CompTIA Network+ N10-008 Study Guide

Course: Advanced Networking, Virtualization, and Security Source basis: Coursera course videos and readings reviewed on 2026-06-19 Purpose: Exam-focused study notes for IPv6, WANs, wireless, cloud, data centers, operations, security, monitoring, and troubleshooting.

Course Map

• Module 1: IPv6
• Module 2: WAN Connectivity
• Module 3: Wireless Networking
• Module 4: Virtualization and Cloud Computing
• Module 5: Data Centers
• Module 6: Integrating Networked Devices
• Module 7: Network Operations
• Module 8: Protecting Networks
• Module 9: Network Monitoring
• Module 10: Network Troubleshooting

High-Yield Memory Anchors

• IPv6 is 128-bit and written in hexadecimal groups separated by colons.
• IPv6 uses Neighbor Discovery Protocol instead of ARP.
• IPv6 link-local addresses begin with FE80::/10.
• WAN technologies include DSL, cable, fiber, satellite, cellular, MPLS, and VPNs.
• 802.11 wireless uses 2.4 GHz, 5 GHz, and 6 GHz bands depending on standard.
• WPA3 is preferred; WEP is obsolete; WPA/WPA2 have legacy/security considerations.
• PoE powers access points, phones, cameras, and other network devices.
• Virtualization abstracts compute, network, storage, or application resources.
• IaaS, PaaS, and SaaS divide cloud responsibility differently.
• NAS is file-level storage; SAN is block-level storage.
• Change management prevents avoidable outages.
• Defense in depth layers controls.
• Firewalls enforce traffic policy; DMZs isolate public-facing services.
• SNMP monitors devices; SIEM correlates security events and logs.

Module 1: IPv6

Why IPv6 Exists

IPv6 addresses IPv4 exhaustion and simplifies large-scale addressing. It provides a massive 128-bit address space and supports features such as stateless address autoconfiguration.

Key advantages:

• Huge address space.
• No broadcast.
• More efficient hierarchical addressing.
• Built-in support for extension headers.
• Easier end-to-end addressing, though firewalls remain essential.

IPv6 Addressing

IPv6 addresses are 128 bits, written as eight groups of four hexadecimal digits.

Example:

• 2001:0db8:0000:0000:0000:ff00:0042:8329

Compression rules:

• Leading zeros in a group can be removed.
• One consecutive run of all-zero groups can be replaced with ::.
• :: can be used only once in an address.

Example:

• 2001:0db8:0000:0000:0000:ff00:0042:8329
• 2001:db8::ff00:42:8329

Important IPv6 address types:

• Global unicast: Publicly routable IPv6.
• Link-local: FE80::/10, used on local link.
• Unique local: FC00::/7, often FD00::/8 in practice.
• Multicast: FF00::/8.
• Loopback: ::1.
• Unspecified: ::.

IPv6 does not use broadcast. Multicast and anycast fill many use cases.

IPv6 In Action

IPv6 hosts commonly use:

• SLAAC: Stateless Address Autoconfiguration.
• DHCPv6: Managed or additional configuration.
• Router Advertisements: Routers announce prefix/default gateway information.
• NDP: Neighbor Discovery Protocol, replacing ARP-like functionality.

NDP uses ICMPv6 messages for neighbor solicitation, neighbor advertisement, router solicitation, and router advertisement.

IPv4 And IPv6 Tunneling

Tunneling helps connect IPv6 across IPv4 or vice versa during transition.

Concepts:

• Dual stack: Run IPv4 and IPv6 at the same time.
• Tunneling: Encapsulate one protocol inside another.
• Translation: Translate between IPv4 and IPv6.

Exam point:

• Dual stack is straightforward but requires running both protocol stacks.
• Tunneling helps cross incompatible networks.
• Translation helps IPv4-only and IPv6-only systems communicate.

Module 2: WAN Connectivity

IP Tunneling

Tunneling encapsulates one packet inside another. It is used for VPNs, IPv6 transition, private traffic over public networks, and provider networks.

Common tunneling use cases:

• Site-to-site VPN.
• Remote access VPN.
• IPv6 over IPv4.
• GRE-style encapsulation.

WAN Technologies

WANs connect networks across distance. Options vary by availability, bandwidth, latency, cost, and reliability.

Technologies:

• Leased lines: Dedicated circuits.
• MPLS: Provider-managed label-switched WAN.
• Metro Ethernet: Ethernet service across a metro area.
• Broadband cable: Shared provider network, high downstream speeds.
• DSL: Uses telephone infrastructure.
• Fiber broadband: High bandwidth and low latency.
• Satellite: Wide coverage but high latency.
• Cellular: Mobile/failover connectivity.

DSL, Cable, Satellite, Cellular

DSL:

• Uses phone lines.
• Distance from provider equipment affects performance.
• Asymmetric speeds are common.

Cable:

• Uses coaxial/cable provider network.
• Shared neighborhood bandwidth.
• DOCSIS standards define cable modem service.

Satellite:

• Good for remote areas.
• High latency, weather sensitivity, and line-of-sight concerns.

Cellular:

• 4G LTE and 5G options.
• Useful for mobility and WAN failover.
• Signal quality and data caps matter.

Remote Desktop And VPNs

Remote desktop provides graphical access to systems. Secure it carefully.

VPNs provide encrypted tunnels over untrusted networks.

Types:

• Remote access VPN: User to network.
• Site-to-site VPN: Network to network.
• Clientless VPN: Browser-based access for selected apps.

VPN protocols/concepts:

• IPsec.
• SSL/TLS VPN.
• Split tunnel vs full tunnel.
• Authentication and MFA.

WAN Troubleshooting

Check:

• Local LAN connectivity.
• WAN interface status.
• ISP/modem status.
• IP addressing and gateway.
• DNS.
• VPN tunnel status.
• Latency, packet loss, jitter.
• Provider outage.

Module 3: Wireless Networking

802.11 Basics

Wi-Fi is based on IEEE 802.11 standards.

Common terms:

• AP: Access point.
• SSID: Wireless network name.
• BSSID: AP radio MAC for a specific SSID.
• Channel: Frequency slice used by wireless.
• Roaming: Client moves between APs.
• Infrastructure mode: Clients connect through APs.

802.11 Standards

Know common generations:

• 802.11a: 5 GHz, older.
• 802.11b: 2.4 GHz, older.
• 802.11g: 2.4 GHz.
• 802.11n/Wi-Fi 4: 2.4/5 GHz, MIMO.
• 802.11ac/Wi-Fi 5: 5 GHz, higher throughput.
• 802.11ax/Wi-Fi 6/6E: 2.4/5 GHz and 6 GHz for 6E, OFDMA and efficiency improvements.

2.4 GHz:

• Longer range.
• More interference.
• Fewer non-overlapping channels.

5 GHz:

• More channels.
• Higher performance.
• Shorter range than 2.4 GHz.

6 GHz:

• More clean spectrum.
• Requires Wi-Fi 6E capable devices.

PoE

Power over Ethernet supplies power and data over Ethernet cabling.

Standards:

• 802.3af: PoE.
• 802.3at: PoE+.
• 802.3bt: Higher-power PoE.

Use cases:

• Wireless APs.
• VoIP phones.
• Cameras.
• Door controllers.

Antennas

Common antenna types:

• Omnidirectional: Radiates broadly around antenna.
• Directional: Focuses signal in a direction.
• Patch/panel: Directional coverage.
• Yagi: Directional, longer reach.

Deployment concerns:

• Coverage.
• Interference.
• Channel overlap.
• Signal strength.
• Client density.
• Building materials.

Wireless Security

Security standards:

• WEP: Broken, do not use.
• WPA: Legacy.
• WPA2: Common, uses AES/CCMP in secure deployments.
• WPA3: Preferred modern option.

Authentication:

• Personal/PSK: Shared passphrase.
• Enterprise: 802.1X/RADIUS authentication.

Threats:

• Evil twin AP.
• Rogue AP.
• Deauthentication attacks.
• Weak passphrases.
• WPS attacks.
• Interference/jamming.

Hardening:

• Use WPA3 or WPA2-Enterprise where possible.
• Disable WPS.
• Use strong passphrases.
• Segment guest Wi-Fi.
• Use proper AP placement and channel planning.
• Monitor for rogue APs.

Module 4: Virtualization And Cloud Computing

Virtualization Basics

Virtualization abstracts physical resources.

Types:

• Server virtualization.
• Desktop virtualization.
• Network virtualization.
• Storage virtualization.
• Application/container virtualization.

Hypervisors:

• Type 1: Bare-metal hypervisor.
• Type 2: Runs on a host OS.

VM concepts:

• vCPU.
• vRAM.
• Virtual disk.
• Virtual NIC.
• Snapshot.
• Template.

Cloud Basics

Cloud characteristics:

• On-demand self-service.
• Broad network access.
• Resource pooling.
• Rapid elasticity.
• Measured service.

Service models:

• IaaS: Provider offers compute/storage/network building blocks.
• PaaS: Provider offers runtime/platform for applications.
• SaaS: Provider offers complete application.

Deployment models:

• Public cloud.
• Private cloud.
• Hybrid cloud.
• Community cloud.

Infrastructure as Code

IaC manages infrastructure through versioned configuration.

Benefits:

• Repeatability.
• Automation.
• Reviewable changes.
• Faster deployment.
• Less manual drift.

Examples:

• Terraform-like declarative infrastructure.
• Configuration management.
• Cloud templates.

Enterprise Virtualization

Enterprise virtualization adds:

• Clustering.
• Live migration.
• Shared storage.
• High availability.
• Resource scheduling.
• Virtual networking.
• Backup and replication.

Networking concerns:

• vSwitches.
• VLANs/trunks to hosts.
• Virtual NICs.
• Management networks.
• Storage networks.
• VM segmentation.

Module 5: Data Centers

Classic Data Center Architecture

Traditional data centers often use hierarchical designs:

• Access layer.
• Distribution/aggregation layer.
• Core layer.

Goals:

• Redundancy.
• Scalability.
• Manageability.
• Controlled traffic flow.

NAS And SAN

NAS:

• File-level storage.
• Uses protocols such as SMB/CIFS or NFS.
• Appears as shared folders/files.

SAN:

• Block-level storage.
• Uses Fibre Channel, iSCSI, or similar technologies.
• Appears like disks/volumes to servers.

Exam contrast:

• NAS = file.
• SAN = block.

Modern Data Centers

Modern designs may include:

• Spine-leaf architecture.
• Software-defined networking.
• Virtualization.
• Automation.
• Cloud/hybrid integration.
• East-west traffic optimization.

High Availability

HA reduces downtime.

Techniques:

• Redundant power.
• Redundant links.
• Clustering.
• Load balancing.
• Failover.
• Backups and replication.
• Geographic redundancy.

Terms:

• MTBF: Mean time between failures.
• MTTR: Mean time to repair/recover.
• RTO: Recovery time objective.
• RPO: Recovery point objective.

Documentation

Document:

• Network diagrams.
• IP address management.
• Rack elevations.
• Cable maps.
• VLANs.
• Firewall rules.
• Change records.
• Asset inventory.
• Contact/escalation lists.

Module 6: Integrating Networked Devices

Network Types

Know the scale/scope terms:

• PAN: Personal area network.
• LAN: Local area network.
• WLAN: Wireless LAN.
• CAN: Campus area network.
• MAN: Metropolitan area network.
• WAN: Wide area network.
• SAN: Storage area network.

IoT

IoT devices include sensors, cameras, appliances, controllers, and smart devices.

Risks:

• Weak default credentials.
• Poor patching.
• Insecure protocols.
• Limited management.
• Privacy concerns.

Controls:

• Segmentation.
• Strong authentication.
• Firmware updates.
• Disable unnecessary services.
• Monitor traffic.

VoIP

Voice over IP carries voice over packet networks.

Requirements:

• Low latency.
• Low jitter.
• Low packet loss.
• QoS.
• PoE for phones.
• VLANs for voice segmentation.

Common protocols/concepts:

• SIP for signaling.
• RTP for media.

ICS And SCADA

Industrial control systems manage physical processes. SCADA supervises and controls industrial environments.

Risks:

• Safety impact.
• Legacy systems.
• Availability requirements.
• Limited patch windows.
• Segmentation needs.

Controls:

• Strong segmentation.
• Monitoring.
• Strict change control.
• Vendor access control.
• Incident response planning.

Module 7: Network Operations

What Network Operations Includes

Network operations keeps networks reliable, secure, documented, and recoverable.

Work includes:

• Monitoring.
• Maintenance.
• Patching.
• Change control.
• Incident response.
• Backup.
• Documentation.
• Capacity planning.

Hardening And Security Policies

Hardening reduces attack surface.

Examples:

• Disable unused services.
• Change default passwords.
• Restrict management access.
• Use secure protocols.
• Apply patches.
• Disable unused switch ports.
• Use least privilege.

Policies provide standard expectations for acceptable use, passwords, remote access, data handling, and incident response.

Change Management

Change management prevents unnecessary outages.

Common elements:

• Request.
• Risk assessment.
• Approval.
• Implementation plan.
• Backout plan.
• Maintenance window.
• Testing.
• Documentation.

Patching And Updating

Patch process:

• Inventory assets.
• Monitor advisories.
• Test patches.
• Schedule deployment.
• Back up first.
• Verify after deployment.
• Document results.

Risk Management

Risk combines likelihood and impact.

Responses:

• Avoid.
• Mitigate.
• Transfer.
• Accept.

Points Of Failure

Single points of failure reduce availability.

Mitigations:

• Redundant power.
• Multiple links.
• Clustering.
• HA pairs.
• Backups.
• Failover circuits.

Incident Response And Forensics

Incident response phases:

• Preparation.
• Identification.
• Containment.
• Eradication.
• Recovery.
• Lessons learned.

Forensics focuses on preserving evidence and chain of custody.

Disaster Recovery And Business Continuity

DR restores systems after disruption. BC keeps the business functioning.

Know:

• Backup types: full, incremental, differential.
• RTO: How quickly service must be restored.
• RPO: How much data loss is acceptable.
• Hot site, warm site, cold site.

Module 8: Protecting Networks

Security Concepts And Defense In Depth

Defense in depth uses multiple controls so one failure does not expose everything.

Layers:

• Physical security.
• Network segmentation.
• Firewalls.
• IDS/IPS.
• Endpoint protection.
• Identity controls.
• Monitoring.
• Policies and training.

Common Attacks

Rogue DHCP:

• Unauthorized DHCP server gives bad network settings.
• Mitigate with DHCP snooping.

DoS/DDoS:

• Overwhelms service resources.
• Mitigate with filtering, rate limiting, upstream protection, scaling.

On-path attack:

• Attacker intercepts traffic.
• Mitigate encryption, certificates, secure switching features.

Spoofing:

• Impersonation of IP, MAC, DNS, or identity.
• Mitigate validation, inspection, authentication.

Password attacks:

• Brute force, dictionary, credential stuffing, spraying.
• Mitigate MFA, lockout, strong passwords, monitoring.

VLAN hopping:

• Attempts to access traffic from another VLAN.
• Mitigate by disabling dynamic trunking, setting unused native VLAN, restricting trunks.

Malware:

• Viruses, worms, ransomware, trojans, spyware.
• Mitigate patching, EDR/AV, least privilege, backups, training.

Social engineering:

• Manipulates people.
• Mitigate training, verification processes, least privilege.

Physical Security

Controls:

• Locks.
• Badges.
• Cameras.
• Guards.
• Mantraps.
• Rack locks.
• Environmental monitoring.

Network Hardening

Hardening examples:

• Disable unused ports.
• Use SSH/HTTPS/SNMPv3 instead of insecure protocols.
• Apply firmware updates.
• Change defaults.
• Restrict management networks.
• Use ACLs.
• Use secure Wi-Fi.
• Segment guest/IoT networks.

DMZ

A DMZ isolates public-facing systems from internal trusted networks.

Use cases:

• Public web server.
• Reverse proxy.
• Mail gateway.
• VPN concentrator.

Goal:

• If public service is compromised, attacker still has limited access to internal network.

Firewalls

Firewall types/concepts:

• Packet filtering.
• Stateful inspection.
• Next-generation firewall.
• Host-based firewall.
• Network firewall.
• ACLs.

Rules usually consider:

• Source.
• Destination.
• Port/protocol.
• Direction.
• Action.

Module 9: Network Monitoring

Monitoring Goals

Monitoring helps detect outages, performance problems, capacity issues, and security events.

Monitor:

• Availability.
• Latency.
• Packet loss.
• Interface utilization.
• Errors/discards.
• CPU/memory.
• Logs.
• Environmental metrics.

SNMP

SNMP monitors and manages network devices.

Components:

• Manager.
• Agent.
• MIB.
• OID.
• Trap/inform.

Versions:

• SNMPv1/v2c use community strings and are less secure.
• SNMPv3 supports authentication and encryption.

Logs

Logs support troubleshooting, auditing, and incident response.

Centralize logs where possible.

Important:

• Accurate timestamps.
• Time synchronization with NTP.
• Retention policy.
• Access control.
• Search/correlation.

System Monitoring

Common monitored items:

• CPU.
• Memory.
• Disk.
• Network utilization.
• Service status.
• Temperature.
• Power.

SIEM

SIEM collects, normalizes, correlates, and alerts on security events.

Use cases:

• Detect suspicious authentication.
• Correlate firewall, endpoint, and server events.
• Support incident response.
• Compliance reporting.

Module 10: Network Troubleshooting

Troubleshooting Method

Use a repeatable process:

1. Identify the problem.
2. Establish a theory.
3. Test the theory.
4. Establish a plan.
5. Implement the solution or escalate.
6. Verify full functionality.
7. Document findings, actions, and outcomes.

Layered Troubleshooting

Start with physical and move upward when appropriate:

• Layer 1: Cable, power, link lights, signal, wireless coverage.
• Layer 2: VLANs, MAC tables, switch ports, trunks.
• Layer 3: IP address, mask, gateway, routes.
• Layer 4: Ports, firewall, TCP/UDP behavior.
• Layers 5-7: DNS, TLS, application service, credentials.

Quick Symptom Mapping

• No link: Cable, port, power, transceiver.
• APIPA: DHCP failure.
• IP works but name fails: DNS.
• One VLAN fails across trunk: VLAN allowed/native/trunk issue.
• Wireless weak signal: Distance, interference, antenna/AP placement.
• VPN fails: Credentials, MFA, tunnel protocol, firewall/NAT, routes.
• Certificate warning: Expired, wrong name, untrusted CA, wrong time.
• High latency/jitter: WAN congestion, wireless interference, provider issue, QoS.

Final Exam Checklist

• I can compress and expand IPv6 addresses.
• I know IPv6 link-local, loopback, multicast, and unique local ranges.
• I can explain SLAAC, DHCPv6, NDP, and router advertisements.
• I can compare dual stack, tunneling, and translation.
• I can compare DSL, cable, satellite, cellular, MPLS, and VPNs.
• I can match wireless standards, bands, security modes, and antenna types.
• I can explain PoE standards and use cases.
• I can compare IaaS, PaaS, SaaS, public, private, and hybrid cloud.
• I can compare NAS and SAN.
• I can explain HA, RTO, RPO, MTBF, and MTTR.
• I can secure IoT, VoIP, and ICS/SCADA networks.
• I can describe change management, patching, IR, DR, and BC.
• I can identify common network attacks and mitigations.
• I can explain DMZ and firewall placement.
• I can use SNMP, logs, and SIEM concepts.
• I can apply the Network+ troubleshooting methodology.