Reinforce N10-009 concepts with active-recall study cards covering all 5 blueprint domains. Each card shows the question on the front and the correct answer with a full explanation on the back.
Flashcards work through active recall — the process of retrieving information from memory rather than passively re-reading it. Research consistently shows that active recall produces stronger, longer-lasting memory than re-reading study guides. For N10-009 preparation, this means flashcards are one of the highest-return study tools available.
Attempt recall first
Read the N10-009 question on each card, pause, and attempt to formulate the answer in your own words before revealing. This retrieval attempt — even if wrong — dramatically strengthens memory compared to immediately reading the answer.
Review wrong cards again
When you get a card wrong, note it and add it back to your review pile. Spaced repetition — seeing difficult cards more frequently — is the mechanism that makes flashcard study far more efficient than linear reading.
Study by domain
Group your N10-009 flashcard sessions by domain for the first 3–4 weeks. Master one domain before moving to the next. In the final week, shuffle all cards together to test cross-domain recall — which is what the real N10-009 exam requires.
Short sessions beat marathon reviews
20–30 flashcard cards per session, done daily, produces better retention than a single 200-card marathon session. Five short daily sessions per week over 4 weeks gives you over 400 total card reviews — enough to reliably pass N10-009.
Sample cards from the N10-009 flashcard bank. Read the question, think of the answer, then read the explanation below.
A network administrator is troubleshooting a connectivity issue and suspects the problem is related to the physical cabling. At which layer of the OSI model should the administrator begin their investigation?
Physical layer
The Physical layer (Layer 1) is the correct starting point because the administrator suspects the problem is related to physical cabling. The Physical layer defines the electrical, mechanical, and procedural specifications for transmitting raw bits over a physical medium, such as copper or fiber optic cables. Troubleshooting at this layer involves checking for cable faults, signal degradation, or improper termination before moving up the OSI stack.
A network engineer needs to segment a single physical switch into multiple broadcast domains to improve security and reduce traffic. Which technology should be implemented?
Virtual LAN (VLAN)
A VLAN (Virtual LAN) segments a physical switch into multiple isolated broadcast domains at Layer 2. By assigning ports to different VLANs, broadcast traffic is confined to each VLAN, improving security and reducing unnecessary traffic. This directly meets the requirement without requiring additional hardware.
A network operations center uses SNMP to monitor device health. An administrator needs to retrieve the current CPU utilization from a router. Which SNMP operation is most appropriate?
GET
The SNMP GET operation is used by an NMS (Network Management System) to actively request a specific variable from a managed device, such as the current CPU utilization from a router's OID. This is a poll-based retrieval, making it the correct choice for an administrator who needs to read a single value on demand.
A security analyst notices that an attacker is sending crafted packets with overlapping IP fragments to a target server, causing the server to crash. Which type of attack is described?
Teardrop attack
This is a Teardrop attack, which exploits a vulnerability in the IP fragmentation reassembly process. The attacker sends a series of fragmented IP packets with intentionally overlapping fragment offsets, causing the target system to miscalculate the size of the reassembled packet, leading to a buffer overflow and system crash. This attack specifically targets the IP stack's handling of fragment offset fields in the IP header.
A user reports intermittent connectivity on a laptop that moves between floors. The signal strength fluctuates. Which tool would best help identify signal interference and dead zones?
Spectrum analyzer
A spectrum analyzer is the correct tool because it visualizes radio frequency (RF) energy across the 2.4 GHz and 5 GHz bands, allowing you to identify sources of interference (e.g., cordless phones, microwave ovens) and locate dead zones where signal strength drops below usable thresholds. Unlike other tools, it directly measures the RF environment rather than relying on logical-layer data.
Which of the following network devices operates primarily at Layer 2 of the OSI model and uses MAC addresses to forward data?
Switch
A switch operates primarily at Layer 2 (Data Link layer) of the OSI model, forwarding frames based on destination MAC addresses. It builds a MAC address table by learning source MAC addresses from incoming frames and uses this table to make forwarding decisions, reducing collision domains and improving network efficiency.
Which of the following is a characteristic of UDP when compared to TCP?
C) UDP has lower overhead due to minimal header
UDP (User Datagram Protocol) has a minimal 8-byte header compared to TCP's 20-byte header, resulting in lower overhead and faster transmission. Unlike TCP, UDP does not provide reliability, flow control, or error recovery, making it ideal for real-time applications like VoIP or video streaming where speed is prioritized over guaranteed delivery.
Which of the following IPv6 addresses is a valid link-local address?
fe80::1
Option A is correct because link-local addresses in IPv6 always start with the prefix fe80::/10, and fe80::1 is a valid example. These addresses are automatically configured on interfaces for local link communication and are not routable beyond the local network segment.
Which of the following security mechanisms requires a user to authenticate before gaining access to the wired network at a switch port?
802.1X
802.1X is a port-based Network Access Control (NAC) standard (IEEE 802.1X) that requires a user or device to authenticate via an authentication server (e.g., RADIUS) before the switch port transitions from an unauthorized to an authorized state, allowing full network access. It uses Extensible Authentication Protocol (EAP) over LAN (EAPoL) to carry authentication messages between the supplicant (client), authenticator (switch), and authentication server. This ensures that only authenticated users can access the wired network at the switch port level.
Which of the following network protocols operates at the Transport layer of the OSI model and provides connection-oriented, reliable data delivery?
TCP
TCP (Transmission Control Protocol) operates at the Transport layer (Layer 4) of the OSI model and provides connection-oriented, reliable data delivery through mechanisms such as three-way handshake, sequence numbers, acknowledgments, and retransmission of lost segments. This ensures that data is delivered in order and without errors, making TCP the correct choice for the question.
Which of the following is a characteristic of a connectionless protocol at the transport layer?
It does not require a virtual circuit
Connectionless protocols at the transport layer, such as UDP (User Datagram Protocol), do not establish a virtual circuit or session before sending data. Each datagram is sent independently without prior coordination, making the protocol stateless and reducing overhead. This characteristic is fundamental to UDP's design, as defined in RFC 768.
A company wants to allow inbound HTTPS traffic to a web server located in the DMZ from the Internet. The firewall has three interfaces: Inside (corporate network), Outside (Internet), and DMZ (web server). Which of the following firewall rules is required?
Allow traffic from Outside to DMZ on port 443
The correct rule is to allow traffic from the Outside (Internet) interface to the DMZ interface on TCP port 443 (HTTPS). This permits inbound web requests to reach the web server while keeping the corporate Inside network isolated. The firewall must explicitly permit this traffic because the default implicit deny rule would otherwise block all inbound connections from the Outside zone.
A network administrator is configuring BGP between two autonomous systems. Which BGP attribute is primarily used to influence inbound traffic to a particular AS?
MED (Multi-Exit Discriminator)
The Multi-Exit Discriminator (MED) is a BGP attribute used to influence inbound traffic from a neighboring AS when multiple entry points exist. A lower MED value is preferred, allowing an AS to advertise to its neighbor which path should be used to reach it, thereby influencing traffic entering the local AS.
A network device receives a frame on one port and forwards it out to all other ports. The device does not examine the destination MAC address. Which type of device is being described?
Hub
A hub operates at Layer 1 (physical layer) of the OSI model and simply repeats incoming electrical or optical signals out all other ports without any processing of the frame's destination MAC address. This behavior matches the description exactly: the device receives a frame on one port and forwards it out all other ports without examining the MAC address.
A network administrator is configuring a monitoring system to collect metrics from network devices. The administrator needs to ensure that the monitoring system can automatically discover the devices and obtain detailed information about their configuration and status, such as interface descriptions and software versions. Which protocol is best suited for this purpose?
SNMP
SNMP (Simple Network Management Protocol) is the correct choice because it is specifically designed for network management and monitoring. It allows a management system to automatically discover devices (via SNMP walks or queries to MIBs) and retrieve detailed configuration and status information, such as interface descriptions and software versions, by reading OIDs from the device's MIB. This matches the requirement for automatic discovery and detailed data collection.
A network administrator is creating a new VLAN that will contain 20 devices. The administrator wants to use the most efficient subnet that provides enough usable IP addresses while minimizing waste. Which of the following subnet masks should be used?
255.255.255.224 (/27)
A /27 subnet mask (255.255.255.224) provides 32 total addresses, of which 30 are usable (2^5 - 2 = 30). This is the most efficient choice for 20 devices because it offers exactly enough usable IPs with minimal waste (only 10 unused addresses), whereas a /28 would provide only 14 usable addresses (insufficient) and a /29 would provide only 6 usable addresses (also insufficient).
A network administrator is implementing a change management process. Which of the following is the PRIMARY benefit of following this process?
It minimizes the impact of changes on network operations and reduces errors
The primary benefit of a change management process is to minimize the impact of changes on network operations and reduce errors. By requiring documented planning, approval, and rollback procedures, change management ensures that modifications are reviewed and tested before implementation, which directly reduces the risk of misconfigurations and unplanned outages.
A network administrator needs to power IP phones and wireless access points through the Ethernet cable. Which standard should be supported?
802.3af
The 802.3af standard, also known as Power over Ethernet (PoE), delivers up to 15.4 watts of DC power over twisted-pair Ethernet cabling. This allows devices like IP phones and wireless access points to receive both data and power through a single Ethernet cable, eliminating the need for separate power supplies.
A network administrator needs to collect detailed data about network traffic flows, including source/destination IP addresses, ports, and protocols, to analyze bandwidth usage patterns. Which technology should be used?
NetFlow
NetFlow is the correct choice because it is specifically designed to collect detailed metadata about network traffic flows, including source and destination IP addresses, ports, protocols, and byte counts. This granular flow-level data enables administrators to analyze bandwidth usage patterns, identify top talkers, and perform capacity planning. Unlike SNMP, which provides aggregate interface statistics, NetFlow exports flow records that contain the exact fields needed for deep traffic analysis.
A network administrator needs to connect 10 workstations in a way that each workstation's traffic does not collide with others. Which device should be used to connect these workstations?
Switch
A switch is the correct device because it operates at Layer 2 of the OSI model, using MAC addresses to forward frames only to the specific destination port. This creates separate collision domains for each connected workstation, ensuring that traffic from one workstation does not collide with traffic from another.
A network administrator needs to ensure that data sent from a host arrives at the correct destination on a different network. Which of the following provides the logical address used for this purpose in IPv4?
IP address
In IPv4, the logical address used to route data between different networks is the IP address. The IP address contains a network portion that routers use to forward packets across network boundaries, ensuring the data reaches the correct destination network and host.
A network administrator wants to centrally collect and analyze event logs from routers, switches, and firewalls. Which protocol is most commonly used for sending log messages from network devices to a central log server?
Syslog
Syslog (RFC 5424) is the standard protocol for sending event messages from network devices like routers, switches, and firewalls to a central log server. It uses UDP port 514 by default and provides a structured format with facility codes and severity levels, enabling centralized collection and analysis of logs. This makes it the most commonly used protocol for this purpose.
A network administrator is configuring an IEEE 802.1Q trunk between two switches. Which of the following must match on both ends for the trunk to function correctly?
The native VLAN ID
For an IEEE 802.1Q trunk to function correctly, the native VLAN ID must match on both ends. The native VLAN is the VLAN that carries untagged traffic across the trunk; if the IDs differ, frames from one switch's native VLAN will be placed into a different VLAN on the other switch, causing traffic misrouting and potential layer 2 loops. This is a fundamental requirement of the 802.1Q standard, and mismatched native VLANs are a common source of trunk failures.
The N10-009 flashcard bank covers all 5 official blueprint domains published by CompTIA. Cards are distributed proportionally, so domains with higher exam weight have more cards.
Domain Coverage
Networking Concepts
Network Implementation
Network Operations
Network Security
Network Troubleshooting
Both flashcards and practice questions are evidence-based study tools. The difference is in what they train:
Flashcards — concept retention
Best for memorising definitions, acronyms, protocol behaviours, command syntax, and conceptual distinctions. Use flashcards to build the foundational vocabulary that N10-009 questions assume you know.
Best in: weeks 1–3
Practice tests — application
Best for applying concepts to realistic scenarios, eliminating distractors, and building exam stamina.N10-009 questions test scenario reasoning — not just recall — so practice tests are essential.
Best in: weeks 3–6
The most effective N10-009 study plan combines both: use flashcards for the first 2–3 weeks to build conceptual foundations, then shift to practice tests and mock exams in the final 2–3 weeks to apply and benchmark that knowledge. Most candidates who pass on their first attempt use both tools.
Yes. Courseiva provides free N10-009 flashcards across all official exam domains. Every card includes the correct answer and a full explanation of why it is right and why the distractors are wrong. The platform also includes topic-based practice, mock exams, and readiness tracking — no account required.
Courseiva has 520+ original N10-009 flashcards across all 5 exam blueprint domains. New cards are added regularly as the question bank grows. All cards are written by certified engineers against the official CompTIA exam objectives.
Courseiva flashcards are purpose-built for IT certification exams. Unlike generic flashcard platforms where content quality varies, every Courseiva card is mapped to the official N10-009 exam blueprint, written by engineers who hold the certification, and includes a full explanation of the correct answer and why the distractors are wrong. This explanation quality is what separates genuine learning from rote memorisation.
Courseiva is a web platform — an internet connection is required. For offline study, we recommend creating free Courseiva account, using the platform in your browser, and using your device's offline capabilities if your browser supports offline web apps.
Save your results, see which domains need more work, and get spaced repetition recommendations — all free.
Sign Up FreeFree forever · Every certification included