⚡ N10-009 at a Glance
The Network+ N10-009 has 5 domains, up to 90 questions, 90 minutes, passing score 720/900. The heaviest domain is Networking Fundamentals at 23% — if you understand IP addressing, OSI model, protocols, and switching/routing, you've covered nearly a quarter of the exam before you open a single security textbook. Networking Implementations (21%) and Network Operations (19%) together make up 40% of the exam — these two domains combined outweigh everything else.
Domain Weightings — Visual Overview
N10-009 Domain Weightings
1. Networking Fundamentals
2. Networking Implementations
5. Network Troubleshooting
Domain 1 — Networking Fundamentals (23%)
01
Networking Fundamentals
Heaviest domain — start here
23%
The foundation of the entire exam. Covers how networks actually work — the OSI and TCP/IP models, IP addressing (IPv4 and IPv6), ports and protocols, switching and routing concepts, and network topologies. This is the domain where most self-taught candidates have the biggest gaps because it requires genuine conceptual understanding, not just memorisation. If you understand how a packet moves from one host to another and why, most of the rest of the exam makes sense.
OSI & TCP/IP ModelsAll 7 OSI layers and their protocols, encapsulation, PDUs at each layer
IP AddressingIPv4 classes, CIDR, subnetting, IPv6 types (unicast, multicast, anycast), dual-stack
Ports & ProtocolsTCP vs UDP, well-known ports (20/21, 22, 23, 25, 53, 80, 110, 143, 443, 3389), ICMP
Switching ConceptsVLANs, spanning tree (STP), trunking (802.1Q), MAC address tables, ARP
Routing ConceptsStatic vs dynamic routing, RIP, OSPF, BGP, route tables, default gateway
Network TopologiesStar, mesh, bus, ring, hybrid, spine-leaf, point-to-point, WAN technologies
Ethernet Standards802.3 speeds, cable categories, fiber types (SMF vs MMF), connectors
Wireless Standards802.11 a/b/g/n/ac/ax, frequencies (2.4 GHz vs 5 GHz), channels, MIMO
Study priority: Subnetting is the single most important skill in this domain — it's tested in multiple forms including performance-based questions. Practice until you can subnet any /24 in your head. OSI layer identification is the second most tested concept.
Domain 2 — Networking Implementations (21%)
02
Networking Implementations
Heavy on switching, routing, and wireless config
21%
Where Domain 1 tests concepts, Domain 2 tests implementation — how you actually configure and deploy networks. Switch configuration (VLANs, port security, STP), routing protocols in practice, wireless access point deployment, and network services like DHCP and DNS. Performance-based questions in this domain often show a network diagram and ask you to identify the correct configuration or spot the mistake.
Switch ConfigurationVLAN creation, trunk ports, access ports, port security (MAC limiting), STP root bridge
Router ConfigurationStatic routes, dynamic routing protocol selection, NAT/PAT, ACLs
Wireless DeploymentAP placement, channel selection, WPA2/WPA3, 802.1X/RADIUS, guest networks
DHCP & DNSDHCP scopes, reservations, options, DNS zones, forwarders, record types (A, MX, CNAME, PTR)
Network Address TranslationNAT, PAT (overload), static NAT, NAT table, private vs public IP ranges
Infrastructure DevicesRouters, switches, WAPs, firewalls, load balancers, proxies, IDS/IPS placement
Cloud NetworkingVirtual networks, SDN, NFV, cloud connectivity (VPN, Direct Connect), hybrid cloud
Physical InstallationStructured cabling, patch panels, cable management, rack installation
Study priority: VLANs and inter-VLAN routing are the most heavily tested configuration topics. Know the difference between access ports and trunk ports cold. Wireless security (WPA2 Enterprise vs Personal, 802.1X) is the second biggest focus.
Domain 3 — Network Operations (19%)
03
Network Operations
Documentation, monitoring, and availability
19%
The operational side of networking — how you keep a network running reliably day-to-day. Covers monitoring tools, network documentation, high availability concepts (redundancy, failover), organisational policies, and remote access. Often underestimated by candidates focused on the technical domains — but 19% means roughly 17 questions you can't afford to skip.
Monitoring ToolsSNMP (v2 vs v3), syslog, NetFlow, SIEM, packet capture (Wireshark), bandwidth monitoring
Network DocumentationNetwork diagrams (logical vs physical), IP address management (IPAM), change management
High AvailabilityRedundant links, NIC teaming, LACP (802.3ad), HSRP/VRRP, UPS, generator backup
Remote AccessVPN types (SSL, IPSec, site-to-site, client), SSH, RDP, jump servers/bastion hosts
Policies & ProceduresChange management, configuration management, SLAs, DR/BCP, onboarding/offboarding
Network StatisticsBaseline performance, interface error counters, utilisation thresholds, latency/jitter/packet loss
Study priority: SNMP is tested consistently — know v2 vs v3 (v3 adds encryption and authentication). High availability terminology (HSRP, VRRP, LACP) trips up candidates who skip this domain. VPN types (IPSec vs SSL) are also heavily tested.
Domain 4 — Network Security (19%)
04
Network Security
Attacks, defences, and access control
19%
Security concepts as they apply specifically to networks — not the broad Security+ scope but focused on network-layer threats and defences. Covers attack types targeting network infrastructure, physical and logical security controls, authentication systems, and secure network design principles. If you're continuing to Security+ after Network+, this domain gives you a strong head start.
Network Attack TypesDoS/DDoS, ARP spoofing, DNS poisoning, VLAN hopping, man-in-the-middle, rogue AP
Firewalls & ACLsStateful vs stateless, ACL rules (permit/deny), DMZ design, firewall placement
Network HardeningDisable unused ports, disable unnecessary protocols, default credentials, firmware updates
Authentication802.1X, RADIUS, TACACS+, AAA framework, MFA on network devices
Physical SecurityLocking racks, cable locks, badge access to server rooms, surveillance cameras
IoT & Embedded SecuritySegmenting IoT devices, default password changes, firmware management
Study priority: ARP spoofing and DNS poisoning are the most tested attack types — know exactly how each works and the defence (Dynamic ARP Inspection, DNSSEC). 802.1X and RADIUS authentication appear in multiple domains — know the supplicant/authenticator/authentication server model cold.
Domain 5 — Network Troubleshooting (18%)
05
Network Troubleshooting
Commands, methodology, and systematic diagnosis
18%
Applying a systematic troubleshooting process to network problems — the most practical domain and the one where real-world experience pays off most. Covers the troubleshooting methodology, command-line tools for diagnosing connectivity issues, and common hardware and configuration failures. Performance-based questions often present a broken network scenario and ask which command to run first or which layer the problem is at.
Troubleshooting MethodologyCompTIA's 7-step process applied to network scenarios — identify, establish theory, test, establish plan, implement, verify, document
Network Commandsping, tracert/traceroute, ipconfig/ifconfig, nslookup/dig, netstat, arp, route, pathping
Connectivity IssuesDuplicate IPs, incorrect subnet mask, wrong default gateway, DHCP failure, DNS failure
Physical Layer IssuesBad cables, incorrect cable type, damaged ports, SFP module failures, PoE problems
Wireless IssuesInterference, overlapping channels, insufficient coverage, authentication failures, SSID mismatch
Performance IssuesBandwidth saturation, duplex mismatch, high latency, jitter, packet loss diagnosis
Study priority: Know when to use each command — the exam gives you a symptom and asks which tool diagnoses it. Ping ladder (loopback → own IP → gateway → external IP → hostname) is a must-know. Duplex mismatch symptoms (late collisions, CRC errors) are a favourite exam scenario.
How to Allocate Your Study Time
| Domain | Weight | Study Time % | Why |
|---|
| 1. Networking Fundamentals | 23% | 25–30% | Foundation for all other domains — concepts here appear in every other domain's questions |
| 2. Networking Implementations | 21% | 20–25% | Heavy performance-based question focus — needs hands-on practice, not just reading |
| 3. Network Operations | 19% | 15–20% | Often under-studied — SNMP, monitoring, and HA concepts are easy points if you cover them |
| 4. Network Security | 19% | 15–20% | Overlaps with Security+ — invest here if you plan to continue to Sec+ |
| 5. Network Troubleshooting | 18% | 15% | Rewards real experience — practice troubleshooting scenarios more than reading theory |
Performance-Based Questions (PBQs)
Network+ includes performance-based questions — interactive simulations where you configure a router, read a packet capture, or interpret a network diagram. They typically appear at the start of the exam and count for more marks than multiple choice.
Don't skip PBQs — a common mistake is to flag them and come back later, then run out of time. Attempt them first. If you're stuck after 3 minutes, flag and move on, but always return. PBQs heavily test Domains 1, 2, and 5.
Exam Facts — N10-009
| Detail | Value |
|---|
| Exam code | N10-009 |
| Questions | Maximum 90 (multiple choice + performance-based) |
| Time limit | 90 minutes |
| Passing score | 720 out of 900 |
| Recommended experience | CompTIA A+ and 9–12 months networking experience |
| Validity | 3 years (renewable via CE credits) |
| Cost | ~$369 USD (check CompTIA.org for current pricing) |
Ready to start studying?
See the best study guides, video courses, and practice exams for N10-009.
See Network+ Resources →
How to Use the Domain Weightings in Your Study Plan
The domain percentages tell you where to invest time proportionally. With Networking Fundamentals at 23%, nearly a quarter of your exam score comes from IP addressing, subnetting, ports and protocols, and OSI/TCP-IP model knowledge. If you're weak on subnetting, fixing that weakness has a bigger expected payoff than spending the same time on a domain weighted at 15%. A practical approach: score yourself on a practice exam domain-by-domain, then invest extra time proportional to both the domain's weight and your deficit in it.
Network Troubleshooting at 18% is particularly important because it tests applied knowledge — scenarios where you must select the right diagnostic tool or step, interpret command output, or identify the correct resolution for a described network problem. These questions can't be studied passively. You need to practise troubleshooting scenarios until the diagnostic process (OSI bottom-up, ping sequence, command tool selection) is automatic.
Domain 1 — Networking Fundamentals Deep Dive
Networking Fundamentals is the largest domain at 23% and the foundation for everything else. The key sub-topics: OSI and TCP/IP models (which protocols operate at which layers, what devices operate at which layers, using the model as a troubleshooting framework), IP addressing and subnetting (IPv4 classes, CIDR, subnet mask calculation, VLSM, IPv6 basics), ports and protocols (memorise the 20+ ports that appear on every exam), network topologies (star, bus, ring, mesh — know the failure modes of each), and wireless standards (802.11a/b/g/n/ac/ax, 2.4 vs 5 GHz trade-offs, channels).
The subnetting requirement is what separates candidates who pass on their first attempt from those who need to retake. A significant number of Domain 1 questions require subnetting calculations or conceptual subnetting knowledge — identifying which subnet a host belongs to, determining whether two hosts are on the same subnet, or selecting the right prefix length for a given host requirement. Practise until you can subnet /24 through /30 in under 60 seconds without reference materials.
Domain 2 — Network Implementations Deep Dive
Network Implementations (21%) covers the hardware and protocols used to build networks: routing protocols (RIP, OSPF, BGP — understand distance-vector vs link-state, when each is used, and key characteristics), switching concepts (VLANs, spanning tree protocol, link aggregation, port mirroring), wireless infrastructure (access points, wireless controllers, site surveys, SSID design), and physical installation (cable categories, patch panels, structured cabling standards, power over Ethernet).
VLANs are heavily tested because they're the primary network segmentation tool in enterprise environments and intersect with both routing (inter-VLAN routing via a router-on-a-stick or Layer 3 switch) and security (isolating traffic types). Know that VLANs are configured on switches, that a trunk port carries multiple VLANs using 802.1Q tagging, that an access port carries a single VLAN, and that inter-VLAN communication requires Layer 3 routing.
Domain 4 — Network Security Deep Dive
Network Security at 19% covers attacks, defences, and access controls. Common network attacks: DoS/DDoS (volumetric, protocol, and application layer), man-in-the-middle (ARP poisoning, SSL stripping), DNS attacks (spoofing, cache poisoning, DNS hijacking), VLAN hopping (switch spoofing and double tagging attacks). Firewall types: packet filtering (stateless, simple rules), stateful inspection (tracks connection state), application-layer (Layer 7, deep packet inspection), and next-generation firewalls (NGFW, which combine stateful + application awareness + IPS + user identity).
Network access control: 802.1X uses an authenticator (switch or wireless AP), supplicant (the device), and authentication server (RADIUS) to control port-level access. Only authenticated devices are allowed onto the network; unauthenticated devices are placed in a quarantine VLAN. This is the enterprise standard for wired and wireless access control and appears frequently in both Network+ and Security+ scenario questions.
Domain 5 — Network Troubleshooting Deep Dive
Network Troubleshooting (18%) is almost entirely scenario-based — symptoms, diagnostic steps, and resolutions. The key framework is OSI bottom-up: always start by verifying Layer 1 (physical — is the cable connected, is the link light on?) before checking Layer 2 (switch config, VLAN), Layer 3 (IP addressing, routing), and higher layers (DNS, application). Jumping to DNS before confirming physical connectivity exists is a common real-world mistake that the exam tests by placing Layer 3 and DNS issues in scenarios where the actual cause is Layer 1 or 2.
Essential troubleshooting commands: ping (ICMP echo test, verify basic connectivity), traceroute/tracert (path discovery, identify where packets stop), nslookup/dig (DNS resolution testing), netstat (view active connections and listening ports), arp -a (view ARP cache, useful for ARP poisoning investigation), ipconfig /all or ip addr (view IP configuration). Know what each command reveals, what its output looks like, and when you'd use it in a troubleshooting sequence.
Related Articles