CompTIA Network+ Network Operations Practice Questions 2026
Master SNMP monitoring, documentation, change management, and disaster recovery for the Network+ exam
What Are Network Operations on the Network+ Exam?
Network Operations accounts for approximately 16% of the CompTIA Network+ exam. This domain covers the day-to-day management and maintenance of network infrastructure, including monitoring, documentation, change management, backup strategies, and disaster recovery planning. These are the skills that keep networks running reliably in production environments.
The exam tests your understanding of monitoring protocols and tools (SNMP, syslog, NetFlow), proper documentation practices (network diagrams, IPAM, change logs), and organizational processes (change management, incident response). You must know how to establish baselines, set thresholds for alerts, and use monitoring data to identify performance issues before they become outages.
Business continuity and disaster recovery are important sub-topics. You should understand backup types (full, incremental, differential), high availability concepts (redundancy, failover, clustering), and recovery objectives (RPO and RTO). The exam expects you to recommend appropriate strategies based on business requirements and risk tolerance.
SNMP Version Comparison
| Feature | SNMPv1 | SNMPv2c | SNMPv3 |
|---|---|---|---|
| Authentication | Community string (plaintext) | Community string (plaintext) | Username + password (hashed) |
| Encryption | None | None | AES/DES encryption |
| Security Level | Low | Low | High (recommended) |
| Bulk Operations | No | Yes (GetBulk) | Yes (GetBulk) |
| Transport | UDP 161/162 | UDP 161/162 | UDP 161/162 |
Key Operations Concepts
Network Monitoring
SNMP polls devices for status and performance data. Syslog centralizes log messages (severity 0-7, Emergency to Debug). NetFlow/sFlow analyze traffic patterns and bandwidth usage. Set baselines during normal operations and configure alerts when thresholds are exceeded.
Documentation Best Practices
Maintain logical diagrams (IP subnets, VLANs, routing) and physical diagrams (cable runs, rack layouts, floor plans). Use IPAM for IP address tracking. Document all configurations, passwords (securely), and standard operating procedures. Update after every network change.
Change Management
All network changes follow a formal process: request → impact assessment → CAB approval → scheduled maintenance window → implementation → verification → documentation. Maintain rollback plans for every change. Unauthorized changes are a leading cause of outages.
Backup Strategies
Full backups capture everything but take longest. Incremental saves only changes since the last backup (any type). Differential saves changes since the last full backup. Follow the 3-2-1 rule. Regularly test restores — an untested backup is not a backup.
High Availability
Eliminate single points of failure with redundant components: dual power supplies, redundant uplinks (LACP), gateway redundancy (HSRP/VRRP), server clustering, and geographic redundancy. Calculate availability as a percentage (e.g., 99.999% = 5.26 minutes downtime/year).
Disaster Recovery
DR plans restore operations after major failures. Hot sites (fully operational) have lowest RTO but highest cost. Warm sites (partially equipped) balance cost and recovery time. Cold sites (empty facility) are cheapest but slowest to activate. Know RPO (acceptable data loss) and RTO (acceptable downtime).
Sample Network Operations Questions
Question 1
A network administrator wants to receive real-time alerts when a router goes down. Which SNMP feature should be configured?
A) SNMP GET
B) SNMP SET
C) SNMP TRAP
D) SNMP WALK
Answer: C) SNMP TRAP — SNMP traps are unsolicited messages sent from agents to the NMS when significant events occur (like a device going down). Unlike GET requests (which poll on a schedule), traps provide immediate notification. Configure traps on critical devices and ensure the NMS is set to receive them on UDP port 162.
Question 2
A company requires that no more than 1 hour of data can be lost in a disaster. Which metric defines this requirement?
A) RTO (Recovery Time Objective)
B) RPO (Recovery Point Objective)
C) MTBF (Mean Time Between Failures)
D) MTTR (Mean Time to Repair)
Answer: B) RPO (Recovery Point Objective) — RPO defines the maximum acceptable amount of data loss measured in time. An RPO of 1 hour means backups must occur at least every hour. RTO defines how quickly systems must be restored after a failure. MTBF measures reliability; MTTR measures repair speed.
Question 3
After making a network change, users report connectivity issues. What should the administrator do FIRST according to change management procedures?
A) Implement additional changes to fix the problem
B) Roll back the change to restore the previous state
C) Document the issue and submit a new change request
D) Escalate to senior management
Answer: B) Roll back the change to restore the previous state — When a change causes issues, the first action should be to execute the rollback plan to restore the previous working state. This minimizes downtime. After rollback, investigate the cause, update the change request, and resubmit with corrective measures.
Study Tips for Network Operations
- Know SNMP thoroughly: Understand the differences between v1, v2c, and v3, especially security features. Know GET, SET, TRAP, and WALK operations and their use cases.
- Understand backup math: Practice calculating restore scenarios for full + incremental vs full + differential. Know which combination restores fastest and which uses least storage.
- Memorize syslog severity levels: 0 (Emergency) through 7 (Debug). A common mnemonic: "Every Awesome Cisco Engineer Will Need Daily Practice."
- Know RPO vs RTO: These metrics are commonly confused. RPO = how much data you can afford to lose; RTO = how long you can afford to be down.
Frequently Asked Questions
What is SNMP and how is it used for monitoring?
SNMP (Simple Network Management Protocol) monitors and manages network devices. SNMPv1/v2c use community strings (insecure). SNMPv3 adds authentication and encryption. Components: managed devices (agents), NMS (manager), MIB (database of objects). SNMP uses UDP 161 (queries) and 162 (traps).
What network documentation should I maintain?
Essential documentation: network diagrams (logical and physical), IP address management (IPAM), cable management records, change logs, baseline configurations, rack diagrams, wiring schematics, SOPs (Standard Operating Procedures), and asset inventory. Keep documentation updated after every change.
What is a change management process?
Change management controls how modifications are made to the network. Steps: submit change request, review impact and risk, get approval from CAB (Change Advisory Board), schedule maintenance window, implement change, test and verify, document results. Roll back if issues occur.
What backup strategies should I know?
Full backup copies everything (longest, most storage). Incremental backs up only changes since last backup (fastest, least storage). Differential backs up changes since last full backup (middle ground). Know the 3-2-1 rule: 3 copies, 2 different media, 1 offsite. Test restores regularly.
What is the difference between high availability and disaster recovery?
High availability (HA) prevents downtime through redundancy (dual power supplies, clustered servers, HSRP/VRRP gateways). Disaster recovery (DR) restores operations after a major failure. Know RPO (Recovery Point Objective — data loss tolerance) and RTO (Recovery Time Objective — downtime tolerance).
What monitoring tools and methods should I know?
Know SNMP for device monitoring, syslog for centralized logging (UDP 514), NetFlow/sFlow/IPFIX for traffic analysis, packet capture tools (Wireshark), and SIEM for security event correlation. Understand baselines, thresholds, and alerting.