DNS, DHCP, Web, Email, Management, and VPN Basics

Common network services are easier to remember when you tie them to user symptoms. A user says, "I can reach 10.20.30.40 but not portal.company.test." Think DNS. A user says, "My laptop connected to Wi-Fi but has no valid address." Think DHCP. An administrator says, "The web app works, but the browser warns users." Think HTTPS certificate validation. A security alert says, "An internet address is trying to connect to TCP 3389." Think RDP exposure.

DNS

DNS resolves names to addresses. Common records include A records for IPv4, AAAA records for IPv6, CNAME aliases, MX mail exchanger records, NS name server records, and TXT records used for several verification and mail security purposes. DNS commonly uses UDP 53 for ordinary queries and TCP 53 for zone transfers or larger responses. Security concerns include spoofed responses, unauthorized zone transfers, typosquatting, and malware command-and-control lookups. In a troubleshooting scenario, DNS is likely when direct IP access works but name access fails.

DHCP

DHCP automatically gives clients an address, subnet mask, default gateway, DNS server, and lease time. A typical flow is discover, offer, request, acknowledge. DHCP reduces manual configuration errors, but it also creates risks if a rogue DHCP server gives clients a bad gateway or malicious DNS server. If clients on one VLAN receive leases and clients on another do not, look for DHCP relay, scope configuration, VLAN tagging, or access control problems.

Web and Email

HTTP provides web communication without built-in encryption. HTTPS uses TLS to protect confidentiality and integrity and to help authenticate the server through certificates. Certificate warnings can indicate expiration, name mismatch, untrusted issuer, or interception problems. SMTP moves email between servers and often appears with filtering, anti-spam, and authentication controls. Email security questions may involve phishing, spoofed sender domains, malicious attachments, or suspicious links rather than SMTP mechanics alone.

Administration and Monitoring

SSH is used for secure command-line administration. RDP provides graphical remote desktop access and should be restricted because exposed RDP is a common attack path. SNMP supports monitoring of network devices and servers. Older SNMP versions use community strings; SNMPv3 can add authentication and encryption. FTP transfers files but is not appropriate for sensitive data unless protected by an additional secure design. The exam may ask you to choose a safer protocol: SSH over Telnet, HTTPS over HTTP, and SNMPv3 over SNMPv2c.

VPN Basics

A VPN creates an encrypted tunnel across an untrusted network. Remote access VPNs connect individual users to organizational resources. Site-to-site VPNs connect networks, such as a branch office to headquarters or a cloud network to a data center. VPN protection does not automatically mean everything is safe. The user still needs authentication, the endpoint may need posture checks, and routing must be correct. Split tunneling sends only selected traffic through the VPN, while full tunneling sends all traffic through it. Split tunneling can reduce bandwidth load but may increase risk if endpoint and internet traffic are not well controlled.

Scenario: Remote Worker Triage

A remote worker can log in to the VPN, browse public websites, and reach an internal server by IP, but cannot open the intranet by name. The VPN tunnel is probably established. General internet access works. Internal IP reachability works. The strongest clue is name resolution across the VPN. Check whether the VPN client receives the correct internal DNS server, whether the internal domain suffix is applied, and whether split DNS is configured.

Another scenario: a firewall report shows inbound attempts from multiple countries to TCP 3389 on a server. The better first response is not "install a faster network card." RDP should be blocked from the internet, restricted to a VPN or management subnet, protected with MFA where possible, and monitored for failed logons. The key skill is connecting service purpose to exposure risk.

High-Yield Checkpoints

• DNS maps names to addresses and is a frequent clue when IP connectivity works but names fail.
• DHCP assigns client network settings such as IP address, subnet mask, gateway, and DNS server.
• HTTP and HTTPS support web access, but HTTPS adds TLS-based protection and certificate validation.
• Management protocols such as SSH, SNMP, and RDP require tighter access control than ordinary user traffic.
• VPNs create protected tunnels but still depend on identity, endpoint posture, routing, and split-tunnel decisions.