NetworkingNetwork+

Remote Access Management for CompTIA Network+ N10-009

Remote access management covers how administrators securely access network devices and how users access corporate resources remotely. CompTIA Network+ N10-009 tests remote access protocols (SSH, RDP, VNC), jump servers/bastion hosts, and out-of-band management. Secure remote access is critical for maintaining networks without being physically present at each device.

7 min

2 sections · 7 exam key points

1 practice questions

Secure Remote Administration Protocols

SSH (Secure Shell, TCP 22): the standard for secure remote access to network devices and servers. Encrypts all traffic including credentials. Replaces Telnet (TCP 23) which transmits everything in plaintext. SSH supports key-based authentication (more secure than passwords) — the server validates a cryptographic key pair rather than a password. Always use SSH v2 (v1 has known vulnerabilities).

RDP (Remote Desktop Protocol, TCP 3389): Windows remote desktop protocol — provides graphical remote access to Windows systems. RDP should be restricted to internal networks or accessed through a VPN. Never expose RDP directly to the internet — RDP is one of the most commonly exploited services for ransomware attacks. Enable Network Level Authentication (NLA) to require credentials before establishing a session.

VNC (Virtual Network Computing): cross-platform graphical remote access, uses RFB (Remote Framebuffer) protocol. Multiple port numbers (5900 default). VNC itself has no encryption — use SSH tunneling or VPN when accessing VNC over untrusted networks.

Jump Servers and Out-of-Band Management

Jump server (bastion host): a hardened server that serves as the sole access point for managing devices in a secure or isolated network zone. Administrators SSH/RDP to the jump server first, then from the jump server to target devices. All access is logged centrally on the jump server — provides auditing of who accessed what and when. Jump servers reduce the attack surface by eliminating direct access to production devices.

Out-of-band (OOB) management: a separate, dedicated management network that is physically or logically isolated from production traffic. Management interfaces (console, dedicated management port) connect to the OOB network. If the production network fails, administrators can still access devices via OOB. OOB prevents management traffic from being impacted by production congestion or outages.

Console access: direct serial/USB connection to a device's console port — provides access regardless of IP configuration or network connectivity. Used for initial configuration, password recovery, and emergency access. Console servers (terminal servers) aggregate console connections from many devices into a single accessible interface.

Key exam facts — Network+

SSH (TCP 22) = encrypted; Telnet (TCP 23) = unencrypted — always use SSH
RDP (TCP 3389) should never be exposed directly to the internet
NLA (Network Level Authentication) requires credentials before RDP session
Jump server = hardened single access point for managing sensitive systems
OOB management = separate management network — maintains access when production fails
Console server aggregates device console ports — enables OOB access to many devices
SSH key-based authentication is more secure than password authentication

Common exam traps

RDP is safe to expose to the internet with a strong password

RDP exposed to the internet is frequently targeted by brute-force, credential-stuffing, and vulnerability attacks (BlueKeep, DejaBlue). Always place RDP behind a VPN or restrict by source IP

Practice questions — Remote Access Management

These questions are representative of what you will see on Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A network team needs to access a secure network zone from the internet. They want all administrative access logged centrally and all traffic to flow through a single, hardened server. What should be deployed?

A.VPN with split tunneling

B.Jump server (bastion host)

C.RDP directly to each server

D.Telnet with SSH fallback

Explanation: A jump server (bastion host) is a hardened server that is the single access point for administrative access to secure network zones. All access is logged on the jump server, providing a centralized audit trail. Administrators connect to the jump server, then from it to target devices. This eliminates direct external access to production systems.

Frequently asked questions — Remote Access Management

What is the difference between in-band and out-of-band management?

In-band management: device management traffic travels over the same network as production data (e.g., SSH to a switch's production IP). Simpler but management access fails if the production network has problems. Out-of-band management: a dedicated, separate network for management traffic — physical console connections, dedicated management interfaces, or a separate management VLAN/network. OOB ensures management access even when the production network is down.

Practice this topic

Network+practice questions

Test yourself on Remote Access Management

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime