Server Operating Systems and Server Roles

Question 1

server roles (planning)

Answer 1

• determine if multiple roles will be located on the same server or dispersed across multiple servers
• cloud VMs can offer services to other cloud devices/internet consumers/on-premise devices

Question 2

configuring on-premise connections with VMs

Answer 2

• site-to-site VPN connections

- dedicated connections from on-premise networks to cloud provider networks (bypass internet)

Question 3

DHCP

Answer 3

• dynamic host configuration protocol
• delivers central IP settings to network nodes
• can run on a server OS or as a service on a router

Question 4

DCHP port numbers

Answer 4

• UDP 67 (listens for client requests)

- UDP 68 (sends responses to client requests)

Question 5

DHCP scopes

Answer 5

• IP settings grouped into a manageable unit
• must be activated before they can be used in DHCP process
• IP address ranges
• IP address exclusions
• IP address lease duration
• default gateway
• DNS servers
• DHCP reservation

Question 6

DHCP vendor classes

Answer 6

• apply specific IP settings to certain types of network devices
• must determine what vendor class data is included in network transmission

Question 7

APIPA

Answer 7

• automatic private IP addressing
• clients use to assign itself a unique address on the LAN when can’t reach DHCP server
• client not able to communicate outside the LAN
• can only communicate with other APIPA hosts within the LAN

Question 8

link-local address

Answer 8

• used in IPv6
• unique self-assigned address
• always bound to network interface whether or not DHCP is reachable

Question 9

considerations for choosing DHCP configuration

Answer 9

• determine which valid IP address ranges can be used
• short lease duration in environments where clients connect for short periods of time
• try to specify at least 2 default gateways for redundancy
• try to specify at least 2 DNS servers for redundancy
• configure DHCP bindings for correct network interface in multihomed (multiple network card) DHCP servers
• high availability

Question 10

DNS

Answer 10

• find IP address for FQDN (forward lookup)

- find FQDN for IP address (reverse lookup)

Question 11

DNS port number

Answer 11

listens on port 53 (UDP/TCP)

Question 12

DNS domains

Answer 12

• root domain at top
• TLDs (.com/.org/.net/etc)
• domains can have subdomains
• subdomains may have their own authoritative DNS servers

Question 13

SOA (DNS RR)

Answer 13

• start of authority
• contains zone details i.e. serial number/refresh interval
• can exist in forward and reverse lookup zones

Question 14

A (DNS RR)

Answer 14

• forward lookup record
• FQDN included in query
• IPv4 address returned

Question 15

AAAA (DNS RR)

Answer 15

• forward lookup record
• FQDN included in query
• IPv6 address returned

Question 16

CNAME (DNS RR)

Answer 16

• canonical name record/alias record
• additional name for an existing name
• can be used in forward/reverse lookup zones
• return FQDN that can be resolved via an A record

Question 17

MX (DNS RR)

Answer 17

• mail exchanger
• used for email domain suffixes to locate an SMTP mail server
• return FQDN that can be resolved via an A record

Question 18

SRV (DNS RR)

Answer 18

• service record
• used to locate a network service i.e. AD
• includes TCP/UDP port numbers for service
• clients query DNS SRV records to locate services

Question 19

PTR (DNS RR)

Answer 19

• pointer record (reverse DNS record)
• created in reverse lookup zone
• client queries include IP address
• host/DNS domain name returned
• each PTR record should have an associated A record

Question 20

WINS

Answer 20

• Windows Internet Name Service
• used in Microsoft TCP/IP networks prior to Windows 2000 to resolve NetBIOS computer names to IP addresses
• replicated database of NetBIOS computer names and their IP addresses
• no naming hierarchy
• installed as a feature on Windows server 2019 for backward compatibility

Question 21

DNS GlobalNames zone

Answer 21

• client devices can point to a DNS server where a zone “GlobalNames” exists
• alternative to WINS
• DNS admins create CNAME records that point to A records
• enables older software using flat computer names to function through DNS

Question 22

NTP

Answer 22

service running on network host to provide time synchronization

Question 23

NTP port number

Answer 23

listens on UDP 123

Question 24

stratum 0 (NTP)

Answer 24

time source/reference clock

Question 25

stratum 1 (NTP)

Answer 25

NTP server connected to stratum 0 device

Question 26

stratum 2 (NTP)

Answer 26

NTP server gets time over network from stratum 1 host

Question 27

directory services (DS)

Answer 27

• centralized network database containing objects (users/groups/computers/network service locators/shared folders/shared printers/software licenses)
• Microsoft AD DS
• OpenLDAP
• Oracle Directory Services
• IBM Tivoli Directory Server
• based on the same LDAP standards

Question 28

LDAP port numbers

Answer 28

• listens on TCP 389 (plaintext)

- listens on TCP 636 (encrypted)

Question 29

AD

Answer 29

• Microsoft active directory
• LDAP compliant
• replicated network database
• synchronized between DCs
• group policy
• Windows server role
• installed via Server Manager or PowerShell cmdlets

Question 30

DC

Answer 30

• domain controller
• server configured to hold a replica of the AD database
• C:\Windows\Ntds\Ntds.dit
• discovered by clients via DNS queries
• creation of DC creates DNS service location records

Question 31

web server

Answer 31

• use HTTP/HTTPS to present content to web browser
• Microsoft Internet Information Services (IIS)
• Apache
• NGINX

Question 32

web server ports

Answer 32

• TCP 80 (HTTP)

- TCP 443 (HTTPS)

Question 33

application server

Answer 33

• serves data with a specific business purpose
• often combination of web/database servers
• Microsoft SQL Server
• MySQL
• Oracle Database

Question 34

file server

Answer 34

• data stored on equipment owned/managed by the organization (legal reasons)
• Windows servers use SMB to make shared folders available over the network
• UNIX/Linux systems use their own network file system (NFS) but can use SMB via Samba

Question 35

print server

Answer 35

• manages printers on a network

- spool print jobs from clients using server disk space

Question 36

cloud printing

Answer 36

• remove any printing dependencies i.e. OS versions/print drivers/printing devices/etc
• can be used with mobile devices

Question 37

mail server

Answer 37

• run as services (daemons)
• enable connections on specific ports
• need to support mobile device connections

Question 38

MDM tools

Answer 38

• mobile device management
• mobile device partitioning solutions for personal/work data
• restrict file attachments from corporate messages from being stored on personal cloud storage locations
• can run on-premise or in cloud

Question 39

SMTP

Answer 39

• simple mail transfer protocol
• port 25
• used to transfer email between SMTP hosts

Question 40

POP

Answer 40

• post-office protocol
• port 110
• enables clients to download email messages from POP server

Question 41

IMAP

Answer 41

• internet message access protocol
• port 143
• enables clients to use different email clients running on different devices to access email
• email synchronized between devices

Question 42

multihomed servers

Answer 42

servers with more than 1 interface

Question 43

RRAS

Answer 43

• routing and remote access service
• Windows server
• configure IPv4/IPv6 routing
• NAT
• VPN

Question 44

UNIX/Linux RRAS services

Answer 44

• IP routing via ip command
• NAT configuration via iptables command
• OpenVPN

Question 45

common virtualization solutions

Answer 45

• VMWare vSphere Hypervisor
• Microsoft Hyper-V
• Citrix Hypervisor
• Oracle VM VirtualBox

Question 46

host in virtualization

Answer 46

hypervisor

Question 47

guest in virtualization

Answer 47

VM

Question 48

type 1 hypervisor

Answer 48

• hypervisor has direct access to physical hardware
• controls hardware resource access between VMs
• bare-metal hypervisor
• don’t rely on another OS (increased security)
• Microsoft Hyper-V
• VMware ESXi

Question 49

type 2 hypervisor

Answer 49

• application that runs on top of existing OS
• doesn’t have direct access to hardware
• VMware Workstation Pro
• Oracle VM VirtualBox

Question 50

hypervisor host configuration

Answer 50

type of IT workloads running in each VM is most important consideration

Question 51

VM guest configuration

Answer 51

• similar to planning physical hardware for new server
• amount of startup/minimum/maximum/dynamic memory
• number of vCPUs and compatibility settings
• storage
• vNICs/connected virtual switches
• virtual MAC address
• network bandwidth throttling
• VLAN tag settings
• display settings for number of monitors/accelerated graphics
• integration tools with host hypervisor for time synchronization/backup services/etc
• snapshot/checkpoint settings

Question 52

bridging (VLAN tag settings)

Answer 52

connects to physical network

Question 53

NAT (VLAN tag settings)

Answer 53

uses hypervisor host IP address to access the network

Question 54

VM to VM (VLAN tag settings)

Answer 54

enable communication only between VMs

Question 55

VM and host (VLAN tag settings)

Answer 55

enables communications between VMs and hypervisor host

Question 56

server installation

Answer 56

• hardware compatibility lists (HCLs)
• provide details about which specific hardware is supported by a given server OS
• also have to consider specific drivers/applications
• server OS minimum requirements

Question 57

server licensing

Answer 57

• open source (Ubuntu Linux)
• per server models
• per instance models
• per core models
• volume licensing (Microsoft Key Management Service)
• subscription based licensing (AWS/O365/cloud)
• per user concurrent licensing
• node-locked (tied to specific device)
• digital rights management (signature-based used for gaming/use of media files)

Question 58

installing type 1 hypervisor

Answer 58

• most modern type 1 hypervisors require 64-bit architecture/virtualization support
• not an issue with server class hardware
• firmware updates (BIOS/UEFI) may be required before installation
• may have to change boot order is installing from DVD/USB

Question 59

common server OS’s

Answer 59

• Microsoft Windows Server
• Microsoft Windows Server Embedded (purpose specific hardware appliances)
• UNIX BSD/AIX/Solaris
• Linux Red Hat/Ubuntu/SUSE

Question 60

server installation from an image

Answer 60

• apply already created image to new physical server or VM
• capture server OS image by booting from alternative media and using DISM
• multiple images can be stored via Windows Imaging Format (WIM)
• specify image with index DISM parameter

Question 61

server installation from image tools

Answer 61

• Ghost Solution Suite
• Microsoft System Center Configuration Manager
• Microsoft Deployment Toolkit
• Microsoft DISM.exe command line tool

Question 62

server cloning

Answer 62

• option to create linked clone (uses minimal disk space/linked to original VM)
• linked clone changes made after the clone is created are independent
• option to create fully independent clone (uses more disk space)
• work well when multiple VMs with same standard initial OS configuration are needed
• physical-to-virtual (P2V) cloning uses physical server as the source/results in a VM with same settings

Question 63

VM deployment templates

Answer 63

• can be used to partially/fully automate VM deployment

- specify hardware details/OS options/network settings/etc

Question 64

scripted server installations

Answer 64

• create answer file to automate some/all of the OS installation
• unattend.xml file created via Windows System Image Manager (SIM)
• name answer file tounattend.xml and place on root of removable media to be automatically read

Question 65

PXE booting

Answer 65

• boot over network from a PXE
• enables OS installation from image/installation files
• can apply updates to source installation files before install via slipstreaming
• must be supported by physical/VM BIOS/UEFI settings and NIC
• must have PXE boot server listening on the network
• relies on DHCP to assign IP settings to PXE clients
• uses trivial file transfer protocol (TFTP) to download a small boot image OS used for installation/imaging
• Microsoft Remote Installation Services (RIS)
• Windows Deployment Services (WDS)
• don’t have to carry around storage devices containing installation media
• demanding on network bandwidth

Question 66

installation details

Answer 66

• disk layout (partioning/file system formats/swap file/partition)
• server name
• IP configuration settings
• administrative user credentials
• additional drivers for nonstandard hardware
• product key or subscription details to activate installation/receive updates
• additional software that should be installed
• all of these can be included in Windows unattend.xml/autounattend.xml files

Question 67

server administration methods

Answer 67

• GUI (MMC)
• command line
• physical serial ports
• remote server administration tools (RSAT)

Question 68

KVM

Answer 68

• switches connect servers to a single keyboard/video/mouse

- KVM solution has to match connectors for devices

Question 69

out-of-band remote administration

Answer 69

• provides hardware-level remote access to a host
• doesn’t rely on OS software running
• more secure than software-based tools

Question 70

WBEM

Answer 70

• web-based enterprise management

- standardized way of managing/monitoring servers/devices from different vendors

Question 71

LOM

Answer 71

• lights out management
• remote management solution supported by most vendors
• monitoring of server components i.e. CPU use/temperature/OS health/etc

Question 72

KVM over IP

Answer 72

• enables remote server access even over internet
• can enable hardware level remote access if supported by server hardware
• not dependent on underlying OS
• TCP/IP settings must e configured at hardware level to enable remote access across WANs

Question 73

KVM-over-IP switches

Answer 73

hardware appliances with centralized management/auditing tools

Question 74

IPMI

Answer 74

• intelligent platform management interface
• remote server management solution
• commonly used with various vendor blade enclosures
• remote power on/off
• disk access
• server monitoring/inventory functionality

Question 75

BMC

Answer 75

• baseboard management controller

- interface between server management tools and physical hardware being managed

Question 76

iLO

Answer 76

• integrated lights out
• secure remote management capabilities
• server monitoring/alert capabilities

Question 77

iDRAC

Answer 77

• integrated Dell remote access
• Dell servers
• connect to servers at hardware level
• web browser interface
• remote power on/off
• access to server storage media

Question 78

in-band remote administration

Answer 78

relies on software running within OS

Question 79

SSH

Answer 79

• needs server-side listener for clients to be able to connect
• standard listening port = TCP 22
• typically used for command line management
• can use public key authentication

Question 80

X-forwarding

Answer 80

can be enabled within SSH to redirect graphical UNIX/Linux applications to show on client computer

Question 81

RDP

Answer 81

• listens on UDP/TCP 3389
• newer versions of Windows server supported network level authentication (NLA) for RDP sessions
• get command prompt when RDP into server with core OS installed

Question 82

benefits of NLA

Answer 82

• entering username/password uses client resources (not server)
• RDP sessions are encrypted with SSL certificate

Question 83

powershell

Answer 83

• depends on Windows remote management (WinRM) service to be configured
• desired state configuration (DSC) enables configuring/managing Windows/Linux hosts centrally via a declarative syntax

Question 84

WinRM port numbers

Answer 84

TCP 5985/5986

Question 85

using winrs command outside of powershell

Answer 85

• execute commands remotely on Windows host

- need to ensure WinRM has been enabled

Question 86

automating server administration via scripting

Answer 86

• placing commands in 1 or more script files
• invoking the script file
• have script invoked automatically during machine bootstrap process

Question 87

server documentation

Answer 87

• each server needs documentation and change log
• ideally automated/inventoried in a database
• vendor manuals
• how solutions have been implemented
• keep documentation secure/encrypted

Question 88

asset life cycle

Answer 88

• complete process of establishing new server/resource all the way to decommission/upgrade

Question 89

asset inventory

Answer 89

• modern systems for inventory are automated
• physical equipment needs to be labeled or inscribed
• RFID tags easier in large environments

Question 90

hardware inventory components

Answer 90

• make/model/serial number
• physical server owned/leased
• motherboard/device serial numbers
• physical/digital asset tag
• RAM
• storage
• network interfaces
• peripherals

Question 91

reasons for hardware inventory

Answer 91

• inventory audits
• asset tracking
• determine asset use
• asset repair/warranty
• asset recall
• asset security

Question 92

software inventory

Answer 92

• specific version of OS/drivers/applications in use
• software license compliance
• should be automated on scheduled basis

Question 93

SLA

Answer 93

• service level agreement
• contract outlining expected service from a provider to consumer
• uptime
• response time
• providers may offer credits when SLA isn’t met

Question 94

other documentation

Answer 94

• network infrastructure diagrams
• workflow/dataflow/application architecture diagrams
• baseline documentation
• recovery documentation

Question 95

maintaining servers

Answer 95

• automation
• firmware/software updates timely deployed
• reports to confirm patches deployed successfully

Question 96

patch management

Answer 96

• critical security updates
• functionality updates
• centralized update management
• Windows Server Update Services (WSUS)
• Microsoft System Center Updates Publisher (SCUP)
• vendor specific patch management solutions
• test updates in controlled environment before deploying them into production

Question 97

proactive maintenance

Answer 97

• keep servers clear of dust
• keep obstructions away from intake fans
• keep servers cool
• plug servers in UPS to ensure graceful shutdown

Question 98

reactive maintenance

Answer 98

• LED indicators on equipment indicate potential issues

- Error/beep codes

Question 99

DNS server root hints

Answer 99

allow for internet name resolution

Question 100

how to encrypt communications between web clients/server

Answer 100

• issue PKI certificate for web server
• install certificate on web server
• clients don’t need PKI certificate for secured web server traffic