Browse CompTIA Certification Guides

CompTIA N10-009 Network Attacks & Adversary Techniques Guide

March 29, 2026

Study CompTIA N10-009 Network Attacks & Adversary Techniques: key concepts, common traps, and exam decision cues.

On this page

Attack questions are classification questions first and response questions second. CompTIA wants to know whether you can identify the actual path the adversary is using before you choose a control. If you misclassify the attack, the mitigation answer usually drifts to the wrong layer.

On-path attack: An attack where the adversary positions themselves in the communication path to observe or manipulate traffic.

DoS: Denial of service, an attack that tries to make a service unavailable or degraded.

Rogue AP: Rogue access point, an unauthorized wireless device that can create an untrusted entry point into the environment.

What CompTIA is really testing

The strongest answers usually depend on classifying whether the scenario is about:

  • service exhaustion
  • spoofing or identity deception
  • rogue services or rogue infrastructure
  • wireless impersonation or weak wireless protection
  • human entry paths such as phishing or tailgating

Attack class versus clue

Attack class Typical clue
DoS / DDoS legitimate users cannot access the service because it is overwhelmed
spoofing traffic or identity appears to come from a trusted source but does not
rogue service an unauthorized DHCP, DNS, or AP device appears on the network
wireless attack evil twin, deauth, or weak encryption leads to wireless compromise
social engineering the initial foothold comes from human trust rather than protocol weakness

Small evidence example

1ARP reply: 10.10.10.1 is-at aa:bb:cc:dd:ee:99
2ARP reply: 10.10.10.1 is-at aa:bb:cc:dd:ee:99
3Gateway MAC on switchport record: 00:11:22:33:44:55

What to notice:

  • the gateway identity is being claimed by a different MAC address
  • this points toward spoofing or an on-path attempt, not a simple capacity problem
  • if you misclassify this as generic packet loss, you will choose the wrong control

Wireless and rogue-infrastructure scenarios

Network+ often tests whether you notice that the attacker is changing the access path itself:

  • rogue AP or evil twin makes users join the wrong wireless network
  • rogue DHCP gives clients incorrect gateway or DNS information
  • deauthentication attacks disrupt wireless sessions so clients reconnect under attacker influence

Those are not the same as ordinary routing or signal problems. They are security problems using network behavior as the entry path.

Common traps

  • treating every attack like a DoS issue
  • choosing a mitigation before classifying the attack path
  • forgetting that phishing, tailgating, or shoulder surfing can lead to network compromise too
  • confusing a rogue service with an authorized service that is merely misconfigured

What strong answers usually do

  • classify the attack by path and behavior first
  • separate availability attacks from impersonation or rogue-infrastructure attacks
  • connect the clue to the boundary being abused
  • choose the control that acts at the same layer as the attack path

Decision order that usually wins

Classify the attack by what the attacker is changing. If users lose access because a service is flooded, think availability and DoS. If trust is broken because fake infrastructure is inserted, think impersonation such as rogue AP or evil twin. If traffic is being redirected or intercepted, focus on the altered path rather than on generic “slow network” language. CompTIA often buries the answer inside that distinction.

Quiz

Loading quiz…

Continue with 4.8 Hardening, NAC & ACLs to keep the domain flow intact.

Revised on Sunday, May 10, 2026
4.6 Segmentation: Guest, BYOD, IoT & OT
4.8 Hardening, NAC & ACLs