CompTIA Network+

Exam N10-008

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Introduce Yourself
• Name
• Company/job role
• Type and amount of experience
• Expectations and objectives

2
About This Course
• CompTIA
• Not-for-profit trade association
• Advance interests of IT professionals and IT channel organizations

• CompTIA Network+
• Entry-level certification for professionals with 9-12 months’ work experience

• Job roles such as junior network administrator and network support technician

3
Course Description
• Deploy and troubleshoot Ethernet networks
• Support IPv4 and IPv6 networks
• Configure and troubleshooting routers
• Support network services and applications
• Ensure network security and availability
• Deploy and troubleshooting wireless networks
• Support WAN links and remote access methods
• Support organizational procedures and site security controls
• Summarize cloud and datacenter architecture
4
How to Use the Study Notes
• Lessons
• Areas of competency within target job role

• Topics
• Job tasks
• Exam objectives mapping

• Activities
• Glossary and index

5
How to Use CertMaster Learn and the Learning Center
• learn.comptia.org

• Strengths and weaknesses dashboard

• Lessons

• Study guide

• Videos

• Performance-based Questions (PBQs)

• Practice and assessments

• Flashcards

• Lesson practice questions

• Final assessment

• Online reader

6
Course Outline—Day One
• 1 | Comparing OSI Model Network Functions
• 2 | Deploying Ethernet Cabling
• 3 | Deploying Ethernet Switching
• 4 | Troubleshooting Ethernet Networks

7
Course Outline—Day Two
• 5 | Explaining IPv4 Addressing
• 6 | Supporting IPv4 and IPv6 Networks
• 7 | Configuring and Troubleshooting Routers
• 8 | Explaining Network Topologies and Types

8
Course Outline—Day Three
• 9 | Explaining Transport Layer Protocols
• 10 | Explaining Network Services
• 11 | Explaining Network Applications
• 12 | Ensuring Network Availability

9
Course Outline—Day Four
• 13 | Explaining Common Security Concepts
• 14 | Supporting and Troubleshooting Secure Networks
• 15 | Deploying and Troubleshooting Wireless Networks
• 16 | Comparing WAN Links and Remote Access Methods

10
Course Outline—Day Five
• 17 | Explaining Organizational and Physical Security Concepts
• 18 | Explaining Disaster Recovery and High Availability Concepts
• 19 | Applying Network Hardening Techniques
• 20 | Summarizing Cloud and Datacenter Architecture

11
CompTIA Network+ Exam N10-008

Lesson 1
Comparing OSI Model Network
Functions

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Compare and contrast OSI model layers
• Configure SOHO networks

2
Lesson 1

Topic 1A
Compare and Contrast OSI Model
Layers

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Open Systems Interconnection Model

4
Data Encapsulation and Decapsulation
• Network protocol functions
• Addressing
• Encapsulation
• Protocol stack
• Same layer interaction
• Adjacent layer interaction
• Protocol Data Unit (PDU)
• Headers
• Payload/data
5
Layer 1—Physical
• Physical (PHY) layer transmission media types
• Cabled
• Wireless

• PHY layer features

• Physical topology and segments
• Physical interface and transmission of signals
• Modulation and encoding

• Devices working at layer 1

• Transceiver, repeater, hub, media converter, modem
6
Layer 2—Data Link
• Exchange PDUs as frames using
hardware addresses within local
segment
• Logical versus physical topology
• Intermediate systems versus end
systems
• Devices working at layer 2
• Network interface card (NIC), bridge,
switch, wireless access point (AP)
7
Layer 3—Network
• Network of networks or
internetwork
• Forward datagrams/packets via
routers using logical network
addresses
• Can contain multiple segments
using different physical layer
specifications and layer 2 protocols
• Devices working at layer 3
• Router, basic firewall

8
Layer 4—Transport
• Identify application data using port numbers
• Load balancer, advanced firewall, intrusion detection system (IDS)

9
Upper Layers
• Layer 5—Session
• Establish rules for exchange of messages and sequencing (dialog control)

• Layer 6—Presentation
• Establish data formats (such as character sets)

• Layer 7—Application
• Present requests and responses from server or client software with structured
headers and data payload

10
OSI Model Summary

11
 Review Activity: OSI Model Layers
• Open Systems Interconnection Model
• Data Encapsulation and Decapsulation
• Layer 1—Physical
• Layer 2—Data Link
• Layer 3—Network
• Layer 4—Transport
• Upper Layers
12
 Lab Activity
• Lab types
Assisted Lab: Exploring the
• Assisted labs guide you step-by-step through tasks
Lab Environment
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

13
Lesson 1

Topic 1B
Configure SOHO Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

14
SOHO Routers
• Local area network (LAN) scope
• Small office, home office (SOHO) category LANs
• Wide area network (WAN) scope
• SOHO router
• Multifunction network appliance

• Combine modem, switch, wireless access point, router, firewall

• Establish a local area network and connect it to the Internet WAN

15
Physical Layer Functions
• RJ-45 ports for cabled network
connections
• Radio antennas for wireless
signaling
• Modem for WAN connectivity

16
Data Link Layer Functions
• Ethernet switch
• Connect the RJ-45 ports

• Wireless access point

• Implement a Wi-Fi standard

• Connect stations in a wireless LAN

(WLAN)

• Connected to switch to bridge wired and

wireless segments in single data link
network

• Media access control (MAC) hardware

addresses identify each interface
17
Network Layer Functions

18
Transport and Application Layer and Security Functions
• Filtering between public and
private zones (firewall)
• Specify allow/block rules for IP
addresses
• Specify allow/block rules for layer 4
port numbers

• Authenticate access to the wireless

network
• Protect the SOHO router
management interface

19
The Internet
• The public switched telephone network (PSTN)
• Internet service providers (ISPs)
• Internet standards and authorities
• Internet Assigned Numbers Authority (IANA)
• Manages IP address allocation and namespaces
• Internet Corporation for Assigned Names and Numbers (ICANN)
• Regional Internet Registries (RIRs) and ISPs
• Internet Engineering Taskforce (IETF) and requests for comments (RFCs)

20
Hexadecimal Notation
• Base numbering systems and place position
• 255 = (2x10x10) + (5x10) + 5

• Binary/base 2
• 11111111 =
(1x2x2x2x2x2x2x2)+(1x2x2x2x2x2x2)+(1x2x2x2x2x2)+(1x2x2x2x2)+(1x2x2x2)+(1x2x2
)+(1x2)+1 = 255

• Hexadecimal/base 16
• A=10,B=11,C=12,D=13,E=14,F=15
• FF = 255

21
 Review Activity: SOHO Networks
• SOHO Routers
• Physical Layer Functions
• Data Link Layer Functions
• Network Layer Functions
• Transport and Application Layer and Security Functions
• The Internet
• Hexadecimal notation
22
 Lab Activity
• Lab types
Assisted Lab: Configure a
• Assisted labs guide you step-by-step through tasks
SOHO Router
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

23
CompTIA Network+ Exam N10-008

Lesson 1
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

24
CompTIA Network+ Exam N10-008

Lesson 2
Deploying Ethernet Cabling

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Summarize Ethernet standards
• Summarize copper cabling types
• Summarize fiber optic cabling types
• Deploy Ethernet cabling

2
Lesson 2

Topic 2A
Summarize Ethernet Standards

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Network Data Transmission
• Electromagnetic carrier wave with a range of frequencies (bandwidth)
• Modulate properties of the wave to encode digital information
• Copper cable carries electrical signals
• Twisted pair and coaxial types
• Attenuation (signal weakens quickly over distance)
• Twisted pair Cat cable standards/specifications
• Fiber optic cable carries infrared light signals
• Single Mode (SMF) and Multimode (MMF) types
• Optical Mode (OM) category designations
4
Ethernet Standards
• Institute of Electrical and Electronics Engineers (IEEE) 802.3 Ethernet
standards
• xBASE-y
• Bit rate
• Baseband signal mode
• Media type
• 10BASE-T
• 10 Mbps
• -Twisted pair copper cabling

5
Media Access Control and Collision Domains
• Multiple access area networks
• Contention-based media access control
• Collisions require nodes to re-transmit
• More nodes within collision domain
reduces performance

• Carrier Sense Multiple Access with

Collision Detection (CSMA/CD)
• Detect collision by signal presence on Tx
and Rx simultaneously
• Half-duplex transmission

• 10BASE-T hubs form a single collision

domain
6
100BASE-TX Fast Ethernet Standard
• CSMA/CD over twisted pair but at 100 Mbps
• Cat 5 or better cable
• Maximum link length of 100 meters (328 feet)

• Development of Ethernet switches to replace hubs

• Isolates collision domain to switch port

• Allows full-duplex transmission

• Speed/duplex autonegotiation protocol (fast link pulse)

7
Gigabit Ethernet Standards
• 1000BASE-T (Gigabit Ethernet)
• Requires switches
• Supports 100 m (328 feet) links over twisted-pair
• Mainstream choice for office networks

• 10 Gbps (10G Ethernet) and 40 Gbps (40G Ethernet)

• Requires shielded/screened cable for longer runs
• Used in datacenters and for workstations with high bandwidth requirements

8
 Review Activity: Ethernet Standards
• Network Data Transmission
• Ethernet Standards
• Media Access Control and Collision Domains
• 100BASE-TX Fast Ethernet Standard
• Gigabit Ethernet Standards

9
Lesson 2

Topic 2B
Summarize Copper Cabling Types

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

10
Unshielded Twisted Pair Cable
• Balanced pairs and twist rate to
mitigate external interference
and crosstalk
• Solid versus stranded cable
• American Wire Gauge (AWG)
• Higher values represent thinner
wire

• Unshielded twisted pair (UTP)

11
Shielded and Screened Twisted Pair Cable
• Screened cable
• Outer foil shield around all pairs
• Screened twisted pair (ScTP), foiled/unshielded twisted pair (F/UTP), foiled twisted
pair (FTP)

• Shielded and screened cable

• Outer braid around all pairs
• Foil around each pair
• Shielded/foiled twisted pair (S/FTP)

• Termination issues (bonding shield to connectors)

12
Cat Cable Standards
• Cat 5
• Legacy installations only
• Cat 5e
• Better performance characteristics to support 1 Gbps over 100 m
• Cat 6
• 10 Gbps over reduced range (55 m)
• Cat 6A
• 10 Gbps over 100 m
• “Cat 7”
• Screened/shielded type using special connectors
• Cat 8
• 40 Gbps over reduced lengths (top-of-rack datacenter applications)
13
Twisted Pair Connector Types
• RJ-45 connectors • RJ-11 connectors
• 4-pair cable • 2-pair cable (6P2C)

• 8-position/8-contact (8P8C) • Used in telephone systems

• Used for Ethernet

14
Copper Termination Standards

15
Plenum- and Riser-rated Cable
• Plenum space for heating, ventilation, and air conditioning (HVAC) systems
• Fire stops and regulations
• Plenum-rated cable
• Emits minimal smoke

• Self-extinguishing

• CMP/MMP

• Riser space (between two floors)

• CMR/MPR
16
Coaxial and Twinaxial Cable and Connectors
• Coaxial • Twinaxial
• Core and mesh conductors • Two core conductors plus mesh
conductor
• Radio Grade designations
• Used in datacenters
• Used with cable broadband
• Direct Attach Copper (DAC)
• F-type connectors transceivers

17
 Review Activity: Copper Cabling Types
• Unshielded Twisted Pair Cable
• Shielded and Screened Twisted Pair Cable
• Cat Cable Standards
• Twisted Pair Connector Types
• Copper Termination Standards
• Plenum- and Riser-rated Cable
• Coaxial and Twinaxial Cable and Connectors

18
Lesson 2

Topic 2C
Summarize Fiber Optic Cabling
Types

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

19
Fiber Optic Cable Considerations
• Infrared signaling less prone to interference and attenuation
• Fiber optic cable construction
• Core, cladding, and waveguide
• Buffer and sheath

• Multi-strand cable
• Outer jacket materials

20
Single Mode Fiber and Multimode Fiber
• Single Mode Fiber (SMF) • Multimode Fiber (MMF)

• 8-10 micron core • 50 / 62.5 micron core

• 850 / 1300 nm wavelength
• 1310 / 1550 nm wavelength
• Optical Multimode (OM) categories
• Laser optics
• OM1/OM2 support 1 Gbps using
• OS1 (indoor) and OS2 (outdoor) LED transmitters or 10 Gbps over
shorter range
• Long distance and short range
(datacenter) applications • OM3/OM4 laser optimized MMF
(LOMMF)
• Mostly short range applications
21
Fiber Optic Connector Types
• Straight Tip (ST)
• Legacy installations

• Subscriber Connector (SC)

• Push/pull design

• Very widely used

• Local Connector (LC)

• Smaller form factor than SC

• Also very widely used

• Mechanical Transfer Registered Jack (MTRJ)

• Small form factor snap-in design

22
Fiber Ethernet Standards
• 100BASE-FX and 100BASE-SX
• 100 Mbps over 2 km (FX) and 550 m (SX)

• 1000BASE-SX and 1000BASE-LX

• 1 Gbps over short ranges (SX) and long ranges (LX)

• 10GBASE-SR and 10GBASE-LR

• 10 Gbps over short range (SR) and long range (LR)

• Datacenter versus WAN applications

23
Fiber Optic Cable Installation
• Duplex strand pairs
• Patch cord polarity
• Finishing types
• Physical Contact (PC)
• Ultra Physical Contact (UPC)
• Angled Physical Contact (APC)

• Jacket and connector color-

coding

24
 Review Activity: Fiber Optic Cabling Types
• Fiber Optic Cable Considerations
• Single Mode Fiber and Multimode Fiber
• Fiber Optic Connector Types
• Fiber Ethernet Standards
• Fiber Optic Cable Installation

25
Lesson 2

Topic 2D
Deploy Ethernet Cabling

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

26
Structured Cabling System

27
Cable Management
• Ensure reliability and ease of
management/changes
• Cross-connect/distribution frames
• Terminate structured cabling (permanent
links)

• Punchdown block
• Insulation-displacement connection (IDC)
• 66 block
• 110 block
• BIX and Krone formats

• Patch panel/patch bay

28
Wiring Tools and Techniques
• Pulling cable from telecommunications room to work area
(distribution frame to wall port)
• Permanent link versus patch cords
• Drops to wall port
• Service loop
• Snips and cable strippers to remove jacket and insulation without damaging
wires

29
Termination Tools
• Punchdown tool
• Fix structured cable to insulation
displacement connector

• Use correct blade type (110, BIX, Krone)

• Block tools to terminate multiple wires

on distribution frames

• Cable crimper
• Fix jack connectors to patch cables

• Unshielded versus shielded

termination

30
Fiber Distribution Panels and Fusion Splicing
• Fiber distribution panel supports
moves, adds, changes between
optical links
• Splicing strands minimizes loss
from connectors
• Mechanical splice
• Fusion splicing machine
• Pigtails
• Supporting tray to protect splice

31
Transceivers
• Modular format for installing port
types to network switches and
routers
• 1 Gbps Gigabit Interface Converter
(GBIC) and Small Form Factor
Pluggable (SFP)
• 10 Gbps Enhanced SFP (SFP+)
• 4 x 1 Gbps Quad small form-factor
pluggable (QSFP)
• 4 x 10 Gbps Enhanced quad small
form-factor pluggable (QSFP+)

32
Wavelength Division Multiplexing
• Bidirectional (BiDi) Wavelength Division Multiplexing
• Transmit and receive over same strand using separate wavelengths

• Coarse Wavelength Division Multiplexing (CWDM)

• Typically use of 16 wavelengths to implement 8 full duplex channels

• Dense Wavelength Division Multiplexing (DWDM)

• 20, 40, 80, or 160 channels
• Multiplexer/demultiplexers and optical add/drop multiplexers (OADM)

33
 Review Activity: Ethernet Cabling
• Structured Cabling System
• Cable Management
• Wiring Tools and Techniques
• Termination Tools
• Fiber Distribution Panels and Fusion Splicing
• Transceivers
• Wavelength Division Multiplexing
34
CompTIA Network+ Exam N10-008

Lesson 2
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

35
CompTIA Network+ Exam N10-008

Lesson 3
Deploying Ethernet Switching

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Deploy networking devices
• Explain network interfaces
• Deploy common Ethernet switching features

2
Lesson 3

Topic 3A
Deploy Networking Devices

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Repeaters and Media Converters
• Repeater
• Overcome distance limitations
• Works at physical layer (layer 1)
• Copper and fiber optic types
• Media converter
• Transition between media types
• Works at physical layer (layer 1)
• Fiber to copper
• Single mode to multimode

4
Hubs
• Legacy intermediate system for
Ethernet
• Multiport repeater working at
physical layer
• All ports in the same collision
domain
• Medium dependent interface (MDI)
• End system to intermediate system
• Transmit (Tx) --> Receive (Rx)
• Hub ports are MDI-X (crossover)

5
Bridges (Slide 1 of 2)
• Works at data link layer (layer 2)
• Ports are in separate collision
domains
• Ports are in same broadcast
domain
• Bridge must track MAC
addresses associated with each
port

6
Bridges (Slide 2 of 2)

7
Layer 2 Switches (Slide 1 of 2)
• Replace hubs and bridges and eliminate performance drag from
contention
• Each port is a separate collision domain
• Microsegmentation
• Allows full-duplex (depending on host NIC)

• All ports are in the same broadcast domain

• Unless virtual LANs (VLANs) have been configured…

8
Layer 2 Switches (Slide 2 of 2)

9
 Review Activity: Networking Devices
• Repeaters and Media Converters
• Hubs
• Bridges
• Layer 2 Switches

10
Lesson 3

Topic 3B
Explain Network Interfaces

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

11
Network Interface Cards
• Network interface card/controller (NIC) or network
adapter
• Transceiver component works at physical layer
• Copper or fiber optic
• Ethernet standard (10/100/1000 or 10G/40G)
• Multi-port

• Card logic and driver work at data link layer

• Ethernet framing
• Local/hardware/physical address
• Media access control (MAC) address/Ethernet
Address (EA)/extended unique identifier (EUI)
12
Ethernet Frame Format

13
Media Access Control Address Format
• 48 bit/6 byte ID expressed in hex
notation
• 00:60:8c:12:3a:bc
• 00608c123abc
• 0060.8c12.3abc
• Burned-in address
• Locally administered addresses
• Broadcast address
• ff:ff:ff:ff:ff:ff

14
Frame Length and Maximum Transmission Unit
• Maximum transmission unit (MTU)
• Normally up to 1500 byte payload

• EtherType
• Indicate network layer protocol rather than size
• 0x0800 or 2048 in decimal for IPv4
• 0x86DD for IPv6

• Minimum length
• 64 bytes to ensure CSMA/CD detects collisions

• Frame length (including headers)

• 1518 bytes or jumbo frames
15
Packet Sniffers and Taps
• Protocol analyzer decodes (parses) frame and protocol headers and
data
• Packet sniffer reads frames from the network
• Host-based capture
• Switched Port Analyzer (SPAN) / mirror port
• Test Access Point (TAP)
• Passive versus active

16
tcpdump
• -i to specify interface
tcpdump -i eth0
• -w / -r to write or read a file
• -vvv to increase verbosity
• Capture filters tcpdump -i eth0
"src host 10.1.0.100 and
• Type (host, net, port) (dst port 53 or dst port 80)"
• Direction (src, dst)
• Protocol (arp, icmp, ip, ip6, tcp, udp)
• Boolean operators
• And (&&), Or (||), Not (!)
• Parentheses to group expressions
17
Wireshark

18
 Review Activity: Network Interfaces
• Network Interface Cards
• Ethernet Frame Format
• Media Access Control Address Format
• Frame Length and Maximum Transmission Unit
• Packet Sniffers and Taps
• tcpdump
• Wireshark
19
 Lab Activity
• Lab types
Assisted Lab: Capture
• Assisted labs guide you step-by-step through tasks
Network Traffic
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

20
Lesson 3

Topic 3C
Deploy Common Ethernet
Switching Features

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

21
Ethernet Switch Types
• Number of ports
• Unmanaged versus managed
• Stackable
• Modular versus fixed
• Desktop versus rack-mounted

22
Switch Interface Configuration
• Command mode
show config
• User EXEC
• Privileged EXEC
• Configuration modes

• Boot configuration versus running configuration

• Interface status
show interface
• Interface IDs
• Line status and protocol status
• Configuration data and traffic statistics

• Autonegotiate speed/duplex versus static config

23
Auto MDI/MDI-X
• End system
• Media dependent interface (MDI)
• Transmit on pins 1 and 2 and receive on pins 3 and 6
• Straight through cable to connect to MDI-X port on hub/bridge/switch

• Intermediate system to intermediate system

• Uplink ports and crossover cables
• Auto MDI/MDI-X senses appropriate configuration regardless of cable

24
MAC Address Table and Port Security
• Database of MAC addresses associated
with each port show mac address-table

• Switch floods frames when destination

MAC is unknown
• Port security
• Specify static list of allowed MACs
• Accept given number of sticky MACs
• Specify enforcement action for policy
violation

25
Port Aggregation
• Combine multiple links into a single logical channel
• NIC teaming
• Bonding

• Aggregates link bandwidth

• Provides redundancy
• Link Aggregation Control Protocol (LACP)

26
Port Mirroring
• Configure switch to copy unicast
frames for legitimate packet
sniffing/network analysis
• Switched port analyzer (SPAN)
• Attach sniffer/monitor to
destination port

27
Jumbo Frames and Flow Control
• Jumbo frames
• Specify higher MTU (often ~ 9000 bytes)
• Often used in storage area networks

• Flow control
• Allow server to pause traffic

• Configure switch port to enable or disable use of PAUSE frames

28
Power Over Ethernet
• Supply power over data cabling
• 802.3af
• ~13 W (350mA@48V)

• 802.3at (PoE+)
• ~25 W (600 mA)

• 802.3bt (Ultra PoE)

• ~51 W (Type 3) or 73 W (Type 4)

• Endspan / power sourcing equipment (PSE)

• Midspan / power injector

29
 Review Activity: Common Ethernet Switching Features
• Ethernet Switch Types
• Switch Interface Configuration
• Auto MDI/MDI-X
• MAC Address Table and Port Security
• Port Aggregation
• Port Mirroring
• Jumbo Frames and Flow Control
• Power Over Ethernet

30
 Lab Activity
• Lab types
Assisted Lab: Configure
• Assisted labs guide you step-by-step through tasks
Interface Settings
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

31
CompTIA Network+ Exam N10-008

Lesson 3
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

32
CompTIA Network+ Exam N10-008

Lesson 4
Troubleshooting Ethernet
Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain network troubleshooting methodology
• Troubleshoot common cable connectivity issues

2
Lesson 4

Topic 4A
Explain Network Troubleshooting
Methodology

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Network Troubleshooting Methodology
• Identify the problem
• Establish a theory of probable cause
• Test the theory to determine cause
• Establish a plan of action to resolve the problem and identify potential
effects
• Implement the solution or escalate as necessary
• Verify full system functionality, and if applicable, implement preventive
measures
• Document findings, actions, and outcomes

4
Identify the Problem (Gather Information)
• Gather information
• Identify scope and prioritization
• Analyze logs/change documentation
• Verify with other technicians

• Identify symptoms and duplicate the

problem

5
Identify the Problem (Question Users)
• Question users
• Open questions invite explanations and user opinions/observations
• Closed questions invite Yes/No/Fixed answers

• Determine if anything has changed

• Approach multiple problems individually

6
Establish a Theory of Probable Cause
• Establish theory from known
symptoms
• Question the obvious
• Prove functionality systematically
• OSI model approach
• Layer-by-layer
• Top-to-bottom
• Bottom-to-top
• Divide and conquer

7
Test the Theory to Determine the Cause
• Isolate the problem to a single component or system
• Run tests to prove the theory
• Escalate if necessary
• Problem too difficult
• Warranty/supplier issue

• Scope too large

• Customer issues

8
Establish a Plan of Action
• Typical generic solutions
• Repair
• Replace
• Ignore

• Plan changes carefully

• Try to anticipate effects

9
Implement the Solution
• Change management and authorization
• Is escalation required?

• Notification and scheduling

• Change control

10
Verify Full System Functionality …
• Consider impact on overall system functionality
• Test that the problem is fixed AND that the system functions normally
• Identify preventive measures that will prevent the problem from
reoccurring

11
Document Findings, Actions, and Outcomes
• Ticket system
• Categorize problems and
identify trends
• Add known issues to a
knowledge base
• Complete notes fields
professionally

12
 Review Activity: Network Troubleshooting Methodology
• Network Troubleshooting Methodology
• Identify the Problem (Gather Information)
• Identify the Problem (Question Users)
• Establish a Theory of Probable Cause
• Test the Theory to Determine the Cause
• Establish a Plan of Action
• Implement the Solution
• Verify Full System Functionality …
• Document Findings, Actions, and Outcomes

13
Lesson 4

Topic 4B
Troubleshoot Common Cable
Connectivity Issues

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

14
Specification and Limitations
• Speed versus throughput
• Baud rate (Hertz) measures symbol rate
• Data link layer bit rate/speed – can be more than one bit per symbol
• Network or transport layer throughput
• Application layer goodput

• Distance limitations, attenuation, and noise

• Decibel (dB) units
• Signal to noise ratio (SNR)

15
Cable Issues
• Channel link
• End system transceiver > patch cord
• Permanent link wall port > patch
panel
• Patch cord > intermediate system
port
• Test each component
• Known good patch cords
• Port tester
• Structured cabling test tools
16
Loopback Plugs, Status Indicators, and Interface Config
• Loopback adapter/plug
• Test port by transmitting to itself

• Status indicators
• LEDs on NIC and switch port

• Interface configuration
• Check for static configuration on
switch port

17
Cable Testers
• Verify cable category is appropriate
for application (bandwidth and
cable length)
• Consider whether
screened/shielded cable is required
• Use a cable tester to report
detailed characteristics of the link
• Use a time domain reflectometer
(TDR) to measure length and locate
installation problems or faults

18
Wire Map Testers and Tone Generators
• Multimeter
• Test continuity
• Wire map tester
• Check pinouts are correctly wired
• Opens and shorts
• Reversed, crossed, and split pairs
• Tone generator
• Trace cable path
• Identify cable within a bundle
19
Attenuation and Interference Issues
• Attenuation
• Reduces link speed and causes errors and retransmissions
• Measure using cable certifier and compare to tolerance for cable category

• dB insertion loss (signal is too weak at the destination)

• Ratio of input to output using logarithms
• dBm is the ratio to 1 mw
• Absolute value (smaller better) versus margin (larger better)

• Interference
• Cable placement and electromagnetic interference (EMI) sources
• Alien crosstalk
20
Crosstalk Issues
• Interference within cable due to faulty wiring or termination
• Near End (NEXT)
• Check termination
• Attenuation to Crosstalk Ratio (ACRN)
• Check link distance, cable quality/faults, and external interference
• Attenuation-to-Crosstalk Ratio, Far End (ACRF)
• Check cable quality/faults
• Power sum
• Check cable suitability for Gigabit Ethernet and higher
21
Cable Application Issues
• Straight through cable
• Terminated with either T568A at both ends or T568B at both ends
• Used for an uplink (MDI port to MDI-X port)
• Crossover cable
• Terminated with T568A at one end and T568B at the other
• Used to connect an end system (host) to another host or a hub to a hub
• Auto MDI/MDI-X supported by most modern equipment
• Rollover/console cable
• Used to connect to serial interface of switches and routers
• Power over Ethernet
• Cable must be sufficient quality
22
Fiber Optic Cable Testing Tools
• Test cable length using optical power meter
• Identify fault locations using optical time domain reflectometer
(OTDR)
• Dirty optical cables
• Ensure clean environment when splicing/terminating

• Incorrect transceivers
• Match transceiver wavelength and type at both ends

23
 Review Activity: Common Cable Connectivity Issues
• Specification and Limitations
• Cable Issues
• Loopback Plugs, Status Indicators, and Interface Config
• Cable Testers
• Wire Map Testers and Tone Generators
• Attenuation and Interference Issues
• Crosstalk Issues
• Cable Application Issues
• Fiber Optic Cable Testing Tools

24
CompTIA Network+ Exam N10-008

Lesson 4
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

25
CompTIA Network+ Exam N10-008

Lesson 5
Explaining IPv4 Addressing

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain IPv4 addressing schemes
• Explain IPv4 forwarding
• Configure IP networks and subnets

2
Lesson 5

Topic 5A
Explain IPv4 Addressing Schemes

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
IPv4 Datagram Header
• Version
• Length
• Protocol
• Protocol type in datagram payload

• Transmission Control Protocol (TCP)

• User Datagram Protocol (UDP)

• Internet Control Message Protocol

(ICMP)

• …
4
IPv4 Address Format (Slide 1 of 2)
• IP address encodes a network ID and
a host ID
• 32-bit IPv4
11000110001010010001000000001001
• Divide into octets (8 bits)
11000110 00101001 00010000 00001001
• Convert each octet to dotted decimal
notation
198.51.100.1
5
IPv4 Address Format (Slide 2 of 2)
• Binary/decimal conversion
• Range of values from 0.0.0.0 to
255.255.255.255

6
Network Masks
• Accompanies IP address
to reveal network ID part
• Binary 1 in the mask
indicates corresponding
bit is part of network ID
• Dotted decimal mask or
network prefix (slash
notation)
• “Default” masks align to
octet boundaries
7
Subnet Masks
• Divide an IP network into
multiple IP subnets
• Designate some host bits as
subnet ID bits
• Subnet masks only used within
the IP network

8
Host Address Ranges
• Number of host bits determines
available addresses
• First address is reserved for the
network

• Last address is reserved for

broadcast

• Subnet design fits requirements

for number of subnets and hosts
per subnet

9
 Review Activity: IPv4 Addressing Schemes
• IPv4 Datagram Header
• IPv4 Address Format
• Network Masks
• Subnet Masks
• Host Address Ranges

10
 Lab Activity
• Lab types
Assisted Lab: Configure IPv4
• Assisted labs guide you step-by-step through tasks
Static Addressing
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

11
Lesson 5

Topic 5B
Explain IPv4 Forwarding

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

12
Layer 2 versus Layer 3 Addressing and Forwarding

13
IPv4 Default Gateways
• Compare destination and source addresses
against mask
• Local delivery over Ethernet uses Address
Resolution Protocol (ARP)
• Remote delivery sent to the default gateway
for forwarding
• Configured as entry in host’s local routing table
• Host uses ARP to locate gateway host on local
network
• Default gateway is a router
• Routers hold paths to multiple networks
• Paths configured statically or learned using a
dynamic routing protocol
14
Address Resolution Protocol

15
Unicast and Broadcast Addressing
• Unicast packet directed to a single
destination IP address
• Broadcast packet directed to all
interfaces in the local IP network
• Layer 3 broadcast domain
• IP network broadcast address
• Delivered at layer 2 by broadcast
MAC
• Map layer 3 broadcast domains to
layer 2 broadcast domains
• Routers do not typically forward
broadcasts
16
Multicast and Anycast Addressing
• Multicast
• Hosts join a multicast group
• Internet Group Management Protocol (IGMP)
• IPv4 multicast delivery uses special address ranges
• Delivery at layer 2
• Anycast
• Group of hosts configured with same IP address
• Router forwards to one node only based on
prioritization algorithm
• Used for load balancing and service failover
17
 Review Activity: IPv4 Forwarding
• Layer 2 versus Layer 3 Addressing and Forwarding
• IPv4 Default Gateways
• Address Resolution Protocol
• Unicast and Broadcast Addressing
• Multicast and Anycast Addressing

18
 Lab Activity
• Lab types
Assisted Lab: Analyze ARP
• Assisted labs guide you step-by-step through tasks
Traffic
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

19
Lesson 5

Topic 5C
Configure IP Networks and
Subnets

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

20
Virtual LANs and Subnets
• Limit number of hosts within broadcast
domain to improve performance
• Segments identified at layer 3 as subnets

• Configure virtual LANs (VLANs) on

switches to map layer 3 broadcast to
layer 2

• Other uses for segmentation

• Represent WAN links

• Enforce security zones and boundaries

• Isolate physical and data link layer

segments that use different technologies
21
Classful Addressing

22
Public versus Private Addressing
• Public addresses routable over the Internet
• Governed by IANA and assigned by regional registries and ISPs

• Private address ranges not routable over the Internet

• 10.0.0.0 to 10.255.255.255
• 172.16.0.0 to 172.31.255.255
• 192.168.0.0 to 192.168.255.255

• Hosts on the private network must use some mechanism to access the Internet
• Network address translation (NAT) or proxy servers

• Automatic Private IP Addressing (APIPA)

• 169.254.0.0 through 169.254.255.255
23
Other Reserved Address Ranges
• Class D multicast range
• 224.0.0.0 through 239.255.255.255

• Class E experimental range

• 240.0.0.0 through 255.255.255.255

• Loopback range
• 127.0.0.0 to 127.255.255.255

• Other
• 0.0.0.0/8 (address unknown)
• 100.64.0.0/10, 192.0.0.0/24, 192.88.99.0/24, 198.18.0.0/15 (special usage)
• 192.0.2.0/24, 198.51.100.0/24, 203.0.113.0/24 (documentation and examples)
24
IPv4 Address Scheme Design (Slide 1 of 2)
• Consider
• Whether you need a public or private addressing scheme
• How many networks and subnetworks you need
• How many hosts per subnet
• Addressing rules
• Network ID must be from valid range
• Network and/or host IDs cannot be all 1s or 0s
• Host ID must be unique in the subnet
• Network ID must be unique
• On the Internet (in a public addressing scheme)
• On your internal system of networks (in a private addressing scheme)
25
IPv4 Address Scheme Design (Slide 2 of 2)
• Calculate how many subnets are needed
• Round up to nearest power of 2
• Exponent (the value of n in 2n) is how many bits to add to the default network prefix

• Check subnets allow sufficient hosts (2n-2 where n is host bits)

• Calculate the subnets
• For the first subnet ID, deduct the least significant octet in the mask from 256
• For the next subnet ID, find the lowest subnet value higher than the previous one

• Calculate the host ranges for each subnet

• For the first host, add a binary 1 to the subnet address
• For the last host, deduct two binary digits from the next subnet’s ID
26
 Review Activity: Design an IP Subnet
• Virtual LANs and Subnets
• Classful Addressing
• Public versus Private Addressing
• Other Reserved Address Ranges
• IPv4 Address Scheme Design

27
 Review Activity: Design an IP Subnet
• At the 515support branch office, you have been asked to implement
an IP network. Your network ID is currently 198.51.100.0/24. You
need to divide this in half (two subnets) to accommodate hosts on
two separate floors of the building, each of which is served by
managed switches. The whole network is served by a single router.

28
CompTIA Network+ Exam N10-008

Lesson 5
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

29
CompTIA Network+ Exam N10-008

Lesson 6
Supporting IPv4 and IPv6
Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Use appropriate tools to test IP configuration
• Troubleshoot IP networks
• Explain IPv6 addressing schemes

2
Lesson 6

Topic 6A
Use Appropriate Tools to Test IP
Configuration

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
IP Interface Configuration
• Configuration parameters
• IP address and subnet mask
• Default gateway
• Domain Name System (DNS) servers

• Manual configuration/static addressing versus autoconfiguration by Dynamic Host

Configuration Protocol (DHCP)
• Windows networking
• Adapter naming (Local Area Connection versus Ethernet)
• netsh commands
• PowerShell cmdlets

4
ipconfig
• Report network configuration on
Windows
• /all

• /renew
• /release
• /displaydns, /flushdns,
/registerdns

5
ifconfig and ip
• Linux networking
• eth0, eth1 or en0, en1
• /etc/network/interfaces
• ifup and ifdown
• NetworkManager and
systemd.networking
• Netplan
• ifconfig (net-tools)
• ip (iproute2)
6
ARP Cache Utility
• Cache IP:MAC mapping to
reduce ARP broadcasts
• arp utility manages cache
• ip neigh

7
Internet Control Message Protocol and ping
• Report errors and transmit status
messaging
• Request and reply packets
• Round Trip Time (RTT)
• Time to Live (TTL)

• Destination host unreachable

• No reply (Request timed out)
• Other switches
8
 Review Activity: Test IP Configuration
• IP Interface Configuration
• ipconfig
• ifconfig and ip
• ARP Cache Utility
• Internet Control Message Protocol and ping

9
 Lab Activity
• Lab types
Assisted Lab: Use Tools to
• Assisted labs guide you step-by-step through tasks
Test IP Configuration
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

10
Lesson 6

Topic 6B
Troubleshoot IP Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

11
Hardware Failure and Network Interface Issues
• Isolate issues to OSI model layer
• Establish scope to identify hardware issues with appliances (switches and routers)
• Power issues
• Surge/spike, brownout, and power failure/blackout

• Hardware failure issues

• Check for cable faults

• Verify adapter driver

• Check module/adapter card seating and try rebooting

• Interface status issues

12
IP Configuration Issues
• Verify host configuration with ipconfig/ifconfig/ip
• Incorrect IP address
• Check configuration is consistent with neighbors

• Incorrect subnet mask

• Host routes traffic that should be delivered locally

13
Duplicate IP and MAC Address Issues
• Duplicate IP addresses
• Identify MAC addresses used via ARP cache or packet trace

• Duplicate MAC address

• ARP spoofing attack?
• Identify host MAC addresses by using ARP cache or the switch’s MAC address
table

14
Problem Isolation
• ping
• Loopback
• Discover neighbors (check ARP
cache)
• Remote host

• Incorrect gateway
• Check IP of default gateway
• Check link to default gateway

15
Incorrect DNS Issues
• Check client’s DNS server address configuration
• Check server availability

16
Multicast Flooding Issues
• Multicast groups and Internet Group Management Protocol (IGMP)
• Non-multicast-aware switches flood packets
• IGMP snooping

17
 Review Activity: Troubleshoot IP Networks
• Hardware Failure and Network Interface Issues
• IP Configuration Issues
• Duplicate IP and MAC Address Issues
• Problem Isolation
• Incorrect DNS Issues
• Multicast Flooding Issues

18
Lesson 6

Topic 6C
Explain IPv6 Addressing Schemes

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

19
IPv4 versus IPv6
• IPv4 address shortage • IPv6 headers
• 32-bit address space • Main header and
extension headers
• Inefficiently allocated
• Key fields
• Complex routing tables
• Traffic class
• IPv6/IPng
• Flow label
• 128-bit address space
• Payload length
• Cope with mobile/Internet of Things (IoT) growth
• Next header
• Hierarchical address allocation (simpler routing)
• Hop limit
• Very slow transition!
20
IPv6 Address Format
• 128-bit binary address = lots of typing!
0010 0000 0000 0001 : 0000 1101 1011 1000 : 0000 0000 0000 0000 :
0000 0000 0000 0000 : 0000 1010 1011 1100 : 0000 0000 0000 0000 :
1101 1110 1111 0000 : 0001 0010 0011 0100

• Hex notation
• Each hex digit represents 4 binary digits
• Arrange hex digits in 8 x 16-bit (double byte) blocks separated by colons
2001:0db8:0000:0000:0abc:0000:def0:1234

• Canonical notation
• Omit leading 0s and compress one sequence of all-0 double bytes
2001:db8::abc:0:def0:1234
21
IPv6 Network Prefixes
• Host ID is always last 64 bits
• Network prefix (e.g., /48 or /64)
determines whether hosts are
on same network
• Addressing schemes are
different than IPv4
• Multicast must be supported
• No broadcasts

22
IPv6 Unicast Addressing
• Globally scoped
• 001 binary prefix (2 or 3 in hex)
• Next 45 bits allocated to registries
and ISPs
• Following 16 bits for subnetting
• 64 bits for interface ID

• Interface ID/EUI-64
• MAC-derived/EUI-64
• Pseudo-random token
23
IPv6 Link Local Addressing
• fe80/10
• Not routable
• Communicate with same subnet
(neighbors)
• All interfaces have link-local
addresses
• Zone indices

24
IPv6 Interface Autoconfiguration
• Neighbor Discovery (ND) protocol and router advertisement (RA)
• Replace ARP to perform address autoconfiguration, prefix discovery, local address resolution,
and redirection

• Stateless address autoconfiguration (SLAAC)

• Generate a unique link-local address
• Listen for RAs

• Multicast Listener Discovery (NLD) Protocol

• Allow nodes to join a multicast group
• Discover whether group members are present on the local subnet

• ICMPv6
25
IPv6 Multicast Addressing
• IPv6 routers must support multicast
• 8-bit multicast scope (11111111 or ff in hex)
• 4-bit flag
• 4-bit scope (link-local/global)
• 112-bit group ID

• Link-local multicast replaces broadcast

26
IPv4 and IPv6 Transition Mechanisms
• Dual stack
• IPv6 or IPv4 default

• Tunneling
• Encapsulate IPv6 packets in IPv4
packets
• 6to4/6RD (IPv6 Rapid Deployment)
• Teredo (Windows) and Miredo
(Linux)
• Generic Routing Encapsulation (GRE)

27
Common IPv6 Address Prefixes

28
 Review Activity: IPv6 Addressing Schemes
• IPv4 versus IPv6
• IPv6 Address Format
• IPv6 Network Prefixes
• IPv6 Unicast Addressing
• IPv6 Link Local Addressing
• IPv6 Interface Autoconfiguration
• IPv6 Multicast Addressing
• IPv4 and IPv6 Transition Mechanisms
• Common IPv6 Address Prefixes

29
 Lab Activity
• Lab types
Assisted Lab: Configure IPv6
• Assisted labs guide you step-by-step through tasks
Static Addressing
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

30
CompTIA Network+ Exam N10-008

Lesson 6
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

31
CompTIA Network+ Exam N10-008

Lesson 7
Configuring and Troubleshooting
Routers

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Compare and contrast routing concepts
• Compare and contrast dynamic routing concepts
• Install and troubleshoot routers

2
Lesson 7

Topic 7A
Compare and Contrast Routing
Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Routing Tables and Path Selection
• Protocol
• Source of the route

• Destination
• Network/host address and prefix

• Interface
• Outgoing interface

• Gateway/next hop
• Address of next router along the path
4
Static and Default Routes
• Categories of routing table • Directly connected routes
entries
• IP network/subnet for each active
• Directly connected interface

• Paths to remote networks • Static routes

• Host routes • Added manually by administrator
• Default route • Default route
• Static route used if no other match
• 0.0.0.0/0 or ::/0
5
Routing Table Example

6
Packet Forwarding
• Encapsulation for interface data
link protocol
• Hop count
• Time to Live (TTL)

7
Fragmentation
• IP is unreliable, connectionless delivery mechanism
• Packets might be lost, delivered out of sequence, duplicated, or
delayed
• ID, flags, and fragment offset fields record sequence and
fragmentation
• Fragmentation to fit layer 2 frame maximum transmission unit (MTU)
• MTU path discovery

8
 Review Activity: Routing Concepts
• Routing Tables and Path Selection
• Static and Default Routes
• Routing Table Example
• Packet Forwarding
• Fragmentation

9
 Lab Activity
• Lab types
Assisted Lab: Configure
• Assisted labs guide you step-by-step through tasks
Static Routing
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

10
Lesson 7

Topic 7B
Compare and Contrast Dynamic
Routing Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

11
Dynamic Routing Protocols
• Build routing information base
• Share information with other routers (learned routes)
• Topology and metrics
• Distance vector versus link state
• Metrics assess similar routes for use of least-cost path in IP routing table
• Algorithm determines nature of metrics

• Convergence
• All routers agree on network topology
12
Interior versus Exterior Gateway Protocols
• Interior Gateway Protocol (IGP)
• Routing within an autonomous
system (AS)

• Exterior Gateway Protocol (EGP)

• Routing between autonomous
systems

• Classless versus classful

protocols
• IPv6 support
13
Routing Information Protocol (Slide 1 of 2)
• Distance vector
• Next hop (vector)
• Hop count (distance)

• Slow convergence
and inefficient
updates
• Maximum hop count
of 15

14
Routing Information Protocol (Slide 2 of 2)

15
RIP Versions
• RIPv1
• Classful and uses broadcasts over UDP/520

• RIPv2
• Classless and uses more efficient multicasts

• RIPng
• IPv6 support over UDP/521

16
Enhanced Interior Gateway Routing Protocol
• Update to Interior Gateway Protocol to support classless addressing
• Advanced distance vector/hybrid with administrator weighted metric
• Bandwidth
• Delay

• Best convergence performance

• Runs over IP directly (protocol number 88) using multicasts

17
Open Shortest Path First
• Link state interior gateway
protocol suited to complex
private networks
• Group related networks by area
hierarchy
• Supports classless addressing
• Runs over IP directly (protocol
number 89) using multicasts

18
Border Gateway Protocol
• Classed as hybrid or path vector
• Usually deployed as an Exterior Gateway Protocol
• Supports routing on the Internet
• Autonomous Systems (ASes) hide internal network complexity from Internet routers
• Autonomous System Number (ASN)
• BGP routers exchange AS path data between Autonomous Systems

• Supports classless addressing

• Runs over TCP on port 179

19
Administrative Distance
• Longer prefixes preferred for path
selection
• Protocols add one route per
destination prefix to global IP
routing table
• Routing protocol uses metric to
determine least-cost path
• Router uses administrative distance
to prefer paths to same destination
learned by different protocols

20
Classless Inter-Domain Routing

21
Variable Length Subnet Masks
• Use address space in IPv4
network more efficiently
• Rather than use the same mask
for all subnets, use different
mask lengths according to host
numbers per subnet

22
VLSM Design

23
 Review Activity: Dynamic Routing Concepts
• Interior versus Exterior Gateway Protocols
• Routing Information Protocol
• RIP Versions
• Enhanced Interior Gateway Routing Protocol
• Open Shortest Path First
• Border Gateway Protocol
• Administrative Distance
• Classless Inter-Domain Routing
• Variable Length Subnet Masks and VLSM Design

24
Review Activity: Design VLSM Subnets

25
 Lab Activity
• Lab types
Assisted Lab: Configure
• Assisted labs guide you step-by-step through tasks
Dynamic Routing
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

26
Lesson 7

Topic 7C
Install and Troubleshoot Routers

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

27
Edge Routers
• Placement
• Hosts in same IP network/subnet must
not be separated by a router
• Hosts in different IP networks/subnets
must be separated by router

• Edge routers on network perimeter

• Customer edge (CE) to provider edge (PE)
• L1/L2 type (metro-optical, leased line,
DSL, cable)

• SOHO-class routers versus enterprise

routers

28
Internal Routers
• Implement subnets and internal
borders/areas
• Subinterfaces
• Split single physical connection to
per-VLAN subinterfaces

• Layer 3 switches
• Hardware optimized to forward
between VLANs

29
Router Configuration
• Management interface
• Console port
• Loopback interface
• Configure router interfaces
• IP configuration
• L2 configuration
• Configure static routes and routing
protocols
• show route

30
route
• Troubleshoot Windows and
Linux hosts
• Verify default gateway
• Add static route

31
tracert and traceroute
• traceroute
• UDP probes to identify each hop in a
path
• Increments TTL with each iteration
• Outputs number of hops, the IP
address of the ingress interface of
the router or host, and time taken in
milliseconds (ms)
• tracert
• Windows
• Uses ICMP
32
Missing Route Issues
• Use ping and traceroute/tracert to identify where network path fails
• Check routing table
• Missing static route
• Dynamic protocol failure

• Device configuration review

33
Routing Loop Issues
• Incorrect path information causes
packet to circulate until TTL is
exhausted
• Use traceroute to diagnose

34
Asymmetrical Routing Issues
• Return path different to forward path
• Issues
• Inconsistent latency
• Security appliances dropping return packets

• Analyze traceroute output and investigate routing tables

35
Low Optical Link Budget Issues
• Consider PHY/data link layer issues when routing across WANs
• Poor connectivity across fiber link
• Loss budget expresses amount of loss from attenuation, connectors,
and splices measured in dB
• Loss budget must be less than power budget (transceiver transmit
power and receive sensitivity)

36
 Review Activity: Router Installation and Troubleshooting
• Edge Routers
• Internal Routers
• Router Configuration
• route
• tracert and traceroute
• Missing Route Issues
• Routing Loop Issues
• Asymmetrical Routing Issues
• Low Optical Link Budget Issues

37
Review Activity: Design a Branch Office Internetwork

38
 Lab Activity
• Lab types
Applied Lab: Troubleshoot IP
• Assisted labs guide you step-by-step through tasks
Networks (Parts A and B)
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

39
CompTIA Network+ Exam N10-008

Lesson 7
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

40
CompTIA Network+ Exam N10-008

Lesson 8
Explaining Network Topologies
and Types

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain network types and characteristics
• Explain tiered switching architecture
• Explain virtual LANs

2
Lesson 8

Topic 8A
Explain Network Types and
Characteristics

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Client-server versus Peer-to-peer Networks
• Server makes network applications and resources available
• Client consumes the services provided by servers
• Client-server
• Machines are dedicated to a client or to a server role
• Centralized administration

• Peer-to-peer
• Machines can be configured in both client and server roles
• Administration is decentralized
4
Network Types
• Local area network (LAN)
• Home/residential network/small office/home office (SOHO)
• Small and medium sized enterprise (SME)
• Larger network with hundreds or thousands of servers and clients
• Campus area network (CAN)
• Datacenters
• Wide area network (WAN)
• Metropolitan area network (MAN)
• Personal area network (PAN)
5
Network Topology
• Physical topology is the
placement of nodes and media
links between them
• Logical topology is the flow of
data
• Point-to-point topology

6
Star Topology

7
Mesh Topology

8
Ring Topology

9
Bus Topology

10
Hybrid Topology
• Different logical and
physical topologies
• Switched Ethernet is a
logical bus but physical star
• Star-wired ring
• Hierarchical hybrid topology
• Hierarchical star
• Hierarchical star-mesh
• Star of stars
• Star with ring
11
 Review Activity: Network Types and Characteristics
• Client-server versus Peer-to-peer Networks
• Network Types
• Network Topology
• Star Topology
• Mesh Topology
• Ring Topology
• Bus Topology
• Hybrid Topology

12
Lesson 8

Topic 8B
Explain Tiered Switching
Architecture

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

13
Three-tiered Network Hierarchy
• Access/edge layer
• Workgroup switches connect end
systems

• Distribution/aggregation layer
• Fault tolerant links between access
blocks and core
• Layer 3 switches

• Core layer
• Network backbone
14
Spanning Tree Protocol
• Multiple paths between
switches (or bridges) provide
fault tolerance
• But multiple paths allow infinite
loops as Ethernet has no TTL
• Spanning Tree Protocol (STP)
• Prevent switching loops
• Designate a single active path from
any one device to the root bridge

15
Spanning Tree Protocol Configuration
• Ensure selection of appropriate
root bridge
• Devices exchange bridge protocol
data units (BPDUs) to determine
topology
• Network is converged when all
bridge ports are blocking or
forwarding
• Rapid STP (RSTP)/IEEE 802.1w
reduces outages

16
Switching Loop and Broadcast Storm Issues
• Switching loops can be catastrophic as there is no Time To Live (TTL) to
expire a frame
• Broadcast storms occur when switches keep receiving the same
broadcasts and re-broadcast them continually and also start flooding
unicast traffic
• “Classic” cause is to bridge two ports with a misplaced patch cord
• Verify STP is functioning correctly
• Verify physical configurations and interconnections
17
 Review Activity: Tiered Switching Architecture
• Three-tiered Network Hierarchy
• Spanning Tree Protocol
• Spanning Tree Protocol Configuration
• Switching Loop and Broadcast Storm Issues

18
Lesson 8

Topic 8C
Explain Virtual LANs

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

19
Virtual LAN IDs and Membership
• Virtual LANs (VLANs)
• Break up broadcast domains
• Filter traffic between VLAN segments
using access control lists (ACLs)
• Prioritize traffic in voice VLANs

• Static assignment
• Set VLAN ID as part of switch port
interface configuration

• Dynamic assignment
• Assign by MAC address
• Assign by authentication
20
Trunking and IEEE 802.1Q
• Switches interconnected via
trunk links
• VLAN ID information might need
to be transported across trunks
• 802.1Q frame format used on
trunks to store VLAN ID

21
Tagged and Untagged Ports
• Untagged
• Host or access ports
• Switch assigns tags, not end systems

• Tagged port
• Typically trunk link

• Also used by virtualization hosts

22
Voice VLANs
• Voice over IP (VoIP) bandwidth and latency requirements
• Voice VLAN allows VoIP handset to share physical port with PC
• Handset operates a 2-port switch
• PC data sent as untagged frames
• VoIP data sent as 802.1Q in a voice or auxiliary VLAN

• Switch assigns PC data to one VLAN and VoIP data to another

23
 Review Activity: Virtual LANs
• Virtual LAN IDs and Membership
• Trunking and IEEE 802.1Q
• Tagged and Untagged Ports
• Voice VLANs

24
CompTIA Network+ Exam N10-008

Lesson 8
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

25
CompTIA Network+ Exam N10-008

Lesson 9
Explaining Transport Layer
Protocols

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Compare and contrast transport protocols
• Use appropriate tools to scan network ports

2
Lesson 9

Topic 9A
Compare and Contrast Transport
Protocols

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Transport Layer Ports and Connections
• Identify individual
applications as port
numbers
• Socket
• Source IP plus port
bound to software
process

• Connection
• Client IP and port
connected to server IP
and port
4
Transmission Control Protocol
• Connection-oriented, guaranteed delivery
• Segments with header fields to track sequence and
acknowledgements

5
TCP Handshake and Teardown
• Three-way handshake
• Client SYN
• Server SYN/ACK
• Client ACK
• Graceful teardown
• FIN
• ACK
• FIN
• ACK
• Session termination
• RST
6
User Datagram Protocol
• Connectionless, non-guaranteed communication
• Fewer header fields required
• Used by protocols that can tolerate lost or out-of-order packets

7
Common TCP and UDP Ports
TCP/UDP/53 UDP/123 UDP/67 UDP/68 UDP/546 UDP/547 TCP/80
DNS NTP DHCP-Server DHCP-Client DHCPv6- DHCPv6- HTTPS
Client Server

TCP/25 TCP/587 TCP/110 TCP/995 TCP/143 TCP/993 TCP/443

SMTP SMTPS POP POP3S IMAP IMAPS HTTPS

UDP/5004 UDP/5005 TCP/UDP/5060 TCP/UDP/5061 TCP/1433 TCP/1521 TCP/3306

RTP RTCP SIP SIPS MS-SQL SQL*net MySQL

TCP/20 TCP/21 TCP/22 TCP/23 UDP/69 TCP/3389

FTP-Data FTP-Control SSH/SFTP Telnet TFTP RDP

UDP/514 UDP/161 UDP/162 TCP/UDP/389 TCP/636 TCP/445

Syslog SNMP SNMP-Trap LDAP LDAPS SMB over
TCP/IP

8
 Review Activity: Transport Protocols
• Transport Layer Ports and Connections
• Transmission Control Protocol
• TCP Handshake and Teardown
• User Datagram Protocol
• Common TCP and UDP Ports

9
Lesson 9

Topic 9B
Use Appropriate Tools to Scan
Network Ports

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

10
IP Scanners
• Perform host and topology
discovery to maximize network
visibility
• Standalone tools
• IP Address Management (IPAM)

• Determining “up” status

• ping, arp, traceroute
• Simple Network Management Protocol
(SNMP)

• Query DHCP/DNS
11
Nmap

12
netstat
• Report local port status
• TCP versus UDP
• Local IP and port
• Remote IP and port
• State (Listening, Established, …)

• Options
• Skip name resolution, show process, report
statistics, …
• Windows versus Linux syntax differences
• iproute2 ss and nstat commands replace
netstat

13
Remote Port Scanners
• Report port status from a
remote host
• Scan types
• Half-open, full connect, UDP, port
range, …

• Host and service fingerprinting

14
Protocol Analyzers
• Decode frames captured by sniffer
• Live capture or saved capture file
(pcap)

• Parse header fields to reveal packet

metadata

• Reconstruct TCP streams

• Analyze traffic statistics

• Per-host utilization

• Per-protocol utilization
15
 Review Activity: Port Scanning
• IP Scanners
• Nmap
• netstat
• Remote Port Scanners
• Protocol Analyzers

16
 Lab Activity
• Lab types
Assisted Lab: Use Network
• Assisted labs guide you step-by-step through tasks
Scanners
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

17
CompTIA Network+ Exam N10-008

Lesson 9
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

18
CompTIA Network+ Exam N10-008

Lesson 10
Explaining Network Services

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain the use of network addressing services
• Explain the use of name resolution services
• Configure DNS services

2
Lesson 10

Topic 10A
Explain the Use of Network
Addressing Services

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Dynamic Host Configuration Protocol

4
DHCP Server Configuration
• Appliance versus NOS
implementation
• Scope
• Range of IP addresses available to
lease to clients on a particular
subnet
• Defined by start and end IP
addresses and netmask

• Redundant DHCP services should

use non-overlapping address pools

5
DHCP Options Configuration
• Lease time determines how long client keeps its address
• Long lease reduces DHCP traffic but may risk address pool exhaustion
• Environments with high host turnover will configure short leases
• T1 timer and T2 timers

• Options
• Default gateway
• IP address(es) of DNS servers
• DNS suffix (domain name) to be used by the client
• Time synchronization (NTP), file transfer (TFTP), VoIP proxy, …

• Server options versus scope options

6
DHCP Reservations and Exclusions
• Static assignments and exclusions
• Use IP addresses outside address pool
• Exclude specific IP addresses from pool range

• MAC/IP reservation
• Always allocate a device the same pre-selected IP

• Automatic allocation
• Lease any IP address from the pool to the same client persistently

7
DHCP Relay and IP Helper
• DHCP relay agent/RFC 1542
compliant router
• Forwards BOOTP/DHCP traffic
broadcasts to specified interface for
a DHCP server
• Forwards responses from server
back to appropriate client subnet
• ip helper
• Cisco command supporting
operation of DHCP relay
• Can forward various types of
broadcast traffic (not just DHCP)
8
DHCPv6 Server Configuration
• Client uses multicast ff:02::1:2 to
locate server over port UDP/546
(client) and UDP/547 (server)
• Stateless
• Host obtains prefix from router
advertisement (RA)
• RA advertises presence of DHCPv6
server to provide additional options
• Stateful
• DHCPv6 server provides routable
IPv6 address

9
 Review Activity: Network Addressing Services
• Dynamic Host Configuration Protocol
• DHCP Server Configuration
• DHCP Options Configuration
• DHCP Reservations and Exclusions
• DHCP Relay and IP Helper
• DHCPv6 Server Configuration

10
 Lab Activity
• Lab types
Assisted Lab: Analyze a DHCP
• Assisted labs guide you step-by-step through tasks
Server Configuration
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

11
Lesson 10

Topic 10B
Explain the Use of Name
Resolution Services

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

12
Host Names and Fully Qualified Domain Names
• Fully Qualified Domain Name (FQDN)
• Host name + domain suffix
• Doman suffix
• Domain name + Top Level Domain (TLD)
• Subdomains
• Naming rules
• Host name must be unique within domain
• Labels separated by periods
• Max length of 253 characters overall and 63 characters per label (excluding periods)
13
Domain Name System
• Hierarchical distributed database of
name resource records
• Root domain contains 13 servers
(A…M)
• Top Level Domains (TLDs) managed
by ICANN and regional registries
• Domains can be registered within
an appropriate TLD

14
Name Resolution Using DNS

15
Resource Record Types
• Start of Authority (SOA)
• Primary DNS name server that is
authoritative for the zone
• Contact information
• Serial number for version control

• Name Server (NS)

• Two or more NS records are usually
configured for redundancy
• Primary (editable) versus secondary
(read-only)
16
Host Address and Canonical Name Records
• IPv4 Host (A)
• Host record to resolve a name to
an IPv4 address

• IPv6 Host (AAAA)

• Host record to resolve a name to
an IPv6 address

• Canonical Name (CNAME)

• Alternative name for a particular A
or AAAA record

17
Mail Exchange, Service, and Text Records
• Mail Exchange (MX)
• Identifies a host record that functions as an
email server for the domain
• Servers distinguished by priority value

• Service (SRV)
• Identifies a host record that is providing a
particular network service or protocol

• Text (TXT)
• Stores any free-form text that may be needed
to support other network services
• Sender Policy Framework (SPF)
• DomainKeys Identified E-mail (DKIM)
18
Pointer Records
• Forward versus reverse lookup
zones
• Pointer (PTR)
• Resolves an IP address to a host
name

• in.addr.arpa domain
• ip6.arpa domain

19
 Review Activity: Name Resolution Services
• Host Names and Fully Qualified Domain Names
• Domain Name System
• Name Resolution Using DNS
• Resource Record Types
• Host Address and Canonical Name Records
• Mail Exchange, Service, and Text Records
• Pointer Records
20
Lesson 10

Topic 10C
Configure DNS Services

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

21
DNS Server Configuration
• Service port UDP/53 or TCP/53
• Zones
• Primary
• Secondary
• Cache-only
• Authoritative (holds zone records) versus non-authoritative (responds from cache)

• DNS caching
• Time to Live (TTL)
• Server versus client cache
22
Internal versus External DNS
• Internal DNS zones
• Name records for private servers and services
• Only available to internal clients
• Block access from Internet

• External DNS zones

• Public services (websites, email, etc.)
• Hosted on Internet-accessible name servers

• Forwarding and conditional forwarding

23
nslookup
• Query a name server for
resource records
• nslookup –Option Host Server
• Interactive mode
• PowerShell cmdlets

24
dig
• Domain Information Groper (dig)
• Shipped with BIND DNS server
software
• dig host
• dig @ns1.isp.example host
• dig @ns1.isp.example host all
• dig @ns1.isp.example host MX
• Output parameters
• +nocomments or +nostats

25
 Review Activity: DNS Services
• Configure DNS Services
• DNS Server Configuration
• Internal versus External DNS
• nslookup
• dig

26
 Lab Activity
• Lab types
Assisted Lab: Analyze a DNS
• Assisted labs guide you step-by-step through tasks
Server Configuration
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

27
CompTIA Network+ Exam N10-008

Lesson 10
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

28
CompTIA Network+ Exam N10-008

Lesson 11
Explaining Network Applications

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain the use of web, file/print, and database services
• Explain the use of email and voice services

2
Lesson 11

Topic 11A
Explain the Use of Web, File/Print,
and Database Services

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Hypertext Transfer Protocol
• Port TCP/80
• Uniform Resource Locator (URL)
• Headers and payload
• HyperText Markup Language
(HTML)
• Web server implementation
• Hosting type
• Server software

4
Secure Sockets Layer/Transport Layer Security
• Encryption service independent of
application protocol
• OSI session layer
• Typically used with TCP
• DTLS used with UDP

• HTTP Secure (HTTPS) over TCP/443

• Install key pair and digital certificate on web
server
• Issuing certificate authority (CA) trusted by
both server and client
• Clients use public key in certificate to
encrypt
• Server uses private key to decrypt 5
File Transfer Protocol
• File Transfer Protocol (FTP)
• Download, upload, and directory
management
• Active/passive transfer modes
• Ports TCP/21 + TCP/20
• Port TCP/21 + Ephemeral
• Trivial File Transfer Protocol (TFTP)
• Download (GET) and upload (PUT)
only
• Port UDP/69
6
Secure File Transfer Protocol
• Secure FTP (SFTP)
• Using FTP over Secure Shell (SSH) on port
TCP/22

• FTP over SSL (FTPS)

• Explicit TLS (FTPES)
• Use the AUTH TLS command to upgrade
an unsecure connection established over
port TCP/21
• Implicit TLS (FTPS)
• Negotiate an SSL/TLS tunnel before the
exchange of any FTP commands
• Uses the secure port TCP/990 for the
control connection
7
File and Print Services
• Server Message Block (SMB)
• Underpins Windows File/Printer sharing
• Supported on UNIX and Linux by the Samba package
• Runs over port TCP/445 or NetBIOS ports (137 – 139) on legacy hosts

• Remote Print Protocols

• Communicate with print monitor over network
• Port 9100
• Internet Printing Protocol (IPP)
• Web Services for Devices (WSD)/AirPrint
• Printer sharing

8
Database Services
• Relational databases
• Structured in linked tables defined by column (field)/row structure
• Structured Query Language (SQL)
• Relational Database Management System (RDBMS)
• Oracle SQL*Net over TCP/1521
• Microsoft SQL Server over TCP/1433
• MySQL over TCP/3306
• PostgreSQL over TCP/5432
• NoSQL databases
9
 Review Activity: Web, File/Print, and Database Services
• Hypertext Transfer Protocol
• Secure Sockets Layer/Transport Layer Security
• File Transfer Protocol
• Secure File Transfer Protocol
• File and Print Services
• Database Services

10
Lesson 11

Topic 11B
Explain the Use of Email and
Voice Services

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

11
Simple Mail Transfer Protocol (Slide 1 of 2)

12
Simple Mail Transfer Protocol (Slide 2 of 2)
• Server-to-server mail delivery
• MX records

• Non-delivery report (NDR)

• Connection security methods

• STARTTLS versus SMTPS

• SMTP ports
• Port TCP/25 for message relay between SMTP servers or Message Transfer Agents (MTAs)

• Port TCP/587 for Message Submission Agents (MSAs) to submit messages for delivery by an
SMTP server

• Port TCP/465 alternative port for message submission over implicit TLS (SMTPS)
13
Mailbox Access Protocols
• Post Office Protocol (POP/POP3)
• Allows client to retrieve messages
from mailbox server

• TCP/110 unsecure or TCP/995 secure

• Internet Message Access Protocol

(IMAP)
• Allows client to manage mail folders
in mailbox

• TCP/143 unsecure or TCP/993 secure

14
Voice and Video Services
• Private Branch Exchange (PBX)
• Legacy PBX terminates lines from
telecom provider to provision extensions
and call features
• Supplied as vendor-specific hardware

• VoIP-enabled PBX
• Voice over IP transfers voice traffic as
packetized data
• VoIP PBX can be hardware or software
solutions
• Normally placed at the network’s edge
and protected by a firewall

15
VoIP Protocols
• Session control, data transport, and Quality of Service (QoS) functions
• Session Initiation Protocol (SIP)
• Session control
• User agents and user discovery (SIP URI)
• Ports TCP|UDP/5060 and 5061
• Real-time Transport Protocol (RTP)
• Delivery of media packets
• RTP Control Protocol (RTCP)
• Monitor session and provide information to QoS
16
VoIP Phones
• Software or handsets
• Can use normal data cabling but often assigned to separate VLAN for
performance
• Power over Ethernet
• Connection security
• Installation and testing

17
Voice Gateways
• Means of translating between the VoIP network and external voice
networks, such as public switched telephone network (PSTN) lines
• Different VoIP gateways for different functions
• Connect internal VoIP with external PSTN lines (Foreign Exchange Office (FXO)
gateway)
• Route voice calls to external VoIP service
• Connect legacy phones/fax to VoIP PBX (Foreign Exchange Subscriber (FXS)
gateway)

18
 Review Activity: Use of Email and Voice Services
• Simple Mail Transfer Protocol
• Mailbox Access Protocols
• Voice and Video Services
• VoIP Protocols
• VoIP Phones
• Voice Gateways

19
 Lab Activity
• Lab types
Assisted Lab: Analyze
• Assisted labs guide you step-by-step through tasks
Application Security
• Applied labs set goals with limited guidance
Configurations
• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

20
CompTIA Network+ Exam N10-008

Lesson 11
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

21
CompTIA Network+ Exam N10-008

Lesson 12
Ensuring Network Availability

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain the use of network management services
• Use event management to ensure network availability
• Use performance metrics to ensure network availability

2
Lesson 12

Topic 12A
Explain the Use of Network
Management Services

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Secure Shell Servers and Terminal Emulators
• Command line terminal emulation
• Secure Shell (SSH)
• Secure terminal emulation over port TCP/22
• Tunnel other traffic over SSH

• Server authenticated by a host key

• Client authentication
• User name/password
• Public key authentication
• Kerberos

• Ensure secure management of keys used for non-interactive logon

4
Secure Shell Commands
• sshd
• ssh-keygen
• ssh-agent
• ssh Host
• ssh Username@Host
• ssh Host “Command or Script”
• scp Username@Host:RemoteFile /Local/Destination
• sftp
5
Telnet
• Unsecure CLI terminal emulation
over port TCP/23
• Plaintext protocol – no security
• Typically disabled

6
Remote Desktop Protocol
• GUI remote administration over TCP/3389
• Session can be encrypted
• Range of clients for different PC and mobile operating systems

7
Network Time Protocol
• Time critical services
• Authentication, logging, task
scheduling/backup, …

• Network Time Protocol (NTP)

• Stratum 1 servers have direct physical
link to accurate time source
• Lower stratum servers sample multiple
sources
• Clients use simple NTP to obtain correct
time

• Diagnosing errors due to incorrect time

8
 Review Activity: Network Management Services
• Secure Shell Servers and Terminal Emulators
• Secure Shell Commands
• Telnet
• Remote Desktop Protocol
• Network Time Protocol

9
 Lab Activity
• Lab types
Assisted Lab: Configure
• Assisted labs guide you step-by-step through tasks
Secure Access Channels
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

10
Lesson 12

Topic 12B
Use Event Management to
Ensure Network Availability

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

11
Performance Metrics, Bottlenecks, and Baselines
• Performance metrics
• Bandwidth/throughput, CPU and memory resource, storage resource

• Bottlenecks
• “Pinch points” that cause whole system to underperform

• Performance baselines
• Record metrics as comparison
• Update baselines

12
Environmental Monitoring
• Environmental sensors detect
factors that could affect
integrity/reliability
• Device chassis sensors
• Temperature, fan speed, voltage
fluctuation, intrusion

• Ambient sensors
• Temperature, humidity, electrical,
flooding
13
Simple Network Management Protocol
• Agents
• Management Information
Base (MIB)
• Object Identifier (OID)
• Community name
• Read/only or read/write access
• Traps

• SNMP monitor
• Get, Trap, Walk
• Ports UDP/161 (queries) and UDP/162
(traps)
14
Network Device Logs
• Performance, troubleshooting,
and security (auditing)
information
• Metadata plus event description

• Log types
• System and application logs
• Audit logs
• Performance/traffic logs

15
Log Collectors and Syslog
• Centralized collection of events
from multiple sources
• Syslog protocol for forwarding
over UDP/514
• Syslog open format for log
messages
• PRI code
• Header
• Message
16
Event Management
• Event categorization
• Windows
• Informational, warning, or critical
• Audit success or fail

• Syslog severity levels

• 0 (emergency) down to 7 (debug)

• Logging level and alert configuration

• Threshold
• Alert versus notifications and alarms
• Ticket systems
17
Log Reviews
• Monitoring versus
review/analysis
• Trends
• Graphing

18
 Review Activity: Event Management
• Performance Metrics, Bottlenecks, and Baselines
• Environmental Monitoring
• Simple Network Management Protocol
• Network Device Logs
• Log Collectors and Syslog
• Event Management
• Log Reviews
19
 Lab Activity
• Lab types
Assisted Lab: Configure
• Assisted labs guide you step-by-step through tasks
Syslog
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

20
Lesson 12

Topic 12C
Use Performance Metrics to
Ensure Network Availability

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

21
Network Metrics
• Application requirements for high bandwidth and sensitivity to delay
• Bandwidth
• Speed, throughput, and goodput
• Calculating requirements for audio and video
• Latency and jitter
• Signal delay measured in milliseconds (ms)
• Variation in delay
• Measurement tools (pathping and mtr)
• One-way versus Round Trip Time (RTT)
22
Bandwidth Management
• Provision higher bandwidth links or prioritize traffic classes
• Differentiated Services (DiffServ)
• Type of Service field in the IPv4 header/Traffic Class in IPv6

• 6-byte DiffServ Code Point (DSCP)

• IEEE 802.1p
• 3-bit priority field in 802.1Q VLAN header

• Mapping DSCP to 802.1p

• Network control (highest priority)

• Expedited forwarding

• Assured forwarding

• Best effort (lowest priority)

23
Traffic Shaping
• Quality of Service (QoS) versus Class of Service (CoS)
• Privilege real-time data over bursty data
• CoS tags data with priority type
• QoS allows control over network link parameters
• Multiprotocol Label Switching (MPLS)

• Traffic policing enforces bandwidth limits

• Traffic shaping
• Reserve link bandwidth
• Prioritize traffic
• Filter/deprioritize unwanted traffic
24
Traffic Analysis Tools
• Throughput testers
• Assess goodput
• iperf

• Top talkers/listeners
• Bandwidth speed testers
• Broadband speed checkers
• Test website performance/
monitor availability
25
Netflow
• Gather traffic metadata only and
report it to a structured database
• NetFlow and IP Flow Information
Export (IPFIX) IETF standard
• NetFlow exporters
• Traffic flow defined by packets that
share the same characteristics
• 5-tuple and 7-tuple
• NetFlow collectors
• NetFlow analyzers
26
Interface Monitoring Metrics
• Link state • Utilization
• Send versus receive
• Uptime and downtime
• Bits per second or percentage of link bandwidth
• Resets
• Overall versus peak
• Speed • Per-protocol utilization
• Duplex • Packet/byte counts

• Error rate
• Discards/drops
• Retransmissions
27
Troubleshooting Interface Errors
• Cyclic Redundancy Check (CRC) errors
• Encapsulation errors
• Frame type
• Ethernet trunks
• WAN framing

• Runt Frame errors

• Giant Frame errors

28
 Review Activity: Performance Metrics
• Network Metrics
• Bandwidth Management
• Traffic Shaping
• Traffic Analysis Tools
• Netflow
• Interface Monitoring Metrics
• Troubleshooting Interface Errors
29
 Lab Activity
• Lab types
Assisted Lab: Analyze
• Assisted labs guide you step-by-step through tasks
Network Performance
• Applied labs set goals with limited guidance

Applied Lab: Verify Service • Complete lab

and Application • Submit all items for grading and check each progress box

Configuration • Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

30
CompTIA Network+ Exam N10-008

Lesson 12
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

31
CompTIA Network+ Exam N10-008

Lesson 13
Explaining Common Security
Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain common security concepts
• Explain authentication methods

2
Lesson 13

Topic 13A
Explain Common Security
Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Security Concepts
• Confidentiality
• Certain information should only be known to certain people

• Integrity
• Data is stored and transferred as intended, and any modification is authorized

• Availability
• Information is accessible to those authorized to view or modify it

• Vulnerability, threat, and risk

4
Security Risk Assessments
• Posture assessment
• Enterprise risk management
• Comparison with standard frameworks
• Assess use of security controls

• Process assessment
• Mission essential function (MEF)
• Business impact analysis (BIA)
• Business continuity planning (BCP)

5
Vulnerability and Exploit Types
• Vulnerabilities
• Misconfiguration and poor practice or faults in
software code

• Exploits
• Code or method by which a vulnerability is used
maliciously

• Zero-day vulnerabilities and exploits

• Unpatched and legacy systems
• Vulnerability assessment
• Manual and automated scanning

• Identify deviation from configuration baseline

• Common Vulnerabilities and Exposures (CVE)

6
Threat Types and Assessment
• External versus internal threats
• Threat assessment
• Identify adversary tactics, techniques, and procedures (TTPs)
• Research sources
• Data feeds for automated detection tools

7
Security Information and Event Management
• Log aggregation
• Event correlation
• Indicator of Compromise (IoC)
• Alerting

• Log storage and retention

(compliance)

8
Penetration Testing
• Authorized or ethical hacking
• Goes beyond vulnerability scanning to actively test controls

9
Privileged Access Management
• Policies, procedures, and technical controls to prevent the malicious
abuse of privileged accounts
• Mitigate risks from weak configuration controls over privileges
• Least privilege
• Role-based access
• Zero trust

10
Vendor Assessment
• Supply chain vulnerability management
• Onboarding suppliers
• Validate supplier security maturity level

11
 Review Activity: Common Security Concepts
• CIA, Vulnerability, Threat, and Risk
• Security Risk Assessments
• Vulnerability and Exploit Types
• Threat Types and Assessment
• Security Information and Event Management
• Penetration Testing
• Privileged Access Management
• Vendor Assessment

12
Lesson 13

Topic 13B
Explain Authentication Methods

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

13
Authentication Methods and Access Controls
• Subjects and objects
• Access control list (ACL)
• Identity and access management (IAM)
• Identification
• Authentication

• Authorization
• Accounting

14
Multifactor and Two-Factor Authentication
• Account identity and credentials
• Authentication factors/credential format
• Knowledge factor - something you know (such as a password)
• Ownership factor - something you have (such as a smart card)
• Human factor - something you are (such as a fingerprint)
• Behavioral factor - something you do (such as making a signature)
• Location factor - somewhere you are (such as using a mobile device with location
services)
• Multifactor requires more than one type

15
Local Authentication and Single Sign-on
• Cryptographic hashing of passwords
• Windows authentication
• Local sign-in, Windows network sign-in,
Remote sign-in

• Linux authentication
• /etc/passwd user file and /etc/shadow
password file
• Secure Shell (SSH)
• Pluggable authentication modules (PAM)

• Single sign-on (SSO)

• Authenticate once – authorize many
16
Kerberos
• Single sign-on and mutual
authentication
• Three parts
• Client
• Server
• Key Distribution Center (KDC)
• Authentication Service – Ticket
Granting Ticket
• Ticket Granting Service – Service
Ticket
17
Digital Certificates and PKI
• Public key cryptography (asymmetric
encryption)
• Confidentiality: public key can encrypt but not
decrypt
• Authentication: private key encrypts a signature

• Public Key Infrastructure (PKI) authenticates the

public key
• Public key is wrapped in a digital certificate signed
by a certificate authority (CA)
• If client trusts the CA, they can also trust that a
certificate is valid

• Subject is the certificate holder (user or server)

18
Extensible Authentication Protocol and IEEE 802.1X
• Extensible Authentication Protocol (EAP)
• Framework for deploying authentication
technologies

• IEEE 802.1X Port-based Network Access

Control (NAC)
• Allows use of EAP when connecting to a switch
• Authentication, authorization, and accounting
(AAA) architecture
• Supplicant
• Network access server (NAS)/RADIUS
client/authenticator
• AAA server
19
RADIUS and TACACS+
• Remote Authentication Dial-in User
Service (RADIUS)
• Widely used to implement AAA for
client device access and remote
access VPNs
• Terminal Access Controller Access
Control System (TACACS+)
• Used to authenticate to network
switches and routers
• Uses TCP not UDP
• Better support for fine-grained
authorization policies
20
Lightweight Directory Access Protocol
• List of network users and resources
• Access control lists (ACLs)
• Authorizations
• Directory database
• Objects
• Attributes

• X.500 Distinguished Names

• Attribute=Value pairs
• Schema

21
LDAP Secure
• Binding methods
• None
• Simple authentication
• Simple Authentication and Security Layer (SASL)
• LDAPS (TLS over TCP port 636)

• Access control policy

• Read-only
• Read/write

22
 Review Activity: Authentication Methods
• Authentication Methods and Access Controls
• Multifactor and Two-Factor Authentication
• Local Authentication and Single Sign-on
• Kerberos
• Digital Certificates and PKI
• Extensible Authentication Protocol and IEEE 802.1X
• RADIUS and TACACS+
• Lightweight Directory Access Protocol
• LDAP Secure

23
CompTIA Network+ Exam N10-008

Lesson 13
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

24
CompTIA Network+ Exam N10-008

Lesson 14
Supporting and Troubleshooting
Secure Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Compare and contrast security appliances
• Troubleshoot service and security issues

2
Lesson 14

Topic 14A
Compare and Contrast Security
Appliances

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Network Segmentation Enforcement
• Segmentation creates boundaries for network traffic
• Traffic between segments can be filtered
• Network security zones
• Internet-facing versus internal
• Perimeter network

4
Screened Subnets
• Different security configurations for
public and private gateways
• Screening firewall on the public
interface
• Choke firewall on the internal interface
• Triple homed firewall configuration

5
Firewall Uses and Types
• Packet filtering firewalls
• Access control list (ACL) with accept or deny
rules
• Layer 3 (+ TCP/UDP port number) only
• IP source/destination, IP protocol type,
source/destination port

• Stateful inspection firewalls

• Layer 4
• Monitor connection state
• Layer 7
• Inspect application protocol packet
contents 6
Firewall Selection and Placement
• Placement
• Perimeter versus internal versus
host
• Load

• Appliance firewall
• Routed versus layer 2

• Router firewall
• Enterprise versus SOHO
7
Proxy Servers
• Outbound proxy completes
requests on behalf of clients
• Application-specific versus
multipurpose
• Caching
• Non-transparent versus
transparent
• Reverse proxies
8
Network Address Translation
• Mapping between internal
private IP ranges and public IP
addresses
• Static NAT versus dynamic NAT

9
Port Address Translation
• Network Address Port
Translation (NAPT) or NAT
overloading
• Router is configured with single
public IP address
• Maps client connections using
ephemeral ports

10
Defense in Depth
• Focus away from perimeter security
• Network access control
• Honeypots
• Separation of duties

11
Intrusion Detection and Prevention Systems
• Intrusion detection system (IDS)
• Sniff traffic to match signatures of
suspicious packets/flows
• Passive detection

• Intrusion prevention system

(IPS)
• Can block traffic

• Standalone versus integrated

with firewall
12
 Review Activity: Security Appliances
• Network Segmentation Enforcement
• Screened Subnets
• Firewall Uses and Types
• Firewall Selection and Placement
• Proxy Servers
• Network Address Translation
• Port Address Translation
• Defense in Depth
• Intrusion Detection and Prevention Systems

13
 Lab Activity
• Lab types
Assisted Lab: Configure a
• Assisted labs guide you step-by-step through tasks
NAT Firewall
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

14
Lesson 14

Topic 14B
Troubleshoot Service and
Security Issues

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

15
DHCP Issues
• Server scope and exhaustion issues
• Server offline
• Address pool exhausted
• No DHCP relay
• Scopes reconfigured—clients may have “expired” configuration

• Rogue DHCP server issues

• Accidental deployment
• Malicious

16
Name Resolution Issues
• Name resolution methods • DNS configuration issues

• Verify name resolution sequence • Suspect name resolution problem

when link test by IP address works
• Test services with HOSTS • Establish scope of problem – single
client? subnet?
• Check client’s DNS server address
configuration • Verify client configuration

• Check server availability • DNS server and suffix

• Static assignment or DHCP
• Use lookup tools to verify resource
records on DNS server
17
VLAN Assignment Issues
• Check configuration on switch
• Check VLAN membership
• Check services available to VLAN
• Routing
• DHCP/DHCP relay/IP helper

• DNS
• Authentication/network applications

18
Unresponsive Service and Network Performance Issues
• Verify scope—Is it a client problem or server one?
• Application/OS crash
• Hardware overutilization
• Network congestion
• Broadcast storm
• Denial of service (DoS)

19
Misconfigured Firewall and ACL Issues
• Authorized application blocked
• Blocked TCP or UDP port
• Blocked IP address or network
• Test from inside and outside firewall
• Inspect firewall log

• Unauthorized application not blocked

20
Untrusted Certificate Issues
• Must be a trust relationship with
server’s CA
• Check root certificates store
• Apps may use separate trust store
• Self-signed certificates
• Subject name and key usage issues
• Expired and revoked certificates (or
CA certificates)
• Time synchronization

21
Other Common Issues
• NTP issues
• Verify accurate time synchronization

• Bring Your Own Device (BYOD) challenges

• Compatibility support for wide range of employee-selected devices
• Security issues
• Enterprise Mobility Management (EMM) and corporate workspaces

• Licensed feature issues

• Expiry of trial periods
• Activation failure
22
 Review Activity: Service and Security Issues
• DHCP Issues
• Name Resolution Issues
• VLAN Assignment Issues
• Unresponsive Service and Network Performance Issues
• Misconfigured Firewall and ACL Issues
• Untrusted Certificate Issues
• Other Common Issues
23
Review Activity: Scenarios in Service and Security Issues

24
CompTIA Network+ Exam N10-008

Lesson 14
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

25
CompTIA Network+ Exam N10-008

Lesson 15
Deploying and Troubleshooting
Wireless Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Summarize wireless standards
• Install wireless networks
• Troubleshoot wireless networks
• Configure and troubleshoot wireless security

2
Lesson 15

Topic 15A
Summarize Wireless Standards

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
IEEE 802.11 Wireless Standards
• Wi-Fi modulation and carrier
methods
• Carrier Sense Multiple Access
with Collision Avoidance
(CSMA/CA)
• Ack undamaged frames
• Request to Send/Clear to Send

• Original data rate just 1 Mbps

4
IEEE 802.11a and 5 GHz Channel Bandwidth
• 2.4 GHz
• Better propagation, but fewer channels and greater interference risk

• 5 GHz
• Lower range, but less congested

• IEEE 802.11a (54 Mbps)

• Orthogonal Frequency Division Multiplexing (OFDM)
• 23 x non-overlapping 20 Mhz channels
• Dynamic Frequency Selection (DFS) and regulatory impacts

5
IEEE 802.11b/g and 2.4 GHz Channel Bandwidth
• IEEE 802.11b (11 Mbps)
• Direct Sequence Spread Spectrum (DSSS),
along with Complementary Code Keying
(CCK) signal encoding
• 14 x 5 MHz channels
• Wi-Fi still needs 20 MHz channel bandwidth
• Channels require careful configuration to
avoid overlap

• IEEE 802.11g (54 Mbps)

• OFDM
• 802.11b compatibility mode

6
IEEE 802.11n, MIMO, and Channel Bonding
• Single User Multiple Input Multiple Output
(SU-MIMO)
• AxB:C transmit and receive antennas plus
maximum simultaneous streams

• Spatial multiplexing and spatial diversity

• Can use 5 GHz or 2.4 GHz bands with channel

bonding
• High Throughput (HT)/greenfield
• 288.8 Mbps for a single channel and 600 Mbps for
bonded channels

• HT mixed mode for compatibility with older

standards

• Wi-Fi 4
7
Wi-Fi 5 and Wi-Fi 6
• Wi-Fi 5 (802.11ac)
• 5 GHz only
• 80 or 160 MHz channel bonding
• Up to 8 spatial streams

• Wi-Fi 6 (802.11ax)
• High Efficiency (HE)
• 2.4 GHz or 5 GHz (plus new 6 GHz band)
• Enhancements to support Internet of Things (IoT) devices
• OFDM with multiple access (OFDMA)
• Not so much throughput, but reduced latency

8
Multiuser MIMO
• Beamforming
• Downlink MU-MIMO (DL MU-MIMO)
• Separate signals by alignment
• Up to 4 in Wi-Fi 5 and up to 8 in Wi-Fi 6

• Uplink MU-MIMO (UL MU-MIMO)

9
2G and 3G Cellular Technologies
• 2G cellular radio
• Global System for Mobile Communication (GSM)

• Initially used Time Division Multiple Access (TDMA)

• Subscriber Identity Module (SIM) allows number portability between handsets

• Code Division Multiple Access (CDMA)/IS-95

• Circuit Switched Data (CSD)

• 3G packet radio for cellular networks

• General Packet Radio Services/Enhanced Data Rates for GSM Evolution (GPRS/EDGE) for 2.5G on GSM

• Universal Mobile Telecommunications System (UMTS)/Evolved High Speed Packet Access (HSPA+) for 3G on GSM
networks (now using a form of CDMA)

• CDMA2000 Evolution Data Optimized (EV-DO) for 3G on CDMA networks

10
4G and 5G Cellular Technologies
• Long Term Evolution (LTE) for 4G
• Convergence between the GSM and “CDMA” camps – uses Orthogonal Frequency Division Multiple Access
(OFDMA)

• 150 Mbps downlink (nominally)

• 20 Mbps more typical of actual conditions

• Long Term Evolution (Advanced) (LTE-A)

• 300 Mbps downlink (nominally)

• 90 Mbps more typical of actual conditions

• 5G
• Aims for 1 Gbps but achieves 50 – 300 Mbps

• Uses hundreds of small antennas in different frequency bands, unlike with current wireless cells

• Fixed-wireless broadband solutions 11

 Review Activity: Wireless Standards
• IEEE 802.11 Wireless Standards
• IEEE 802.11a and 5 GHz Channel Bandwidth
• IEEE 802.11b/g and 2.4 GHz Channel Bandwidth
• IEEE 802.11n, MIMO, and Channel Bonding
• Wi-Fi 5 and Wi-Fi 6
• Multiuser MIMO
• 2G and 3G Cellular Technologies
• 4G and 5G Cellular Technologies

12
Lesson 15

Topic 15B
Install Wireless Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

13
Infrastructure Topology and Wireless Access Points
• Access point (AP)
• Bridges wireless stations (STA) and
cabled network

• Basic Service Set (BSS)

• MAC address of AP is used as Basic
Service Set Identifier (BSSID)
• More than one BSS can be
grouped together in Extended
Service Set (ESS)

14
Wireless Site Design
• Service Set Identifier (SSID)
• Multiple BSSs with the same SSID form an extended service set (ESS)
• SSID broadcast and beacon frame
• Speed and distance requirements
• Maximum indoor and outdoor ranges
• Dynamic Rate Switching/Selection (DRS)
• Built environment obstructions
• Radio source interference
• Competing wireless networks
• Other devices/standards 15
Site Surveys and Heat Maps
• Inspect floor plan and rooms to
identify obstructions
• Plan cells to provide good coverage
of the area
• Device density
• Bandwidth per device
(uplink/downlink)

• Use wireless survey tools to

identify signal strength and channel
utilization (heat map)

16
Wireless Roaming and Bridging
• Extended service area (ESA)
• Distribution System (DS) where wired network connects access points via switches
• Access points use different channels to avoid interference
• Access points all use the same SSID (Extended SSID/ESSID) and security
configuration

• Disassociation/reassociation
• Wireless Distribution System (WDS)
• Repeater mode

• Wireless bridges
17
Wireless LAN Controllers
• Manage tens or hundreds of access points
• Appliance or software solution
• Access point governed by controller is “thin” or “lightweight”
• Lightweight Access Point Protocol (LWAPP)
• VLAN pooling
• Power over Ethernet

18
Ad Hoc and Mesh Topologies
• Ad hoc
• Peer-to-peer or Independent Basic Service Set (IBSS)

• Mesh
• Self-forming network with path discovery and routing

19
 Review Activity: Wireless Network Installation
• Infrastructure Topology and Wireless Access Points
• Wireless Site Design
• Site Surveys and Heat Maps
• Wireless Roaming and Bridging
• Wireless LAN Controllers
• Ad Hoc and Mesh Topologies

20
Lesson 15

Topic 15C
Troubleshoot Wireless Networks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

21
Wireless Performance Assessment
• Specifications and limitations
• Speed versus throughput
• Distance
• Radio frequency (RF) attenuation or free space path loss
• Doubling distance quadruples signal loss
• dBm measures signal strength as ratio to 1 milliwatt (mw)
• 1 mw = 0 dBm
• Negative dBm represents fractional mw values

22
Signal Strength
• Received Signal Strength
Indicator (RSSI)
• Up to -65 dBm is a good signal

• -80 dBm is at the limit

• Signal-to-noise ratio (SNR)

• Wi-Fi analyzers

23
Antenna Types
• Omnidirectional
• Same signal in all directions - torus
(donut) shape
• Unidirectional (Yagi and parabolic)
• Signal can be focused in one
direction to increase signal strength
• Gain measured in dBi (decibel
isotropic) units
• Beamwidth
• Polarization

24
Insufficient Wireless Coverage Issues
• Insufficient wireless coverage
• Add access point
• Configure wireless bridge
• Antenna placement
• Antenna cable attenuation
• Effective isotropic radiated power (EIRP)
• Transmit Power + Cable Loss + Antenna Gain
• Maximum transmit power and regulatory limitations
• Client must be able to transmit back
25
Channel Utilization and Overlap Issues
• Co-channel interference (CCI)
• Adjacent channel interference
(ACI)
• Channel layout
• Transmit power and site survey
• Overlap for roaming
• Access point association time

26
Overcapacity Issues
• High number of stations overwhelming access point
• Manage client density
• Analyze associations through controller

27
Interference Issues
• Reflection/bounce
• Refraction
• Absorption/environmental factors
• Electromagnetic interference (EMI)
• Spectrum analzyers

28
 Review Activity: Wireless Network Troubleshooting
• Wireless Performance Assessment
• Signal Strength
• Antenna Types
• Insufficient Wireless Coverage Issues
• Channel Utilization and Overlap Issues
• Overcapacity Issues
• Interference Issues
29
Lesson 15

Topic 15D
Configure and Troubleshoot
Wireless Security

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

30
Wi-Fi Encryption Standards
• Cryptographic protocols and authentication
mechanism
• Wi-Fi Protected Access (WPA)
• Based on RC4 cipher from Wired Equivalent Privacy
(WEP)
• Adds Temporal Key Integrity Protocol (TKIP)
• Both WEP and WPAv1 are too weak to use safely

• WPA2
• Uses strong Advanced Encryption Standard (AES) cipher
• Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP)

• WPA3
31
Personal Authentication
• WPA2 Pre-Shared Key Authentication
• Group authentication
• All stations configured with same passphrase
• Passphrase used to generate master encryption key
• 4-way handshake generates session keys
• WPA3 Personal Authentication
• Still based on group passphrase
• Key generation improved by Password Authenticated Key Exchange (PAKE)
• Simultaneous Authentication of Equals (SAE) generates session keys

32
Enterprise/IEEE 802.1X Authentication
• Uses Extensible Authentication
Protocol (EAP) to authenticate to
a network server
• IEEE 802.1X allows only EAP over
Wireless (EAPoW) until station is
authenticated
• User’s network credential is
used to generate session keys

33
Wi-FI Security Configuration Issues
• Wrong SSID and incorrect passphrase issues
• Incorrect manual configuration of SSID
• Selecting wrong SSID

• Encryption protocol mismatch issues

• Check client support for WPA version

34
Client Disassociation Issues
• Disassociation and deauthentication
• AP or station can initiate
• Station might be roaming

• Malicious attacks
• Spoof frames to disconnect station from WLAN

• Try to force new connection to rogue AP

• Sniff authentication process

35
Open Authentication and Captive Portal Issues
• Access point configured with no security
• No encryption
• Secondary authentication mechanisms
• Captive portal

• Connection security
• Use SSL/TSL-protected services (HTTPS and secure email)
• Use a secured VPN

36
 Review Activity: Wireless Security
• Wi-Fi Encryption Standards
• Personal Authentication
• Enterprise/IEEE 802.1X Authentication
• Wi-FI Security Configuration Issues
• Client Disassociation Issues
• Open Authentication and Captive Portal Issues

37
CompTIA Network+ Exam N10-008

Lesson 15
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

38
CompTIA Network+ Exam N10-008

Lesson 16
Comparing WAN Links and
Remote Access Methods

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain WAN provider links
• Compare and contrast remote access methods

2
Lesson 16

Topic 16A
Explain WAN Provider Links

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Wide Area Network Technologies and the OSI Model
• WAN physical layer
• Modulation and demodulation
• Analog modems and digital modems

• WAN data link layer

• Point-to-point links using serial data protocols
• Ethernet

• WAN network layer

• Customer Edge (CE) router link to Provider Edge (PE) router

4
WAN Provider Links
• Demarcation point (demarc)
• Termination point for service provider’s cabling
• Minimum point of entry (MPOE)

• Customer premises equipment (CPE)

• Entrance facilities

5
T-Carrier and Leased Line Provider Links
• Time Division Multiplexing (TDM) circuits
• 64 Kbps channels

• 24 channels multiplexed as a T1 leased line

• Smart jack/Network Interface Unit (NIU)

• Serial digital signal over 2-pair UTP

• RJ-48C or RJ-48X to connect to the CSU/DSU

• Channel Service Unit/Data Service Unit (CSU/DSU)

• DSU digital modem encodes signal from PBX/router

• CSU performs diagnostics

• Typically implemented as WAN interface card

• Data link layer

• High-level Data Link Control (HDLC) or Point-to-Point Protocol
(PPP)
6
Digital Subscriber Line Provider Links
• Shares same physical telephone
line but uses higher frequency
range
• DSL modem installed as CPE
• Filters must be installed on
telephone points
• DSL types
• Symmetrical DSL (SDSL)
• Asymmetrical DSL (ADSL)
7
Fiber to the Curb
• Fiber to the X (FTTx)
• Fiber optic cabling in the last mile
• To the Home (FTTH), To the Premises (FTTP)
• To the Node (FTTN), To the Curb (FTTC)

• Very High Bitrate DSL (VDSL)

• Supports FTTC with VDSL over last part of link (up to 300m)
• Up to 52 Mbps downstream and 6 Mbps upstream
• VDSL2 up to 100 Mbps over 100m (300 feet)

8
Cable Provider Links
• Shares same physical cable as cable access TV (CATV)
• Coax link to customer premises
• Fiber optic core network

• Cable modem installed as CPE

• Connects to service provider network using coax F-
connector

• Data Over Cable Service Interface Specification

(DOCSIS)
• Downlink speeds of up to 38 Mbps (North America) or 50
Mbps (Europe) and uplinks of up to 27 Mbps
• DOCSIS version 3 allows use of multiplexed channels to
achieve higher bandwidth
9
Metro-optical Provider Links
• Carrier Ethernet
• Physical service types
• Service categories

• Passive Optical Network

• Residential/SME Fiber to the Home (FTTH) or Premises (FTTP) service

• Speeds of 100 Mbps+

• CPE router connects to optical network terminator (ONT) at demarc via fiber
optic patch cable

10
Microwave Satellite
• Align with orbiting satellites
• Geostationary with the equator

• Subject to higher latency

• ISP installs very small aperture terminal (VSAT) satellite dish at
customer site
• Connected via coax to a Digital Video Broadcast Satellite (DVB-S)
modem

11
 Review Activity: WAN Provider Links
• Wide Area Network Technologies and the OSI Model
• WAN Provider Links
• T-Carrier and Leased Line Provider Links
• Digital Subscriber Line Provider Links
• Fiber to the Curb
• Cable Provider Links
• Metro-optical Provider Links
• Microwave Satellite

12
Lesson 16

Topic 16B
Compare and Contrast Remote
Access Methods

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

13
Remote Network Access Authentication and Authorization
• Authenticate and authorize users
• Document service, risks, and countermeasures
• Define policy restrictions
• Users/groups, time of day, privileges, auditing, …

• Manage remote devices

14
Tunneling and Encapsulation Protocols
• Establish a host on the same logical network over a connection through a different
network
• Point-to-Point Protocol (PPP)
• Encapsulation for higher layer packets at layer 2
• Works over serial point-to-point links

• Generic Routing Encapsulation (GRE)

• Encapsulates packets at layer 3 (IP protocol #47)
• Supports point-to-point and point-to-multipoint (mGRE)
• Independent of PHY/data link network implementation

• IPSecurity (IPSec)
• Transport Layer Security (TLS) and Datagram TLS (DTLS)
15
Client-to-Site Virtual Private Networks
• Remote access or telecommuter
model
• Protocols
• TLS, Secure Socket Tunneling Protocol
(SSTP), Layer 2 Tunneling Protocol
(L2TP), IPSec, …
• EAP/RADIUS authentication

• Split tunnel versus full tunnel

16
Remote Host Access and Remote Desktop Gateways
• Remote host access
• Remote configuration and administration
• Remote user access to a desktop
• Remote desktop gateways for virtual desktops and apps

• Remote Desktop Protocol (RDP) and Virtual Network Computing (VNC)

• Clientless VPN
• Remote desktop implemented using HTML5 features and basic web browser

17
Site-to-Site Virtual Private Networks
• Router/gateways establish VPN
links
• Client traffic automatically
tunneled between sites

18
Hub and Spoke VPNs and VPN Headends
• Hub and spoke topology
• VPN headend

• Dynamic Multipoint VPN

(DMVPN)
• IPSec for security
• Next Hop Router Protocol (NHRP)

• GRE tunneling

19
Internet Protocol Security
• Layer 3 encryption protocol suite
• Authentication Header (AH)
• Provides authentication/integrity
only

• Encapsulating Security Payload

(ESP)
• Confidentiality and
authentication/integrity

• IPv4 and IPv6 implementations

20
IKE and IPSec Modes
• Internet Key Exchange (IKE)
• Set up Security Association (SA)

• Transport mode
• IP header is unencrypted
• Used for end-to-end communication
over the same network

• Tunnel mode
• Encapsulates encrypted packet within
new unencrypted header
• Used when traffic must pass over an
intermediate network (VPN)

21
Out-of-Band Management Methods
• Managed versus unmanaged appliances
• Management interface
• Console port/command line interface (CLI)
• AUX port dial-up link
• Management port (connect over IP network)
• Web interface using HTTP/HTTPS
• Virtual terminal over Telnet/SSH (CLI)

• In-band versus out-of-band management

network
22
 Review Activity: Remote Access Methods
• Remote Network Access Authentication and Authorization
• Tunneling and Encapsulation Protocols
• Client-to-Site Virtual Private Networks
• Remote Host Access and Remote Desktop Gateways
• Site-to-Site Virtual Private Networks
• Hub and Spoke VPNs and VPN Headends
• Internet Protocol Security
• IKE and IPSec Modes
• Out-of-Band Management Methods

23
 Lab Activity
• Lab types
Assisted Lab: Configure
• Assisted labs guide you step-by-step through tasks
Remote Access
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

24
CompTIA Network+ Exam N10-008

Lesson 16
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

25
CompTIA Network+ Exam N10-008

Lesson 17
Explaining Organizational and
Physical Security Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain organizational documentation and policies
• Explain physical security methods
• Compare and contrast Internet of Things devices

2
Lesson 17

Topic 17A
Explain Organizational
Documentation and Policies

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Operating Plans and Procedures
• Configuration management
• Assets and configuration items
• Baselines

• Change management
• Reactive versus proactive

• Change request and approval

• Standard Operating Procedures (SOPs)

4
System Life Cycle Plans and Procedures
• Audit report
• Identify and record assets

• Assessment report
• Evaluate
configuration/performance
• Compare to baselines

• System life cycle

• Acquisition, deployment, use, and
decommissioning
5
Physical Network Diagrams
• Floor plan
• Detailed scale diagram

• Wiring diagram
• Illustrate and document cable termination

• Distribution frame
• Port IDs
• Main versus intermediate distribution frames (MDF versus IDF)

• Site survey report

6
Rack Diagrams
• Rack format
• Standard 19” width
• 1.75” U multiples in height

• Stencils
• Position of appliances
• Label network and power ports
• Configuration and asset
information
7
Logical versus Physical Network Diagrams
• Diagram types
• Detailed physical plans
• Schematics

• Constrain to single OSI layer per

diagram
• PHY (Physical layer)
• Data Link (layer 2)
• Logical (IP/layer 3)
• Application

• Standard icons
8
Security Response Plans and Procedures
• Incident response plan
• Categorize incident types, such as data breach, malware/intrusion detection, denial of service
(DoS), …
• Restoring security versus preserving evidence

• Disaster recovery plan

• Identify major incident scenarios

• Business continuity plan

• Identify and prioritize functions for investment in fault tolerance/redundancy
• Business impact analysis (BIA)
• IT contingency planning (ITCP)

9
Hardening and Security Policies
• Security policy types
• Human Resources (HR)-led policies
• Onboarding
• Offboarding

10
Usage Policies
• Password policy
• User behavior

• System-enforced selection and change

rules

• Acceptable Use Policy (AUP)

• Bring your own device (BYOD) policies
• BYOD versus corporate owned

• Mobile Device Management

(MDM)/Enterprise Mobility Management
(EMM)

11
Data Loss Prevention
• Risks from data breach
• Data loss prevention (DLP)
software
• Scan file and data stores
• Match confidential and
personal/sensitive data
• Control access, copying, and
printing

12
Remote Access Policies
• Ensure remote devices and network connections do not create
vulnerabilities
• Malware protection and patching of remote hosts

• Protection of credentials
• Protection for data processed off-site
• Treat remote hosts and networks as untrusted

13
Common Agreements
• Service Level Agreement (SLA) requirements
• Non-Disclosure Agreement (NDA)
• Legal basis for protecting information assets
• Used in employment contracts and between companies

• Memorandum of Understanding (MoU)

14
 Review Activity: Documentation and Policies
• Operating Plans and Procedures
• System Life Cycle Plans and Procedures
• Physical Network Diagrams and Rack Diagrams
• Logical versus Physical Network Diagrams
• Security Response Plans and Procedures
• Hardening and Security Policies
• Usage Policies
• Data Loss Prevention
• Remote Access Policies
• Common Agreements
15
 Lab Activity
• Lab types
Assisted Lab: Develop
• Assisted labs guide you step-by-step through tasks
Network Documentation
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

16
Lesson 17

Topic 17B
Explain Physical Security
Methods

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

17
Badges and Site Secure Entry Systems
• Access control hardware
• Badge reader
• Biometric

• Access control vestibule

• Prevent tailgating and piggybacking

• Turnstile
• “Mantrap”

18
Physical Security for Server Systems
• Locking racks
• Lock whole rack
• Bracket/shelf locks

• Locking cabinets
• Smart lockers
• Smart card/biometric lock
• Sensors to detect add/remove

19
Detection-Based Devices
• Surveillance systems and security guards
• Cameras
• Fixed versus Pan-Tilt-Zoom (PTZ)
• Focal length
• Closed Circuit Television (CCTV) coax
networks
• IP camera data and PoE networks

• Asset tags
• Link asset to database/configuration
management
• Radio Frequency ID (RFID) monitored tags
20
Alarms and Tamper Detection
• Alarm types
• Circuit/tamper detection
• Motion detection

• Alarms for rack systems and chassis intrusion

• Tamper detection for cabling
• Protected Distribution System (PDS)

21
Asset Disposal
• Factory reset/configuration wipe
• Remove accounts and passwords
• Remove configuration information
• Remove licensing keys and registration
• Data remnants and media sanitization
• Physical destruction
• Overwriting and HDDs versus SSDs
• Secure Erase (SE)
• Instant Secure Erase (ISE)

22
Employee Training
• Security awareness
• Incident reporting
• Site security
• Data and credential handling
• Social engineering, malware, and
other threat awareness

• Role-based training

23
 Review Activity: Physical Security Methods
• Badges and Site Secure Entry Systems
• Physical Security for Server Systems
• Detection-Based Devices
• Alarms and Tamper Detection
• Asset Disposal
• Employee Training

24
Lesson 17

Topic 17C
Compare and Contrast Internet
of Things Devices

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

25
Internet of Things
• Consumer-grade smart devices
• Hub versus device functions

• Physical access control systems and smart buildings

26
ICS/SCADA
• Industrial control systems (ICS) and the AIC triad
• Workflow and process automation systems
• Power suppliers, water suppliers, health services, telecommunications, and national security
services
• Programmable logic controller (PLC)
• Mechanical devices and sensors
• Human-machine interface (HMI)

• Supervisory Control and Data Acquisition (SCADA)

• ICS distributed over large areas
• Control software running on PCs
• Cellular communications 27
IoT Networks
• Operational Technology (OT) networks
• Serial data or industrial Ethernet
• Require deterministic, low-latency delivery over bandwidth

• Cellular networks
• Deterministic, low-latency versions of 4G/5G

• Z-Wave and Zigbee

• Wireless mesh for home automation devices

28
Placement and Security
• Consumer-grade smart devices
• Vendor assessment
• Risks from shadow IT

• Smart buildings
• Isolate management traffic from data networks
• Include in configuration management/assessments

• ICS/SCADA
• Isolate/monitor connections to data networks

29
 Review Activity: Internet of Things Devices
• Internet of Things
• ICS/SCADA
• IoT Networks
• Placement and Security

30
CompTIA Network+ Exam N10-008

Lesson 17
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

31
CompTIA Network+ Exam N10-008

Lesson 18
Explaining Disaster Recovery and
High Availability Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Explain disaster recovery concepts
• Explain high availability concepts

2
Lesson 18

Topic 18A
Explain Disaster Recovery
Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
High Availability
• Availability and high
availability
• Percentage uptime
• Maximum Tolerable
Downtime (MTD)
• Recovery metrics
• Recovery time objective
(RTO)
• Work recovery time (WRT)
• Recovery point objective
(RPO)
4
Fault Tolerance and Redundancy
• Reliability metrics
• Mean Time Between Failures (MTBF)
• Operational time / # failures
• Mean Time to Failure (MTTF)
• Used for non-repairable components
• Operational time / # devices
• Mean Time to Repair (MTTR)
• Unplanned maintenance time / # incidents

• Redundant system types

• Hardware spares, network links, power systems, system and data backups, cluster services, …

5
Recovery Sites
• Alternate processing sites that will not be affected by same disaster event
• Hot site
• Failover in seconds or minutes

• Warm site
• Failover in hours

• Cold site
• Failover in days

• Cloud site
• Transfer responsibilities to cloud provider
• Cannot transfer all the risk
6
Facilities and Infrastructure Support
• Heating, ventilation, air conditioning (HVAC)
• Temperature sensors and moisture detection sensors
• Office areas versus datacenter/equipment rooms

• Fire suppression
• Emergency procedures and alarms

• Portable extinguisher usage

• Sprinkler systems

7
Power Management
• Spikes, surges, brownouts, and blackouts
• Power Distribution Unit (PDU)
• Filter and stabilize grid power and facilitate remote monitoring

• Battery backups and Uninterruptible Power Supplies (UPSs)

• Battery-backed cache
• UPS runtime

• Generators
• Replacement for grid power
• Must be used with UPS
• Renewable power sources
8
Network Device Backup Management
• Network appliance configuration backup
• Startup versus running configuration
• Version history and rollback

• Backup modes
• State/bare metal

• Configuration file

• Backing up/logging other state information

9
 Review Activity: Disaster Recovery Concepts
• High Availability
• Fault Tolerance and Redundancy
• Recovery Sites
• Facilities and Infrastructure Support
• Power Management
• Network Device Backup Management

10
 Lab Activity
• Lab types
Assisted Lab: Backup and
• Assisted labs guide you step-by-step through tasks
Restore Network Device
• Applied labs set goals with limited guidance
Configuration
• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

11
Lesson 18

Topic 18B
Explain High Availability Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

12
Multipathing
• Multiple physical links between nodes
• Routed internetwork
• SAN multipathing
• Multiple ISPs

• Diverse paths
• Ensure physical separation of first mile links to ISPs
• Ensure independence of ISP’s networks

13
Link Aggregation/NIC Teaming
• Bundle multiple physical links into a
single channel
• Channel can use combined
bandwidth of links
• Channel redundancy against link
failure
• IEEE 802.3ad/802.1ax
• Link Aggregation Group (LAG)
• Link Aggregation Control Protocol
(LACP)
14
Load Balancers
• Distribute client requests
• Placed in front of server farm or
resource pool
• Layer 4 switch versus layer 7
switch

15
Redundant Hardware/Clusters
• Nodes that must share common
data
• Virtual IP
• External address for service shared
by processing nodes
• Common Address Redundancy
Protocol (CARP)

• Active-passive and active-active

clustering
16
First Hop Redundancy
• Provision multiple default gateways
without complex routing on hosts
• Hot Standby Router Protocol
(HSRP)
• Routers share common virtual IP and
MAC
• Standby group with priority standby
router
• Virtual Router Redundancy Protocol
(VRRP)
• No specific standby

17
 Review Activity: High Availability Concepts
• Multipathing
• Link Aggregation/NIC Teaming
• Load Balancers
• Redundant Hardware/Clusters
• First Hop Redundancy

18
CompTIA Network+ Exam N10-008

Lesson 18
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

19
CompTIA Network+ Exam N10-008

Lesson 19
Applying Network Hardening
Techniques

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Compare and contrast types of attacks
• Apply network hardening techniques

2
Lesson 19

Topic 19A
Compare and Contrast Types of
Attacks

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
General Attack Types
• Understanding attacker types and their motivations
• Footprinting and fingerprinting
• Discover how the network and its security systems are configured

• Spoofing
• Any type of attack where the attacker disguises his or her identity

• Denial of Service Attacks

• Any attack that causes a service to become unavailable to users
• May be purely destructive or may allow attacker to spoof the legitimate service

4
On-path Attacks
• Threat actor intercepts communication
path
• “Man-in-the-Middle (MitM)”

• MAC spoofing and IP spoofing

• Arbitrarily change address value in packet

• ARP spoofing
• Broadcast unsolicited/gratuitous ARP
replies
• Masquerade as MAC address of default
gateway

• Rogue DHCP
• Configure clients with malicious default
gateway/DNS server IP 5
DNS Poisoning Attacks
• Spoofing trusted hosts/sites
(pharming)
• Denial of Service (DoS)
• Client-side attacks
• Change/intercept resolver traffic
• Modify HOSTS

• Server-side attacks
• Hack server and change name records
• Pollute server cache
6
VLAN Hopping Attacks
• Send traffic to VLAN that would not normally be accessible
• Double tag exploit against weakly configured native VLANs
• Masquerade as trunk

7
Wireless Network Attacks
• Rogue access points
• Potential backdoor
• Risks from shadow IT

• Evil twins
• Spoofs SSID and BSSID (MAC) of
legitimate AP

• Deauthentication attacks
• Cause client(s) to disconnect from
AP
8
Distributed DoS Attacks and Botnets
• Co-ordinated attacks launched by multiple hosts simultaneously
• Overwhelm bandwidth
• Overwhelm processing resource (flood state table)

• Distributed reflection DoS

• Amplification attack
• Spoof victim IP to overwhelm it with responses

• Botnets
• Group of compromised hosts used to perpetrate DDoS/DRDoS)
• Handler/herders versus bots
• Command and control (C&C/C2) network
9
Malware and Ransomware Attacks
• Malware classification by vector
• Viruses and worms
• Trojan
• Potentially unwanted programs
(PUPs)/Potentially unwanted applications
(PUAs)

• Malware classification by payload

• Spyware, rootkit, remote access Trojan
(RAT), ransomware, …

• Ransomware
• Spoof shell/dialogs/notifications
• Crypto-malware 10
Password Attacks
• Password capture
• Plaintext storage and transmission
• Password hashes

• Password hash cracking

• Dictionary

• Brute force

• Protecting password hashes

11
Human and Environmental Attacks
• Social engineering or hacking the
human
• Reasons for effectiveness

• Phishing
• Social engineering over email
• Also uses spoofed resource (website)

• Shoulder surfing
• Observing password/PIN entry

• Tailgating and piggybacking

• Gaining unauthorized entry to premises
12
 Review Activity: Types of Attacks
• Footprinting, Spoofing, and Denial of Service Attacks
• On-path Attacks
• DNS Poisoning Attacks
• VLAN Hopping Attacks
• Wireless Network Attacks
• Distributed DoS Attacks and Botnets
• Malware and Ransomware Attacks
• Password Attacks
• Human and Environmental Attacks
13
 Lab Activity
• Lab types
Assisted Lab: Analyze an On-
• Assisted labs guide you step-by-step through tasks
path Attack
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

14
Lesson 19

Topic 19B
Apply Network Hardening
Techniques

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

15
Device and Service Hardening
• Hardening means applying a secure configuration to each network
host or appliance
• Change default passwords

• Enforce password complexity/length requirements

• Configure role-based access
• Disable unneeded network services
• Disable unsecure protocols

16
Endpoint Security and Switchport Protection
• Disable unneeded switchports
• Restrict physical access/unplug patch cord
• Administratively disable port
• Assign to black hole VLAN

• Configure protection mechanisms

• MAC Filtering and Dynamic ARP Inspection
• DHCP Snooping
• Neighbor Discovery (ND) Inspection and
Router Advertisement (RA) Guard
• Port Security (IEEE 802.1X Port-Based
Network Access Control)
17
VLAN and PVLAN Best Practices
• Private VLAN (PVLAN)
• Further segment traffic within host/primary VLAN
• Promiscuous, isolated, and community ports

• Default VLAN and native VLAN

• VLAN ID 1 is default VLAN
• Native VLAN contains untagged traffic on trunks
• Native VLAN is also VLAN 1 by default
• Change to unique value on both ends of trunk

18
Firewall Rules and ACL Configuration
• Network access control list (ACL)
• Top-to-bottom
• Default block (implicit deny)
• Explicit deny
• Tuples

• iptables
• Chains (INPUT, OUTPUT, and
FORWARD)
• Stateful rules
19
Control Plane Policing
• Control, data, and management planes
• Control and management require CPU resource
• Control and management must always by kept “open”
• Sufficient bandwidth
• Sufficient processing resource
• Control plane policing policy
• Mitigate route processor vulnerabilities
• ACL-based filters
• Rate-limiting
20
Wireless Security
• Preshared keys (PSKs)
• Extensible Authentication Protocol
• Captive portal
• MAC filtering
• Geofencing
• Antenna placement and power levels
• Wireless client isolation
• Guest network isolation
21
IoT Access Considerations
• Audits to prevent use of shadow IT
• Secure administration interfaces
• Include IoT in patch and vulnerability management
• Isolate management and monitoring traffic for embedded systems
• Audit supplier security policies and procedures regularly

22
Patch and Firmware Management
• Monitor security and patch advisories
• Appliance firmware updates versus OS patches
• Firmware upgrade procedure
• Downgrading/rollback firmware
• Configuration backup

23
 Review Activity: Network Hardening Techniques
• Device and Service Hardening
• Endpoint Security and Switchport Protection
• VLAN and PVLAN Best Practices
• Firewall Rules and ACL Configuration
• Control Plane Policing
• Wireless Security
• IoT Access Considerations
• Patch and Firmware Management

24
 Lab Activity
• Lab types
Assisted Lab: Configure Port
• Assisted labs guide you step-by-step through tasks
Security
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

25
CompTIA Network+ Exam N10-008

Lesson 19
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

26
CompTIA Network+ Exam N10-008

Lesson 20
Summarizing Cloud and
Datacenter Architecture

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

1
Objectives
• Summarize cloud concepts
• Explain virtualization and storage area network technologies
• Explain datacenter network architecture

2
Lesson 20

Topic 20A
Summarize Cloud Concepts

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

3
Cloud Scalability and Elasticity
• What is a cloud?
• For the consumer?
• For the service provider?

• Scalability
• Control cost of resource provision
• Scale out versus scale up

• Elasticity
• Ability to map resource provision to demand

• Cloud and virtualization

4
Cloud Deployment Models
• Public (multi-tenant)
• Cloud service provider (CSP)
• Multi-cloud

• Hosted private
• Private
• On-premise or offsite

• Community
• Hybrid

5
Cloud Service Models
• Infrastructure as a Service
• Appliance/server provisioning

• Software as a Service
• Software provisioning

• Platform as a Service
• Database and application server
provisioning

• Desktop as a Service
• Client desktop/app provisioning
6
Cloud Connectivity Options
• Internet/virtual private network (VPN)
• Interface with cloud application over the web
• Use VPN for better security and congestion control
• Still limited by public Internet latency and bottlenecks

• Direct/private connection/co-location
• Direct link between enterprise servers and cloud servers within datacenter

7
Infrastructure as Code
• Provisioning through standard scripts
• Eliminate lack of consistency/snowflakes

• Automation
• Script a single task or build

• Orchestration
• Sequence of automation scripts
• Co-ordinate provisioning across multiple systems

8
Cloud Security Implications
• Transfer of risk/service level agreement (SLA)
• Cloud responsibility matrix
• Security of the cloud versus security in the cloud (Amazon)

• Legal/regulatory responsibility
• Insider threat (from service provider)

9
 Review Activity: Cloud Concepts
• Cloud Scalability and Elasticity
• Cloud Deployment Models
• Cloud Service Models
• Cloud Connectivity Options
• Infrastructure as Code
• Cloud Security Implications

10
Lesson 20

Topic 20B
Explain Virtualization and Storage
Area Network Technologies

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

11
Hypervisor Types
• Type II • Type I
• Host-based • Bare-metal
• Installed to host OS • Installed to host hardware

12
Virtual NICs and Switches
• Guest OS can have one or more
virtual network adapters
• Guests can be connected to VM-
only networks or join the host
network
• Virtual switch is implemented by
hypervisor to connect VMs in
different types of network

13
Network Function Virtualization
• VMs on virtual networks need the same services as physical networks
• Provisioning DHCP services to VMs
• Configuring default gateway for VMs
• Configuring network firewall for VM segment

• Provision virtual appliances

• Router, firewall, load balancer, or malware/intrusion detection

• Network Function Virtualization (NFV)

• Virtual Network Function (VNF)
• NFV infrastructure
• Management and orchestration (MANO)
14
Storage Area Networks
• Block-level access to storage
resource
• Only accessed by application
servers
• Integrate multiple types of
storage technology
• Tiered performance

15
SAN Connection Types
• Fibre Channel
• Initiator
• Target
• FC switch

• Fibre Channel over Ethernet (FCoE)

• Converged network adapter (CNA)

16
iSCSI
• Tunneling protocol that enables
the transfer of SCSI data over an
IP-based network
• Can be used to link SANs or
create low-cost SANs

17
 Review Activity: Virtualization and SAN Technologies
• Hypervisor Types
• Virtual NICs and Switches
• Network Function Virtualization
• Storage Area Networks
• SAN Connection Types
• iSCSI

18
Lesson 20

Topic 20C
Explain Datacenter Network
Architecture

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

19
Datacenter Network Design
• Datacenters
• Dedicated location for hosting server infrastructure
• Networking, power, climate control, and physical access control features

• Traffic flows
• North-south versus east-west

• Overlay networks
• Abstracts physical topology
• Encapsulates point-to-point traffic

20
Software Defined Networking
• Make components of datacenter
fully accessible to automation
and orchestration
• SDN architecture
• Application and infrastructure
layers at top and bottom
• SDN inserts a control layer
• Northbound and southbound APIs

• Management plane
21
Spine and Leaf Topology
• Leaf layer forms a full mesh with
spine
• Advantages
• Single hop predictability
• Loop free multipathing

• Top-of-rack switch models

22
Datacenter Access Types
• Branch office versus on-premises
• Servers in hub location and data replicated to branches
• Multipoint GRE used to connect branches with head office in VPNs

• Colocation
• Installing servers to a hosted environment

23
Multiprotocol Label Switching
• Service provider VPN solution
• Overlay network facilitating
point-to-point and point-to-
multipoint links over public
networks
• Traffic shaping

24
Software-defined WAN
• Secure access to datacenters
from multiple remote locations
• Overlay network managed by
SD-WAN controller
• All links authenticated and
secured
• Can use multiple underlay
network technologies

25
 Review Activity: Datacenter Network Architecture
• Datacenter Network Design
• Software Defined Networking
• Spine and Leaf Topology
• Datacenter Access Types
• Multiprotocol Label Switching
• Software-defined WAN

26
 Lab Activity
• Lab types
Applied Lab: Troubleshoot
• Assisted labs guide you step-by-step through tasks
Service and Security Issues
• Applied labs set goals with limited guidance

• Complete lab
• Submit all items for grading and check each progress box

• Select “Grade Lab” from final page

• Save lab
• Select the hamburger menu and select “Save”

• Save up to two labs in progress for up to 7 days

• Cancel lab without grading

• Select the hamburger menu and select “End”

27
CompTIA Network+ Exam N10-008

Lesson 20
Summary

Copyright © 2022 CompTIA, Inc. All Rights Reserved. | CompTIA.org

28