1.1 OSI Reference Model
The Open Systems Interconnection (OSI) model is a conceptual framework that standardizes network communication functions into seven distinct layers.
Provides network services directly to user applications. Examples: HTTP, HTTPS, FTP, SMTP, DNS
Handles data encryption, compression, and format translation. Examples: SSL/TLS, JPEG, ASCII
Manages communication sessions between applications. Examples: NetBIOS, SQL sessions, RPC
Provides reliable data delivery and flow control. Examples: TCP, UDP
Handles routing and logical addressing. Examples: IP, ICMP, OSPF, BGP
Manages frame formatting and error detection. Examples: Ethernet, Wi-Fi, PPP
Defines physical transmission medium and electrical specifications. Examples: Cables, connectors, radio frequencies
1.2 Network Appliances, Applications & Functions
Physical and Virtual Appliances
Router
Layer 3 device that forwards packets between networks using IP addresses. Determines best path for data transmission.
Switch
Layer 2 device that forwards frames within a network using MAC addresses. Creates separate collision domains.
Firewall
Security device that filters network traffic based on predefined rules. Can be hardware or software-based. Learn more about network security implementations.
IDS/IPS
IDS: Monitors network for malicious activity. IPS: Actively blocks detected threats.
Load Balancer
Distributes incoming network traffic across multiple servers to optimize resource utilization and prevent overload.
Proxy
Acts as intermediary between clients and servers. Can provide caching, filtering, and security functions.
NAS (Network Attached Storage)
File-level storage connected to network, accessible by multiple clients via standard network protocols.
SAN (Storage Area Network)
High-speed network providing block-level storage access, typically using Fibre Channel or iSCSI.
Wireless Components
Access Point (AP)
Device that allows wireless devices to connect to a wired network using Wi-Fi standards (802.11).
Wireless Controller
Centralized device that manages multiple access points, providing configuration, monitoring, and security.
Network Functions
VPN (Virtual Private Network)
Creates secure, encrypted tunnel over public networks for private communication.
QoS (Quality of Service)
Traffic management technique that prioritizes certain types of network traffic to ensure performance.
TTL (Time to Live)
Field in IP header that limits packet lifetime, preventing infinite routing loops.
CDN (Content Delivery Network)
Geographically distributed servers that deliver web content from locations closest to users.
1.3 Cloud Concepts & Connectivity
Cloud computing fundamentals are essential for modern networking. For advanced cloud security concepts, also explore our Security+ Network Architecture guide.
Cloud Deployment Models
Public Cloud
Services offered over public internet, owned by cloud provider. Examples: AWS, Azure, Google Cloud.
Private Cloud
Dedicated cloud infrastructure for single organization, offering greater control and security.
Hybrid Cloud
Combination of public and private clouds, allowing data and applications to move between them.
Service Models
SaaS (Software as a Service)
Complete applications delivered over internet. Examples: Gmail, Office 365, Salesforce.
PaaS (Platform as a Service)
Development platforms provided as service. Examples: Google App Engine, Heroku.
IaaS (Infrastructure as a Service)
Virtualized computing resources over internet. Examples: AWS EC2, Azure VMs.
Cloud Networking Components
VPC (Virtual Private Cloud)
Isolated network environment within cloud provider's infrastructure.
Network Security Groups
Virtual firewalls that control inbound and outbound traffic for cloud resources.
Internet Gateway
Allows communication between VPC and internet, enabling public connectivity.
NAT Gateway
Enables outbound internet access for private subnet resources while blocking inbound access.
1.4 Common Ports, Protocols & Services
| Protocol | Port(s) | Description | Security |
|---|---|---|---|
| FTP | 20/21 | File Transfer Protocol - transfers files between systems | ❌ Unencrypted |
| SSH/SFTP | 22 | Secure Shell / Secure File Transfer Protocol | ✅ Encrypted |
| Telnet | 23 | Remote terminal access | ❌ Unencrypted |
| SMTP | 25 | Simple Mail Transfer Protocol - sends email | ❌ Unencrypted |
| DNS | 53 | Domain Name System - resolves domain names | ⚠️ Can be secured with DNS over HTTPS |
| DHCP | 67/68 | Dynamic Host Configuration Protocol - assigns IP addresses | ⚠️ Local network protocol |
| TFTP | 69 | Trivial File Transfer Protocol - simple file transfer | ❌ Unencrypted |
| HTTP | 80 | Hypertext Transfer Protocol - web browsing | ❌ Unencrypted |
| NTP | 123 | Network Time Protocol - time synchronization | ⚠️ Can be secured |
| SNMP | 161/162 | Simple Network Management Protocol - network monitoring | ⚠️ v3 provides encryption |
| LDAP | 389 | Lightweight Directory Access Protocol | ❌ Unencrypted |
| HTTPS | 443 | HTTP Secure - encrypted web browsing | ✅ TLS Encrypted |
| SMB | 445 | Server Message Block - file sharing | ⚠️ Can be encrypted |
| Syslog | 514 | System logging protocol | ❌ Unencrypted (UDP) |
| SMTPS | 587 | SMTP with STARTTLS encryption | ✅ Encrypted |
| LDAPS | 636 | LDAP over SSL/TLS | ✅ Encrypted |
| SQL Server | 1433 | Microsoft SQL Server database | ⚠️ Can be encrypted |
| RDP | 3389 | Remote Desktop Protocol | ⚠️ Can be encrypted |
| SIP | 5060/5061 | Session Initiation Protocol - VoIP | ⚠️ 5061 is encrypted (TLS) |
IP Protocol Types
ICMP
Internet Control Message Protocol - error reporting and diagnostics (ping, traceroute)
TCP
Transmission Control Protocol - reliable, connection-oriented transport
UDP
User Datagram Protocol - fast, connectionless transport
GRE
Generic Routing Encapsulation - tunneling protocol
IPSec
IP Security - authentication and encryption at network layer
Traffic Types
Unicast
One-to-one communication between single sender and receiver
Multicast
One-to-many communication to specific group of receivers
Anycast
One-to-nearest communication, routing to closest available server
Broadcast
One-to-all communication within network segment
1.5 Transmission Media & Transceivers
Wireless Technologies
802.11 Standards
802.11a: 5GHz, 54Mbps
802.11b: 2.4GHz, 11Mbps
802.11g: 2.4GHz, 54Mbps
802.11n: 2.4/5GHz, 600Mbps
802.11ac: 5GHz, 6.93Gbps
802.11ax (Wi-Fi 6): 2.4/5GHz, 9.6Gbps
Cellular
Mobile wireless technology: 3G, 4G LTE, 5G networks for data and voice communication
Satellite
Communication via satellites for remote locations and global coverage
Wired Technologies
802.3 Ethernet Standards
10BASE-T: 10Mbps over copper
100BASE-TX: 100Mbps Fast Ethernet
1000BASE-T: 1Gbps Gigabit Ethernet
10GBASE-T: 10Gbps over copper
Fiber Optic
Single-mode: Long distance, single light
path
Multi-mode: Shorter distance, multiple light
paths
Copper Cables
DAC (Direct Attach Copper): Twinaxial for short
distances
Coaxial: Central conductor with shield
Connectors & Transceivers
Fiber Connectors
SC: Square connector, push-pull
LC: Small form factor
ST: Straight tip, bayonet
MPO: Multi-fiber ribbon
Copper Connectors
RJ45:
8-pin Ethernet
RJ11: 6-pin telephone
BNC: Coaxial bayonet
F-type: Cable TV coaxial
Transceivers
SFP: Small Form-factor Pluggable
QSFP: Quad SFP for higher speeds
Support Ethernet and Fibre Channel protocols
1.6 Network Topologies & Architectures
Network Topologies
Star/Hub and Spoke
Central hub connects to all nodes. Easy to manage but single point of failure.
Mesh
Full Mesh: Every node connects to every other
node
Partial Mesh: Some nodes have multiple
connections
Point-to-Point
Direct connection between two nodes, commonly used for WAN links.
Hybrid
Combination of multiple topology types within same network.
Data Center Architectures
Three-Tier Hierarchical
Core: High-speed backbone
Distribution: Aggregation and policy
Access: End device connectivity
Spine and Leaf
Modern data center design with leaf switches connecting to all spine switches for optimal east-west traffic flow.
Collapsed Core
Combines core and distribution layers for smaller networks.
Traffic Flow Patterns
North-South Traffic
Traffic flowing between data center and external networks (clients, internet).
East-West Traffic
Traffic flowing between servers within the data center (server-to-server communication).
1.7 IPv4 Network Addressing
IPv4 Address Classes
Class A
Range: 1.0.0.0 - 126.255.255.255
Default Mask: /8 (255.0.0.0)
Hosts per Network: 16,777,214
Class B
Range: 128.0.0.0 - 191.255.255.255
Default Mask: /16 (255.255.0.0)
Hosts per Network: 65,534
Class C
Range: 192.0.0.0 - 223.255.255.255
Default Mask: /24 (255.255.255.0)
Hosts per Network: 254
Class D (Multicast)
Range: 224.0.0.0 - 239.255.255.255
Used for multicast group communication
Class E (Experimental)
Range: 240.0.0.0 - 255.255.255.255
Reserved for future use and research
Special Address Ranges
RFC 1918 Private Addresses
Class A: 10.0.0.0/8
Class B: 172.16.0.0/12
Class C: 192.168.0.0/16
APIPA (Automatic Private IP Addressing)
Range: 169.254.0.0/16
Self-assigned when DHCP unavailable
Loopback/Localhost
Range: 127.0.0.0/8
Common: 127.0.0.1
Used for local testing
Subnetting Concepts
CIDR
Classless Inter-Domain Routing eliminates class boundaries, allowing flexible subnet sizing using prefix notation (/24, /28, etc.)
VLSM
Variable Length Subnet Mask allows different subnet sizes within the same network, optimizing IP address utilization.
• Number of Subnets = 2^(borrowed bits)
• Number of Hosts = 2^(host bits) - 2
• Subtract 2 for network and broadcast addresses
1.8 Modern Network Environments
Software-Defined Networking
SDN
Separates control plane from data plane, enabling centralized network programmability and management.
SD-WAN
Software-defined approach to WAN connectivity with application-aware routing and centralized policy management.
Key Features
Application Aware: Traffic optimization based
on application requirements
Zero-touch Provisioning: Automated device
deployment
Transport Agnostic: Works over any connection
type
Modern Architectures
VXLAN
Virtual Extensible LAN provides Layer 2 overlay networks over Layer 3 infrastructure, enabling data center interconnect.
Zero Trust Architecture
Security model based on "never trust, always verify" with continuous authentication and least privilege access.
SASE/SSE
SASE: Secure Access Service Edge combines
networking and security
SSE: Security Service Edge focuses on
cloud-delivered security services
Infrastructure as Code
Automation Benefits
Playbooks/Templates: Reusable configuration
scripts
Configuration Drift: Automated compliance
checking
Dynamic Inventories: Automatically discovered
resources
Source Control
Version Control: Track configuration changes
Central Repository: Single source of truth
Branching: Parallel development workflows
Conflict Resolution: Merge conflict
identification
FAQ Frequently Asked Questions
What is Domain 1.0 of the CompTIA Network+ N10-009 exam?
Domain 1.0 covers Networking Concepts and represents approximately 23% of the exam. It includes the OSI model, network appliances, cloud concepts, protocols, transmission media, topologies, and IPv4 addressing.
How important is the OSI model for Network+ certification?
The OSI model is fundamental to understanding network communication. You should memorize all seven layers and understand the protocols and functions at each layer, as this knowledge applies throughout the entire exam.
Which ports and protocols are most important to memorize?
Focus on common protocols like HTTP (80), HTTPS (443), SSH (22), FTP (20/21), DNS (53), DHCP (67/68), SMTP (25), POP3 (110), IMAP (143), SNMP (161), and LDAP (389/636). Also understand whether each protocol is encrypted or unencrypted.