CompTIA Network+ prep, N10-009 roadmap with ARIA
CompTIA Network+ N10-009 is 90 minutes, around 90 questions including PBQs, a 720 out of 900 passing score, and the foundational vendor-neutral networking certification. CompTIA recommends A+ and 9 to 12 months of hands-on networking experience, but neither is required. I prep you with an adaptive evaluation, a roadmap balanced across all five domains, scenario-based troubleshooting drills, and a pass guarantee tied to five measurable conditions. Start at claudelab.me/onboarding/select-cert?code=Network%2B.
TL;DR
- 90 minutes, around 90 items, 720 out of 900 passing, beginner level, five domains spread evenly between 17 and 23 percent.
- PBQs front-load the exam: subnet calculation, command-line tool selection, drag-drop topology and protocol matching.
- I open with a 15-to-25-question CAT eval that lands a domain-by-domain skill estimate.
- Roadmap milestones balance across the five domains because no single area dominates, with extra drill on subnetting and troubleshooting.
- Pass-guarantee eligibility is checked by a database function with five mechanical conditions.
What the N10-009 exam is
N10-009 is the current CompTIA Network+ exam, current as of 2026. It tests vendor-neutral networking fundamentals: how networks work, are built, are operated, are secured, and break. Format: around 90 questions in 90 minutes, scaled 100 to 900, passing at 720. Questions are multiple choice plus performance-based items. No live lab, but PBQs are interactive enough to feel like one.
The blueprint splits into five domains, weighted closer than any other CompTIA exam.
| Domain | Weight | What it covers |
|---|---|---|
| 1.0 Networking Concepts | 23% | OSI and TCP/IP layers, ports and protocols, IP addressing, subnetting and CIDR, DNS, DHCP, virtualization, cloud connectivity. |
| 2.0 Network Implementation | 18% | Routing (RIP, OSPF, EIGRP, BGP), switching (VLANs, trunking, STP), wireless (Wi-Fi 5, 6, 6E, 7), physical infrastructure. |
| 3.0 Network Operations | 17% | Documentation, monitoring (SNMP, NetFlow, syslog), DHCP, IPAM, patch management, business continuity. |
| 4.0 Network Security | 20% | CIA triad, common attacks (DDoS, ARP spoofing, VLAN hopping), hardening (port security, 802.1X, ACLs), zero trust, VPN, SASE. |
| 5.0 Network Troubleshooting | 22% | Seven-step methodology, tool selection (ping, traceroute, nslookup, dig, netstat, iperf, tcpdump), connectivity, performance, wireless, hardware. |
The 17-to-23 percent spread is unusual. Most CompTIA exams have one or two domains carrying 25 percent or more; Network+ does not. A roadmap that front-loads a single "big" domain wastes the structure of the exam. Concepts and Troubleshooting are the two largest at 23 and 22 percent, but the other three matter almost as much.
Performance-based questions on N10-009
PBQs catch first-timers. CompTIA shows two to five at the start, before the multiple-choice block. Three forms:
- Subnet calculation where the stem gives a network and asks for the broadcast address, host count, host range, or next subnet. Often CIDR conversion under time pressure.
- Command-line tool selection where you read a problem and pick the right tool from ping, tracert / traceroute, nslookup, dig, netstat, ss, iperf, or tcpdump.
- Drag-and-drop for topology labelling, port-to-protocol matching, OSI-layer placement, and cable-category mapping.
Treat PBQs as harder multiple-choice with more context. Budget 90 seconds each; flag-and-return any past three minutes.
Where Network+ sits in the IT ladder
Network+ is the bridge between A+ helpdesk and Security+ blue-team. A+ proves you can troubleshoot a workstation; Network+ proves you understand the wire, protocols, and gear; Security+ defends what Network+ taught you to build. For US federal and DoD-adjacent work, Network+ paired with Security+ is the most common entry combination.
How 
ARIA preps you for it
ARIA owns your Network+ prep end to end. Five pieces, every day you are in the program.
The CAT evaluation. A 15-to-25-question adaptive test that converges on your real skill across the five N10-009 domains. Difficulty adjusts per answer; the test stops at 95 percent confidence or 25 questions. Output is a domain-by-domain estimate that decides your roadmap. See the full CAT explainer.
The personalized roadmap. When the eval closes, I generate three to five phases sequenced from your weakest N10-009 domain to your strongest, each with two to four milestones. Because the domain weights are nearly even, the roadmap balances coverage instead of front-loading a single area. Full structure: the roadmap overview.
The daily task engine with subnetting drills surfaced through the error backlog. Every time you reopen the app, I pick the next task. One task. Not a list. Subnetting breaks the most candidates, so any miss on a CIDR or host-count item returns through the Today Task card until you can split a /27 from a /28 cold under 60 seconds.
Scenario-based troubleshooting practice. Domain 5 is 22 percent of the exam and the format that mirrors it is scenario-driven. I run practice sessions where the stem describes a symptom (users on VLAN 30 cannot reach the gateway, web servers behind the load balancer return 504 intermittently), gives you tool output, and asks for the next step. Every miss tags the methodology stage where the reasoning broke.
The readiness score. A single 0-to-100 number estimating your probability of passing Network+ today. It blends coverage, accuracy, and recency, and decays roughly 3 points per day of inactivity past the grace window. At 60 it unlocks the demo test, at 80 the gauntlet. With every milestone done, two mock passes, one gauntlet pass, and live readiness at 80, the pass guarantee flips eligible.
Common pitfalls on Network+
These are the questions that quietly cost the most points. Every prep tool flags them; few do anything structural about them.
OSI vs TCP/IP layer mapping
The exam asks which layer carries TLS, where MAC addresses live, or whether HSRP is Layer 2 or Layer 3. Layer 7 (Application): HTTP, HTTPS, DNS, SMTP, SSH. Layer 6: TLS encryption. Layer 5: NetBIOS, RPC. Layer 4: TCP, UDP, ports. Layer 3: IP, ICMP, OSPF, EIGRP. Layer 2: Ethernet, MAC, ARP, switches, VLANs. Layer 1: cables, connectors, signaling. TCP/IP collapses 5, 6, 7 into Application and merges 1 and 2 into Network Access. The exam tests both and asks you to translate.
Subnetting math under time pressure
CIDR /xx to mask, host count, broadcast address, and next-subnet-in-sequence all need to come out in under 60 seconds without tables. /24 is /0 with 254 usable hosts; /25 has 126; /26 has 62; /27 has 30; /28 has 14; /29 has 6; /30 has 2 (point-to-point). Pattern: subtract host bits from 32, double prior host count plus 2, drop 2 for network and broadcast.
Wireless standards and frequency bands
802.11ac (Wi-Fi 5): 5 GHz only, peaks around 1.3 Gbps. 802.11ax (Wi-Fi 6): 2.4 and 5 GHz, peaks around 9.6 Gbps theoretical, adds OFDMA. Wi-Fi 6E extends Wi-Fi 6 into the 6 GHz band. 802.11be (Wi-Fi 7) adds multi-link operation and 320 MHz channels, pushing past 30 Gbps. Frequency band drives range; channel width and modulation drive throughput.
Routing protocol categories
RIP is distance-vector (hop count, slow, 15-hop limit, mostly historical). OSPF is link-state (cost-based, fast convergence, area hierarchy). EIGRP is Cisco hybrid (advanced distance-vector with link-state behavior, DUAL). BGP is path-vector (policy-driven, runs the public internet). RIP, OSPF, EIGRP are interior gateway protocols within an AS; BGP is the exterior gateway protocol between AS.
VLAN trunking and 802.1Q tagging
Trunk ports carry multiple VLANs by adding a 4-byte 802.1Q tag. The native VLAN is the one VLAN whose frames cross the trunk untagged. Default native VLAN is 1, and leaving it as 1 enables VLAN hopping. Tagged frames go to the named VLAN; untagged frames drop into the native VLAN. Access ports carry one VLAN, untagged. The classic item asks which misconfiguration enables a double-tagging attack (matching native VLAN on both ends).
Troubleshooting tool selection
ping checks Layer 3 reachability. tracert / traceroute maps the hop path. nslookup queries DNS interactively; dig is the modern equivalent. netstat shows local connections; ss replaces it on modern Linux. iperf measures throughput. tcpdump captures packets; Wireshark reads them. The exam asks for the right tool given a specific symptom, so reading the stem matters more than memorizing flags.
Cable categories, distance, and speed
Cat 5e: 1 Gbps to 100 m. Cat 6: 1 Gbps to 100 m, 10 Gbps to 55 m. Cat 6a: 10 Gbps to 100 m. Cat 7: 10 Gbps to 100 m with full shielding. Cat 8: 25 or 40 Gbps to 30 m for short data-center runs. The exam asks which cable fits a 75-meter 10 Gbps run (Cat 6a, not Cat 6) or a 25-meter 40 Gbps run (Cat 8).
Zero trust network principles
Zero trust is not a product. It is a model: never trust, always verify; assume breach; least privilege. Perimeter security trusts whatever is inside the firewall; zero trust verifies every request regardless of origin. Microsegmentation buys lateral-movement containment; SASE applies zero trust to remote and edge access.
Common questions
Do I need A+ before sitting Network+ N10-009?
CompTIA recommends A+ and 9 to 12 months of hands-on networking experience, but neither is enforced. A+ helps because it builds the OS and hardware fluency that Network+ assumes you already own. If you skip A+, the CAT evaluation surfaces the gap on day one and the roadmap closes it before Phase 2.
How are performance-based questions scored on Network+?
PBQs are weighted heavier than multiple-choice items, but partial credit applies. A drag-drop with six positions and four correct earns roughly four-sixths. Subnet PBQs that ask for multiple values (network address, broadcast, host count) score each blank independently. The exam shows two to five PBQs at the start, before the multiple-choice block, and you can flag-and-return.
How long does Network+ prep take at 30 to 45 minutes per day?
At 30 minutes per day, median time-to-ready sits between seven and ten weeks. At 45 minutes, five to eight. The roadmap is sized from your CAT baseline, not a marketing window. A novice on Concepts and Troubleshooting gets the longest plan; someone with helpdesk time lands closer to five weeks.
Network+ vs CCNA, which one first?
Network+ first if you have less than a year of networking experience or want vendor-neutral fundamentals. CCNA goes deeper on Cisco IOS, routing protocols, and configuration, and expects you already understand subnetting and OSI cold. Candidates who jump straight to CCNA without Network+ usually backfill the conceptual layer anyway.
Is Network+ a useful stepping stone to Security+ or CySA+?
Yes. Security+ assumes networking fluency that Network+ delivers (subnetting, ports, protocols, OSI layers, architecture). Candidates with Network+ pass Security+ faster because architecture and operations stop being a translation problem. CySA+ goes further, expecting you can read NetFlow and reason about traffic patterns. Standard ladder: Network+, Security+, CySA+.
Start your CompTIA Network+ prep
The cheapest possible signal is the 15-minute CAT evaluation. It tells you which of the five N10-009 domains you actually own, which one will cost you the exam tomorrow, and where the roadmap starts.
Start your free Network+ evaluation now.
Background reading: the AI cert prep guide covers the four categories of AI prep tools, readiness and decay explains the score that drives the experience, and practice sessions walks through how the daily lane shows up in the app.