N10-009 Network Operations Study Guide for the CompTIA Network+

General Information

This is study material for the CompTIA Network+ N10-009 exam, which replaced the old Network+ N10-008 exam as of December 20, 2024. Be sure you are studying for the right test.

Questions concerning network operations make up nearly one-fifth of the CompTIA Network+ N10-009 exam. About 40% of these questions begin with a scenario, so you must also apply your network operations skills.

Organizational Processes and Procedures

Organizational documents and policies are designed to provide established guidelines for organizational processes and procedures. These organizational policies vary between organizations depending on their specific needs and applicable regulations. You must be able to explain the purpose of common documents and the process and procedure types.

Documentation

The documentation of a network is vast and includes all aspects, from its physical design to specific logical networking processes. Documentation is designed to provide insight into a network and can be used for optimization, replication, and troubleshooting. While each organization may differ in documentation requirements and inclusion, there is documentation that is common in most networking environments.

Physical vs. Logical Diagrams

A physical network diagram is a document that depicts the physical aspects of a network and generally includes the physical locations of devices and how those devices are connected. Network diagrams often use standardized iconography for networking devices, which allows other network engineers to understand the diagrams. Here is an example:

Retrieved from: https://commons.wikimedia.org/wiki/File:LAN-physicalTopology.png

A logical network diagram depicts how data flows through a network and generally includes information such as addressing schemes, protocols, configurations, access control lists (ACLs), and firewalls. Here is an example:

Retrieved from: https://commons.wikimedia.org/wiki/File:DHS_Network_Topology.jpg

Rack Diagrams

A rack is a physical container for networking components, such as switches and hubs. A rack diagram depicts what devices are contained within the rack and the specific location of each individual device. Here is an example:

Retrieved from: https://en.m.wikipedia.org/wiki/File:Simplified_scale_model_of_the_quantum_computing_demonstrator_housed_in_two_19-inch_racks_with_major_components_labeled.png

Cable Maps and Diagrams

A cable map or wiring diagram shows how wiring connects between devices and may include cabling types, input and output locations, and port connection points. This is an example:

Retrieved from: https://en.m.wikipedia.org/wiki/File:PC-PowerSupply-Principle-Circuit.svg

Network Diagrams

In the field of networking, network diagrams primarily focus on the first three layers of the Open Systems Intercommunication (OSI) model. Proper documentation of both physical and logical connections at these layers is vital when troubleshooting network connectivity issues.

Layer 1

A diagram of Layer 1, or the physical layer, depicts the physical connections between devices in the network, including cable types, device locations, and port connections.

Retrieved from: https://commons.wikimedia.org/wiki/File:FTTE_Diagram.svg

Layer 2

A diagram of Layer 2, or the data link layer, is a logical diagram that shows how data flows through the physical links and switches of the network, including where virtual local area networks (VLANs) are located.

Retrieved from: https://commons.wikimedia.org/wiki/File:Privat-VLAN.drawio.png

Layer 3

A diagram of Layer 3, or the network layer, is a logical diagram that depicts how data is routed through the network, including firewalls, load balancers, routers, and IP addresses.

Retrieved from: https://commons.wikimedia.org/wiki/File:Network_diagram_(example).svg

Asset Inventory

In networking, an asset inventory is the process of cataloging, tracking, and managing all network assets, including hardware and software assets. An asset inventory may include details such as the current value and location of the asset, as well as information pertaining to licensing and warranties associated with the asset.

Hardware

A hardware asset is a physical asset such as routers, switches, servers, and mobile devices. Hardware asset inventory may include information such as the type, serial number, current condition, and location of the hardware asset. It may employ the use of asset management tracking and identification tools such as asset tags.

Software

A software asset is any software used on the network, such as operating systems (OSs), software management products, applications, or software security tools. Software asset inventories may include information such as the name, version, usage, and installation locations of the software asset.

Licensing

A license is a form of authorization for asset usage and defines parameters such as who, how, and where the asset may be used. A license inventory tracks network licenses and may include information such as type, duration, quantity, devices, or authorized license users.

Warranty Support

Warranty support refers to the duration of the vendor support period during which identified problems with the covered entity are fixed by the vendor. Similar to licensing inventory, managing warranties through inventory management techniques involves maintaining records of what is under warranty, through what vendor, and the coverage duration.

IP Address Management (IPAM)

IPAM is software that is used in the management of IP addresses by integrating Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) management to track IP address usage and assignment. IPAM provides visibility into IP usage and allows for simplified scalability.

Service-Level Agreement (SLA)

An SLA is an agreement between two parties, the service provider and the client, that defines the amount of time allowed for the service provider to respond to service issue complaints from the client. SLAs may also include specifics on minimum security requirements, warranties, and the responsibilities of the client and the provider.

Wireless Survey/Heat Map

A wireless survey or site survey is the process of evaluating a physical site to ascertain the scope of an existing wireless network. A site survey report details the results of a site survey and can be used to identify weak points in the WLAN, as well as redundancies in coverage. A site survey report may include current coverage areas, signal strength, and access point (AP) locations.

A heat map is a visual representation of wireless signal distribution, including strength, coverage, and possible interference in a specific area, such as the floor of a building. Heat maps are commonly color-coded and can be used to identify weak coverage areas. Properly distributed wireless coverage on a heat map should show coverage dispersed as evenly as possible throughout the space, with the APs as centrally located as possible and placed away from exterior walls, minimizing signal leak outside of the space.

Life-Cycle Management

The life cycle of a system is its lifespan from acquisition through implementation, maintenance, and decommissioning. Life-cycle management outlines this process and often includes best practices for the safe removal of data from a system, as well as disposal procedures for physical components.

End-of-Life (EOL)

EOL in the life cycle of a device or product refers to when the vendor no longer sells the product. When a product is nearing EOL, the replacement process should begin, either with an updated version or a product with similar functionality. The process will ideally be completed prior to EOS.

End-of-Support (EOS)

EOS refers to the time when the vendor no longer supports a product through updates and patches. When a product reaches EOS, it becomes highly vulnerable to exploitation. While EOL and EOS can be on the same day, most commonly, EOS comes after EOL, allowing users of the product to continue safely using the product during the replacement process.

Software Management

Software management is the process of identifying, tracking, and updating software to ensure a secure software environment. Software management includes identifying and installing patches, bug fixes, and updates to affected systems in a timely manner to minimize exposure.

Patches and Bug Fixes

A patch is used to install changes to a system or software and can be used for updates, bug fixes, or to remedy an identified problem or vulnerability. Patch management is the process of ensuring that all updates required by network resources are installed properly, efficiently, and securely. Patches can be applied to applications, OSs, and drivers, and they are designed to increase the efficiency and security of the patched device or system. Patches can, however, produce problems when installed. Part of the patch management process is ensuring that a rollback plan is available. This allows the problematic patch to be removed and the device or system to be restored to the previous state.

Operating System (OS)

The OS is the platform on which a device runs and, like software and firmware, requires proper patch management to maintain optimum security and functionality.

Firmware

Firmware is the software embedded into hardware that provides hardware functionality and communication abilities. It can also be managed by installing patches and updates.

Decommissioning

Decommissioning is the process through which a device, software, or system is removed from use. It includes sanitization and, commonly, asset disposal. Sanitization is the process of removing (sanitizing) all data from a device or drive. Asset disposal is a physical security measure designed to securely end the life cycle of an asset, either through physical disposal, repurposing, recycling, or destruction.

Change Management

Change management is the process of controlling how changes are made within an organization. A change management plan contains specific procedures to follow when a change occurs. Change management plans often contain procedures that specify when, where, why, and how a change will occur, as well as who will be affected. Change management plans also include procedures in case of change failure, which is an unintentional or unexpected negative effect resulting from implementation of the change.

Request Process Tracking/Service Request

The change management process is composed of multiple steps that should be properly documented and followed for a smooth change to occur. First, the reason why the change is needed should be documented, followed by a formal request for change. The change request should include all pertinent data regarding the change, including the exact steps for implementation, a rollback plan, and a potential impact plan. After the request is submitted, the change can be either approved or denied based on the submitted plan.

Configuration Management

Configuration Management is the process of monitoring network devices to ensure the configured settings are properly maintained, updated, and controlled to meet baseline configuration metrics. Configuration management includes not only the maintenance of baseline configurations but also the ability to restore to a backup configuration if necessary.

Production Configuration

Production configuration is required to optimize business usage in a live environment. Production configurations must balance security and availability for optimal performance.

Backup Configuration

A backup configuration is a copy of network configurations that is stored completely separate from the network and can be used to restore configurations if required.

Baseline/Golden Configuration

A baseline or golden configuration document contains the standard performance levels for networking devices and their components. These baseline configurations can then be used as a comparison point to identify potential issues in the network.

Network Monitoring Technologies

When a network has been planned and implemented, there are important concepts to know about the monitoring of daily operations. The questions about network monitoring on the CompTIA Network+ N10-009 exam occupy about 16% of the test and are based on scenarios. Be sure you can apply what you know about operation monitoring methods and technology.

Methods

Once a network has been established, the priority is keeping it performing its duties in the most seamless and uninterrupted way possible. Various methods can be used to monitor network performance.

Simple Network Management Protocol (SNMP)

SNMP is a network monitoring tool that collects data via ports 161 and 162 for network performance analysis. At predetermined or random intervals SNMP sends signals to network devices requesting information. This data is analyzed, and a performance baseline is identified and stored in a management information base, which is then used to identify anomalies in the network.

Traps

An SNMP trap is an unsolicited message sent from an end device to the SNMP network management station (NMS) when an aberration is identified. The trap is triggered based on preset events or conditions.

Management Information Base (MIB)

An MIB stores object identifier (OID) information based on a hierarchical structure. An OID is a standardized naming identifier for objects, concepts, or parts with globally consistent persistent names. In SNMP, the OID is used to identify unique network devices and their statuses.

Retrieved from: https://commons.wikimedia.org/wiki/File:SNMP_OID_MIB_Tree.png

Versions

There are three versions of SNMP: SNMPv1, SNMPv2c, and SNMPv3. Each subsequent version provides higher functionality and security.

v1—SNMPv1 is the original version and is not encrypted, only supports 32-bit counters, and sends community strings in plaintext.

v2c—SNMPv2c has similar functionality to SNMPv1, but with the added ability to support 64-bit counters. While SNMPv2c has increased functionality with simplified MIB structure elements and more commands, it is not encrypted and should only be used on an internal network. Note: There are three versions of SNMPv2, but SNMPv2c is the version most commonly referred to when speaking of SNMPv2.

v3—SNMPv3 introduced increased authentication capabilities by adding SNMP View, SNMP Groups, and SNMP Users. SNMP View allows for the limiting of access by user or groups, SNMP Groups is used to define access type (either read/write or read-only), and SNMP User defines the level of access allowed. Encryption was also added in SNMPv3.

Community Strings

A community string, also known as a community name, is an authentication method used by SNMPv1 and SNMPv2 that creates a shared passphrase for access to the management system. Community strings are transmitted in plaintext and are highly insecure.

Authentication

SNMP authentication is used to secure network devices by only allowing access after authentication. SNMPv1 and SNMPv2 use community strings for authentication, which is not highly secure but is more secure than having no authentication. SNMPv3 increased security by introducing a user-based authentication and encryption, which can also be used in conjunction with ACLs.

Flow Data

Flow data refers to a unidirectional sequence of packets that capture communications between systems and devices. Flow data includes the interface in which the data is coming into the network, the source and destination IP address, the IP protocol, the source and destination port, and the IP service type. NetFlow is a commonly used tool for capturing flow data.

Packet Capture

A packet capture is a tool used to intercept and record network traffic as it traverses a network, which can then be used for in-depth analysis of individual packets. A packet capture provides a granular view of a packet, which captures every part of a packet, unlike flow data, which is a summarized view of packets. Wireshark is a commonly used packet capture tool.

Baseline Metrics

A baseline is a standard performance level of a device or network. Baselines can be established by analyzing standard network operations, such as CPU usage, network traffic flow, and bandwidth usage. Baselines are used to identify abnormalities in the network or network devices.

Anomaly Alerting/Notification

Network monitoring tools also offer alerts or notifications of detected anomalies in a network. Anomaly alerting and notification settings can be fine-tuned to meet the needs of the network and to reduce the amount of false positives received, reducing alert fatigue.

Log Aggregation

Network devices are preprogrammed to record certain types of data in various logs. These logs can be used to evaluate the health of a networking device through log aggregation. Logs may also be configured with limited space size, filled log behavior, and log saving for viewing later.

Syslog Collector

A syslog collector (or simply syslog) is a server that collects messages sent from connected network devices, such as routers and switches. The syslog collector can also be configured to timestamp and sequence messages to provide a simplified method of sorting, searching, and displaying messages. Syslog messages are typically formatted in the following order: sequence number, timestamp, facility, severity, mnemonic (text identifier describing the message), and description (detailed event information).

Security Information and Event Management (SIEM)

A SIEM system is software, hardware, or services that integrate multiple security technologies into a single interface. Data aggregation and correlation, event alerting, compliance data, forensic analysis, data retention, and centralized dashboards are common services available in a SIEM system.

Application Programming Interface (API) Integration

The API is the portion of a device or system that interacts with the network, web browsers, or databases to execute commands and complete other functions. API integration is the process of creating connections and communications between different APIs for the seamless exchange of data.

Port Mirroring

Port mirroring is used to relay copies of network packets sent to a specified port (the source port) to an additional specified port of the destination port. Port mirroring is used to analyze and monitor network packets without interfering with the flow of network traffic. During port configuration, a destination port, called a Switch Port Analyzer (SPAN) port, is typically reserved for port mirroring.

Solutions

A large component of the network monitoring process involves knowing how to use various solutions, including sensors, software, and performance statistics, to evaluate the network’s health. You should be able to identify, implement, and evaluate the appropriate solutions when given a specific scenario.

Network Discovery

Network topologies are fluid and can change over time. Network discovery is the process of identifying all devices and systems connected to a network and determining how they are related to and communicate with one another. There are two primary methods for network discovery: ad hoc and scheduled.

Ad Hoc

Ad hoc network discovery is a one-time scan that is initiated on demand. This means the scan is not triggered automatically but has to be manually initiated.

Scheduled

A scheduled network discovery scan is automated on a set schedule and can be triggered to send an alert if an anomaly is discovered or a new device is connected to the network.

Traffic Analysis

Traffic analysis uses captured traffic data, such as packet captures, traffic logs, and traffic data flows, to evaluate performance issues and identify root causes. Traffic analysis can also identify which entities or devices create the most traffic, as well as what type of traffic is traversing the network, some of which might indicate malware in the network.

Performance Monitoring

Performance monitoring uses network metrics to identify the health of a network. Some areas that are used for performance monitoring include bandwidth usage, jitter, and latency. Bandwidth usage identifies how many available frequencies are in use. Jitter refers to the inconsistent flow of data through a network. Latency is a metric used to identify the amount of time delay that occurs during network data processing. The lower the latency, the less delay a network usually experiences.

Availability Monitoring

Availability monitoring is the process of monitoring the uptime/downtime (availability) of a network. Uptime refers to the percentage of time a network is accessible and functioning for the end user, while downtime is the amount of time it is inaccessible. Uptime percentages use the “-nine” terminology to identify how reliable a network is. For example, if a network has five-nine uptime, it is available 99.999% of the time.

Configuration Monitoring

Configuration monitoring is the process of checking settings and configurations on network devices to ensure that compliance is maintained.