CompTIA Network+ (N10-009) (Concise) (Personal) (Continuously Editing)

Personal flash cards based on what I got wrong and need to study more. I frequently edit and update them to try to get only Net+ Necessary info while being concise (15-20 words max). Terms and definitions largely based on DionTraining's Udemy exams

Network Baseline

• Documented measurement of normal network performance & traffic

• Used to detect abnormalities, misconfigurations, or security incidents

Infrastructure (Wi-Fi Mode)

• Uses central access point (AP/router)

• Connects multiple devices through AP

• Provides internet/network access

• Opposite of ad hoc (no central device)

SFP Module

• Small Form-factor Pluggable transceiver

• Inserts into switch/router port

• Converts electrical to optical signals

• Requires matching TX/RX for link

Bluejacking

• Bluetooth attack sending unsolicited messages

• Targets nearby Bluetooth-enabled devices

• Can exploit weak device configurations

Smurf Attack

• DDoS using ICMP echo requests

• Spoofed source IP = victim

• Sent to broadcast address, amplifies traffic

Multiplexing

• Combines multiple signals into one medium

• Maximizes bandwidth utilization

Key Reason to Verify Voltage Requirements

• Main goal: ensure device matches facility voltage

• Determines if converters/regulators are needed

• Prevents device damage from incorrect voltage

Console vs SSH (Direct Access Rule)

• Console = direct, local CLI access

• SSH = remote CLI access over network

  • Requires connection & enabled service

• “Direct access” questions = Console

Band Steering

• Router feature for dual-band Wi-Fi (2.4GHz & 5GHz)

• Automatically assigns devices to optimal band

• Considers:

  • Signal strength

  • Device capability

  • Congestion

• Improves overall wireless performance & load balancing

Subnet Network & Broadcast Reminder

• Every subnet has own network ID (first IP) and broadcast IP (last IP)

• Find separate blocks by counting up from .0

Data Loss Prevention (DLP) System

• Prevents unauthorized data exfiltration

• Controls user transferring data outside the network

• Enforces corporate data protection policies technically

How to Identify a Zero-Day Attack

• Occurs despite up-to-date AV/properly configured firewall

• Exploits unknown software vulnerability

• Allows unauthorized access/data exfiltration

• No patch/signatures exist

Secure Access Service Edge (SASE)

• Combines WAN & security services

• Secures access for remote users/branch offices

• Cloud-delivered architecture

• Includes ZTNA & firewall as service

Session Initiation Protocol (SIP)

• VoIP signaling protocol

• Initiates, maintains, terminates sessions

• Used for voice, video, messaging

• Ports 5060 (unencrypted), 5061 (TLS)

Virtual Router Redundancy Protocol (VRRP)

• Provides gateway redundancy

• Multiple routers share virtual IP

• Automatic failover to backup router

• Improves network availability

Data Center Voltage (Standard)

• 208V commonly used

• Supports efficient power delivery

• Higher than 120V (insufficient)

• Lower than high-voltage industrial levels

Unicast vs Anycast (Exam Rule)

• “Direct request” → unicast

• One host to one server → unicast

• “Nearest server” → anycast

• Shared IP across servers → anycast

• Anycast uses unicast delivery

Port Address Translation (PAT)

• Type of NAT (NAT overload)

• Maps multiple private IPs to one public IP

• Port numbers differentiate connections

• Conserves public IPs

Network Time Security (NTS)

• Secures NTP time synchronization

• Provides authentication & integrity

• Protects against replay attacks

• Prevents timestamp tampering

RADIUS vs TACACS+

• RADIUS:

  • UDP

  • Combines AAA

  • Encrypts password only

  • User access

• TACACS+:

  • TCP

  • Separates AAA

  • Encrypts entire packet

  • Admin access

AAA (Authentication, Authorization, Accounting)

• Authentication: verify identity

• Authorization: allow actions

• Accounting: log activity

• Framework used by RADIUS & TACACS+

RADIUS

• AAA protocol

• Open standard

• UDP

• Combines authentication & authorization

• Encrypts password only

• Manages user access network (like Wi-Fi or VPNs)

TACACS+

• Cisco AAA protocol

• TCP

• Separates authentication, authorization, accounting

• Encrypts entire packet

• Manages admin access to network devices like routers & switches

Business Continuity Plan (BCP)

• Maintains business operations

• Covers before, during, after disaster

• Focus on long-term continuity

Disaster Recovery Plan (DRP)

• Restores systems after disaster

• Focus on IT infrastructure recovery

• Short-term recovery actions

Incident Response Plan (IRP)

• Responds to security incidents

• Defines detection and containment steps

• Focus on immediate threats

Risk Management Plan

• Identifies and assesses risks

• Defines mitigation strategies

• Focus on risk reduction

Cisco Discovery Protocol (CDP)

• Layer 2 Cisco protocol

• Discovers, identifies, & manages directly connected devices

• Shares device & interface info

• Used for neighbor discovery

CDP vs LLDP

• CDP: Cisco only

• LLDP: vendor-neutral

• Both discover neighbors

• Operate at Layer 2

Active Port

• Port is enabled and operational

• Passing network traffic

• Shows link/activity

Disabled Port

• Administratively shut down

• Manually configured off

• No traffic allowed

Blocked Port

• Prevented from forwarding traffic

• Used by STP to avoid loops

• Still enabled but not forwarding

Suspended Port

• Not operational due to misconfiguration

• VLAN mismatch or invalid config

• Does not pass traffic

Ping vs Traceroute

• Ping: reachability & RTT

• Traceroute: path & hops

• Ping uses echo request/reply

• Traceroute uses TTL + ICMP errors

Ping

• Tests host reachability

• Measures round-trip time (RTT)

• Uses ICMP echo request/reply

• Does not show path

Traceroute/Tracert

• Shows path to destination

• Identifies each hop/router

• Uses TTL (Time-to-Live) expiration

• Receives ICMP time exceeded messages

ICMP Echo

• Echo Request = ping sent to host

• Echo Reply = response from host

• Used to test reachability

• Basis of ping/ping sweeps

Ping Sweep

• Sends ICMP echo requests to multiple IPs

• Echo replies identify live hosts

• Network reconnaissance tool

• Mitigation: block ICMP traffic (requests/replies)

Anomaly-Based Alerting (Disadvantage)

• High false positive rate

  • Can waste time on non-threats

• Requires tuning & baseline refinement

Network Security Group (NSG)

• Filters network traffic to/from resources

• Uses rules (IP, port, protocol)

• Applied to VMs & subnets

• Acts like cloud firewall

Multihoming (multiple ISPs)

• Network connected to multiple ISPs

• Provides redundancy & failover

• Can use BGP for route control

• Improves availability of WAN connectivity

Verbose Trap

• SNMP trap with multiple OIDs & values

• Sends full device/event details

• Uses more bandwidth

• Provides comprehensive information

Granular Trap

• SNMP trap with single OID & value

• Sends specific event detail only

• Uses less bandwidth

• Limited information compared to verbose trap

SNMP Trap

• Asynchronous alert from SNMP agent

• Sent to SNMP manager

• Indicates event or status change

• Uses UDP port 162

MIB (Management Information Base)

• Used in SNMP

• Database of managed device objects

• Hierarchical structure

• Maps OIDs to readable names

OID (Object Identifier)

• Unique ID for SNMP variable

• Used to identify/manage device data

• Organized in hierarchical tree

Dedicated Leased Line

• Private WAN connection between sites

• Dedicated bandwidth (not shared)

• Low latency & high reliability

• Common for site-to-site connectivity

Duplex Mismatch

• Devices use different duplex settings

• One full-duplex, one half-duplex

• Causes collisions & CRC errors

• Often appears under high traffic

DSCP (Differentiated Services Code Point)

• QoS marking in IP header

• Operates at OSI Layer 3

• Used to prioritize & classify network traffic

CoS (Class of Service)

• QoS marking in Ethernet frame (layer 2)

• Classifies/Prioritizes traffic

• Ensuring QoS for VoIP/video/data

• Uses 802.1Q VLAN tag priority

VXLAN VLAN scalability solution

• Uses 24-bit VXLAN Network Identifier (VNI)

• ~16 million segments

• VLANs (12 bit) limited to 4096

Data Center Interconnect (DCI)

• Connects data centers together

• Enables

  • Workload mobility

  • Replication

• Shares resources

• Synchronizes data

• Best implemented with VXLANs

Default Route

• Used when destination not in routing table

• Sends traffic to default gateway (next-hop router)

• Typically toward internet

• IPv4: 0.0.0.0/0

• IPv6: ::/0

Missing or Misconfigured Default Route (Symptoms)

• Local subnet communication works

• Other internal networks may work

• Internet access fails

• No route for unknown destinations

Fibre Channel (FC)

• High-speed storage networking technology

• Use:

  • Storage Area Networks (SANs)

• Connects servers to storage devices

• Reliable, low-latency data transfer

Ad Hoc vs Mesh Wireless Networks

• Ad Hoc:

  • Peer-to-peer

  • Direct communication only

• Mesh:

  • Nodes

    • Interconnect with multiple nodes

    • Relay traffic for other nodes (multi-hop routing)

Ad Hoc wireless network

• Peer-to-peer wireless network

• Direct connect between devices

• No access point/central controller

• Supports multiple participating devices

Routing Convergence Time

• Time required for routers to agree on best paths after a topology change

  • Or the network state of convergence

NIDS (Network Intrusion Detection System)

• Monitors network traffic

• Detects:

  • Suspicious activity

  • Potential attacks

  • Policy violations

• Alerts but doesn’t block traffic

• Uses signatures/anomaly detection

Best Remediation Methods for Embedded ICS (Network-Based Compromise)

• Segmentation (isolates ICS from main network)

• Disable unused services (reduces attack surface)

• Bad: Patching often ineffective (ICS updates rare/unavailable)

Disabling Unused Services (ICS Security)

• Reduces exposed attack surface

• Many ICS devices run unnecessary default services

• Disabling limits compromise paths

Network Segmentation (ICS Security)

• Isolates ICS devices from main network

• Limits attacker lateral movement

• Reduces exposure to network-based attacks

• Common ICS protection strategy

Industrial Control System (ICS)

• Used in manufacturing, utilities, & infrastructure

• Often embedded devices with specialized software

• Frequently difficult to patch/update

Route Poisoning

• Distance-vector loop prevention method

• Failed route advertised with infinite metric

• Marks route as unreachable

• Propagates failure information to neighbors

Hold-Down Timer

• Prevents route updates for a period

• Activated after route failure detected

• Allows network time to converge

• Helps prevent routing loops

Unicast (IP Communication)

• One sender, one receiver

• Standard host-to-host communication

• Supported in IPv4 & IPv6

Multicast (IP Communication)

• One sender, multiple specific receivers

• Devices join multicast group

• Supported in IPv4 & IPv6

Broadcast (IP Communication)

• One sender, all devices on network segment

• Used in IPv4 networks

• Not used in IPv6

Anycast (IPv6 Communication)

• One sender, nearest receiver in group

• Multiple devices share same address

• Router delivers packet to logically closest destination

• Used in IPv6

Tx and Rx (Fiber Optics)

• Tx (Transmit): sends optical signal

• Rx (Receive): receives optical signal

• Fiber links often require two separate fibers (transmit & receive)

ST Connector (Straight Tip)

• Fiber connector

• Bayonet twist-lock

• Separate connectors for Tx & Rx

• Common in LAN fiber installations

MT-RJ Connector

• Duplex fiber connector

• Single connector/ferrule housing Tx & Rx fibers

• Common on switches & network devices

• Similar size to RJ-45

Forward DNS Zone

• Maps domain names to IP addresses

• Used for normal DNS name resolution

• Example: example.com → 192.168.1.10

Reverse DNS Zone

• Maps IP addresses to domain names

• Used for reverse lookups

• Uses PTR records

Primary DNS Zone

• Read-write DNS zone

• Stores original DNS records

• Accepts direct updates

Secondary DNS Zone

• Read-only copy of primary zone

• Obtained through zone transfer

• Provides redundancy and load distribution

Authoritative DNS Zone

• DNS server has authority to manage DNS records for specific domain

Port Security

• Limits what devices can connect to switch interface/port

• Based on MAC addresses

• Disables port/sends alert if unknown device connected

Sticky MAC/Persistent MAC

• Port security feature on switches

• Enables interface to permanently retain dynamically learned MAC addresses

• Locks authorized devices to specific ports

Port Mirroring/SPAN (Switched Port Analyzer)/Traffic mirroring

• Switch duplicates traffic from source port(s)/VLANs

  • Copies to monitoring port

• Use:

  • Packet capture

  • Traffic analysis

• Original traffic flow unaffected

Spectrum Analyzer

• Analyzes signal frequency spectrum

• Used for RF troubleshooting

• Identifies interference sources

• Not used for fiber break detection

Optical Time Domain Reflectometer (OTDR)

• Sends light pulses through fiber

• Measures reflected signal loss

• Calculates fault distance

• Tests overall fiber integrity

Visual Fault Locator (VFL)

• Uses visible laser light

• Identifies fiber breaks

• Detects sharp bends and micro-bends

• Pinpoints fault location visually

802.1X

• Network access control framework

• Uses WPA-Enterprise

• Uses EAP for authentication

• Communicates with RADIUS

• Authenticates users, not shared keys

EAP (Extensible Authentication Protocol)

• Authentication framework

• Used within 802.1X

• Supports multiple authentication methods

• Used in WPA-Enterprise environments

EAP-TTLS

• EAP method using tunneled TLS

• Creates encrypted tunnel first

• Client authenticates inside tunnel

• Often uses username/password

MSCHAPv2

• Password-based authentication protocol

• Often used inside EAP methods

• Provides mutual authentication

• Used with 802.1X environments

Central Repository (IaC)

• Shared storage for configuration files

• Enables team collaboration

• Supports version control (e.g., Git)

• Single source of truth

Configuration Management (IaC)

• Maintains systems in desired state

• Automates configuration enforcement

• Detects & remediates drift

• Manages updates across infrastructure

Continuous Integration (CI)

• Automatically integrates code changes

• Runs automated tests on commits

• Validates changes before deployment

• Uses shared repository workflow

Template-Based Configuration (IaC)

• Uses predefined configuration templates

• Standardizes infrastructure deployment

• Reduces manual configuration errors

• Promotes repeatability

Three-Tier Network Model

• Each layer has own features & functionality

• Improves scalability, reliability, & performance

• Layers:

  • Access

  • Distribution

  • Core

Access Layer of 3 tier model

• End-user connectivity

• Controls access to network resources

• Layer 2 switching

Distribution Layer of 3 tier model

• Communication point between access & core layer

• Routes

• Filters traffic

• WAN access

• Controls access between segments

Core Layer of 3 tier model

• High-speed network backbone

• Fast packet switching

• Provides interconnectivity between distribution layer devices

Rollover Cable Pinout

• Used for PC to (e.g. router) console connections

• Completely reversed pinout:

  • 1 → 8

  • 2 → 7

  • 3 → 6

  • 4 → 5

  • 5 → 4

  • 6 → 3

  • 7 → 2

  • 8 → 1

Patch Cable (Straight-Through) Pinout

• 1 → 1

• 2 → 2

• 3 → 3

• 4 → 4

• 5 → 5

• 6 → 6

• 7 → 7

• 8 → 8

T568A or T568B on both ends

Crossover Cable Pinout

• Pinout crosses transmit/receive pairs:

  • 1 → 3

  • 2 → 6

  • 3 → 1

  • 6 → 2

• 4,5,7,8 stay the same

• One end T568A, other end T568B

NS (Name Server) record

• Specifies authoritative DNS servers for a domain

• indicates which servers are responsible for resolving that domain’s DNS records

TXT record

• Stores text in DNS

• Commonly used for SPF, DKIM, & domain verification

• Enhances email security & ownership validation