NetworkingNetwork+

IoT and SCADA Networks for CompTIA Network+ N10-009

IoT (Internet of Things) and SCADA/ICS (Supervisory Control and Data Acquisition / Industrial Control Systems) networks are explicitly listed in CompTIA Network+ N10-009 exam objectives under networking concepts and network security. These topics reflect the reality that modern networks include embedded devices, sensors, industrial controllers, and operational technology — each with unique networking and security characteristics that differ from traditional IT networks.

8 min

3 sections · 7 exam key points

2 practice questions

IoT Networking Concepts

IoT encompasses network-connected embedded devices: smart thermostats, IP cameras, smart TVs, industrial sensors, medical devices, connected vehicles, and home automation systems. IoT devices typically have limited CPU, memory, and battery — they use lightweight protocols optimized for constrained environments.

IoT protocols: MQTT (Message Queuing Telemetry Transport) — lightweight publish/subscribe protocol over TCP, used for sensor data. CoAP (Constrained Application Protocol) — like HTTP but optimized for IoT, uses UDP, designed for constrained devices. Zigbee, Z-Wave — short-range mesh protocols for home automation (900 MHz / 2.4 GHz). LoRaWAN — long-range, low-power wide-area network for remote sensors (miles of range, very low data rate). Bluetooth Low Energy (BLE) — short range, very low power.

IoT security challenges: many IoT devices ship with default or hardcoded credentials, lack encryption support, cannot be easily patched, and are difficult to monitor. IoT devices should be segmented onto their own VLAN/network, isolated from corporate systems, with firewall rules controlling what they can access.

SCADA and Industrial Control Systems

SCADA systems monitor and control industrial processes: power grids, water treatment, oil pipelines, manufacturing, and building management. They consist of sensors, PLCs (Programmable Logic Controllers), RTUs (Remote Terminal Units), HMI (Human-Machine Interfaces), and centralized control software communicating over specialized industrial protocols.

ICS/SCADA protocols: Modbus — legacy serial protocol widely used for PLC communication. DNP3 (Distributed Network Protocol) — used in utilities and SCADA systems. BACnet — building automation (HVAC, lighting, access control). OPC (OLE for Process Control) — standard for ICS data exchange.

OT vs IT convergence: traditionally, SCADA systems were air-gapped (isolated). Modern requirements for remote monitoring and management are connecting OT (Operational Technology) networks to IT networks and the internet — dramatically increasing attack surface. The Purdue Model defines OT network zones from Level 0 (physical process) to Level 5 (enterprise), with the IDMZ (Industrial DMZ) isolating OT from IT.

IoT and SCADA Security

SCADA and ICS security differs from IT security: availability is often the highest priority (a power plant cannot go offline for patching), systems may run legacy OS (Windows XP), and many ICS protocols have no authentication or encryption. Compromising SCADA can have physical consequences — Stuxnet demonstrated this by damaging Iranian nuclear centrifuges.

Network+ security controls for IoT/SCADA: network segmentation (separate OT VLAN), firewall rules between IT and OT zones, disable unnecessary services and ports, change default credentials, implement monitoring and anomaly detection, use jump servers for remote OT access, conduct regular vulnerability assessments. Physical security is also critical — direct console access to PLCs must be controlled.

Key exam facts — Network+

IoT devices use lightweight protocols: MQTT (TCP pub/sub), CoAP (UDP, constrained), Zigbee, Z-Wave, LoRaWAN
SCADA controls industrial processes; uses Modbus, DNP3, BACnet protocols
OT networks should be air-gapped or isolated in an IDMZ from IT networks
IoT devices often have default credentials, no encryption, and cannot be easily patched
Purdue Model zones define ICS/OT network layers from field devices to enterprise
Availability is the top priority in OT; confidentiality is typically top priority in IT
IoT/SCADA segmentation: separate VLAN, firewall rules, anomaly detection

Common exam traps

IoT devices are too small to be security risks

IoT devices with default credentials and unpatched firmware are frequently compromised and used in botnets (Mirai botnet), lateral movement attacks, and as entry points into corporate networks

SCADA systems should be treated the same as IT systems for security

SCADA prioritizes availability over confidentiality — patching cannot cause downtime, legacy protocols lack security features, and the CIA triad is applied in the opposite order (AIC: Availability, Integrity, Confidentiality)

Air-gapping SCADA systems guarantees security

Air-gapped systems have been compromised via infected USB drives (Stuxnet), insider threats, and maintenance connections. Air gaps reduce risk but do not eliminate it — monitoring and physical security are still required

Practice questions — IoT and SCADA

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A manufacturing company wants to connect its SCADA systems to the corporate network for remote monitoring while minimizing security risk. Which architecture provides the best balance?

A.Place SCADA on the same LAN as corporate workstations

B.Deploy an Industrial DMZ (IDMZ) with firewalls on both sides separating SCADA from IT

C.Connect SCADA directly to the internet with strong passwords

D.Use a VPN client on each SCADA workstation

Explanation: An Industrial DMZ (IDMZ) creates a buffer zone between OT (SCADA) and IT networks, with firewalls on both sides. This allows controlled, monitored data flow between systems while preventing direct connectivity between IT and OT networks. Placing SCADA on the corporate LAN eliminates isolation. Direct internet connectivity is dangerous. VPN clients on SCADA systems adds complexity without architectural isolation.

Q2.Which IoT protocol is designed for battery-powered sensors that need to transmit small amounts of data over several miles with minimal power consumption?

A.MQTT over Wi-Fi

B.Bluetooth Low Energy (BLE)

C.LoRaWAN

D.Zigbee

Explanation: LoRaWAN (Long Range Wide Area Network) is specifically designed for long-range (miles), low-power IoT sensor communication. It sacrifices data rate for range and power efficiency — ideal for remote sensors (agriculture, utilities, smart city). MQTT is a messaging protocol, not a radio technology. BLE is short-range (~100m). Zigbee is also short-range (~100m) mesh.

Frequently asked questions — IoT and SCADA

What is the Purdue Model for ICS security?

The Purdue Model (ISA-95/IEC 62443) defines a hierarchical network architecture for industrial control systems with five levels: Level 0 (field devices — sensors, actuators), Level 1 (basic control — PLCs, RTUs), Level 2 (supervisory — HMI, SCADA), Level 3 (site operations — manufacturing execution), and Levels 4–5 (enterprise IT). The IDMZ sits between Level 3 and Level 4, isolating OT from IT. Security controls are applied at zone boundaries.

What is MQTT and why is it used in IoT?

MQTT (Message Queuing Telemetry Transport) is a lightweight publish-subscribe messaging protocol operating over TCP (port 1883, or 8883 for TLS). IoT sensors publish data to a broker (server); applications subscribe to topics to receive data. MQTT uses minimal bandwidth and is designed for devices with limited processing power and unreliable networks — ideal for IoT sensors, home automation, and telemetry.

Practice this topic

Network+practice questions

Test yourself on IoT and SCADA

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime