The CompTIA Network+ N10-008 exam is a foundational certification that validates your networking knowledge and practical skills. The Performance-Based Questions (PBQs) are the most challenging part of the exam, requiring you to demonstrate hands-on abilities in real-world networking scenarios.
In this comprehensive guide, we'll cover the three most common types of Network+ PBQs with detailed examples, step-by-step solutions, and practical strategies: IP subnetting and addressing, network troubleshooting, and device configuration. Master these skills to pass your Network+ exam with confidence.
๐ข Subnetting PBQs
Subnetting PBQs test your ability to calculate network ranges, determine usable host addresses, and design network segments that meet specific requirements. These questions often involve VLSM (Variable Length Subnet Masking) and require quick, accurate calculations.
Essential Subnetting Concepts
- Network ID: The first address in a subnet (cannot be assigned to hosts)
- Broadcast Address: The last address in a subnet (cannot be assigned to hosts)
- Usable Hosts: Total addresses minus 2 (network ID and broadcast)
- CIDR Notation: /24 means 24 bits for network, 8 bits for hosts
- Subnet Mask: Determines which portion of IP is network vs. host
- Magic Number: 256 minus the subnet octet = subnet increment
Quick Reference: Common Subnet Masks
| CIDR | Subnet Mask | Usable Hosts | Subnets (Class C) |
|---|---|---|---|
| /24 | 255.255.255.0 | 254 | 1 |
| /25 | 255.255.255.128 | 126 | 2 |
| /26 | 255.255.255.192 | 62 | 4 |
| /27 | 255.255.255.224 | 30 | 8 |
| /28 | 255.255.255.240 | 14 | 16 |
| /29 | 255.255.255.248 | 6 | 32 |
| /30 | 255.255.255.252 | 2 | 64 (point-to-point) |
๐ Example Scenario 1: VLSM Design
Scenario: You have been assigned the network 192.168.10.0/24 and need to create subnets for the following departments:
- Sales: 50 hosts
- Engineering: 25 hosts
- Management: 10 hosts
- 2 Point-to-Point links: 2 hosts each
Solution Strategy: Start with the largest subnet first to avoid wasting IP space.
Step-by-Step Solution:
1. Sales Department (50 hosts needed):
- Need at least 50 usable hosts โ requires 6 host bits (2^6 = 64 - 2 = 62 usable)
- Subnet: 192.168.10.0/26 (255.255.255.192)
- Network ID: 192.168.10.0
- First usable: 192.168.10.1
- Last usable: 192.168.10.62
- Broadcast: 192.168.10.63
2. Engineering Department (25 hosts needed):
- Need at least 25 usable hosts โ requires 5 host bits (2^5 = 32 - 2 = 30 usable)
- Subnet: 192.168.10.64/27 (255.255.255.224)
- Network ID: 192.168.10.64
- First usable: 192.168.10.65
- Last usable: 192.168.10.94
- Broadcast: 192.168.10.95
3. Management Department (10 hosts needed):
- Need at least 10 usable hosts โ requires 4 host bits (2^4 = 16 - 2 = 14 usable)
- Subnet: 192.168.10.96/28 (255.255.255.240)
- Network ID: 192.168.10.96
- First usable: 192.168.10.97
- Last usable: 192.168.10.110
- Broadcast: 192.168.10.111
4. Point-to-Point Link 1 (2 hosts needed):
- Need exactly 2 usable hosts โ use /30 (2^2 = 4 - 2 = 2 usable)
- Subnet: 192.168.10.112/30 (255.255.255.252)
- Network ID: 192.168.10.112
- Usable: 192.168.10.113, 192.168.10.114
- Broadcast: 192.168.10.115
5. Point-to-Point Link 2 (2 hosts needed):
- Subnet: 192.168.10.116/30 (255.255.255.252)
- Network ID: 192.168.10.116
- Usable: 192.168.10.117, 192.168.10.118
- Broadcast: 192.168.10.119
๐ Example Scenario 2: Determining Subnet Membership
Scenario: Host A has IP 172.16.45.67/21. Host B has IP 172.16.50.200. Are they on the same subnet?
Step-by-Step Solution:
1. Identify the subnet mask:
- /21 = 255.255.248.0
- Third octet: 248 = 11111000 in binary
- Magic number: 256 - 248 = 8 (subnet increment)
2. Find subnet boundaries (subnets increment by 8 in third octet):
- Subnet ranges: .0, .8, .16, .24, .32, .40, .48, .56...
- Host A (172.16.45.67) falls in range 172.16.40.0 - 172.16.47.255
- Host B (172.16.50.200) falls in range 172.16.48.0 - 172.16.55.255
3. Conclusion:
NO, they are on different subnets. Host A is on 172.16.40.0/21, while Host B is on 172.16.48.0/21.
๐ก Pro Exam Tips for Subnetting PBQs:
- Memorize powers of 2: 2, 4, 8, 16, 32, 64, 128, 256
- Use the magic number: 256 - subnet octet value = increment
- Start with largest subnets first: Prevents IP address waste in VLSM
- Remember the formula: Usable hosts = 2^(host bits) - 2
- Binary is your friend: When in doubt, convert to binary
- /30 for point-to-point: Most efficient for router links
- Check your work: Ensure no overlapping IP ranges
๐ง Network Troubleshooting PBQs
Troubleshooting PBQs test your ability to diagnose and resolve network connectivity issues using systematic approaches and appropriate tools. These questions simulate real-world scenarios where you must identify the root cause and recommend solutions.
Essential Troubleshooting Tools
| Tool | Purpose | Key Information |
|---|---|---|
| ping | Test connectivity | Reachability, latency, packet loss |
| traceroute | Trace network path | Hop-by-hop route, identify where failure occurs |
| ipconfig/ifconfig | View IP configuration | IP, subnet mask, gateway, DNS |
| nslookup/dig | Test DNS resolution | Name-to-IP mapping, DNS server issues |
| netstat | View active connections | Open ports, established sessions, routing table |
| arp | View/manipulate ARP cache | IP-to-MAC address mappings |
| Cable Tester | Test physical cables | Wire continuity, opens, shorts, miswiring |
| Loopback Adapter | Test NIC functionality | Isolate NIC vs cable issues |
The OSI Model Troubleshooting Approach
Always troubleshoot systematically, typically starting from the bottom (Physical) and working up:
- Layer 1 (Physical): Check cables, connectors, link lights
- Layer 2 (Data Link): Verify MAC addresses, switch ports, VLANs
- Layer 3 (Network): Confirm IP configuration, subnet masks, gateways
- Layer 4 (Transport): Check firewall rules, port accessibility
- Layer 7 (Application): Test application-specific settings
๐ Example Scenario 1: No Internet Connectivity
Scenario: A user reports they cannot access the internet. Other users on the same network have no issues. You run the following commands:
C:\> ipconfig Ethernet adapter Local Area Connection: IP Address. . . . . . . . . . . : 169.254.45.200 Subnet Mask . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . : C:\> ping 192.168.1.1 Request timed out. C:\> ping 127.0.0.1 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
๐ Analysis:
- Issue Identified: APIPA address (169.254.x.x) indicates DHCP failure
- Layer 3 Problem: No IP configuration obtained from DHCP server
- Evidence:
- IP address is in APIPA range (169.254.0.0/16)
- No default gateway configured
- Loopback (127.0.0.1) works - TCP/IP stack is functional
- Cannot ping gateway - no Layer 3 connectivity
- Troubleshooting Steps:
- 1. Check physical connection (Layer 1): Verify cable is connected, link light is on
- 2. Release and renew DHCP:
ipconfig /releasethenipconfig /renew - 3. Check DHCP server availability on network
- 4. Verify switch port is configured correctly (not in wrong VLAN)
- 5. If DHCP unavailable, manually configure static IP
- Solution: Run
ipconfig /renewto obtain DHCP address. If that fails, check DHCP server or manually assign static IP: 192.168.1.x/24, gateway 192.168.1.1, DNS 8.8.8.8
๐ Example Scenario 2: Can't Reach Remote Server
Scenario: Users can access the local network but cannot reach a remote server at 203.0.113.50. You run diagnostics:
C:\> ping 192.168.1.1 Reply from 192.168.1.1: bytes=32 time=1ms TTL=64 C:\> ping 8.8.8.8 Reply from 8.8.8.8: bytes=32 time=25ms TTL=56 C:\> ping 203.0.113.50 Request timed out. C:\> tracert 203.0.113.50 1 1 ms <1 ms <1 ms 192.168.1.1 2 5 ms 4 ms 4 ms 10.50.1.1 3 * * * Request timed out. 4 * * * Request timed out.
๐ Analysis:
- Issue Identified: Routing problem or firewall blocking traffic
- Evidence:
- Local gateway (192.168.1.1) is reachable - Layer 1-3 working locally
- Google DNS (8.8.8.8) is reachable - Internet connectivity works
- Target server (203.0.113.50) is unreachable
- Traceroute shows packets reach hop 2 (10.50.1.1) then timeout
- Possible Causes:
- Firewall blocking traffic to 203.0.113.50
- Router at 10.50.1.1 has no route to destination
- Target server is down or blocking ICMP
- ACL (Access Control List) denying traffic
- Troubleshooting Steps:
- 1. Check if server responds to other protocols: Try telnet to port 80 or 443
- 2. Verify routing table on local router:
netstat -r - 3. Check firewall rules for blocks to 203.0.113.0/24
- 4. Contact network admin to verify routing at hop 2 (10.50.1.1)
- 5. Verify target server is operational
- Most Likely Solution: Firewall or ACL blocking traffic. Check firewall rules at your edge router or contact server administrator.
๐ Example Scenario 3: DNS Resolution Failure
Scenario: Users report they can access websites by IP address but not by name. Diagnose the issue:
C:\> ping 8.8.8.8
Reply from 8.8.8.8: bytes=32 time=20ms TTL=56
C:\> ping www.google.com
Ping request could not find host www.google.com. Please check the name and try again.
C:\> nslookup www.google.com
Server: UnKnown
Address: 192.168.1.99
DNS request timed out.
timeout was 2 seconds.
C:\> ipconfig /all
DNS Servers . . . . . . . . . . : 192.168.1.99
๐ Analysis:
- Issue Identified: DNS server (192.168.1.99) is unreachable or not functioning
- Layer 7 Application Problem: DNS resolution failing
- Evidence:
- IP connectivity works (ping 8.8.8.8 succeeds)
- Name resolution fails (can't ping www.google.com)
- nslookup times out when querying DNS server
- DNS server configured as 192.168.1.99
- Troubleshooting Steps:
- 1. Test DNS server connectivity:
ping 192.168.1.99 - 2. Try alternate DNS: Manually test with
nslookup www.google.com 8.8.8.8 - 3. Check if DNS service is running on 192.168.1.99
- 4. Flush local DNS cache:
ipconfig /flushdns
- 1. Test DNS server connectivity:
- Immediate Solution: Change DNS servers to public DNS:
- Primary: 8.8.8.8 (Google)
- Secondary: 1.1.1.1 (Cloudflare)
- Or contact network admin to fix internal DNS server
๐ก Pro Exam Tips for Troubleshooting PBQs:
- Start at Layer 1: Always check physical first (cables, lights, connections)
- Use systematic approach: Follow OSI model bottom-up or top-down
- Ping 3 targets: Loopback (127.0.0.1), gateway, external (8.8.8.8)
- APIPA = DHCP problem: 169.254.x.x means no DHCP server reached
- Traceroute shows the path: First timeout is where problem occurs
- DNS vs connectivity: If IP works but name doesn't = DNS issue
- Document your findings: Track what works and what doesn't
โ๏ธ Network Configuration PBQs
Configuration PBQs test your ability to properly configure network devices including switches, routers, wireless access points, and other infrastructure. These questions require understanding of VLANs, routing, ACLs, and wireless security.
Common Configuration Tasks
- Switch Configuration: VLANs, trunk ports, port security, spanning tree
- Router Configuration: Static routes, default gateway, NAT, DHCP
- Wireless Configuration: SSID, encryption, channels, authentication
- DHCP Server: Scope, exclusions, reservations, lease time
- Access Control Lists: Permit/deny rules, order of operations
๐ Example Scenario 1: VLAN Configuration
Scenario: Configure a switch to support three departments on separate VLANs. Port 24 should trunk to another switch.
Configuration Requirements:
- VLAN 10: Sales (Ports 1-8)
- VLAN 20: Engineering (Ports 9-16)
- VLAN 30: Management (Ports 17-23)
- Port 24: Trunk port (all VLANs)
Switch Commands:
Switch> enable Switch# configure terminal ! Create VLANs Switch(config)# vlan 10 Switch(config-vlan)# name Sales Switch(config-vlan)# exit Switch(config)# vlan 20 Switch(config-vlan)# name Engineering Switch(config-vlan)# exit Switch(config)# vlan 30 Switch(config-vlan)# name Management Switch(config-vlan)# exit ! Assign ports to VLANs Switch(config)# interface range fastethernet 0/1-8 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 10 Switch(config-if-range)# exit Switch(config)# interface range fastethernet 0/9-16 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 20 Switch(config-if-range)# exit Switch(config)# interface range fastethernet 0/17-23 Switch(config-if-range)# switchport mode access Switch(config-if-range)# switchport access vlan 30 Switch(config-if-range)# exit ! Configure trunk port Switch(config)# interface fastethernet 0/24 Switch(config-if)# switchport mode trunk Switch(config-if)# switchport trunk allowed vlan 10,20,30 Switch(config-if)# exit Switch(config)# exit Switch# write memory
Verification Commands:
show vlan brief- Display VLAN assignmentsshow interface trunk- Verify trunk configurationshow running-config- View complete configuration
๐ Example Scenario 2: Static Routing Configuration
Scenario: Configure a router to route traffic between three networks. Add a default route for internet access.
Network Topology:
- Router Interface Gi0/0: 192.168.1.1/24 (LAN A)
- Router Interface Gi0/1: 192.168.2.1/24 (LAN B)
- Router Interface Gi0/2: 10.50.1.2/30 (ISP connection)
- ISP Gateway: 10.50.1.1
- Remote Network: 172.16.0.0/16 via 10.50.1.1
Router Commands:
Router> enable Router# configure terminal ! Configure interfaces Router(config)# interface gigabitethernet 0/0 Router(config-if)# ip address 192.168.1.1 255.255.255.0 Router(config-if)# no shutdown Router(config-if)# exit Router(config)# interface gigabitethernet 0/1 Router(config-if)# ip address 192.168.2.1 255.255.255.0 Router(config-if)# no shutdown Router(config-if)# exit Router(config)# interface gigabitethernet 0/2 Router(config-if)# ip address 10.50.1.2 255.255.255.252 Router(config-if)# no shutdown Router(config-if)# exit ! Configure static routes ! Route to remote network Router(config)# ip route 172.16.0.0 255.255.0.0 10.50.1.1 ! Default route for internet Router(config)# ip route 0.0.0.0 0.0.0.0 10.50.1.1 Router(config)# exit Router# write memory
Verification Commands:
show ip route- Display routing tableshow ip interface brief- Verify interface statusping 172.16.1.1- Test connectivity to remote network
๐ Example Scenario 3: DHCP Server Configuration
Scenario: Configure a DHCP server for the 192.168.10.0/24 network. Reserve IPs .1-.10 for servers, assign lease time of 8 hours.
DHCP Configuration Requirements:
- Network: 192.168.10.0/24
- Gateway: 192.168.10.1
- DNS Servers: 8.8.8.8, 8.8.4.4
- Excluded Range: 192.168.10.1 - 192.168.10.10
- DHCP Pool: 192.168.10.11 - 192.168.10.254
- Lease Time: 8 hours
Configuration (Cisco Router as DHCP Server):
Router> enable Router# configure terminal ! Exclude addresses reserved for servers Router(config)# ip dhcp excluded-address 192.168.10.1 192.168.10.10 ! Create DHCP pool Router(config)# ip dhcp pool LAN_POOL Router(dhcp-config)# network 192.168.10.0 255.255.255.0 Router(dhcp-config)# default-router 192.168.10.1 Router(dhcp-config)# dns-server 8.8.8.8 8.8.4.4 Router(dhcp-config)# lease 0 8 0 Router(dhcp-config)# exit ! Optional: Create reservation for specific device Router(config)# ip dhcp pool PRINTER_RESERVATION Router(dhcp-config)# host 192.168.10.50 255.255.255.0 Router(dhcp-config)# client-identifier 01aa.bbcc.ddee.ff Router(dhcp-config)# default-router 192.168.10.1 Router(dhcp-config)# exit Router(config)# exit Router# write memory
Verification Commands:
show ip dhcp pool- Display DHCP pool informationshow ip dhcp binding- View current DHCP leasesshow ip dhcp conflict- Check for IP address conflicts
๐ Example Scenario 4: Wireless Access Point Configuration
Scenario: Configure a wireless access point with WPA3-Personal security, optimal channel selection, and guest network isolation.
Configuration Settings:
Primary Network (Corporate):
| SSID: | CorpWiFi |
| Security: | WPA3-Personal (or WPA2 if devices don't support WPA3) |
| Passphrase: | [Strong 16+ character password] |
| 2.4GHz Channel: | 1, 6, or 11 (non-overlapping) |
| 5GHz Channel: | 36, 40, 44, 48 (preferred DFS channels) |
| Channel Width: | 20MHz (2.4GHz), 40MHz or 80MHz (5GHz) |
| VLAN: | 10 (Corporate) |
Guest Network:
| SSID: | Guest-WiFi |
| Security: | WPA2-Personal |
| Client Isolation: | Enabled |
| VLAN: | 99 (Guest - isolated) |
| Bandwidth Limit: | 10 Mbps per client |
Additional Best Practices:
- Disable WPS (Wi-Fi Protected Setup)
- Enable PMF (Protected Management Frames) for WPA3
- Set appropriate transmit power to avoid interference
- Enable Fast Roaming (802.11r) if supported
- Configure SSID broadcast based on security policy
- Enable MAC filtering only as an additional layer (not primary security)
๐ก Pro Exam Tips for Configuration PBQs:
- VLAN trunk ports: Must be configured on both switches for inter-switch communication
- Static routes need next-hop: Specify either next-hop IP or exit interface
- Default route is 0.0.0.0/0: Matches all destinations (gateway of last resort)
- DHCP exclusions first: Always configure excluded addresses before creating pool
- Channels 1, 6, 11 for 2.4GHz: Only non-overlapping channels in US
- Save your config: Use
write memoryorcopy run start - Verify after configuration: Always use show commands to confirm
๐ Key Takeaways
- Subnetting is fundamental. Memorize powers of 2, understand CIDR notation, and practice VLSM scenarios daily.
- Use systematic troubleshooting. Follow the OSI model, test connectivity at each layer, and document your findings.
- Start with Layer 1. Most network issues are physical - check cables, connections, and link lights first.
- APIPA means DHCP failure. 169.254.x.x addresses indicate the host couldn't reach a DHCP server.
- VLANs segment broadcast domains. Use trunk ports to carry multiple VLANs between switches.
- Static routes need careful planning. Ensure routing is bidirectional - both forward and return paths must exist.
- Wireless security matters. Use WPA3 when possible, disable WPS, and isolate guest networks.
- Know your tools. Ping tests reachability, traceroute shows the path, nslookup tests DNS.
- Practice makes perfect. Use simulators like Packet Tracer or GNS3 to build hands-on experience.
-
Save your configurations. Always use
write memoryor configurations will be lost on reboot.