What is CertGuide.ai?

CertGuide.ai is an AI-powered certification prep platform that helps you pass CompTIA exams like Security+, Network+, and A+. It maps all exam concepts, diagnoses your weak areas, and creates personalized study plans.

How does CertGuide compare to CertMaster?

CertGuide.ai offers AI-powered diagnostics that map your knowledge across all 183 Security+ concepts, personalized study plans, and an AI tutor. Unlike traditional prep tools, CertGuide shows you exactly which concepts need work and tracks your progress to exam readiness.

What is the pass rate for CertGuide users?

99% of CertGuide users who reach 95% concept mastery pass their certification exam on the first attempt.

How much does CertGuide cost?

CertGuide offers a free baseline assessment to diagnose your current knowledge. Full course access is $49 per certification exam.

Which CompTIA certifications does CertGuide support?

CertGuide currently supports CompTIA Security+ (SY0-701), with Network+ and A+ (Core 1 & Core 2) launching soon.

What is a jump server used for?

A jump server is a hardened intermediate system that administrators must connect through to access protected servers. It provides a single controlled access point, enables complete session logging, enforces MFA, and limits the attack surface of protected systems.

What is the difference between forward and reverse proxy?

A forward proxy sits between internal users and the internet, filtering outbound traffic and hiding internal IPs. A reverse proxy sits between the internet and internal servers, protecting servers from direct exposure, providing SSL termination, and often including WAF capabilities.

When should you use inline vs tap/passive deployment?

Use inline deployment when you need to block traffic (IPS, firewall, WAF). Use tap/passive deployment when you only need visibility without affecting traffic (IDS, packet capture, forensics). Passive deployment adds no latency and has no failure impact on traffic flow.

Objective 3.2High12 min

Network Appliance Types

Security roles of network appliances including jump servers, proxy servers, IPS/IDS, load balancers, and sensors. Covers deployment modes: active vs passive, inline vs tap/monitor, and appropriate use cases.

Understanding Network Appliance Types

Network security appliances provide various protective functions from access control to threat detection. Understanding each appliance type—and how it's deployed—is essential for building layered defenses.

Key network appliance types: • Jump servers — Secure access points for administrative connections • Proxy servers — Intermediaries that inspect and control traffic • IDS/IPS — Intrusion detection and prevention systems • Load balancers — Distribute traffic with security benefits • Sensors/collectors — Gather data for analysis

The 2020 SolarWinds attack showed why jump server security matters—attackers who compromised build servers had access to thousands of networks. Proper segmentation with hardened jump servers limits blast radius.

Each appliance serves a specific purpose; understanding deployment modes (inline vs passive) determines their effectiveness.

Why This Matters for the Exam

Network appliance types are heavily tested on SY0-701 as they form the building blocks of network security. Questions cover when to use each type and how deployment modes affect functionality.

Understanding appliances helps with security architecture, incident response, and defense in depth implementation. Wrong deployment modes cause blind spots or performance issues.

The exam tests both conceptual understanding and practical deployment scenarios.

Deep Dive

What Is a Jump Server and Why Is It Important?

A jump server (also called bastion host or jump box) is a hardened system that acts as a gateway for administrative access to protected systems.

Jump Server Purpose:

Jump Server (Bastion Host)

Admin

Jump Server

MFA • Logging

Server 1

Server 2

Server 3

Single controlled access point • All admin traffic logged • MFA enforced

Jump Server Security Features:

Feature	Purpose
Hardened OS	Minimal attack surface
MFA required	Strong authentication
Session recording	Audit trail of commands
Limited tools	Only necessary admin utilities
Network isolation	Only reachable from specific sources

Jump Server Benefits:

•Single point for admin access control
•Complete audit trail of administrative actions
•Reduces attack surface of protected systems
•Enforces consistent authentication
•Contains compromised admin credentials

How Do Forward and Reverse Proxies Differ?

Forward Proxy:

Forward Proxy

Internal Users

Forward Proxy

Filter • Cache • Hide IPs

Internet

Filters outbound traffic • Caches content • Hides internal IPs

Forward Proxy Functions:

Function	Security Benefit
URL filtering	Block malicious/inappropriate sites
Content inspection	Scan for malware
Data loss prevention	Prevent data exfiltration
User authentication	Track who accesses what
Caching	Reduce bandwidth, faster analysis

Reverse Proxy:

Reverse Proxy

Internet

Reverse Proxy

SSL • WAF • LB

Server 1

Server 2

Shields servers • SSL termination • Load distribution

Reverse Proxy Functions:

Function	Security Benefit
Hide internal topology	Servers not directly exposed
SSL/TLS termination	Centralized certificate management
Web application firewall	Inspect inbound requests
Load balancing	Distribute attack traffic
Authentication	Verify users before reaching app

What Is the Difference Between IDS and IPS?

Intrusion Detection System (IDS):

Intrusion Detection System (IDS)

Passive

Traffic

Network

IDS watches copy

Detects, alerts • Does NOT block

Passive monitoring • No latency impact • Cannot block traffic

Intrusion Prevention System (IPS):

Intrusion Prevention System (IPS)

Inline

Traffic

IPS

Network

Detects AND blocks • Active prevention

Inline deployment • Traffic passes through • Adds some latency

IDS vs IPS Comparison:

Aspect	IDS	IPS
Deployment	Passive (tap/span)	Inline (in traffic path)
Action	Alert only	Alert and block
Latency impact	None	Some (inspection time)
Failure impact	No traffic impact	Fail-open or fail-closed
False positive impact	Alert fatigue	Blocks legitimate traffic

Detection Methods:

Method	Description
Signature-based	Match known attack patterns
Anomaly-based	Detect deviation from baseline
Heuristic	Behavioral analysis
Reputation	Known bad IPs/domains

What Are Inline vs Tap/Monitor Deployments?

Inline Deployment

Traffic In

→

Security Device

→

Traffic Out

✓ Can block/modify traffic

⚠ Adds latency

✓ Active prevention

✗ Failure affects traffic

Traffic passes THROUGH device • Used for IPS, Firewall, WAF

Tap/Monitor (Passive) Deployment

Traffic

→

Network

tap/span

Device (receives copy)

✓ No latency impact

⚠ Cannot block traffic

✓ Failure doesn't affect flow

✓ Observe only

Traffic NOT interrupted • Used for IDS, packet capture, forensics

Deployment Comparison:

Mode	Can Block	Latency	Failure Impact
Inline	Yes	Added	Traffic affected
Tap/Monitor	No	None	No impact

What Security Functions Do Load Balancers Provide?

Load Balancer Architecture

Clients

Load Balancer

Server 1

Server 2

Server 3

Database

Health checks auto-remove failed servers • Distributes load evenly

Security Functions:

Function	Benefit
DDoS mitigation	Distribute and absorb attack traffic
SSL offloading	Centralized encryption/decryption
Health monitoring	Remove compromised servers
Traffic inspection	Integrate WAF capabilities
Session persistence	Maintain secure sessions

Application Delivery Controller (ADC):

•Enhanced load balancers with:
•Web application firewall
•Bot mitigation
•API protection
•Advanced traffic management

What Are Sensors and Collectors?

Network Sensors:

•Devices that collect network data for security analysis.

Sensor Types:

Type	Function
Network tap	Copy all traffic for analysis
SPAN port	Switch mirrors traffic to sensor
Flow sensor	Collect NetFlow/sFlow data
Packet capture	Full packet recording
Protocol analyzer	Deep packet inspection

Collector Functions:

•Aggregate data from multiple sensors
•Normalize different formats
•Forward to SIEM
•Long-term storage
•Initial analysis

Network Sensor Placement

Internet

← Perimeter sensor

DMZ

← DMZ sensors

Internal Network

← Internal sensors

Data Center

← DC sensors

Full visibility requires sensors at each zone

How CompTIA Tests This

Example Analysis

Scenario: A company needs to monitor network traffic for malicious activity. They want to detect attacks without adding latency or risking service disruption. They also need the ability to investigate past incidents with full packet data.

Analysis - Appliance Selection:

Requirements:

Requirement	Implication
Detect attacks	Need IDS capability
No latency	Cannot be inline
No service risk	Passive deployment
Historical investigation	Need packet capture

Passive Monitoring Solution

Internet

Firewall

Tap

Network

Tap

IDS

Packet Capture

SIEM Integration

✓ No latency✓ No service risk✓ Full visibility

Passive monitoring with taps provides visibility without risk

Components:

1.Network taps at key locations
2.IDS sensors analyzing copies of traffic
3.Packet capture for forensic investigation
4.SIEM for correlation and alerting

Key insight: When blocking is not required and latency/availability is critical, passive monitoring with taps and IDS provides visibility without risk. Add IPS inline only where blocking is necessary and acceptable.

Key Terms

network appliancesjump serverproxy serverIDSIPSload balancersensorsinline vs tapactive vs passive

Common Mistakes

Confusing IDS and IPS deployment—IDS is passive (monitors copies), IPS is inline (traffic passes through). IDS cannot block.

Putting IPS everywhere—inline IPS adds latency and risk. Use passive IDS where blocking isn't required.

Forgetting jump server hardening—a compromised jump server provides access to everything it protects. Harden thoroughly.

Forward vs reverse proxy confusion—forward proxy protects outbound users; reverse proxy protects inbound to servers.

Exam Tips

IDS = Detect and alert only (passive). IPS = Detect and PREVENT (inline, can block). "S" in IPS = Stop/block.

If a question says "without affecting traffic flow," the answer is passive/tap deployment, not inline.

Jump server = single controlled point for admin access. All admin traffic through jump server = full audit trail.

Forward proxy = internal users going OUT to internet. Reverse proxy = external users coming IN to servers.

Inline devices: firewalls, IPS, WAF. Passive devices: IDS, sensors, packet capture.

Network tap copies ALL traffic. SPAN port mirrors traffic (may drop under load). Tap is more reliable for forensics.

Memory Trick

IDS vs IPS Memory:

IDS = I Detect Stuff (just watching) IPS = I Prevent Stuff (actively blocking)

"IDS is a security camera—it watches and records. IPS is a security guard—it watches AND tackles intruders."

Inline vs Passive: Inline = "In the line" of traffic (traffic passes through) Passive = "Passively watching" from the side (copies only)

Forward vs Reverse Proxy: "Forward proxy for internal users going forth to internet" "Reverse proxy receives external traffic coming in"

Jump Server Memory: "Jump to the protected servers, but you must jump through security first" Like airport security—everyone goes through one checkpoint.

Sensor Placement: "You can't see what you don't sensor" Sensors at every zone = complete visibility

Test Your Knowledge

Q1.A security team needs to monitor network traffic for malicious activity WITHOUT any impact to network performance. Which deployment should they use?

Q2.What is the PRIMARY security function of a jump server?

Q3.Which type of proxy protects internal web servers from direct internet exposure?

Want more practice with instant AI feedback?

Continue Learning

Firewall Types Device Placement and Security Zones

Ready for the Exam?

See exactly where you stand on this concept and 182 others.

99% pass rate · Pass guarantee

Failure Modes Port Security