CompTIA Network+ (N10-009) Syllabus — Objectives by Domain

Use this syllabus as your source of truth for N10-009. Work through each domain in order and drill targeted sets after every section.

What’s covered

• Domain 1: Networking Concepts (23%)
• Domain 2: Network Implementation (20%)
• Domain 3: Network Operations (19%)
• Domain 4: Network Security (14%)
• Domain 5: Network Troubleshooting (24%)

Domain 1: Networking Concepts (23%)

Practice this topic →

Task 1.1 - Compare and contrast network topologies and network types

• Define and distinguish common physical network topologies such as bus, ring, star, mesh, and hybrid.
• Compare logical network topologies including VLAN-based segmentation, overlay networks, and VPN-based topologies.
• Differentiate between network types such as LAN, WLAN, WAN, MAN, CAN, PAN, and SAN by scope and common use cases.
• Explain how topology and network type choices affect scalability, redundancy, and single points of failure.
• Identify the most appropriate topology or network type for a given small business or enterprise scenario.

Task 1.2 - Explain the characteristics and functions of network components

• Describe the functions of routers, switches, next-generation firewalls, and multilayer switches in a network.
• Explain the roles of wireless access points, wireless controllers, and cloud-managed networking appliances.
• Compare network interface types such as Ethernet, PoE, fiber, and wireless adapters and when each is used.
• Explain the purposes of load balancers, proxies, and content delivery networks (CDNs) in modern networks.
• Differentiate between on-premises, cloud-hosted, and virtual network appliances.

Task 1.3 - Explain the OSI and TCP/IP models

• Describe the purposes of the OSI model and the TCP/IP model for understanding network communication.
• Map common protocols and devices to the appropriate OSI and TCP/IP layers, such as HTTP, TCP, switches, and routers.
• Explain encapsulation and decapsulation as data moves through the OSI layers.
• Differentiate between connection-oriented and connectionless communication at the transport layer.
• Given a scenario, identify which OSI or TCP/IP layer is most likely associated with a described issue.

Task 1.4 - Given a scenario, configure and apply IP addressing schemes

• Explain the characteristics and differences between IPv4 and IPv6 addressing, including notation and address scopes.
• Given network requirements, calculate appropriate IPv4 subnet masks, prefix lengths, and host counts.
• Identify the network, broadcast, and valid host addresses within a given IPv4 subnet.
• Explain the roles of DHCP, SLAAC, and static addressing for both IPv4 and IPv6.
• Describe concepts of private versus public IP addresses, NAT, and PAT in typical enterprise networks.

Task 1.5 - Explain common ports, protocols, and their purposes

• Identify well-known TCP and UDP ports for common services such as HTTP(S), DNS, DHCP, FTP, SSH, and RDP.
• Differentiate between connection-oriented (TCP) and connectionless (UDP) transport protocols and when each is used.
• Explain the functions of core network protocols such as ARP, ICMP, NTP, and SNMP.
• Compare the use cases of unicast, broadcast, and multicast traffic.
• Given a scenario, match network services to their appropriate protocols and ports.

Task 1.6 - Summarize wireless standards and technologies

• Compare characteristics of IEEE 802.11 standards including 802.11n, 802.11ac, and 802.11ax (Wi‑Fi 4/5/6/6E) such as frequencies, channels, and typical throughput.
• Explain differences between 2.4 GHz, 5 GHz, and 6 GHz wireless bands including range, interference, and capacity.
• Describe basic WLAN components including SSIDs, BSS, ESS, and roaming.
• Explain the use of modern wireless security methods such as WPA2-Enterprise, WPA3, and 802.1X.
• Compare infrastructure, ad hoc, mesh, and controller-based wireless architectures.

Task 1.7 - Summarize cloud, virtual, and remote network concepts

• Describe the characteristics of public, private, hybrid, and multi-cloud networking.
• Explain concepts of virtualization, virtual switches, and virtual NICs in network design.
• Summarize connectivity options to cloud providers such as site-to-site VPNs and dedicated private links.
• Explain basic concepts of SDN, SD-WAN, and cloud-managed networking.
• Compare remote access technologies such as VPN, SSH, RDP, and client-based versus clientless access.

Task 1.8 - Explain routing and switching concepts

• Explain how switches use MAC address tables and ARP to forward Ethernet frames within a LAN.
• Describe how routers use routing tables and metrics to forward IP packets between networks.
• Compare static routing, dynamic routing, and default routes at a conceptual level.
• Explain concepts of VLANs, trunks, and VLAN tagging (802.1Q).
• Describe the purpose of common Layer 2 and Layer 3 network segments such as access, distribution, and core.

Domain 2: Network Implementation (20%)

Practice this topic →

Task 2.1 - Deploy and configure network hardware

• Identify appropriate hardware selection criteria for switches, routers, and firewalls based on performance, features, and environment.
• Explain common initial configuration tasks for network devices such as management IP addressing, hostname assignment, and enabling secure remote access.
• Describe the use of console, out-of-band management, and in-band management connections.
• Summarize power considerations including Power over Ethernet (PoE), redundant power supplies, and UPS integration.
• Given a scenario, determine appropriate placement of network devices within a small or medium network.

Task 2.2 - Implement switching technologies and VLANs

• Describe how to configure access and trunk ports conceptually, including allowed VLANs and a native VLAN.
• Explain the purpose and operation of VLANs for segmentation and traffic isolation.
• Describe voice VLAN concepts and QoS markings for converged networks at a high level.
• Explain basic switch features such as port security, spanning tree, and link aggregation (LACP) conceptually.
• Given a scenario, determine an appropriate VLAN design for users, servers, and guests.

Task 2.3 - Implement routing technologies

• Explain the purpose and behavior of default gateways in host configurations.
• Compare characteristics and typical uses of dynamic routing protocols such as RIP, OSPF, and BGP at an awareness level.
• Describe concepts of route metrics, administrative distance, and route preference at a high level.
• Explain the use of static routes for small networks and specific traffic paths.
• Given a simple network diagram, determine which routes are required for end-to-end connectivity.

Task 2.4 - Compare and contrast WAN technologies

• Summarize modern WAN options such as MPLS, Ethernet WAN, broadband, 5G, and dedicated internet access (DIA), including typical use cases.
• Explain characteristics of VPN technologies including site-to-site, remote access, and SSL VPNs.
• Describe concepts of SD-WAN and how it improves redundancy and application performance.
• Compare private WAN links with public internet-based connectivity from a security and cost perspective.
• Given a scenario, choose an appropriate WAN solution based on bandwidth, reliability, and budget requirements.

Task 2.5 - Install and configure cabling solutions

• Compare copper cable types such as Cat 5e, Cat 6, Cat 6A, and Cat 8 including typical speeds and maximum distances.
• Compare fiber types such as single-mode and multimode along with common connector types.
• Explain proper installation practices including bend radius, plenum versus riser ratings, and cable management.
• Describe the use of patch panels, cross-connects, and structured cabling standards in a wiring closet.
• Given a scenario, select appropriate cable and connector types to meet distance, bandwidth, and environment requirements.

Task 2.6 - Implement wireless networks

• Describe factors that affect wireless coverage such as obstacles, interference sources, and antenna types.
• Explain channel planning concepts including non-overlapping channels and channel reuse.
• Summarize common WLAN deployment models such as standalone APs, controller-based APs, and cloud-managed APs.
• Given a scenario, determine appropriate AP placement and density to provide coverage and capacity.
• Explain the use of guest networks and captive portals for visitor access.

Task 2.7 - Implement virtualization and cloud networking concepts

• Explain how virtual machines and containers connect to physical networks through virtual switches and virtual NICs.
• Describe overlay networks and tunneling protocols such as VXLAN at a conceptual level.
• Summarize concepts of network function virtualization (NFV) for firewalls, load balancers, and WAN optimization.
• Explain basic network considerations for hybrid cloud deployments including routing, DNS, and security.
• Given a scenario, identify when to use virtual appliances versus physical hardware in network designs.

Task 2.8 - Implement high availability and quality of service

• Explain concepts of redundancy and high availability including link aggregation, redundant paths, and device clustering.
• Describe basic QoS principles such as classification, marking, queuing, and prioritization of traffic.
• Summarize load balancing methods such as round-robin and least-connections at a high level.
• Explain the use of loop-prevention and first-hop redundancy mechanisms to maintain network availability.
• Given a scenario, choose appropriate redundancy or QoS techniques to meet uptime or performance requirements.

Domain 3: Network Operations (19%)

Practice this topic →

Task 3.1 - Use network documentation and diagrams

• Identify common types of network documentation such as logical diagrams, physical diagrams, and IP address plans.
• Explain the purposes of asset inventories, baselines, and configuration documentation.
• Interpret simple network diagrams to determine device roles, interfaces, and connectivity paths.
• Describe the importance of labeling, naming conventions, and version control for network documentation.
• Given a scenario, update network documentation to reflect a completed change.
• Explain how accurate documentation supports troubleshooting, audits, and knowledge transfer.

Task 3.2 - Implement network monitoring and performance optimization

• Describe the use of SNMP, syslog, and flow-based monitoring (NetFlow/sFlow/IPFIX) at a conceptual level.
• Explain the purpose of performance metrics such as bandwidth utilization, latency, jitter, and packet loss.
• Interpret basic monitoring outputs such as interface utilization graphs and alert thresholds.
• Summarize the roles of network management systems (NMS), SIEM, and log aggregation tools in operations.
• Given a scenario, determine an appropriate monitoring method or threshold to detect a network issue.
• Explain the concept of network baselining and how deviations indicate potential problems.

Task 3.3 - Use configuration management and change control processes

• Describe the goals and elements of formal change management including approvals, scheduling, and rollback plans.
• Explain the benefits of configuration backups, templates, and versioning for network devices.
• Summarize concepts of infrastructure as code and automation tools for consistent network configurations.
• Given a scenario, identify steps that should be included in a change request for a network modification.
• Explain separation of duties and access control considerations in operational changes.
• Describe how to verify and document successful completion of a network change.

Task 3.4 - Apply network policies and procedures

• Summarize common network-related policies such as acceptable use, onboarding and offboarding, and password policies.
• Explain concepts of least privilege, separation of duties, and need-to-know in controlling network access.
• Describe incident response phases and the responsibilities of network staff in each phase.
• Explain basic compliance requirements that affect networks, such as data protection regulations and industry standards, at an awareness level.
• Given a scenario, identify policy violations and appropriate escalation paths.
• Explain the role of service-level agreements (SLAs) and operational-level agreements (OLAs) in defining network performance and support expectations.

Task 3.5 - Summarize business continuity and disaster recovery concepts

• Explain differences between high availability, fault tolerance, backup, and disaster recovery.
• Describe concepts of recovery time objective (RTO) and recovery point objective (RPO) and how they drive network design decisions.
• Summarize strategies such as redundant sites, failover, and geo-redundancy for critical network services.
• Explain the importance of backup types, schedules, and testing for network configurations and critical data.
• Given a scenario, choose an appropriate continuity or recovery option to meet business requirements.
• Describe how tabletop exercises and simulations validate disaster recovery and business continuity plans.

Task 3.6 - Implement automation and scripting basics

• Explain the benefits of network automation for consistency, speed, and reduced human error.
• Describe common automation approaches such as APIs, configuration management tools, and scripting languages at a high level.
• Interpret simple pseudo-code or script snippets that perform basic network tasks such as pushing configurations.
• Explain concepts of idempotent operations and source control in automated network workflows.
• Given a scenario, identify network tasks that are good candidates for automation.
• Describe operational risks and safeguards when deploying automated changes.

Domain 4: Network Security (14%)

Practice this topic →

Task 4.1 - Summarize common security concepts

• Explain key security principles such as confidentiality, integrity, and availability (CIA triad).
• Describe concepts of least privilege, defense in depth, and Zero Trust in network design.
• Differentiate between technical, administrative, and physical security controls with network-related examples.
• Explain concepts of risk, threats, vulnerabilities, likelihood, and impact.
• Given a scenario, identify appropriate security controls to reduce network risk.

Task 4.2 - Compare and contrast common threats, vulnerabilities, and attacks

• Describe common network-based attacks such as DoS/DDoS, spoofing, and man-in-the-middle.
• Summarize threats related to wireless networks, including evil twin APs, rogue APs, and deauthentication attacks.
• Explain social engineering techniques such as phishing, spear phishing, and pretexting from a network perspective.
• Describe common vulnerabilities such as unpatched systems, weak passwords, and misconfigurations.
• Given a scenario, identify likely attack types based on symptoms and observed behavior.

Task 4.3 - Implement network security devices and technologies

• Explain the functions of firewalls including stateful inspection, next-generation features, and rule sets.
• Describe the roles of IDS, IPS, and network detection and response (NDR) systems in threat detection and prevention.
• Explain the purpose of network access control (NAC) and posture assessment in controlling endpoint access.
• Summarize secure segmentation techniques such as VLANs, ACLs, and microsegmentation.
• Given a scenario, choose appropriate placement and configuration of security appliances within a network diagram.
• Describe the use of VPN concentrators and secure gateways for remote connectivity.

Task 4.4 - Secure wireless networks

• Compare wireless security protocols and authentication methods such as WPA2-Personal, WPA2-Enterprise, and WPA3.
• Explain the role of 802.1X, RADIUS, and EAP methods in secure WLAN deployments.
• Describe best practices for secure SSID configuration including client isolation, separate guest SSIDs, and appropriate broadcast settings.
• Given a scenario, identify misconfigurations that weaken WLAN security.
• Explain the use of wireless intrusion detection and prevention features.

Task 4.5 - Implement authentication, authorization, and accounting (AAA)

• Explain differences between authentication, authorization, and accounting in controlling network access.
• Compare centralized authentication protocols such as RADIUS and TACACS+ at a conceptual level.
• Describe multi-factor authentication and common factor types such as something you know, have, or are.
• Explain concepts of single sign-on (SSO), federation, and identity providers and their impact on network design.
• Given a scenario, select an appropriate AAA solution for on-premises and cloud resources.

Task 4.6 - Secure network management and remote access

• Explain why secure management protocols such as SSH, HTTPS, and SNMPv3 are preferred over insecure alternatives.
• Describe best practices for securing management planes including dedicated management networks and out-of-band access.
• Summarize logging and audit trail requirements for change tracking and security investigations.
• Explain secure remote access methods for administrators including jump hosts, VPNs, and privileged access workstations.
• Given a scenario, identify insecure management or remote access practices that should be corrected.
• Describe certificate-based security concepts such as PKI, TLS, and certificate validation at a high level.

Task 4.7 - Apply security best practices and policies

• Summarize network hardening techniques such as disabling unused services, changing defaults, and regular patching.
• Explain the use of security baselines, configuration standards, and compliance requirements for network devices.
• Describe data protection techniques including encryption in transit, encryption at rest, and data classification.
• Given a scenario, apply segmentation, access control, and monitoring to protect sensitive network resources.
• Explain the importance of security awareness training related to network usage and remote work.
• Describe how vulnerability management processes, including scanning and remediation, apply to network infrastructure.

Domain 5: Network Troubleshooting (24%)

Practice this topic →

Task 5.1 - Explain the network troubleshooting methodology

• Describe the steps of a structured network troubleshooting methodology from identifying the problem through documenting the solution.
• Explain the importance of establishing a baseline and identifying recent changes when troubleshooting.
• Compare top-down, bottom-up, and divide-and-conquer approaches to troubleshooting network issues.
• Describe how to gather information from users, documentation, and monitoring tools during initial problem identification.
• Explain when to escalate, when to roll back changes, and when to implement temporary workarounds.
• Given a scenario, choose the next best troubleshooting step based on available information.

Task 5.2 - Troubleshoot wired connectivity and performance issues

• Given a scenario, diagnose Layer 1 issues such as bad cables, incorrect pinouts, and faulty ports that cause wired connectivity problems.
• Interpret wired interface status indicators, link lights, and duplex or speed mismatches.
• Given CLI or GUI output, identify VLAN misconfigurations, trunk problems, or port security violations.
• Troubleshoot wired performance issues such as congestion, oversubscription, and microbursts using monitoring data.
• Diagnose issues related to Power over Ethernet such as insufficient power budgets and incompatible devices.
• Recommend corrective actions for common wired issues including cable replacement, port reconfiguration, and path changes.

Task 5.3 - Troubleshoot wireless connectivity and performance issues

• Given a scenario, identify causes of poor wireless coverage such as distance, obstacles, and antenna placement.
• Diagnose wireless interference issues from co-channel, adjacent-channel, and non-Wi‑Fi sources.
• Interpret WLAN controller or AP diagnostics such as client RSSI, SNR, and retry rates at a conceptual level.
• Troubleshoot client connectivity problems related to incorrect SSID, security settings, or authentication failures.
• Given a scenario, recommend changes to channel plans, power levels, or AP placement to improve wireless performance.
• Identify and respond to security-related wireless issues such as rogue access points or suspected evil twins.

Task 5.4 - Troubleshoot IP addressing and network services

• Given CLI outputs such as `ipconfig`, `ifconfig`, or `ip addr`, identify common addressing issues such as incorrect subnet masks, default gateways, or DNS settings.
• Diagnose problems related to DHCP such as address exhaustion, incorrect scope options, or rogue DHCP servers.
• Troubleshoot name resolution issues involving DNS records, caching, and incorrect server configurations.
• Identify routing problems such as missing routes, asymmetric routing, or incorrect static routes using routing table output.
• Given a scenario, distinguish between local host issues and wider network or ISP problems.
• Recommend corrective actions to restore normal IP connectivity and name resolution.

Task 5.5 - Troubleshoot security-related issues

• Given a scenario, recognize symptoms of common attacks such as DDoS, brute-force login attempts, or scanning activity from network logs.
• Troubleshoot issues caused by firewall rules, ACLs, or security group misconfigurations preventing legitimate traffic.
• Diagnose problems related to VPN connectivity including authentication failures and tunnel negotiation errors.
• Identify issues introduced by NAC, posture checks, or endpoint security software blocking network access.
• Given a scenario, determine appropriate containment, eradication, and recovery steps for a network security incident.
• Explain how to coordinate with security teams and follow incident response procedures during troubleshooting.

Task 5.6 - Use appropriate network troubleshooting tools

• Describe use of basic command-line tools such as `ping`, `tracert`/`traceroute`, and `pathping` for connectivity testing.
• Explain how to use tools such as `nslookup`/`dig`, `arp`, and `netstat` to gather network information.
• Summarize the use of packet analyzers for protocol and traffic analysis at an introductory level.
• Describe physical layer test tools such as cable testers, TDRs, OTDRs, and certifiers and what their results indicate.
• Explain use of spectrum analyzers and Wi‑Fi analyzers for wireless troubleshooting.
• Given a scenario, select the most appropriate tool or command to diagnose a stated network problem.

Tip: After finishing a domain, take a 20–25 question drill focused on that domain, then revisit weak objectives before moving on.