cerf

Content domains

The 5 domains of N10-009, with every task statement and its objectives from the official guide. Study a whole domain, or drill a single task.

1Networking Concepts

23% of examStudy domain
1.1Explain concepts related to the Open Systems Interconnection (OSI) reference model>

Knowledge of

  • Layer 1 - Physical
  • Layer 2 - Data link
  • Layer 3 - Network
  • Layer 4 - Transport
  • Layer 5 - Session
  • Layer 6 - Presentation
  • Layer 7 - Application
1.2Compare and contrast networking appliances, applications, and functions>

Knowledge of

  • Physical and virtual appliances (router, switch, firewall, intrusion detection system (IDS)/intrusion prevention system (IPS), load balancer, proxy, network-attached storage (NAS), storage area network (SAN), wireless access point (AP) and controller)
  • Applications (content delivery network (CDN))
  • Functions (virtual private network (VPN), quality of service (QoS), time to live (TTL))
1.3Summarize cloud concepts and connectivity options>

Knowledge of

  • Network functions virtualization (NFV)
  • Virtual private cloud (VPC)
  • Network security groups
  • Network security lists
  • Cloud gateways (internet gateway, network address translation (NAT) gateway)
  • Cloud connectivity options (VPN, Direct Connect)
  • Deployment models (public, private, hybrid)
  • Service models (software as a service (SaaS), infrastructure as a service (IaaS), platform as a service (PaaS))
  • Scalability
  • Elasticity
  • Multitenancy
1.4Explain common networking ports, protocols, services, and traffic types>

Knowledge of

  • File Transfer Protocol (FTP): ports 20/21
  • Secure File Transfer Protocol (SFTP): port 22
  • Secure Shell (SSH): port 22
  • Telnet: port 23
  • Simple Mail Transfer Protocol (SMTP): port 25
  • Domain Name System (DNS): port 53
  • Dynamic Host Configuration Protocol (DHCP): ports 67/68
  • Trivial File Transfer Protocol (TFTP): port 69
  • Hypertext Transfer Protocol (HTTP): port 80
  • Network Time Protocol (NTP): port 123
  • Simple Network Management Protocol (SNMP): ports 161/162
  • Lightweight Directory Access Protocol (LDAP): port 389
  • Hypertext Transfer Protocol Secure (HTTPS): port 443
  • Server Message Block (SMB): port 445
  • Syslog: port 514
  • Simple Mail Transfer Protocol Secure (SMTPS): port 587
  • Lightweight Directory Access Protocol over SSL (LDAPS): port 636
  • Structured Query Language (SQL) Server: port 1433
  • Remote Desktop Protocol (RDP): port 3389
  • Session Initiation Protocol (SIP): ports 5060/5061
  • Internet Protocol (IP) types (Internet Control Message Protocol (ICMP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Generic Routing Encapsulation (GRE), Internet Protocol Security (IPSec) with Authentication Header (AH), Encapsulating Security Payload (ESP), and Internet Key Exchange (IKE))
  • Traffic types (unicast, multicast, anycast, broadcast)
1.5Compare and contrast transmission media and transceivers>

Knowledge of

  • Wireless (802.11 standards, cellular, satellite)
  • Wired (802.3 standards, single-mode vs. multimode fiber, direct attach copper (DAC) cable including twinaxial cable, coaxial cable, cable speeds, plenum vs. non-plenum cable)
  • Transceivers: protocol (Ethernet, Fibre Channel (FC)) and form factors (small form-factor pluggable (SFP), quad small form-factor pluggable (QSFP))
  • Connector types (subscriber connector (SC), local connector (LC), straight tip (ST), multi-fiber push on (MPO), registered jack (RJ)11, RJ45, F-type, Bayonet Neill-Concelman (BNC))
1.6Compare and contrast network topologies, architectures, and types>

Knowledge of

  • Mesh
  • Hybrid
  • Star/hub and spoke
  • Spine and leaf
  • Point to point
  • Three-tier hierarchical model (core, distribution, access)
  • Collapsed core
  • Traffic flows (north-south, east-west)
1.7Given a scenario, use appropriate IPv4 network addressing>

Knowledge of

  • Public vs. private (Automatic Private IP Addressing (APIPA), RFC1918, loopback/localhost)
  • Subnetting (Variable Length Subnet Mask (VLSM), Classless Inter-domain Routing (CIDR))
  • IPv4 address classes (Class A, Class B, Class C, Class D, Class E)
1.8Summarize evolving use cases for modern network environments>

Knowledge of

  • Software-defined network (SDN) and software-defined wide area network (SD-WAN) (application aware, zero-touch provisioning, transport agnostic, central policy management)
  • Virtual Extensible Local Area Network (VXLAN) (data center interconnect (DCI), layer 2 encapsulation)
  • Zero trust architecture (ZTA) (policy-based authentication, authorization, least privilege access)
  • Secure Access Secure Edge (SASE)/Security Service Edge (SSE)
  • Infrastructure as code (IaC): automation (playbooks/templates/reusable tasks, configuration drift/compliance, upgrades, dynamic inventories) and source control (version control, central repository, conflict identification, branching)
  • IPv6 addressing (mitigating address exhaustion; compatibility requirements: tunneling, dual stack, NAT64)

2Network Implementation

20% of examStudy domain
2.1Explain characteristics of routing technologies>

Knowledge of

  • Static routing
  • Dynamic routing (Border Gateway Protocol (BGP), Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF))
  • Route selection (administrative distance, prefix length, metric)
  • Address translation (NAT, port address translation (PAT))
  • First Hop Redundancy Protocol (FHRP)
  • Virtual IP (VIP)
  • Subinterfaces
2.2Given a scenario, configure switching technologies and features>

Knowledge of

  • Virtual Local Area Network (VLAN) (VLAN database, Switch Virtual Interface (SVI))
  • Interface configuration (native VLAN, voice VLAN, 802.1Q tagging, link aggregation, speed, duplex)
  • Spanning tree
  • Maximum transmission unit (MTU) (jumbo frames)
2.3Given a scenario, select and configure wireless devices and technologies>

Knowledge of

  • Channels (channel width, non-overlapping channels, regulatory impacts including 802.11h)
  • Frequency options (2.4GHz, 5GHz, 6GHz, band steering)
  • Service set identifier (SSID) (basic service set identifier (BSSID), extended service set identifier (ESSID))
  • Network types (mesh networks, ad hoc, point to point, infrastructure)
  • Encryption (Wi-Fi Protected Access 2 (WPA2), WPA3)
  • Guest networks (captive portals)
  • Authentication (pre-shared key (PSK) vs. Enterprise)
  • Antennas (omnidirectional vs. directional)
  • Autonomous vs. lightweight access point
2.4Explain important factors of physical installations>

Knowledge of

  • Important installation implications: locations (intermediate distribution frame (IDF), main distribution frame (MDF)), rack size, port-side exhaust/intake, cabling (patch panel, fiber distribution panel), lockable
  • Power (uninterruptible power supply (UPS), power distribution unit (PDU), power load, voltage)
  • Environmental factors (humidity, fire suppression, temperature)

3Network Operations

19% of examStudy domain
3.1Explain the purpose of organizational processes and procedures>

Knowledge of

  • Documentation: physical vs. logical diagrams, rack diagrams, cable maps and diagrams, network diagrams (layer 1, layer 2, layer 3), asset inventory (hardware, software, licensing, warranty support), IP address management (IPAM), service-level agreement (SLA), wireless survey/heat map
  • Life-cycle management: end-of-life (EOL), end-of-support (EOS), software management (patches and bug fixes, operating system (OS), firmware), decommissioning
  • Change management (request process tracking/service request)
  • Configuration management (production configuration, backup configuration, baseline/golden configuration)
3.2Given a scenario, use network monitoring technologies>

Knowledge of

  • Methods: SNMP (traps, management information base (MIB), versions v2c and v3, community strings, authentication), flow data, packet capture, baseline metrics (anomaly alerting/notification), log aggregation (syslog collector, security information and event management (SIEM)), application programming interface (API) integration, port mirroring
  • Solutions: network discovery (ad hoc, scheduled), traffic analysis, performance monitoring, availability monitoring, configuration monitoring
3.3Explain disaster recovery (DR) concepts>

Knowledge of

  • DR metrics (recovery point objective (RPO), recovery time objective (RTO), mean time to repair (MTTR), mean time between failures (MTBF))
  • DR sites (cold site, warm site, hot site)
  • High-availability approaches (active-active, active-passive)
  • Testing (tabletop exercises, validation tests)
3.4Given a scenario, implement IPv4 and IPv6 network services>

Knowledge of

  • Dynamic addressing: DHCP (reservations, scope, lease time, options, relay/IP helper, exclusions), stateless address autoconfiguration (SLAAC)
  • Name resolution: DNS (Domain Name Security Extensions (DNSSEC); DNS over HTTPS (DoH) and DNS over TLS (DoT); record types: address (A), AAAA, canonical name (CNAME), mail exchange (MX), text (TXT), nameserver (NS), pointer (PTR); zone types: forward, reverse; authoritative vs. non-authoritative; primary vs. secondary; recursive), hosts file
  • Time protocols (NTP, Precision Time Protocol (PTP), Network Time Security (NTS))
3.5Compare and contrast network access and management methods>

Knowledge of

  • Site-to-site VPN
  • Client-to-site VPN (clientless, split tunnel vs. full tunnel)
  • Connection methods (SSH, graphical user interface (GUI), API, console)
  • Jump box/host
  • In-band vs. out-of-band management

4Network Security

14% of examStudy domain
4.1Explain the importance of basic network security concepts>

Knowledge of

  • Logical security: encryption (data in transit, data at rest); certificates (public key infrastructure (PKI), self-signed); identity and access management (IAM) with authentication (multifactor authentication (MFA), single sign-on (SSO), Remote Authentication Dial-in User Service (RADIUS), LDAP, Security Assertion Markup Language (SAML), Terminal Access Controller Access Control System Plus (TACACS+), time-based authentication) and authorization (least privilege, role-based access control); geofencing
  • Physical security (camera, locks)
  • Deception technologies (honeypot, honeynet)
  • Common security terminology (risk, vulnerability, exploit, threat, Confidentiality, Integrity, and Availability (CIA) triad)
  • Audits and regulatory compliance (data locality, Payment Card Industry Data Security Standards (PCI DSS), General Data Protection Regulation (GDPR))
  • Network segmentation enforcement (Internet of Things (IoT) and Industrial Internet of Things (IIoT); supervisory control and data acquisition (SCADA), industrial control system (ICS), operational technology (OT); guest; bring your own device (BYOD))
4.2Summarize various types of attacks and their impact to the network>

Knowledge of

  • Denial-of-service (DoS)/distributed denial-of-service (DDoS)
  • VLAN hopping
  • Media Access Control (MAC) flooding
  • Address Resolution Protocol (ARP) poisoning
  • ARP spoofing
  • DNS poisoning
  • DNS spoofing
  • Rogue devices and services (DHCP, AP)
  • Evil twin
  • On-path attack
  • Social engineering (phishing, dumpster diving, shoulder surfing, tailgating)
  • Malware
4.3Given a scenario, apply network security features, defense techniques, and solutions>

Knowledge of

  • Device hardening (disable unused ports and services, change default passwords)
  • Network access control (NAC) (port security, 802.1X, MAC filtering)
  • Key management
  • Security rules (access control list (ACL), Uniform Resource Locator (URL) filtering, content filtering)
  • Zones (trusted vs. untrusted, screened subnet)

5Network Troubleshooting

24% of examStudy domain
5.1Explain the troubleshooting methodology>

Knowledge of

  • Identify the problem (gather information, question users, identify symptoms, determine if anything has changed, duplicate the problem if possible, approach multiple problems individually)
  • Establish a theory of probable cause (question the obvious; consider multiple approaches: top-to-bottom/bottom-to-top OSI model, divide and conquer)
  • Test the theory to determine the cause (if theory is confirmed, determine next steps to resolve problem; if theory is not confirmed, establish a new theory or escalate)
  • Establish a plan of action to resolve the problem and identify potential effects
  • Implement the solution or escalate as necessary
  • Verify full system functionality and implement preventive measures if applicable
  • Document findings, actions, outcomes, and lessons learned throughout the process
5.2Given a scenario, troubleshoot common cabling and physical interface issues>

Knowledge of

  • Cable issues: incorrect cable (single mode vs. multimode; Category 5/6/7/8; shielded twisted pair (STP) vs. unshielded twisted pair (UTP)), signal degradation (crosstalk, interference, attenuation), improper termination, transmitter (TX)/receiver (RX) transposed
  • Interface issues: increasing interface counters (cyclic redundancy check (CRC), runts, giants, drops), port status (error disabled, administratively down, suspended)
  • Hardware issues: Power over Ethernet (PoE) (power budget exceeded, incorrect standard), transceivers (mismatch, signal strength)
5.3Given a scenario, troubleshoot common issues with network services>

Knowledge of

  • Switching issues: STP (network loops, root bridge selection, port roles, port states), incorrect VLAN assignment, ACLs
  • Route selection (routing table, default routes)
  • Address pool exhaustion
  • Incorrect default gateway
  • Incorrect IP address (duplicate IP address)
  • Incorrect subnet mask
5.4Given a scenario, troubleshoot common performance issues>

Knowledge of

  • Congestion/contention
  • Bottlenecking
  • Bandwidth (throughput capacity)
  • Latency
  • Packet loss
  • Jitter
  • Wireless (interference including channel overlap, signal degradation or loss, insufficient wireless coverage, client disassociation issues, roaming misconfiguration)
5.5Given a scenario, use the appropriate tool or protocol to solve networking issues>

Knowledge of

  • Software tools: protocol analyzer, command line (ping, traceroute/tracert, nslookup, tcpdump, dig, netstat, ip/ifconfig/ipconfig, arp), Nmap, Link Layer Discovery Protocol (LLDP)/Cisco Discovery Protocol (CDP), speed tester
  • Hardware tools (toner, cable tester, taps, Wi-Fi analyzer, visual fault locator)
  • Basic networking device commands (show mac-address-table, show route, show interface, show config, show arp, show vlan, show power)