CompTIA Network+ (N10-009) Study Notes — Vocabulary Flashcards

Vocabulary flashcards covering essential concepts, terms, and definitions from the CompTIA Network+ N10-009 study notes.

OSI Model

Open Systems Interconnection reference model with seven layers (Physical, Data Link, Network, Transport, Session, Presentation, Application) used for organizing and troubleshooting network functions.

Physical Layer (Layer 1)

First OSI layer responsible for transmitting raw bits over a physical medium; includes cables, connectors, and signaling.

Data Link Layer (Layer 2)

OSI layer that packages bits into frames, uses MAC addressing, and provides error detection and access control.

Network Layer (Layer 3)

OSI layer responsible for routing packets between devices and networks using logical addressing (IP).

Transport Layer (Layer 4)

OSI layer that provides end-to-end communication management, including TCP and UDP, flow control, and reliability.

Session Layer (Layer 5)

OSI layer that manages, maintains, and terminates sessions between communicating devices.

Presentation Layer (Layer 6)

OSI layer that formats and encodes data for exchange, including encryption and data syntax negotiation.

Application Layer (Layer 7)

OSI layer that provides network services directly to end-user processes and applications.

MAC Address

48-bit hardware address assigned to a network interface card (NIC) used to identify devices on a LAN.

NIC (Network Interface Card)

Hardware component that connects a device to a network and provides physical and data link layer connectivity.

CAM Table

Switch MAC address table (Content Addressable Memory) used to map MAC addresses to switch ports for forwarding.

Switch

Layer 2 device that forwards frames based on MAC addresses and learns network topology via CAM tables.

Router

Layer 3 device that forwards packets between networks using IP addresses and routing tables.

Multilayer Switch

Switch with Layer 3 routing capabilities, combining switching and routing in one device.

Hub

Layer 1 device that repeats signals to all ports; creates large collision domains and is largely obsolete.

VLAN

Virtual Local Area Network; a logical segmentation of a network at Layer 2 to create separate broadcast domains.

802.1Q

VLAN tagging standard that places VLAN IDs in Ethernet frames to allow multiple VLANs over a single trunk link.

Trunking

Link carrying traffic for multiple VLANs between switches, typically using 802.1Q tagging.

Native VLAN

Untagged VLAN on a trunk port; used for devices that do not support VLAN tagging.

Voice VLAN

Dedicated VLAN for voice traffic (VoIP) to improve QoS and reliability.

SVI (Switch Virtual Interface)

Virtual Layer 3 interface on a switch used to route between VLANs.

STP (Spanning Tree Protocol)

Prevents network loops by disabling redundant paths and creating a loop-free topology.

Root Bridge

The central switch elected by STP as the reference point for the spanning tree.

Bridge ID (BID)

Unique identifier used by STP to elect the Root Bridge, composed of priority and MAC.

Root Port

On non-root switches, the port with the lowest cost toward the Root Bridge.

Designated Port

Port on a network segment chosen to forward frames toward the Root Bridge.

STP Port States

Blocking, Listening, Learning, Forwarding — STP states that manage frame forwarding to prevent loops.

Point-to-Point Topology

Topology with a direct connection between two devices; simple and scalable for small links.

Ring Topology

Topology where each device connects to two others, forming a closed loop; provides fault tolerance via redundancy.

Bus Topology

All devices connect to a single central cable; easy to install but prone to collisions and outages.

Star Topology

Each device connects to a central hub or switch; robust, but central point failure can disrupt the network.

Mesh Topology (Full/Partial)

Topology with interconnected devices for redundancy; full mesh connects every node to every other, partial mesh has partial interconnections.

Hub-and-Spoke Topology

Central hub connects to multiple spokes; scalable but hub is a single point of failure.

Wireless Access Point (WAP)

Device that enables wireless devices to connect to a wired network via Wi‑Fi.

Infrastructure Mode

Wireless network where devices connect through an access point to a wired network.

Ad Hoc Mode

Decentralized wireless network where devices communicate directly without an AP.

Wireless Mesh

Interconnected wireless nodes creating a mesh network for coverage and redundancy.

802.11 Standards (a/b/g/n/ac/ax)

Wi‑Fi generations describing frequency bands, speeds, and capabilities (e.g., 802.11ac/ax).

SSIDs

Service Set Identifier; name of a wireless network broadcast by an AP.

BSSID

Basic Service Set Identifier; MAC address of an AP’s radio interface.

Channel Overlap (2.4 GHz)

Overlapping Wi‑Fi channels (1, 6, 11) to minimize interference.

MU‑MIMO

Multi-User MIMO; allows multiple devices to receive data simultaneously on Wi‑Fi 4/5/6.

NAT (Network Address Translation)

Converts private IP addresses to public IP addresses for Internet access; conserves IPv4 space.

DNAT/SNAT/PAT

Destination NAT, Source NAT, and Port Address Translation (many-to-one).

Inside Local/Inside Global/Outside Local/Outside Global

NAT terminology describing how addresses are translated across networks.

DHCP (Dynamic Host Configuration Protocol)

Automates IP address assignment; uses DORA (Discovery, Offer, Request, Acknowledgement).

APIPA

Automatic Private IP Addressing; 169.254.0.0/16, used when DHCP is unavailable.

IPv4 Addressing

32-bit addresses written in dotted-decimal notation; classes A/B/C; defaults: 255.0.0.0, 255.255.0.0, 255.255.255.0.

RFC 1918

Private IPv4 address ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.

CIDR Notation

Classless Inter-Domain Routing; IP/subnet mask length (e.g., 192.168.1.0/24).

Subnetting

Dividing a large network into smaller subnets by borrowing host bits.

IPv6 Addressing

128-bit addresses with types: unicast, multicast, link-local; SLAAC and EUI‑64; no broadcasts.

SLAAC

Stateless Address Autoconfiguration; devices auto-configure IPv6 addresses.

EUI-64

Extended Unique Identifier; technique to derive a 64-bit interface ID in IPv6.

DNS

Domain Name System; translates domain names to IP addresses.

DNS Records (A/AAAA/CNAME/MX/NS/SOA/PTR)

A maps domain to IPv4, AAAA to IPv6, CNAME aliases, MX mail servers, NS nameservers, SOA zone info, PTR reverse lookups.

DNSSEC

DNS Security Extensions; signs DNS data to ensure integrity (not encryption).

DNS over HTTPS/TLS

DoH/DoT; encrypt DNS queries to protect privacy.

DHCP Relay / IP Helper

Forwards DHCP requests across subnets; IP helper address config on routers.

NAT vs PAT

NAT translates addresses; PAT allows many devices to share one public IP using ports.

MTU

Maximum Transmission Unit; largest frame size allowed on a network; jumbo frames exceed standard MTU.

Jumbo Frames

Frames larger than MTU; improve throughput in some networks but require all devices to support them.

Encapsulation/Decapsulation

Process of adding/removing headers/trailers as data moves through the OSI/TCP/IP stack.

TCP

Transmission Control Protocol; connection-oriented, reliable transport with three-way handshake and flow control.

UDP

User Datagram Protocol; connectionless, faster but unreliable transport with no guaranteed delivery.

Three-Way Handshake

TCP connection setup: SYN, SYN-ACK, ACK.

TCP Windowing

Flow control mechanism to manage how much data can be sent before receiving an ACK.

TLS/SSL

Protocols that provide encryption and secure communications over a network.

PKI (Public Key Infrastructure)

System of keys and certificates managed by trusted authorities to secure communications.

Certificate Authority (CA)

Trusted entity that issues digital certificates used in PKI.

CSR

Certificate Signing Request; a request for a certificate from a CA.

X.509

Standard for public key infrastructure certificates.

VPN (Virtual Private Network)

Extends a private network across a public network via secure tunnels.

IPsec

VPN protocol suite providing encryption and authentication for IP traffic.

SSL/TLS VPNs

VPNs that use SSL/TLS for encryption; often clientless or browser-based.

MPLS

Multiprotocol Label Switching; forwards packets using labels for efficient, scalable routing.

NFV/VNFs/NFVI/MANO

Network Functions Virtualization and virtualized network functions; management and orchestration.

SDN

Software-Defined Networking; separates control plane from data plane for centralized management.

VXLAN

Overlay network to extend Layer 2 across Layer 3; uses VTEP and VNI.

Cloud Service Models (IaaS/PaaS/SaaS)

IaaS: infrastructure; PaaS: platform; SaaS: applications delivered over the cloud.

Cloud Deployment Models (Public/Private/Hybrid/Community)

Ways to deploy cloud resources across organizations and boundaries.

SASE/SSE

Security architecture blending networking and security controls in the cloud; SSE focuses on security services.

IoT

Internet of Things; networked devices embedded with sensors and software.

BYOD/CYOD

Bring Your Own Device vs Choose Your Own Device; policies for management and security.

NAC (Network Access Control)

Controls device access to a network, often with 802.1X and posture checks.

802.1X

Port-based authentication standard used with NAC to enforce access control.

RADIUS/TACACS+

Authentication, authorization, and accounting protocols; RADIUS is common, TACACS+ is Cisco-proprietary.

MIB/SNMP

SNMP manages network devices; MIB is its data structure; SNMP traps provide alerts.

Syslog

Standard for event message logging; uses UDP 514 (default) to a syslog server.

SIEM/SOAR

Security Information and Event Management; Security Orchestration, Automation, and Response for security analytics.

Playbooks/Runbooks

Automated procedures for incident response and security operations.

NTP

Network Time Protocol; synchronizes clocks across the network; uses UDP port 123.

DNSSEC/DoH/DoT

DNSSEC signs DNS data for integrity; DoH/DoT encrypt DNS queries for privacy.

SNMPv3

Secure version of SNMP offering integrity, authentication, and confidentiality.

IDS/IPS

Intrusion Detection/Prevention Systems; monitor and/or block malicious activity in network traffic.

WPA2/WPA3

Wi‑Fi security standards; WPA2 uses CCMP/AES; WPA3 introduces SAE for stronger handshakes.

802.11ac/802.11ax

Wi‑Fi standards; AC = Wi‑Fi 5, AX = Wi‑Fi 6/6e with higher throughput and better efficiency.

SLA/MOU/NDA

Service Level Agreement; Memorandum of Understanding; Non-Disclosure Agreement; define commitments and confidentiality.

UPS/PDU/Racks

Uninterruptible Power Supply, Power Distribution Unit, and server racks for data centers.

AC/DC Power Considerations

Voltage standards (US ~120V, Europe ~230V); ensure proper equipment compatibility.