127 Midterm Cards

Question 1

Describe the main Versions of Windows Server.

Answer 1

Standard: Most widely used version. Allows for the use of 2 virtual machines. Functionally the same as datacenter minus some extra features. Number of users is based on CALs.

Essentials: Essentials is known as the Bare Bones version of windows server. No virtualization options, and a locked limit of 25 users and 50 devices.

Datacenter: Luxury Model of Server. Offering up unlimited virtualization plus one Hyper-V host. Other than some random features it is comparable to standard. Much more expensive and designed for use in large scale networks.

Question 2

Name some scenarios in which you would use specific versions of Windows Server.

Answer 2

Essentials: Very small network deployment. Not a lot of multitasking for one server to do. Money is tight.

Standard: If you have a decently sized network, but only requre the use of <2 Virtual machines, standard would be the right choice.

Datacenter: Money is no object. Your network is a larger enterprise network and you require the use of multiple VMs.

Question 3

Name the 3 different Windows Server interfaces.

Answer 3

Desktop: One you will run into most commonly. This is the GUI interface, allowing you to RDP into your servers, use a traditional desktop. use the graphical Server Manager, and is good for people who are slightly inexperienced. Has a very similar GUI to the normal versions of Windows 10

Server Core: Headless version of Windows Server. Faster, more effecient, higher security.

Nano Server: Smaller headless version of Windows Server. Designed to replace oversized and unnessicarily bloated versions of Server. Must be linked to a container.

Question 4

Describe the pros and cons of the main 2 interfaces for Server (Core and DE)

Answer 4

Core

Pros

• Faster, Requires less maintenance
• Less Harddrive space required
• More Secure

Cons

• Harder to learn
• Less Versatile
• Can’t upgrade to the GUI after installation, would have to start fresh.

DE

Pros

• Easier to use
• Has more features than Core
• Able to access Core through the GUI if you would like to.

Cons

• Takes up more hard disk space
• Runs slower than core
• Less secure

Question 5

What are the 3 categories of Server roles?

Answer 5

Directory Services

• Allow you to store and supply network information
• Active Directory Domain Services, Certificate Services, and Federation Services are all included in this category.
• Covers: Passsword checking, Email verification, Phonebooks, Directories, ect.

Infrastructure Services

• Provides support for network clients and includes roles such as
• DHCP - Providing Addressing
• DNS - Resloving IP to Name / Name to IP Queries
• Hyper -V - Infrastructure Service working as a container
• WSUS - Windows Server Update Services. Allows a server to control updates on a network

Application Services

Provide interfaces for specifric applications

Question 6

Describe the function of containers.

Answer 6

Containers have 2 different models: Windows Server containers, and Hyper V containers. Server containers make use of DOcker tech from Linux. Dockers are applications that contain everything needed to run an operating system, but in a self contained environment.

Hyper V containers are completely isolated virtual machines. Allow for nested virtualization (put that VM inside of a VM)

Question 7

Name and Describe some key features of Windows Server.

Answer 7

Self Healing Resilient NTFS with ReFS: New Technology File system runs in the background of your Server, making corrections to the file system when NTFS detects a corrupt file or directory. ReFS is an updated version of NTFS.

Server Message Block: SMB handles the transfer of files between systems, compressing file communications, and through a large communication buffer reduces the number of rount trips needed when transmitting data.

Hypver V - virtualization

Storage Spaces Direct: Allows the ability to group together storage spaces on multiple server and view them as a single storage share (similar to disk partitions)

Dedupe: Data Duplication Allows for file system storage to be de-duplicated to decrease storage capacity demands.

Question 8

What are some scope factors to consider when deploying a new Server Installation?

Answer 8

Scope

• Do you want to upgrade the entire operating system or just a subset?
• Is it an OS upgrade or an application upgrade?
• How willl this affect business hours?
• How many Servers need upgrades?
• Where are they located?
• What OS is currently running on the servers?
• What type of virtual environment are they using if they are running on VMs
• What core applications need upgrades?
• How will this affect desktop configurations?

Always remember

• Don’t go crazy, keep everying as simple as possible
• Break up the project into logical segments
• Remember that existing users will need to learn new skills depending on what you implement.

Question 9

What business goal factors should you keep in mind when deploying a server update?

Answer 9

You need to be clear in defining what the business needs and make sure its possible.

Be specific and measurable.

Be aware of your budget.

Your timeline should be basesd on the scope of the project and the needs of the business. Depending on the business, server implementation may need to happen extremely quickly.

Question 10

Name some considerations when implementing a virtualized environment.

Answer 10

Virtualized environments require more planning.

Failover must be implemented.

Independant and interdependant services and applications need to be kept in mind.

There will be more physical host RAM, sorage capacity and CPU used due to the machines having to run their base OS as well as a virtualized OS.

Question 11

Describe some Hyper V server technologies.

Answer 11

Live Migration Failover - Ability to failover a guest session from one hyper v host server to another without the end users connected to the guest session losing connectivity.

Zero Downtime Patching / Updating Using Cluster Aware Updates feature, automatically nodes of a cluster are updated without interruption to end users by automatically failing the cluster node to another during the patching process.

Integrated Site to Site replication - Replicates virtual guest session data between sites so in the event of a failure, another site can activate with replicated copies of guest session systems.

Built In NIC teaming - The ability to have multiple network adapters in a virtual server host system sharing network communications load.

Question 12

What are the main differences between virtual switches?

Answer 12

External Switch: Binds with the physical NIC of the system.

Internal Virtual Switch: Not bound to a physical NIC, so it can not connect to other physically connected network devices. Good for connecting between VMs and to the VM host, but nothing else.

Private Virtual Switch: Only connects to other devices directly connected to the same private switch.

Question 13

Why should you use a virtual server instead of a physical machine?

Answer 13

1. Security. There is no physical device to access, so it’s harder for somebody to gain control of your server.
2. Easy to configure failover. There are tons of methods to make sure that if your server goes down, you can continue to keep the network running.
3. Utilizes hardware to it’s fullest potential. Depending on what your server is doing, and the hardware you’re running with, you may not be using the machine to it’s fullest capacity. Using Hyper V will help you be less wasteful with the hardware you have on hand, and maximize what you can do with each machine at your disposal.

Question 14

Describe salient considerations of Hyper V implementation

Answer 14

• RAM : The general rule of thumb for creating virtual servers is that the host must have at least 2gb of RAM to spare for each VM created, as well as 2gb for the host itself.
• Processing: While the host itself has little processing requirements, if you’re virtualizing and running guest sessions, the more processing power you can get the better.
• Disk Space: Each guest session and the host should have at least 7 gigs of disk space reserved to run properly.

Question 15

What is the main purpose of Domain Name system?

Answer 15

DNS is designed to resolve IP queries to and from Hostnames.

Translate our language into a language a computer could understand, and vice versa.

Going from name to IP address is what is known as a Forward Lookup

Going from IP address to Name is a Reverse Lookup.

Question 16

Describe the hierarchical approach of name resolution.

Answer 16

The top level of the hierarchy is the root, always represented as a single dot. This dot is contained in all addresses, but it usually is not shown.

The next level aka the first layer is made up of Top Level Domain names. There are your .coms .nets .rocks .sucks ect. This is how addresses are grouped. Previously .orgs and .nets were reserved for specific uses, but now they can be bought for any use.

The next layer is the namespace. This is divided into domains and subdomains. For example you have troy.rocks and then a subdomain would be troysdog.rocks

All of these components together make up a Fully Qualified Domain Name (FQDN)

Question 17

Describe recursive queries in the DNS Resolution process.

Answer 17

A recursive query is an attempt to resolve a query by a specific name server.

If the device that is queried knows the resloution, they perform it right away.

If the server is unaware of the resolution, it performs iterative queries to its DNS partner server in order to find the answer, or respond that it can’t figure it out.

Question 18

Describe Iterative Queries in the DNS Resolution process.

Answer 18

Iterative queries are between DNS servers. Recursive are between a host and a server.

DNS Servers communicate with each other to try and resolve the query, or make a referral to another server.

Question 19

Describe the records contained in authoritative DNS Servers, and what they contain.

Answer 19

• SOA(Start of Authority) Records - Define which server is authoritative for each DNS zone. Also contains TTL, contact person responsible for DNS, and critical information about the DNS zone.
• NS (Name Server) - Tell you which name servers are used as the authorities for each zone. NS records call out to the names of your connected DNS Servers.
• Host Records (A and AAAA) - Most common type of record. Resolves a particular name to an IP address. A records are for IPv4, AAAA are IPv6.
• Service (SRV) - Indicate which resources perform a particular service. Domain controllers in Active Directory are referenced by SRV Records that define specific services. Each SRV contains information about a particular functionality that a resource provides.
• Pointer (PTR) - Resolve reverse queries in DNS. DNS Servers reply to IP address queries using a PTR Record that would indicate the name associate with that IP address.
• Mail Exchanger (MX) - Contain information about email service and delivering emails. Categorized by the signs proceeding the @ in an email address.
• Canonical Name (CNAME) - Also known as Alias records, these take a written name and point to another written name. Adds aministrative flexibility by allowing you to change the server components running beneath each record without having to adjust client machines.

Question 20

Describe briefly how DNS is implemented.

Answer 20

DNS Is implemented using specific zones.

These zones are split up into Primary, Secondary, and Stub

Primary zones are like parent zones who contain all the master information. Secondary zones are usually treated as redundant backups in case the primary zone goes down.

Each zone will either be forward lookup for reverse lookup.

Every DNS server may have multiple zones for multiple namespaces.

Question 21

Name some useful cmd commands for verifying server functions from a host.

Answer 21

nslookup

This will give you information on your DNS servers. Syntax:

nslookup *name or IP address you are looking up *DNS server name or address

ipconfig, ipconfig /release, ipconfig /renew

Allows you to verify DHCP by renewing the addressing on your PC through DHCP. ipconfig alone will tell you about the configuration of your current addressing, as well as which DHCP server gave you that address.

Question 22

Explain the main purpose of the DHCP role .

Answer 22

DHCP is the service designed to distribuite TCP/IP information to clients. It offers the ability to limit the addresses leased out to a specified scope and reserve important addressing for specific devices.

DHCP distributes an IPv4, IPv6, subnet mask, default gateway, and preferred DNS server information to clients connected to the server.

Question 23

Name some DHCP alternatives.

Answer 23

Static addressing assignment. Good for small networks, but has a low level of redundancy if something were to happen to the addressing structure.

APIPA (automatic private IP addressing). Basically the backup if DHCP fails.

Question 24

What is DORA?

Answer 24

DORA is the primary communication protocol for DHCP. The 4 letters in DORA stand for:

DHCPDiscover: Sent by clients to request a configuration. (Asking for an address)

DHCPOffer - Sent by servers in response to requests. (DHCP server asks the client if it wants to lease this address)

DHCPRequest Sent by clients to accept or renew a lease. (Client confirms it wants the address that was offered to it.)

DHCPAck: Sent by the server to acknowledge the clients acceptance of the offered IP address (Lets the client and everybody else know that that address is now taken and should not be leased to anybody else unless the lease period ends and the client doesn’t renew the address)

Question 25

How does the leasing process work?

Answer 25

Leasing is when a client is given an address from a DHCP server. The DHCP server is configured with a lease duration. When the lease time is at 50%, The client will send a new request message to the server, and restart the DORA process. If the DHCP server receives the request, and would like to continue the lease, a new ACK is sent and the client gets to keep the address. If there is no response from the server, another request will be sent at 87.5% of the lease time. If no response from the DHCP server is heard by the end of the lease, the client will have to release the address and restart the DORA process over again completely.

Question 26

What are some considerations you should take when configuring the lease duration of your DHCP server?

Answer 26

Lease duration is dependent on the type of environment you are working in. The default lease time is 8 days. If you are working in a network environment that is public with a lot of people coming and going in short intervals, you are going to want to set your lease time to something short so that you don't run out of addresses. If you are in a home or an office environment, you will want a longer lease time so that computers are not constantly shifting addreses. Remember your scope. The maximum number of addresses you could possibly have in your scope is aroudn 250. If you think that more than 250 will be coming and going in a day, then you will want a lease duration that is less than 1 day.

Question 27

What are the elements of a DHCP configuration?

Answer 27

DHCP Scopes and address ranges. DHCP Exclusions and Reservations DHCP Lease Durations Active Directory and Dynamic DNS Integration Link-Layer MAC Filtering

Question 28

Define DHCP scope

Answer 28

The DHCP scope is the range of IP address parameters allocated by a DHCP server. One subnet will normally only have one scope. Superscopes are when a single DHCP server offers multiple scopes to multiple clients and subnets.

Question 29

What is the difference between DHCP scope exclusions and reservations? Where would you use either of them?

Answer 29

An exclusion is an address within the DHCP scope that you never want it to assign. An exclusion would be something like the default gateway of your network. A reservation is an IP address within your scope that you want to lease to a device perminantly. You would want to use this on things such a printers or file servers which are part of the network and need a constant IP address.

Question 30

Explain how to provide DHCP redundancy using split scopes.

Answer 30

There are two main types of split scopes: Manual Split Scopes: The administrator manually divides the allocation of addresses between multiple servers. Usually with scopes that are either: * 50/50 - Both servers share the equal load of the scope * 80/20 - One server carries the majority of the scope, while the other acts as a backup incase there is an issue with the primary server. * 100/100 This requires that each server has the same ammount of addresses leading to a larger scope. Automatic split scopes with failover: Administrator divides allocation between multiple servers using a configuration wizard. The two main styles of automatic split scopes are: Hot standby, Similar to the 80/20 split where there is one active server at a time and the rest exist for redundancy. Load balanced - Both servers share responsibility of responding to request. Usually a 50/50 scope.

Question 31

Describe Active Directory Domain Services

Answer 31

AD DS Is an enterprise directory service. IT contains information about each element of the domain including users, applications and devices, all of which are controlled by Domain Controllers. AD DS is logical and can be split up into as many organizational structures as the specific environment requires.

Question 32

What does AAA stand for?

Answer 32

Authentication - The process of permitting or denying individuals or computers to access a network. This would involve creating security protocols such as password requirements. Authorization - This is the process of defining levels of access when a user is inside of the network. Authorization includes processes such as creating organizational units and groups to make sure certain users have access to what they need, and nothing more. Accounting - This involves auditing and trackign the activities of users or computers across a network. This would involve alerting administrators if a user tried to access an area of a network they shouldn't be.

Question 33

What are the 4 elements of the AD DS logical hierarchy?

Answer 33

Forests - Forests connect root domains. In any topology we are given, there will only be 1 forest. Trees - Trees are domains with sub domains branching off them. Trees connect directly to forests. You can recognize a tree by the branches that connect to the sub directories, or the fact that they are directly connected to a forest. Domains - In topologies, domains are represented by triangles. Domains contain organizational units and other objects. Sites- The physical area where the domain has been created. Sites are independent of domains. There could be multiple domains in a single site, or multiple sites in a single domain.

Question 34

How do trusts work?

Answer 34

Trusts are logical agreements allowing multiple domains to authenticate inside of eachothers to access both domains resources. There are 2 different kinds of trusts. Implicit (Transitive) - There by default. If you are in the same tree, you are automatically trusting the other domains in your tree. Explicit Trusts - Need to be explicitly defined. This would include trusts between trees that need to be set up manually to work.

Question 35

Define schema and objects in Active Directory.

Answer 35

AD DS is object oriented. Its like a file system where the files are full of objects. Each object has its own attributes and properties depending on its function. The directory schema defines the attributes for each objects. You can configure the schema if you want to. Objects are stored inside of a global catalog, and domains maintain global catalog servers to resolve object queries. Objects are divided into OUs (organizational units) which provide logical organization and security as well as administrative division between objects.

Question 36

List and describe some AD DS Administrative Tools

Answer 36

Active Directory Domains and Trusts - Allows administrators to view and change information related to various domains. AD Sites and Services - Used to create and manage AD sites and services to map a physical network infrastructure AD Users and Computers - Allows you to set machine and user specific settings across the domain as well as create users and groups. AD Module for PowerShell - Allows you to access a group of special cmdlets to be used in managing AD through PS.

Question 37

Name some preliminary high level planning tasks before deploying AD DS

Answer 37

Create a proper internal and external namespace Choose suitible domain and site hierarchy Establish an internal organizational framework using OUs, groups, and GPOs.

Question 38

What considerations should be taken when creating a suitible AD Namespace?

Answer 38

Create names with the idea in mind that you can't change them. You can but its a whole thing. Use a simple, common DNS namespace. Start with the external namespace. Create this based on the external registered top level domain name. Integrate this external namespace with a unique internal one, making your namespace more secure.

Question 39

Name and describe some out of the box features of AD

Answer 39

AD Recycle Bin - Allows you to restore your domains in case of deletion. Activated by default. Fine-Grained Password Policies. These include things such as - Case sensitivity, minimum characters, character types, and time before a password needs to be changed. Domain Rename function - Allows you to change a domain name after creation Cross forests-Transitive trusts relationships - Allows you to set up transitive trusts between multiple domains in the same forest.

Question 40

Describe the process of creating an AD DS Domain Hierarchy

Answer 40

The first domain you create in a tree will always be known as the root domain. All other domains in the tree will be subdomains of the root. The tree is populated with subdomains as long as they share a contiguous namespace. Every domain in a tree is treated as a seperate security entity and has their own settings, users, permissions ect.

Question 41

List and define some domain hierarchy models.

Answer 41

Single domain Model - Everything inside this model is contained inside of the root domain Multiple Domain Model - This is where we expand from the tree and begin to add sub domains Multiple Domain Single Forest Model - One domain is set as the forest root and controls the schema, while other domains occupy their own name space. Trusts must be explicitly configured between domains. Federated Forests Model - Two domains with completely different schema that share an explicit trust. This contains multiple forest roots and unique namespaces. Empty Root Model - Used for enhanced security, the schema master and domain control is guarded closely and kept completely unpopulated. Great for security but hard on infrastructure.

Question 42

Name and breifly describe some AD DS Planning Best practices.

Answer 42

* Know what you're doing before attempting to design an AD DS domain. * Implement fine grained password policies and AD Recycle Bin to reduce the need for additional domains (both are activated by default in newer versions of Server) * Secure and register a desired external namespace so it isn't taken before you can access it. * Start by considering a single domain model and then expand from there * Use multiple domians for specific needs. Don't make your trees complex for no reason. * Control and optomize replication traffic through the use of sites. * Upgrade any down level clients to reduce administration and maintenance. * Avoid using domain rename until it is a last resort (SUFFOCATION, NO BREATHING DON'T GIVE A