NetworkingNetwork+

Ports and Protocols for CompTIA Network+ N10-009

Port and protocol knowledge is one of the most heavily tested areas on CompTIA Network+ N10-009. Expect 8–12 questions that require you to identify port numbers, their associated protocols, whether they use TCP or UDP, and which are secure vs. insecure. Firewall rule questions, troubleshooting 'which port to open' scenarios, and security questions about replacing insecure protocols all rely on this knowledge.

10 min

3 sections · 7 exam key points

3 practice questions

Well-Known Ports You Must Memorize

Ports 0–1023 are 'well-known' ports assigned by IANA. The Network+ exam expects you to know these from memory. FTP Data: TCP 20. FTP Control: TCP 21. SSH: TCP 22. Telnet: TCP 23. SMTP: TCP 25. DNS: TCP/UDP 53. DHCP Server: UDP 67. DHCP Client: UDP 68. TFTP: UDP 69. HTTP: TCP 80. POP3: TCP 110. NTP: UDP 123. NetBIOS: TCP/UDP 137-139. IMAP: TCP 143. SNMP: UDP 161. SNMP Trap: UDP 162. LDAP: TCP 389. HTTPS: TCP 443. SMB: TCP 445. SMTP (TLS): TCP 587. LDAPS: TCP 636. IMAP (SSL): TCP 993. POP3 (SSL): TCP 995. RDP: TCP 3389. MySQL: TCP 3306. RDP: TCP 3389. SIP: TCP/UDP 5060.

Remember the pattern: secure versions of protocols use different port numbers. HTTP→HTTPS (80→443), LDAP→LDAPS (389→636), IMAP→IMAPS (143→993), POP3→POP3S (110→995). Replacing Telnet (23) with SSH (22) and FTP (21) with SFTP (22) or FTPS are common security questions.

TCP vs UDP Protocol Classification

Knowing which protocol uses TCP vs UDP is essential. TCP (reliable, connection-oriented): FTP, SSH, Telnet, SMTP, HTTP, HTTPS, POP3, IMAP, LDAP, SMB, RDP. UDP (fast, connectionless): DHCP, DNS (queries), TFTP, SNMP, NTP, RADIUS, Syslog. Some protocols use both: DNS (UDP for queries, TCP for zone transfers and large responses), SNMP.

The exam tests UDP vs TCP when asking 'which protocol does not guarantee delivery' or 'which port does a service use by default?' Knowing that DHCP uses UDP (ports 67/68) and cannot use TCP is important for troubleshooting DHCP relay scenarios.

Protocol Purposes and Security Implications

Each protocol serves a specific purpose. Understanding the purpose helps answer 'which protocol should be used' questions. HTTP (80): unencrypted web traffic. HTTPS (443): encrypted web traffic using TLS. SSH (22): encrypted remote terminal and file transfer. Telnet (23): unencrypted remote terminal — never use over untrusted networks. SMTP (25): server-to-server email. SMTP submission (587): client-to-server email with TLS. RDP (3389): Windows remote desktop — high-risk port, often targeted.

Security hardening questions frequently ask: 'Which protocol should replace Telnet?' → SSH. 'Which port should be blocked to prevent unencrypted web traffic?' → TCP 80. 'Which service uses port 3389 and poses a security risk?' → RDP (Remote Desktop Protocol).

Must-Know Ports for Network+ Exam

Port	Protocol	TCP/UDP	Service
20/21	FTP	TCP	File Transfer (data/control)
22	SSH / SFTP	TCP	Encrypted remote access
23	Telnet	TCP	Unencrypted remote access
25	SMTP	TCP	Email sending (server)
53	DNS	TCP/UDP	Domain name resolution
67/68	DHCP	UDP	IP address assignment
69	TFTP	UDP	Trivial file transfer
80	HTTP	TCP	Unencrypted web
110	POP3	TCP	Email retrieval
143	IMAP	TCP	Email retrieval (sync)
161/162	SNMP/Trap	UDP	Network monitoring
389	LDAP	TCP	Directory services
443	HTTPS	TCP	Encrypted web (TLS)
445	SMB	TCP	File/printer sharing
3389	RDP	TCP	Remote Desktop

Key exam facts — Network+

DNS uses both TCP and UDP port 53 (UDP for queries, TCP for zone transfers)
DHCP uses UDP ports 67 (server) and 68 (client)
SSH (22) replaces Telnet (23) for encrypted remote access
HTTPS (443) uses TLS; HTTP (80) is unencrypted — both use TCP
SNMP uses UDP 161 for polling and UDP 162 for traps
RDP (TCP 3389) is commonly targeted — should be limited or VPN-gated
SMTP port 25 = server-to-server; port 587 = client submission with TLS

Common exam traps

DNS only uses UDP

DNS uses UDP 53 for standard queries but uses TCP 53 for zone transfers and responses larger than 512 bytes

SFTP uses FTP port 21

SFTP (SSH File Transfer Protocol) uses SSH port 22 — it is not FTP with encryption, it is a completely separate protocol over SSH

All secure protocols use port 443

Only HTTPS uses 443; LDAPS uses 636, IMAPS uses 993, POP3S uses 995, SMTPS uses 587 or 465

Practice questions — Ports and Protocols

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A network administrator needs to configure a firewall to allow encrypted web traffic. Which port must be permitted?

A.TCP 80

B.TCP 443

C.TCP 8080

D.UDP 443

Explanation: HTTPS (encrypted web traffic using TLS) uses TCP port 443. TCP 80 is unencrypted HTTP. TCP 8080 is commonly used as an alternate HTTP port. HTTPS does not use UDP in traditional implementations (QUIC/HTTP3 uses UDP 443 but that is not the standard answer for Network+).

Q2.Which protocol and port combination should be used to securely transfer files to a remote server over an encrypted channel?

A.FTP – TCP 21

B.TFTP – UDP 69

C.SFTP – TCP 22

D.SMB – TCP 445

Explanation: SFTP (SSH File Transfer Protocol) runs over SSH on TCP port 22, providing encrypted file transfers. FTP (TCP 21) is unencrypted. TFTP (UDP 69) provides no authentication or encryption. SMB (TCP 445) is Windows file sharing, not a remote transfer protocol.

Q3.A technician needs to allow network devices to automatically receive IP addresses. Which firewall ports must be open?

A.TCP 67 and 68

B.UDP 67 and 68

C.UDP 69

D.TCP 53

Explanation: DHCP uses UDP port 67 (server) and UDP port 68 (client). DHCP uses UDP because it broadcasts before an IP address is assigned, making TCP's connection-oriented handshake impossible. UDP 69 is TFTP, and TCP 53 is DNS zone transfers.

Frequently asked questions — Ports and Protocols

How many ports do I need to memorize for Network+?

Focus on the 20–25 most commonly tested ports: FTP (20/21), SSH (22), Telnet (23), SMTP (25), DNS (53), DHCP (67/68), TFTP (69), HTTP (80), POP3 (110), NTP (123), IMAP (143), SNMP (161/162), LDAP (389), HTTPS (443), SMB (445), LDAPS (636), IMAPS (993), POP3S (995), RDP (3389). The exam CompTIA publishes an 'Exam Objectives' document listing exactly which ports are tested.

What is the difference between POP3 and IMAP?

POP3 (port 110/995) downloads email to the client and typically deletes it from the server — one device sees the email. IMAP (port 143/993) synchronizes email between the server and multiple clients — the same inbox is visible from all devices. IMAP is the modern standard for multi-device email access.

Practice this topic

Network+practice questions

Test yourself on Ports and Protocols

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime