View
222
Download
0
Category
Preview:
Citation preview
8/14/2019 final quesions
1/64
8/14/2019 final quesions
2/64
Ans :- Global Catalog server is a Searchable Index book. With this we can findout any object in the Active Directory.
Also it works as logon authentication for Group memberships.
We can have each domain controller in domain or only first domain controller in adomain..
Q. DNS zones, chronicle records what are they?
Ans :- In Windows 2000 there are mainly 3 zones
Standard Primary zone information writes in Txt fileStandard Secondary copy of PrimaryActive Directory Integrated Information stores in Active Directory
in win2k3 one more zone is added that is Stub zone
Stub is like secondary but it contains only copy of SOA records, copy of NSrecords, copy of A records for that zone. No copy of MX, SRV records etc.,With this Stub zone DNS traffic will be low
Q. What is FSMO Roles?
Ans :-Flexible Single Master Operation Roles
1. Domain Naming Master Forest Wide Roles
2. Schema Master Forest Wide Roles3. RID Master Domain Wide Roles4. PDC Emulator Domain Wide Roles5. Infrastructure Master Domain Wide Roles
RID Master It assigns RID and SID to the newly created object like Users andcomputers. If RID master is down (u can create security objects upto RID poolsare avialable in DCs) else u cant create any object one its down
PDC emulator : It works as a PDC to any NT Bdcs in your environment
It works as Time Server (to maintain same time in your network)
It works to change the passwords, lockout etc.,
Infrastructure Master: This works when we are renaming any group member shipobject this role takes care.
8/14/2019 final quesions
3/64
Domain Naming Master : Adding / Changing / Deleting any Domain in a forest ittakes care
Schema Master : It maintains structure of the Active Directory in a forest
Q. FTP, NNTP, SMTP, KERBEROS, DNS, DHCP, POP3 port numbers?
Ans:- FTP : 20, 21(20 is for controlling, 21 is Transmitting)
NNTP: 119
SMTP: 25
Kerberos: 88
DNS: 53
DHCP: 67, 68
Pop3: 110
Q DHCP PAT database path folder
Ans, C:\WINDOWS\system32\dhcp
Q. DNS Database path folder?
Ans : - C:\WINDOWS\system32\dns
Q. Working of ping, telnet, and gopher.
Ans. ping is a computer network tool used to test whether a particular host isreachable across an IP network. It works by sending ICMP echo request packets to thetarget host and listening for ICMP echo response replies. ping estimates the round-triptime, generally in milliseconds, and records any packet loss, and prints a statisticalsummary when finished.
TELNET (TELecommunication NETwork) is a network protocol used on the Internet orlocal area network (LAN) connections. It was developed in 1969 beginning with RFC 15and standardized as IETF STD 8, one of the first Internet standards.
The term telnet also refers to software which implements the client part of the protocol.TELNET clients have been available on most Unix systems for many years and areavailable for virtually all platforms. Most network equipment and OSs with a TCP/IP
8/14/2019 final quesions
4/64
stack support some kind of TELNET service server for their remote configuration(including ones based on Windows NT). Because of security issues with TELNET, its usehas waned as it is replaced by the use of SSH for remote access.
"To telnet" is also used as a verb meaning to establish or use a TELNET or other
interactive TCP connection, as in, "To change your password, telnet to the server and runthe passwd command".
Most often, a user will be telneting to a Unix-like server system or a simple networkdevice such as a switch. For example, a user might "telnet in from home to check his mailat school". In doing so, he would be using a telnet client to connect from his computer toone of his servers. Once the connection is established, he would then log in with hisaccount information and execute operating system commands remotely on that computer,such as ls or cd.
On many systems, the client may also be used to make interactive raw-TCP sessions,
even when that option is not available, telnet sessions are equivalent to raw TCP as longas byte 255 never appears in the data.
packet internet gopher (PING)DefinitionMethod used in determining the response time of an internet connection. PING softwaresends a request to an website, and times the receipt of reply (echo) called pong. A part ofthe Internet Protocol, PING is not directly accessible to the user.packet internet gopher (PING) is in the Data Management, Communications, & Networksand Internet & World Wide Web subjects.
Q. What is RAID? Types of RAID
Ans:- What is a RAID
Lets start with the basics. RAID Redundant Array of Independent Discs. In the old days italso used to mean Redundant Array of Inexpensive Discs. A RAID system is a collectionof hard drives joined together using a RAID level definition ( see level below). There aremany uses for RAID. First it can be used to stripe drives together to give more overallaccess speed (level 0). Second it can be used mirror drives (level 1). Third it can be usedto increase uptime of your overall storage by striping drives together and then keepingparity data, if a drive should fail the system keeps operating (level 5). Most people use
RAID level 5 for the uptime purposes and its ability to join together 16 drives, giving alarge storage block. Read about RAID levels below and see which one suits you best.
Hot Spares
A hot spare is a stand by drive assigned to an array or assigned to a group of arrays(global spare). If a drive goes bad in an array the hot spare will take over for failed drive
8/14/2019 final quesions
5/64
automatically and your array will not suffer a performance degradation. Hot spares onlymake sense on levels 5, 5+0 , 0+5, 1+5 and 5+1.
Hot Swap
Hot swap is a term used to describe the condition in which drives are attached to theRAID controller. You always want hot swap drives so that if a drive goes bad it can bereplaced on the fly without incurring downtime.
Other features to avoid downtime
Other features of professional RAIDs include Hot swap and redundant power supplies.Hot swap and redundant fans. In some more expensive RAID systems we even have hotswap and redundant RAID controllers.
RAID Levels
Configure and price a RAID system
RAID 0
This is the simplest level of RAID, and it just involves striping. Data redundancy is noteven present in this level, so it is not recommended for applications where data is critical.This level offers the highest level of performance out of any single RAID level. It alsooffers the lowest cost since no extra storage is involved. At least 2 hard drives arerequired, preferably identical, and the maximum depends on the RAID controller. Noneof the space is wasted as long as the hard drives used are identical. This level has becomepopular with the mainstream market for it's relatively low cost and high performance
gain. This level is good for most people that don't need any data redundancy. There aremany SCSI and IDE/ATA implementations available. Finally, it's important to note that ifany of the hard drives in the array fails, you lose everything.
Configure and price a RAID system
RAID 1
This level is usually implemented as mirroring. Two identical copies of data are stored ontwo drives. When one drive fails, the other drive still has the data to keep the systemgoing. Rebuilding a lost drive is very simple since you still have the second copy. Thisadds data redundancy to the system and provides some safety from failures. Some
implementations add an extra RAID controller to increase the fault tolerance even more.It is ideal for applications that use critical data. Even though the performance benefits arenot great, some might just be concerned with preserving their data. The relative simplicityand low cost of implementing this level has increased its popularity in mainstream RAIDcontrollers. Most RAID controllers nowadays implement some form of RAID 1.
Configure and price a RAID system
http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/8/14/2019 final quesions
6/64
RAID 2
This level uses bit level striping with Hamming code ECC. The technique used here issomewhat similar to striping with parity but not really. The data is split at the bit leveland spread over a number of data and ECC disks. When data is written to the array, theHamming codes are calculated and written to the ECC disks. When the data is read from
the array, Hamming codes are used to check whether errors have occurred since the datawas written to the array. Single bit errors can be detected and corrected immediately. Thisis the only level that really deviates from the RAID concepts talked about earlier. Thecomplicated and expensive RAID controller hardware needed and the minimum numberof hard drives required, is the reason this level is not used today.
Configure and price a RAID system
RAID 3
This level uses byte level striping with dedicated parity. In other words, data is stripedacross the array at the byte level with one dedicated parity drive holding the redundancy
information. The idea behind this level is that striping the data increasing performanceand using dedicated parity takes care of redundancy. 3 hard drives are required. 2 forstriping, and 1 as the dedicated parity drive. Although the performance is good, the addedparity does slow down writes. The parity information has to be written to the parity drivewhenever a write occurs. This increased computation calls for a hardware controller, sosoftware implementations are not practical. RAID 3 is good for applications that dealwith large files since the stripe size is small.
Configure and price a RAID system
RAID 4
This level is very similar to RAID 3. The only difference is that it uses block levelstriping instead of byte level striping. The advantage in that is that you can change thestripe size to suit application needs. This level is often seen as a mix between RAID 3 andRAID 5, having the dedicated parity of RAID 3 and the block level striping of RAID 5.Again, you'll probably need a hardware RAID controller for this level. Also, thededicated parity drive continues to slow down performance in this level as well.
Configure and price a RAID system
RAID 5
RAID 5 uses block level striping and distributed parity. This level tries to remove the
bottleneck of the dedicated parity drive. With the use of a distributed parity algorithm,this level writes the data and parity data across all the drives. Basically, the blocks of dataare used to create the parity blocks which are then stored across the array. This removesthe bottleneck of writing to just one parity drive. However, the parity information still hasto be calculated and written whenever a write occurs, so the slowdown involved with thatstill applies. The fault tolerance is maintained by separating the parity information for ablock from the actual data block. This way when one drive goes, all the data on that drivecan be rebuilt from the data on the other drives. Recovery is more complicated than usual
http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/http://4raid.com/8/14/2019 final quesions
7/64
because of the distributed nature of the parity. Just as in RAID 4, the stripe size can bechanged to suit the needs of the application. Also, using a hardware controller is probablythe more practical solution. RAID 5 is one of the most popular RAID levels being usedtoday. Many see it as the best combination of performance, redundancy, and storageefficiency.
Configure and price a RAID system
RAID 10 or 0+1
Combining Levels of RAID
The single RAID levels don't address every application requirement that exist. So, to getmore functionality, someone thought of the idea of combining RAID levels. What if youcan combine two levels and get the advantages of both? Well that was the motivationbehind creating these new levels. The main benefit of using multiple RAID levels is the
increased performance. Usually combining RAID levels means using a hardware RAIDcontroller. The increased level of complexity of these levels means that software solutionsare not practical. RAID 0 has the best performance out of the single levels and it is theone most commonly being combined. Not all combinations of RAID levels exist. Themost common combinations are RAID 0+1 and 1+0. The difference between 0+1 and1+0 might seem subtle, and sometimes companies may use the terms interchangeably.However, the difference lies in the amount of fault tolerance. Both these levels require atleast 4 hard drives to implement. Let's look at RAID 0+1 first.
This combination uses RAID 0 for it's high performance and RAID 1 for it's high faulttolerance. I actually mentioned this level when I talked about adding striping to
mirroring. Let's say you have 8 hard drives. You can split them into 2 arrays of 4 driveseach, and apply RAID 0 to each array. Now you have 2 striped arrays. Then you wouldapply RAID 1 to the 2 striped arrays and have one array mirrored on the other. If a harddrive in one striped array fails, the entire array is lost. The other striped array is left, butcontains no fault tolerance if any of the drives in it fail.
RAID 1+0 applies RAID 1 first then RAID 0 to the drives. To apply RAID 1, you splitthe 8 drives into 4 sets of 2 drives each. Now each set is mirrored and has duplicateinformation. To apply RAID 0, you then stripe across the 4 sets. In essence, you have astriped array across a number of mirrored sets. This combination has better fault tolerancethan RAID 0+1. As long as one drive in a mirrored set is active, the array can still
function. So theoretically you can have up to half the drives fail before you loseeverything, as opposed to only two drives in RAID 0+1.
The popularity of RAID 0+1 and 1+0 stems from the fact that it's relatively simple toimplement while providing high performance and good data redundancy. With theincreased reduction of hard drive prices, the 4 hard drive minimum isn't unreasonable tothe mainstream anymore. However, you still have the 50% waste in storage spacewhenever you are dealing with mirroring. Enterprise applications and servers are often
http://4raid.com/http://4raid.com/8/14/2019 final quesions
8/64
willing to sacrifice storage for increased performance and fault tolerance. Some othercombinations of RAID levels that are used include, RAID 0+3, 3+0, 0+5, 5+0, 1+5, and5+1. These levels are often complicated to implement and require expensive hardware.Not all of the combinations I mentioned above are used
Q. Types Of Active Directory Partitions?
Ans. Domain data
The domain data holds information about objects within a domain. This is information such as e-mail
contacts, user and computer account attributes, and published resources that are of interest to administrators
and users.
For example, when a user account is added to your network, a user account object and attribute data are
stored in the domain data. When changes to your organization's directory objects occur, such as object
creation, deletion, or attribute modification, this data is stored in the domain data.
Configuration data
The configuration data describes the topology of the directory. This configuration data includes a list of all
domains, trees, and forests and the locations of the domain controllers and global catalogs.
Schema data
The schema is the formal definition of all object and attribute data that can be stored in the directory.
Domain controllers running Windows Server 2003 include a default schema that defines many object types,
such as user and computer accounts, groups, domains, organizational units, and security policies.
Administrators and programmers can extend the schema by defining new object types and attributes or by
adding new attributes for existing objects. Schema objects are protected by access control lists, ensuring
that only authorized users can alter the schema
Application data
Data stored in the application directory partition is intended to satisfy cases where information needs to be
replicated but not necessarily on a global scale. Application directory partitions are not part of the directory
data store by default; they must be created, configured, and managed by the administrator.
Q. what is an organizational unit? In Active Directory,
Ans:- An organizational unit (OU) is a subdivision within an Active Directory into
which you can place users, groups, computers, and other organizational units.You can create organizational units to mirror your organization's functional orbusiness structure. Each domain can implement its own organizational unithierarchy. If your organization contains several domains, you can createorganizational unit structures in each domain that are independent of thestructures in the other domains.
http://kb.iu.edu/data/ahtd.htmlhttp://kb.iu.edu/data/ahtd.html8/14/2019 final quesions
9/64
The term "organizational unit" is often shortened to "OU" in casual conversation."Container" is also often applied in its place, even in Microsoft's owndocumentation. All terms are considered correct and interchangeable.
At Indiana University, most OUs are organized first around campuses, and then
around departments; sub-OUs are then individual divisions within departments.For example, the BL container represents the Bloomington campus; the BL-
UITS container is a subdivision that represents the University Information
Technology Services (UITS) department, and there are subcontainers below that.This method of organization is not an enforced rule at IU; it is merely chosen forconvenience, and there are exceptions.
Some of this information was adapted from Microsoft's knowledge base. Formore information about Active Directory structures, you can access Microsoft'sknowledge base at:
Q.What are the requirements for installing AD on a new server?
Ans. An NTFS partition with enough free space An Administrator's username and password
The correct operating system version
A NIC
Properly configured TCP/IP (IP address, subnet mask and -
optional - default gateway)
A network connection (to a hub or to another computer via a
crossover cable)
An operational DNS server (which can be installed on the DC itself)
A Domain name that you want to use The Windows Server 2003 CD media (or at least the i386 folder)
Q. What is Kerberos? Which version is currently used by Windows?How does Kerberos work?
Ans :- Kerberos is the user authentication used in Win2000 and Win2003 ActiveDirectory servers
Kerberos version in 5.0
Port is : 88
Its more secure and encrypted than NTLM (NT authentication)
Q. Describe the lease process of the DHCP server.
http://kb.iu.edu/data/ahaw.htmlhttp://kb.iu.edu/data/ahaw.htmlhttp://kb.iu.edu/data/ahaw.htmlhttp://kb.iu.edu/data/ahaw.html8/14/2019 final quesions
10/64
Ans : A DHCP lease is the amount of time that the DHCP server grants to theDHCP client permission to use a particular IP address. A typical server allows itsadministrator to set the lease time.
Q. Disaster Recovery Plan?
Ans: Deals with the restoration of computer system with all attendant softwareand connections to full functionality under a variety of damaging or interferingexternal condtions.
Q.Which protocol is used for Public Folder ?
ANS: SMTP
Q.What is the use of NNTP with exchange ?
ANS: This protocol is used the news group in exchange.
Q.How will take backup of Active Directory ?
Ans: Take the system state data backup. This will backup the active directorydatabase. Microsoft recomend only Full backup of system state database
What are the content of System State backup ?
The cotents areBoot fles,system files
Active directory (if its done on DC)Sysvol folder(if it done on DC)Cerficate service ( on a CA server)Cluster database ( on a clsture server)registryPerformance couter configuration inormationCoponet services class registration database
Q. What is the difference between windows server 2003...
A) In 2000 we cannot rename domain whereas in 2003 we can rename Domain
B) In 2000 it supports of 8 processors and 64 GB RAM (In 2000 Advance Server) whereas in2003 supports up to 64 processors and max of 512GB RAM
C)2000 Supports IIS 5.0 and 2003 Supports IIS6.0
D) 2000 doesnt support Dot net whereas 2003 Supports Microsoft .NET 2.0
8/14/2019 final quesions
11/64
E) 2000 has Server and Advance Server editions whereas 2003 has Standard, Enterprise,Datacentre and Web server Editions.
F) 2000 doesnt have any 64 bit server operating system whereas 2003 has 64 bit serveroperating systems (Windows Server 2003 X64 Std and Enterprise Edition)
G) 2000 has basic concept of DFS (Distributed File systems) with defined roots whereas2003 has Enhanced DFS support with multiple roots.
H) In 2000 there is complexality in administering Complex networks whereas 2003 is easyadministration in all & Complex networks
I) In 2000 we can create 1 million users and in 2003 we can create 1 billion users.
J) In 2003 we have concept of Volume shadow copy service which is used to create hard disksnap shot which is used in Disaster recovery and 2000 doesnt have this service.
K) In 2000 we dont have end user policy management, whereas in 2003 we have a End userpolicy management which is done in GPMC (Group policy management console).
L) In 2000 we have cross domain trust relation ship and 2003 we have Cross forest trustrelationship.
M) 2000 Supports 4-node clustering and 2003 supports 8-node clustering.
N) 2003 has High HCL Support (Hardware Compatibility List) issued by Microsoft
O) Code name of 2000 is Win NT 5.0 and Code name of 2003 is Win NT 5.1
P) 2003 has service called ADFS (Active Directory Federation Services) which is used tocommunicate between branches with safe authentication.
Q) In 2003 their is improved storage management using service File Server ResourceManager (FSRM)
R) 2003 has service called Windows Share point Services (It is an integrated portfolio ofcollaboration and communication services designed to connect people, information,processes, and systems both within and beyond the organizational firewall.)
S) 2003 has Improved Print management compared to 2000 server
T) 2003 has telnet sessions available.
U) 2000 supports IPV4 whereas 2003 supports IPV4 and IPV6
Q. Differencebetweenrouter and switch
8/14/2019 final quesions
12/64
Ans:- In those early days when router is router and switch is switch, thesetwo are different in several ways:
Router understand IP head, and switch deal with MAC address Router has its own IP address(es), and switch dont Router has an operating system running inside, and allow administrator
to login into the system. You (network administrator) must configure routing table to make it
works. Switch is usually ready to use. Router has routing software running inside, including route discovery
protocol. Routing software know how to deal with different IP packet, such as
ICMP and other IP option functionality. Switches dont. Multiple routers can be connected together as a network. You cant directly multiple switches together to form a large network.
Q. What's the difference between Windows 2000 and Windows
XP?
Ans:- Windows 2000 and Windows XP are essentially the same
operating system (known internally as Windows NT 5.0 andWindows NT 5.1, respectively.) Here are some considerations if
you're trying to decide which version to use:
Windows 2000 benefits
Windows 2000 has lower system requirements, and has a simpler interface
(no "Styles" to mess with).
Windows 2000 is slightly less expensive, and has no product activation.
Windows 2000 has been out for a while, and most of the common problems
and security holes have been uncovered and fixed.
Third-party software and hardware products that aren't yet XP-compatible
may be compatible with Windows 2000; check the manufacturers of your
devices and applications for XP support before you upgrade.
Windows XP benefits
Windows XP is somewhat faster than Windows 2000, assuming you have afast processor and tons of memory (although it will run fine with a 300MhzPentium II and 128MB of RAM).
The new Windows XP interface is more cheerful and colorful than earlier
versions, although the less-cartoony "Classic" interface can still be used if
desired.
Windows XP has more bells and whistles, such as the Windows Movie Maker,
built-in CD writer support, the Internet Connection Firewall, and RemoteDesktop Connection.
Intended For
Windows XP
Windows 2000
http://www.annoyances.org/exec/show/buywindowshttp://www.annoyances.org/exec/show/article03-200http://www.annoyances.org/exec/show/buywindowshttp://www.annoyances.org/exec/show/article03-2008/14/2019 final quesions
13/64
8/14/2019 final quesions
14/64
the following three classes.
Class A - supports 16 million hosts on each of 126 networksClass B - supports 65,000 hosts on each of 16,000 networks
Class C - supports 254 hosts on each of 2 million networks
The number of unassigned Internet addresses is running out, so a new classlessscheme called CIDRis gradually replacing the system based on classes A, B,and C and is tied to adoption ofIPv6.
Also see Understanding IP Addressing in the Did You Know . . .? section ofWebopedia.
Q. What is getaway?
Ans. A gateway is a network point that acts as an entrance to another network. On theInternet, a node or stopping point can be either a gateway node or a host (end-point)node. Both the computers of Internet users and the computers that serve pages to usersare host nodes. The computers that control traffic within your company's network or atyour local Internet service provider (ISP) are gateway nodes. Can transcode or allowdifferent protocols to talk to each other.
Q. Types Of User Profiles
Ans . Local User Profile This profile is automatically created the first time
a user logs on to the computer, and it is stored on the computer's local harddrive. Any changes made to the local user profile are specific to the computerwhere the change was made.
Roaming User Profile You, as the administrator, create this profile, and
store it on a network server. This profile is available when a user logs on to
any computer on the network. Any changes made to roaming user profiles
are automatically updated on the server when the user logs off.
Mandatory User Profile Mandatory user profiles are stored on a network
server and are downloaded each time the user logs on. This profile does notupdate when the user logs off. It is useful for situations where consistent or
job-specific settings are needed Only administrators can make changes to
mandatory user profiles. If the mandatory user profile is unavailable, the
user cannot log on.
Types of event viewer logs
http://www.webopedia.com/TERM/I/CIDR.htmlhttp://www.webopedia.com/TERM/I/IPng.htmlhttp://www.webopedia.com/TERM/I/IPng.htmlhttp://www.webopedia.com/DidYouKnow/Internet/2002/IPaddressing.asphttp://www.webopedia.com/DidYouKnow/_index.asphttp://www.webopedia.com/TERM/I/CIDR.htmlhttp://www.webopedia.com/TERM/I/IPng.htmlhttp://www.webopedia.com/DidYouKnow/Internet/2002/IPaddressing.asphttp://www.webopedia.com/DidYouKnow/_index.asp8/14/2019 final quesions
15/64
System Event Viewer Tips
By Nino Bilic
Although Event Viewer is a Microsoft Windows operating system tool, and
not a Microsoft Exchange Server tool, Event Viewer is useful when
troubleshooting Exchange Server problems. This article describes Event
Viewer basic concepts and new helpful features.
Definitions.
Overview
o
Types of Logs Found in Event Viewero Types of Events Logged
Event Anatomy
What Format to Save In?
How So You Know It Opened Properly?
Event Viewer Differences Between Windows Server 2003,
Windows XP, Windows 2000 Server, and Windows NT Server 4.0
Tips
o Increasing the Log File Size
o Filtering Events
o Searching for Keywords
o If on Windows XP, Use New Functionality
o Get All Logs that You Might Need
For More Information
Definitions
The following terms and definitions are used in this article:
http://technet.microsoft.com/en-us/library/aa996105.aspx#Definitions#Definitionshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Overview#Overviewhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfLogsFoundInEventViewer#TypesOfLogsFoundInEventViewerhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfEventsLogged#TypesOfEventsLoggedhttp://technet.microsoft.com/en-us/library/aa996105.aspx#EventAnatomy#EventAnatomyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#WhatFormatToSaveIn#WhatFormatToSaveInhttp://technet.microsoft.com/en-us/library/aa996105.aspx#HowDoYouKnowItOpenedProperly#HowDoYouKnowItOpenedProperlyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Tips#Tipshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IncreasingTheLogSize#IncreasingTheLogSizehttp://technet.microsoft.com/en-us/library/aa996105.aspx#FilteringEvents#FilteringEventshttp://technet.microsoft.com/en-us/library/aa996105.aspx#SearchingForKeywords#SearchingForKeywordshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IfOnWindowsXP#IfOnWindowsXPhttp://technet.microsoft.com/en-us/library/aa996105.aspx#GetAllTheLogs#GetAllTheLogshttp://technet.microsoft.com/en-us/library/aa996105.aspx#ForMoreInformation#ForMoreInformationhttp://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx#Definitions#Definitionshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Overview#Overviewhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfLogsFoundInEventViewer#TypesOfLogsFoundInEventViewerhttp://technet.microsoft.com/en-us/library/aa996105.aspx#TypesOfEventsLogged#TypesOfEventsLoggedhttp://technet.microsoft.com/en-us/library/aa996105.aspx#EventAnatomy#EventAnatomyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#WhatFormatToSaveIn#WhatFormatToSaveInhttp://technet.microsoft.com/en-us/library/aa996105.aspx#HowDoYouKnowItOpenedProperly#HowDoYouKnowItOpenedProperlyhttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Differences#Differenceshttp://technet.microsoft.com/en-us/library/aa996105.aspx#Tips#Tipshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IncreasingTheLogSize#IncreasingTheLogSizehttp://technet.microsoft.com/en-us/library/aa996105.aspx#FilteringEvents#FilteringEventshttp://technet.microsoft.com/en-us/library/aa996105.aspx#SearchingForKeywords#SearchingForKeywordshttp://technet.microsoft.com/en-us/library/aa996105.aspx#IfOnWindowsXP#IfOnWindowsXPhttp://technet.microsoft.com/en-us/library/aa996105.aspx#GetAllTheLogs#GetAllTheLogshttp://technet.microsoft.com/en-us/library/aa996105.aspx#ForMoreInformation#ForMoreInformationhttp://technet.microsoft.com/en-us/library/aa996105.aspx##8/14/2019 final quesions
16/64
Event Any significant occurrence in the system or an application
that requires users to be notified or an entry to be added to a log.
Event log service A service that records events in the System,
Security, and Application logs.
Event logging The process of recording an audit entry in the audit
trail whenever certain events occur, such as services starting and
stopping, or users logging on, logging off, and accessing resources.
Event Viewer A component you can use to view and manage event
logs, gather information about hardware and software problems, and
monitor security events. Event Viewer maintains logs about program,
security, and system events.
Overview
Using the event logs in Event Viewer, you can gather information about
hardware, software, and system problems, and you can monitor Windows
operating system security events.
Types of Logs Found in Event Viewer
Microsoft Windows Server 2003, Windows XP, Windows 2000 Server, and
Windows NT record events in three kinds of logs:
Application log The Application log contains events logged by
applications or programs. For example, a database program might
record a file error in the Application log. The program developer
decides which events to record.
System log The System log contains events logged by the Windows
operating system components. For example, the failure of a driver or
other system component to load during startup is recorded in the
System log. The event types logged by system components are
predetermined by the Windows operating system.
Security log The Security log can record security events such as
valid and invalid logon attempts as well as events related to resource
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##8/14/2019 final quesions
17/64
use, such as creating, opening, or deleting files. An administrator can
specify what events are recorded in the Security log. For example, if
you have enabled logon auditing, attempts to log on to the system
are recorded in the Security log.
Servers running Windows Server 2003 and Windows 2000 Server that are
domain controllers might have the following additional logs in Event Viewer:
Directory Service log Windows Server 2003 and Windows 2000
Server directory service logs events in the Directory Service log. This
includes any information regarding the Active Directory directory
service and Active Directory database maintenance.
File Replication Service log File Replication Service (FRS) logs its
events in this log. This service is used for replication of files, such as
domain policies, between domain controllers.
DNS Server service log This log includes events related to the
Domain Name System (DNS) Server service running on Windows
Server 2003 and Windows 2000 Server. This will show only on DNS
servers running Windows Server 2003 and Windows 2000 Server.
Types of Events Logged
The icon on the left side of the Event Viewer screen describes the
classification of the event by the Windows operating system. Event Viewer
displays these types of events:
Error A significant problem, such as loss of data or loss of
functionality. For example, if a service fails to load during startup, an
error will be logged.
Warning An event that is not necessarily significant, but may
indicate a possible future problem. For example, when disk space is
low, a warning will be logged.
Information An event that describes the successful operation of an
application, driver, or service. For example, when a network driver
loads successfully, an information event will be logged.
8/14/2019 final quesions
18/64
Success Audit An audited security access attempt that succeeds.
For example, a user's successful attempt to log on to the system will
be logged as a Success Audit event.
Failure Audit An audited security access attempt that fails. For
example, if a user tries to access a network drive and fails, the
attempt will be logged as a Failure Audit event.
Event Anatomy
The main event components are as follows:
Source The software that logged the event, which can be either an
application name, such as Microsoft SQL Server, or a component of
the system or of a large application, such as MSExchangeIS, which is
the Microsoft Exchange Information Store service.
Category A classification of the event by the event source. For
example, the security categories include Logon and Logoff, Policy
Change, Privilege Use, System Event, Object Access, Detailed
Tracking, and Account Management.
Event ID A unique number for each source to identify the event.
User The user name for the user who was logged on and working
when the event occurred. N/A indicates that the entry did not specify
a user.
Computer The computer name for the computer where the event
occurred.
Description This field provides the actual text of the event, or how
the application that logged the event explains what has happened.
Data Displays binary data generated by the event in hexadecimal
(bytes) or DWORDS (words) format. Not all events generate binary
data. Programmers and support professionals familiar with source
application can interpret this information.
What Format to Save In?
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##8/14/2019 final quesions
19/64
Generally, you want to use the Event Log (.evt) format only. This is the
easiest format to read and search through, because it can be opened with
Event Viewer on your server.
When you want to see events for services that you do not have installed onyour computer, such as Cluster service or third-party services, save logs in
.csv format. The .csv files can be opened in Microsoft Office Excel.
The least desirable format that you can save logs in is .txt file format. Text
files are searchable, but they can be cluttered with information, and it is easy
to miss critical events. Use .txt format only when necessary.
How Do You Know It Opened Properly?
The following is an example of an event that does not show
information properly.
Event Type: In fo rmat ion
Event Source: MSExchangeIS Pr iva te
Event Category: (30)
Event ID: 2003
Date: 8/16/2001
Time: 1:47:02 PM
User: N/A
Computer: SERVERNAME
Description: The description for Event ID ( 2003 ) in Source
( MSExchangeIS Private ) cannot be found. The local computer may
not have the necessary registry information or message DLL files to
display messages from a remote computer. The following information
is part of the event:
The following is the same event displayed properly.
Event Type: Information
Event Source: MSExchangeIS Private
Event Category: Transport Sending
Event ID: 2003
Date: 8/16/2001
Time: 1:47:02 PM
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##8/14/2019 final quesions
20/64
User : N/A
Compute r : SERVERNAME
Description: There are no messages ready to send. The send thread
is sleeping.
The first event example is the event as it appeared when opened on a
computer without Exchange Server. The second example is that same event
log entry when opened on a computer running Exchange Server.
If you want to open an event log and see event descriptions properly, you
must open the log on the computer that has those applications or services
installed. If you need to display the event log for events that were created by
a third-party application on another computer, you might want to save the
log in .csv format to see what those events say.
There will always be some events that you will not see properly, such as
third-party services, hardware drivers, audio visual software, and backup
software, but at least you will see Exchange Server events as they should
appear, if you open the log on the Exchange server.
Event Viewer Differences Between Windows Server 2003, Windows XP,
Windows 2000 Server, and Windows NT Server 4.0
In Event Viewer, when you press the COPY button, the whole text recorded in
the event is copied to the Clipboard. You can then paste the information
anywhere you need it.
In Windows Server 2003 and Windows XP, you can direct Event Viewer to
look up registry entries on some other computer when you are opening the
log. For example, on a computer running Windows XP Professional, you can
create additional shortcuts for launching Event Viewer. Each of the shortcutscan point to another computer, one for Exchange Server version 5.5, another
for Exchange 2000 Server, and a third one for Cluster service, so you can
open the associated event logs on your workstation computer.
http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##http://technet.microsoft.com/en-us/library/aa996105.aspx##8/14/2019 final quesions
21/64
You can open event logs created on Windows Server 2003, Windows 2000
Server, and Windows NT Server 4.0. In almost all cases, all events will
appear properly. There might be a case when Windows NT Server 4.0 events
will appear as something totally different when viewed on Windows
Server 2003 or Windows 2000 Server. For information, see Microsoft
Knowledge Base article 312216, "Detailed Usage of the Event Viewer
/AUXSOURCE Switch Option."
Tips
The following sections provide information that can help you when
troubleshooting Exchange Server.
Increasing the Log File Size
By default, the log file size is 512 kilobytes (KB), which is not enough if you
want to see activity over several days. On a busy application server, with
some diagnostics logging, 512 KB can be filled with information within a few
hours. Consider increasing the log file size. A log file size of 10 megabytes
(MB) or larger will in most cases give you enough history to show a few days
of information. Event logs compress well. It is common for a 90 MB
Application log to compress to a 2 MB file.
Filtering Events
If you are looking for a specific event ID in the log, or you want to see just
errors, warnings, or events logged by a specific component, use filtering. On
Windows NT Server 4.0, click View, and then click Filter Events. On Windows
Server 2003 or Windows 2000 Server, select the log you want to filter, click
View, and then click Filter. This is a useful feature when viewing large event
logs.
Searching for Keywords
Consider that you want to search all events in a particular event log that
mention one specific user or server. In Event Viewer, click View, and then
http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://technet.microsoft.com/en-us/library/aa996105.aspx##http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://technet.microsoft.com/en-us/library/aa996105.aspx##8/14/2019 final quesions
22/64
click Find. Type a word that you want to find in any event in the Description
field, or you can search for specific information, such as event IDs or source.
If on Windows XP, Use New Functionality
As mentioned previously, there is new functionality in Windows Server 2003
and Windows XP. You can redirect Event Viewer to look up registry settings
and DLLs on another computer.
This is a useful and timesaving feature. It allows you to view event logs for
any type of application that you might have installed on any servers in your
environment, from your computer running Windows XP. For more
information, see Microsoft Knowledge Base Article 312216, "Detailed Usage
of the Event Viewer /AUXSOURCE Switch Option."
Get All Logs that You Might Need
In most cases, you should look at the Application log when troubleshooting
Exchange Server. However, with Exchange Server 2003 and Exchange 2000
Server, you should always also check the System log, because of the
interrelationship between Exchange, Active Directory, and DNS. Consider
getting both logs at the same time. Reviewing both might show you errors on
the Windows operating system level that might explain the Exchange Server
behavior.
Windows Server 2003 Active Directory and Security questions
Windows interview questions
1. Whats the difference between local, global and universal groups? Domainlocal groups assign access permissions to global domain groups for local domain
resources. Global groups provide access to resources in other trusted domains.Universal groups grant access to resources in all trusted domains.
2. I am trying to create a new universal user group. Why cant I? Universalgroups are allowed only in native-mode Windows Server 2003 environments.Native mode requires that all domain controllers be promoted to Windows Server2003 Active Directory.
3. What is LSDOU? Its group policy inheritance model, where the policies areapplied to Local machines, Sites, Domains and Organizational Units.
http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://www.techinterviews.com/?p=12http://www.techinterviews.com/?cat=6http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://go.microsoft.com/fwlink/?linkid=3052&kbid=312216http://www.techinterviews.com/?p=12http://www.techinterviews.com/?cat=68/14/2019 final quesions
23/64
4. Why doesnt LSDOU work under Windows NT? If theNTConfig.polfileexists, it has the highest priority among the numerous policies.
5. Where are group policies stored? %SystemRoot%System32\GroupPolicy6. What is GPT and GPC? Group policy template and group policy container.7. Where is GPT stored?
%SystemRoot%\SYSVOL\sysvol\domainname\Policies\GUID8. You change the group policies, and now the computer and user settings are inconflict. Which one has the highest priority? The computer settings takepriority.
9. You want to set up remote installation procedure, but do not want the user togain access over it. What do you do? gponame> User Configuration>Windows Settings> Remote Installation Services> Choice Options is yourfriend.
10. Whats contained in administrative template conf.adm? Microsoft NetMeetingpolicies
11. How can you restrict running certain applications on a machine? Via group
policy, security settings for the group, then Software Restriction Policies.12. You need to automatically install an app, but MSI file is not available. Whatdo you do? A .zap text file can be used to add applications using the SoftwareInstaller, rather than the Windows Installer.
13. Whats the difference between Software Installer and Windows Installer?The former has fewer privileges and will probably require user intervention. Plus,it uses .zap files.
14. What can be restricted on Windows Server 2003 that wasnt there inprevious products? Group Policy in Windows Server 2003 determines a usersright to modify network and dial-up TCP/IP properties. Users may be selectivelyrestricted from modifying their IP address and other network configurationparameters.
15. How frequently is the client policy refreshed? 90 minutes give or take.16. Where issecedit? Its nowgpupdate.17. You want to create a new group policy but do not wish to inherit. Make sure
you checkBlock inheritance among the options when creating the policy.18. What is "tattooing" the Registry? The user can view and modify user
preferences that are not stored in maintained portions of the Registry. If the grouppolicy is removed or changed, the user preference will persist in the Registry.
19. How do you fight tattooing in NT/2000 installations? You cant.20. How do you fight tattooing in 2003 installations? User Configuration -
Administrative Templates - System - Group Policy - enable - Enforce ShowPolicies Only.
21. What does IntelliMirror do? It helps to reconcile desktop settings, applications,and stored files for users, particularly those who move between workstations orthose who must periodically work offline.
22. Whats the major difference between FAT and NTFS on a local machine?FAT and FAT32 provide no security over locally logged-on users. Only nativeNTFS provides extensive permission control on both remote and local files.
8/14/2019 final quesions
24/64
23. How do FAT and NTFS differ in approach to user shares? They dont, bothhave support for sharing.
24. Explan theList Folder Contents permission on the folder in NTFS. Same asRead & Execute, but not inherited by files within a folder. However, newlycreated subfolders will inherit this permission.
25. I have a file to which the user has access, but he has no folder permission toread it. Can he access it? It is possible for a user to navigate to a file for whichhe does not have folder permission. This involves simply knowing the path of thefile object. Even if the user cant drill down the file/folder tree using MyComputer, he can still gain access to the file using the Universal NamingConvention (UNC). The best way to start would be to type the full path of a fileinto Run window.
26. For a user in several groups, are Allow permissions restrictive or permissive?Permissive, if at least one group has Allow permission for the file/folder, user willhave the same permission.
27. For a user in several groups, are Deny permissions restrictive or permissive?
Restrictive, if at least one group has Deny permission for the file/folder, user willbe denied access, regardless of other group permissions.28. What hidden shares exist on Windows Server 2003 installation? Admin$,
Drive$, IPC$, NETLOGON, print$ and SYSVOL.29. Whats the difference between standalone and fault-tolerant DFS
(Distributed File System) installations? The standalone server stores the Dfsdirectory tree structure or topology locally. Thus, if a shared folder is inaccessibleor if the Dfs root server is down, users are left with no link to the sharedresources. A fault-tolerant root node stores the Dfs topology in the ActiveDirectory, which is replicated to other domain controllers. Thus, redundant rootnodes may include multiple connections to the same data residing in differentshared folders.
30. Were using the DFS fault-tolerant installation, but cannot access it from aWin98 box. Use the UNC path, not client, only 2000 and 2003 clients can accessServer 2003 fault-tolerant shares.
31. Where exactly do fault-tolerant DFS shares store information in ActiveDirectory? In Partition Knowledge Table, which is then replicated to otherdomain controllers.
32. Can you use Start->Search with DFS shares? Yes.33. What problems can you have with DFS installed? Two users opening the
redundant copies of the file at the same time, with no file-locking involved inDFS, changing the contents and then saving. Only one file will be propagatedthrough DFS.
34. I run Microsoft Cluster Server and cannot install fault-tolerant DFS. Yeah,you cant. Install a standalone one.
35. Is Kerberos encryption symmetric or asymmetric? Symmetric.36. How does Windows 2003 Server try to prevent a middle-man attack on
encrypted line? Time stamp is attached to the initial client request, encryptedwith the shared key.
8/14/2019 final quesions
25/64
8/14/2019 final quesions
26/64
create, delete, start, stop, and display virtual directories, iisftpdr.vsb to create,delete, start, stop, and display virtual directories under an FTP root, iiscnfg.vbs toexport and import IIS configuration to an XML file.
9. Whats the name of the user who connects to the Web site anonymously?IUSR_computername
10. What secure authentication and encryption mechanisms are supported byIIS 6.0? Basic authentication, Digest authentication, Advanced digestauthentication, Certificate-based Web transactions that use PKCS #7/PKCS #10,Fortezza, SSL, Server-Gated Cryptography, Transport Layer Security
11. Whats the relation between SSL and TLS? Transport Layer Security (TLS)extends SSL by providing cryptographic authentication.
12. Whats the role of http.sys in IIS? It is the point of contact for all incomingHTTP requests. It listens for requests and queues them until they are allprocessed, no more queues are available, or the Web server is shut down.
13. Wheres ASP cache located on IIS 6.0? On disk, as opposed to memory, as itused to be in IIS 5.
14. What is socket pooling? Non-blocking socket usage, introduced in IIS 6.0. Morethan one application can use a given socket.15. Describe the process of clustering with Windows 2003 Server when a new
node is added. As a node goes online, it searches for other nodes to join bypolling the designated internal network. In this way, all nodes are notified of thenew nodes existence. If other nodes cannot be found on a preexisting cluster, thenew node takes control of the quorum resources residing on the shared disk thatcontains state and configuration data.
16. What applications are not capable of performing in Windows 2003 Serverclusters? The ones written exclusively for NetBEUI and IPX.
17. Whats a heartbeat? Communication processes between the nodes designed toensure nodes health.
18. Whats a threshold in clustered environment? The number of times a restart isattempted, when the node fails.
19. You need to change and admin password on a clustered Windows box, butthat requires rebooting the cluster, doesnt it? No, it doesnt. In 2003environment you can do that via cluster.exe utility which does not requirerebooting the entire cluster.
20. For the document of size 1 MB, what size would you expect the index to bewith Indexing Service? 150-300 KB, 15-30% is a reasonable expectation.
21. Doesnt the Indexing Service introduce a security flaw when allowing accessto the index? No, because users can only view the indices of documents andfolders that they have permissions for.
22. Whats the typical size of the index? Less then 100K documents - up to 128MB. More than that - 256+ MB.
23. Which characters should be enclosed in quotes when searching the index? &,@, $, #, ^, ( ), and |.
24. How would you search for C++? Just enter C++, since + is not a specialcharacter (and neither is C).
25. What about Barnes&Noble? Should be searched for as Barnes&Noble.
8/14/2019 final quesions
27/64
26. Are the searches case-sensitive? No.27. Whats the order of precedence of Boolean operators in Microsoft Windows
2003 Server Indexing Service? NOT, AND, NEAR, OR.28. Whats a vector space query? A multiple-word query where the weight can be
assigned to each of the search words. For example, if you want to fight
information on black hole, but would prefer to give more weight to the wordhole, you can enterblack[1] hole[20] into the search window.29. Whats a response queue? Its the message queue that holds response messages
sent from the receiving application to the sender.30. WhatsMQPingused for? Testing Microsoft Message Queue services between
the nodes on a network.31. Which add-on package for Windows 2003 Server would you use to monitor
the installed software and license compliance? SMS (System ManagementServer).
32. Which service do you use to set up various alerts? MOM (MicrosoftOperations Manager).
33. What languages does Windows Scripting Host support? VB, VBScript,JScript.
Windows Admin Interview Questions
1. Describe how the DHCP lease is obtained.Its a four-step process consisting of (a) IP request, (b) IP offer, IP selection and(d) acknowledgement.
2. I cant seem to access the Internet, dont have any access to the corporatenetwork and on ipconfig my address is 169.254.*.*. What happened?
The 169.254.*.* netmask is assigned to Windows machines running 98/2000/XPif the DHCP server is not available. The name for the technology is APIPA(Automatic Private Internet Protocol Addressing).
3. Weve installed a new Windows-based DHCP server, however, the users donot seem to be getting DHCP leases off of it. The server must be authorized firstwith the Active Directory.
Windows Server 2003 Interview and Certification Questions
1. How do you double-boot a Win 2003 server box? The Boot.ini file is set asread-only, system, and hidden to prevent unwanted editing. To change the Boot.initimeout and default settings, use the System option in Control Panel from theAdvanced tab and select Startup.
2. What do you do if earlier application doesnt run on Windows Server 2003?When an application that ran on an earlier legacy version of Windows cannot beloaded during the setup function or if it later malfunctions, you must run thecompatibility mode function. This is accomplished by right-clicking theapplication or setup program and selecting Properties > Compatibility >selecting the previously supported operating system.
http://msdn.microsoft.com/library/en-us/script56/html/wsoriWindowsScriptHost.asphttp://technical-interviews.com/windows-admin-interview-questions/http://technical-interviews.com/windows-server-2003-interview-and-certification-questions/http://msdn.microsoft.com/library/en-us/script56/html/wsoriWindowsScriptHost.asphttp://technical-interviews.com/windows-admin-interview-questions/http://technical-interviews.com/windows-server-2003-interview-and-certification-questions/8/14/2019 final quesions
28/64
Windows Server 2003 Interview and Certification Questions II
1. What snap-in administrative tools are available for Active Directory? ActiveDirectory Domains and Trusts Manager, Active Directory Sites and ServicesManager, Active Directory Users and Group Manager, Active Directory
Replication (optional, available from the Resource Kit), Active Directory SchemaManager (optional, available from adminpak)2. What types of classes exist in Windows Server 2003 Active Directory?
o Structural class. The structural class is important to the system
administrator in that it is the only type from which new Active Directoryobjects are created. Structural classes are developed from either themodification of an existing structural type or the use of one or moreabstract classes.
Windows Server 2003 Active Directory and Security questions
1. Whats the difference between local, global and universal groups? Domainlocal groups assign access permissions to global domain groups for local domainresources. Global groups provide access to resources in other trusted domains.Universal groups grant access to resources in all trusted domains.
2. I am trying to create a new universal user group. Why cant I? Universalgroups are allowed only in native-mode Windows Server 2003 environments.Native mode requires that all domain controllers be promoted to Windows Server2003 Active Directory.
3. What is LSDOU? Its group policy inheritance model, where the policies areapplied to Local machines, Sites, Domains and Organizational Units.
Windows Server 2003 Active Directory and Security questions II
1. How can you restrict running certain applications on a machine? Via grouppolicy, security settings for the group, then Software Restriction Policies.
2. You need to automatically install an app, but MSI file is not available. Whatdo you do? A .zap text file can be used to add applications using the SoftwareInstaller, rather than the Windows Installer.
3. Whats the difference between Software Installer and Windows Installer?The former has fewer privileges and will probably require user intervention. Plus,it uses .zap files.
Networking questions
1. What is a default gateway? - The exit-point from one network and entry-wayinto another network, often the router of the network.
2. How do you set a default route on an IOS Cisco router? - ip route 0.0.0.00.0.0.0 x.x.x.x [where x.x.x.x represents the destination address]
3. What is the difference between a domain local group and a global group? -Domain local groups grant permissions to objects within the domain in which the
http://technical-interviews.com/windows-server-2003-interview-and-certification-questions-ii/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions-ii/http://www.techinterviews.com/?p=304http://technical-interviews.com/windows-server-2003-interview-and-certification-questions-ii/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions/http://technical-interviews.com/windows-server-2003-active-directory-and-security-questions-ii/http://www.techinterviews.com/?p=3048/14/2019 final quesions
29/64
reside. Global groups contain grant permissions tree or forest wide for any objectswithin the Active Directory.
4. What is LDAP used for? - LDAP is a set of protocol used for providing access toinformation directories.
5. What tool have you used to create and analyze packet captures? - Network
Monitor in Win2K / Win2K3, Ethereal in Linux, OptiView Series II (by FlukeNetworks).6. How does HSRP work?7. What is the significance of the IP address 255.255.255.255? - The limited
broadcast address is utilized when an IP node must perform a one-to-everyonedelivery on the local network but the network ID is unknown.
Windows sysadmin interview questions
1. What are the required components of Windows Server 2003 for installingExchange 2003? - ASP.NET, SMTP, NNTP, W3SVC
2. What must be done to an AD forest before Exchange can be deployed? -Setup /forestprep3. What Exchange process is responsible for communication with AD? -
DSACCESS4. What 3 types of domain controller does Exchange access? - Normal Domain
Controller, Global Catalog, Configuration Domain Controller5. What connector type would you use to connect to the Internet, and what are
the two methods of sending mail over that connector? - SMTP Connector:Forward to smart host or use DNS to route to each address
6. How would you optimise Exchange 2003 memory usage on a Windows Server2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini
7. What would a rise in remote queue length generally indicate? - This meansmail is not being sent to other servers. This can be explained by outages orperformance issues with the network or remote servers.
8. What would a rise in the Local Delivery queue generally mean? - Thisindicates a performance issue or outage on the local server. Reasons could beslowness in consulting AD, slowness in handing messages off to local delivery orSMTP delivery. It could also be databases being dismounted or a lack of diskspace.
9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAPand Global Catalog? - SMTP 25, POP3 110, IMAP4 143, RPC 135,LDAP 389, Global Catalog - 3268
10. Name the process names for the following: System Attendant? MAD.EXE,Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE
11. What is the maximum amount of databases that can be hosted on Exchange2003 Enterprise? - 20 databases. 4 SGs x 5 DBs.
12. What are the disadvantages of circular logging? - In the event of a corruptdatabase, data can only be restored to the last backup.
http://www.techinterviews.com/?p=295http://www.techinterviews.com/?p=2958/14/2019 final quesions
30/64
Q. What is TCP/IP
Ans. Transmission Control Protocol/Internet Protocol A protocol for communication
between computers, used as a standard for transmitting data over networks and as the
basis for standard Internet protocols.Or
Transmission Control Protocol/Internet Protocol. Communication protocol suite and
standard for all Internet-connected machines.
Types of backup
The Backup utility supports five methods of backing up data on your
computer or network.
Copy backup
A copy backup copies all the files you select, but does not mark each
file as having been backed up (in other words, the archive attribute is
not cleared). Copying is useful if you want to back up files betweennormal and incremental backups because copying does not affect
these other backup operations.
Daily backup
A daily backup copies all the files that you select that have been
modified on the day the daily backup is performed. The backed-up filesare not marked as having been backed up (in other words, the archiveattribute is not cleared).
Differential backup
A differential backup copies files that have been created or changedsince the last normal or incremental backup. It does not mark files as
having been backed up (in other words, the archive attribute is notcleared). If you are performing a combination of normal and
differential backups, restoring files and folders requires that you have
the last normal as well as the last differential backup.
Incremental backup
An incremental backup backs up only those files that have been
created or changed since the last normal or incremental backup. Itmarks files as having been backed up (in other words, the archive
attribute is cleared). If you use a combination of normal and
8/14/2019 final quesions
31/64
incremental backups, you will need to have the last normal backup setas well as all incremental backup sets to restore your data.
Normal backup
A normal backup copies all the files you select and marks each file ashaving been backed up (in other words, the archive attribute is
cleared). With normal backups, you only need the most recent copy of
the backup file or tape to restore all of the files. You usually perform anormal backup the first time you create a backup set.
Backing up your data using a combination of normal backups and
incremental backups requires the least amount of storage space and isthe quickest backup method. However, recovering files can be time-
consuming and difficult because the backup set might be stored onseveral disks or tapes.
Backing up your data using a combination of normal backups and
differential backups is more time-consuming, especially if your datachanges frequently, but it is easier to restore the data because the
backup set is usually stored on only a few disks or tapes.
Q. Difference between DNS and WINSAns:- WINS = Windows Internet Name Service "Windows" being key word.WINS resolves netbios computer names to IP address.DNS resolves hostnames to an ip address.
If you go through your network settings for the TCP/IP protocol,you will notice you can use a different "hostname" from "computername".WINS = MyComputer = 192.168.0.1DNS = MyComputer.MyDomain.Com = 192.168.0.1DNS is primarily used to resolve domain names to the IP addresses thatare held in Domain Name Servers. Without DNS servers, you would have totype and IP address to get to a web site. Servers use WINs to resolveNetbios 15 letter names to IP addresses. WINS is generally used on LANS,and not WANS. DNS is primarily used on WANS.
OSI MODEL
The OSI Model
Introduction
8/14/2019 final quesions
32/64
The IEEE formed the 802 committee in February 1980 with the aim of standardizing the LAN
architectures by defining the Open System Interconnection (OSI) model. Of the OSI model, the
Data Link layer was split into two, the Media Access Control (MAC) sub-layer and the 802.2
Logical Link Control (LLC) sub-layer.
You can make up expressions to remember the order of the 7 layers, for example, 'Angus Prefers
Sausages To Nibbling Dried Pork' or 'A Pretty Silly Trick Never Does Please'. I remember it best
using the natty expression 'Application, Presentation, Session, Transport, Network, Data link,
Physical'. It just rolls off the tongue!
The OSI protocol set is rarely used today, however the model that was developed serves as a
useful guide to refer other protocol stacks such as ATM, TCP/IP and SPX/IPX.
Application Layer 7
It is employed in software packages which implement client-server software. When an application
on one computer starts communicating with another computer, then the Application layer is used.
The header contains parameters that are agreed between applications. This header is often only
8/14/2019 final quesions
33/64
sent at the beginning of an application operation. Examples of services within the application
layer include:
FTP
DNS
SNMP
SMTP gateways
Web browser
Network File System (NFS)
Telnet and Remote Login (rlogin)
X.400
FTAM
Database software
Print Server Software
Presentation Layer 6
This provides function call exchange between host operating systems and software layers. It
defines the format of data being sent and any encryption that may be used. Examples of services
used are listed below:
MIDI
HTML
GIF
TIFF
JPEG
ASCII
EBCDIC
8/14/2019 final quesions
34/64
Session Layer 5
The Session layer defines how data conversations are started, controlled and finished. The
messages may be bidirectional and there may be many of them, the session layer manages
these conversations and creates notifications if some messages fail. Indications show whether a
packet is in the middle of a conversation flow or at the end. Only after a completed conversation
will the data be passed up to layer 6. Examples of Session layer protocols are listed below:
RPC
SQL
NetBIOS names
Appletalk ASP
DECnet SCP
Transport Layer 4
This layer is resonsible for the ordering and reassembly of packets that may have been broken up
to travel across certain media. Some protocols in this layer also perform error recovery. After error
recovery and reordering the data part is passed up to layer 5. Examples are:
TCP
UDP
SPX
Network Layer 3
This layer is responsible for the delivery of packets end to end and implements a logical
addressing scheme to help accomplish this. Routing packets through a network is also defined at
this layer plus a method to fragment large packets into smaller ones depending on MTUs for
8/14/2019 final quesions
35/64
different media (Packet Switching). Once the data from layer 2 has been received, layer 3
examines the destination address and if it is the address of its own end station, it passes the data
after the layer 3 header to layer 4. Examples of Layer 3 protocols include:
Appletalk DDP
IP
IPX
Data Link Layer 2
This layer deals with getting data across a specific medium and individual links by providing one
or more data link connections between two network entities. End points are specifically identified,
if required by the Network layer Sequencing. The frames are maintained in the correct sequence
and there are facilities for Flow control and Quality of Service parameters such as Throughput,
Service Availability and Transit Delay.
Examples include:
IEEE 802.2
IEEE 802.3
802.5 - Token Ring
HDLC
Frame Relay
FDDI
ATM
PPP
The Data link layer performs the error check using the Frame Check Sequence (FCS) in the
trailer and discards the frame if an error is detected. It then looks at the addresses to see if it
needs to process the rest of the frame itself or whether to pass it on to another host. The data
8/14/2019 final quesions
36/64
between the header and the trailer is passed to layer 3. The MAC layer concerns itself with the
access control method and determines how use of the physical transmission is controlled and
provides the token ring protocols that define how a token ring operates. The LLC shields the
higher level layers from concerns with the specific LAN implementation.
Physical Layer 1
This layer deals with the physical aspects of the media being used to transmit the data. This
defines things like pinouts, electrical characteristics, modulation and encoding of data bits on
carrier signals. It ensures bit synchronisation and places the binary pattern that it receives into a
receive buffer. Once it decodes the bit stream, the physical layer notifies the data link layer that a
frame has been received and passes it up. Examples of specifications include:
V.24
V.35
EIA/TIA-232
EIA/TIA-449
FDDI
802.3
802.5
Ethernet
RJ45
NRZ
NRZI
You will notice that some protocols span a number of layers (e.g. NFS, 802.3 etc.). A benefit of
the seven layer model is that software can be written in a modular way to deal specifically with
one or two layers only, this is often called Modular Engineering.
8/14/2019 final quesions
37/64
Each layer has its own header containing information relevant to its role. This header is passed
down to the layer below which in turn adds its own header (encapsulates) until eventually the
Physical layer adds the layer 2 information for passage to the next device which understands the
layer 2 information and can then strip each of the layers' headers in turn to get at the data in the
right location. Each layer within an end station communicates at the same layer within another
end station.
OSI Model Layers
Application | Presentation | Session | Transport
Network | Data Link | Physical
http://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Applicationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Presentationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Sessionhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Transporthttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Networkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Data%20Linkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Physicalhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Applicationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Presentationhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Sessionhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Transporthttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Networkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Data%20Linkhttp://www.geocities.com/SiliconValley/Monitor/3131/ne/osimodel.html#Physical8/14/2019 final quesions
38/64
Layer Function Protocols NetworkComponents
Application
User Interface
used for applications
specifically written to run overthe network
allows access to networkservices that supportapplications;
directly represents the services
that directly support userapplications
handles network access, flow
control and error recovery
Example apps are file
transfer,e-mail, NetBIOS- based applications
DNS; FTP; TFTP;BOOTP;SNMP;RLOGIN;SMTP; MIME;NFS; FINGER;TELNET; NCP;APPC; AFP; SMB
Gateway
Presentation
Translation
Translates from application tonetwork format and vice-versa
all different formats from all
sources are made into acommon uniform format thatthe rest of the OSI model canunderstand
responsible for protocol
conversion, characterconversion,data encryption /decryption, expanding graphicscommands, data compression
sets standards for different
systems to provide seamlesscommunication from multipleprotocol stacks
not always implemented in a
network protocol
Gateway
Redirector
Session
"syncs and
sessions"
establishes, maintains and ends
sessions across the network
responsible for name
recognition (identification) soonly the designated parties canparticipate in the session
provides synchronizationservices by planning checkpoints in the data stream => ifsession fails, only data after themost recent checkpoint need betransmitted
manages who can transmit data
at a certain time and for howlong
Examples are interactive login
NetBIOS
Names Pipes
Mail Slots
RPC
Gateway
8/14/2019 final quesions
39/64
Windows sysadmin interview questions
1. What are the required components of Windows Server 2003 for installingExchange 2003? - ASP.NET, SMTP, NNTP, W3SVC
2. What must be done to an AD forest before Exchange can be deployed? -Setup /forestprep
3. What Exchange process is responsible for communication with AD? -DSACCESS
4. What 3 types of domain controller does Exchange access? - Normal DomainController, Global Catalog, Configuration Domain Controller
5. What connector type would you use to connect to the Internet, and what arethe two methods of sending mail over that connector? - SMTP Connector:Forward to smart host or use DNS to route to each address
6. How would you optimise Exchange 2003 memory usage on a Windows Server2003 server with more than 1Gb of memory? - Add /3Gb switch to boot.ini
7. What would a rise in remote queue length generally indicate? - This meansmail is not being sent to other servers. This can be explained by outages orperformance issues with the network or remote servers.
8. What would a rise in the Local Delivery queue generally mean? - Thisindicates a performance issue or outage on the local server. Reasons could beslowness in consulting AD, slowness in handing messages off to local delivery orSMTP delivery. It could also be databases being dismounted or a lack of diskspace.
9. What are the standard port numbers for SMTP, POP3, IMAP4, RPC, LDAPand Global Catalog? - SMTP 25, POP3 110, IMAP4 143, RPC 135,LDAP 389, Global Catalog - 3268
10. Name the process names for the following: System Attendant? MAD.EXE,Information Store STORE.EXE, SMTP/POP/IMAP/OWA INETINFO.EXE
11. What is the maximum amount of databases that can be hosted on Exchange2003 Enterprise? - 20 databases. 4 SGs x 5 DBs.
12. What are the disadvantages of circular logging? - In the event of a corruptdatabase, data can only be restored to the last backup.
Networking questions
1. What is a default gateway? - The exit-point from one network and entry-wayinto another network, often the router of the network.
2. How do you set a default route on an IOS Cisco router? - ip route 0.0.0.00.0.0.0 x.x.x.x [where x.x.x.x represents the destination address]
3. What is the difference between a domain local group and a global group? -Domain local groups grant permissions to objects within the domain in which thereside. Global groups contain grant permissions tree or forest wide for any objectswithin the Active Directory.
4. What is LDAP used for? - LDAP is a set of protocol used for providing access toinformation directories.
http://www.techinterviews.com/?p=295http://www.techinterviews.com/?p=304http://www.techinterviews.com/?p=295http://www.techinterviews.com/?p=3048/14/2019 final quesions
40/64
5. What tool have you used to create and analyze packet captures? - NetworkMonitor in Win2K / Win2K3, Ethereal in Linux, OptiView Series II (by FlukeNetworks).
6. How does HSRP work?7. What is the significance of the IP address 255.255.255.255? - The limited
broadcast address is utilized when an IP node must perform a one-to-everyonedelivery on the local network but the network ID is unknown.
Q. What is the default domain functional level in Windows Server 2003Ans. Default Domain functional level Mix mode
Domain Functional Level
Domain functionality activates features that affect the whole domain and that domain only.The four domain functional levels, their corresponding features, and supported domaincontrollers are as follows:
Windows 2000 mixed (default)
Supported domain controllers: Microsoft Windows NT 4.0, Windows 2000, Windows Server 2003Activated features: local and global groups, global catalog support
Windows 2000 native
Supported domain controllers: Windows 2000, Windows Server 2003
Activated features: group nesting, universal groups, SidHistory, converting groupsbetween security groups anddistribution groups, you can raise domain levels byincreasing the forest level settings
Features of Exchange server 2007
Ans. Anti-spam and Antivirus
Feature New orUpdated in
SP1
Description
Edge Transport server role This server role is for perimeter network deployment. It suppoSimple Mail Transfer Protocol (SMTP) routing, provides anti-spam filtering technologies and support for antivirusextensibility. The Edge Transport server should be isolated fro
the Active Directory directory services, but can still leverageActive Directory for recipient filtering by using Active DirectoApplication Mode (ADAM). EdgeSync in Exchange Server2007 publishes pertinent organization information, encrypted, the Edge Transport server for use in robust recipient filtering arespects Microsoft Outlook safe sender lists on the Edge.Communications between the Edge Transport server and the
8/14/2019 final quesions
41/64
Feature New orUpdated inSP1
Description
internal network in an Exchange Server 2007 organization areencrypted by default.
Edge Transport includes anti-spam technologies that protect atmany layers.
Anti-spam: Connection
Filtering
Exchange Server 2007 provides an integrated, IP based block-and-all
list based on sender reputation. Lists are automatically updated as ne
versions become available. Administrators can establish additional IP
allow-or-deny lists as needed.
Anti-spam: Sender and
Recipient Filtering
Sender reputation is dynamically analyzed and updated. When the Ed
Transport server spots specific trends from a given domain, it can
impose certain actions to either quarantine or reject incoming
messages. Sender ID is also used to verify that each e-mail message
originates from the Internet domain from which it claims to come from
based on the sender's SMTP server IP address. Once a Sender ID reco
has been verified, the results can be cross-referenced to past traffic
patterns and sender reputation, creating an associate weight into the
domain reputation. Finally, recipients are validated, and administrator
have the ability to block messages sent to non-existent user accounts
internal-only distribution lists
Anti-spam: Safe Sender List
Aggregation
Via EdgeSync, the Edge Transport server respects Outlook 2003 and
Outlook 2007 safe sender lists to help reduce false positives.
Anti-spam: Sender ID Exchange Server 2007 embeds support for Sender ID, an e-mail
industry initiative designed to verify that each e-mail message
originates from the Internet domain from which it claims to come bas
on the sender's SMTP server IP address. Sender ID helps prevent
domain spoofing and protect legitimate senders domain names and
reputation and helps recipients more effectively identify and filter junk
e-mail and phishing scams.
Anti-spam: Content Filtering Content is analyzed using the Intelligent Message Filter (IMF), Exchan
Server's implementation of Microsoft SmartScreen content filtering
technology. SmartScreen is based on Microsoft Research's patentedmachine-learning technology. Anti-phishing capabilities are also built-
to the IMF to help detect fraudulent links or spoofed domains and
protect users from these types of online scams. When used with Outlo
2007, a phishing warning or block appears in the user interface.
Customers are protected from emerging spam attacks through the
automatic filter updates for Exchange Server 2007, which are publish
8/14/2019 final quesions
42/64
Feature New orUpdated inSP1
Description
on a frequent basis. Should the administrator require additional contr
the Edge Transport server enables customization, including the ability
add words or phrases to the filter.
Anti-spam: Outlook E-Mail
Postmark
Exchange 2007 verifies Outlook E-mail Postmarks attached to messag
sent from Outlook 2007. The Outlook E-mail Postmark can reduce fals
positives for messages from legitimate senders that have little to no
reputation.
Anti-spam: Spam
Assessment
In addition to scanning message content, the IMF consolidates guidan
from Connection, Sender/Recipient, Sender Reputation, Sender ID
verification, and Outlook E-mail Postmark validation to apply a Spam
Confidence Level (SCL) rating to a given message. Administrators can
preconfigure actions on the message based on this SCL rating. Action
may include deliver to the inbox or junk mail folder, deliver to the spa
quarantine, or reject outright and no deliver.
Anti-spam: Service
Resilience
The Edge Transport server role controls the inbound SMTP message
receipt rate for increased availability. This control, coupled with the
ability to detect open proxy machines, can aid in preventing denial of
service attacks. Tar pitting is supported to slow the server response fo
certain SMTP communication patterns, minimizing exposure to directo
harvest attacks.
Anti-spam: Anti-spam
Stamp
Messages filtered by the Edge Transport server role are stamped with
information, including why the message was considered spam and whcombination of filters and reputation services (IP, domain, sender,
recipient, content) determined its spam assessment. Administrators
may use this information in an aggregate way to understand the
effectiveness of filtering across their multilayered approach and tune
appropriately.
Anti-spam: Two-Tiered
Spam Quarantine
The Exchange Server 2007 environment enables two-tiered spam
quarantine. First, administrators have access to a Spam Quarantine
housed in the perimeter network. Using Outlook, administrators can
access the Spam Quarantine to search for messages, release to the
recipient, or reject and delete. Messages with borderline SCL ratings(borderline definition configured by the administrator) may be release
to the end user's junk mail folder in Outlook, and are converted to pla
text for further protection.
Anti-spam: Consolidated
Management
Management of the Edge Transport Server role and corresponding rule
is consistent with the rest of the Exchange environment and can be
performed using the Exchange Management Console graphical interfa
8/14/2019 final quesions
43/64
Feature New orUpdated inSP1
Recommended