RoleMath Study Track for CompTIA Network+ (N10-009)
A free study companion keyed to the officially published exam domains of CompTIA Network+ (N10-009): what each domain covers in plain language, clearly labeled free resources, a guided lab outline for every domain, and interactive self-checks from our own question bank. CompTIA Network+ objectives
A free, source-cited study companion built on CompTIA's published exam objectives — not official training, not a pass guarantee. Verify the current objectives on the official page before your exam.
A free Network+ program blueprint that follows CompTIA's current N10-009 scope, uses official-first and vetted community instruction, and turns every domain into authorized networking evidence without claiming instructional completeness or an exam or employment outcome.
This draft exposes RoleMath’s authored sequence and evidence plan. The current labs are guided outlines, not yet a fully fixture-backed course, and objective-leaf coverage has not passed the gold-standard gate. Completion does not predict an exam result.
Modules
5
Labs
5
Concept checks
12
Resource mix
2 official / 3 community
Choose an outcome
Three routes through the same evidence
Choose provisionally. Change routes when the work tells you something new about fit, time, or readiness.
Certification-focused
Learners who have chosen Network+ and need one sequence across the complete current N10-009 blueprint.
Completion emphasis: Complete all five modules and labs, the official sample set, the integrated branch-network capstone, and a final objective-by-objective gap review.
Required phases: Scope, safety, and baseline, Models, protocols, and addressing, Build and validate a small network, Operate and protect the network, Localize faults by layer, Branch-network capstone and gap review
Networking skills first
Career changers and support technicians who want reviewable evidence of addressing, implementation, operations, security, and fault-isolation skills before scheduling an exam.
Completion emphasis: Retain a redacted topology, addressing plan, simulator evidence, service baseline, traffic analysis, troubleshooting record, and technical handoff from the labs and capstone.
Required phases: Scope, safety, and baseline, Models, protocols, and addressing, Build and validate a small network, Operate and protect the network, Localize faults by layer, Branch-network capstone and gap review
Career-fit sprint
Learners deciding whether network support, infrastructure, or a later security specialization fits how they like to reason and work.
Completion emphasis: Complete the diagnostic, subnetting lab, simulator build, and fault-localization lab; record whether structured diagrams, command evidence, and layered troubleshooting felt engaging enough to continue.
Required phases: Scope, safety, and baseline, Models, protocols, and addressing, Build and validate a small network, Localize faults by layer
Start safely
Prerequisite diagnostic
Route learners to safe setup and foundation work before the networking labs; this is a practice-readiness diagnostic, not a vendor prerequisite or exam prediction.
Do you have a personal computer and an owned private network, or can you keep every implementation step inside an offline simulator?
Ready when: Yes, with explicit permission for every device, interface, and network observed.
If not yet: Use the paper, written-scenario, and offline-simulator variants; do not run diagnostics or captures on work, school, public, or shared networks.
Can you open a terminal, enter a command exactly, and identify which output belongs to your active network interface?
Ready when: Yes, with written steps and permission to inspect the local device.
If not yet: Practice opening the terminal and reading ipconfig or ip addr before starting the operations and troubleshooting labs.
Can you convert small powers of two and follow a worked binary or CIDR example without a subnet calculator doing the reasoning for you?
Ready when: Yes, or you are prepared to complete the paper subnet warm-up first.
If not yet: Review binary place values and powers of two, then work the first equal-size /24 split on paper before using any calculator to check it.
Can you install VirtualBox and run two small Linux VMs you own on a host-only network, or do device/account restrictions require a diagram-and-command-transcript alternative?
Ready when: Yes, using free VirtualBox VMs you own on a host-only network, or the documented observation-only transcript alternative.
If not yet: Build the topology and configuration plan on paper or in a free diagramming tool, label it observation-only, and return to live VM work when a disposable environment is available. This program uses no Cisco Packet Tracer -- only free, unrestricted tools.
Can you explain why a packet capture must contain only your authorized traffic and why it should not be published unredacted?
Ready when: Yes, and you can stop the capture immediately if another person's identifiers or content appears.
If not yet: Use the written packet-analysis variant and complete the capture privacy checklist before opening Wireshark on any interface.
Can you reserve several short concept blocks plus one longer weekly block for simulation, capture, or troubleshooting practice?
Ready when: Yes, with enough time to preserve evidence and explain results rather than only complete steps.
If not yet: Choose the steady pace, separate setup from execution, and defer exam scheduling until the lab routine is repeatable.
Plan, then adapt
Pace options
Steady
10 weeks 6-8 hours/week
A planning estimate for first-time network learners: give concepts and implementation two weeks each, then preserve separate time for operations, security, troubleshooting, and integration.
Standard
7 weeks 8-12 hours/week
A planning estimate that moves through one major phase per week and protects the final two weeks for troubleshooting, capstone evidence, and remaining objective gaps.
Intensive
4 weeks 14-18 hours/week
For learners with prior IT support, addressing, or simulator experience; slow down whenever subnetting, packet flow, or fault isolation cannot be explained without the lab steps.
Evidence-gated sequence
Program roadmap
1
Scope, safety, and baseline
Pin the current N10-009 scope, choose a learner goal and pace, select an authorized lab environment, and record the starting diagnostic.
Exit evidence
Confirm N10-009 and the five current domains on CompTIA's official page.
Choose a goal path, provisional pace, and simulator or observation-only route.
Complete the network-permission and packet-capture privacy checklist.
2
Models, protocols, and addressing
Build the layer, protocol, port, addressing, subnetting, and traffic-flow vocabulary that later implementation and troubleshooting decisions assume.
Retain a topology, interface/address table, and successful same-gateway and cross-subnet test evidence.
Explain which device makes each forwarding decision and why the default gateway is required.
Demonstrate one simulated break, verification, and rollback without touching a production network.
4
Operate and protect the network
Make services, documentation, monitoring, traffic, and defensive controls visible without intercepting unauthorized communications or weakening a real network.
Record an authorized DHCP/DNS baseline and explain the relationship among address, lease, gateway, and resolver.
Capture or analyze permitted traffic and identify a DNS exchange, TCP handshake, and encrypted payload boundary.
Produce a concise operations and security checklist covering documentation, monitoring, segmentation, access, updates, and evidence privacy.
5
Localize faults by layer
Apply a repeatable symptom, hypothesis, test, result, fix or escalation, verification, and documentation method across connectivity and name-resolution incidents.
Complete the capstone packet and pass its topology, addressing, safety, privacy, rollback, and consistency review.
Crosswalk all five domains to at least one artifact and one corrected or confidently explained check.
Record remaining objective gaps and choose a continue, practice, defer, or logistics-verification next decision.
Before a lab
Environment, access, and safety
Required and optional setup
Required
A personal computer with a terminal and permission to inspect its own network settings
An owned private network or a fully offline simulator for every active configuration and fault exercise
A text, spreadsheet, or diagram workspace for address plans, command evidence, topologies, incidents, and reflections
Optional
VirtualBox (free, no account) with two small Linux VMs you own for the addressing, hardening, and troubleshooting labs; NO Cisco Packet Tracer is used or required
Wireshark from the official project for captures limited to the learner's own authorized interface and traffic
A disposable virtual machine, second owned endpoint, and free diagramming software such as diagrams.net
Accounts and accessibility routes
Accounts
No account is required for subnetting, local service inspection, path diagnostics, VirtualBox, or written alternatives.
This program deliberately uses no Cisco Packet Tracer (its license bars use in third-party courseware); VirtualBox and the built-in commands need no account.
No paid cloud, lab, or training account is required for the core program.
Equivalent routes
Use a labeled topology, configuration transcript, and expected test matrix when installation, motor, device, or permission constraints block simulator execution.
Use written packet fields and filter logic when a live capture is not safe or accessible; label the artifact observation-only rather than hands-on capture evidence.
Split simulator setup, configuration, evidence capture, and reflection across sessions without changing the module exit criteria.
Safety baseline
Use only devices, accounts, interfaces, and networks you own or are explicitly authorized to test; public access does not equal permission to probe or capture.
Keep deliberate faults inside a simulator or disposable environment and preserve a known-good configuration before each change.
Do not scan address ranges, intercept another person's traffic, publish raw captures, run sustained probes, or change a work, school, public, or shared network.
Show your work
Module evidence and missed-check protocol
Module exit evidence
A saved worksheet, topology, command transcript, permitted capture analysis, or incident record tied to the module's official objective map.
A plain-language packet or service explanation that states source, destination, expected path, observed evidence, and verification.
All authored checks attempted, with every miss corrected against its cited source and connected to a lab observation or fresh scenario.
After a missed check
Identify the layer, device, protocol, service, or methodology step the question is actually testing before reviewing the answer.
Write why the chosen distractor was tempting, then point to the command, diagram, packet field, or official objective evidence that distinguishes the answer.
Create and answer a new symptom or design scenario using different addresses, devices, or services before marking the gap reviewed.
Completing this policy demonstrates coverage and practice inside RoleMath; it does not predict a Network+ score, replace CompTIA's current guidance, or authorize work on networks you do not own.
Integrated practice
Fictional branch network design, validation, and incident handoff
Design and validate a small branch network in a simulator or fully documented tabletop environment, establish its service and security baseline, diagnose controlled incidents, and leave a coherent packet another technician could continue.
Workflow
Write a fictional branch brief for twelve staff endpoints, a guest wireless segment, one shared service, internet access, and a remote-support requirement; state assumptions and what is deliberately out of scope.
Draw the logical topology with router/firewall boundary, switching, staff and guest segments, wireless access, service location, management boundary, and external connection. Give every device a fictional name.
Create a VLSM or appropriately sized addressing plan that lists each subnet, prefix, gateway, usable range, broadcast, DHCP range, reserved addresses, and growth margin without overlap.
Create a device, port, and service table covering interfaces, VLAN or segment membership, routing responsibility, DHCP, DNS, time, logging or monitoring, configuration backup, and ownership.
Build the permitted portion in an offline simulator, or author a line-by-line configuration and expected-output transcript when execution is inaccessible. Preserve the known-good file before introducing faults.
Run and record a validation matrix: local gateway, cross-segment policy, approved internet or simulated external path, DNS resolution, DHCP assignment, route/path observation, and expected denial between guest and protected resources.
Write a security and operations baseline covering segmentation, least privilege, management access, secure protocols, updates, backups, monitoring thresholds, alert ownership, documentation, and raw-evidence retention.
Create three controlled fictional incidents: an incorrect client gateway, an unavailable name resolver, and a disabled or misassigned simulated interface. Do not create any failure on a live network.
For each incident, record the symptom, scope, initial evidence, ranked hypotheses, least-destructive tests, result, root cause, fix or escalation, rollback, verification, and documentation update.
Produce a before-and-after monitoring snapshot or expected-baseline table showing reachability, latency or loss, lease or resolver state, interface state, and the condition that should alert.
Write one plain-language stakeholder update and one technical shift handoff; the two messages must agree while using detail appropriate to each audience.
Crosswalk every artifact and incident to the five Network+ domain IDs, flag any uncovered objective area, review the packet for contradictions and identifiers, and record the next practice decision.
Retained artifacts
Fictional branch requirements and assumptions brief
Logical topology plus subnet, device, port, and service tables
Simulator file or labeled configuration-and-output transcript
Connectivity, service, policy, and monitoring validation matrix
Security and operations baseline
Three troubleshooting incident records with rollback and verification
Stakeholder update, technical handoff, five-domain crosswalk, and gap reflection
Review checklist
The topology, subnet plan, interface table, services, validation results, incidents, and handoff describe the same fictional network without address overlap or contradictory device roles.
Every active change and fault stays inside an owned simulator or disposable environment, has a known-good starting point, and records rollback and verification.
No real SSID, public IP, MAC address, hostname, employer, credential, account, packet payload, or third-party traffic remains in the packet.
Each diagnosis begins with scope and evidence, separates addressing, routing, DNS, policy, and remote-service possibilities, and avoids a guessed fix before testing.
All five N10-009 domains map to at least one artifact; uncovered objectives remain explicit gaps rather than implied completion.
The packet does not claim exam success, official CompTIA training, production experience, or permission to test any real network.
Safety boundary: Keep the entire scenario fictional and every configuration or injected fault inside an owned offline simulator or disposable lab. Do not scan, capture, reroute, disrupt, or reconfigure work, school, public, shared, or third-party networks, and never publish unredacted packet data.
Finish honestly
Completion, portfolio, and maintenance
Completion evidence
All five current N10-009 domain modules have been covered and checked against CompTIA's official page.
Every domain lab has a saved artifact, permitted observation record, or clearly labeled accessibility alternative.
Every authored knowledge check has been attempted and each miss has a cited correction plus a fresh network scenario.
The official CompTIA sample set has been used to calibrate scope and wording rather than memorized as an answer bank.
The branch-network capstone passes topology, addressing, service, security, monitoring, troubleshooting, rollback, privacy, and five-domain coverage review.
The learner has recorded remaining objective gaps and an explicit next decision; completion is not represented as an exam result, credential, or work experience.
Portfolio candidates
A redacted branch topology and addressing plan
A connectivity, service, security-policy, and monitoring validation matrix
One complete network incident record with hypothesis and test evidence
An operations/security baseline and change/rollback template
A short reflection explaining one design tradeoff and one corrected troubleshooting assumption
Present the artifacts as self-directed Network+ lab work that demonstrates reasoning and documentation. Do not represent them as production administration, professional experience, official CompTIA labs, or a RoleMath credential.
Freshness controls
Objective source checked 2026-07-11. Recheck objectives every 30 days and resources every 90 days.
Stop and re-verify when
CompTIA changes the active Network+ exam code, V9 scope, domain, published weight, lifecycle, or official prerequisite guidance.
An official or community resource changes ownership, URL, N10-009 coverage, free-access posture, account requirement, or reuse terms.
VirtualBox, Wireshark, ufw, nginx, or a built-in command becomes paid, unavailable, unsafe, or materially different from the documented route.
A lab or capstone step cannot be completed safely in the named environment or no longer produces the stated evidence.
Any module, lab, check, resource mapping, phase, or capstone fails technical, source, beginner-walkthrough, safety, privacy, accessibility, or claims review.
Skills measured
The official objective domains and their exam weight — titles & weights only, straight from the vendor’s exam objectives. CompTIA Network+ objectives
Our default sequencing advice is heaviest-weight-first, because the published weights tell you where the exam spends its questions. Network+ has an honest wrinkle that makes the published domain order the right one to follow instead. Networking concepts (23%) is the vocabulary and addressing foundation everything else is written in — the OSI model, IP addressing, ports and protocols — so it belongs first even before the single heaviest domain. From there the middle three follow the natural life of a network: you build it (Network implementation, 20%), you run it (Network operations, 19%), and you secure it (Network security, 14%). Network troubleshooting is the heaviest domain at 24%, and by pure weight it would come first — but it is a capstone skill. You cannot systematically diagnose a network until you understand how it is addressed, built, operated, and secured, so we suggest saving it for last and giving it the large block of time its weight deserves. That yields the published order 1 through 5. This is sequencing advice based on the weights and how the topics build on each other, not a claim about the science of learning — if a different order fits how you think, use it.
Start here. It is nearly the heaviest domain on the outline and, more importantly, it is the vocabulary and addressing foundation — the OSI model, IP addressing, ports and protocols — that the other four domains assume you already speak.
What this domain actually covers
Plain-language explanation in our own words — paraphrased from, and checked against, the official objectives. CompTIA Network+ objectives
This is the foundation domain, and at 23% it is very nearly the heaviest on the outline. Before Network+ asks you to build, run, secure, or fix a network, it establishes the shared language for describing one at all: how data is modeled as it crosses a wire, how devices are addressed, and the standard services and protocols that make the whole thing function. Almost every scenario elsewhere on the exam is written in the words this domain teaches, so if a later practice question ever reads like a foreign language, the gap is usually right here.
The first big idea is layering. Networking is easier to reason about when you slice it into layers, each responsible for one job and talking only to the layers directly above and below it. The classic teaching model for this is the seven-layer OSI model — from the physical signals on the wire up through addressing, routing, sessions, and the application a person actually uses — alongside the more practical four-part TCP/IP model that real networks are built on. You do not need to worship either model; you need to be able to place a technology, a device, or a problem at the right layer. 'Is this a cabling issue or a routing issue?' is a layering question, and layering is the mental filing cabinet the rest of the exam keeps opening.
The second big idea is addressing, and this is where the domain gets concrete. Every device on an IP network needs an address, and you are expected to be fluent in IPv4 (the familiar four-number dotted format), the reasons IPv6 exists (the world ran out of IPv4 addresses), and the difference between public and private address ranges. The skill that separates people who 'get' networking from people who have only memorized it is subnetting — carving an address block into smaller networks using a prefix length, and being able to say, for any address, which network it belongs to, what its usable host range is, and where its boundaries fall. That is exactly what this domain's lab drills, because subnetting is learned in the hand, not the eye.
The third area is ports and protocols — the agreed-upon rules and numbered doorways that let specific kinds of traffic find each other. Web traffic, secure web traffic, email, remote administration, file transfer, name lookups, and time synchronization each ride a well-known protocol on a well-known port, and the exam expects you to recognize the common ones on sight and know whether they run over the reliable, connection-oriented transport or the fast, connectionless one. A useful way to hold this is by job rather than by number: what is this protocol for, is it encrypted, and what breaks if its port is blocked?
The fourth area is the supporting cast of network services and models that everything depends on. Name resolution turns human-friendly names into addresses; automatic address assignment hands out configuration so you do not have to set every device by hand; time synchronization keeps logs and security comparable across machines. The domain also frames the bigger structural choices — wired versus wireless, on-premises versus cloud, and the common ways networks are shaped and connected. These are introduced here as concepts and then put to work in the implementation and operations domains.
On the job and on the exam, this domain is the difference between memorizing acronyms and reasoning about them. A good way to study is to stop reading and start locating: take any everyday action — loading a web page, sending a message — and narrate which layer, which addresses, and which protocols and services it touches, out loud, until the story is automatic. Pair that with the subnetting lab below, which turns the single most testable concept in the domain into something you have worked by hand. And read the official objectives page for the exact topic list — the wording there is the exam's own, and this explanation deliberately paraphrases rather than reproduces it.
Vetted independent · Free video course (community)
Professor Messer's free N10-009 Network+ training courseThe de-facto free gold standard for Network+: a complete, well-paced video course covering the full N10-009 blueprint, free to stream with no login. Its early sections walk the OSI model, addressing, and ports and protocols this domain tests; keep CompTIA's objectives authoritative and note the downloadable notes and practice exams are the optional paid Success Bundle. (captured 2026-07-11)
Vetted independent · Free practice (community)
ExamCompass free N10-009 Network+ practice testsFree 25-question practice sets by topic for extra reps after Messer and the official samples. Explanations are shallow, so treat CompTIA's objectives and sample questions as authoritative. (captured 2026-07-11)
Capture your own DNS, TCP-handshake, and HTTP-versus-TLS traffic on an adapter you own and read it as an analyst Map each captured protocol to its OSI layer and identify the Layer-2 gateway MAC with arp
Free tools
Your own Windows machine
Your own macOS machine
Your own Linux machine
Steps
Start a Wireshark capture on your own active adapter, browse two or three sites you normally use for about thirty seconds on your own network, then stop the capture.
Apply the 'dns' filter and read a query hostname and its answer in cleartext, then apply 'tcp.flags.syn==1' and read the SYN, SYN-ACK, ACK three-way handshake.
Filter 'http' (visit http://neverssl.com to force a plaintext request) and follow its TCP stream to read it verbatim, then filter 'tls' and confirm the followed stream is unreadable ciphertext while the Client Hello may still reveal the server name.
Run 'arp -a' to read your gateway's MAC (Layer 2 mapped from a Layer 3 address), then in draw.io place DNS, TCP, HTTP, TLS, IP, Ethernet, and ARP on the OSI layer each belongs to.
What you should see
Confirm the notes show a DNS query read in cleartext, a SYN/SYN-ACK/ACK handshake, a readable HTTP stream versus an unreadable TLS stream, and an OSI diagram mapping each protocol to its layer, all from the learner's own traffic.
Practice evidence maps to exam_domain_comptia_network_plus_01
Stay safe & legal: Capture ONLY your own traffic on a network you own (your home network qualifies; work, school, public, and shared networks do NOT). Never scan, probe, intercept, or attack any system or network you do not own, and never capture another person's traffic. This lab explicitly uses NO Cisco Packet Tracer -- only Wireshark, the built-in arp command, and draw.io. Account required: no; payment required: no; maximum designed cost: $0.
Check yourself
2RoleMath-original concept checks for this domain — written by us against cited public sources, never taken from any exam. They confirm understanding; they don’t predict a pass.
Module 2 of 5 · domain 2 · 20% of the exam
Network implementation
Second in the suggested order. Once you have the concepts and addressing from Domain 1, this domain is where you actually build the network — routing, switching, and wireless. It pairs naturally with the simulator lab.
What this domain actually covers
Plain-language explanation in our own words — paraphrased from, and checked against, the official objectives. CompTIA Network+ objectives
This is the build domain. Where the concepts domain taught you how networks are described and addressed, this one is about assembling the moving parts into a working network: the devices that forward traffic, the configuration that gives them purpose, and the wired and wireless plumbing that connects everything. At 20% it is a substantial slice, and it rewards a hands-on mindset — the topics here are the ones that finally click when you have wired something up, even in a simulator, and watched traffic move.
The first pillar is routing: how traffic gets from one network to another. A router's whole job is to look at a destination address, consult its routing table, and forward the packet toward the right next hop. You are expected to understand the difference between routes an administrator types in by hand (static — simple and predictable, but they do not adapt) and routes that devices learn and share automatically (dynamic — resilient and scalable, at the cost of complexity), plus the everyday roles of a default gateway and network address translation, which lets many private devices share public addresses. The mental model to build is a decision at every hop: given this destination, out which interface does this packet go, and why?
The second pillar is switching, which is what moves traffic within a network rather than between networks. Switches forward frames based on hardware (MAC) addresses and learn where devices live as traffic flows. The concepts that matter most are virtual LANs — logically splitting one physical switch into separate networks for security and organization — trunk links that carry many VLANs between switches, and the loop-prevention mechanism that keeps redundant switch connections from melting the network into a broadcast storm. If routing is travel between cities, switching is getting around inside one.
The third pillar is wireless, which has grown from a convenience into a core part of nearly every network. The domain expects familiarity with the common Wi-Fi generations and the trade-offs between frequency bands (longer range versus higher speed), plus the practical realities that make wireless hard: interference, coverage, channel selection, and antenna placement. Wireless security lives partly here and partly in the security domain — knowing that you secure a wireless network with modern encryption and strong authentication rather than by hiding its name is the kind of judgment the exam is checking.
The fourth pillar is the physical layer everything rides on: cabling and the equipment that terminates and connects it. Copper versus fiber and when each is appropriate, the common connector and cable categories, the difference between the wiring closet and the equipment it feeds, and the humble but exam-relevant idea that a surprising share of real network problems are physical — a bad cable, a wrong port, a marginal connector. Respecting the physical layer is part of thinking like a network technician.
The way to study this domain is to build, not just read. The simulator lab below has you place a router, switches, and hosts, address two subnets, and ping across them — which turns 'a router forwards between networks' from a sentence into something you have made happen and then deliberately broken. As you work, keep narrating the layer and the addresses involved, the habit from Domain 1. And as always, the official objectives page is the authoritative topic list; this explanation paraphrases the domain's scope in our own words rather than reproducing CompTIA's.
Vetted independent · Free video course (community)
Professor Messer's free N10-009 Network+ training courseIts routing, switching, wireless, and cabling videos walk the build-a-network topics this domain tests, free to stream. Pair it with the VM addressing lab above and keep CompTIA's objectives authoritative. (captured 2026-07-11)
Vetted independent · Free glossary (RoleMath)
RoleMath glossary: virtualizationA cited definition of the virtualization ideas behind modern switches, virtual networks, and simulated labs.
Configure static IPv4 addresses on two VirtualBox VMs you own and verify Layer-3 reachability with ping Observe a DHCP lease arrive on your own VM and contrast dynamic with static addressing
Free tools
VirtualBox on your own hardware
Two Ubuntu/Debian VMs you own
A Linux terminal inside each VM
Steps
Snapshot both of your own VMs and attach them to the same VirtualBox host-only adapter so all traffic stays on your host, confirming the isolation before configuring addresses.
Set a static /24 address on each VM (VM-A 192.168.100.10, VM-B 192.168.100.20), bring the interface up, and confirm the address and on-link route.
From VM-A, ping VM-B to confirm Layer-3 reachability, then move VM-B to a different subnet, observe the ping fail, and restore it to observe reachability return.
Flush VM-A's static address, enable the host-only DHCP server in the VirtualBox UI, run dhclient, and note that the leased address may differ from the static one, then run teardown before reverting the snapshots.
What you should see
Confirm the captures show two host-only VMs with static /24 addresses, a successful cross-VM ping, a reversible subnet-mismatch failure, and a DHCP lease arriving after the static address was flushed.
Practice evidence maps to exam_domain_comptia_network_plus_02
Stay safe & legal: Every address, ping, and DHCP step runs INSIDE two VirtualBox VMs you own, on a host-only network that keeps all traffic on your own host; never configure, ping-flood, scan, or probe a shared, corporate, school, or third-party network or device. Snapshot the VMs first and revert them afterward. This lab explicitly uses NO Cisco Packet Tracer -- only free VirtualBox VMs and built-in commands. Account required: no; payment required: no; maximum designed cost: $0.
Check yourself
2RoleMath-original concept checks for this domain — written by us against cited public sources, never taken from any exam. They confirm understanding; they don’t predict a pass.
Module 3 of 5 · domain 3 · 19% of the exam
Network operations
Third in the suggested order. With the network built, this domain is about running it well — the services that keep it working (DNS, DHCP), the monitoring that watches it, and the documentation and availability practices that keep it dependable.
What this domain actually covers
Plain-language explanation in our own words — paraphrased from, and checked against, the official objectives. CompTIA Network+ objectives
This is the run-it domain. Once a network exists, someone has to keep it working, documented, watched, and recoverable — and that day-to-day discipline is what this 19% slice is about. It is less about building new things and more about the practices, services, and habits that separate a network that quietly stays up from one that surprises everyone. For career changers this is often the most relatable domain, because a lot of it is organizational judgment applied to technical systems.
The first strand is the core network services that everything else silently depends on. Name resolution turns human-friendly names into IP addresses; automatic address assignment hands out addresses and configuration so devices can join a network without manual setup; time synchronization keeps clocks aligned so that logs, certificates, and security events across many machines can actually be compared. These services are invisible when they work and catastrophic when they fail — an outage that looks like 'the internet is down' is very often just name resolution misbehaving. Understanding what each service does, and what its failure looks like, is central to both operating and troubleshooting.
The second strand is documentation, and the exam takes it more seriously than beginners expect. Network diagrams (physical and logical), address plans, labeling schemes, baselines that record what 'normal' looks like, and written procedures are all operational tools. The reason is practical: you cannot manage, secure, or fix what you have not written down, and real environments are full of undocumented changes that become tomorrow's mystery outage. Treating documentation as a control rather than as paperwork is a mindset the domain is checking for.
The third strand is monitoring and management — turning a network's constant stream of signals into decisions. Devices can report their health and status through management protocols; traffic-flow data shows what is talking to what and how much; logs record events over time. The operational skill is establishing a baseline of normal behavior and then noticing meaningful deviation from it: a link running hotter than usual, an interface flapping, error counters climbing. The domain is not asking you to be a full-time monitoring engineer; it is asking you to know what is worth watching and why.
The fourth strand is keeping the network dependable on purpose: availability and recovery. Redundancy so there is no single point of failure, load distribution so no one component is overwhelmed, and the discipline of backups and recovery planning so that when something does fail, service can be restored. This connects to the two questions that discipline all continuity planning — how much can we afford to lose, and how long can we afford to be down — and to the honest acknowledgment that failure is a certainty to prepare for, not an accident to hope against.
The way to study this domain is to make its invisible services visible, which is exactly what the lab below does: it has you read your own machine's DHCP-assigned configuration and watch name resolution happen with built-in tools, so 'DNS' and 'DHCP' stop being acronyms and become things you have inspected. Alongside that, practice reading a simple network diagram and narrating what each service and link is doing. And read the official objectives page for the exact topic list — this explanation paraphrases the domain's scope in our own words rather than reproducing CompTIA's.
Vetted independent · Free video course (community)
Professor Messer's free N10-009 Network+ training courseIts network-operations videos cover the services (DNS, DHCP, time), monitoring, documentation, and availability practices this domain tests, free to stream. Keep CompTIA's objectives as the authoritative scope check. (captured 2026-07-11)
Record a dated latency, loss, listening-port, and device baseline for a network you own Diagram your own topology and reconcile arp against your router's DHCP table, then re-baseline to detect deviation
Free tools
Your own Windows machine
Your own macOS machine
Your own Linux machine
Steps
On your own network, record a timestamped latency and loss baseline and a path trace to the ISP boundary.
Enumerate listening ports on your own machine and build a device inventory by reconciling arp against your own router's DHCP client table (read-only, no scanning).
In draw.io, diagram your own topology (ISP, router, switch/AP, devices), labelling each subnet and the gateway address.
At a different time or day, re-run the latency, loss, port, and device steps and record the deltas, noting anything worth investigating.
What you should see
Confirm the log shows a dated latency/loss baseline, a listening-port list, a device inventory reconciling arp with the router's DHCP table, a topology diagram, and a second dated sample compared to the first, all from the learner's own network.
Practice evidence maps to exam_domain_comptia_network_plus_03
Stay safe & legal: Baseline ONLY a network you own (your home network qualifies; work, school, public, and shared networks do NOT). Every step is read-only observation of your own devices and your own router page -- do NOT scan address ranges, run sustained probes, or baseline a network you do not own. This lab explicitly uses NO Cisco Packet Tracer -- only built-in commands, your own router page, and draw.io. Account required: no; payment required: no; maximum designed cost: $0.
Check yourself
2RoleMath-original concept checks for this domain — written by us against cited public sources, never taken from any exam. They confirm understanding; they don’t predict a pass.
Module 4 of 5 · domain 4 · 14% of the exam
Network security
Fourth in the suggested order, and the lightest domain at 14% — but do not treat it as optional. It applies the earlier domains' building blocks to defense, and it is the natural on-ramp to a security path like Security+ afterward.
What this domain actually covers
Plain-language explanation in our own words — paraphrased from, and checked against, the official objectives. CompTIA Network+ objectives
This is the defense domain, and at 14% it is the lightest of the five — but lightest by weight does not mean least important, and it is the natural bridge from Network+ toward a security-focused path afterward. Where the earlier domains taught you to describe, build, and run a network, this one asks how you keep it from being abused: the concepts security rests on, the ways networks get attacked, and the standard structural and access controls defenders put in place. Much of it is Domains 1 through 3 applied with an adversary in mind.
The starting point is a small set of security concepts that the rest of the domain leans on. The classic statement of what security protects is confidentiality (only the right people can read it), integrity (nobody has silently changed it), and availability (it works when you need it) — and a striking number of scenarios are really asking which of those three is at stake. Around that sit the ideas of authentication (proving who you are), authorization (what you are allowed to do), and everyday principles like least privilege and defense in depth. These are introduced more deeply in a dedicated security certification, but Network+ expects you to reason with them at the network level.
Next comes the threat landscape as it touches networks. The domain expects you to recognize common attacks from a description of their behavior: traffic interception and on-path attacks that sit between two parties, denial-of-service attacks that overwhelm a service, address and name spoofing, rogue devices that impersonate legitimate infrastructure, and the human-facing social-engineering tricks that bypass technology entirely by fooling a person. You are not being asked to launch any of these; you are being asked to name what is happening when a scenario describes it, and to know which defense addresses it.
The heart of the domain is the structural defenses — the ways you shape a network so that a compromise is contained and access is controlled. Segmentation divides a network into zones so that a foothold in one place cannot freely reach everything else; dedicated zones isolate anything that must face the internet; access control lists and firewalls decide what traffic is allowed between zones. This is where the switching and routing you learned in the implementation domain become security tools: a VLAN is an organizational feature and a containment boundary at the same time.
The domain also covers securing access and the wireless edge specifically. Remote access done safely — encrypted tunnels that let people reach the network without exposing it — and hardening the everyday points of entry: changing default credentials, disabling unused services and ports, and requiring strong, ideally multi-factor authentication. Wireless gets particular attention because it is the most exposed surface most networks have: securing it means modern encryption and real authentication, not obscurity. And physical security earns a mention, because a network cable or switch someone can walk up to is a control that has already failed.
A good way to study this domain is to inspect real traffic and see for yourself why these controls exist — which is exactly what the Wireshark lab below does. Capturing your own traffic and watching a name lookup travel in cleartext while an encrypted session is unreadable makes the case for encryption and segmentation more convincingly than any list of terms. As you study, keep asking the defender's questions: which security goal does this protect, what attack does this stop, and what can a compromised segment still reach? And read the official objectives page for the exact topic list — this explanation paraphrases the domain's scope in our own words rather than reproducing CompTIA's.
Vetted independent · Free video course (community)
Professor Messer's free N10-009 Network+ training courseIts network-security videos cover the security concepts, common attacks, segmentation, and hardening this domain tests, free to stream. Keep CompTIA's objectives authoritative and pair it with the firewall/exposure lab above. (captured 2026-07-11)
Enforce a default-deny ufw firewall on a VM you own and observe a new service become an unintended exposure Capture plaintext HTTP versus TLS on your own host-only link and reason about what encryption still leaks
Free tools
VirtualBox on your own hardware
An Ubuntu/Debian VM you own
A Linux terminal inside that VM plus Wireshark on your host
Steps
Restore or snapshot your own host-only VM, then enforce a default-deny inbound firewall with ufw, allowing only SSH, and read the status.
Install nginx to create a listening :80 service, confirm it with ss, then capture the host-only interface in Wireshark and follow a plaintext curl http request to read it verbatim.
Deny port 80 with ufw, reload, and re-run curl to observe the connection refused or reset by the firewall.
Remove nginx to shrink the attack surface, confirm :80 is gone with ss, then contrast the earlier plaintext HTTP stream with a TLS session and note what TLS still leaks (destination IP, SNI), before teardown and snapshot revert.
What you should see
Confirm the captures show a default-deny ufw firewall, a :80 exposure that appeared with nginx and was removed, a plaintext HTTP request read on the learner's own host-only link, a firewall deny that blocked it, and a documented HTTP-versus-TLS contrast.
Practice evidence maps to exam_domain_comptia_network_plus_04
Stay safe & legal: Every firewall rule, service change, and capture runs INSIDE a VirtualBox VM you own and on the host-only interface of your own host; capture ONLY your own traffic and never apply these changes to, scan, probe, or attack a shared, corporate, school, or third-party system or network. Snapshot the VM first and revert it afterward. This lab explicitly uses NO Cisco Packet Tracer -- only free VirtualBox, ufw, nginx, curl, and Wireshark on your own host-only link. Account required: no; payment required: no; maximum designed cost: $0.
Check yourself
3RoleMath-original concept checks for this domain — written by us against cited public sources, never taken from any exam. They confirm understanding; they don’t predict a pass.
Module 5 of 5 · domain 5 · 24% of the exam
Network troubleshooting
Last in the suggested order even though it is the heaviest domain at 24%. It is a capstone: you cannot systematically diagnose a network until you understand how it is addressed, built, operated, and secured. Save your largest block of study time for it.
What this domain actually covers
Plain-language explanation in our own words — paraphrased from, and checked against, the official objectives. CompTIA Network+ objectives
This is the heaviest domain on the outline at 24%, and it is a capstone: it takes everything from the first four domains and asks you to use it under pressure, when something is broken and someone wants it fixed. That is exactly why we suggest studying it last — you cannot systematically diagnose a network until you understand how it is addressed, built, operated, and secured. It is also the most job-shaped domain on the exam, because diagnosing and fixing problems is what a large share of real network and support work actually is.
The backbone of the domain is a methodology — a repeatable, disciplined sequence for approaching any problem instead of guessing. The steps are worth internalizing as a habit: identify the problem (gather symptoms, ask what changed), establish a theory of probable cause, test that theory, build a plan of action, carry it out, verify that the system really works and put preventive measures in place, and document what you found and did. The whole point is to replace flailing with a loop that narrows the possibilities one tested theory at a time. The exam probes this order directly, and so does every good technician's instinct.
A powerful lens for that methodology is the layered thinking from Domain 1. Many experienced troubleshooters work the layers deliberately — is this a physical problem (cable, port, power), an addressing problem (wrong IP, mask, or gateway), a routing problem (the path between networks), a name-resolution problem (addresses work but names do not), or an application problem? Isolating which layer a fault lives at collapses a huge search space into a small one. 'It works by IP but not by name' instantly points at DNS; 'the gateway is unreachable' points much lower. Learning to ask which-layer questions is most of the skill.
The domain then expects fluency with the diagnostic toolkit, most of which is already on every computer. Connectivity testers that send probes and measure replies, path-tracing tools that reveal every hop between you and a destination, name-resolution query tools, interface and configuration readouts, and — for the physical layer — cable testers and the discipline of checking lights and links. Crucially, the exam is less interested in whether you can type a command than in whether you can interpret its output: what does steady loss at one hop mean, what does a full stop after a certain hop suggest, what does a fast IP ping alongside a failing name lookup tell you?
The domain also catalogs the common problems themselves, so you recognize them quickly. Wired issues (bad cables, wrong or duplex-mismatched ports, exhausted address pools), wireless issues (weak signal, interference, channel overlap, the wrong security settings), and service issues (a DHCP scope that has run dry, a misconfigured or unreachable DNS server, a gateway that is down). Pattern recognition matters here: the faster you can match a set of symptoms to a familiar cause, the faster you get to a tested theory rather than a guess.
The best way to study this domain is to practice the loop on live diagnostics, which is what the lab below does: it walks the methodology across your own connection with built-in tools, deliberately separating a name-resolution problem from a routing problem so you feel how isolation works. Combine that with narrating your reasoning out loud — symptom, theory, test, result, next step — until the sequence is automatic under pressure. And read the official objectives page for the exact topic list and the exam's own statement of the methodology; this explanation paraphrases the domain's scope in our own words rather than reproducing CompTIA's.
Vetted independent · Free video course (community)
Professor Messer's free N10-009 Network+ training courseIts troubleshooting videos walk the CompTIA methodology and the diagnostic tools (ping, traceroute, name resolution) this heaviest domain tests, free to stream. Keep CompTIA's objectives authoritative and pair it with the own-VM methodology lab above. (captured 2026-07-11)
Vetted independent · Free practice (community)
ExamCompass free N10-009 Network+ practice testsFree 25-question practice sets for extra reps on the exam's heaviest domain. Explanations are shallow, so treat CompTIA's objectives and sample questions as authoritative. (captured 2026-07-11)
Apply CompTIA's troubleshooting methodology to a deliberate misconfiguration on a VM you own Isolate a DNS fault from a routing fault and document an incident log end to end
Free tools
VirtualBox on your own hardware
A Linux VM you own
A Linux terminal inside that VM
Steps
Snapshot your own VM, then deliberately misconfigure it onto the wrong subnet and identify the symptom methodology-style before theorising a cause.
Read the address with ip addr, confirm it is on the wrong subnet, restore the correct address, and verify the gateway is reachable again.
Put a bogus nameserver in /etc/resolv.conf, then isolate DNS from routing: ping by IP (works), ping by name (fails), and confirm with nslookup that resolution is the fault.
Restore a working resolver, verify name resolution, and write the incident log (symptom, isolated layer, tests, root cause, fix, verification, what you could not conclude), then revert the snapshot.
What you should see
Confirm the worksheet shows an addressing fault diagnosed and fixed, a DNS fault isolated from routing via IP-works/name-fails, verification of the fix, and an incident log that separates observation from cause, all on the learner's own VM.
Practice evidence maps to exam_domain_comptia_network_plus_05
Stay safe & legal: Every deliberate fault is created ONLY inside a VirtualBox VM you own; never misconfigure, break, scan, or probe a machine, network, or service you do not own. Snapshot the VM first and revert it afterward, and keep diagnostic pings/traces to your own devices and ordinary public services. This lab explicitly uses NO Cisco Packet Tracer -- only a free VirtualBox VM and built-in commands. Account required: no; payment required: no; maximum designed cost: $0.
Check yourself
3RoleMath-original concept checks for this domain — written by us against cited public sources, never taken from any exam. They confirm understanding; they don’t predict a pass.
Skills you’ll build
Studying CompTIA Network+builds transferable skills that carry across employers and platforms, not just toward this one exam. Each has a free, source-cited RoleMath primer — what it is, a step-by-step free learning path, clearly labeled free resources, and a safe hands-on exercise:
Work through the modules above, then get a personalized read on where you stand: the readiness check maps your background against these same published domains and suggests what to study first — no score, no pass prediction.
Exam voucher (standalone): Approximately $369 USD, region-priced. CompTIA does not print a fixed voucher price on the certification page, so treat this as an approximate figure and confirm the current price at the CompTIA store before purchasing. Official CompTIA Network+ page
Certification validity: 3 years, renewed through CompTIA's continuing-education (CE) program (30 CEUs per 3-year cycle), by uploading CEUs / completing CertMaster CE, or by passing a qualifying higher CompTIA exam. The CE program fee (about $150 for a 3-year cycle) is paid at renewal, not annually. CompTIA CE renewal fees page
Version currency (N10-009 vs N10-008): N10-009 is the current version (launched 2024-06-20). The prior version, N10-008, retired in December 2024, and no successor has been announced yet (a next version is only estimated around 2027). N10-009 added coverage such as SD-WAN, infrastructure as code, VXLAN, SASE/SSE, and zero trust versus N10-008. Re-verify the active version and objectives on the official page before your exam. Official CompTIA Network+ page
A free, source-cited study companion built on CompTIA's published exam objectives — not official training, not a pass guarantee. Verify the current objectives on the official page before your exam.
Certification and vendor names are used only to identify the program this independent study companion refers to. RoleMath is not affiliated with, endorsed by, or sponsored by CompTIA.