Study Notes

Credora
CompTIA Study Guide

Comprehensive notes and practice for A+, Network+, and Security+ — organized, searchable, and exam-ready.

220-1101 / 1102

A+

Hardware, OS, Networking & Security fundamentals

2 ExamsCore 1 + Core 2

→

N10-009

Network+

Networking concepts, infrastructure, operations & security

1 Exam5 Domains

→

SY0-701

Security+

Threats, cryptography, identity, risk & incident response

1 Exam5 Domains

→

Recommended Resources

📺

Professor Messer

Free video courses for all three certs at professormesser.com

📘

Mike Meyers / McGraw Hill

All-in-One study guides — extremely thorough reference books

🧪

Jason Dion (Udemy)

Practice exams with detailed explanations for all three certs

🃏

Anki / Quizlet

Community-made flashcard decks — search each cert code

← Back to all certs

CompTIA A+

Exams: 220-1101 (Core 1) & 220-1102 (Core 2)

Covers hardware, networking, mobile devices, virtualization, operating systems, and IT security fundamentals. The entry-level cert that proves you can support and troubleshoot real-world systems.

Core 1 (220-1101) covers Mobile Devices, Networking, Hardware, Virtualization & Cloud, and Hardware Troubleshooting. Core 2 (220-1102) covers Operating Systems, Security, Software Troubleshooting, and Operational Procedures. Both must be passed.

Core 1 — Domain 1Mobile Devices15%

Laptop Components

SO-DIMM RAM — smaller form factor vs desktop DIMM
M.2 NVMe SSD — fastest internal storage option
2.5" SATA SSD/HDD — older laptop storage format
Wireless card — Mini PCIe or M.2 form factor
Screen — IPS (best color), TN (fast), VA (high contrast)
OLED — true blacks, no backlight, burn-in risk
Inverter — powers CCFL backlight on older LCDs

Mobile Connections

USB-C — reversible; data + power + video (Thunderbolt 4 = 40 Gbps)
Lightning — Apple proprietary (replaced by USB-C on newer iPhones)
NFC — ~4cm range; tap-to-pay; contactless data
Bluetooth — PAN; ~10m; 2.4 GHz; pairing required
Hotspot — shares cellular data as Wi-Fi AP
IR — line-of-sight remote control only

MDM Features

Full remote wipe — factory reset; erases everything
Selective wipe — removes only corporate data (BYOD)
Remote lock — locks screen immediately
Geofencing — triggers actions based on location
BYOD — Bring Your Own Device
COPE — Corporate-Owned, Personally Enabled
Containerization — isolates work apps from personal

Core 1 — Domain 2Networking20%

Common Ports & Protocols — Memorize All

Port	Protocol	Transport	Notes
20/21	FTP	TCP	21=control, 20=data transfer
22	SSH / SFTP / SCP	TCP	Encrypted remote access — replaces Telnet
23	Telnet	TCP	Cleartext remote access — never use in production
25	SMTP	TCP	Outbound email; server-to-server
53	DNS	TCP/UDP	UDP for queries; TCP for zone transfers
67/68	DHCP	UDP	67=server; 68=client
80	HTTP	TCP	Unencrypted web traffic
110	POP3	TCP	Receive email; downloads & deletes from server
143	IMAP	TCP	Receive email; stays on server; syncs across devices
443	HTTPS	TCP	Encrypted web traffic (TLS)
445	SMB	TCP	Windows file & printer sharing
465/587	SMTPS	TCP	Encrypted outbound email (465=implicit TLS, 587=STARTTLS)
993	IMAPS	TCP	Encrypted IMAP
995	POP3S	TCP	Encrypted POP3
3389	RDP	TCP	Windows Remote Desktop Protocol

IP Address Reference

127.0.0.1 — Loopback (localhost)
169.254.x.x — APIPA (DHCP failed; self-assigned)
10.x.x.x — RFC 1918 private /8
172.16–31.x.x — RFC 1918 private /12
192.168.x.x — RFC 1918 private /16
DHCP DORA: Discover → Offer → Request → Acknowledge
ipconfig /release then /renew — forces new DHCP lease

Wi-Fi Standards

802.11b — 11 Mbps · 2.4 GHz (Wi-Fi 1)
802.11a — 54 Mbps · 5 GHz (Wi-Fi 2)
802.11g — 54 Mbps · 2.4 GHz (Wi-Fi 3)
802.11n — 600 Mbps · 2.4/5 GHz (Wi-Fi 4)
802.11ac — 3.5 Gbps · 5 GHz (Wi-Fi 5)
802.11ax — 9.6 Gbps · 2.4/5/6 GHz (Wi-Fi 6/6E)

Exam Tip: 169.254.x.x = APIPA = DHCP failed. 2.4 GHz interference sources: microwave ovens, Bluetooth, baby monitors. Switch to 5 GHz to eliminate microwave interference completely.

Core 1 — Domain 3Hardware25%

Storage Speeds

IDE/PATA — legacy; ~133 MB/s max
SATA III — 6 Gbps (~600 MB/s)
NVMe PCIe 3.0 — up to 3,500 MB/s
NVMe PCIe 4.0 — up to 7,000 MB/s
NVMe PCIe 5.0 — up to 14,000 MB/s
USB 3.2 Gen 2 — 10 Gbps external
Thunderbolt 4 — 40 Gbps via USB-C

RAM Types

DDR4 — 2133–3200 MHz; 288-pin DIMM
DDR5 — 4800+ MHz; same pin count; different keying
SO-DIMM — laptop; 260-pin DDR4
ECC — Error Correcting Code; servers/workstations
Dual-channel — install matched pairs for best bandwidth
VRAM — dedicated GPU memory (GDDR5/6)

PSU Connectors

24-pin ATX — main motherboard power (required)
4/8-pin EPS — CPU power (required to POST)
6/8-pin PCIe — GPU power
SATA power — SATA drives
Molex — legacy peripherals and older fans
80 PLUS: Bronze→Silver→Gold→Platinum→Titanium (efficiency)

Laser Printer Process — PCEDT-FC (Always on exam)

1. Processing

RIP converts the print job into a bitmap the printer can use.

2. Charging

Primary corona charges the photosensitive drum to a uniform −600V.

3. Exposing

Laser neutralizes charged areas of the drum — creating an invisible electrostatic image.

4. Developing

Negatively charged toner sticks to the neutralized drum areas.

5. Transferring

Transfer corona applies positive charge to paper — pulling toner from drum to paper.

6. Fusing

Fuser unit uses heat (~180°C) and pressure to permanently melt toner into paper fibers.

7. Cleaning

Rubber blade scrapes residual toner; erase lamp removes residual charge from drum.

Printer Troubleshooting: Repeating marks at regular intervals = dirty/damaged drum (interval = drum circumference). Smearing/toner rubs off = fuser problem. Faded print = low toner. Horizontal lines = dirty corona wire. Inkjet streaks = clogged nozzles → run head cleaning utility.

Core 1 — Domain 4Virtualization & Cloud11%

Cloud Service Models

IaaS — VMs + storage + networking (AWS EC2, Azure VMs)
PaaS — development platform (Heroku, Azure App Service)
SaaS — finished application (Microsoft 365, Gmail, Salesforce)
DaaS — virtual desktop infrastructure

Cloud Deployment

Public — multi-tenant; AWS, Azure, GCP
Private — exclusive to one org; on-prem or hosted
Hybrid — combines public + private (cloud bursting)
Community — shared by orgs with common requirements

Hypervisors

Type 1 (bare metal) — VMware ESXi, Hyper-V, Xen
Type 2 (hosted) — VirtualBox, VMware Workstation
Container — shares host OS kernel (Docker); not a full VM
Snapshot — point-in-time state; NOT a backup
Clone — full independent copy of a VM

Core 1 — Domain 5Hardware & Network Troubleshooting29%

CompTIA 7-Step Troubleshooting Methodology

1. Identify the problem

Gather info from user; reproduce the issue; check error messages; back up data before making changes.

2. Establish a theory of probable cause

Start simple. Could be power, cables, settings, or a recent change.

3. Test the theory

Confirm or eliminate. If wrong, form a new theory or escalate.

4. Establish a plan of action

Research the fix. Consider impact on other systems. Plan implementation window.

5. Implement the solution

Apply the fix. Escalate if beyond your skill level or authority.

6. Verify full system functionality

Confirm fix worked. Apply preventative measures. No new issues introduced.

7. Document findings

Record problem, cause, fix, and outcome for future reference and knowledge base.

BIOS vs UEFI

BIOS — Legacy; 16-bit; MBR; max 2.2 TB drive
UEFI — Modern; 64-bit; GPT; drives >2.2 TB
Secure Boot — UEFI feature; blocks unsigned bootloaders
TPM — Trusted Platform Module; hardware security chip
CMOS battery (CR2032) — retains settings when unplugged

POST Beep Codes

1 short — POST passed; boot device not found
1 long + 2 short — Video adapter error (AMI/Award)
1 long + 3 short — Video memory error
Continuous — RAM failure or PSU problem
No beep + no POST — PSU or motherboard failure

Core 2 (220-1102) begins here. Domains: Operating Systems (31%), Security (25%), Software Troubleshooting (22%), Operational Procedures (22%).

Core 2 — Domain 1Operating Systems31%

Windows Editions

Home — no BitLocker; no Group Policy; no RDP host
Pro — adds BitLocker, GPO, RDP host, Hyper-V, domain join
Enterprise — volume licensing; AppLocker; BranchCache
Education — Enterprise features for schools

Key Windows Commands

ipconfig /all — full IP info including MAC, DHCP server
sfc /scannow — repairs corrupted system files
chkdsk /f /r — checks and repairs disk errors
gpupdate /force — immediately applies Group Policy
bootrec /fixmbr — repairs Master Boot Record
bootrec /rebuildbcd — rebuilds boot config data
msconfig — configure startup, services, boot

File Systems

NTFS — Windows default; permissions; encryption; 16 TB max file
FAT32 — cross-platform; 4 GB max file size limit
exFAT — flash/USB drives; large files; no journaling
ext4 — Linux default filesystem
APFS — macOS/iOS default (replaced HFS+)

Core 2 — Domain 2Security25%

Malware Types

Virus — attaches to files; needs user execution to spread
Worm — self-replicates across network; no user action needed
Trojan — disguised as legit software; creates backdoor
Ransomware — encrypts files; demands crypto payment
Rootkit — hides at OS/firmware level; very persistent
Spyware — monitors activity; captures keystrokes/screenshots
Botnet — network of infected hosts under attacker control

Windows Security Tools

Windows Defender — AV + anti-malware built-in
Windows Firewall — stateful packet filtering
BitLocker — full disk encryption (Pro/Enterprise)
EFS — Encrypting File System (per-file encryption)
UAC — User Account Control; limits privilege escalation
Windows Hello — biometric authentication

Authentication Factors

Something you KNOW — password, PIN, security question
Something you HAVE — token, smart card, phone (TOTP)
Something you ARE — biometrics (fingerprint, face, retina)
MFA — requires 2+ different factor categories
SSO — Single Sign-On; one login for multiple systems

Core 2 — Domain 3Software Troubleshooting22%

Malware Removal — 7 Steps

1. Identify and verify symptoms

Pop-ups, slow performance, unusual network activity, disabled AV, missing files.

2. Quarantine

Disconnect from network immediately to prevent spreading to other devices.

3. Disable System Restore

Prevents malware from hiding in and reinfecting from Windows restore points.

4. Remediate

Update AV definitions. Run full scan in Safe Mode. Use bootable AV if needed.

5. Schedule scans and apply updates

Apply OS and application patches. Run additional scan passes to confirm clean.

6. Re-enable System Restore

Create a new clean restore point once the system is confirmed malware-free.

7. Educate the end user

Explain what happened, how to recognize threats, and how to prevent recurrence.

Core 2 — Domain 4Operational Procedures22%

Backup Types

Full — all data; slowest backup; fastest restore
Incremental — changes since last backup; fastest backup; slowest restore
Differential — changes since last full; moderate both
3-2-1 Rule: 3 copies; 2 different media types; 1 offsite
Always test restores — backups are useless if they can't restore

ESD & Safety

ESD — Electrostatic Discharge; invisible but destroys components
Anti-static wrist strap — grounds technician to prevent ESD
Anti-static bag — always store/transport components inside
SDS/MSDS — safety data sheets for toner, chemicals, batteries
CR2032 — CMOS battery; retains BIOS settings when unplugged

Full A+ Exam Notes

Use this as the main study section after the quick notes above. It keeps Core 1 and Core 2 separated so you know exactly what skill area you are studying.

Core 1: Mobile Devices

Laptops and mobile devices are about identifying parts, replacing small components, and knowing how phones/tablets connect and stay managed.

Laptop hardware

RAM: laptops use SO-DIMM modules, not full desktop DIMMs.
Storage: M.2 NVMe is common for speed; 2.5-inch SATA still appears in older laptops.
Wi-Fi/Bluetooth cards often use M.2 or Mini PCIe slots.
Cooling problems usually show up as random shutdowns, loud fans, or thermal throttling.
Replaceable parts can include battery, keyboard, display, touchpad, storage, RAM, DC jack, speakers, camera, and wireless card.

Displays and laptop features

LCD panels use a backlight; OLED creates light per pixel and has deeper blacks.
Digitizers convert touch input into screen movement.
Privacy filters, docking stations, port replicators, and USB-C hubs expand laptop use.
Fn keys may control brightness, Wi-Fi, volume, keyboard light, or external displays.

Mobile device setup

Cellular, Wi-Fi, Bluetooth, NFC, and USB-C are the main connection methods.
Email setup usually needs server address, port, SSL/TLS setting, username, and password.
MDM can enforce passcodes, remote wipe, geofencing, encryption, and app restrictions.
BYOD means personal device used for work; COPE means company-owned but personally enabled.

Exam move: for mobile questions, first identify whether the problem is hardware, wireless, account sync, or policy/MDM.

Core 1: Networking

Network basics

IP address identifies a host on a network; subnet mask identifies the network portion.
Default gateway sends traffic outside the local subnet.
DNS converts names to IP addresses.
DHCP automatically gives IP settings to clients.
NAT lets private internal addresses share public internet access.

Devices

Switch: forwards frames using MAC addresses, mostly Layer 2.
Router: forwards packets between networks using IP addresses, Layer 3.
Firewall: allows or blocks traffic based on rules.
Access point: bridges wireless clients to the wired network.
Patch panel: organizes cable runs; it does not make forwarding decisions.

Wireless

2.4 GHz reaches farther but is crowded; 5 GHz is faster with shorter range; 6 GHz adds newer Wi-Fi 6E space.
WPA3 is stronger than WPA2; WEP is obsolete.
SSID is the wireless network name.
Channel overlap causes interference, especially on 2.4 GHz.

Cables and connectors

RJ-45 is Ethernet; RJ-11 is telephone/DSL.
Fiber is immune to electromagnetic interference and supports long distance.
Plenum-rated cable is used in air-handling spaces.
568A and 568B are wiring standards for twisted-pair Ethernet.

Core 1: Hardware

Motherboards

Form factors include ATX, microATX, Mini-ITX, and laptop proprietary boards.
CPU socket must match the processor.
Chipset controls motherboard features and expansion support.
CMOS battery preserves firmware settings when power is off.
UEFI is the modern replacement for legacy BIOS.

Storage

HDD has moving parts and is slower; SSD has no moving parts and is faster.
NVMe uses PCIe lanes and is faster than SATA SSDs.
RAID 0 is speed/no redundancy; RAID 1 mirrors; RAID 5 uses parity; RAID 10 mirrors and stripes.
SMART can warn about drive health issues.

Printers

Laser process: processing, charging, exposing, developing, transferring, fusing, cleaning.
Inkjet issues often include clogged nozzles, streaking, or bad cartridges.
Thermal printers use heat-sensitive paper or transfer ribbon.
Print spooler problems can pause or block print jobs.

Power and safety

PSU wattage must support CPU, GPU, drives, and motherboard.
ESD protection prevents static damage to components.
Capacitors can store charge; avoid opening power supplies.
Use proper lifting and disposal procedures for batteries and toner.

Core 1: Virtualization, Cloud, and Troubleshooting

Virtualization

Hypervisor runs virtual machines; Type 1 runs on hardware, Type 2 runs inside an OS.
VMs need CPU, RAM, storage, and virtual network settings.
Snapshots are temporary rollback points, not full backup replacements.
Containers share the host OS kernel and are lighter than full VMs.

Cloud models

IaaS: provider gives infrastructure; you manage OS and apps.
PaaS: provider gives platform; you focus on code/app.
SaaS: provider gives complete application.
Public, private, hybrid, and community describe deployment style.

Troubleshooting method

Identify the problem and gather details.
Establish a theory, then test it.
Create a plan, implement the fix, and verify full functionality.
Document findings, actions, and outcomes.

Core 2: Operating Systems, Security, Software, and Operations

Windows tools

Device Manager checks hardware and drivers.
Disk Management handles partitions and volumes.
Event Viewer reviews logs.
Task Manager and Resource Monitor show performance.
Command tools include ipconfig, ping, tracert, netstat, chkdsk, sfc, gpupdate, and shutdown.

Security

Least privilege gives only the access needed.
MFA combines factors: something you know, have, are, do, or somewhere you are.
Encryption protects data at rest and in transit.
Malware removal: identify symptoms, quarantine, disable restore if needed, remediate, update, scan, and educate user.

Software troubleshooting

Slow performance can come from startup apps, low RAM, malware, disk issues, or updates.
Blue screens usually involve drivers, hardware, or system files.
Boot issues can involve BCD, storage, corrupted OS files, or failed updates.
Use safe mode, recovery environment, rollback, restore points, and backups.

Operational procedures

Ticketing documents what happened and protects the technician.
Change management reduces surprise outages.
Backups follow recovery needs: full, incremental, differential, and synthetic.
Professionalism includes clear communication, privacy, and not blaming users.

← Back to all certs

CompTIA Network+

Exam: N10-009

Deep-dive into networking concepts, infrastructure, network operations, network security, and network troubleshooting. The definitive networking cert for IT professionals.

ReferenceThe OSI Model

#	Layer	Protocols / Examples	PDU	Devices
7	Application	HTTP, HTTPS, DNS, FTP, SMTP, SSH, DHCP	Data	Proxy, WAF, L7 FW
6	Presentation	TLS/SSL, JPEG, MPEG, ASCII, encryption/encoding	Data	—
5	Session	NetBIOS, RPC, PPTP, SQL sessions	Data	—
4	Transport	TCP, UDP — port numbers, segmentation, flow control	Segment	Firewall, Load Balancer
3	Network	IP, ICMP, OSPF, BGP, RIP, IPsec	Packet	Router, L3 Switch
2	Data Link	Ethernet (802.3), Wi-Fi (802.11), MAC, VLANs (802.1Q)	Frame	Switch, Bridge, NIC
1	Physical	Cables, fiber, signals, hubs, repeaters, voltage	Bits	Hub, Repeater, Cables

Mnemonic (bottom→top): "Please Do Not Throw Sausage Pizza Away" — Physical, Data Link, Network, Transport, Session, Presentation, Application. PDU names: Bits → Frames → Packets → Segments → Data.

Domain 1Networking Concepts23%

TCP vs UDP

TCP — connection-oriented; 3-way handshake (SYN, SYN-ACK, ACK)
TCP — reliable; ordered; error-checked; acknowledges delivery
TCP uses: HTTP/S, FTP, SSH, email, RDP, SQL
UDP — connectionless; no handshake; best-effort delivery
UDP — fast; low overhead; no retransmission
UDP uses: DNS, DHCP, VoIP, streaming, gaming, TFTP

CIDR Subnetting

/24 = 255.255.255.0 — 254 usable hosts
/25 = 255.255.255.128 — 126 hosts
/26 = 255.255.255.192 — 62 hosts
/27 = 255.255.255.224 — 30 hosts
/28 = 255.255.255.240 — 14 hosts
/29 = 255.255.255.248 — 6 hosts
/30 = 255.255.255.252 — 2 hosts (point-to-point)
Formula: usable = 2^(32−prefix) − 2

Routing Protocols

RIP — distance vector; max 15 hops; slow convergence
OSPF — link state; Dijkstra SPF; fast; cost metric; no hop limit
EIGRP — Cisco hybrid; DUAL algorithm; composite metric
BGP — internet's routing protocol; path vector; between ASes; TCP 179
Default route: 0.0.0.0/0 — gateway of last resort

DNS Record Types

A — hostname → IPv4 address
AAAA — hostname → IPv6 address
CNAME — alias (canonical name redirect)
MX — mail server for a domain
PTR — reverse DNS (IP → hostname)
NS — authoritative name server for zone
TXT — SPF, DKIM, domain verification
SOA — zone authority and serial number

IPv6 Basics

128-bit addresses; 8 groups of 4 hex digits
:: compresses consecutive zero groups
::1 — loopback (like 127.0.0.1)
fe80::/10 — link-local (like APIPA; non-routable)
2000::/3 — global unicast (public internet)
ff00::/8 — multicast (no broadcast in IPv6)
SLAAC — Stateless Address Auto-Configuration

DHCP Process (DORA)

Discover — client broadcasts; looking for DHCP server
Offer — server offers an available IP address
Request — client requests the offered IP
Acknowledge — server confirms the lease
DHCP uses UDP ports 67 (server) and 68 (client)
Relay agent (ip helper-address) forwards across subnets

Domain 2Network Infrastructure18%

Cable Standards

Cat 5e — 1 Gbps up to 100m
Cat 6 — 10 Gbps up to 55m; 1 Gbps to 100m
Cat 6a — 10 Gbps up to 100m (augmented)
Cat 8 — 25/40 Gbps; data center short runs
SMF (yellow) — laser; 9µm core; 40–120 km
MMF (orange/aqua) — LED; 50/62.5µm; up to 2 km
RJ-45 = 8-pin Ethernet · RJ-11 = 6-pin phone

VLANs & Trunking

VLAN — logical broadcast domain segmentation on a switch
802.1Q — VLAN tagging standard for trunk links
Access port — one VLAN; connects end devices; untagged
Trunk port — multiple VLANs; between switches; tagged
Native VLAN — untagged traffic on trunk (change from VLAN 1)
STP/RSTP — prevents Layer 2 loops on redundant paths
Inter-VLAN routing — L3 switch or router-on-a-stick

WAN & VPN

MPLS — label switching; deterministic QoS; provider managed
SD-WAN — multiple links managed centrally; cost-effective
IPsec — Layer 3 VPN; tunnel or transport mode; UDP 500/4500
SSL/TLS VPN — browser-based; port 443; clientless option
WireGuard — modern fast VPN protocol
Full tunnel vs split tunnel — all traffic vs selected traffic

Domain 3Network Operations17%

SNMP

Agent — runs on monitored device; responds to queries
Manager (NMS) — collects and processes data
MIB — Management Information Base; defines monitorable objects
v1/v2c — community strings (cleartext; insecure)
v3 — authentication + encryption (always use v3)
UDP 161 — SNMP queries · UDP 162 — SNMP traps

Availability Metrics

MTTR — Mean Time To Repair (avg time to fix)
MTBF — Mean Time Between Failures (reliability)
RTO — Recovery Time Objective (max acceptable downtime)
RPO — Recovery Point Objective (max acceptable data loss)
SLA — guaranteed uptime (99.999% = ~5.26 min/year)

Network Documentation

Physical diagram — hardware locations and cable runs
Logical diagram — IP addressing; VLANs; routing
Baseline — normal metrics for anomaly comparison
IPAM — IP Address Management database
NetFlow/sFlow — traffic flow metadata collection
Syslog — standardized log format; UDP 514

Domain 4Network Security20%

Network Attacks

ARP Poisoning — maps attacker MAC to victim IP → MitM
MAC Flooding — fills CAM table → switch broadcasts like hub
VLAN Hopping — switch spoofing or double-tagging
DHCP Starvation → Rogue DHCP Server
DNS Poisoning — injects false DNS records
Deauth Attack — spoofed 802.11 deauth frames → Wi-Fi DoS

Wireless Security

WEP — broken; RC4 cipher; never use
WPA/TKIP — still weak; avoid
WPA2/AES — current minimum standard (CCMP)
WPA3/SAE — best; forward secrecy; Dragonfly handshake
WPA2/3-Personal — PSK (pre-shared key)
WPA2/3-Enterprise — 802.1X with RADIUS server
802.11w — Management Frame Protection (prevents deauth)

IDS vs IPS

IDS — passive; monitors only; sends alerts; SPAN port
IPS — active; inline; blocks/drops malicious traffic
Signature-based — matches known attack patterns
Anomaly-based — detects deviations from baseline
False positive = legitimate traffic flagged (annoying)
False negative = attack missed (dangerous)

Domain 5Network Troubleshooting22%

CLI Tools

ping — ICMP echo; basic connectivity test
tracert/traceroute — hop-by-hop path discovery
nslookup / dig — DNS resolution testing
netstat -rn — routing table
arp -a — ARP cache view
nmap — port scanning and host discovery
tcpdump / Wireshark — packet capture and analysis

Physical Tools

TDR — Time Domain Reflectometer; locates cable break
Cable tester — pass/fail continuity and pinout
OTDR — fiber optic cable testing
Tone generator/probe — traces cable through walls
Wi-Fi analyzer — channel usage and signal strength
SPAN port — required for Wireshark on a switch

Common Patterns: IP works; names fail = DNS problem. 169.254.x.x = DHCP failure. High TCP retransmits at 1Gbps = physical layer errors. Deauth frames in WAP logs = deauth attack. Strong signal + slow throughput = channel congestion (use Wi-Fi analyzer). Peak-hours-only slowness = congestion → implement QoS.

Full Network+ Exam Notes

These notes follow the big Network+ areas: concepts, implementation, operations, security, and troubleshooting. The goal is to know what the device or protocol does, where it lives, and how to troubleshoot it.

1.0 Networking Concepts

OSI model

Layer 1 Physical: cables, connectors, radio, light, electrical signals.
Layer 2 Data Link: MAC addresses, switching, VLANs, Ethernet frames.
Layer 3 Network: IP addressing and routing.
Layer 4 Transport: TCP reliability and UDP speed.
Layers 5-7: sessions, formatting/encryption, and user-facing protocols.

Core protocols

DNS resolves names; DHCP leases IP settings.
HTTP/HTTPS runs web traffic; SSH provides secure remote CLI.
SNMP monitors devices; NTP syncs clocks.
SMTP sends mail; IMAP/POP3 retrieve mail.

IP addressing

IPv4 uses 32-bit dotted decimal addresses.
Private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16.
APIPA 169.254.x.x means DHCP failed.
IPv6 uses 128-bit hexadecimal addressing; link-local starts with fe80::/10.

Subnetting essentials

CIDR /24 means 24 network bits and 8 host bits.
Hosts per subnet formula: 2^host bits minus 2 for traditional IPv4 networks.
Default gateways must be in the same subnet as the host.
VLSM lets subnets use different sizes.

2.0 Network Implementation

Switching

Switches learn MAC addresses and build a MAC table.
VLANs logically separate networks on the same switch.
Trunks carry multiple VLANs between switches.
STP prevents Layer 2 loops by blocking redundant paths.
PoE powers phones, cameras, and access points through Ethernet.

Routing

Static routes are manually configured.
Dynamic routing protocols share routes automatically.
OSPF is link-state; BGP routes between autonomous systems on the internet.
NAT/PAT translates private addresses to public addresses.

Wireless

802.11 standards differ by frequency, speed, channel width, and features.
WPA2/WPA3 Enterprise uses 802.1X/RADIUS.
Roaming depends on AP placement, signal strength, and controller settings.
Site surveys identify coverage, interference, and channel overlap.

Physical infrastructure

Copper Ethernet is common and cheap; fiber supports longer distance and higher speeds.
Single-mode fiber supports longer links than multimode.
Patch panels, racks, cable management, labels, and diagrams make support easier.
UPS and generator planning supports uptime.

3.0 Network Operations

Documentation

Network diagrams show devices, links, IPs, VLANs, and WAN connections.
IPAM tracks address assignments.
Asset inventory tracks model, serial number, location, warranty, and owner.
Change records show what changed, who approved it, and rollback plans.

Monitoring

SNMP polls devices and receives traps.
Syslog centralizes logs from network equipment.
NetFlow/sFlow shows traffic patterns.
Baselines help identify abnormal latency, bandwidth, CPU, memory, and errors.

High availability

Redundancy removes single points of failure.
Load balancing spreads traffic across systems.
Failover moves service to a working path or device.
RTO is how fast you must recover; RPO is how much data loss is acceptable.

4.0 Network Security

Security controls

ACLs filter traffic by source, destination, protocol, and port.
Firewalls enforce policy at the network edge or between zones.
IDS alerts on suspicious activity; IPS can block it.
Network segmentation limits how far an attacker can move.

Common attacks

DoS/DDoS attempts to exhaust resources.
ARP poisoning can redirect local traffic.
DNS poisoning sends users to the wrong destination.
VLAN hopping abuses trunking or native VLAN mistakes.
Rogue DHCP gives clients bad network settings.

Access control

802.1X authenticates wired or wireless users before network access.
RADIUS centralizes authentication, authorization, and accounting.
Captive portals force web login before access.
VPNs protect remote or site-to-site traffic over untrusted networks.

5.0 Network Troubleshooting

Method

Identify symptoms, scope, recent changes, and affected users.
Test one theory at a time and avoid random changes.
Check physical layer first: power, link lights, cable, port, speed/duplex.
Escalate with clear notes when outside your access or skill level.

Commands

ping tests reachability.
tracert/traceroute shows path.
ipconfig/ifconfig/ip addr shows local settings.
nslookup/dig checks DNS.
netstat/ss shows connections.
arp shows local IP-to-MAC mappings.

Tools

Cable tester checks continuity and wire map.
Toner/probe finds a cable in a bundle.
Loopback plug tests an interface.
Packet capture shows traffic details for deeper analysis.

← Back to all certs

CompTIA Security+

Exam: SY0-701

Covers general security concepts, threats & vulnerabilities, cryptography, identity management, risk management, and security operations. The benchmark cybersecurity cert for IT professionals.

Domain 1General Security Concepts12%

CIA Triad

Confidentiality — only authorized users access data
Integrity — data is accurate and unmodified
Availability — systems accessible when needed
DAD = Disclosure, Alteration, Destruction (attacks on CIA)

Control Types

Preventive — stops attack before it happens (firewall, lock)
Detective — identifies in-progress attack (IDS, CCTV)
Corrective — reduces impact after attack (patch, restore)
Deterrent — discourages attackers (warning signs, lighting)
Compensating — substitute for primary control
Directive — instructs behavior (policies, training)

Zero Trust

Never trust; always verify — no implicit trust by location
Assume breach — design as if attacker is already inside
Least privilege — minimum permissions for each identity
Micro-segmentation — fine-grained per-workload isolation
Continuous verification — ongoing; not just at login
MFA required for all access; device health checks

Domain 2Threats, Vulnerabilities & Mitigations22%

Password Attacks

Brute force — tries every possible combination
Dictionary — wordlist of common passwords
Credential stuffing — uses leaked username/password pairs
Password spraying — one common password vs many accounts
Rainbow table — precomputed hash lookups (defeated by salting)

Web App Attacks

Broken Access Control — #1 OWASP 2021
SQL Injection — malicious SQL in unsanitized input
XSS — Cross-Site Scripting; injects scripts into pages
CSRF — tricks authenticated browser into requests
Buffer Overflow — overwrites adjacent memory
Directory Traversal — ../ to escape web root

Social Engineering

Phishing — mass email impersonating trusted brand
Spear phishing — targeted; uses personal details
Whaling — targets executives (CEO, CFO)
Vishing — voice/phone phishing
Smishing — SMS phishing
BEC — Business Email Compromise (executive impersonation)
Pretexting — fabricated scenario to manipulate victim

Vulnerability Management

CVE — unique ID per vulnerability (CVE-YYYY-NNNNN)
CVSS 0–10: Low(0.1–3.9), Medium(4–6.9), High(7–8.9), Critical(9–10)
Credentialed scan — authenticated; deeper results
Non-credentialed — external view only
Pen test phases: Plan→Recon→Scan→Exploit→Post-exploit→Report
White=full knowledge · Gray=partial · Black=no knowledge

Domain 3Security Architecture18%

Network Zones

DMZ (screened subnet) — between internet and internal
Hosts public-facing servers: web, mail relay, public DNS
Air gap — physically isolated; no internet connection
Jump server — hardened entry point to secure zone
Honeypot — decoy system to detect and study attackers

Cloud Security

IaaS — customer owns OS, apps, data; provider owns hardware
PaaS — customer owns app and data
SaaS — customer owns data config only
CASB — Cloud Access Security Broker; visibility + DLP
CSPM — misconfiguration detection for cloud
SASE — SD-WAN + cloud security combined

Endpoint Security

EPP/AV — signature-based detection
EDR — behavioral analysis + automated response
XDR — cross-layer (email, endpoint, network, cloud)
DLP — prevents sensitive data exfiltration
Hardening — disable unused services; apply patches; remove defaults
CIS Benchmarks / STIGs — industry hardening standards

Domain 3 (cont.)Cryptography & PKI

Algorithms

AES-256 — symmetric; gold standard for bulk encryption
RSA — asymmetric; 2048+ bit; key exchange + signatures
ECC — asymmetric; smaller keys; efficient; great for mobile
SHA-256 / SHA-3 — hashing; current standard
MD5 / SHA-1 — broken; do not use for security
bcrypt / Argon2 — password hashing (slow by design)
HMAC — hash + secret key = message authentication

PKI Components

CA — Certificate Authority; signs and issues certs
Root CA — top of trust hierarchy; kept offline
Intermediate CA — issues end-entity certs; online
CRL — Certificate Revocation List (periodic)
OCSP — Online Certificate Status Protocol (real-time)
CSR — Certificate Signing Request
Wildcard cert — *.domain.com covers all subdomains
SAN cert — multiple domains on one certificate

TLS Hybrid: Asymmetric (RSA/ECDHE) securely exchanges the session key. Symmetric (AES-256) encrypts actual data — much faster for bulk transfer. Perfect Forward Secrecy (PFS) with ECDHE = unique session keys so past sessions are safe even if server key is later compromised.

Domain 4Identity & Access Management16%

Access Control Models

DAC — Discretionary; owner sets permissions (NTFS)
MAC — Mandatory; labels and clearances (government)
RBAC — Role-Based; permissions via job role (most common)
ABAC — Attribute-Based; policy uses multiple attributes
Rule-based — admin-defined rules (firewall ACLs)

MFA & SSO

TOTP — Time-based OTP (Google Authenticator, Authy)
FIDO2/WebAuthn — passwordless; phishing-resistant
SAML 2.0 — enterprise SSO (XML-based)
OAuth 2.0 — API authorization framework
OpenID Connect — authentication layer on OAuth (JWT)
Kerberos — ticket-based; used in Active Directory

IAM Principles

Least privilege — minimum permissions for the job
Separation of duties — no single person controls critical process
Dual control — two people required for sensitive operations
Need to know — access granted only when job requires it
Privilege creep — excess rights accumulate over time
PAM — Privileged Access Management; vault + JIT + recording

Domain 5Risk Management

Risk Concepts

Risk = Threat × Vulnerability (× Impact in extended models)
Accept — tolerate within risk appetite; document it
Transfer — insurance or contract (shifts financial impact)
Mitigate — implement controls (most common response)
Avoid — stop the risky activity entirely
ALE = ARO × SLE (Annual Loss Expectancy)

BCP / DR

RTO — max acceptable downtime after an incident
RPO — max acceptable data loss (time since last backup)
Hot site — fully operational; immediate failover; most expensive
Warm site — infrastructure ready; needs hours to configure
Cold site — just physical space; longest recovery
BIA — Business Impact Analysis; identifies critical processes

Compliance

GDPR — EU data privacy; 72-hr breach notification
HIPAA — US healthcare; PHI protection
PCI-DSS — payment card data; 12 requirements
NIST CSF — Identify, Protect, Detect, Respond, Recover
ISO 27001 — international ISMS standard
MITRE ATT&CK — adversary TTPs database

Domain 5Security Operations28%

NIST SP 800-61 Incident Response Phases

1. Preparation

Build IR team; write policies; deploy SIEM/tools; run tabletop exercises before an incident.

2. Detection & Analysis

Identify via SIEM; classify severity; preserve evidence; notify stakeholders per policy.

3. Containment, Eradication & Recovery

Isolate affected systems → remove malware → revoke compromised credentials → restore from backup.

4. Post-Incident Activity

Lessons learned; root cause analysis; update IR plan; final report to stakeholders.

Digital Forensics Order of Volatility

1. CPU cache / registers (nanoseconds)
2. RAM — passwords, encryption keys, running processes
3. Swap / pagefile
4. Network connections and state
5. Running processes
6. Hard disk / persistent storage
7. Removable media / backups
Chain of custody — document every person who handles evidence
Write blocker — prevents modifying evidence drive

SIEM & Threat Intel

SIEM — aggregates logs; correlates events; detects patterns
SOAR — automates IR playbooks (orchestration + automation)
IoC — Indicator of Compromise (IP, hash, domain)
TTP — Tactics, Techniques, Procedures (attacker behavior)
STIX/TAXII — standard formats for sharing threat intel
MITRE ATT&CK — comprehensive TTP database
Dark web monitoring — alerts on leaked credentials/data

Full Security+ Exam Notes

Security+ is about understanding why a control exists, what risk it reduces, and how it fits into real incident response and governance.

1.0 General Security Concepts

CIA and AAA

Confidentiality prevents unauthorized disclosure.
Integrity proves data was not improperly changed.
Availability keeps systems usable when needed.
Authentication proves identity; authorization grants access; accounting logs activity.

Security controls

Preventive controls stop events before they happen.
Detective controls identify events.
Corrective controls fix or reduce damage after an event.
Deterrent, compensating, directive, physical, technical, managerial, and operational controls can overlap.

Zero trust

Never trust by location alone.
Verify identity, device health, and access need each time.
Use least privilege, segmentation, continuous monitoring, and policy enforcement.
Assume breach and reduce lateral movement.

2.0 Threats, Vulnerabilities, and Mitigations

Threat actors

Script kiddies use tools with limited knowledge.
Insiders already have trusted access.
Nation-state actors are well-funded and strategic.
Hacktivists are driven by ideology.
Organized crime usually focuses on money.

Social engineering

Phishing targets users through email or messages.
Spear phishing is targeted; whaling targets executives.
Vishing uses voice calls; smishing uses SMS.
Pretexting uses a fake story to build trust.
Business email compromise abuses trust in business communication.

Technical attacks

SQL injection targets database queries.
XSS runs unwanted scripts in a user's browser.
Buffer overflow writes outside memory boundaries.
Race condition abuses timing between operations.
On-path attacks intercept traffic between two parties.

Malware

Virus attaches to files; worm spreads itself.
Trojan pretends to be legitimate.
Ransomware encrypts or locks data for payment.
Spyware collects information.
Rootkits hide deep in the system.

3.0 Security Architecture

Secure infrastructure

Segmentation separates systems by trust level or function.
DMZ hosts public-facing services away from internal systems.
Jump servers control admin access to sensitive networks.
IDS/IPS, WAF, proxies, and secure web gateways inspect traffic.

Cloud security

Shared responsibility depends on SaaS, PaaS, or IaaS.
Security groups act like cloud firewalls.
CASB provides visibility and policy control for cloud apps.
Secrets management protects keys, tokens, and credentials.

Data protection

Data at rest is stored; in transit is moving; in use is actively processed.
Classification labels help decide handling requirements.
DLP helps prevent sensitive data leaving the organization.
Tokenization substitutes sensitive data with non-sensitive values.

4.0 Security Operations

Hardening

Disable unnecessary services and accounts.
Patch operating systems, firmware, applications, and network devices.
Use secure baselines and compare systems against them.
Apply allow lists, block lists, and configuration management.

Identity and access

MFA reduces damage from stolen passwords.
RBAC assigns permissions by job role.
ABAC uses attributes like location, device, time, and classification.
PAM controls privileged accounts and sessions.
SSO reduces login friction but must be strongly protected.

Incident response

Prepare before incidents with roles, tools, contacts, and playbooks.
Detect and analyze alerts, logs, and indicators.
Contain, eradicate, and recover.
Lessons learned improves controls and response plans.

Forensics and logs

Preserve evidence and chain of custody.
Collect volatile evidence first when needed.
SIEM correlates logs from multiple sources.
Time sync matters because logs need accurate timestamps.

5.0 Security Program Management and Oversight

Risk

Risk = likelihood × impact.
Avoid, transfer, mitigate, or accept risk.
Inherent risk exists before controls; residual risk remains after controls.
BIA identifies critical processes and recovery needs.

Governance

Policies state requirements.
Standards define specific mandatory rules.
Procedures give step-by-step instructions.
Guidelines are recommended best practices.

Third-party and compliance

Vendor risk reviews check data access, controls, contracts, and security history.
SLA defines service expectations; MOU/MOA documents agreement; BPA sets purchasing terms.
Audits and assessments verify controls are working.
Privacy programs govern collection, processing, retention, and disclosure.

1 / 10

A+ Easy

Session Complete

0%

Performance by Topic

Question Review

Saved Questions

Bookmarked for review. Click any question to practice it.

← Back

Flashcards

Click a card to flip it. Rate yourself to track what you know.

Card 1 of 0

Term

Loading...

Tap to reveal answer

Definition

—

Still Learning: 0 Almost: 0 Got It: 0

← Back

Cheat Sheet

The most-tested facts — ports, OSI model, acronyms, and key tables.

Ports & Protocols — Memorize Every One

OSI Model

7

Application

HTTP DNS FTP

6

Presentation

TLS JPEG

5

Session

NetBIOS RPC

4

Transport

TCP UDP

3

Network

IP OSPF BGP

2

Data Link

Ethernet MAC

1

Physical

Cables Bits

Bottom→Top mnemonic: "Please Do Not Throw Sausage Pizza Away" — Physical, Data Link, Network, Transport, Session, Presentation, Application.

Security Acronyms

CIAConfidentiality, Integrity, Availability

AAAAuthentication, Authorization, Accounting

MFAMulti-Factor Authentication

PKIPublic Key Infrastructure

SIEMSecurity Info & Event Management

SOARSecurity Orchestration, Automation & Response

EDREndpoint Detection & Response

CASBCloud Access Security Broker

DLPData Loss Prevention

RBACRole-Based Access Control

PAMPrivileged Access Management

RTORecovery Time Objective

RPORecovery Point Objective

APTAdvanced Persistent Threat

IoCIndicator of Compromise

CVSSCommon Vulnerability Scoring System

DMZDemilitarized Zone (Screened Subnet)

MTTRMean Time To Repair

MTBFMean Time Between Failures

BECBusiness Email Compromise

RAID Quick Reference

RAID 0 — Striping

100% capacity. No redundancy. Fastest. Single failure = total loss.

RAID 1 — Mirroring

50% capacity. 1 drive fault tolerance. Read-fast.

RAID 5 — Stripe+Parity

(N-1) capacity. 1 drive fault tolerance. Good balance.

RAID 6 — Dual Parity

(N-2) capacity. 2 drive fault tolerance.

RAID 10 — Stripe+Mirror

50% capacity. Performance + redundancy. Min 4 drives.

My Stats

Full performance breakdown across all three certifications.

Study Streak

0

days

Achievement

🎯 Beginner

Answer your first question to begin.

By Certification

By Difficulty