CompTIA Network+ N10-009: The Vendor-Neutral Cert That Proves You Understand Networking

Why Network+ still matters in 2026

When a hiring manager sees CompTIA Network+ on a resume, it signals something specific: the candidate understands how networks actually work, not just how to configure one vendor’s equipment. That distinction matters more today than it did five years ago. Modern infrastructure spans on-premises switches, cloud virtual networks, SD-WAN overlays, and zero-trust access layers — often from three different vendors at once. An engineer who passed a single vendor’s associate exam may have a deep but narrow foundation. Network+ is deliberately wide.

The N10-009 version, released March 2024, reflects where enterprise networks have moved. The old N10-008 was built around a more traditional on-premises networking model. N10-009 shifts weight toward cloud integration, modern security architecture, and wireless technology that reflects the actual mix found in enterprise and hybrid environments today. If you’re sitting for N10-008 study materials, note that exam version retired in December 2024 — N10-009 is the only active version.

The Network+ mental model

The OSI model is the backbone of the entire exam. Every troubleshooting question, every protocol question, and every security scenario maps back to a specific layer. Before memorising any individual technology, understand which layer it operates at and why. Layer 2 issues (MAC addresses, VLANs, STP) are fundamentally different from Layer 3 issues (routing, IP addressing), and the exam will test whether you can tell them apart under time pressure.

The five N10-009 exam domains

CompTIA publishes the full exam objectives at comptia.org. The five domains and their approximate weights are:

Domain 1 — Networking Concepts (23%)

The largest domain by weight, covering the foundational knowledge that every other domain builds on. This is where most candidates spend the most study time — and where a shaky foundation costs the most points on exam day.

OSI and TCP/IP models: Know which protocols live at which layer — not just the layer number, but why. HTTP at Layer 7, TCP/UDP at Layer 4, IP at Layer 3, Ethernet at Layer 2. The exam will describe a symptom and ask you to identify the affected layer.
Ports and protocols: Memorise the essential port numbers: DNS (53), DHCP (67/68), HTTP (80), HTTPS (443), SSH (22), Telnet (23), SMTP (25), IMAP (143), POP3 (110), FTP (20/21), SFTP (22), SNMP (161/162), RDP (3389), LDAP (389), LDAPS (636). Know which use TCP, which use UDP, and which use both.
IPv4 addressing and subnetting: CIDR notation, subnet mask to prefix length conversion, calculating network address, broadcast address, and usable host range. N10-009 includes more IPv6 than N10-008 — know the address format, types (unicast, multicast, anycast), and how SLAAC and DHCPv6 differ.
Network types and topologies: LAN, WAN, MAN, CAN, PAN, SAN; star, mesh, bus, ring topologies; and the difference between physical and logical topologies. SD-WAN is explicitly included in N10-009 as a WAN connectivity option.
Cloud networking concepts: IaaS, PaaS, SaaS. Virtual networks, subnets, security groups, and load balancers in the cloud context. The exam tests conceptual understanding, not provider-specific console knowledge.

Domain 2 — Network Implementation (20%)

This domain covers the practical configuration side: VLANs, routing protocols, wireless standards, and cabling. It bridges conceptual knowledge to real-world deployment decisions.

VLANs and trunking: A VLAN logically segments a physical switch into multiple broadcast domains. IEEE 802.1Q is the standard for VLAN tagging on trunk links. Know the difference between access ports (single VLAN, untagged) and trunk ports (multiple VLANs, tagged). Inter-VLAN routing requires either a router-on-a-stick setup or a Layer 3 switch.
Routing protocols: Know the basics of static routing, RIP (hop count metric, max 15 hops), OSPF (link-state, uses cost/bandwidth metric, scales to large networks), and BGP (path-vector, used between autonomous systems, the routing protocol of the internet). N10-009 does not require deep OSPF configuration knowledge, but you must understand when each protocol is appropriate.
Spanning Tree Protocol (STP): Prevents Layer 2 loops by electing a root bridge and blocking redundant paths. Know the port states (blocking, listening, learning, forwarding) and the difference between STP, RSTP (faster convergence), and MSTP (multiple instances). A loop in a switched network without STP causes a broadcast storm — the exam will test this failure scenario.
Wireless standards: 802.11a (5 GHz, 54 Mbps), 802.11b (2.4 GHz, 11 Mbps), 802.11g (2.4 GHz, 54 Mbps), 802.11n (dual-band, up to 600 Mbps), 802.11ac (5 GHz, MU-MIMO, up to ~3.5 Gbps), 802.11ax/Wi-Fi 6 (dual-band, OFDMA, up to ~9.6 Gbps, better performance in dense environments). N10-009 explicitly adds Wi-Fi 6 coverage.
WPA2 vs WPA3: WPA2 uses AES-CCMP; WPA3 adds Simultaneous Authentication of Equals (SAE), replacing the PSK handshake to eliminate offline dictionary attacks. WPA3-Enterprise adds 192-bit encryption mode. The exam will ask you to recommend the most secure wireless option — always WPA3 when available.
Cable types: Cat 5e (1 Gbps/100m), Cat 6 (10 Gbps/55m), Cat 6a (10 Gbps/100m), Cat 8 (40 Gbps/30m, data centres). Fibre: single-mode (long distance, laser) vs multimode (shorter distance, LED). Straight-through vs crossover cables (though modern switches use Auto-MDIX to handle this automatically).

Domain 3 — Network Operations (17%)

The operational side: how you monitor, document, and manage a network that’s already running. This domain tests the day-two skills that keep networks reliable over time.

Network monitoring: SNMP (Simple Network Management Protocol) uses agents on devices and a manager to collect metrics. SNMP v3 added authentication and encryption; avoid v1/v2c in production. NetFlow/sFlow records traffic flow metadata (source/destination IP, ports, bytes) for traffic analysis without capturing payloads. Syslog centralises log collection — know the severity levels (0 = Emergency to 7 = Debug).
High availability and redundancy: FHRP protocols (HSRP, VRRP, GLBP) provide default gateway redundancy by making multiple routers share a virtual IP. NIC teaming aggregates multiple physical interfaces for bandwidth and failover. RAID levels for storage (0 = striping, 1 = mirroring, 5 = striping with parity, 10 = striping + mirroring).
Documentation: Network diagrams (physical and logical), IP address management (IPAM), cable labelling, standard operating procedures, and change management processes. N10-009 includes questions on why documentation discipline matters for troubleshooting speed and compliance.
Network configuration management: Baseline configurations, configuration backups before changes, firmware/OS update procedures, and the role of change advisory boards (CABs) in formal change management. Know what a rollback plan is and why it must exist before any change window.

Domain 4 — Network Security (20%)

Tied with Network Implementation for the second-largest domain, security coverage in N10-009 was significantly expanded and modernised. Zero trust architecture is explicitly included for the first time.

Zero trust architecture: “Never trust, always verify.” Zero trust replaces the implicit trust granted to traffic inside a network perimeter. Every access request is authenticated, authorised, and continuously validated regardless of network location. Key components: identity provider (IdP), policy engine, policy enforcement point (PEP). Microsegmentation limits the blast radius when a breach occurs.
Common attacks: DDoS (volumetric, protocol, application-layer); ARP spoofing (attacker sends fake ARP replies to associate their MAC with another host’s IP, enabling MITM); VLAN hopping (switch spoofing or double tagging to access traffic from another VLAN); DNS poisoning (corrupting cached DNS records to redirect traffic); on-path/MITM attacks; social engineering (phishing, vishing, pretexting).
Network hardening: Disabling unused ports and services, changing default credentials, enabling port security (limiting MACs per port), using BPDU Guard and Root Guard on STP to prevent rogue switches, disabling Telnet in favour of SSH, and using 802.1X for network access control (NAC).
AAA framework: Authentication (who are you?), Authorisation (what are you allowed to do?), Accounting (what did you do?). RADIUS and TACACS+ both implement AAA; RADIUS encrypts only the password, TACACS+ encrypts the entire payload and separates authentication from authorisation. The exam will ask when to use which.
Firewalls and IDS/IPS: Stateful firewalls track connection state; stateless (ACL-based) evaluate each packet independently. Next-generation firewalls (NGFW) add application awareness, user identity, and SSL inspection. IDS detects and alerts; IPS detects and blocks. Both can use signature-based (known threats) or anomaly-based (deviation from baseline) detection.
VPNs: Site-to-site VPN connects two networks; remote-access VPN connects individual clients. IPsec operates at Layer 3 and is used for site-to-site; SSL/TLS VPN (e.g., OpenVPN, Cisco AnyConnect) operates at Layer 4/7 and is common for remote access. Split tunnelling routes only corporate traffic through the VPN; full tunnelling routes everything.

Domain 5 — Network Troubleshooting (20%)

The most practical domain: the CompTIA troubleshooting methodology, command-line tools, and how to diagnose the most common network failures in the field and on the exam.

Troubleshooting methodology: CompTIA defines a seven-step process: (1) identify the problem, (2) establish a theory of probable cause, (3) test the theory, (4) establish a plan of action, (5) implement the solution, (6) verify full functionality, (7) document findings. The exam will present a scenario and ask which step comes next.
Essential tools: ping (ICMP echo, tests basic connectivity), traceroute/tracert (shows hop-by-hop path and latency), nslookup/dig (DNS query testing), arp -a (view ARP cache), netstat/ss (active connections and listening ports), ipconfig/ip addr (interface configuration), nmap (port scanning and host discovery), Wireshark (packet capture and protocol analysis).
Wireless troubleshooting: Channel overlap (2.4 GHz: use non-overlapping channels 1, 6, 11), co-channel interference (multiple APs on the same channel), hidden node problem (two clients can’t hear each other but both reach the AP), signal attenuation through walls and interference from microwaves/Bluetooth/other 2.4 GHz devices.
Common failure scenarios: Duplicate IP addresses (ARP conflict symptoms), DHCP exhaustion (clients get APIPA addresses in 169.254.x.x range), incorrect VLAN assignment (host can reach some but not all expected resources), MTU mismatch (large packets fail, small packets succeed), DNS misconfiguration (IPs work but names don’t), default gateway missing (local LAN works but internet/routed traffic fails).
Physical layer issues: Cable testers verify continuity and pinout. TDR (Time Domain Reflectometer) locates breaks in copper cable by measuring reflection time. OTDR does the same for fibre. PoE (Power over Ethernet) faults appear as intermittent access point reboots or IP phone failures — check switch PoE budget before adding devices.

The most common Network+ trap: confusing similar protocols with identical ones. RADIUS vs TACACS+. STP vs RSTP. WPA2 vs WPA3. IPsec vs SSL VPN. The exam writes wrong-answer choices designed to catch candidates who know a protocol exists but don’t understand the specific difference. Study the “vs” comparisons first.

What changed from N10-008 to N10-009

N10-009 is not a minor version bump. CompTIA reorganised the domain structure, added new technologies, and removed content that no longer reflects real-world networking. Key changes candidates coming from N10-008 study materials should note:

Zero trust architecture added: Explicitly in Domain 4. N10-008 had general security concepts; N10-009 teaches the zero trust model as a specific architecture.
SD-WAN added: Software-defined WAN is now included as a WAN connectivity option in Domain 1, reflecting how enterprises have replaced MPLS with SD-WAN overlays.
Wi-Fi 6 (802.11ax) added: OFDMA, BSS Colouring, and target wake time (TWT) are new topics. Candidates who only studied up to 802.11ac are missing a full wireless generation.
IPv6 expanded: More IPv6 address types, neighbour discovery protocol (NDP), and dual-stack deployment scenarios. IPv6 is no longer a “bonus topic” — it’s tested at near-parity with IPv4 in subnetting and troubleshooting questions.
Older technologies reduced: Token Ring, FDDI, and some legacy WAN technologies (Frame Relay, ATM) were removed or reduced. If your study guide still has a chapter on Frame Relay, it’s N10-008 material.

Why it matters for cert candidates

CompTIA Network+ N10-009 is a DoD 8570.01-M approved certification for IAT Level I roles, which means it’s a contractual requirement for tens of thousands of government IT contractor positions. Beyond government work, it’s the cert most commonly used as a bridge between CompTIA A+ and either Security+ or Cisco CCNA. Candidates who pass Network+ first report that Security+ — which overlaps significantly in the network security domain — requires roughly half the study time. For CCNA-bound candidates, Network+ builds the mental model that Cisco-specific content then fills in with CLI and configuration detail. Average study time for candidates without a networking background is 6–8 weeks at 1–2 hours per day. Those with hands-on networking experience typically pass in 3–4 weeks of focused review.

What comes after Network+

Network+ sits at the Associate tier of CompTIA’s certification stack. From here, paths fork based on your target role:

CompTIA Security+ SY0-701: The natural next step for most candidates. Network+ covers the network foundation; Security+ builds the threat, vulnerability, and compliance layer on top. Together they satisfy the DoD 8570 IAT Level II baseline.
CompTIA CySA+ CS0-003: The cybersecurity analyst cert above Security+. Covers threat hunting, incident response, vulnerability management, and SIEM/SOAR tooling. Strong choice for SOC and security operations roles.
Cisco CCNA 200-301: Network+ gives you the concepts; CCNA gives you the vendor-specific CLI skills. Many engineers pursue both: Network+ for the vendor-neutral foundation, CCNA for the Cisco-specific hiring signal. Cisco remains the dominant vendor in enterprise networking.
CompTIA Network+ → Cloud+: CompTIA Cloud+ (CV0-004) extends networking knowledge into hybrid cloud infrastructure, virtual networks, and cloud security. A logical path for candidates targeting cloud infrastructure roles without committing to a single cloud vendor’s certification track.

Candidates with both Network+ and Security+ consistently report faster time-to-hire in entry-level security and network engineer roles. The combination covers enough ground — from physical cabling to zero trust policy — that it substitutes for two years of formal experience at many employers who list these certs as qualifying alternatives on job postings.

Ready to test your Network+ knowledge? We have scenario-based CompTIA practice questions covering OSI model, VLANs, routing, wireless, security, and troubleshooting — timed, randomised, and free.

Start Network+ Practice Questions →