- #subnetting
- #security-plus
- #ejpt
- #networking
Subnetting without tears
Subnetting on exams comes down to one mental model and two question types. Here is the finger-counting method I use while studying for Security+ and eJPT.

Subnetting questions used to cost me five minutes each on practice tests. That is fatal when the real exam gives you about a minute per question. The fix was not grinding more binary. It was a smaller mental model and one trick I can do on my fingers.
I am studying for Security+ SY0-701 and eJPT right now. Not certified yet. So this is what I actually use this week, not theory from someone who tested a decade ago.
The /24 is home base
Almost every exam question lives in the fourth octet, so anchor everything to the /24.
A /24 is one block of 256 addresses. 192.168.1.0/24 runs from 192.168.1.0 through 192.168.1.255. The first address names the network and the last one is broadcast, so 254 usable hosts. That is a whole small office. The guest wifi at a nail salon fits in one /24 with room for every client who ever walks in.
Every mask from /25 to /30 is just that block chopped into equal pieces:
- /25 = 2 blocks of 128
- /26 = 4 blocks of 64
- /27 = 8 blocks of 32
- /28 = 16 blocks of 16
- /29 = 32 blocks of 8
- /30 = 64 blocks of 4
Block size times block count always equals 256. So you never memorize a table. You find the block size, and everything else falls out of it.
Powers of two on your fingers
Here is the finger trick. To get the block size for any mask:
- Subtract the mask from 32. That is your host bits. A /26 gives 32 - 26 = 6.
- Count powers of two on your fingers: 2, 4, 8, 16, 32, 64. Six fingers, so the block size is 64.
- Usable hosts is that number minus 2. A /26 holds 62 hosts.
That is the whole method. No binary columns, no ANDing octets on scratch paper. If you can double a number six or seven times, you can subnet.
Two anchors worth knowing cold because they show up constantly: a /30 is 4 addresses with 2 usable, the classic point-to-point link, and a /24 is 256 with 254 usable. Everything between them you derive on your fingers in five seconds.
The two questions exams actually ask
Every subnetting question I have hit in practice exams boils down to one of two types.
Type 1: which network is this host on? Say the question gives you 192.168.1.77/26. Block size for a /26 is 64, so the networks start at .0, .64, .128, and .192. 77 lands between 64 and 128. Network is 192.168.1.64, broadcast is one below the next block at 192.168.1.127, and the usable range is .65 through .126. Fifteen seconds. A question asking for the broadcast address or the last valid host is the same question wearing a costume.
Type 2: what mask fits this many hosts? You need 30 hosts per subnet. Count fingers until the power of two minus 2 covers it: 2, 4, 8, 16, 32. Five fingers, and 32 - 2 = 30, so five host bits, which is a /27. Need 50 hosts? Six fingers gets you 64 - 2 = 62, so a /26.
That is it. Name the type, run the finger count, pick the answer.
Now the honest limit. This model lives in the fourth octet. When a question throws a /22 or a /20 at you, the block math shifts into the third octet, where each step is worth 256 addresses. Same method, one octet over, but I still slow down and double check those. Also worth saying plainly: Security+ SY0-701 leans lighter on raw subnetting than Network+ does, and on the eJPT side it mostly means reading a scope like 10.10.10.0/24 and knowing exactly which 254 hosts nmap is about to sweep. Learn the two question types well and move on. Do not spend a month here.
Reps make it automatic
Shortcut or not, the speed only comes from repetition. I do a few subnetting problems most days, the same way I run flashcards, because the finger trick is useless if I have to re-derive it under exam pressure. That daily-reps problem is exactly why I built Security+ SY0-701 and eJPT flashcards, quizzes, and a daily question with streaks into my own study app. If you want the reps in your pocket, Aldo's Toolkit is free on both stores. No ads, no tracking, and it works offline.
community rating
$ ls ./comments
sign in or create an account to rate and comment.
no comments yet, be first.