Domain 4 of 5 · Chapter 1 of 3

Computer Networking

The OSI seven-layer model and the TCP/IP map

Type a web address and a lot happens before the page appears. Your browser's request is wrapped by one layer of software, handed down to the next, and the next, until it leaves your machine as electrical or radio signals; the server reverses the process on the way up. Networking people describe this stack with the OSI (Open Systems Interconnection) reference model, which splits the work into seven layers. CC expects you to know the order in both directions and the job of each layer, because this is the most heavily tested networking idea on the exam.

The seven layers, top to bottom

Reading from layer 7 down to layer 1:

  • Layer 7, Application is where network services meet user applications. Protocols like HTTP, DNS, and SMTP live here. This is not your web browser itself; it is the protocol the browser speaks.
  • Layer 6, Presentation formats, encodes, compresses, and encrypts data so the application can use it. TLS encryption and character encodings sit here.
  • Layer 5, Session sets up, manages, and tears down the conversation between two hosts.
  • Layer 4, Transport delivers data end to end and uses port numbers to direct it to the right service. TCP and UDP are the layer 4 protocols.
  • Layer 3, Network handles logical addressing and routing across networks. This is where IP lives and where routers operate.
  • Layer 2, Data Link moves frames across one local link and uses hardware MAC (Media Access Control) addresses. Ethernet, switches, and VLANs are layer 2.
  • Layer 1, Physical is the raw bits on the medium: copper cables, fiber, WiFi radio, and hubs.

A classic mnemonic for layer 7 down to 1 is "All People Seem To Need Data Processing" (Application, Presentation, Session, Transport, Network, Data Link, Physical). For the reverse, layer 1 up to 7, many people use "Please Do Not Throw Sausage Pizza Away".

TCP/IP, the model the internet actually runs on

OSI is a teaching reference. The protocol suite that genuinely carries traffic is TCP/IP, which does the same work in four layers instead of seven. The mapping is fixed and worth memorizing, because questions ask you to translate one model into the other: the TCP/IP Link layer covers OSI layers 1 to 2, Internet covers OSI layer 3, Transport covers OSI layer 4, and Application covers OSI layers 5 to 7. IP and IPsec live at OSI layer 3[1] (the Internet layer), while TCP and UDP live at layer 4. The two models do not disagree; TCP/IP simply groups OSI's top three layers into one Application layer and its bottom two into one Link layer.

OSI (7 layers)TCP/IP (4 layers)7 Application6 Presentation5 SessionApplicationHTTP, DNS, SMTP4 TransportTransportTCP, UDP (ports)3 NetworkInternetIP, routers2 Data Link1 PhysicalLinkEthernet, MAC, WiFiLink = OSI 1-2, Internet = OSI 3, Transport = OSI 4, Application = OSI 5-7
OSI's seven layers grouped into the TCP/IP four-layer model; the mapping is fixed.

Addresses and ports: IPv4, IPv6, and the well-known ports

Two numbers get a packet to the right place: an IP address says which machine, and a port number says which service on that machine. Keep them separate in your head, because the most common beginner mistake is to mix them up, and the exam tests the difference directly.

IPv4 versus IPv6

An IPv4 address is 32 bits long, written as four decimal numbers from 0 to 255 separated by dots, such as 203.0.113.5. Thirty-two bits gives about 4.3 billion unique addresses, and the global supply has effectively run out. IPv6 was created to fix that shortage, and its addresses are 128 bits long, written as eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:0000:0000:0000:0000:0000:0001 (often shortened to 2001:db8::1). One hundred twenty-eight bits is an enormous space, roughly 3.4 x 10^38 addresses, so exhaustion is no longer a practical concern. The two figures to lock in are 32 bits for IPv4 and 128 bits for IPv6; questions love to swap them.

Addresses come in two scopes. Public addresses are routable on the open internet and must be globally unique. Private IPv4 ranges (such as 10.x.x.x and 192.168.x.x) are reused inside many separate networks and are not routed on the internet, which is part of how IPv4 stretched its limited supply.

Ports identify the service

A server can run a web service, an email service, and a remote-login service at the same time on one IP address because each listens on its own port. A port is a 16-bit number, so the range is 0 to 65535. The lowest block, ports 0 to 1023, are the well-known (system) ports reserved for standard internet services and assigned by IANA. CC expects you to recognize a specific short list by number, summarized in the table below. Treat these as flashcards: a question may give the service and ask for the number, or give the number and ask for the service.

Service Port(s) What it does
FTP 20 (data), 21 (control) File Transfer Protocol; transfers files, sends data and control on separate ports
SSH 22 Secure Shell; encrypted remote command-line and file transfer
Telnet 23 Remote command-line in cleartext; insecure, replaced by SSH
SMTP 25 Simple Mail Transfer Protocol; sends email between mail servers
DNS 53 Domain Name System; resolves names like example.com to IP addresses
HTTP 80 Web traffic in cleartext
HTTPS 443 Web traffic encrypted with TLS
RDP 3389 Remote Desktop Protocol; remote graphical access to Windows

The pattern worth noticing: the secure version of a protocol usually runs on a different port from the cleartext version (HTTP 80 versus HTTPS 443; Telnet 23 versus SSH 22). When a question contrasts a secure and an insecure service, the port number is often the tell.

IP address: which hostIPv4: 32 bitsdotted decimal203.0.113.5IPv6: 128 bitscolon hexadecimal2001:db8::1Port: which servicewell-known range 0 to 1023HTTPport 80HTTPSport 443SSHport 22DNSport 53The address finds the machine; the port picks the service running on it
IP address (host) versus port (service): IPv4 32 bits, IPv6 128 bits, with well-known ports HTTP 80, HTTPS 443, SSH 22, DNS 53 (IANA system ports 0-1023).

WiFi and exam-pattern recognition

The last building block is wireless. WiFi is the IEEE 802.11 family of wireless LAN standards, and the thing that matters for security is simple: WiFi sends data over radio, so anyone within range can capture the signal off the air. That makes link encryption essential, not optional.

Securing wireless

The encryption standards arrived in order, and only the newest are safe. WEP (Wired Equivalent Privacy) is the original and is thoroughly broken; never select it. WPA and WPA2 (WiFi Protected Access) replaced it, and WPA3 is the current standard and the strongest. For CC, the rule is: choose WPA3 (or WPA2 if WPA3 is unavailable) and reject WEP. An open network with no encryption, such as a coffee-shop hotspot, should be treated as untrusted; sensitive traffic over it needs its own protection, such as a VPN tunnel or HTTPS, on top.

Reading the question stems

Networking items on CC tend to fall into a few shapes, and recognizing the shape tells you which fact to fetch.

  • Layer placement. "At which OSI layer does a router operate?" Answer with the function-to-layer map: routing and IP are layer 3 (Network); switching and MAC addresses are layer 2 (Data Link); ports and end-to-end delivery are layer 4 (Transport); the application protocol is layer 7.
  • Model translation. "Which TCP/IP layer corresponds to OSI layers 5 through 7?" Apply the fixed mapping: that is the Application layer.
  • Service-to-port (or port-to-service). "Which port does HTTPS use?" or "What runs on port 22?" Recall the well-known list. The frequent trap is the cleartext/secure pair: HTTP 80 versus HTTPS 443, Telnet 23 versus SSH 22.
  • Address facts. "How many bits is an IPv6 address?" The answer is 128 (IPv4 is 32). Watch for stems that swap the two numbers.
  • Wireless choice. "Which protocol should secure a new wireless network?" Choose WPA3 or WPA2, never WEP.

A reliable habit on any networking question: first decide whether the stem is about where (a layer), who (an IP address), what service (a port), or how it is protected (encryption such as WPA3 or TLS). Naming the category first keeps you from answering a port question with a layer fact, which is exactly the kind of mismatch distractors are built to exploit.

older, unsafenewer, strongerWEPbroken, never useWPA / WPA2WPA2 acceptableWPA3current, strongestOpenuntrustedChoose WPA3 (or WPA2); reject WEP; treat an open network as untrustedTunnel sensitive traffic over open WiFi with a VPN or HTTPS
WiFi encryption from oldest to newest: WEP (never), WPA2 (acceptable), WPA3 (current and strongest); open networks are untrusted.

OSI seven layers mapped to the TCP/IP four-layer model

OSI layer (number)What it doesTCP/IP layerExample at this layer
7 ApplicationNetwork services to user applicationsApplicationHTTP, HTTPS, DNS, SMTP, FTP
6 PresentationFormat, encode, encrypt for the appApplicationTLS encryption, data formats
5 SessionSet up, manage, tear down sessionsApplicationSession establishment
4 TransportEnd-to-end delivery, portsTransportTCP, UDP (ports 80, 443, 53)
3 NetworkLogical addressing and routingInternetIP, IPsec, routers
2 Data LinkFrames on the local link, MAC addressesLinkEthernet, switches, VLANs
1 PhysicalBits on the wire or radioLinkCables, WiFi radio, hubs

Sharp facts the exam loves — give these one last read before exam day.

Cheat sheet

Sharp facts the exam loves — scan these before test day.

Know the OSI seven layers in order, both directions

The OSI (Open Systems Interconnection) model has seven layers, from the bottom up: 1 Physical, 2 Data Link, 3 Network, 4 Transport, 5 Session, 6 Presentation, 7 Application. A common mnemonic for layer 7 down to 1 is "All People Seem To Need Data Processing". Exam questions ask you to place a function or device at the right layer, so the order and each layer's job are the core facts to memorize.

OSI maps onto TCP/IP's four layers by a fixed rule

TCP/IP is the four-layer model the internet actually runs on, and it maps onto OSI predictably: Link = OSI layers 1 to 2, Internet = OSI layer 3, Transport = OSI layer 4, and Application = OSI layers 5 to 7. The two models do not disagree; TCP/IP just groups OSI's top three layers into one Application layer and its bottom two into one Link layer. Questions often give an OSI layer and ask for the matching TCP/IP layer, or the reverse.

Trap Assuming TCP/IP has a separate Session or Presentation layer; those OSI layers (5 and 6) are folded into the single TCP/IP Application layer.

IP and routing live at OSI Layer 3 (Network)

The Network layer (OSI layer 3) handles logical addressing and routing between networks, which is where IP operates and where routers do their work. When a stem asks at which layer a router operates or where IP addressing happens, the answer is layer 3. IPsec, which protects IP packets, also operates at this layer.

Trap Placing a router at OSI layer 2; switches and MAC addressing are layer 2, while routing and IP are layer 3.

11 questions test this
Switches and MAC addresses operate at Layer 2 (Data Link)

The Data Link layer (OSI layer 2) moves frames across a single local link and uses hardware MAC (Media Access Control) addresses to identify devices on that link. Ethernet switches and VLANs operate here. A MAC address is the physical hardware address burned into a network interface, distinct from the logical IP address assigned at layer 3.

Trap Confusing a MAC address (layer 2 hardware address) with an IP address (layer 3 logical address); the two identify a device at different layers.

6 questions test this
TCP and UDP carry data at Layer 4 (Transport) using ports

The Transport layer (OSI layer 4) delivers data end to end between hosts and uses port numbers to direct it to the right service. TCP and UDP are the layer 4 protocols. When a question is about ports, end-to-end delivery, or TCP versus UDP, the layer is 4.

An IP address identifies the host; a port identifies the service

Keep the two roles separate: an IP address says which machine, and a port number says which application or service on that machine. This is why one server with a single IP can run web, email, and remote-login services at the same time, each listening on its own port. A question asking how one server offers many services at once is about ports, not addresses.

Trap Answering a one-server-many-services question with multiple IP addresses; the services are separated by port number, not by address.

IPv4 addresses are 32 bits long

An IPv4 address is 32 bits, written as four decimal numbers from 0 to 255 separated by dots, such as 203.0.113.5. Thirty-two bits gives about 4.3 billion possible addresses, a supply the world has effectively exhausted. The 32-bit figure is the single most testable IPv4 fact.

Trap Stating IPv4 is 128 bits; 128 bits is IPv6. IPv4 is 32 bits.

10 questions test this
IPv6 addresses are 128 bits long and solve IPv4 exhaustion

IPv6 was created because IPv4's address space ran out, and its addresses are 128 bits long, written as eight groups of hexadecimal separated by colons, such as 2001:db8::1. One hundred twenty-eight bits gives roughly 3.4 x 10^38 addresses, so exhaustion is no longer a practical concern. Remember 128 bits for IPv6 versus 32 bits for IPv4; questions like to swap the two numbers.

Trap Stating IPv6 is 64 bits or 32 bits; an IPv6 address is 128 bits.

10 questions test this
Ports 0 to 1023 are the well-known (system) ports

A port number is 16 bits, so the full range is 0 to 65535, and the lowest block, ports 0 to 1023, are the well-known or system ports reserved by IANA for standard internet services. The well-known set is where the named protocols a candidate must recognize, like HTTP and HTTPS, live. Higher ports are registered or dynamic and are not the focus of CC recall.

4 questions test this
HTTP is port 80; HTTPS is port 443

Web traffic uses HTTP on port 80 in cleartext and HTTPS on port 443 encrypted with TLS. The pair is a favorite exam contrast: the secure version runs on a different well-known port from the cleartext version. If a question asks which port carries encrypted web traffic, the answer is 443.

Trap Answering 80 for encrypted web traffic; port 80 is cleartext HTTP, while HTTPS (TLS-encrypted) is port 443.

8 questions test this
SSH is port 22; it replaces cleartext Telnet on port 23

SSH (Secure Shell) provides encrypted remote command-line access and file transfer on port 22, and it is the secure replacement for Telnet, which runs in cleartext on port 23. Telnet sends credentials and commands unencrypted, so it should not be used over untrusted networks. When a stem contrasts secure and insecure remote login, the ports 22 and 23 are the tell.

Trap Choosing Telnet (port 23) for secure remote administration; Telnet is cleartext, and SSH on port 22 is the encrypted choice.

13 questions test this
FTP uses ports 20 and 21

FTP (File Transfer Protocol) transfers files using two ports: port 21 carries the control connection (commands) and port 20 carries the data. Plain FTP is unencrypted, so secure alternatives like SFTP (over SSH, port 22) or FTPS are preferred for sensitive transfers. The two-port pattern, 20 for data and 21 for control, is a recall point.

1 question tests this
SMTP is port 25 and DNS is port 53

SMTP (Simple Mail Transfer Protocol) sends email between mail servers on port 25, and DNS (Domain Name System) resolves names like example.com into IP addresses on port 53. Both are well-known ports a candidate is expected to recognize by number. DNS is the service that lets people use names instead of memorizing numeric addresses.

3 questions test this
RDP is port 3389

RDP (Remote Desktop Protocol) gives remote graphical access to Windows systems on port 3389. Because RDP exposed to the internet is a frequent attack target, it should be restricted to a VPN or trusted network rather than opened publicly. The number 3389 is the one to recall for remote desktop.

1 question tests this
The secure protocol usually runs on a different port from the cleartext one

When a question pairs an insecure protocol with its secure counterpart, the port number is often the distinguishing clue: HTTP 80 versus HTTPS 443, and Telnet 23 versus SSH 22. Recognizing the pair lets you pick the encrypted option by its port. The secure choice is the encrypted protocol, and it listens on its own well-known port.

5 questions test this
Private IP ranges are not routed on the public internet

Public IP addresses are globally unique and routable on the open internet, while private IPv4 ranges (such as 10.x.x.x and 192.168.x.x) are reused inside many separate internal networks and are not routed across the internet. Reusing private ranges behind translation is part of how IPv4 stretched its limited supply. A host with only a private address cannot be reached directly from the internet.

5 questions test this
WiFi is the IEEE 802.11 wireless LAN family, and it is broadcast

WiFi refers to the IEEE 802.11 family of wireless LAN standards, which carry data over radio. Because the signal travels through the air, anyone within range can capture it, so encryption on the wireless link is essential rather than optional. This broadcast nature is the reason wireless security gets special attention.

Secure WiFi with WPA3 or WPA2, never WEP

The WiFi encryption standards arrived in order, and only the newest are safe: WPA3 (WiFi Protected Access 3) is the current and strongest standard, WPA2 is still acceptable, and WEP (Wired Equivalent Privacy) is thoroughly broken and must never be selected. For CC, choose WPA3 if available, otherwise WPA2, and reject WEP outright. A stem asking how to secure a new wireless network is testing this choice.

Trap Selecting WEP because it is listed as an encryption option; WEP is broken and offers no real protection, so WPA3 or WPA2 is the correct choice.

1 question tests this
Treat an open WiFi network as untrusted

An open wireless network with no encryption, such as a public coffee-shop hotspot, gives no link protection, so any traffic on it can be intercepted. Treat it as untrusted and protect sensitive traffic with its own layer on top, such as a VPN tunnel or HTTPS. The wireless link being open does not encrypt your data; only an added layer does.

Trap Assuming an open hotspot is safe as long as the site uses HTTPS for everything; the open link still exposes any unencrypted traffic, so a VPN or per-session encryption is needed.

TLS encryption sits around OSI layers 5 to 6, not the Transport layer

Despite the name Transport Layer Security, TLS encrypts an application session and conceptually sits around OSI layers 5 to 6 (it secures the data the application sends). The OSI Transport layer (4) is about end-to-end delivery with TCP and UDP and ports, not encryption. Do not equate the OSI Transport layer with transport-layer security; they are different ideas.

Trap Treating the OSI Transport layer (4) as the encryption layer because of the name TLS; layer 4 handles delivery and ports, while TLS protects the application session.

Categorize a networking question by where, who, what service, or how protected

A reliable habit on any networking item is to first decide whether the stem asks about where a function sits (a layer), who a host is (an IP address), what service is involved (a port), or how traffic is protected (encryption like WPA3 or TLS). Naming the category first keeps you from answering a port question with a layer fact, which is exactly the mismatch that distractors exploit.

A LAN is small, fast, and locally owned; a WAN connects LANs across distance more slowly

A Local Area Network covers a confined area such as a building or campus, is usually owned and managed by one organization, and offers the highest data-transfer speeds. A Wide Area Network spans cities or countries and interconnects multiple LANs over long distances, so it serves more users with greater geographic reach but typically lower speed and higher latency; LANs are the building blocks a WAN ties together, and the internet is the largest WAN.

Trap Expecting a WAN to be faster than a LAN; its long-distance links raise propagation delay and lower throughput.

11 questions test this
A hub blindly broadcasts to all ports; a switch forwards by MAC to one port

A hub is a Layer 1 device that repeats incoming data out every other port, so all stations share one collision domain and can see each other's traffic. A switch is a Layer 2 device that reads the destination MAC address and uses its MAC address table to forward a frame only to the correct port, giving each port its own collision domain. A router is the Layer 3 device that connects networks with different IP ranges and contains broadcast traffic.

Trap Treating a hub as a secure equivalent of a switch, when its broadcast-to-all behavior lets any attached host sniff the segment.

6 questions test this
DNS uses UDP 53 for normal queries and TCP 53 for large responses and zone transfers

DNS runs on port 53 over both transports: standard name-resolution queries use UDP 53 because it is fast and low-overhead, while TCP 53 handles responses larger than 512 bytes and zone transfers between servers, where reliable delivery matters.

Trap Opening only UDP 53 on a firewall and breaking zone transfers and oversized responses that need TCP 53.

5 questions test this
WPA3 replaces WPA2's PSK handshake with SAE to defeat offline dictionary attacks

WPA3-Personal uses Simultaneous Authentication of Equals (SAE), the dragonfly handshake, in place of WPA2's pre-shared-key four-way handshake. SAE requires live interaction with the network for each password guess, so an attacker who captures the handshake cannot run an offline dictionary attack against it even when the password is weak.

Trap Believing WPA3 is just a stronger password; its protection comes from the SAE handshake, not from key length.

5 questions test this
WPA3 forward secrecy keeps past captured traffic safe even if the password leaks later

Through SAE, WPA3 derives a unique session key for each connection, providing forward secrecy. If an attacker has been recording encrypted traffic and later obtains the network password, they still cannot decrypt the previously captured sessions because each used a separate key not derived from the password alone.

Trap Assuming a later password compromise exposes old WPA3 sessions, as it would under WPA2-PSK.

6 questions test this
WPA3 mandates Protected Management Frames to stop forged deauth attacks

WPA3 requires Protected Management Frames (PMF), which authenticate and protect the integrity of wireless management frames. This blocks eavesdropping, replay, and forgery of management frames, including the spoofed deauthentication/disassociation frames an attacker uses to knock clients off the network.

4 questions test this
WPA2/WPA3-Enterprise uses 802.1X with a RADIUS server to authenticate each user individually

Enterprise wireless mode runs the 802.1X framework against a central RADIUS authentication server so every user logs in with unique credentials rather than a shared password, giving centralized authentication, individual accountability, and dynamic keys. In 802.1X the wireless access point acts as the authenticator, relaying credentials between the client (supplicant) and the RADIUS server.

Trap Choosing WPA2/WPA3-Personal (a shared PSK) when the requirement is per-user credentials checked against a central server.

10 questions test this
WPA2 should use AES-CCMP, not the legacy TKIP

AES, implemented as AES-CCMP with 128-bit keys, is the mandatory and strongest encryption for WPA2 and provides both confidentiality and integrity. TKIP was only a transitional fix for WEP-era hardware and relies on the weak RC4 cipher, so a WPA2 network running TKIP should be moved to AES.

Trap Leaving WPA2 on TKIP for compatibility, which keeps the weak RC4-based cipher instead of AES.

5 questions test this

References

  1. https://csrc.nist.gov/glossary/term/ipsec