Port and protocol knowledge is one of the most heavily tested areas on CompTIA Network+ N10-009. Expect 8–12 questions that require you to identify port numbers, their associated protocols, whether they use TCP or UDP, and which are secure vs. insecure. Firewall rule questions, troubleshooting 'which port to open' scenarios, and security questions about replacing insecure protocols all rely on this knowledge.
Practice this topic
Ports 0–1023 are 'well-known' ports assigned by IANA. The Network+ exam expects you to know these from memory. FTP Data: TCP 20. FTP Control: TCP 21. SSH: TCP 22. Telnet: TCP 23. SMTP: TCP 25. DNS: TCP/UDP 53. DHCP Server: UDP 67. DHCP Client: UDP 68. TFTP: UDP 69. HTTP: TCP 80. POP3: TCP 110. NTP: UDP 123. NetBIOS: TCP/UDP 137-139. IMAP: TCP 143. SNMP: UDP 161. SNMP Trap: UDP 162. LDAP: TCP 389. HTTPS: TCP 443. SMB: TCP 445. SMTP (TLS): TCP 587. LDAPS: TCP 636. IMAP (SSL): TCP 993. POP3 (SSL): TCP 995. RDP: TCP 3389. MySQL: TCP 3306. RDP: TCP 3389. SIP: TCP/UDP 5060.
Remember the pattern: secure versions of protocols use different port numbers. HTTP→HTTPS (80→443), LDAP→LDAPS (389→636), IMAP→IMAPS (143→993), POP3→POP3S (110→995). Replacing Telnet (23) with SSH (22) and FTP (21) with SFTP (22) or FTPS are common security questions.
Knowing which protocol uses TCP vs UDP is essential. TCP (reliable, connection-oriented): FTP, SSH, Telnet, SMTP, HTTP, HTTPS, POP3, IMAP, LDAP, SMB, RDP. UDP (fast, connectionless): DHCP, DNS (queries), TFTP, SNMP, NTP, RADIUS, Syslog. Some protocols use both: DNS (UDP for queries, TCP for zone transfers and large responses), SNMP.
The exam tests UDP vs TCP when asking 'which protocol does not guarantee delivery' or 'which port does a service use by default?' Knowing that DHCP uses UDP (ports 67/68) and cannot use TCP is important for troubleshooting DHCP relay scenarios.
Each protocol serves a specific purpose. Understanding the purpose helps answer 'which protocol should be used' questions. HTTP (80): unencrypted web traffic. HTTPS (443): encrypted web traffic using TLS. SSH (22): encrypted remote terminal and file transfer. Telnet (23): unencrypted remote terminal — never use over untrusted networks. SMTP (25): server-to-server email. SMTP submission (587): client-to-server email with TLS. RDP (3389): Windows remote desktop — high-risk port, often targeted.
Security hardening questions frequently ask: 'Which protocol should replace Telnet?' → SSH. 'Which port should be blocked to prevent unencrypted web traffic?' → TCP 80. 'Which service uses port 3389 and poses a security risk?' → RDP (Remote Desktop Protocol).
| Port | Protocol | TCP/UDP | Service |
|---|---|---|---|
| 20/21 | FTP | TCP | File Transfer (data/control) |
| 22 | SSH / SFTP | TCP | Encrypted remote access |
| 23 | Telnet | TCP | Unencrypted remote access |
| 25 | SMTP | TCP | Email sending (server) |
| 53 | DNS | TCP/UDP | Domain name resolution |
| 67/68 | DHCP | UDP | IP address assignment |
| 69 | TFTP | UDP | Trivial file transfer |
| 80 | HTTP | TCP | Unencrypted web |
| 110 | POP3 | TCP | Email retrieval |
| 143 | IMAP | TCP | Email retrieval (sync) |
| 161/162 | SNMP/Trap | UDP | Network monitoring |
| 389 | LDAP | TCP | Directory services |
| 443 | HTTPS | TCP | Encrypted web (TLS) |
| 445 | SMB | TCP | File/printer sharing |
| 3389 | RDP | TCP | Remote Desktop |
DNS only uses UDP
DNS uses UDP 53 for standard queries but uses TCP 53 for zone transfers and responses larger than 512 bytes
SFTP uses FTP port 21
SFTP (SSH File Transfer Protocol) uses SSH port 22 — it is not FTP with encryption, it is a completely separate protocol over SSH
All secure protocols use port 443
Only HTTPS uses 443; LDAPS uses 636, IMAPS uses 993, POP3S uses 995, SMTPS uses 587 or 465
These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.
A network administrator needs to configure a firewall to allow encrypted web traffic. Which port must be permitted?
Explanation: HTTPS (encrypted web traffic using TLS) uses TCP port 443. TCP 80 is unencrypted HTTP. TCP 8080 is commonly used as an alternate HTTP port. HTTPS does not use UDP in traditional implementations (QUIC/HTTP3 uses UDP 443 but that is not the standard answer for Network+).
Which protocol and port combination should be used to securely transfer files to a remote server over an encrypted channel?
Explanation: SFTP (SSH File Transfer Protocol) runs over SSH on TCP port 22, providing encrypted file transfers. FTP (TCP 21) is unencrypted. TFTP (UDP 69) provides no authentication or encryption. SMB (TCP 445) is Windows file sharing, not a remote transfer protocol.
A technician needs to allow network devices to automatically receive IP addresses. Which firewall ports must be open?
Explanation: DHCP uses UDP port 67 (server) and UDP port 68 (client). DHCP uses UDP because it broadcasts before an IP address is assigned, making TCP's connection-oriented handshake impossible. UDP 69 is TFTP, and TCP 53 is DNS zone transfers.
Focus on the 20–25 most commonly tested ports: FTP (20/21), SSH (22), Telnet (23), SMTP (25), DNS (53), DHCP (67/68), TFTP (69), HTTP (80), POP3 (110), NTP (123), IMAP (143), SNMP (161/162), LDAP (389), HTTPS (443), SMB (445), LDAPS (636), IMAPS (993), POP3S (995), RDP (3389). The exam CompTIA publishes an 'Exam Objectives' document listing exactly which ports are tested.
POP3 (port 110/995) downloads email to the client and typically deletes it from the server — one device sees the email. IMAP (port 143/993) synchronizes email between the server and multiple clients — the same inbox is visible from all devices. IMAP is the modern standard for multi-device email access.
Try free Ports and Protocols practice questions with explanations, topic links and progress tracking.