← Home
CompTIA Network+ Cram Sheet
OSI Model & Key Protocols
- Layer 1=Physical, 2=Data Link, 3=Network, 4=Transport, 5=Session, 6=Presentation, 7=Application
- Mnemonic (bottom-up): Please Do Not Throw Sausage Pizza Away
- Layer 2 devices: switch (MAC), bridge | Layer 3: router (IP) | Layer 4: TCP/UDP ports
- TCP: reliable, ordered, 3-way handshake (SYN > SYN-ACK > ACK), connection-oriented
- UDP: unreliable, no handshake, fast — used for DNS, DHCP, VoIP, streaming
- PDU names: bits (L1), frames (L2), packets (L3), segments (L4), data (L5-7)
Critical Port Numbers
- FTP=20/21 | SSH/SFTP=22 | Telnet=23 | SMTP=25 | DNS=53 | DHCP=67/68
- HTTP=80 | POP3=110 | IMAP=143 | SNMP=161/162 | LDAP=389 | HTTPS=443
- SMB=445 | LDAPS=636 | RDP=3389 | RADIUS=1812/1813 | TACACS+=49 | Kerberos=88
- TFTP=69 (UDP) | NTP=123 (UDP) | NNTP=119 | BGP=179 | ISAKMP/IKE=500
- Rule: TCP unless noted — DNS/DHCP/SNMP/NTP/TFTP use UDP
IP Addressing & Subnetting
- Class A: 1-126, /8, 16M hosts | Class B: 128-191, /16, 65K hosts | Class C: 192-223, /24, 254 hosts
- Private: 10.0.0.0/8 | 172.16.0.0/12 | 192.168.0.0/16
- APIPA: 169.254.x.x — DHCP failure fallback; not routable
- Loopback: 127.0.0.1 (IPv4) | ::1 (IPv6)
- Subnet masks: /24=255.255.255.0 (254 hosts) | /25=128 (126) | /26=192 (62) | /27=224 (30) | /28=240 (14)
- Hosts per subnet = 2^(host bits) - 2 | Subnets = 2^(borrowed bits)
- IPv6: 128-bit hex | :: = consecutive zeros | /64 standard subnet | /128 = single host
- IPv6 types: fe80::/10 link-local | fc00::/7 unique local | ff00::/8 multicast | 2000::/3 global unicast
- NAT: private → public IP | PAT/overloaded NAT: many-to-one using ports
Switching & VLANs
- Switch learns MACs from source frames; forwards based on MAC address table
- Unknown unicast = flooded to all ports; known unicast = forwarded to specific port
- VLAN: logical segmentation; same switch, different broadcast domains
- Access port: one VLAN, untagged | Trunk port: multiple VLANs, 802.1Q tagged
- Inter-VLAN routing: requires Layer 3 switch or router-on-a-stick
- STP (802.1D): prevents L2 loops; elects root bridge, blocks redundant paths
- RSTP (802.1w): rapid STP; faster convergence than original STP
- LACP (802.3ad): link aggregation; bonds multiple interfaces for redundancy/speed
Routing Protocols
- Static route: manually configured; reliable but doesn't adapt to failures
- Dynamic routing: protocols exchange route information automatically
- RIP: distance vector; max 15 hops; slow convergence; uses hop count metric
- OSPF: link-state; fast convergence; uses cost (bandwidth) metric; scalable
- EIGRP: Cisco proprietary; hybrid; uses bandwidth + delay metric
- BGP: path vector; routes between ISPs/autonomous systems; internet backbone protocol
- AD (Administrative Distance): trustworthiness — lower = preferred; static=1, OSPF=110, RIP=120
- Default route: 0.0.0.0/0 — catch-all; forwards unmatched traffic to gateway
Wireless Networking
- 802.11a: 5GHz, 54Mbps | 802.11b: 2.4GHz, 11Mbps | 802.11g: 2.4GHz, 54Mbps
- 802.11n (Wi-Fi 4): 2.4/5GHz, 600Mbps, MIMO | 802.11ac (Wi-Fi 5): 5GHz, multi-Gbps
- 802.11ax (Wi-Fi 6): 2.4/5/6GHz, OFDMA, improved dense environments
- 2.4GHz: longer range, 3 non-overlapping channels (1, 6, 11), more interference
- 5GHz: shorter range, more channels, less interference, faster
- WEP=broken | WPA/TKIP=vulnerable | WPA2/AES-CCMP=standard | WPA3/SAE=current best
- WPA2-Personal: PSK | WPA2-Enterprise: 802.1X + RADIUS
- Evil twin: rogue AP with same SSID | Deauth attack: forged frames disconnect clients
Network Security
- AAA: Authentication (who?) + Authorization (what?) + Accounting (what did they do?)
- RADIUS: UDP 1812/1813; encrypts password only; common for Wi-Fi enterprise auth
- TACACS+: TCP 49; encrypts full packet; separates AAA; Cisco-preferred
- 802.1X: port-based NAC; supplicant authenticates via RADIUS before network access
- Firewall types: packet filter (stateless L3/4), stateful (tracks connections), NGFW (L7)
- IDS = detect + alert | IPS = detect + block (inline deployment required)
- DMZ: public-facing servers separated from internal LAN by firewall
- ARP poisoning: fake ARP replies redirect traffic through attacker (MitM)
- MAC flooding: overwhelms switch CAM table; switch falls back to hub behavior
- VLAN hopping: double tagging or switch spoofing to access other VLANs
Troubleshooting Tools & Commands
- ping: tests ICMP reachability; basic connectivity check
- traceroute (Linux/Mac) / tracert (Windows): shows hop-by-hop path with latency
- nslookup / dig: DNS resolution testing
- ipconfig (Windows) / ifconfig or ip addr (Linux): shows interface IP config
- netstat: active connections, listening ports, routing table
- arp -a: shows local ARP cache (IP to MAC mappings)
- nmap: port scanning and network discovery
- Wireshark / tcpdump: packet capture and analysis
- cable tester: checks physical layer continuity and wiring
- OSI troubleshooting: start at Layer 1 (physical) and work up
WAN Technologies & Cloud
- MPLS: multiprotocol label switching; fast WAN routing via labels not IPs
- SD-WAN: software-defined WAN; centralizes control; uses commodity internet links
- DMVPN: dynamic multipoint VPN; hub-and-spoke + spoke-to-spoke tunnels
- Metro Ethernet: carrier Ethernet over fiber in metro areas; high bandwidth
- DSL: over phone line; ADSL asymmetric (faster down); limited distance
- Cable: coax shared medium; DOCSIS standard; faster than DSL
- Fiber (FTTH/FTTP): highest bandwidth and distance; most reliable
- IaaS: infrastructure (VMs, storage) | PaaS: platform (runtime, DB) | SaaS: full app
- VPC: virtual private cloud; isolated cloud network segment
- CDN: content delivery network; caches content geographically close to users
Take Practice Test →