Why OSI Is the #1 Exam Topic
The OSI (Open Systems Interconnection) model is the single most tested concept across CompTIA A+, Network+, and Security+. Every troubleshooting scenario, device identification, and protocol question on the exam connects back to OSI. A question about "which layer does a switch operate at?" is an OSI question. "Which layer does encryption occur at in TLS?" is an OSI question. "A technician is troubleshooting a connectivity issue — which layer should they check first?" is an OSI question. Internalising the OSI model — not just memorising the layer names, but understanding what happens at each layer and what devices and protocols live there — is the single highest-value study investment for all three exams.
Layer 7 — Application
The Application layer is where network-aware applications interact with the network stack. It provides network services directly to end-user applications — not the applications themselves, but the interfaces that applications use to communicate over the network. Protocols: HTTP/HTTPS (web browsing), FTP/SFTP (file transfer), SMTP/POP3/IMAP (email), DNS (name resolution), DHCP (IP assignment), SSH (secure shell), Telnet (legacy remote access), SNMP (network management), LDAP (directory services). The PDU (Protocol Data Unit) at Layer 7 is called a message or data. Troubleshooting at Layer 7: can the application connect? Is the server responding on the correct port? Is the DNS name resolving correctly?
Layer 6 — Presentation
The Presentation layer translates data between the application format and the network format. It handles three functions: translation — converting character encoding (ASCII to EBCDIC, Unicode), data formats (JSON to XML), and file formats; encryption/decryption — SSL/TLS operates at this layer, encrypting data before transmission and decrypting it on receipt; compression — reducing data size for efficient transmission (JPEG, MPEG, GIF compression happen here). In practice, Layers 5, 6, and 7 are often collapsed together in real protocol stacks — the TCP/IP model combines them all into a single Application layer. On the exam, Layer 6 is most commonly tested by identifying that SSL/TLS and encryption live here.
Layer 5 — Session
The Session layer manages the establishment, maintenance, and termination of communication sessions between applications. A session is a persistent logical connection between two communicating applications — beyond just sending packets, a session maintains state (which side is talking, where we are in a multi-step exchange, how to recover if interrupted). Protocols and services: NetBIOS (Windows network resource sharing), RPC (Remote Procedure Call — used by Active Directory, NFS, and many enterprise applications), SQL session management, SIP (VoIP session establishment). The Session layer is the least-tested of the seven layers on CompTIA exams — most questions focus on Layers 1–4 and Layer 7. When it does appear, it's usually in the context of "which layer manages sessions between applications?"
Layer 4 — Transport
The Transport layer is responsible for end-to-end communication between applications on different hosts. Key functions: segmentation — breaking large messages into segments small enough to transmit; port numbers — identifying which application on the destination host should receive the data (port 80 = HTTP, port 443 = HTTPS, port 22 = SSH); multiplexing — allowing multiple applications to share the same network connection simultaneously; reliability (TCP only) — sequencing, acknowledgements, and retransmission. The two Transport layer protocols are TCP (reliable, connection-oriented) and UDP (fast, connectionless). The PDU at Layer 4 is called a segment (TCP) or datagram (UDP). Devices: firewalls operating on ports are Layer 4 devices.
Layer 3 — Network
The Network layer handles logical addressing and routing — moving packets between different networks. Key functions: IP addressing — assigning and reading logical (IP) addresses; routing — determining the best path for packets to travel from source to destination across multiple networks; packet forwarding — each router reads the destination IP, consults its routing table, and forwards the packet toward the destination. Key protocols: IP (IPv4 and IPv6), ICMP (ping, traceroute, unreachable messages), OSPF, BGP, EIGRP (routing protocols). The PDU at Layer 3 is called a packet. Devices: routers and Layer 3 switches. Troubleshooting at Layer 3: can you ping the destination? Is the routing table correct? Is the default gateway configured?
Layer 2 — Data Link
The Data Link layer handles communication within a single network segment — node-to-node delivery using physical addresses. Key functions: MAC addressing — each NIC has a unique 48-bit MAC address burned in at manufacture; framing — wrapping packets in frames with source and destination MAC addresses and error-checking (CRC); error detection — CRC (Cyclic Redundancy Check) detects frames corrupted in transit; media access control — CSMA/CD (Ethernet) and CSMA/CA (WiFi) govern which device can transmit at a given time. Layer 2 is divided into two sublayers: LLC (Logical Link Control) — interfaces with the Network layer above; MAC (Media Access Control) — interfaces with the Physical layer below. The PDU at Layer 2 is called a frame. Devices: switches (forward frames by MAC address), bridges (legacy). Troubleshooting: can you see the device's MAC in the ARP table? Is the switch port active?
Layer 1 — Physical
The Physical layer defines everything about the physical transmission of raw bits — electrical signals, light pulses, or radio waves. This includes: cable specifications — Cat5e, Cat6, Cat6a, fiber optic (SMF vs MMF); connector types — RJ-45, LC, SC, ST; signal encoding — how 0s and 1s are represented as voltage levels, light pulses, or radio frequencies; data rates — 100 Mbps, 1 Gbps, 10 Gbps; wireless frequencies — 2.4 GHz and 5 GHz bands. The PDU at Layer 1 is simply bits. Devices: hubs (legacy), repeaters, wireless access point radios, cables and connectors. Troubleshooting at Layer 1: is the cable connected? Are the link lights on? Is there a cable break? Is the cable the right type for the required speed?
OSI Troubleshooting — Bottom-Up Approach
The standard CompTIA troubleshooting methodology for network issues follows the OSI model from the bottom up. Layer 1 first — check physical connectivity: cable plugged in? Link light? Correct cable type? Layer 2 — is the MAC address in the switch's ARP table? Is the VLAN correct? Layer 3 — does the device have an IP address? Can it ping the default gateway? Are routes correct? Layer 4 — is the correct port open? Is a firewall blocking the port? Layer 7 — is the application configured correctly? Is the server responding? This layered approach systematically eliminates potential causes rather than randomly checking settings. The exam presents troubleshooting scenarios specifically to test whether candidates apply this structured approach.
Device and Protocol Quick Reference
| Layer | Name | PDU | Devices | Key Protocols |
|---|---|---|---|---|
| 7 | Application | Data/Message | Proxy, WAF, Load balancer | HTTP, FTP, DNS, SMTP, SSH, DHCP |
| 6 | Presentation | Data | — | SSL/TLS, JPEG, MPEG, ASCII |
| 5 | Session | Data | — | NetBIOS, RPC, SIP, SQL |
| 4 | Transport | Segment/Datagram | Firewall (ports) | TCP, UDP |
| 3 | Network | Packet | Router, Layer 3 switch | IP, ICMP, OSPF, BGP |
| 2 | Data Link | Frame | Switch, Bridge, NIC | Ethernet, 802.11 (WiFi), ARP |
| 1 | Physical | Bits | Hub, Repeater, Cable, AP | Ethernet (physical), 802.11 (radio) |