Network Admin Test 3 (Final Exam)

Last Mile Technologies

Connects Internet to organizations; includes DSL, cable, GPON.

Remote Access Technology

Enables connection to DMZ server resources externally.

Remote Access Server

DMZ server accepting requests from remote clients.

Remote Access Client

Connects to DMZ server using encryption.

Demarc

Point where ISP's network meets organization's network.

Network Interfaces

Remote access server requires two for connectivity.

Public IP Address

Assigned to the interface connected to the demarc.

Firewall

Security software protecting the remote access server.

Port Forwarding

Forwards requests to internal servers in the DMZ.

Virtual Private Networks (VPNs)

Most widely used remote access technology since 1990s.

VPN Tunnel

Encrypted channel between client and server.

Split Tunneling

Accesses DMZ resources while using local Internet.

Point-to-Point Tunneling Protocol (PPTP)

Uses Microsoft MPPE for data encryption.

Layer Two Tunneling Protocol (L2TP)

Relies on IPSec for encryption.

Internet Key Exchange version 2 (IKEv2)

Protocol for establishing secure VPN connections.

Secure Socket Tunneling Protocol (SSTP)

Uses SSL and TLS for encryption.

RADIUS

Provides centralized VPN authentication and logging.

DHCP Relay Agent

Locates and obtains IP addresses for clients.

Read-Only Attribute

Prevents saving changes to a file.

Hidden Attribute

Prevents listing folder and file names.

Archive Attribute

Indicates files need to be backed up.

Index Attribute

Pre-creates a list for faster searching.

Compress Attribute

Automatically compresses files on the filesystem.

Encrypt Attribute

Applies encryption to protect data on disk.

Advanced Permissions

Provides specific types of access to files.

File Ownership

Each file has a single owner, typically creator.

Access Denied Message

Indicates insufficient permissions for user access.

Advanced Security Settings

Window for configuring permissions and ownership.

Effective Access

User's actual permissions on a folder.

Shared Folder

Folder accessible over a network by users.

DFS

Distributed File System for file server management.

DFS Namespaces

Organizes shared folders into a virtual tree structure.

DFS Replication

Synchronizes files across multiple servers.

UNC

Universal Naming Convention for network resources.

User Quotas

Limits disk space for individual users.

Folder Quotas

Limits disk space for specific folders.

Hard Quotas

Strict limits on disk space usage.

Soft Quotas

Warning limits on disk space usage.

File Screens

Prevents specific file types from being saved.

Active Screening

Immediate blocking of unwanted file types.

Passive Screening

Alerts users about unwanted file types.

Monitoring

Ongoing observation of system performance.

Proactive Maintenance

Preventive actions to minimize future issues.

Reactive Maintenance

Corrective actions taken after issues arise.

Troubleshooting Procedure

Systematic approach to resolving problems.

Server Manager

Tool for monitoring system events and performance.

Task Manager

Manages processes and monitors system performance.

Performance Monitor

Tracks real-time system resource usage.

Event Viewer

Tool for viewing system event logs.

Memory Leaks

Processes that continuously consume memory.

Rogue Processes

Erroneous processes using excessive CPU time.

Event Logs

Records of system events for troubleshooting.

Performance Objects

Components tracked by Performance Monitor.

Performance Counters

Metrics for measuring performance objects.

Replication Group

Set of servers sharing replicated folders.

Quota Entries

Specific user limits overriding default settings.

File Server Resource Manager

Tool for managing quotas and file screens.

Bandwidth

Data transfer capacity of a network connection.

Bus Mastering

Devices perform processing tasks, reducing CPU load.

Physical Memory

Increases working space, reduces paging file usage.

SSD

Faster storage option than traditional hard drives.

IP Configuration

Settings that define network interface's IP address.

ipconfig /all

Command to display detailed network configuration.

DHCP Server

Assigns IP addresses dynamically to devices.

Ping Command

Tests connectivity to a specified IP address.

Test-NetConnection

PowerShell command for testing network connectivity.

Default Gateway

Router IP for accessing external networks.

tracert Command

Tracks the route packets take to a destination.

FQDN

Fully Qualified Domain Name for network resources.

DNS Server

Translates domain names into IP addresses.

Group Policy Objects (GPOs)

Settings applied to users and computers in Active Directory.

Computer Configuration

Settings applied at boot time by the computer.

User Configuration

Settings applied when users log into the domain.

Block Inheritance

Prevents GPO settings from being applied to an OU.

Default Domain Policy

Provides default security configuration for domain computers.

Software Deployment

Distributes software packages via Group Policy.

Windows Installer File

Package format for deploying Windows applications.

Account Lockout Policy

Locks accounts after a set number of failed logins.

gpupdate /force

Forces a refresh of Group Policy settings.

gpresult /r

Displays the Resultant Set of Policy for a user.

RADIUS Server

Generates encryption keys for wireless clients.

WSUS Server

Manages Microsoft product update distribution.

Event Log

Records system events for troubleshooting purposes.

Network Service

Service running on a server for client access.

Netstat Command

Displays active connections and listening ports.

UNC Path

Universal Naming Convention path for network resources.

Administrative Templates

Settings for managing user and computer configurations.

Remote access technology

Connects to DMZ server resources from outside the organization

Remote access server

DMZ server that accepts requests from remote access clients

Remote access client

Connects to the DMZ remote access server using encryption provided by the remote access server. Authenticated by RAS first.

Two network interfaces a RAS requires:

−One connected to the demarc and assigned a public IP address resolved using a host record in a publicly registered DNS zone
-One connected to the DMZ

Three main remote access technologies used to obtain access to servers in a DMZ from across the internet that Microsoft provides:

VPNs, DirectAccess, Remote Desktop Services

Each remote access technology:

Provides its own protocols, supports different authentication and encryption types

VPNs are:

Used for remote access across the internet, In use since the 1990s, Most widely implemented remote access technology today

VPN tunnel

Provides encrypted channel between network systems with each end represented by interfaces configured with an IP address.

Requests for internet resources from remote access clients are:

Forwarded to NAT router or NGFW before being sent to the Internet

Remote access clients configured with split tunneling:

Access resources in their organization's DMZ across the VPN tunnel, Use their physical network interface default gateway to access internet

Four VPN protocols:

Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), Internet Key Exchange version 2 (IKEv2), Secure Socket Tunneling Protocol (SSTP)

Point-to-Point Tunneling Protocol (PPTP)

Encrypts data using Microsoft Point-to-Point Encryption (MPPE)

Layer Two Tunneling Protocol (L2TP)

Relies on IP Security (IPSec) for encryption