The Network+ exam is a Comptia certification. Comptia is probably most known for the A+ certification, though they have many others. Unlike other exams, Comptia is unique because they are completely vendor neutral. That means their exam questions aren’t aimed at any one specific brand of technology. For instance, all Cisco certifications focus on Cisco products, and Comptia certifications focus on broader technology concepts.
But the Network+/Network Plus exam takes a more eclectic view of the networking world, and helps to give new network engineers and penetration testers a wide understanding to build future skill sets upon. To put it bluntly, you need to know all of the topics in the Network+ certification to be a competent white hat hacker.
First off, I’d like to state that it’s usually pretty difficult to nail down just how easy or hard any given certification is. There are a lot of factors that determine how difficult an exam is, such as how well prepared you are, how broad your I.T. background is, and how many years of experience you have. However, with few exceptions, the Network+ exam (as well as other Comptia certifications) are generally thought of as being easier than vendor-centric certifications (like the CCNA exam).
I would say it’s a fairly easy exam for two reasons. First of all, the exam’s content and topics are relatively basic, which makes the Network+ certification a good place for future penetration testers to start building a working knowledge of computer networks. In addition, consider that the exam’s format is a lot easier to navigate than vendor exams, such as the CCNA.
Many vendor exams were designed to be extremely challenging, and include a lot of tricks like multiple choice answers where there are several correct answers, all of which need to be selected to get all of the points. In addition, the Cisco exams are going to test you with simulations. However, the Network+ exam format is relatively straightforward. It only consists of multiple choice questions, and there aren’t any simulations.
The exam lasts for 90 minutes, and consists of 90 multiple choice questions, drag and drop, and true or false questions. For those of you who aren’t great at math, that means you get about 1 minute to answer each question. So, your strategy should be to not get hung up at the beginning. If you stumble over a questions and spend 5 minutes in the beginning, you’re going to be playing catch-up for the remainder of the exam. The questions aren’t overly complex either, so you either know the answer or you don’t. There isn’t really any middle ground. If you don’t know the answer, trust your gut and move on to save time.
Personally, I thought the exam was pretty easy. And you may disagree after you take it, because it’s tough to quantify how easy or hard an exam is. That said, as long as you put in the time to study and you have passed practice exams, you shouldn’t have any problems with the Network+ certification. The Network+ certification is an entry level exam, so any future exams will include content regarding higher-level advanced topics.
When I first took the exam, I didn’t know what to expect and found it a little intimidating because of various legal and governmental regulations. On their website, Comptia claims the following: “CompTIA Network+ meets the ISO 17024 standard and is approved by U.S. Department of Defense to fulfill Directive 8570.01-M requirements. It is compliant with government regulations under the Federal Information Security Management Act (FISMA).” But don’t worry – like I said, it’s not as difficult or scary as it seems.
However, note that you’ll want to make sure you pass the first time. The test costs $285.00 USD, but some preparatory classes include an exam voucher as part of the package. If you fail, you’ll have to shell out another 285 bucks to retake the exam (ouch!).
Professional Value and Marketability
Now it’s time to answer that burning question everyone is always asking themselves. How much money can you expect to earn with the Network+ certification under your belt? Well, Payscale reports that out of 637 individuals who hold this certification, their annual salaries ranged between $41,000 and $80,000 (USD). Wow, that’s amazing, isn’t it? All you have to do to earn a great salary is pass the Network+ exam!
Well…not exactly. Don’t let these statistics mislead you. The honest truth is that this certification doesn’t turn you into some ultra-marketable I.T. guru. It does make you more marketable, but without any experience, you’re not going to be able to earn the salaries listed on the Payscale website.
Remember, certifications aren’t a magic card that guarantees you a certain level of income (with exception to CCIE certifications and the like). Certifications make you more credible by validating your knowledge. So when an employer sees two rookies applying for the same job, if everything else is equal, he/she is going to select the one with 1 or more certifications – it’s simply less risky for the hiring organization.
Comptia did have a little blurb about marketability statistics in general on their website, as well as some enlightening statistics, as follows. The U.S. Bureau of Labor Statistics expects up to 12% job growth in various networking disciplines in a period of five years. That shouldn’t be surprising, because our society is becoming more and more dependent on technology with each passing day.
In addition, 53% of leaders and executives concur that certified staff is more desirable and higher performing than uncertified staff. And Global Knowledge’s Salary Report estimated the average salary of Network+ certified professionals to be approximately $74,000 USD. But again, that’s a misleading figure. To succeed in the I.T. industry, you need three things: a degree, certifications (plural), and experience.
An entry level salary is an entry level salary, whether you’re certified or not. Without any experience, you might be able to find an entry level position that pays 35K a year. If not, you can always start at a help desk and move your way up from there.
But let’s take a closer look at the exam’s topics. There are five main areas of the exam, each composed of a different amount of total questions as follows:
Network operation – 20%
Network security – 18%
Troubleshooting – 24%
Industrial standards, practices, and network theory – 16%
Let’s pick through these topics (and their subtopics) to paint a more accurate picture of the exam, as well as see how they aid the wannabe penetration tester.
The network architecture questions are rather straightforward, and help people without a background in networks understand the various types of network devices, their functions, and why they exist. This part of the exam focuses on common networking devices like routers, switches, multilayer switches, firewalls, IDS/IPS, wireless access points, load balancers, VPN concentrators, modems, packet shapers, and other similar devices.
These concepts can be hard to wrap your head around, especially if you don’t have a background in I.T. But to be a good penetration tester, you need to intimately know what each of these devices do. Though this is a vendor neutral exam, this foundational knowledge will help you with other examinations, such as the CCNA and CCNA Security certifications.
The network operation questions of the exam cover topics that include some of the most common connection-oriented protocols. First off, you’re going to need to learn how VPN tunnels operate, what they do, and different types (e.g. site to site, host to site, and host to host) of VPNs. In addition, you’ll need to learn the variations of different protocols such as GRE, SSL, PPTP, and IPsec.
Each type of connection has its own nuances and benefits. Usually the tradeoff is between speed and security. For instance, GRE doesn’t offer strong security through encryption, but it is faster. Nevertheless, as a penetration tester, you need to understand secure and insecure protocols – the future of your employer could depend upon it…no pressure.
Cables Types and Connectors
I don’t know about you, but I’ve never been excited by the different types of physical mediums and connectors (e.g. RJ-11, RJ-45, BNC, Fiber, and other types of physical specifications). This type of knowledge really pertains more to network engineers than it does security professionals. But if you want to be taken seriously as a penetration tester, you can’t suffer the embarrassment of trying to plug an Ethernet cable into a F-connector.
Personally, I don’t like this part of the Network+ certification. I think most people who have experienced kindergarten games have learned that the square block goes in the square hole, as does the cylindrical block into the circular hole. Still, knowing different types of connectors will prevent you from making a fool of yourself. You don’t want to be caught dead trying to plug an RJ-45 connector into an RJ-11 jack – it’s just bad for your confidence, ego, and career.
Routing Concepts and Protocols
Did you know that 127.0.0.1 refers to a local system’s loopback interface? Do you even know what a loopback interface is? If not, you need to study for the Network+ exam. Routers are extremely intelligent networking devices that serve one purpose: they send data to the right destination. Not knowing the differences between routing/network interfaces will get you fired faster than parking in your boss’s parking space.
But routing is extremely complex by nature. There are many “flags” and configurations that drastically determine how well (or how poorly) a network can send data to the right hosts. Ah, but how does this apply to white hat hacking? Some of the dirtiest hacks ever first sent data to an intermediary network interface (to capture the traffic with a sniffer) before invisibly sending it to the correct destination.
Even if you don’t want to be a network engineer, you need strong routing skills to be a professional penetration tester.
Man proposes, God disposes, as the saying goes. No matter how well-designed a computer system is, there’s always going to be problems – which is awful for your sanity and lack of headaches, but great for your career. Technology is inherently fallible, and sometimes things are going to hit the fan. I don’t care how much you know about networking and security; once in a while, you’re going to need to solve unexpected problems.
Troubleshooting is a mainstay of every I.T. discipline, and strong troubleshooting skills separate the wheat from the chaff. In my opinion, troubleshooting methodologies are stronger with vendor-centric certifications because they focus on individual vendor-based nuances. But there are still a few gems to be gleaned from vendor-neutral certifications. Thus, the Network+ certification is a great place for newbies to learn essential troubleshooting skills.
Industrial Standards, Practices, and Network Theory
Every I.T. discipline is riddled with acronyms and terms that make every conversation with a non-technical friend absentmindedly drool out of boredom. Nevertheless, you need to have a solid understanding of best practices and standards, such as RFC’s (IEEE Request for Comments) standards.
The Network+ exam won’t earn you a high salary overnight. However, if you don’t understand the exam’s contents, you’re going to be a pitiful white hat hacker. Whether you have information technology experience or not, the Network+ exam will give you a solid foundation to build future hacking skills upon. It isn’t the most expensive exam (some of the CCIE exams cost upwards of $1500.00 USD). Even if you already know the topics, I’d recommend getting the Network+ certification to bolster you resume (that is, unless you already have higher level certifications such as the CCNA Security certification).