Skip to main content
Revy's Tech Journey, powered by Revtek
Back to Study
A+ Core 2 · CompTIA 220-1202 V15 · Objective C2-4.9

Given a scenario, use remote access technologies

Drill flashcardsFocused quizBrowse all objectives (sidebar view)

Objective 4.9: Given a scenario, use remote access technologies

Cert: CompTIA A+ Core 2 (220-1202) V15 Domain: 4.0 Operational Procedures Weight: Part of the 21% Operational Procedures domain Depth: Given a scenario, use. The candidate must pick the right remote access tool and recognize each tool's security implications.

What this objective tests

You should know each remote access method and its appropriate use case: RDP, VPN, VNC, SSH, RMM, SPICE, WinRM, third-party tools (screen sharing, file transfer, videoconferencing, desktop management).

Key facts

Remote Desktop Protocol (RDP):

  • Microsoft's remote desktop protocol. Built into Windows (Pro+ editions can be RDP hosts; all editions can be RDP clients).
  • TCP/UDP port 3389 by default.
  • Encrypts traffic; supports Network Level Authentication (NLA) for pre-session credential validation.
  • Common for: remote work into office PCs, jump boxes, terminal services.

Virtual Private Network (VPN):

  • Encrypted tunnel between client and corporate network. Once connected, client appears to be on the corporate LAN.
  • Protocols: IPsec, SSL/TLS, WireGuard.
  • Use case: secure access to internal resources from anywhere. Best paired with MFA.
  • Covered in detail in obj 1.7.

Virtual Network Computing (VNC):

  • Cross-platform remote desktop protocol. Open-source (TightVNC, RealVNC, UltraVNC) and commercial versions.
  • TCP port 5900 (display 0) by default.
  • Mostly unencrypted by default; tunnel through SSH or VPN for security.
  • Common for Linux/Mac remote access where RDP isn't native.

Secure Shell (SSH):

  • Encrypted remote command-line access. The standard for *nix server admin.
  • TCP port 22.
  • Supports key-based authentication (preferred over password).
  • Also: SSH tunneling (port forwarding), SCP/SFTP (secure file copy), X11 forwarding.

Remote Monitoring and Management (RMM):

  • Agent-based platforms for MSPs and IT teams to monitor and manage endpoints at scale.
  • Examples: NinjaOne, Datto RMM, Atera, Kaseya VSA, ConnectWise Automate, N-able N-central.
  • Capabilities: remote desktop, file transfer, script execution, patch management, antivirus deployment, alert monitoring.
  • The MSP's primary daily tool.

Simple Protocol for Independent Computing Environments (SPICE):

  • Remote display protocol primarily used with KVM virtualization on Linux.
  • Optimized for VM access (low-latency, full-color, audio passthrough).
  • Less common in Windows-shop environments.

Windows Remote Management (WinRM):

  • Microsoft's protocol for remote Windows admin via SOAP/HTTP/HTTPS.
  • Underlies PowerShell Remoting (Enter-PSSession, Invoke-Command).
  • TCP 5985 (HTTP) / 5986 (HTTPS).
  • Required for many Windows enterprise management workflows.

Third-party tools (screen-sharing software):

  • TeamViewer, AnyDesk, Splashtop, LogMeIn, Zoho Assist, ScreenConnect.
  • Often used for ad-hoc remote support (one-off help sessions).
  • Some have unattended access for managed devices; others are session-based.

Third-party tools (videoconferencing software):

  • Zoom, Microsoft Teams, Google Meet, Webex.
  • Video + audio + screen sharing for meetings.
  • Not strictly a remote-admin tool but often used for guided support.

Third-party tools (file transfer software):

  • FileZilla (SFTP/FTP), WinSCP (SFTP), Cyberduck.
  • For moving files between local and remote systems without full remote desktop session.

Third-party tools (desktop management software):

  • Microsoft Intune, Jamf Pro, VMware Workspace ONE, Hexnode.
  • Combined RMM + MDM + policy management. Sometimes overlaps with traditional RMM categorization.

Security considerations:

Per access method:

  • RDP: Enable NLA. Strong passwords. MFA via Remote Desktop Gateway or VPN front. Never expose 3389 directly to the Internet.
  • VPN: Strong auth (cert-based or MFA). Strict access control after connection. Split-tunnel only if you understand the trade-off.
  • VNC: Tunnel through SSH or VPN. Plain VNC is unencrypted.
  • SSH: Key-based auth, not passwords. Disable root login. Restrict source IPs. Use non-standard port if exposed to Internet (cosmetic but cuts scan noise).
  • RMM: Treat the RMM platform as critical infrastructure. MFA on admin accounts. Audit access. Restrict scripts to vetted templates.
  • WinRM: HTTPS only on production. Restrict source IPs.
  • Third-party tools: Vet vendor security posture. Use unattended access modes for managed devices only.

Common gotchas

  • RDP 3389 exposed to the Internet. Top compromise vector. Always front with VPN or RD Gateway.
  • VNC without tunneling. Credentials and screen content in clear text. Use SSH tunnel or VPN.
  • SSH password auth on a public-facing server. Brute-force target. Use keys.
  • RMM admin account without MFA. RMM access = total control of every managed endpoint. Compromised RMM = supply-chain breach for every client.
  • Third-party support tool installed but never uninstalled. Persistent unattended access for an old vendor. Audit and remove.
  • Split-tunnel VPN misconfigured. Some traffic bypasses VPN; security or policy implications.

Real-world context

Remote access for an MSP supporting clients:

  • RMM for routine management: patching, monitoring, scripted remediation, alerting.
  • RMM's built-in remote desktop for screen-sharing assistance (TeamViewer-style functionality usually included).
  • VPN or RD Gateway for accessing client networks where the RMM can't reach.
  • SSH for Linux/Unix servers, network gear (with TACACS+ or RADIUS for auth).
  • Third-party tools sparingly, for specific needs (e.g., ScreenConnect for white-label client experience).

Remote access for remote workers in a corporate environment:

  • VPN as the network access layer.
  • RDP via RD Gateway if remote-into-office-PC is the model.
  • Cloud-first apps (Microsoft 365, Google Workspace) reducing the need to VPN at all.
  • Zero Trust Network Access (ZTNA) as the modern alternative to VPN: per-app authentication and authorization without giving the device a network address inside the perimeter.

Sources

  • [CompTIA A+ 220-1202 Exam Objectives Version 4.0, Section 4.9](../../../../../../30-RevyTechJourney/CompTIA%20A%2B%20220-1202%20Exam%20Objectives%20%284.0%29.pdf)
  • [Microsoft Learn: Remote Desktop Protocol](https://learn.microsoft.com/en-us/windows/win32/termserv/remote-desktop-protocol)
  • [Microsoft Learn: WinRM](https://learn.microsoft.com/en-us/windows/win32/winrm/portal)
  • [OpenSSH Documentation](https://www.openssh.com/)
  • [Wikipedia: VNC](https://en.wikipedia.org/wiki/Virtual_Network_Computing)
  • [Wikipedia: SPICE](https://en.wikipedia.org/wiki/Simple_Protocol_for_Independent_Computing_Environments)