Comptia Network+ Study Guide  (2009)

| Official Website |

The Comptia Network+ examination is not an unbeatable monster. In fact, compared to many common certification examinations, the Network+ exam is rather formulaic and easy to master with the right training. In this study guide, you will receive just that “right” training; in fact, you can master the facts you need to know for the exam in 20 easy lessons. Each lesson is timed to take approximately one hour to complete (which is a very generous estimate indeed); many people will be able to read the covered material in less than half of that time.

Most of the lessons will follow a similar format – content will be covered, with key points in bold, in a small reading section, followed by a few questions for review. It is recommended that you read the section multiple times to fully comprehend the material, as many of the key points covered come straight out of exam pattern or the Comptia Network+ exam syllabus. The review questions will almost always cover concepts directly addressed in the reading sections and will also reflect typical exam questions.

Periodically, you will encounter some reading sections in which exam material is not directly addressed, such as in the “troubleshooting” or “review” reading sections. Don’t be fooled – these are perhaps the most critical passages in helping you succeed on the exam because they cover the concepts and methods necessary to be successful in answering exam questions, especially those requiring some analysis.

After you have completed all 20 days of the Network+ study guide, you will probably be ready for the exam (of course, you may want to check out our “Sneak Peek Review.”) So, it would be in your interest to register for the exam ahead of schedule, but do know that you don’t have to pay full price for the exam – many online companies offer reduced-price exams and a quick search on our forum will yield some of these providers (also go through the article section for more details on vouchers).

The most important thing to remember while studying for this exam is that it tests primarily for your ability to apply the relatively small amount of information covered by the exam to solve basic network issues. So, when studying, don’t simply memorize names and functions; instead, memorize the applications, pros, and pitfalls of all the networking components. Do this and you will succeed in your endeavor to earn the Network+ certification!

Day 1: Network Topologies & Types Of Networks

At the core of the Network+ exam and networking concepts in general is the idea of topology, or more specifically, the manner in which data is exchanged over the network. Network topology is a mainly conceptual topic - when we speak of "star" networks or "ring" networks, we are really speaking in terms of the manner in which information is exchanged and not their physical setup. Remember that each topology/network type has its unique advantages and disadvantages that will be tested on the Network+ exam in the form of asking you "which is the most appropriate." Don't try to memorize the perks of each - rather, try to understand the manner in which each allows the exchange of information; then, the advantages and disadvantages will seem only logical to you.


Networking topologies are organized by the way in which information "flows" across a network. Below are the basic topologies:

  • Bus - This is the most simplistic topology in which the nodes of the network are individually linked to up to two successive other nodes or another node and a terminating node or terminator. This is considered now an archaic topology, because of the difficulty of troubleshooting network issues (how do you know which node is causing the connection issue?), redundancy issues (if one node fails, the network as a whole can fail), the need for terminators, and the amount of traffic created (every node between A and B must receive the packet that A sends). The nodes linked in this topology are often referred to as "daisy-chained."
  • Ring - Similar to a bus network in that nodes are linked to each other, but dissimilar in that the ends of a ring network are not terminated because, well, there are no ends! A ring network is something like a "circular" network in which each and every node is linked to two other nodes. This shares many of the same weaknesses as the bus topology, including troubleshooting difficulty, redundancy issues, and traffic created, and also adds an additional difficulty - the difficulty of adding a node to a token ring network.
  • Star - This is the most typical and practical network setup. In a star network, each node maintains an individual connection to a switch, where all other nodes are connected. Traffic between two known nodes, therefore, only goes through the switch and not through other nodes. This increases the redundancy of the network (one computer faltering will not cause the network to fail), increases data privacy (unicast traffic does not travel through all nodes), and is a relatively easy-to-use setup. Disadvantages include reliance on the switch (a fail-point) and the amount of wiring necessary.
  • Mesh/"Ad Hoc" - This is a rarely occurring configuration in which every node is connected to every other node; it usually occurs only in wireless networks in "ad hoc" mode, which will be discussed later; in this mode, each wireless card maintains a connection to each other wireless node it wishes to connect with, forming a "mesh" of a network. This is a relatively easy to understand option but is inefficient, requires a large amount of overhead, and is difficult to manage.
  • Combined or Hybrid - This is simply a topology referring to the case where more than one topology is utilized. For example, you may have three token ring networks connected to a central hub, forming a star of token rings. This is one of many possibilities of a hybrid network.

 Types of Networks (Access Models)

The Network+ examination is interested in your ability to identify network access models, generally referred to as types of networks. These do not suggest the way in which network nodes are connected or the way that information flows (as do topologies), but rather, the manner and mode in which nodes communicate with each other and share information. There are three basic types:

  • Decentralized - Often referred to as "peer to peer" network, a decentralized network does not contain any distinctions between client and server. In a decentralized network, every node acts as a client and/or a server depending on the task at hand. For example, many file sharing networks are considered "decentralized" because nodes both download and upload (serve) files. The ease of adding nodes and the ease of setup is a drawing point of decentralized networks, but the pivotal downfall of these networks is their difficulty of maintenance (a setting must be changed on each node to reflect a setting change on the whole network).
  • Client-Server Access - In this type, nodes can either act as "clients" or "servers," requesting or handing out information. Do not confuse the model with the star topology; though the star topology often utilizes the client-server access model, this does not infer that every client-server network utilizes the star topology. In a client-server network, management is easy and the network can offer services that decentralized networks cannot, but this comes at the expense of difficulty in setup, setup cost, and server reliance.
  • Centralized - A centralized network is a modified client-server network in which the clients have no individual control; that is, all maintenance and setup occurs at the server level. The extreme ease of management and ability to micromanage is a drawing point of this access method, but the prohibitive cost and inflexibility of the method deter many from employing it.

Day 2: The OSI Model

The Open Systems Interconnection (OSI) Model

At the core of the Network+ exam is the OSI "Seven" Model. The model describes the ways and means that networks use to operate and for communication . Though you will seldom (if ever) encounter or use it in practice, and although you will find it to be a mundane, ambiguous, or even arbitrary model, it is heavily tested on the Network+ exam and therefore for our purposes, it is immediately relevant.

The OSI Model is like a seven-layered cake. Just as the cake starts from the bottom and becomes more ornate as it reaches the top, the OSI Model begins with the most basic layer, the Physical layer, and ends at the layer that we as users encounter, the Application layer. Like a cake, each of the layers depends on the layers below it to operate - for example, Outlook Express cannot receive email when the network cable is disconnected - without the cable, the "cake" crumbles. (OK, this analogy is a bit of a stretch, but just go with it!) The order of the layers, therefore, is quite important and you should have it intimately memorized.

Here are the layers, from bottom to top:

Name Mnemonic
Physical Pete
Data Link Doesn't
Network Need
Transport To
Session Sell
Presentation Pickles
Application Anymore

Of course, you are free to come up with your own mnemonic device, but we do recommend you find some way of remembering the layers because it will be a subject of the test.

More important than the order of the layers, however, is the function of the layers. Most exam questions on the OSI model ask you, "Which layer does so-and-so operate in?" or something to that nature. Another type of question that occurs frequently is, "A problem has occurred (Problem description). Which layer is to blame ?" These questions can feel ambiguous or difficult, but most of the time, there is a single, clear answer that makes itself known provided that you are aware of the model and the place each layer takes in the model. We will now cover each layer in detail.


At the base of the OSI model is the physical layer. This one is the easiest to understand - it encompasses most of the physical aspects of the network; for example, a repeater (a piece of equipment that amplifies signals) operates at the physical level because it is only concerned with transmitting the electric signal on the wire - it does not try to interfere with, encode/decode, or otherwise logically manipulate the signal. Think of the physical layer as the "electrical" layer of the model - the physical layer is the layer of low-levelnetworking equipment, such as some hubs, cabling, and repeaters . The physical layer is never concerned with protocols or other such higher-layer items.

Examples of hardware in this layer:

  • Network adapter
  • Repeater
  • Network hub
  • Modem
  • Fiber Media Converter

 Data Link

Directly above the physical layer is the Data Link layer, which can be seen as the layer that links the electric signals of the physical layer to the logical organization of the higher layers. Unlike hubs, switches operate at the Data Link sublayer, because switches can direct intra-network traffic to a specific MAC address. It is the layer that organizes data bits (electric/physical) into frames (more logical). The Data Link layer is traditionally broken into two sub-layers:

  • MAC Sub-layer: (Media Access Control) The layer that organizes networked devices by a unique MAC address . Every networked device has a unique MAC address assigned by the manufacturer.
  • LLC: (Logical Link Control) The layer that provides error and flow control to other layers, and that is used to provide both connection and connectionless - oriented services . When you think LLC, think transport layer - LLC is intimately connected to the transport layer as the two work together to provide these two types of services



The Network layer is where the frames of the Data Link layer become packets. The best way to think of the Network layer is as the mailroom clerk of the OSI model. The clerk receives mail and directs it to the appropriate couriers. In similar fashion, the Network layer translates the frames it receives from the Data Link layer into more logical packets which can be routed to other networks (like sending it to a courier). At the Network layer, you can begin to actually communicate across a Network, but the service is called "unreliable" because no connection can be established. Communication over the Network layer is something like throwing a message in a bottle into the sea - you cannot verify that the other person ever reads the message. It should be noted that most of what we call "routing" occurs at the network layer - that is, network traffic is routed from one network to another at this layer, allowing for inter-network (as opposed to intra-network) communication.


At the Transport layer, the Network layer's packets are sorted and organized into "segments." This is different from the idea of packets in the Network layer in one fundamental way: the segments of data over the Transport layer contain information on the connection and the transmission of data. The Transport layer removes the uncertainty of "throwing the message in the bottle" that we experience over the Network layer by attaching to segments (which are basically continued packets) information about the state of a connection. Thus, the Transport layer uses the LLC sub-layer of the Data Link layer to establish connections between hosts. The protocols that are typically associated with the Transport layer are:

  • TCP: Connection-Oriented, reliable - unlike the "message in the bottle," it can verify that a segment or packet reaches the location, or note failure
  • UDP: Connectionless, unreliable - it is like a "smarter" message in the bottle service; it makes a best-effort delivery but cannot establish a connection or verify receipt


The Session layer is the layer that initiates and terminates the transport layer connection-oriented services . While the Session layer is not widely used by protocols, it is important in that it is responsible for managing the connections that we value and that the Transport layer provides.


The Presentation layer translates the segments of information from the Transport layer into data that can be used at the Application layer. It is something of an intermediary between the network node's processing area and the network node's actual networking area - it can interpret the segments or packets it receives and change them into "data formats" that we all know and that the PC can recognize.


This is the top of our cake, utilizes the layers below it, and includes the functions that we are most familiar with - the end-user application protocols such as FTP and HTTP, the vital services like DHCP and DNS, and several obscure applications. The Application layer does indeed cover a wide variety of protocols and services, but don't let this overwhelm you. In general, when trying to decide if a service or protocol is an application level one, ask: "Does this facilitate networking, or does networking facilitate the service ?" If the answer is the latter, you know it is an Application layer service.

 We Shall Meet Again...

Although you have enjoyed learning the OSI model, don't assume this is the last encounter you will have with it - you would be far mistaken. Actually, the OSI model permeates the theoretical foundation of all networking hardware, software, and standards. It is the common denominator of networking (at least as far as the Network+ exam is concerned) and will reappear in just about any discussion of any networking topic. So, be sure to keep the OSI model in the back of your head and continue to study it!

Also See: Interactive OSI Model Tutorial


Day 3: Networking Equipment - I

The Equipment

  • Hub: A hub, at the most basic level, is a “dumb” device that operates at the Physical layer of the OSI model. A hub forwards all signals it receives to all connected network devices. Think of a hub as a “drunk” – when he speaks, he speaks to all around him, even if he really only means to speak with one person.


  • Switch: Because the hub is something of a “drunk,” it can be an inefficient (think about the excess traffic created) and unsecure device. Imagine if you wish to send sensitive credit card information over the network – do you really want every node to receive your electronic signal? To alleviate this, the switch was developed. A switch operates at the Data Link layer of the OSI model. It uses the MAC sub-layer to forward the relevant frames of information only to the intended recipient. Messages can still be broadcast, but this is only an option and not the normal condition. Unlike the “drunken” hub, the switch can speak softly to one person at a time or announce to the crowd. The Network+ exam tends to test you on this difference between a hub and switch, so keep it fresh in your mind.


  • Bridge: A bridge also operates at the Data Link layer (aka Layer 2) and is used to connect two (similar or dissimilar) physical network segments together, forming a larger inter-network. It can forward packets or reject them based on their destination (MAC) address.  Note: The connected network segments must have same network ID.


  • Router: The router operates at the Network layer of the OSI Model and is used to forward packets across network segments to reach a certain destination address. Do not be confused between a router and a bridge – a bridge simply forwards packets or frames based on their destination address from one connected network segment to another. A router can determine where a packet should be sent to given its final destination (IP address). Usually, routers forward packets to other routers, but sometimes routers also forward to other pieces of network equipment. A router is usually used to connect a home computer to an “always-on” Internet connection through the home network. To appreciate what a router really does, run tracert to your favorite website and see how many steps are involved in getting from your computer to the web server in question.


  • Gateway: A gateway is any device that serves to interface with other networks using dissimilar protocols . For example, a gateway might interface between a home network and the Internet or between a NetBIOS network and an IPX/SPX network. A gateway can, therefore, operate in any of the seven OSI layers, but typically operates at the very top, the Application layer (Layer 7).


  • WAP: A wireless access point is a device that allows wireless devices to access to and communicate with the network. It acts as abridge between the wired, traditional network and other wireless devices''''. Alternatively, it can act as a bridge between wireless devices and another, linked WAP. It typically operates in the Network layer of the OSI model as a sort of router/bridge/switch combination. Note that most WAP devices direct traffic by MAC address, making them switched.


  • NIC: A Network Interface Card is a device that allows a node to connect to the network, typically in the form of a computer “card” (PCI/ISA) but also in the form of an external (think USB) device. It can either be wired and connect to a traditional, wired network, or wireless, and connect to a WAP.

 Applying the Knowledge

So now that you know a bit about some networking equipment, let’s end with a few review questions that apply your knowledge.

1. Which of the following devices operate at the Application layer of the OSI model?

A. Hub

B. Switched Hub

C. Router

D. Gateway

E. Bridge

2. You have been asked to implement a network design that incorporates a star topology and is safe from “packet sniffing” (other nodes receiving network traffic not directed towards them). In addition, the network will connect to other networks, including the Internet. Which of the following is not recommended for such a setup?

A. Switch

B. CAT5 Cabling

C. Hub

D. Router

E. Gateway


1. The gateway operates at the Application layer of the OSI model , so the answer is D.

2. Because a hub is not immune to such “sniffing,” as it broadcasts all traffic, the hub would be a terrible choice for that setup. The answer is C.


Day 4: Networking Equipment - II


CSU/DSU: A CSU/DSU (Channel Service Unit/Data Service Unit) is a special type of “bridge” that operates between the WAN (wide) and LAN (local) networks. It is typically found in devices such as “cable modems,” which are not modems in the true sense of the word, but rather, converters from one digital signal to another. CSU/DSU devices operate in the physical layer of the OSI model.

Modem: A modem (short for modulator demodulator) acts like a sort of CSU/DSU between digital/analog networks. That is, a modem can translate a physical analog signal to a digital one, and vice-versa. It typically acts as the intermediary between the analog phone system and digital networks. Modems operate in the physical layer of the OSI model.

ISDN Adapter: ISDN is a somewhat archaic technology that allows connection via a special “digital” phone line. An ISDN Adapter is a CSU/DSU for ISDN connections.

Firewall: A firewall is a device that can “filter” traffic coming into and out of a network. There are different types of firewalls that will be tested on the Network+ exam:

  • Packet Filtering – This firewall operates at the network layer of the OSI model, and filters traffic based on the headers (destination/source) of the individual packets.


  • Circuit Level – Circuit level firewalls filter traffic based on whether or not a session has been established between the destination and source using TCP handshaking. You can think of a circuit level firewall as a protective father who will not let his daughter date a boy until he “gets to know him.” In a similar way, circuit level firewalls regulate traffic based on whether or not a trusted connection has been established. These operate in the Session layer of the OSI model.


  • Application Level – Application level firewalls inspect the contents of packets, rather than the source/destination or connection between the two. Application level firewalls are similar to proxies in that they operate and regulate between two segments of the network. Remember that an Application Level firewall operates in the 7th layer of the OSI model (Application Layer) and can inspect the actual contents of packets.


  • Stateful Inspection – This firewall combines the circuit level and the application level firewall techniques and is most commonly employed today. It assures the connection (session) between the two parties is valid (like the circuit level firewall) and inspects packets from this connection to assure the packets are not malicious (application level). So, the stateful inspection firewall operates in the network, session, and application layers of the OSI model.

Proxy: Proxy Servers operate at the Application layer of the OSI model and serve as filters of client-Internet traffic. Instead of establishing direct connections between the clients and servers on the Internet, clients connect to the proxy server, which can filter their request and then forward it to the Internet. The information sent back is first filtered and then sent back to the client. In this way, a proxy server is something like the propaganda office of an oppressive government that only presents to its citizens information that has gone through the office. The citizens never directly know what is going on, but instead, what the government (the proxy server) has told them.

 And Now for Some Quick Review

So, you should now have a command of all of the tested Network+ equipment. Below are a few questions that should help stretch your mind a bit.

1. You have a small network connected to the Internet via phone line. Which of the following pieces of equipment will you need?


b. Modem

c. ISDN Adapter

d. Bridge

e. Token Ring

2. A client reports that he is unable to connect to a few pages on the Internet, but can connect to almost all others. Which of the following would prevent him from connecting to these pages?

a. Gateway

b. Router

c. Firewall

d. Proxy Server

e. All of the Above


1. B – A modem modulates/demodulates signals between analog (phone) networks and digital (local area) networks.

2. D – Only the Proxy Server is able to filter individual pages in this way.


Day 5: Understanding frame Types, especially Ethernet

Frame technologies are the medium between the physical electric signals and the higher-level logical packets that drive networking technology. Through the years, we have seen a number of prominent frame technologies.

Ethernet is the frame technology standard that drives most networks today and probably the one that you are most familiar with. Understanding Ethernet is a key to doing well on the Network+ exam, yet there is actually not much information that you need to know about Ethernet. Instead, it is more important that you understand how Ethernet works and the methods it employs in controlling traffic “on the wire.” Remember that Ethernet is not a protocol as it operates at the Data Link layer of the OSI model.

 Remembering the Ancestors

Before you can understand (and appreciate) Ethernet, it is important to backtrack a bit through the predecessors of the Ethernet standard.

Typically, when networks are illustrated to “laypeople,” they are demonstrated as computers that appear to be linked or “daisy-chained” to each other. This in fact was one of the earliest networking concepts, the bus topology. That topology is inexorably linked to the 802.4 Token Bus standard, which defined the way in which data would move across a token bus network. The standard stipulates that data would be treated like a token – that is, data would move through the network, passing from one node to the next until it reached its destination. You can imagine some of the problems incurred with this – for example, for a frame to travel across the network, it would have to “pass through” every node between two communicating nodes. This mode of communication made impossible the idea of information privacy; in addition, the bus technology is infamous for the large amount of traffic produced. Don’t forget that bus networks require “terminators” on the ends on networks to “end” token travel.

The token ring (802.5), though an improvement on the bus design was only a slight improvement at best. In the ring formulation, a “token” still had to be passed from node to node – the only difference was that in the token ring, there was no need for terminators necessarily, but in practice, very few ring networks literally daisy-chain all of their nodes together. In fact, in many cases, the terminators are still employed. Still, the ring was promoted as an improvement to the bus standard and a competitor to the rising Ethernet standard.


 Ethernet’s Entrance

Yet, in the end, Ethernet prevailed. The key difference between Ethernet and the aforementioned two standards was that Ethernet featured a seemingly counter-intuitive and problematic approach to handling network traffic. In the Ethernet standard, traffic is not “passed” on a token. Instead, information is sent almost haphazardly along the wire without regard to the status of other packets. In the token formulation, the transfer of information can be schematically controlled because the passing of tokens implies that no collisions occur. Ethernet, in contrast, features a system called CSMA/CD (Carrier Sense Multiple Access with Collision Detection) that allows Ethernet to automatically detect and fix collisions in frame communication. The basic principle behind this system can be conveyed in three steps:

  1. Determine if frame is ready for transmission (if wire is “idle”); wait until it becomes open
  2. Send frame
  3. Run collision detection procedure if collision occurs

Note About How Ethernet Works: Notice that there is no “passing” of tokens through nodes in the Ethernet standard. So, it is very possible that collisions occur. If they do occur, Ethernet simply waits a random “back off” period before reattempting transmission. After too many failures, the attempts stop and the transmission itself is deemed a failure.

Also be aware: Ethernet has a feature called “promiscuous mode” in which nodes can receive all frames of information and not just those passed along to those specific computers. This can be defeated by using switching.

Now, critics of the time charged that the Ethernet system was inefficient, that failing to prevent collisions would create excess network traffic, and that the Ethernet standard would be inherently “slow” in nature. All of these concerns however proved to be unnecessary as the Ethernet standard is still dominant today and has been since the early 1990’s.

 Considerations with Ethernet

As with any networking technology, Ethernet has special facets and features you must take into account when troubleshooting it and dealing with it. One of the most important features of Ethernet today is the ability to “auto-negotiate” network speed and duplex mode. Duplex mode refers to whether the traffic is “one-way” or “two-way.” Half duplex is akin to a one-way radio, while full duplex allows for two-way communication. Auto-negotiation allows Ethernet devices to determine which mode to use. In addition, Ethernet speeds vary depending on medium and the switch employed; below is a table of Ethernet media and information you should know concerning them.

 Ethernet Media Table

Name/Max Length of Cable Type Speed Use
10Base5 / 500 m. Special coaxial cable, needs “vampire taps” (cut into wire to read), SHARED MEDIUM (similar to bus) 10 Mbps Oldest technology and media; rarely employed today
10Base2 (“ThinNet”) / 185 m. Coaxial cable with BNC connector. SHARED MEDIUM 10 Mbps Also old and rarely used, remember that it requires special circular BNC connector, similar to “cable TV connector”
10BaseT / 100 m. Twisted Pair wire with EXCLUSIVE MEDIA (connected to hubs rather than to other nodes), RJ-45 10 Mbps Used RJ-45 connectors (look like large phone line connector)
100BaseTX (“Fast Ethernet”) / 100 m. Twisted pair wire, EXCLUSIVE MEDIA, RJ-45 100 Mbps An improvement on speed of 10BaseT, capable of auto-negotiation of speed
1000BaseT (“Gigabit Ethernet”) / 100 m. Twisted pair wire, EXCLUSIVE MEDIA, RJ-45 1000 Mbps Another speed improvement
Faster Speed/Other media Ethernet (10GBASE-SR, 10GBASE-CX4, etc) / 2000+ m. Uses next-generation fiber optic cabling to achieve 10+ Gbps speeds 10+ Gbps Another speed improvement and change in connectors, cabling

Note for the exam: You may see options such as “100BaseFX” – this simply means it is the same as 100BaseTX, but with a fiber optic connection (media) and an SC or ST connector.

Day 6: Understanding Wireless

The Network+ exam is becoming increasingly focused on wireless technology, so it is in your interest to learn all of the current wireless standards and implementations. As with almost everything you must learn for the Network+ exam, it is crucial that you learn the differences between the standards/implementations and not just their features. Exam questions typically deal with “which one to implement,” not “what this implementation does.” Read and study accordingly.


  • IrDA (Infrared Data)

IrDA technology allows for communication over network through infrared beams. Infrared (light) does not pass through solid objects, so a direct and clear path is essential for correct IrDA operation. IrDA typically operates at speeds around 16-25 Mbps, but is known to operate at faster speeds with specialized equipment. It is a rather uncommon wireless networking technology given its inability to transmit signals where light is blocked. To do this, a lower frequency radio signal is necessary.


  • Bluetooth

Bluetooth (802.15.1) technology has received a lot of buzz lately, but it is basically a short-range wireless technology designed to allow for connectivity between portable consumer wireless devices and Bluetooth enabled wireless access points. Because of the relatively weak and low-frequency radio signal employed, Bluetooth is typically limited to a 20-35 ft. access range. It is therefore usually limited to applications involving those portable consumer devices and not LAN technology, the most common application of Wi-Fi.


  • Wireless Fidelity (Wi-Fi)

Wi-Fi technology has really taken off in the last few years; it is probably almost as commonly known by its IEEE name, 802.11(letter). It is a technology that utilizes low-frequency (2.4 and 5 GHz.), mid-powered radio waves to transmit data across wireless networks. There exist many “flavors” of the 802.11 standard; they differ primarily in speed and typical usage. These flavors are listed in a convenient table below:


Name-Standard Speed (Mbps) Usage
802.11a 54 5 GHz band; outdated; used for LAN networking in businesses; expensive
802.11b 11 Cheaper 2.4 GHz mode;
802.11g 54/108 Cross between A and B flavors; 2.4 GHz at fast speeds. Also offers backwards compatibility
802.11n 300+ Next-generation, designed for very fast, high-end operation (probably not tested on Net+, but you never know!)

 General Wireless Info

One of the major factors or considerations that many companies think about before employing wireless technology is its somewhat high cost, though it is falling as time goes by. Still, cost is a major consideration. Wireless networks are also subject to interference from microwaves, phones, and other radio devices. Wireless networks are compatible with Ethernet using a MAC bridge that translates wireless frames into Ethernet frames.

Most wireless networks today connect using a sort of wireless “Star” topology – that is, in many setups, wireless devices all connect to a single wireless access point. Wireless traffic can be (but is not necessarily) switched, so information is not easily “sniffed” from a wireless network. However, Wi-Fi LAN’s have become somewhat notorious for their relative insecurities in terms of ease of access. Wi-Fi LAN’s are by default accessible without any sort of authentication and therefore vulnerable to different types of attacks and of course, mooching (wardriving). In addition, the built-in wireless encryption (WEP) is considered weak by today’s standards and has been replaced by WPA (Wi-Fi Protected Access), the most common wireless access control system available today.

Wireless networks can also operate in “ad-hoc” mode, meaning that nodes can, if they so incline, connect to each other individually in a sort of “mesh” scheme. This adds redundancy but makes management of such a network almost impossible.

 Some Review

1. Which of the following IEEE standards specifies Wi-Fi networking?

a. 802.3

b. 802.5c

c. 802.5d

d. 802.11

e. 802.21

2. You have a large (500+ user) network and wish to link some nodes (laptops) to the network wirelessly, while leaving most connected to existing hardware. Which of the following would be the most appropriate setup?

a. Connect the hubs and laptops in a wireless ring topology

b. Connect the laptops to the mainframe using 802.3 10BaseT

c. Employ ad-hoc mode between laptops

d. Employ a star topology, connecting the laptops to a WAP

e. Connect the laptops using IrDA

3. Which of the following is not a valid concern associated with Wi-Fi?

a. “War driving”

b. Limited signal range

c. Compatibility issues with Ethernet standard

d. Cost of Wi-Fi equipment

e. Interference


1. 802.11 defines Wi-Fi networking, so the answer is D.

2. The best choice is D, because it allows your network to retain the existing physical topology while allowing the new nodes (laptops) to connect wirelessly in a manageable and scalable way.

3. All of the mentioned are concerns with the exception of C, which is absurd because Wi-Fi was specifically designed to work with 802.3 using a bridge.

DAY 7: TCP/IP Addressing and IPv6

The Network+ exam will contain a few questions on TCP/IP IPv4 addressing, which is a fairly simple subject matter to master and will earn you some easy points. It is therefore recommended that you understand what an IP address is and how the numbering of the IP address reveals network information.

 The IPv4 Address

An IPv4 Address, often shortened to “IP Address,” is a numeric identifier of a network node that uniquely identifies that node either on a LAN or on the wider Internet. Therefore, if two nodes on a network use the same IP address, a conflict will occur as the IP address reflects a “one-to-one” relationship between hardware and logical address. As a result, neither of the two nodes with duplicate addresses will receive full communications.

The IP address is 32-bit number comprised of four octets ranging from 0 to 255, or 256 numbers (numbers that range from 0 to 2^8-1, hence the name). Given this, there are a limited number of IP addresses – at maximum, 256^4 or 4,294,967,296 – but this number is inflated because certain IP addresses are reserved or unavailable. Given the rate of growth that the Internet is currently experiencing, it is widely recognized that 4 billion IP addresses will not be enough to compensate for all of the nodes of the world. It is for this reason that many advocate changing to IPv6, which is 128 bits and utilizes hexadecimal, rather than octal, numbers. IPv6 will be covered briefly later. What you should know is that although IPv6 is superior in many ways to IPv4, IPv4 is the most commonly used protocol for now and so is the one tested on the Network+ exam.

The IP address is comprised of two parts: the netid and the hostid. The netid indicates the network that a node is on while the hostid indicates the actual, specific node. The number of octets dedicated to the netid varies based on the first number of the network. Actually, that first number tells you quite a bit. The first number determines the size (Class) of the network and therefore both the number of octets dedicated to the netid and the number dedicated the hostid. Below is a table of the first octet numbers and information about their classes:

The Class-Octet Table
Class First Octet Range Example Default Subnet Typical Application
A (netid . hostid . hostid . hostid) 1-126 University Network System
B (netid. netid. hostid. hostid) 128-191 Corporate System or Hospital Network
C (netid. netid. netid. hostid) 192-223 Small Business, Home Internet Connection

If you noticed, there is a column above for “Default Subnet.” Subnetting is a feature of TCP/IP in which sub-networks, or “logical networks,” can be created within a given network. This allows you to create in effect multiple networks on a single IP network by routing the subnets; nodes connect via a default gateway, which can find the router necessary for communication with other logical networks.

Note that there are some “reserved” IP address ranges:

IP Range And Purpose
Range Purpose – Loopback (returns the node that requests it) – Private Network (Class A) - Private Network (Class B ) – Private Network (Class C)

( is reserved as a “Broadcast” address, which sends information to all nodes on the same network)

Oftentimes, a connection (through a router) to the Internet may be shared by multiple computers, which raises the question: What IP addresses do the computers that connect to the Internet through the router take? Actually, they are assigned a “private” IP address in one of the above reserved ranges for communication within the LAN; external communication is all channeled through the single “wide” IP address. This is called Network Address Translation and don’t worry about it for now – we’ll cover it later.


IPv6 addresses, as mentioned before, have yet to catch on in the mainstream, but it will not be long before they are employed. Actually, much of the new software and hardware released these days will carry the banner “IPv6 compatible.” An IPv6 address is hexadecimal and looks something like this: AAAA:BBB:CCC:D::E. Don’t worry much about the IPv6 for the Network+ exam – it isn’t tested.


 Practicing What You Preach

Now, here are a few sample problems that should help you jog your knowledge on IP addressing.

1. A network has nodes on IP’s ranging from to The router on this network is at The IP address of Node A is What is the default gateway for Node A?






2. Which of the following is a valid public Class A IP address?






3. Which of the following is a not a possible subnet address?






4. Which of the following is a valid IPv4 address?

A. 4:AC:AD:34



D. 10:0:0:1

E. 10:0:0:A

5. You install and configure a new computer. In doing this, you join the new computer to your IP-based network and assign it an IP address. After restarting, you notice that the connection to the network is sporadic; in addition, another user calls you and complains that his network connection is not functioning. What is the most likely explanation?

A. You configured the wrong default gateway

B. You configured a duplicate IP address

C. You used a unique IP address

D. You configured a duplicate subnet address

E. You used a unique subnet address



1. The default gateway for a node is the same as the router that connects the node to the other subnets on the entire LAN; therefore, because the router is, the default gateway is The answer is (E)

2. Review the table to see the ranges for valid Class A IP addresses. Note that although ([[Image:|user posted image]] is in the range 1-126, 10.x.x.x is reserved for private Class A networks. Therefore (D) is the correct answer.

3. All of the above are possible except for (E), which is reserved as the broadcast address. Note that answer C is a possible subnet address; subnet addresses need not be equivalent to the default address, so the replacement of 0 with 17 in the third octet is perfectly valid.

4. IP addresses are four octets (numbers within 0-255, normally 1-254) separated by periods. The only choice that satisfies this is choice C

5. After adding the new PC to the network, neither the new PC nor the complaining user’s PC is receiving full service. The only way that the new PC would affect the user’s PC is if the new PC is using a duplicate IP address, which would deny service to either. Therefore the answer is B.


DAY 8: Protocols of the TCP/IP Protocol Suite


TCP/IP stack

The TCP/IP stack has more than just the TCP and IP protocols; in fact, it is home to the most pervasive and prevalent protocols that cover many layers of the OSI model. The Network+ exam will test you on your knowledge of the protocols of the TCP/IP stack (suite), including information on the layers and uses of the individual protocols. Below is a list of the exam-tested protocols, arranged by place in the OSI model.


 Data Link

Because no “protocols” operate at the Physical layer of the OSI model, we begin at the Data Link layer.







The Network+ exam will not test you very much on the individual application layer protocols, but you will need to know simple information such as their purpose and port number. Remember that when it is said that a service operates on a certain port, it doesn’t mean that the service cannot operate on a different port; it just means that is the default.


One of the main concerns with IPv4, as mentioned previously, is the relatively low number of IPv4 addresses available. One Internet connection corresponds to one IP address – the IP address usually maps to the device connected to the Internet gateway (modem, cable modem, DSL, etc.) However, in many cases, it is desirable to “share” a connection in such a way that multiple nodes can utilize the connection from one node. For example, in many home networks, families do not wish to pay for an IP address per each computer that a family member owns. Rather, the family would rather share one connection (one IP address).

The question that should immediately come to mind, however, is: How can multiple nodes communicate with the Internet without a unique identifier? The answer is that through NAT, or Network Address Translation, it is very possible for one device to “share” its internet connection with other networked devices. A large amount of real-world (not just Network+) troubleshooting is centered on the use of NAT, so it would be to your advantage to fully understand NAT.

 How Network Address Translation Works

Consider a home that receives postal mail. It has only one postal address and deals with other postal addresses. Now, how would a home with five family members receive mail? They would use their names to specify who they are. So, mail might be directed to “Ken” or “John,” not just to the address. In a similar way, NAT allows for the establishment of connections between internal (network) members and the Internet. A typical scheme for this is below:

1. (Accounting) wants to connect to (Bank)

2. accesses default gateway,

3. connects to on (the “Wide” IP) Random Port

4. transfers data to (

5. transfers data to on Random Port


As you can see, NAT is actually quite simple in application, but there are issues associated with NAT. Perhaps the most important (and common) issue associated with NAT is the relative difficulty or even impossibility of opening a connection to a NAT-connected computer from a remote host. “Remote-to-local” connections are prone to failure because no port is opened for communication between that remote host and the local host. In contrast, when the local host wants communication, it is very possible because the NAT device (usually the gateway/switch/router) will automatically create a temporary random port for communication. There are, however, ways (such as Port Forwarding) to allow a remote host to connect to a PC behind an NAT device, but these are covered elsewhere.

Another consideration, of course, is that NAT is not a replacement for a firewall. Many people claim that they are “behind a firewall” when in fact they are simply behind an NAT device. Just because NAT can “hide” a network doesn’t mean that NAT is capable of keeping a network safe. If you remember correctly, a firewall performs a different function than does NAT; a firewall “filters” traffic, while an NAT device (at best) blocks traffic.

 ICS (Internet Connection Sharing)

Internet Connection Sharing is the built-in NAT feature in Microsoft Windows and allows a Windows PC to “share” its Internet connection to other networked devices. In this configuration, the PC with ICS is directly connected to the Internet in some way (modem, ISDN, etc.) and networked with other computers. The ICS-enabled PC can then share its connection with other Windows computers, acting as an NAT device. In addition, the ICS-enabled PC can automatically assign IP addresses through DHCP, a feature covered in a different article.

 Quick Review

1. A user complains that he cannot access his office computer through “Remote Desktop.” He is certain that he has entered the correct hostname to connect to and that “Remote Desktop” is listening on the office computer. What is the most likely explanation?

a. Remote Desktop has encountered an illegal exception

b. He needs to enable ICS on the remote PC

c. He needs to enable NAT on the remote PC

d. NAT on the office router/gateway is blocking his request to his office PC

e. His office router/gateway is down

2. Which of the following is not a reason that NAT is currently employed?

a. Exhaustion of IPv4 addresses

b. Ability to block incoming traffic from remote hosts

c. Ability to “share” an Internet connection

d. To minimize costs (for having extra IP addresses)

e. Allows automatic assignment of IPv4 addresses



1. The user cannot access his PC because his PC is most likely behind an NAT-enabled device, which would prevent incoming traffic because no port would be available by default. The answer is D.

2. DHCP allows automatic assignment of IPv4 addresses; this is not a feature of NAT. The answer is E


DAY 10: DHCP, Port Forwarding, and DMZ Hosts

You will, as a Network administrator, probably deal with DHCP, port forwarding, and the DMZ more often than you may like. These technologies are classically associated with NAT technology; so, many modern networks utilize them to provide various network services and greater security.


Dynamic Host Configuration Protocol, or DHCP, is the service that allows for the dynamic (often called auto-magical) IP configuration of client nodes on a given network. Typically (in most home or small-office networks), DHCP is employed over manual configuration. In larger networks, DHCP can be very advantageous because it allows network administrators to "kick back and relax" while addresses are auto-magically assigned through a DHCP server. However sometimes a manual configuration may be more desirable so that administrators know which computers correspond to which IP address – that is, so that the assignments are permanent.

DHCP works on a “release/renew” system. When an address is requested and assigned, it is actually “leased” to the requesting node for a given period of time. After half of the lease time has expired, the requesting node will automatically request a “renewal” of the IP to the original DHCP server. In most cases, the server will help the client renew the assigned IP address. If the server that the IP was originally assigned from (the DHCP server that assigned the IP) is unavailable after around 87.5% of the lease time has expired, the client will send a broadcast to all network nodes asking for an IP address. When the lease expires, however, the node will lose the IP address. Note that DHCP operates in a client/server rationale, so a DHCP client requests an IP address from a willing DHCP server. DHCP assigns the:

Microsoft Windows, Linux, and Macintosh all offer built-in DHCP server functionality.

 Port Forwarding

Most routers today offer a feature called port forwarding that works in conjunction with NAT (Network Address Translation) to provide openings for incoming traffic to “internal network” nodes. A typical application of port forwarding is network configuration for a file sharing program. The file sharing program on node may need a specific port open to accept incoming traffic – for example, let’s say TCP 4444. Because of NAT, requests on TCP 4444 will not be handled because the traffic is being directed to the router, which does not have any service operating on TCP 4444. However, the router can be configured to forward requests on port TCP 4444 to, which can handle the requests on TCP 4444, thus allowing for the incoming traffic to be handled on that port. The general formulation for port forwarding is:

Port Request on (TCP/UDP) (Port Number) Forwards to (Internal IP Address)

 DMZ Host

A DMZ (Demilitarized Zone) host is a special (security) feature in many modern routers. A DMZ host is basically a “catch-all” host for requests on non-configured ports. For example, in the previous example, let’s say port forwarding is not configured, but a DMZ host on is. Then, the request to the router on TCP 4444 (because it is not forwarded) will be automatically sent to There are two main benefits associated with DMZ hosts.

1. Port forwarding doesn’t have to be configured for each individual service (though it is generally a BAD idea to setup an ordinary PC as a DMZ host)

2. As a security feature (quite the opposite of number 1), so that all of the suspicious (non-port-forwarded) traffic can be directed to a single sanitized host

 Applying the Knowledge

1. Which of the following technologies allows a PC to forward incoming requests on certain ports to specific computers?

a. NAT

b. ICS

c. DMZ

d. Port Forwarding


2. A user complains that he cannot connect to the network. You ask him for his IP information and he says that his IP is manually assigned. Which of the following could be eliminated as cause of the problem?

a. The media may be faulty, severed, or incorrectly connected

b. His IP address, subnet mask, or default gateway may be wrong

c. His network card may not be functioning correctly

d. The DHCP server is down

e. The default gateway is down


1. Port forwarding allows for the forwarding of specific port requests to specific computers. The answer is D.

2. Because the IP address is manually assigned, the DHCP server could not be an issue because it is not being utilized. All of the other choices, however unlikely, are possibilities. The answer is D.

DAY 11: TCP/IP Troubleshooting Tools

TCP/IP is a wonderful protocol suite; it comprises almost all of the functionality and the core services that make possible for the Internet and its applications. However, with great power come many problems; so, knowledge of TCP/IP troubleshooting will be necessary in your networking-related career and especially in your ability to pass the Network+ exam. In fact, you will probably encounter around four or five questions on TCP/IP troubleshooting alone on the Network+ exam.

Your knowledge of TCP/IP troubleshooting depends on your command of TCP/IP tool usage. Many of the following tools are used in typical troubleshooting operations, and almost all of them can be used to either identify or eliminate a potential problem in a troubleshooting situation. We will go over general network troubleshooting in more detail in later articles.

To give an example of the way TCP/IP troubleshooting tools can help, consider the common tool “ping.” Ping operates over the ICMP protocol (using ICMP Echo Request and Echo response) to attempt to contact a host given some kind of unique identifier (hostname, domain, IP, etc.). If it is successful, it will return a reply from that IP address; if it is unsuccessful, it will inform you that the “destination could not be reached.” Why is this useful? Suppose you are trying to determine why you are unable to access the company’s remote email server through “Outlook.” The problem could stem from a number of issues, including

Obviously, these are only four of many possibilities, but they are four possibilities that can be further investigated through Ping. For example, to ping your router would indicate to you if your router or network connection is down, or if the problem lies at the remote host level. This kind of “step-by-step, process of elimination” process is how most troubleshooting takes place. Some other tools include:

There are of course other TCP/IP tools, but they will be covered in other sections (i.e. NetBios). The most important things to remember about the above TCP/IP tools are not the details of their functionality, but rather, remember the troubleshooting operations that they are associated with. For example, if you read about some sort of DNS issue, you should immediately think Nslookup before considering other tools.

 Quick Practice

1. A user reports that he is unable to connect to your company’s network. The user is running Windows 98. Which of the following commands would be most appropriate to run?

a. ipconfig

b. winipcfg

c. winipconf

d. ipconf

2. Which of the following commands can be used to renew a DHCP leased address?

a. Dhcp /renew

b. Dhcp /lease?extend

c. Ipconfig /renew

d. Ipconfig /extend

3. Which utility shows active connections on a host?

a. Netstat

b. Telnet

c. Tracert


4. Which of the following uses ICMP echo requests to determine if a remote host is available?

a. Ping

b. Telnet

c. Arp



1. Winipcfg is the equivalent of ipconfig for Windows 9x machines. The answer is B

2. Ipconfig with the switch “/renew” can renew a DHCP lease; the answer is C

3. Netstat shows active connections on a host. The answer is A

4. Ping uses ICMP echo requests to check if a host is reachable. The answer is A


NetBIOS, or Network Basic Input/Output System, allows for session-layer communication on the OSI model. NetBIOS is primarily concerned with two functions: naming and starting/stopping NetBIOS “sessions.” It also provides for an unreliable NetBIOS datagram service which is rarely utilized these days (and probably not on your Network+ exam). So, we will cover the two basic aspects of NetBIOS: naming and sessions.

 NetBIOS Naming

NetBIOS names are 16 bytes in length but usually consist of 15 characters, with the last being reserved for special purposes. You are probably familiar with the “15 character limit” if you have any experiences with naming PC’s – almost all operating systems require the PC name to be 15 characters in length or less. All NetBIOS names resolve to one or more IP addresses. If a NetBIOS name resolves to a single IP address (that is, if the relationship is said to be “one-to-one”), it is called a Unique Name. If the name resolves to more than one computer, it is said to be a Group Name. The Network+ exam tests you specifically on NetBIOS naming in Microsoft Windows networks. Name resolution is an important feature of a NetBIOS network; after all, how would you know which NetBIOS names correspond to given IP addresses? NetBIOS name resolution is handled through several means.

A broadcast is simply a request to all nodes on a network to resolve a given name. Think of it as calling out someone in a crowd. Yelling “Is Anthony Parks here?” may result in someone who identifies himself as Mr. Parks to turn around and proclaim, “Yes, I am Anthony!” Alternatively, perhaps nobody in the crowd bears that name, and the request may be forwarded to other people. Similarly, in a NetBIOS network, broadcasts are sent to all nodes, asking for a response if a computer recognizes the name as its own.

However, broadcasts can be cumbersome and boggle down a busy network – imagine the amount of noise created if everyone is asking for someone in a crowded room! To resolve this problem, several centralized NetBIOS name resolution services exist, including:

Microsoft Windows in particular allows you to save NetBIOS name entries in a file.


 NetBIOS Sessions

The Network+ exam is far more concerned with NetBIOS naming, but here are some points to remember about NetBIOS sessions:


 Quick Review

1. A user wishes to connect to ACCOUNTING on a Microsoft network without a WINS server. ACCOUNTING is on the same subnet as the user’s computer. Which file should the user configure?





e. None of the Above

2. A user complains that he cannot communicate via NetBIOS to a remote host behind an NAT firewall. Which of the following courses of action would allow for connection?

a. Use NetBEUI instead of NetBIOS

b. Enable DHCP at the Server level

c. Utilize NetBIOS naming

d. Forward (open) TCP Port 139

e. Enable Loopback


1. LMHOSTS allows for the manual configuration of NetBIOS name resolution for local area network hosts. The answer is B.

2. The only option that would allow for communication through the NAT device is D, opening up TCP 139 and allowing the connection. The answer is D.

DAY 13: Network Troubleshooting - A Case Study

Putting it in Perspective

As with virtually all troubleshooting, the fundamental rationale in network troubleshooting is to eliminate potential causes of the issues by process of elimination. Before considering how you would go about network troubleshooting, consider something a bit more familiar to you. For example, perhaps you could not call your Aunt Margaret. You begin to fear the worst – Margaret is over 90 years old and lives in a nursing home. So, you try to go about reaching her. First, you attempt to call her again, but nobody picks up. Then, you call the nursing home, but nobody picks up there as well. You breathe a sigh of relief because it now seems that the nursing home as a whole is having issues with calls.

You then attempt to contact your friend Jane. However, Jane doesn’t pick up as well. You call her cell, and she still doesn’t pick up. You try other friends to no avail. It now seems to you that your phone line connection as a whole is at fault.

The process described above was essentially a troubleshooting process. By calling different people until you arrived at a conclusion, you were able to eliminate (or implicate) a point of failure. Of course, your efforts are not failsafe. Perhaps the reason that none of the people are picking up is because they all suffered terrible and painful deaths, or perhaps (even more likely) they were simply unable to reach the phone. The point is, troubleshooting is not an exact science, but by contacting all of the potential points of failure, you can usually implicate a particular one (or particular ones).

 The Real World

Let us now consider a more technical example. A coworker cries to you that she cannot access the Internet and therefore cannot complete mission-critical work. The first thing that should come to your mind is not the fact that she cannot access the Internet, but that she cannot access the company network. You then generate a list of potential failure points:

As you can see, there are quite a number of “potential points of failure” associated with the described issue; in fact, for the sake of brevity, not all of them are included above. The point is that these potential points of failure can all be independently assessed by holding all others the same. Typically, we work “bottom-up,” meaning first from the client PC and ending at the widest possible explanation (for example, the faraway remote host).

So, first you proceed to test if TCP/IP is configured at all on the host computer. The easiest way to do this is to simply ping the local host, or (if you remember your IP addressing), Once the local host returns four replies, you then know TCP/IP is configured.

Upon checking the IP configuration, you determine that the IP address information is automatically configured by DHCP, so you proceed to run ipconfig and check if the said information is actually configured. You further determine that the IP address is and that the default gateway is

Running through our checklist of sorts, we next check if we can ping the default gateway. No replies are returned, however, which means that there is a connection issue between the host and the gateway. Checking the media running from the host to the switch, everything appears to be ok. From the switch to the gateway, however, there is kink in the media caused by what appears to be excessive wear and tear. After replacing the media, all is ok again and the world is once again a happy place.

This short lesson in troubleshooting should have taught you two basic lessons: first, that ping is without a question your best friend, but second, that even with an almost endless number of potential causes, a network issue can usually be spotted and corrected in a small number of steps.

In the following lessons we will return to Network+ related content, but remember the basic premise of network troubleshooting: identify the issue, determine potential causes of the issue, and eliminate the causes by process of elimination to determine and correct the exact cause of the issue.

DAY 14: Common Protocol Suites

Network+ will test you on your ability to differentiate between the more common protocol suites, or groups of protocols that are interconnected and work together to provide network services on many different layers of the OSI model. Most of the protocols operate between the Network and Application layers. The most common (and most tested on the exam) protocol suite is the TCP/IP suite, which encompasses such widely pervasive protocols as TCP, IP, HTTP, FTP, POP3, and many others. However, there exist other protocol suites as well, and CompTIA expects you to be able to identify the proprietor, usage, and unique features of each of the protocol suites.

 NetBeui (NetBIOS Extended User Interface)

NetBeui is a Microsoft protocol suite designed to work within a small-sized, Windows-based LAN. In fact, the NetBeui protocol is not even routable, or able to transmit through routers. This is because the system of addressing that NetBeui employs does not utilize “unique” identifiers or addresses; instead, NetBeui uses 15 character “names” that are not necessarily unique. Think of NetBeui as the system of communication you may use within your office – office mailboxes may address people on a first-name-last-name basis and in communicating with people, you often will say, “Send this to John.” Yet, outside of your office, your request is meaningless, because there are millions of Johns throughout the world. So, that inter-office communication system is not “routable.”


The AppleTalk protocol suite is used for communication within Apple (Macintosh) networks. Unlike NetBeui, AppleTalk is routable and can be employed in large LAN networks and even some WAN networks. However, this implementation is relatively uncommon as most computers on most networks will not be Apple computers and therefore will not natively communicate with AppleTalk. However, AppleTalk remains a viable option in large Macintosh networks.


Novell is no longer such an active purveyor of this protocol suite (at least not as much as they used to be), but IPX/SPX is still employed on Novell (NetWare) networks. You should know that IPX (Internet Packet Exchange) is the Novell equivalent of the IP protocol of the TCP/IP suite as it is connectionless and cannot guarantee data delivery, while SPX (Sequenced Packet Exchange) is the equivalent of TCP and is connection-oriented. IPX is considered the fastest routable protocol available today, but the proprietary nature of the IPX/SPX suite, as well as the lack of developer consensus on the protocol suite and network hardware available for the suite has historically kept it from gaining widespread acceptance.


DLC (Data Link Control) is a specialized protocol used for communication between a PC and non-PC devices, such as an older IBM PC, mainframe computer, or network-enabled printer. DLC is not designed for use between “normal” PC computers.


TCP/IP (Transmission Control Protocol / Internet Protocol) is by far the most common protocol suite today. There are several reasons for this, including the amount of development and architecture dedicated to the suite, the non-proprietary nature of the suite, its large number of application layer protocols, its use in the Internet, and its status as a relatively light-weight protocol suite. Key aspects of the TCP/IP protocol suite include:

Each of these items requires a broader study and will be covered individually in other articles, but remember that the above constitute the integral components of the TCP/IP stack.

 Quick Review

1. You have recently switched the communication protocol in your network to IPX/SPX at the recommendation of an analyst. Your network is directly connected to the Internet through a broadband connection. When you try to connect to the Internet, what will happen?

a. The connection will not be any noticeably different than before

b. Some users will be unable to connect because of TCP/IP to IPX/SPX bridge issues

c. You will not be able to access the Internet

d. You will not be able to use the MAC sub-layer services

2. An IBM PC is unable to connect to Macintosh computers, but can connect to other Windows machines as well as the Internet. Which of the following protocols should be installed to ensure that the PC can communicate with Macs?


b. IPX

c. NetBeui

d. AppleTalk

3. Which two protocols can be used in conjunction to allow for communication between NT-based and Netware-based networks?

a. IP and TCP

b. IPX and SPX

c. IPX and IP

d. TCP and NetBeui

e. SPX and HTTP

f. IPX and NetBeui


1. Because the Internet is a TCP/IP-based inter-network, it only follows that an IPX/SPX network directly connected to the Internet would not be able to communicate with the Internet because the protocols do not match. It would be akin to a Chinese manufacturer instructing French manufacturers in Chinese. So, the answer is C; you would not, in that case, be able to access the Internet (understand the Chinese manufacturer)

2. AppleTalk ensures communication with Macintosh computers, so the answer is D.

3. This one is tricky. Don’t be thrown off by NetBeui – it can only be used for communication with other Windows (Microsoft) computers. So you can eliminate the choices with NetBeui (D and F). Next, you should recognize that HTTP is not a protocol that could be used at any rate for communication between these networks and eliminate choice E. Choice B should immediately stand out as invalid because you understand that IPX and SPX are part of the same (Novell) protocol suite and therefore could not help in communication between NT and Novell networks. In a similar way, choice A can be eliminated because TCP and IP are both part of the TCP/IP stack. So, the only choice remaining is actually C. IP can be understood by both Windows-based and Novell-based machines, so an IPX to IP gateway would allow for communication between these networks.


DNS is the name resolution protocol of choice in the TCP/IP suite. It is responsible for name resolution as it is commonly known; for example, most people know the website “ProProfs” as, as opposed to its logical identity, Name resolution is essentially a service that allows for a more user-friendly experience and eliminates or at least reduces the need of a user to memorize physical or logical addresses. The name resolution offered by DNS is provided by DNS name servers, meaning that DNS operates in a client-server access method. The Network+ exam will test you on your ability to differentiate between several types of name servers, domain names, and of course, name server records. Typically, the exam will have at least three questions on or related to DNS name resolution.

 Name Servers

DNS name servers are responsible for handling requests to translate user-friendly “domain names” into logical IP addresses. Typically, a one-to-one correlation exists between a domain name and the IP address it maps to. However, the reverse is not always the case: many domain names can point to a single IP address. The name resolution entries (DNS entries) are stored in a file on the DNS name server, so requests to a server typically involve the server checking its DNS entries for the name; if the name server does not have an entry for that name, it may try to forward the request to other DNS servers (hence, the Internet). If it is determined that no entry exists for that name, the DNS server will return an error to the requesting client. Name servers are typically differentiated as either primary or secondary:



Not all domain names are created equal. In fact, you’ve probably noticed before that domain names can be very long, like Or, account names can be very short, like or Many websites use the style, but they are certainly not restricted to this form of naming (the “www.*” convention in particular).

Internet DNS names can be broken down into two basic categories: TLD’s, or Top Level Domains, and all the others, or subdomains. TLD’S include such favorites as .com, .us, and .info, while sub-domains include such common entries as and uncommon ones, like In general, TLD’s are the final suffix of any domain, whereas subdomains are domains that fall under a TLD.

 DNS Records

At the core of the DNS experience are the DNS records, the data that is looked up by the name servers to return information to requesting DNS clients. Different types of records hold different types of information. Below is a short list of the records that you will be expected to know for the Network+ examination.


 Quick Review

1. A customer complains that his website ( is not working properly. He says, “I can visit the website, but when I type, I get an error message.” Which of the following is most likely to be the record that he needs to fix or add?

a. Name server is incorrect

b. TCP/IP issue

c. A Record

d. NS Record

e. CNAME Record

2. Which of the following is a TLD?




d. .com


f. All of the above


1. Because the alias www.* is not working, it is likely to be a CNAME issue. The answer is E.

2. Only .com is a TLD. The answer is D.

DAY 16: WAN Technologies

Now that you have a firm grip on the core of the Network+ exam, LAN administration and troubleshooting, you can begin to study the various modes and methods of operation for WAN access. A WAN, or Wide Area Network, is a group of interconnected LAN’s; usually, WAN access refers to Internet access. You are probably intimately familiar with some WAN access technologies, such as POTS (Plain Old Telephone Service, or Dial-Up), but are less familiar with OC3 and FDDI. This section of our guide will help you understand these widely varying Wide Area Network technologies.


Plain Old Telephone Service, or as it is affectionately known, POTS, is one of the oldest WAN access technologies and remains the most popular in most parts of the world. It utilizes phone networks and analog-to-digital modems to send information over the telephone line. One of the drawbacks of POTS WAN access is that in order to connect, you to have to establish a POTS “hand-shake” which takes around one or two minutes. Additionally, POTS is a very slow access method; most people connect via POTS at a speed of about 56 Kb/S, or 7 KB/S. However, due to its inexpensive price and the fact that it uses existing infrastructure, it remains a viable option even today.


Integrated Service Data Network (ISDN) is a now almost-obsolete technology that allows for an internet connection via a special, reserved line set up by the telecommunications company. It usually consists of two 64 Kbps "B" channels for a maximum data transfer rate of 128 Kbps, or 16 KB/S. Though fast as compared to older standards, this technology is outdated and has been replaced by newer “broadband” technologies, such as DSL or cable.


Digital Subscriber Line, or DSL, is arguably the successor to ISDN. It also utilizes a special line set up by the telecom company, but utilizes a special “DSL” modem to translate the high-speed DSL signal to a network-friendly language. DSL can be as slow as 256 Kbps and some of the fastest DSL lines operate at speeds exceeding 10 Mbps. DSL is generally used in small business/office or home connection settings.


Cable utilizes a traditional coaxial cable to transmit network signals. Typically, one would sign up for a cable connection through a cable company (the same ones who provide cable TV access). Cable requires a cable modem to translate between the cable signal and the Layer 2 segments, and typically costs a bit more than its DSL counterparts. Cable can operate at speeds exceeding 60 Mbps and would be used by small to medium-sized business applications and in many home settings.


T(X) lines are dedicated lines set up by a telecom company between a remote site and the network backbone. T1 operates at 1.544 Mbps, T2 at 6.312 Mbps, and T3 at 44.376 Mbps. All you have to know about T1/2/3 is that these lines are typically used by larger businesses and are far more expensive than the traditional broadband connection as they are dedicated and always reliable.


Asynchronous Transfer Mode, or ATM, uses fiber optic cable to achieve speeds exceeding 600 Mbps, and is only used in large-scale, “backbone” operations. ATM can accommodate such varying technologies as traditional phone service, data service, and even VOIP service (Voice over IP).


OC(X), or “Optical Carrier” WAN access, utilizes SONET fiber-optic technology to allow for speeds exceeding 50 Gbps, though OC1 operates at “only” 51 Mbps. Only large companies or backbone operations would need such speed.

 Review Time

1. Which of the following would you not recommend to a small business wishing for an affordable, “always-on” connection to the Internet?


b. Cable

c. DSL

d. OC3

2. Which of the following utilizes fiber optic technology?


b. T1

c. T3

d. ATM

e. T2

3. Which of the following does not require a dedicated physical line to the phone company?

a. T1

b. T2

c. T3

d. DSL


1. OC3 is only used for Internet Backbone and would be too expensive for a normal small business to utilize. The answer is D

2. Only ATM uses fiber optic technology. The answer is D.

3. DSL, though called a “Digital Subscriber Line,” is not a truly “Dedicated” line in the same sense that T1, T2, and T3 are. The answer is D.

DAY 17: Network Management

Network+ will feature a few questions testing your ability to discern between different network management technologies and their various uses. Network administration refers to the day-to-day management, maintenance, and configuration of networks, and is one of the most in-demand opportunities available to a Network+ professional today (though you may consider getting another certification in a more specific subject area such as Cisco or Microsoft networks).


 Microsoft Active Directory

Active Directory is an implementation of LDAP (Lightweight Directory Access Protocol) created specifically by Microsoft to allow for easier administration of Microsoft Windows networks. Through Active Directory, an AD Domain Server can be used to centrally manage the Windows network, especially in Security, Access Control, and Windows-specific features like Group Policy. While Active Directory is a Microsoft technology, Linux and *Nix users can connect to an AD server via SAMBA, which is an open-source *Nix client to Microsoft LDAP (Active Directory).



A Virtual LAN, or VLAN, is a logical network segment that operates on the same physical LAN (and probably connects to the same physical network hub or switch) but is separated logically from other network segments for easier administration. For example, though Accounting, Engineering, and Executive Departments may all connect to the same central Domain server, each of them may constitute a VLAN so that one network administrator can focus on each department. A VLAN server can map certain physical addresses to logical VLAN networks and appropriately load-balance the traffic originating from connected hosts.


 Load Balancing

Load balancing is a feature that is something like a manager who delegates work across many employees so that no one employee becomes overwhelmed. A load-balancing server can intelligently delegate traffic and requests from clients across the network and to other servers in a way that maximizes network efficiency.



As the name suggests, redundancy is a feature that allows for data access even when one server is down, meaning that no one server can become a choke or fail point. For example, in old Greek temples, the failure of one or two columns could bring the entire structure down. In modern architecture, skyscrapers are designed to withstand multiple structural failures. At any rate, the idea of redundancy is clear: redundancy is the ability of a system to maintain some function even after some of the components of the system have failed. In a network application, this means multiple hard drives, multiple servers, and so forth. Another closely-related term is fault tolerance, which refers to redundancy in cases of component failure.

 Access Control

Access Control is a security technology closely intertwined with modern networking that prevents unauthorized access to network resources and maintains the integrity of those resources through only allowing certain users to access information. There are different types of access control, but two basic types are:

There are different forms of access control as well. One that you are likely intimately familiar with is the ubiquitous login screen, which is found in virtually any trustworthy network installation. However, other less familiar access controls exist. For example, you may have a Windows share designed such that only users of a certain group can access the shared folder. This is certainly a type of access control that differs from the simple login and password screen. If you would like to learn more about access control and other related subjects, the Security+ certification might be a viable next option to pursue.


 Quick Review

1. Your manager asks you to set up the email system such that even if one server goes down, the email remains working. Essentially, he is asking for:

a. Access Control

b. Load Balancing

c. Fault Tolerance

d. Active Directory

e. Virtual LAN

2. You notice that at peak times, the network slows down considerably. After running a report on network utilization, you determine that one of the network servers is operating at near 100% CPU utilization while the other is operating near 2%. What would be favorable for you to implement in order to achieve better network efficiency?

a. Virtual LAN

b. Rack-mounted servers

c. Share-Level Access Control

d. Load Balancing

e. Mandated Access Control

3. After installing a new Active Directory Domain server and setting it up to be configured identically to the existing server with redundancy employed, you receive a Windows user’s complaint that he can no longer connect to the domain. Which of the following might be the source of the problem?

a. SAMBA client issues

b. One server has failed

c. DNS Registrar Issue

d. Both servers have failed

e. UNIX Issue


 The Answers

1. The feature your manager describes is known as “Fault Tolerance,” which refers to a systems ability to remain working even if a component fails. The answer is C.

2. Because one server is operating at full utilization and the other is not being utilized at all, you should spread the work between the servers to achieve better network availability through Load Balancing. The answer is D.

3. If the servers have been set up for redundancy and the user is unable to access the servers, the only option (that is listed) that is possible is that both servers failed. The answer is D.

DAY 18: Remote Access

One of the most ever-present and ancient uses of the Internet and networking has been to provide remote access to networks or network resources. Since the early 1980’s, different remote access protocols have existed to allow users to remotely “dial in” to a network of choice; while some of these protocols have come and gone, many of them remain widely in use even today in dial-up WAN access and business VPN networks. The Security+ examination will test you on your ability to identify the security features, benefits, and costs of several types of remote access protocols and services.


RAS, or Remote Access Service, is a rarely-used, insecure, and outdated Microsoft offering in the area of remote access technology. You should know for the exam that RAS provides dial-up access and once was the protocol of choice for connecting to the Internet.



RAS was eventually replaced by PPP, the most common dial-up networking protocol today. PPP, or point-to-point protocol, utilizes a direct connection from a client to WAN over TCP/IP. This is advantageous for dial-up networking services as most people today wish to be able to use the Internet, which of course requires TCP/IP networking. When you think dial-up access, think PPP.


 Secure Connections

The next group of technologies is considered “secure” in that the technologies set up an encrypted, sometimes “tunneled,” and difficult-to-intercept connection. These are the technologies typically employed in VPN (Virtual Private Network) applications and corporate remote networks.



Point-to-point tunneling protocol, or PPTP, is a tunneling protocol that can encapsulate connection-oriented PPP packets (which are simple remote access packets) into connectionless IP packets. In doing so, the data remains within the “IP capsule,” which prevents sniffing and other outside manipulation. PPTP is a client-server system that requires a PPTP client, a PPTP server, and a special network access server to provide normal PPP service. PPTP is commonly used to set up “Virtual Private Networks,” which are like LAN’s that are spread across the Internet so that multiple remote clients can connect to one logical network.



Like PPTP, L2TP (Layer 2 Tunneling Protocol) utilizes a tunneling protocol, but unlike PPTP, L2TP utilizes IPSec (IP Security) to encrypt data all the way from the client to the server. Because of this, L2TP data is difficult to intercept. L2TP can accommodate for protocols other than IP to send datagrams and is therefore more versatile; it is also common in VPN applications.

Implementation of L2TP, a popular tunneling protocol


SSL, or Secure Sockets Layer, is a technology employed to allow for transport-layer security via public-key encryption. What you should know about this for the exam is that SSL is typically employed over HTTP, FTP, and other Application-layer protocols to provide security. HTTPS (HTTP over SSL) is particularly used by web merchants, credit card validation companies, and banks to ensure data security (think: lock icon)


Kerberos is a *Nix technology that is also being implemented in Microsoft technology to allow for client-server authentication over a network based on a shared key system. Kerberos is a public-key encryption technology and therefore is considered quite modern.

 Quick Review

1. You wish to implement VPN access so that an attorney can connect to the firm’s network remotely. Which remote access protocol might you use?



c. PPP

d. SSL

e. IPSec

2. A user complains that he cannot access a website because he does not have “some protocol” enabled. What is this protocol most likely to be?

a. FTP

b. HTTP over SSL

c. FTP over SSL


e. VPN

3. Your manager wants to make sure that when he dials in to a faraway corporate network, his connection is very secure and reliable. Which of the following is the most secure and reliable RAS?

a. RAS

b. PPP


d. L2TP



1. Of the choices, only PPTP can be used to implement VPN. Note that IPSec is a feature of IP and not a remote access protocol in its own right, though it is used by L2TP. The answer is B.

2. Websites are typically accessed through the HTTP protocol, so it is likely that the website is SSL-enabled and that he does not have that technology enabled on his client PC. The answer is B.

3. L2TP is most secure as it features both tunneling and encryption, which none of the other protocols listed can provide. The answer is D.

DAY 19: Network Repair and Maintenance Tools

The Network+ exam will cover some of the physical tools that network technicians use to repair, configure, troubleshoot, and maintain networks. Should you become a true network technician, you will no doubt some day have a need for these tools. While this portion of the exam is arguably one of the least covered in terms of number of questions, you will likely see at least two or three questions on this subject. So, it is to your benefit as a future test-taker and technician to learn all about these tools.


 Crimping Tool

A crimping tool, or a “crimper” as it is widely known, is a small tool that allows you to connect media to a connector. For example, many companies need long CAT5 media with RJ-45 connectors for traditional 100BaseTX Ethernet. Instead of purchasing this long media at a discount media outlet, the company will instead use a long CAT5 media and crimp RJ45 connectors on each end of the media, which can be cheaply obtained from various home improvement stores. This saves money and time. Most crimping tools are used for twisted pair wires; to crimp connectors onto twisted pair cabling, you “untwist” the twisted pair so that all of the wires are able to be chosen individually. Next, you place the wires snugly into the appropriate “hole,” which is actually a plated connector. Finally, when all of the wires are securely in place, use the crimp tool to “punch” the connector onto the wire.


 Punch Down Tool

A punch down tool is used to affix an untwisted twisted-pair cable onto a fixed connector, such as a wall jack, switch board, or like device. Each individual wire is connected to the appropriate spot on the connector by being “punched” onto it. A punch down tool will usually make a click when punched down.


 TDR Tool

A TDR, or Time Domain Reflectometer, is a simple tool with a complex name. All this does is send a signal down the wire and time how long it takes for the signal to bounce back. This tool might be used in assessing media issues, like shorts or breaks in wires.


 Tone Generator

This tool is used to identify a cable by the tone generated and is usually used with twisted pair cabling.



An oscilloscope can test media for shorts and other issues. It however does not time a signal’s reflection, making it different from a TDR tool.


 Network and Performance Monitoring Tools

These tools can be used to establish what is known as a “baseline,” or a control group in identifying network performance issues and troubleshooting network problems. These tools typically track network traffic, use, utilization, and other indicators.


 Quick Review

1. Which of the following tools might be used to establish a baseline for network performance?

a. Performance Monitoring Tool

b. Baseline Establishing Tool

c. Oscilloscope

d. NAT

e. Crimper

2. Which of the following tools would be used to attach a connector to media?

a. Network Monitoring Tool

b. Reflectometer

c. Crimper

d. Punch Down Tool

e. DHCP Tool



1. Only a performance monitoring tool (from the choices listed) would be an appropriate answer to the question, as it establishes a baseline for network performance. The answer is A.

2. A crimper attaches a connector to media. The answer is C.

DAY 20: Final Review Questions

Let’s finish up our guide with a comprehensive review of some of the points we have covered. Instead of listing the points individually, however, we will instead review for the test by the most relevant way possible – through answering questions that cover tested material! The questions below have been especially selected because of either their frequency of occurrence on the actual examination or their merits as questions that require a good deal of thinking. The questions will also be drawn from all areas of the Network+ exam to give you a complete picture of the exam.

The Questions

1. Which of the following topologies require the least amount of cabling?

A. Star

B. Mesh

C. Ring

D. Bus

Answer: You can easily eliminate Mesh, as this is the most media-intensive topology. In the Mesh topology, every node needs a connection to every other node! You can also eliminate the Star topology, which requires more cabling than Ring or Bus because every node requires a connection to a central hub or switch rather than a connection to the next node. Finally, you know that Bus requires less cabling than Ring because the ends of a Bus network only need be terminated. (D)

2. Which of the following is an objective of a fault-tolerant system?

A. Recovery of lost data

B. Efficiency in use of network resources

C. Multiple points of failure

D. Disk striping

Answer: Fault-tolerance refers to the ability of a system (a network, node, server, etc.) to remain available or operational even after a component of that system has failed. For example, a club’s telephone tree may have two different root branches so that if one person is not available, the other one should be. The only choice above that reflects this definition of fault tolerance is ( C ) “multiple points of failure,” because having multiple points of failure would imply that no one failure of any component would fail the system.

3. Complete: A repeater operates in Layer ___ of the OSI model.

A. 1

B. 2

C. 3

D. 4

Answer: Well, you should know that all a repeater does is amplify a data signal on the wire. It has no conception of network traffic or segments and is therefore only concerned with the physical electronic signals on the wire. Therefore, it operates in the Physical layer of the OSI model, which is layer 1. (A)

4. Workstation A cannot access the email server. Workstation B, however, can access the email server. Which of the following would be the most logical next step in troubleshooting workstation A’s issue?

A. Use Workstation B to attempt to connect to a different email server

B. Use a reflectometer to test the media that connects Workstation A to the network

C. Use Workstation A to attempt to connect to another network node

D. Use an outside host to attempt to connect to the email server

E. Use Workstation B to ping an outside host

Answer: In these types of questions, always remember that the only choices you are given are those following the question. Even if you feel there is a better answer than the choices out there (and there may very well be a better answer), choose the “BEST” of the given choices. You can easily eliminate choice A because Workstation B is essentially irrelevant to Workstation A’s issues. You can eliminate choice B because this would not be a logical next step – you would only use a reflectometer to test media, and you would have no idea (at this point) if the media was the issue. Choice D is totally irrelevant because it does not help in pinpointing the problem; in the given situation, you are not trying to connect from an outside host. The same holds true for choice E. Therefore, the only relevant and possible choice is choice C. By attempting to connect to another node, you could determine if A is totally disconnected from the network or if its problems in connecting are limited to its access to the email server. ( C )

5. Which of the following name resolution services would a Nix host typically use?


B. Proxy





Answer: Right away you can eliminate choices A, B, and C because you know that none of these services provide name resolution. So the choice is between DNS, HOSTS, and LMHOSTS. The latter two are typically used in Microsoft Windows name resolution. The answer therefore is DNS, or domain name resolution service. This is used in both Nix and Windows environments and is also the correct answer. (D)

6. One user complains that he cannot access one application on a server but can access the other one. Four other users you ask say they can access both of the applications. What is the most logical next step?

A. Reboot the server

B. Reformat the workstation of the complaining user

C. Check the access permissions of the user

D. Reformat the server

E. Unpower the network hub

Answer: Again, remember that on questions like this, you have to choose the BEST ANSWER FROM THE ONES GIVEN. I cannot stress this enough. So, even if you feel that there are better choices than those out there, just assess each choice in comparison to the others. Obviously, choices B and D are rather drastic (in general, reformatting will never be a correct answer). Choice E will do absolutely nothing to correct the problem or even identify it. The choice is therefore between A and C. Rebooting the server could potentially solve the problem, but it is more likely that checking the access permissions of the user could identify why just that user is experiencing difficulties. The answer is therefore ( C ).

7. Where does a packet go if the destination is not on the local subnet?

A. DNS Server

B. Default Gateway

C. Repeater

D. Switch

E. Application-Level Firewall

Answer: Looking at the choices, you should be able to eliminate answers like A, C, D, and E. None of those choices are involved with the delivery or routing of packets. A Default gateway, as its name suggests, is the default place that a packet will go to when it doesn’t know where to go (when the destination is not the subnet). (B)

8. Which authentication/LAN access security system does Windows 2000 natively use?

A. Kerebos

B. IPSec



Answer: Some questions on the exam are simply knowledge based. You just have to know that Kerebos is used in Windows 2000; no amount of logical reasoning can get you to arrive at this answer. (A)

Good luck on the examination! I wish the best of luck to you.