(Anna Notes) SP TS667 CH 1-4:---------------------- [C1: Creating a SharePoint 2010 Intranet / C2: Administering and Automating SharePoint / C3: Managing Web Applications / CH4 : Administering and securing SharePoint Content ]

Question 1

Hardware requirements for the web server and application server

Answer 1

64 bit, four core processor and an 80 GB hard drive
( free space should ideally be double amount of RAM used )</p>

Question 2

Small Farm deployment of servers needs what hardware requirements ?

Answer 2

64 but, four core processor and 8 GB of RAM

Question 3

Hardware & Software Requirements

Answer 3

Hard Disk: 80 GB min.
Processor: 64 bit, four core processor
Memory: Production: 8 GB min per server
Development 4 GB per lab

Question 4

Medium-Farm deployment of servers needs what hardware requirements ?

Answer 4

64 bit, eight core processor and 16GB RAM

Question 5

Command to run errors in pre-upgrade checker

Answer 5

STSADM.EXE -o preupgradechecker

Question 6

Large Farm deployment of servers needs what hardware requirements ?
@ 2 Terabytes

Beyond 2 within 5 terabytes?

Answer 6

32 GB RAM

64GB RAM

Question 7

Microsoft Operating System requirements

Answer 7

4 GB Ram min
-Windows Vista with SP1 or later (64 bit)
-Windows 7 (64 bit): Should not be used for production

Question 8

PowerShell CMD to attach database

Answer 8

<p>Mount-SPContentDatabase -Name</p>

Question 9

PowerShell CMD verify additions to new DB setup / Test DB

Answer 9

Test-SPContentDatabase

Question 10

service application group

Answer 10

The service application group is a collection of service applications in a farm. Other names for service
application group are proxy group or application proxy group. Every web application is assigned a serviceapplication group.
You can use the default service application group for this purpose. You can also customize the service
application group to choose service applications for a web application. However, you can’t use the same
service applications for service application groups of other web applications.

The service application group interacts with two service application components. First, it is accessed bythe web application through the service application connection. Second, it contains service applications
that interact with service application databases. These service applications create a service instance onthe application server. So the service application group also needs to interact with application servers.

Question 11

service application connection

Answer 11

The service application connection component connects the web application with the service applicationgroup. Also known as a proxy or an application proxy, this connection is usually created with service
applications.

Question 12

harePoint 2010 is Supported on which Servers?

Answer 12

-SQL Server 2005 SP3 w/ Cumulative Update 3 (64 - bit)
-SQL Server 2008 SP1 w/ Cumulative Update 2 or, Update 5 and later (64 bit)
-SQL Server 2008 R2 (64 bit only)

Question 13

What are the two Methods to Disable Loopback?

Answer 13

Method 1: Specify all Sites hosted on the Server [hostfile]
Method 2 (Not recommended on production/live): reduces security, disable look back altogether programmatically.

Question 14

What can be used for SharePoint Prerequisites

Answer 14

PrerequisiteInstaller.exe

Question 15

User Accounts for SharePoint Administration and Services?

Answer 15

Top Three:
-SQL Server Service Account (SPSQL, SQL_Service)
-SharePoint Admin & Setup User (SP_Admin)
-SharePoint Farm Service Account / Database Account Access (SP_Farm)
Additional:
-SQL Server Administrator Account (SQL_Admin)
-Web & Service Application Pool (SPWebApps & SP Service Apps)
-Search Indexer (SPCrawl)
-User Profile Sunchronization (SPUserSync)

Question 16

Preparation steps for Installation & Configuration (Summary)

Answer 16

-Install the prerequisites
-Install the SharePoint Binaries
-Configure the SharePoint Server
-Configure Services and Applications on the farm

Question 17

Install SharePoint Binaries Summary

Answer 17

-Log on as the Setup User Account
-Install SharePoint Server

Question 18

What is the Business Connectivity Service?

Answer 18

Enables SharePoint to connect to external data sources

Question 19

OOB Service Applications

Answer 19

-Search Service Application
-Business Connectivity Service
-Managed Metadata Service
-User Profile Service

Question 20

What is the Managed Metadata Service?

Answer 20

Provides taxonomy and managed content types

Question 21

Explain Proxy and Proxy Groups:

Answer 21

Proxy: service application connection, creates the connection point for the web applications
Proxy Groups: app connection groups, a virtual entity that creates the connection point for the web app.

Question 22

What are Managed Accounts and their benefits?

Answer 22

Are service account that can be made in central Admin and updates to the accounts will be made to AD and Computers.

Question 23

Web Requests for HTTP and HTTPS use which ports?

Answer 23

HTTP: 80 / HTTPS: 443

Question 24

Configure Outgoing Email Settings:

Answer 24

Central Admin > System Settings > E-mail & Text(SMS)
-Ensure SMTP Server is up

Question 25

What are the steps when a "Request a Page from a SharePoint Site?

Answer 25

1) user enters URI or URL = The request
-Protocol: the Uri includes a specified protocol as DNS (Domain Name System)
2)Browser sends request to Server Hosting the website
DNS name must be resolved to IP Address
3)DNS Server resolves the query and returns the IP Address
4)Client sends request to Web Server
Request sent to specific port on server
5) IIS receives the request based on site
Bindings: a site can be bound specific to an IP or port
6) If SharePoint Site retrieves content from content DB on SQL Server
7)Security an be placed at each point.

Question 26

What is also created when a new Web Application is added?

Answer 26

Content DB and IIS Site

In Addition:
SharePoint also creates the physical path \ web.config file, IIS Web Site, Several Vitual Directories

Question 27

There is one IIS Site per web application but how many associations can an IIS Site have?

Answer 27

Five

Question 28

How many application pools can be supported per web server?

Answer 28

10 App Pools (depends on RAM allocated to front-end web servers)

Question 29

List SharePoint Administrative Roles:

Answer 29

-Farm Admins
-Windows Admins
-Service Application Admins
-Service Application Feature Admins
-Site Collection Owners
-Site Collection Admin
-Site Groups

Question 30

You must change a Port. You cannot change the port from..? Where can you change ports?

Answer 30

Central admin not supported
STSADM & Powershell can be used to change ports

Question 31

How to create an Intranet with PowerShell

Answer 31

New-SPWebApplication -Name -Port -HostHeader - URL -ApplicationPool -ApplicationPoolAccount -DatabaseName

Question 32

An IIS Site had Bindings, what does this include?

Answer 32

Unique IP Address, Host-Header or Port Binding

Question 33

What is the Root directory and where is it located?
(When creating a web app you must specify the physical path)

Answer 33

C:\intepub\wwwroot\wss\vitural Directories\sometimes_80</br>
(When binding an IIS to on IP Address repeat process on each server)

Question 34

App pools have an identity, which is a?

Answer 34

• a domain user account

Question 35

Classic Mode Authentication?

Answer 35

Windows: NTLM or Negotiate (Kerberos), [relies on Active Directory]
Anonymous, Basic, Digest

Question 36

Claims Based Authentication?

Answer 36

Windows: NTLM or Negotiate (Kerberos), [relies on Active Directory]
Anonymous, Basic, Digest

FBA: LDAP, SWL DBS, other DB, Custom

SAML: ADFS 2.0, Windows Live ID, Third Party

Question 37

What are the steps to configure SSL (Summary)

Answer 37

Secure Sockets Layer

-Configure the SharePoint Web Application to use SSL
-Create a Certificate
-Bind the Cert to the IIS Website of the SharePoint Web App.

Question 38

If modifying an existing HTTP you must?

Answer 38

Modify the AAMs & Zones

Question 39

After SharePoint is configured for SSL, what else must be competed?

Answer 39

Manage Certs and bindings on each web application on server in farm

Question 40

Recycle Bin has two stages, what are they?

Answer 40

1st: End User, OOB 30 days then deleted cannot restore</br>
2nd: Site Collection Admin, then deleted permanently

Question 41

General Settings that can be set from General Settings Ribbon > Central Admin:

Answer 41

-Default Time Zone
-Default Quota Template
-Person Name Actions & Presence Settings
-Alerts
-RSS Settings
-Blog API Settings
-Browser File Handling
-Web Page Security Validation
-Send User Name and Password
-Maximum File Upload Size

Question 42

What is the Maximum file upload size?

Answer 42

2 GB also SQL record limit

Question 43

General Settings > Workflow Settings, what settings can be set?

Answer 43

-Enable User-Defined Workflows
-Alert Internal users Who Do Not have Access
-Allow External Users to Participate in Workflows

Question 44

General Settings > Outgoing Email Settings, what settings can be set? details

Answer 44

-Must Define SMTP Relay Server, From Address & Reply Address
-SMPT Must be accessible over TCP port 25(SharePoint does not support SMTP Authentication)

Question 45

General Settings > Text Message Service Settings , what settings can be set? details

Answer 45

-Must subscribe to a third-party SMS service provider
-SharePoint does not support SMS Throttling.

Question 46

General Settings > Self-Service Site Creation, what settings can be set?

Answer 46

allows user creation of site collections if enabled.

Question 47

Additional Web App Setting from Ribbon? what settings can be set?

Answer 47

-SharePoint designer Governance
-Manage Features
-Web Port Security
-User Permissions
-User Policy
-Permission Policy
-Resource Throttling
-Manged Paths
-Service Connections
-Authentication Providers
-Anonymous Policy

Question 48

At what points can you configure Anonymous Access?

Answer 48

-Anonymous authentication for the web application
-Anonymous access restriction policies for the web app zones
-Permissions assigned to anonymous users for sites, lists & libraries

Question 49

Anonymous authentication for the web application configured where?

Answer 49

Central Admin > Application Management > Select Web App to enable/disable

Question 50

Who can enforce permissions across entire web-application for Anonymous Access Restrictions?

Answer 50

Farm Admin

Question 51

Where in Central Admin could you Edit Authentication?

Answer 51

Web Application or Authentication Providers

Question 52

Windows Authentication Methods:

Answer 52

-NT LAN Manger (NTLM) or Negotiate (Kerberos or NTLM)
-Basic
-Anonymous
-Digest
-Client Certificates

Question 53

NLTM authenticates in what method?

Answer 53

When a user logs onto their computer ask for username & password

Question 54

Kerberos method?

Answer 54

default windows client & servers in Active directory domain
-process that involves encrypted tickets
the domain controllers key distribution center (KDC)
issues a ticket gaining ticket (TGT)

Question 55

Why is Kerberos preferred to NTLM?

Answer 55

entire process encrypted (the client, the service, and the domain)
*does not have to do round trip like NTML
can also be proxied between tiers

Preferable:
-More secure / mutual authentication
-more scalable: supports authentication across trusted realms
-supports delegation: allows service to impersonate a user
-Reduced load on domain controllers.

Question 56

If Kerberos is not supported it fails back to NTLM, what causes this to fail?

Answer 56

The negotiate security headers lets clients switch between, Kerberos is selected unless one of the following is true:
-One of the systems that is involved in the authentication cannot use Kerberos authentication
-The calling application does not provide enough information to use Kerberos authentication

Question 57

Keberos Authentication Configuration:
SPNs(Service Principal Names) for SharePoint Services, Web Apps, and SQL Server. What is a SPN (provides what to the web app)?

Answer 57

-Serive Class: always HTTP, include both protocols
-Host Name
-Port: (80, if not) of the web application

Question 58

Keberos Authentication Configuration:
For each Web Application you must assign two SPNs, how is this done?

Answer 58

-one with the fully qualified domain name for the device
-one with the NetBIDS name of the service.

Question 59

Keberos Authentication Configuration:
How to configure Service Principal names for SQL server service account:

Answer 59

AD: An SPN must be added to the user account of the application pool identity

Question 60

One Difference between Classic Mode & Claims Based (token)?

Answer 60

Classic Mode relies on IIS to pass your windows security token
Claims Based, web app relies on farm’s security token service (STS)

Question 61

What is Trust?
Claims?

Claims Authentication is built on?

Answer 61

all web apps and services in the farm trust the security token service of the farm.

Claims? Contains assertions about the users identity.

Built on Windows Identity Foundation (WIF)

Question 62

Forms Based Authentication (FBA)?

Answer 62

based on ASP.NET membership & role provider authentication

Question 63

What are the steps to configure FBA (Forms Based Authentication)?

Answer 63

-The web app authentication mode
-The config file of the security token service(STS) application
the forms based authentication claims based authentication
-The web.config file of the web app’s IIS site
-The web.config file of the Central Administration IIS Site
-Access to the db against which users are authenticated

Question 64

SAML Token Authentication?

Answer 64

allows SharePoint Web Apps to accept claims of identity that are STS authenticated by other than SharePoints STS

Question 65

AAM (Alternate Access Mappings) can include how many zones?

What are the zones?

Answer 65

Can include Five zones
-Intranet
-Internet
-Extranet
-Custom
-Default

Question 66

What are the four things you must never do when creating AAMs?

Answer 66

-Do not add an Interal URL association with a zone that does not exist (Instead extend the web app)
-Do not add a Pulic URL to a zone that does not exist(Instead extend the web app)
-Do not delete the last internal URL associated to zone
-Do not remove the public URL associated with zone(Instead extend the web app)

Question 67

What can a Reverse Proxy Provide?

Answer 67

-can filter based on characteristics, then forward eligible requests to web server
-can change host name or port of the URL requested by user.
-can receive request using one port or protocol / can perform OFF-Box SSL Termination
-can forward from a different port as which is requested
can change HTTP host header field, thereby masking internal name of server or app