Study Network Attacks & Adversary Techniques for Network+ (N10-009)
Recognize common network attacks, spoofing behaviors, rogue services, wireless attacks, and social-engineering paths that appear in Network+ scenarios.
Attack questions are classification questions first and response questions second. CompTIA wants to know whether you can identify the actual path the adversary is using before you choose a control. If you misclassify the attack, the mitigation answer usually drifts to the wrong layer.
On-path attack: An attack where the adversary positions themselves in the communication path to observe or manipulate traffic.
DoS: Denial of service, an attack that tries to make a service unavailable or degraded.
Rogue AP: Rogue access point, an unauthorized wireless device that can create an untrusted entry point into the environment.
What CompTIA is really testing
The strongest answers usually depend on classifying whether the scenario is about:
- service exhaustion
- spoofing or identity deception
- rogue services or rogue infrastructure
- wireless impersonation or weak wireless protection
- human entry paths such as phishing or tailgating
Attack class versus clue
| Attack class | Typical clue |
|---|---|
| DoS / DDoS | legitimate users cannot access the service because it is overwhelmed |
| spoofing | traffic or identity appears to come from a trusted source but does not |
| rogue service | an unauthorized DHCP, DNS, or AP device appears on the network |
| wireless attack | evil twin, deauth, or weak encryption leads to wireless compromise |
| social engineering | the initial foothold comes from human trust rather than protocol weakness |
Small evidence example
1ARP reply: 10.10.10.1 is-at aa:bb:cc:dd:ee:99
2ARP reply: 10.10.10.1 is-at aa:bb:cc:dd:ee:99
3Gateway MAC on switchport record: 00:11:22:33:44:55
What to notice:
- the gateway identity is being claimed by a different MAC address
- this points toward spoofing or an on-path attempt, not a simple capacity problem
- if you misclassify this as generic packet loss, you will choose the wrong control
Wireless and rogue-infrastructure scenarios
Network+ often tests whether you notice that the attacker is changing the access path itself:
- rogue AP or evil twin makes users join the wrong wireless network
- rogue DHCP gives clients incorrect gateway or DNS information
- deauthentication attacks disrupt wireless sessions so clients reconnect under attacker influence
Those are not the same as ordinary routing or signal problems. They are security problems using network behavior as the entry path.
Common traps
- treating every attack like a DoS issue
- choosing a mitigation before classifying the attack path
- forgetting that phishing, tailgating, or shoulder surfing can lead to network compromise too
- confusing a rogue service with an authorized service that is merely misconfigured
What strong answers usually do
- classify the attack by path and behavior first
- separate availability attacks from impersonation or rogue-infrastructure attacks
- connect the clue to the boundary being abused
- choose the control that acts at the same layer as the attack path
Quiz
Continue with 4.8 Hardening, NAC, ACLs & Defensive Controls to keep the domain flow intact.