Network Configuration & Internet Connections
Key Takeaways
- Static IPs are configured by hand for servers, printers, and infrastructure; dynamic IPs come from DHCP; a DHCP reservation gives a device a fixed address while still using DHCP.
- NAT lets private hosts share a public IP; PAT (NAT overload) is the home-router default, distinguishing flows by port.
- A VPN builds an encrypted tunnel; full tunnel sends all traffic through it while split tunnel sends only corporate traffic.
- Connection types differ sharply in latency: GEO satellite is 500-700ms (poor for real-time), while fiber is ~1-5ms.
- Know the ipconfig family for Windows: /all, /release, /renew, and /flushdns, plus ping, tracert, and nslookup.
Static vs. Dynamic Addressing
Dynamic (DHCP) - the default for clients
- Assigned automatically; may change at lease renewal.
- Best for laptops, desktops, and phones; no manual setup.
Static - manual and fixed
Use for devices that must always be reachable at the same address:
- Servers (web, mail, file, print)
- Network printers
- Routers and switches
- DNS and DHCP servers
A static host requires four values configured by hand: IP address, subnet mask, default gateway, and DNS server. Omitting the gateway is a classic exam fault - the host reaches its own subnet but nothing beyond it.
DHCP reservation - best of both
The DHCP server always hands a chosen device (matched by MAC address) the same IP. The device stays automatic but gets a predictable address - ideal for shared printers.
NAT (Network Address Translation)
| Type | Mapping | Use case |
|---|---|---|
| Static NAT | One private <-> one public | A server that needs a permanent public address |
| Dynamic NAT | Pool of public IPs shared as needed | Orgs with several public addresses |
| PAT (Port Address Translation) | Many private -> one public, by port | Home/SOHO networks |
PAT, also called NAT overload, is what your home router uses: every device shares one public IP, and the router keeps a translation table keyed by source port to route replies back to the right host.
VPN (Virtual Private Network)
A VPN wraps traffic in an encrypted tunnel across untrusted networks.
| Mode | Behavior | Use case |
|---|---|---|
| Site-to-site | Joins two whole networks | Branch office to HQ |
| Remote access (client-to-site) | One user dials into the corporate net | Teleworkers |
| Split tunnel | Only corporate traffic uses the tunnel | Saves bandwidth |
| Full tunnel | All traffic traverses the tunnel | Maximum inspection/security |
Protocols: IPSec (Layer 3 standard), SSL/TLS VPN (rides port 443 through browsers/firewalls), WireGuard (modern, lightweight), and OpenVPN (open-source, flexible).
Internet Connection Types
| Connection | Download | Latency | Where used |
|---|---|---|---|
| Cable (DOCSIS 3.1) | 100 Mbps - 1 Gbps | 15-30 ms | Suburban/urban |
| DSL (VDSL2) | 25-100 Mbps | 20-40 ms | Wide (phone lines) |
| Fiber (FTTH) | 100 Mbps - 10 Gbps | 1-5 ms | Growing |
| Satellite (LEO/Starlink) | 50-200 Mbps | 20-40 ms | Global |
| Satellite (GEO) | 12-100 Mbps | 500-700 ms | Remote/legacy |
| Cellular 5G | 100 Mbps - 1 Gbps | 10-30 ms | Urban/suburban |
| Fixed wireless | 25-1000 Mbps | 10-30 ms | Rural/suburban |
Exam tip: GEO satellite sits ~35,786 km up, so round-trip latency is 500-700 ms - unusable for VoIP, video calls, and gaming. LEO satellite (Starlink) flies much lower and slashes latency.
Proxy Servers
| Type | Path | Benefit |
|---|---|---|
| Forward proxy | Client -> proxy -> internet | Content filtering, hide client identity |
| Reverse proxy | Internet -> proxy -> server | Load balancing, caching, TLS offload |
| Transparent proxy | Intercepts without client config | Org-wide filtering |
Command-Line Diagnostics
| Command | OS | Purpose |
|---|---|---|
| ipconfig /all | Windows | Full config: MAC, DHCP server, DNS, lease |
| ipconfig /release | Windows | Drop the current DHCP lease |
| ipconfig /renew | Windows | Request a fresh DHCP lease |
| ipconfig /flushdns | Windows | Clear the DNS resolver cache |
| ip addr | Linux | Show interface addressing |
| ping | All | Test reachability and round-trip time |
| tracert / traceroute | Win / *nix | Show each hop to a destination |
| nslookup | All | Query DNS records directly |
| netstat | All | List active connections and listening ports |
A typical workflow: ipconfig /all to confirm a lease, ping the gateway then a public IP, and nslookup to isolate DNS. If a renamed site loads slowly or wrongly, ipconfig /flushdns clears stale cached records.
Static vs. Reservation: Choosing the Right Tool
Candidates often confuse a static IP with a DHCP reservation, and the exam exploits that. A static IP is typed into the device itself and lives nowhere else, so if the subnet is renumbered you must touch every static device by hand. A reservation lives on the DHCP server: the device still boots, sends a DHCP Discover, and receives the same address every time because the server matched its MAC.
The practical rule is to use a reservation whenever you want a predictable address but central control - network printers and IP cameras are textbook cases - and reserve true static configuration for the infrastructure that must work even if DHCP is down, such as the DHCP server itself, the default gateway, and DNS servers. A device with a reservation but a DHCP outage will eventually fall to APIPA, whereas a statically configured device keeps its address regardless.
VPN Tunnel Modes in Practice
The difference between full tunnel and split tunnel is a common scenario question. In full tunnel, a remote worker's entire traffic stream - including their personal web browsing - travels encrypted to the corporate gateway and out from there, so security teams can inspect and filter everything but the company link carries all that load. In split tunnel, only traffic destined for corporate subnets enters the tunnel while ordinary internet traffic goes out the user's local connection, which conserves bandwidth and speeds streaming but reduces the organization's visibility.
Choosing between them is a security-versus-performance decision, and the exam expects you to map the requirement ("inspect all employee traffic" versus "reduce VPN bandwidth") to the correct mode.
A Connection-Type Scenario
A rural clinic needs reliable video conferencing and asks which internet service to buy. Fiber is unavailable, and the candidate must reason from latency. GEO satellite is ruled out immediately - its 500-700 ms delay makes interactive video painful. LEO satellite such as Starlink, fixed wireless, or cellular 5G all deliver latency in the 10-40 ms range that video calls tolerate, so any of those is acceptable where coverage exists.
The reasoning - that real-time applications are dominated by latency, not raw download speed - is exactly the analysis the exam wants, and it explains why a fast-but-laggy GEO link feels worse on calls than a slower low-latency one.
Which NAT variant lets many private hosts share a single public IP by tracking unique port numbers?
Which Windows command releases the current DHCP-assigned address?
Which internet connection type has the highest latency, making it the worst choice for VoIP and gaming?
The Windows command that clears the local DNS resolver cache is: ipconfig /_______
Type your answer below