | Moderate-High | High |
| Channel selection and interference | Moderate-High | High |
| RIP version differences | Low | Low — know hop count limit, skip v1 vs v2 details |
| Vintage wireless (802.11b/g specifics) | Low | Low |
Domain 3: Network Operations (17%) — Study Distribution
| Topic | Exam emphasis | Study priority |
|---|---|---|
| Network monitoring concepts (SNMP, syslog) | High | High |
| Documentation and diagrams | Moderate | Medium |
| High availability concepts (NIC teaming, redundancy) | Moderate | Medium |
| Network automation (REST API concepts, Ansible) | Moderate (increasing) | Medium-High |
| Specific SDN implementation details | Low | Low — understand concepts, not vendor config |
Domain 4: Network Security (20%) — Study Distribution
| Topic | Exam emphasis | Study priority |
|---|---|---|
| Attack types and mitigation | Very high | High |
| Firewall types and placement | High | High |
| Zero trust and defense in depth | High | High |
| 802.1X and NAC | Moderate-High | High |
| Honeypot and deception technologies | Moderate | Medium |
| Specific vulnerability scoring (CVSS details) | Low | Low — know what CVSS is, not formula details |
Domain 5: Network Troubleshooting (21%) — Study Distribution
| Topic | Exam emphasis | Study priority |
|---|---|---|
| CompTIA 7-step troubleshooting methodology | Very high — tested repeatedly | High |
| Command-line tools (ipconfig, ping, tracert, nslookup, arp) | Very high | High |
| Wireless troubleshooting scenarios | High | High |
| Cable types and faults | Moderate-High | High |
| Fiber connector types | Moderate | Medium |
| Specific TDR operation details | Low | Low — know what TDR does, not specs |
See also: CCNA vs Network+: which networking certification should you pursue first, CompTIA Security+: the most important cert in IT security
References
- CompTIA. N10-009 CompTIA Network+ Exam Objectives. CompTIA, 2024. https://www.comptia.org/certifications/network
- Meyers, Mike. CompTIA Network+ Study Guide: Exam N10-009. Sybex, 2024. ISBN: 978-1394160884. (Updated for current exam version)
- Professor Messer. CompTIA N10-009 Network+ Training Course. professormesser.com, 2024. (Free video course updated for N10-009 objectives)
- Dion, Jason. CompTIA Network+ (N10-009) Full Course and Practice Exam. Udemy, 2024. (Video course with practice exams aligned to current objectives)
- Gibson, Darril. CompTIA Network+ Get Certified Get Ahead: N10-009 Study Guide. YCDA, 2024. (ISBN varies by edition; comprehensive exam preparation guide)
- CompTIA. Network+ Exam Information and Objectives Download. CompTIA, 2024. https://www.comptia.org/certifications/network#examdetails
Frequently Asked Questions
What changed between CompTIA Network+ N10-008 and N10-009?
N10-009 (launched June 2024) added more cloud networking content, Wi-Fi 6E coverage (6 GHz band), expanded network automation, and updated security threat landscape. Some legacy protocol content was reduced. Study materials specifically updated for N10-009 are necessary — N10-008 materials have coverage gaps.
Which Network+ domain should I study most?
Network Troubleshooting at 21% is the largest domain and the highest-ROI study area. Candidates who understand the CompTIA troubleshooting methodology and common symptom-to-cause mappings pass more reliably than those who focus on protocol theory. Network Security at 20% is the second priority.
Do I need to know subnetting for Network+?
Basic subnetting yes — identifying subnet membership, understanding CIDR notation, calculating network vs host portions. The depth required is lighter than CCNA. Network+ doesn't test rapid subnetting calculations the way CCNA does; understanding the concepts is sufficient.
What is the passing score for CompTIA Network+?
720 out of 900. The exam has a maximum of 90 questions (multiple choice plus performance-based) with a 90-minute time limit. Performance-based questions appear early and can take significant time — managing time carefully is important.
Is Network+ harder than A+?
Yes, for most candidates. Network+ requires deeper understanding of protocols, addressing, and troubleshooting methodology. A+ is broader but shallower. Candidates who passed A+ first find Network+ harder because it demands conceptual depth that A+ doesn't, particularly in routing, switching, and wireless.