2.3 CompTIA A+ · Core 1 (220-1201) · Domain 2 — Networking

Services Provided
by Networked Hosts

Objective 2.3 Domain weight: 20% 10 server roles · 4 appliances · SCADA · IoT

OVERVIEWIntroduction

Every network exists to provide services — and those services are delivered by hosts that have been configured to perform a specific role. Objective 2.3 asks you to recognize the most common server roles and network appliances by name, understand the core function each one performs, and be able to match a real-world scenario ("users can't resolve website names," "a device needs to spread incoming traffic across several web servers") to the correct role or appliance.

This objective is organized into three groups. Server roles are software services — often run on dedicated hardware, but conceptually defined by the function they perform regardless of the underlying box. Internet appliances are devices (hardware or virtual) that sit at a strategic point in the network, usually the perimeter, to inspect, filter, or distribute traffic. Legacy/embedded systems and IoT covers a category of devices that don't fit the traditional "server" or "appliance" mold but are increasingly common on modern networks and carry their own unique risk profile.

Role vs. Hardware

A "server role" describes what a host does, not what physical box it runs on. A single physical server can run multiple roles simultaneously (a small business might run DNS, DHCP, and file sharing all on one machine), or a single role can be spread across many physical servers for redundancy and load (a large company's web servers). Don't assume "one role = one box" — the exam tests your understanding of the function, independent of deployment.

PART 1Server Roles

The following ten roles represent the core services that make a modern network usable — resolving names, assigning addresses, sharing files and printers, delivering mail and web content, logging events, authenticating users, storing structured data, and keeping every device's clock in sync.

DNS — Domain Name System

PORT 53

Translates human-readable domain names (e.g., google.com) into IP addresses that computers actually use to route traffic, and vice versa. Without DNS, users would have to memorize and type numeric IP addresses for every website and service they wanted to reach. A DNS server maintains records mapping names to addresses and answers lookup requests from clients.

DHCP — Dynamic Host Configuration Protocol

PORT 67/68

Automatically assigns IP addresses, subnet masks, default gateways, and DNS server addresses to client devices joining the network, eliminating the need to manually configure every device (see the DORA process covered in objective 2.6). Most SOHO routers run a built-in DHCP server; larger organizations typically run DHCP on a dedicated server.

Fileshare (File Server)

SMB / NFS

Provides centralized storage that multiple users and devices can access over the network, typically presented as mapped network drives or shared folders. Centralizing files this way makes backup, access control, and collaboration far simpler than scattering files across individual local machines. Common protocols include SMB (Windows-native file sharing) and NFS (common in Linux/Unix environments).

Print Server

PORT 631 (IPP)

Manages and queues print jobs from multiple client computers to one or more shared network printers, centralizing print drivers, permissions, and job queuing rather than requiring each printer to be configured individually on every computer. A print server can be a dedicated appliance, a role running on a general-purpose server, or even a printer itself with built-in network/print-server capability.

Mail Server

SMTP / IMAP / POP3

Sends, receives, and stores email for an organization's users. Mail servers typically combine multiple protocols: SMTP (Simple Mail Transfer Protocol) handles outgoing/relay of mail between servers, while IMAP or POP3 handle client retrieval of mail from the server's mailbox storage. (These protocols and their ports are explored in greater depth in a later networking objective.)

Syslog

PORT 514

Provides centralized logging — network devices, servers, and applications send their log messages (errors, warnings, status events) to a central syslog server rather than keeping logs scattered locally on each device. This centralization is critical for security monitoring, troubleshooting, and compliance, since it allows an administrator to correlate events across many devices from one place instead of checking each device individually.

Web Server

PORT 80 / 443

Hosts and serves website content (HTML, images, applications) to client browsers using HTTP (port 80, unencrypted) or HTTPS (port 443, encrypted via TLS). Common web server software includes Apache, Nginx, and Microsoft IIS. A single physical or virtual server can host many separate websites simultaneously.

AAA — Authentication, Authorization, and Accounting

RADIUS / TACACS+

A framework — not a single protocol — describing three related security functions, often implemented together via services like RADIUS or TACACS+.

Database Server

e.g. 1433 / 3306

Stores, organizes, and serves structured data to client applications, typically using a query language such as SQL. Database servers run software like Microsoft SQL Server, MySQL, PostgreSQL, or Oracle, and are the backend behind most business applications, websites, and inventory/customer record systems — the application a user interacts with is usually just a front end querying a database server behind the scenes.

NTP — Network Time Protocol

PORT 123

Synchronizes the system clocks of devices across a network to a common, accurate time reference. Accurate, synchronized time is critical for far more than just clock display — it's essential for correctly correlating timestamps in security logs, for many authentication protocols (e.g., Kerberos, which fails if client/server clocks drift too far apart), and for scheduled tasks and certificate validity checks across the network.

Exam Angle — Match the Symptom to the Role

This objective is tested almost entirely through symptom-matching. "Users can reach a website by IP but not by name" → DNS problem. "A new device on the network has no IP address at all" → DHCP problem. "Security logs from different devices don't line up in time" → NTP problem. "An employee can log in but can't access the files they need" → an authorization failure (the "A" after authentication in AAA). Practice converting symptoms into role names — that's the actual exam skill.

PART 2Internet Appliances

Where server roles generally provide a service that users or applications directly consume, internet appliances typically sit at a strategic chokepoint in the network — most often the perimeter, between the internal network and the internet — to inspect, filter, distribute, or relay traffic on behalf of other systems.

Spam Gateways

A spam gateway sits in front of a mail server and filters incoming (and sometimes outgoing) email for spam, phishing attempts, and malicious attachments before that mail ever reaches end users' inboxes. It can be a dedicated hardware appliance, a software service, or a cloud-based filtering service that simply redirects mail flow through it before delivery to the real mail server.

Unified Threat Management (UTM)

A Unified Threat Management (UTM) appliance consolidates multiple security functions into a single device: firewall, intrusion detection/prevention (IDS/IPS), antivirus/anti-malware scanning, content filtering, VPN termination, and often spam filtering — all managed from one console. The appeal of a UTM is simplified management and reduced hardware footprint compared to deploying each of those functions as a separate standalone device, which is the traditional enterprise approach.

UTM vs. Standalone Firewall

Recall from objective 2.5 that a basic firewall filters traffic by rule. A UTM is best understood as a "firewall and then some" — it includes firewall functionality but bundles many additional security layers into the same box. The tradeoff: a UTM is a single point of failure and can become a performance bottleneck under heavy load, since one device is now responsible for many security functions simultaneously.

Load Balancers

A load balancer distributes incoming network or application traffic across multiple servers, ensuring no single server becomes overwhelmed while the others sit idle. This serves two purposes simultaneously: improving performance (spreading the workload) and improving availability/redundancy (if one backend server fails, the load balancer can detect this and stop sending it traffic, routing requests to the remaining healthy servers instead).

Load balancers are especially common in front of web server farms and database clusters, where a popular website or application needs more capacity than any single server could handle alone.

Proxy Servers

A proxy server acts as an intermediary between client devices and the destination servers they're trying to reach, with the client's request passing through the proxy rather than going directly to the destination. Proxies serve several distinct purposes, often combined in the same device:

Forward Proxy vs. Reverse Proxy

A forward proxy sits in front of clients, handling outbound requests on their behalf to external destinations (the typical "company internet filter" scenario). A reverse proxy sits in front of servers instead, handling inbound requests from external clients on behalf of one or more backend servers — often blurring into load-balancer territory, since a reverse proxy frequently distributes incoming requests across multiple backend servers as part of its job.

ApplianceCore FunctionTypical Placement
Spam gatewayFilters spam/phishing before it reaches the mail serverIn front of the mail server
UTMConsolidates firewall + IDS/IPS + antivirus + content filtering + VPNNetwork perimeter
Load balancerDistributes traffic across multiple servers for performance/redundancyIn front of a server farm/cluster
Proxy serverIntermediary for client requests; filtering, caching, anonymityBetween clients and the internet (forward) or in front of servers (reverse)

PART 3Legacy/Embedded Systems

SCADA — Supervisory Control and Data Acquisition

A SCADA (Supervisory Control and Data Acquisition) system monitors and controls industrial processes and physical infrastructure — power grids, water treatment plants, manufacturing lines, oil and gas pipelines, and similar industrial environments. SCADA systems collect real-time data from sensors and control physical equipment (valves, pumps, switches) spread across a facility or a wide geographic area.

Why SCADA Security Is Different

SCADA systems are frequently built on legacy hardware and software that may be decades old, were never designed with modern network security in mind, and often cannot be patched or updated without risking disruption to critical physical processes (a water treatment plant can't simply "reboot to apply updates" the way an office workstation can). This combination — old, hard-to-patch software controlling physically critical infrastructure — makes SCADA environments a uniquely sensitive security concern, and they are typically isolated from general business networks specifically because of this risk.

PART 4Internet of Things (IoT) Devices

Internet of Things (IoT) devices are everyday physical objects embedded with sensors, software, and network connectivity, allowing them to collect and exchange data over a network. Common examples include smart thermostats, smart speakers/assistants, security cameras, smart door locks, wearable fitness trackers, and connected appliances.

Exam Angle

SCADA and IoT are grouped together here because the exam wants you to recognize a shared theme: both categories involve devices that are connected to the network but were not designed with network security as a primary concern, and both are commonly addressed in practice by network segmentation — placing these devices on a separate, isolated VLAN or network segment so that a compromise of one of these devices doesn't expose the rest of the network.

Master Reference — Networked Host Services

DNSName ↔ IP address resolution
DHCPAuto-assigns IP config to clients
FileshareCentralized network storage (SMB/NFS)
Print serverCentralizes print queues/drivers
Mail serverSend/receive/store email (SMTP/IMAP/POP3)
SyslogCentralized log collection from many devices
Web serverServes website content (HTTP/HTTPS)
AAAAuthentication + Authorization + Accounting
Database serverStores/serves structured data via queries
NTPSynchronizes device clocks network-wide
Spam gatewayFilters spam/phishing before the mail server
UTMFirewall + IDS/IPS + AV + filtering, all-in-one
Load balancerSpreads traffic across multiple servers
Proxy serverIntermediary: filtering, caching, anonymity
SCADAControls industrial/physical infrastructure
IoTSingle-purpose connected devices; often under-secured

REFERENCESymptom-to-Service Quick Reference

Common Symptom → Role

  • Can ping by IP, not by name → DNS
  • New device gets no IP address → DHCP
  • Logs from different devices don't align in time → NTP
  • User logged in but denied access to a resource → AAA (authorization)
  • App backend queries are slow/failing → Database server

Common Symptom → Appliance

  • Inbox flooded with phishing email → Spam gateway
  • One server overloaded while others idle → Load balancer
  • Need firewall + AV + IDS in one box → UTM
  • Need to block/filter outbound websites → Forward proxy

AAA Broken Down

  • Authentication → "Who are you?" (login)
  • Authorization → "What can you do?" (permissions)
  • Accounting → "What did you do?" (logging)

SCADA & IoT — Shared Risk Theme

  • Legacy/embedded → Hard to patch, security an afterthought
  • Resource-constrained → Limited security features possible
  • Default credentials → Common, often unchanged
  • Mitigation → Network segmentation/isolated VLAN

Final Exam Reminders

DNS = names ↔ IPs. DHCP = automatic IP configuration. These two are the most frequently tested roles in this objective.

AAA = three distinct functions — don't collapse "authentication" and "authorization" into the same thing; a user can be authenticated but not authorized.

NTP = accurate time matters for log correlation and authentication protocols like Kerberos, not just for clock display.

UTM = many security functions bundled into one appliance; tradeoff is a single point of failure.

Load balancer = performance AND redundancy — distributes load and routes around failed servers.

Forward proxy = protects/filters for clients going out. Reverse proxy = sits in front of servers handling inbound requests.

SCADA = industrial/physical infrastructure control; legacy systems, hard to patch, high-stakes if compromised.

IoT = single-purpose connected devices; default credentials and infrequent updates are the recurring exam theme.