CompTIA Network+ (N10-009) Cheat Sheet
High-yield review of OSI, subnetting, VLANs, Wi-Fi, cabling, protocols, and troubleshooting flow for CompTIA Network+.
On this page
Use this for last-mile review. Network+ questions usually come down to picking the right layer, the right tool, and the least-wrong fix before you touch the wider network.
Final 20-minute recall (exam day)
Cue -> best move (scenario map)
| If the question says… | Usually best answer |
|---|---|
Host has APIPA (169.254.x.x) | DHCP path check: scope, helper/relay, VLAN, server |
| Same switch VLAN users isolated | Access VLAN assignment + trunk allowed VLANs + SVI/gateway |
| IP reachable but FQDN fails | DNS resolver/records/port 53 path checks |
| Need secure Wi-Fi enterprise auth | WPA3/WPA2-Enterprise with 802.1X + RADIUS |
| Broadcast storm / MAC flapping | Loop/STP issue; verify trunking and root behavior |
| Need private site-to-site over internet | IPsec VPN (IKEv2), validate phase settings |
| Lowest latency path diagnosis | ping + traceroute/tracert + interface errors |
| Intermittent drops on wired link | Duplex mismatch, bad patch cable, optics cleanliness |
| Link up but no route off subnet | Default gateway/subnet mismatch |
| Segregate traffic without new hardware | VLAN segmentation + ACL policy |
Must-memorize N10 anchors
| Topic | Fast recall |
|---|---|
| OSI rapid map | 1 Physical, 2 Data Link, 3 Network, 4 Transport, 7 Application |
| Subnet hosts | 2^(host bits) - 2 (except /31 p2p) |
| Private IPv4 | 10/8, 172.16/12, 192.168/16 |
| NAT types | PAT overload most common edge use |
| Security ports | HTTPS 443, SSH 22, IPsec/IKE uses 500/4500 |
| Wi-Fi channel sanity | 2.4 GHz prefers non-overlapping 1/6/11 |
Last-minute traps
- Solving Layer 7 symptoms before Layer 1/2 checks.
- Confusing trunk vs access port behavior.
- Ignoring DNS when “network looks up” by IP only.
- Treating Wi-Fi PHY max speeds as expected user throughput.
1) OSI model (memorize + use for troubleshooting)
| Layer | Name | PDU | Common examples |
|---|---|---|---|
| 7 | Application | Data | HTTP/S, DNS, SMTP, DHCP (conceptual) |
| 6 | Presentation | Data | TLS/SSL, encoding, compression |
| 5 | Session | Data | Session setup/teardown (high level) |
| 4 | Transport | Segment/Datagram | TCP/UDP, ports |
| 3 | Network | Packet | IP, routing, ICMP |
| 2 | Data Link | Frame | Ethernet, VLANs, MAC, ARP |
| 1 | Physical | Bits | Cabling, RF, signaling |
flowchart LR
A[App data] --> B[TCP/UDP + ports]
B --> C[IP + routing]
C --> D[Ethernet + MAC/VLAN]
D --> E[Bits on wire / RF]
2) IPv4 subnetting quick table
Rules
- Hosts per subnet =
2^(host bits) - 2(except/31point-to-point) - Block size =
256 - mask_octet(in the interesting octet)
| Prefix | Mask | Usable hosts | Block size (last octet) |
|---|---|---|---|
| /24 | 255.255.255.0 | 254 | 1 |
| /25 | 255.255.255.128 | 126 | 128 |
| /26 | 255.255.255.192 | 62 | 64 |
| /27 | 255.255.255.224 | 30 | 32 |
| /28 | 255.255.255.240 | 14 | 16 |
| /29 | 255.255.255.248 | 6 | 8 |
| /30 | 255.255.255.252 | 2 | 4 |
| /31 | 255.255.255.254 | 2 (P2P) | 2 |
Fast sanity checks
- Same subnet? Compare each IP to the mask (or compute the network address).
- Default gateway must be in the same subnet as the host.
3) IPv6 essentials
- Address types
- Global unicast:
2000::/3(public) - Unique local (ULA):
fc00::/7(private-ish) - Link-local:
fe80::/10(always on; neighbor discovery)
- Global unicast:
- Compression: remove leading zeros;
::only once per address. - Common multicast
ff02::1all nodes (local link)ff02::2all routers (local link)ff02::1:ff00:0/104solicited-node (ND)
4) VLANs, trunks, and switching basics
- Access port: untagged, belongs to one VLAN.
- Trunk port (802.1Q): tagged, carries multiple VLANs between switches/APs/routers.
- Native VLAN: untagged VLAN on a trunk (avoid misuse; document it).
- STP: prevents loops; a loop often shows as broadcast storms and MAC flapping.
5) Wi‑Fi quick table + security
| Generation | IEEE | Bands | Notes |
|---|---|---|---|
| Wi‑Fi 4 | 802.11n | 2.4/5 | MIMO |
| Wi‑Fi 5 | 802.11ac | 5 | MU‑MIMO, wider channels |
| Wi‑Fi 6/6E | 802.11ax | 2.4/5/6 | OFDMA, dense environments |
Channel planning
- 2.4 GHz: prefer 1 / 6 / 11 to avoid overlap.
Security order (best → worst)
- WPA3 → WPA2 (AES/CCMP) → WPA (TKIP) → WEP (avoid)
- Enterprise auth: 802.1X with RADIUS + EAP (scenario picks often favor this).
6) Cabling, fiber, optics, and PoE
Copper
| Cable | Typical use | Notes |
|---|---|---|
| Cat5e | 1 Gbps @ 100 m | Common baseline |
| Cat6 | 10 Gbps @ ~55 m | Better noise performance |
| Cat6a | 10 Gbps @ 100 m | Best pick for long 10G copper runs |
Fiber
| Fiber | Mode | Typical range | Notes |
|---|---|---|---|
| MMF | Multi‑mode | Short | Common in buildings |
| SMF | Single‑mode | Long | Metro/long distance |
Transceivers
- SFP (1G), SFP+ (10G), QSFP (40G/100G variants)
PoE
- 802.3af (PoE) • 802.3at (PoE+) • 802.3bt (PoE++)
Know that higher PoE classes power APs, cameras, and phones.
7) Ports & protocols (high yield)
| Service | Port/Proto | Notes |
|---|---|---|
| DNS | 53 UDP/TCP | UDP for queries; TCP for zone/large replies |
| DHCP | 67/68 UDP | Server/client |
| HTTP / HTTPS | 80 / 443 TCP | Web; TLS on 443 |
| SSH | 22 TCP | Secure remote management |
| Telnet | 23 TCP | Insecure (distractor) |
| RDP | 3389 TCP/UDP | Remote desktop |
| SMB | 445 TCP | Windows file sharing |
| NTP | 123 UDP | Time sync |
| SNMP | 161/162 UDP | Polling / traps |
| Syslog | 514 UDP | Logging (TCP variants exist) |
| LDAP / LDAPS | 389 / 636 TCP | Directory |
| RADIUS | 1812/1813 UDP | AAA (auth/accounting) |
| TACACS+ | 49 TCP | AAA (common alt) |
8) DHCP & DNS quick picks
DHCP DORA Discover → Offer → Request → Acknowledge
DNS records
A/AAAA(name → IP)CNAME(alias)MX(mail)TXT(verification/SPF hints)PTR(reverse lookup)
9) VPN + AAA at a glance
- Site-to-site VPN: typically IPsec tunnel between gateways.
- Remote access VPN: user → gateway; often SSL/TLS-based or IPsec.
- AAA: central auth and auditing; common pattern is RADIUS/TACACS+ plus MFA.
10) Troubleshooting playbook (symptom → layer → tools)
| Symptom | Likely layer | Fast checks / tools |
|---|---|---|
| No link light | L1 | Cable, port, PoE, NIC enabled |
APIPA (169.254.x.x) | L3/service | DHCP scope, VLAN, relay, server reachability |
| IP works, names fail | L7/service | DNS servers, nslookup/dig, firewall 53 |
| One VLAN can’t reach gateway | L2/L3 | VLAN on access port, trunk allowed VLANs, SVI/gateway |
| High latency/packet loss | L3/L4 | ping, tracert/traceroute, interface errors, congestion |
| Intermittent drops | L1/L2 | Duplex/speed mismatch, bad cable, loops/STP, Wi‑Fi interference |
Useful commands
1# Windows
2ipconfig /all
3ping 8.8.8.8
4tracert example.com
5nslookup example.com
6
7# Linux/macOS
8ip a
9ip route
10traceroute example.com
11dig example.com
12sudo tcpdump -ni any port 53
Wireshark filter starters
dnstcp.port == 443ip.addr == 10.0.0.10
Quiz
Loading quiz…