Ad slot · leaderboard (728×90 / responsive)Manual unit, below nav — clear of every quiz tap target
Home/ CompTIA Network+/ Domain 4: Network Security
Free · N10-009 · Domain 4 of 5

CompTIA Network+ Domain 4: Network Security

14% of the N10-009 exam
Practice — Domain 4

Interactive Domain 4 practice questions load here — covering hardening, attacks, access control. Each answer is revealed with a full explanation and its source after you respond.

JavaScript is required for the interactive quiz. You can still review every concept in the N10-009 study guide.

Want all five domains under exam conditions? Take a full 90-question mock →

Ad slot · in-content rectangle (336×280 / responsive)Below the quiz card, inside the article body — well clear of answer buttons

About this domain

Domain 4, Network Security, makes up 14% of the CompTIA Network+ N10-009 exam, and the questions here lean heavily on scenarios rather than rote definitions. You are expected to read a short situation and name the attack, pick the defense, or explain a security feature. Expect Layer 2 threats like ARP poisoning, where an attacker floods forged ARP replies so hosts map the gateway's IP to the attacker's MAC and traffic gets intercepted on-path. You will also see rogue DHCP servers handing out bad gateways, and the switch features that stop them, such as DHCP snooping with trusted ports.

The access-control objectives reward knowing how devices prove who they are before getting on the network. A common stem describes a host that must authenticate at the exact switch port it plugs into; that is 802.1X port-based network access control, often paired with a broader NAC posture check. Firewall questions test rule logic directly, including the implicit deny that drops anything an ACL does not explicitly permit, and the order in which rules are evaluated. Social engineering and phishing round out the attack side, since the human is frequently the easiest target.

Use these practice questions to get comfortable matching a described symptom to the right concept, then to the right fix, the way the real exam frames hardening and defense.

What Domain 4 covers

Domain 4 quick glossary

The terms that show up most on Domain 4 questions — one line each.

ARP poisoningSending forged ARP replies so hosts associate the gateway IP with the attacker's MAC, enabling interception.
On-path attackAn attacker positions between two parties to read or alter traffic flowing between them.
802.1XPort-based network access control standard that authenticates a device before granting any switch-port access.
NACNetwork access control; enforces authentication and posture checks before admitting a device to the network.
Implicit denyThe default firewall behavior of dropping any traffic not matched by an explicit permit rule.
DHCP snoopingA switch feature that blocks rogue DHCP servers by trusting DHCP offers only from designated ports.
Rogue DHCP serverAn unauthorized server that hands out IP configuration, often a bad default gateway, to redirect traffic.
PhishingA social engineering attack that tricks users into revealing credentials or running malware via deceptive messages.

Keep going

Practice the other domains, or go deeper with the full study materials.

Domain 1: Networking Concepts23% · OSI, ports, subnetting, DNS Domain 2: Network Implementation20% · routing, switching, wireless Domain 3: Network Operations19% · monitoring, documentation, HA Domain 5: Network Troubleshooting24% · methodology, tools, connectivity N10-009 Study GuideDomains, plan, cheat sheets All Network++ practice testsFull sets · timed mocks