FINAL EXAM STUDYING PDF

1. Difference Between Private Cloud and Public Cloud Key Concepts: Private Cloud: ○ Infrastructure exclusively used by a single organization. ○ High control, customization, and security. ○ Hosted on-premises or by a third party. ○ Example: Private data centers. Public Cloud: ○ Infrastructure shared by multiple organizations. ○ Managed by third-party providers (e.g., AWS, Azure). ○ Scalable, cost-effective, but less control over data. ○ Example: Microsoft Azure, Amazon Web Services (AWS). Compare: Cost, scalability, security, control, and typical use cases. 2. Hardware Requirements for Bare-Metal and Virtual Server Bare-Metal Server: Directly runs on physical hardware. Key Requirements: ○ High-performance CPU, large RAM, RAID-enabled storage, reliable NICs. ○ No hypervisor layer. Virtual Server: Runs on a hypervisor (e.g., VMware, Hyper-V). Key Requirements: ○ Powerful CPU with virtualization support. ○ Ample RAM for multiple virtual machines (VMs). ○ High-speed storage (SSD/NVMe preferred). ○ Virtual NICs. 3. Pre and Post-Deployment Requirements for Windows Server 2019 Pre-Deployment: Verify hardware compatibility. Plan IP addressing, domain configuration, and storage setup. Backup existing data. Choose the right Windows Server edition. Post-Deployment: Install updates and patches. Configure roles and features (e.g., AD DS, DNS). Enable monitoring and logging. Backup configuration and system state. 4. Windows Server 2019 Editions Datacenter: Unlimited virtualization, advanced features (e.g., Storage Spaces Direct). Standard: Limited virtualization (2 VMs), core server features. Essentials: For small businesses, no CALs required, supports up to 25 users. Hyper-V Server: Bare-minimum Hyper-V role, free. 5. Managing Server Core Editions Server Core: Minimal installation, no GUI. Key Tools for Management: sconfig: Simple configuration tool. PowerShell: Script management and automation. Remote Server Administration Tools (RSAT). WinRM/WS-Management: Remote management. 6. Paging Definition: A memory management scheme where the OS retrieves data from secondary storage (paging file) when RAM is full. Purpose: Prevents system crashes by using disk space as "virtual memory." Key Points: Optimize paging file size, ensure disk performance. 7. Repairing System Files in Server 2019 Tools: SFC (System File Checker): ○ Command: sfc /scannow DISM (Deployment Image Servicing and Management): ○ Command: DISM /Online /Cleanup-Image /RestoreHealth 8. Device Manager in Windows Use: Manage and troubleshoot hardware devices. View driver status, update or roll back drivers. Key Areas: Disable/enable devices. Scan for hardware changes. 9. Getting Help in PowerShell Commands: Get-Help: Provides documentation on cmdlets. ○ Example: Get-Help Get-Service Update-Help: Downloads the latest help files. ○ Command: Update-Help Examples: ○ Get-Help Get-Process -Examples 10. Testing Network Connectivity Key Tools: Ping: Test basic connectivity. ○ Command: ping [hostname/IP] Test-NetConnection (PowerShell): Test various network features. ○ Command: Test-NetConnection -ComputerName [hostname] Tracert: Trace route to a host. ○ Command: tracert [hostname/IP] 1. How to Use WinRM (Windows Remote Management) Definition: A Microsoft protocol for remote management and access to servers. Key Steps: Enable WinRM: ○ Command: winrm quickconfig Configure Trusted Hosts (for non-domain systems): ○ Command: winrm set winrm/config/client @{TrustedHosts="RemoteServerName"} Use PowerShell for Remote Commands: ○ Example: Enter-PSSession -ComputerName [RemoteServerName] ○ Run commands remotely using Invoke-Command. 2. Managing Scripting in PowerShell Key Concepts: Writing Scripts: ○ Scripts use.ps1 extension. ○ Use Notepad or PowerShell ISE for editing. Execution Policy: Controls script execution. ○ Check: Get-ExecutionPolicy ○ Set: Set-ExecutionPolicy [PolicyName] (e.g., RemoteSigned). Modules: Extend functionality. ○ Use Import-Module [ModuleName]. Automating Tasks: Schedule tasks with Task Scheduler or PowerShell cmdlets like Register-ScheduledTask. 3. Setting Up a Virtual Machine Using Hyper-V Manager Steps: 1. Open Hyper-V Manager. 2. Select the host and click New > Virtual Machine. 3. Configure VM settings: ○ Name, Generation, Memory, Networking, Virtual Hard Disk, OS Installation. 4. Start the VM and install the OS. Tools: PowerShell cmdlet New-VM. 4. Hyper-V Extensible Virtual Switch Protocol Definition: A virtual switch feature in Hyper-V providing network connectivity to VMs. Types: External: Connects VMs to the physical network. Internal: Connects VMs to each other and the host. Private: Connects VMs to each other only. Extensible: Allows third-party extensions (e.g., for network monitoring, security). 5. Difference Between Generation 1 and Generation 2 Virtual Machines Generation 1: Supports older operating systems. Uses BIOS-based boot. Supports IDE and legacy network adapters. Generation 2: Supports modern OS (Windows 8.1, Server 2012 R2, and later). Uses UEFI-based boot. Faster boot, secure boot, SCSI storage. 6. Use of Pass-Through Disk in a VM Definition: Allows a VM to directly access a physical disk on the host. Use Cases: When you need direct disk performance without virtual hard disk (VHD) overhead. For large datasets or specialized hardware. Setup: Physical disk must be offline on the host. Assign the disk in the VM settings. 7. Production Checkpoints in Virtual Machines Definition: A checkpoint that uses VSS (Volume Shadow Copy Service) for consistent snapshots. Use: Back up VMs with consistent application data. Rollback to a known good state without data loss. Setup: Enable in Hyper-V Manager under VM settings. 8. PXE (Preboot Execution Environment) and WDS (Windows Deployment Services) PXE: Enables network booting to install an OS without physical media. WDS: Role in Windows Server for deploying OS images over the network. Key Features: PXE boot support, multicast deployments, image management. Setup: Add the WDS role, configure boot images, and deploy OS. 9. Windows Deployment Services Tool (WDS) Purpose: Streamline OS deployment via network. Features: Manage boot, install, and capture images. Integrate with PXE for automated installation. Setup: Install WDS role via Server Manager. Configure server (PXE response, boot images). Use WDS console for image deployment. 10. How Domain Controllers Handle Local and Domain User Accounts Domain User Accounts: Stored in Active Directory (AD). Provide centralized authentication across networked systems. Example: Logging into any domain-joined machine with domain credentials. Local User Accounts: Stored on individual computers. Used when no network or domain access is needed. Management: Domain Controllers only manage domain accounts, not local accounts. 1. Joining a Computer to an Active Directory Domain Steps: 1. Open System Properties (use sysdm.cpl). 2. Go to the Computer Name tab, and click Change. 3. Select Domain, enter the domain name, and click OK. 4. Provide credentials for a domain account with permission to join computers. 5. Restart the computer. PowerShell: Add-Computer -DomainName "DomainName" -Credential (Get-Credential) 2. Configuring a New Forest Root Domain Using PowerShell Steps: 1. Install the Active Directory Domain Services (AD DS) role: ○ Install-WindowsFeature AD-Domain-Services 2. Configure the forest root domain: ○ Install-ADDSForest -DomainName "YourDomainName" 3. Difference Between Domain Local, Global, and Universal Groups (AGDLP, AGUDLP) Group Scopes: Domain Local: Permissions assigned for resources in the same domain. Global: Can contain users from the same domain. Used for organizing users. Universal: Can contain users and groups from any domain. AGDLP: Accounts → Global Groups → Domain Local Groups → Permissions. AGUDLP: Accounts → Global Groups → Universal Groups → Domain Local Groups → Permissions. 4. Using Active Directory Sites and Services for Replication Purpose: Control replication between domain controllers. Steps: 1. Open AD Sites and Services. 2. Create Site Links and adjust replication intervals. 3. Configure schedules to ensure replication happens outside business hours. 5. Global Catalog in Active Directory Definition: A distributed data repository containing a searchable, partial replica of every object in AD. Use: Speeds up object searches across domains. Key Features: Universal group membership caching, cross-domain authentication. 6. FSMO (Flexible Single Master Operations) Roles: Schema Master: Manages AD schema. Domain Naming Master: Manages domain additions/removals in a forest. RID Master: Allocates RID pools to domain controllers. PDC Emulator: Handles password changes, time sync, and Group Policy updates. Infrastructure Master: Manages cross-domain object references. 7. Requirements for Installing AD as an Additional Domain Controller Pre-requisites: Ensure server has AD DS role installed. Network connectivity to existing domain controller. Sufficient permissions to promote a server. Steps: Use Install-ADDSDomainController PowerShell cmdlet or ADDS Wizard. 8. Adding a Global Catalog to a Domain Controller Steps: 1. Open Active Directory Sites and Services. 2. Expand the site, then expand Servers. 3. Right-click the target server and select NTDS Settings. 4. Enable Global Catalog. 9. Default Folders Under a Domain in Active Directory Key Folders: Users: Default container for new users. Computers: Default container for domain-joined machines. Domain Controllers: Contains all DC accounts. Built-in: Predefined groups (e.g., Administrators, Users). 10. EFS (Encrypting File System) Definition: Provides file-level encryption to protect data on NTFS volumes. Key Commands: Enable encryption: Right-click file > Properties > Advanced > Check Encrypt contents to secure data. PowerShell: Cipher /E /S:"[FolderPath]" (Encrypt a folder and its files). 11. Compressing Files Using CLI/PowerShell Command-Line: compact /C [FileName] (Compress a file). compact /U [FileName] (Uncompress a file). PowerShell: Use Compress-Archive to zip files: ○ Example: Compress-Archive -Path [FilePath] -DestinationPath [ZipPath]. 1. NTFS, ReFS, exFAT, FAT32 Key Differences: NTFS (New Technology File System): ○ Supports permissions, encryption, auditing, large files, and file compression. ReFS (Resilient File System): ○ Focused on data integrity, scalability, and resilience to corruption. exFAT (Extended File Allocation Table): ○ Optimized for flash drives; supports large files, but lacks permissions and security. FAT32 (File Allocation Table 32): ○ Compatibility with older systems but limited to 4GB file size and 2TB partitions. 2. Granting Read-Only Permissions on a File Within a Folder Steps: 1. Right-click the file, select Properties, and go to the Security tab. 2. Click Edit, then Add a user or group. 3. Grant Read permissions, ensure other write permissions are unchecked. PowerShell: icacls "FilePath" /grant "UserName:(R)" 3. Auditing Access to Files and Folders Steps: 1. Open Group Policy Management Editor. 2. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration. 3. Enable Object Access auditing. 4. On the folder, right-click Properties > Security > Advanced > Auditing and add users. 4. Audit Events Definition: Track actions like logins, file access, and system changes. Types: Logon Events: Success/failure of user logins. Object Access: Access to files, folders, and registry entries. Privilege Use: Tracks sensitive operations like shutdowns or backups. 5. Effective Access Definition: The actual permissions a user has on a resource, factoring in group memberships, explicit permissions, and inherited permissions. Steps to Check: 1. Right-click the resource, select Properties > Security > Advanced > Effective Access. 2. Select a user to view their permissions. 6. SMB/NFS Protocols SMB (Server Message Block): Used in Windows for file and printer sharing. NFS (Network File System): Common in UNIX/Linux, allows shared access to files over a network. Managing Both in a Single Network: Install both roles on Windows Server. Use SMB for Windows clients and NFS for UNIX/Linux clients. 7. Access-Based Enumeration (ABE) Definition: Users see only the files and folders they have permission to access. Enable ABE: Use Server Manager or Set-SmbShare in PowerShell: ○ Set-SmbShare -Name "ShareName" -FolderEnumerationMode AccessBased 8. NFS Shared Folder Permissions Key Concepts: Set permissions using UNIX-style permissions (e.g., chmod). Configure Export File on Linux or use Windows Server NFS settings. PowerShell: New-NfsShare to create and configure shares. 9. DFS Namespaces (Distributed File System) Definition: Provides a unified namespace for shared folders across servers. Types: Domain-based DFS: Requires AD, scalable, fault-tolerant. Standalone DFS: Does not require AD but lacks fault tolerance. Steps: 1. Add the DFS Namespace role in Server Manager. 2. Configure namespaces in DFS Management. 1. Soft and Hard Quotas Definitions: Soft Quotas: Enforce storage limits but allow users to exceed them. Typically used for monitoring. Hard Quotas: Enforce strict limits, preventing users from exceeding the allocated storage. Implementation: Use File Server Resource Manager (FSRM) on Windows Server to configure. fsutil quota can manage quotas via CLI. 2. SMB Shared Printer Management SMB Printer Sharing: Share printers over the network using SMB. Steps: 1. Share the printer via Devices and Printers. 2. Manage permissions for shared printers. 3. Use PowerShell: ○ Set-Printer -Name "PrinterName" -Shared $true 3. Print Spooler Functions and Management Using PowerShell Print Spooler: Handles print jobs by queuing and sending them to printers. Management: Start/Stop Service: ○ Start-Service -Name Spooler ○ Stop-Service -Name Spooler View Jobs: ○ Get-PrintJob 4. Major Print Device Issues Blank Pages: Check toner, cartridges, or paper trays. Garbled Text: Verify the correct printer driver is installed. PowerShell Commands: ○ Remove-PrintJob to clear problematic jobs. 5. RAID Volume Types RAID Levels: RAID 0: Striping, no redundancy, improves performance. RAID 1: Mirroring, redundancy by duplicating data. RAID 5: Striping with parity, fault tolerance with efficient storage. RAID 10: Combination of 1 and 0, offers redundancy and performance. 6. Key CLI Commands sconfig: Server Configuration tool for initial setup and management. chkdsk: Checks and repairs disk errors. Example: chkdsk /f gpupdate /force: Forces immediate Group Policy update. gpresult /r: Displays the applied Group Policy settings. ipconfig: Displays and manages IP configuration. 7. DNS Cache Management Purpose: Temporarily stores DNS lookups to speed up resolutions. Commands: View Cache: ipconfig /displaydns Clear Cache: ipconfig /flushdns 8. Authoritative DNS Server Types Primary DNS Server: Stores the original read-write copy of zone data. Secondary DNS Server: Holds a read-only copy of the zone, synced from the primary. 9. Root Hints Definition: A list of authoritative root servers used by DNS servers to resolve queries when they don't have the answer locally. 10. DNS Resource Records Types: A Record: Maps a hostname to an IPv4 address. AAAA Record: Maps a hostname to an IPv6 address. CNAME: Alias of another domain name. MX: Mail exchange server for email routing. PTR: Reverse lookup to map IPs to hostnames. NS: Delegates a DNS zone to an authoritative server. SRV: Service locator for specific services like AD. 1. DNS Zone Types Stub Zone: Contains only records necessary to locate authoritative DNS servers for a zone. Conditional Forwarder: Forwards DNS queries to specific servers based on the domain queried. Primary Zone: Stores the read-write copy of DNS data. Secondary Zone: Stores a read-only copy of the primary zone’s data for redundancy. 2. Using nslookup for DNS Troubleshooting Purpose: Diagnose DNS issues by querying DNS records. Common Commands: nslookup domain.com: Get IP for a domain. nslookup -type=MX domain.com: Find mail servers. nslookup -type=NS domain.com: Find name servers. 3. DORA Process in DHCP Steps: Discover: Client broadcasts to locate DHCP servers. Offer: Server responds with an IP offer. Request: Client requests the offered IP. Ack: Server acknowledges and assigns the IP. 4. DHCP Reservations, Exclusions, and Options Reservations: Assign specific IPs to devices based on MAC address. Exclusions: Reserve a range of IPs outside the DHCP scope. Options: Configure additional parameters (e.g., DNS, gateway). 5. Fault Tolerance for DHCP in DMZ Failover: Configure two servers for load balancing or hot standby. Split Scope: Distribute IP ranges between servers (e.g., 80/20 split). Backup: Regularly back up DHCP database. 6. Network Topologies Demark Point: Boundary between your network and ISP. DMZ (Demilitarized Zone): Isolated network segment for public-facing services. Edge Network: The interface between internal and external networks. 7. SaaS, PaaS, IaaS, XaaS SaaS (Software as a Service): Software accessed online (e.g., Google Workspace). PaaS (Platform as a Service): Platform for developing and deploying applications. IaaS (Infrastructure as a Service): Virtualized infrastructure (e.g., VMs, storage). XaaS (Anything as a Service): Broad category encompassing all as-a-service models. 8. Docker Containers Purpose: Run applications in isolated environments using lightweight virtualization. Key Features: Portable and efficient. Use images to create containers. Commands: docker run: Start a container. docker ps: List running containers. docker build: Create an image from a Dockerfile. 9. Group Policy Application and Use Purpose: Centrally manage user and computer settings in an AD domain. Scope: Can apply to sites, domains, and OUs. Common Uses: Enforce password policies. Deploy software. Restrict access to settings. 10. Default GPOs in an AD Domain Default Domain Policy: Applies security policies like password complexity across the domain. Default Domain Controllers Policy: Applies security settings specific to domain controllers. 1. Applying a GPO to Allow Users to Install a Package Purpose: Enable users to install approved software from Programs and Features. Steps: 1. Create or edit a GPO in Group Policy Management. 2. Navigate to: User Configuration > Administrative Templates > Control Panel > Programs 3. Enable the policy: Hide "Add a program from network". 4. Deploy the software package via Software Installation under: Computer Configuration > Policies > Software Settings > Software Installation. 2. AD RMS and ACLs Active Directory Rights Management Services (AD RMS): Protects digital content (e.g., documents, emails) by controlling who can view, edit, or distribute it. Rights are enforced even after the file leaves the organization. Access Control Lists (ACLs): Define permissions for users/groups on a resource (file, folder, object). Includes Allow and Deny rules for granular control. 3. Blacklisting vs. Whitelisting Blacklisting: Blocks specific applications or IPs while allowing all others. Whitelisting: Allows only approved applications or IPs, blocking everything else. Use Case: Whitelisting is more secure but requires thorough management. 4. Software Restriction Policies vs. Application Control Policies Software Restriction Policies (SRP): Used to restrict the types of software that can run on a system. Configured via GPO. Application Control Policies (AppLocker): A more advanced and flexible replacement for SRP. Allows defining rules for specific users/groups. 5. Common Ports and Their Uses Port 20 & 21: FTP (File Transfer Protocol) Port 22: SSH (Secure Shell) Port 23: Telnet Port 25: SMTP (Simple Mail Transfer Protocol) Port 53: DNS Port 80: HTTP Port 110: POP3 Port 143: IMAP Port 443: HTTPS Port 465/587: SMTP with SSL/TLS Port 993: IMAP over SSL Port 995: POP3 over SSL Port 3306: MySQL Port 1433: SQL Server Port 1521: Oracle Database Port 3389: RDP (Remote Desktop Protocol) Port 8530/8531: WSUS (Windows Server Update Services) 6. Actions to Solve Performance Problems Monitor System Resources: Use tools like Task Manager and Performance Monitor. Analyze Logs: Review Event Viewer for errors. Update Drivers and Patches: Ensure software and drivers are up-to-date. Optimize Services: Disable unnecessary services. Use sfc and DISM: Repair system files. 7. Server Maintenance Cycle Key Tasks: 1. Regular Backups: Ensure data is backed up and tested for integrity. 2. Patch Management: Apply updates to OS and applications. 3. Monitoring: Continuously monitor server performance and logs. 4. Security Checks: Perform vulnerability scans and update antivirus software. 5. Hardware Checks: Inspect physical components for wear and replace as necessary. 6. Documentation: Keep records of maintenance and changes.

FINAL EXAM STUDYING PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue