Interview Questions for Sys Admin/ Net Admin

===================================
Interview Questions for System Administrator / Network Administrator
General Questions
Q. Please describe the technical environment of your current (or most recent)
position.
A. When describing the technical environment that you currently support, be sure to
include the number of users you support, the number of IT staff, the technical
infrastructure including servers, types of connections, desktop operating systems,
your job duties, and your work schedule.
You should be prepared to talk about each of the positions you have listed on your
rsum in this way. Also be prepared with a follow-up statement of your most
significant accomplishment.
Q. How do you keep your technical knowledge and skills current?
A. Keeping your skills current demonstrates initiative and a desire to perform at high
standards. Be prepared with a list of resources including professional groups.
Q. Please describe your greatest technical challenge and how you overcame it.
A. Ah, an opportunity for a story. Great examples to draw on: how you taught
yourself a new operating system, the installation of a complex system, integration
of multiple systems, building of an e-commerce web site.
Q. What are some of the tools you use to make your job easier?
A. All network administrators have a bag of tricks. You should share some of your
trade secrets as a way of demonstrating that you can be efficient in your job as a
network administrator. These can include ghosting tools, troubleshooting tools, and
documentation tools.
Q. How do you document your network?
A. One of the toughest parts of network administration is keeping track of an always
changing environment. You must have basic documentation for user administration,
file system planning, and address planning. Share your documentation with your
interviewer.
Planning Questions
The interviewer will be interested in your network planning methodologies. The
following questions provide insight into these skills.
Q. What are some of the things you need to take into consideration when planning
an upgrade from one network operating system to another?
A. This is the mother of all planning activities because it will affect so many
resources. The key here is testing and backups and thats what the interviewer
wants to hear. Other considerations include:
Network documentation
Ensuring that your hardware meets the minimum hardware requirements for the
new operating system
Creating a test network for testing the compatibility of applications, hardware, and
drivers with the new operating system
Gathering all updated drivers and patches/service packs required for upgrade
compatibility
Identifying workflow issues before converting
Separating workstation conversions from server conversions
Ensuring you have backups of data and the servers so that you can revert back
Network addressing scheme
Q. Describe the backup/restore policy you use most.
A. First of all, the interviewer wants to ensure that you do backups! There are
different methods, but the most common backup strategy used is to perform
incremental backups Monday through Thursday and a normal backup on Friday. An
alternative backup strategy is to perform differential backups Monday through
Thursday and a normal backup on Friday.
Q. How would you ensure that your servers are secure?
A. Security always begins at the physical levelit makes little difference that youve
provided all the security the operating system and software can provide if someone
can walk away with the box or the portable hard drive. The next step is to ensure
you have the latest service packs for the operating system and applications running
on the server.
Installation
Q. What steps do you go through as part of your server installation process?
A. The interviewer wants to know whether your typical work habits are to just jump
in or whether you do some planning. You obviously want to ensure that your
hardware meets the minimum requirements, that you have all the right drivers for
the new operating system, and whether you need a ROM upgrade for your
hardware. Depending on how many installations youve done, you may have a
process that you like to follow. If you do, describe it to the interviewer.
Q. How do you determine which file system is best for your environment?
A. This question tests how well you plan for a variety of different environments. The
key here is to take into consideration the file format support required for backward
compatibility with other operating systems like NetWare or older versions of
Windows NT. Youll also want to make sure theres enough disk space for drivers and
files that must reside in the system partition, as well as space for a dump file if
anything goes wrong.
Q. Whats the first thing you should do after installing the network operating
system?
A. This is a test of your security skills. The first thing you should do is either change
the password on the administrator account or change the name of the account
itself.
Q. You just installed a service pack on the e-mail, SQL, print, and file servers. You
rebooted all the servers, and now the service pack installation is complete. Whats
the final step for the evening?
A. The interviewer wants to make sure that testing is an integral part of your routine
whenever you install software or make updates to systems. You may also want to
review the Event Viewer logs and look for any errors that have been registered. Its
a good idea to also examine the administrative interfaces for SQL and the e-mail
server to satisfy yourself that no anomalies have appeared there.
Configuration
Ninety percent of your day is spent configuring network services, whether its
installing applications, creating users, or adding printers.
Q. What methods are available for configuring a WINS server for use by various
Microsoft computers?
A. This question demonstrates to the interviewer that you are familiar with the
various methods for configuring routing using WINS. You can either configure the
WINS server manually or by way of a Dynamic Host Configuration Protocol Server.
Q. A user has left the company and you need to create a new user with the same
rights and permissions. What are some of the ways to create the new user?
A. By asking you to describe multiple ways of getting the job done, the interviewer
can assess your experience level with the operating system. Some of the correct
answers to this question include the following:
You could copy an existing users account to create a new account. However, the
rights and permissions for the new, copied account will be based purely on its group
memberships, not permissions g
ranted strictly to the original account itself.
Using Active Directory, you could use the CSVDE.exe program to create a new
account with specific group memberships; however, this program is usually
intended for bulk creation of accounts in your domain.
You could create the new account from scratch, assigning group permissions or
individual rights manually.
Q. What are some of the alternative ways for mapping a drive letter to a file server
if you wish to connect to one of the servers shared folders?
A. This question tests your experience by asking for alternate methods of getting
the job done. In addition to mapped drives you can use a Universal Naming
Convention path: \\servername\ sharename. You can also browse the Network
Neighborhood.
Q. You shared a printer from your NT server. What could you do to ensure that the
printer is easily accessible to your Windows 98 clients?
A. You may have to support older clients on your network. This question tests your
experience with older technology. In this case, you should load the Windows 98
printer drivers on the share point.
Q. How large can I make a file allocation table partition using the NT operating
system?
A. This question tests your familiarity with system capabilities and limitations. The
maximum FAT partition size is 4 gigabytes.
Q. Is it necessary for an NT client computer to use the servers name in that UNC
path?
A. There are typically multiple ways of accomplishing the same task. Thank
goodness, because you sometimes need them while troubleshooting. Using very
basic questions, the interviewer can assess your real knowledge and experience
with various operating systems. In this case, you can also use the servers TCP/IP
address.
Q. We are creating a web site on our NT server using Internet Information Server
4.0. We expect users to log on anonymously. How many client access licenses must
we purchase to allow up to 100 simultaneous connections to our web site?
A. This is a trick question to see if you understand the concept of user licensed
connections. Anonymous logons on IIS 4.0 do not require client access licenses.
Troubleshooting
Q. A user contacts you and reports that their Windows 2000 workstation is having
trouble connecting to the Web. You run the ipconfig command on the computer and
you find that the computer is not referencing the correct primary DNS server. What
must you do to remedy this?
A. Using this question, the interviewer can assess your routing troubleshooting
skills, an essential part of network administration. In this case, you would want to
check the primary DNS setting in the IP configuration of the computer. If ipconfig
shows a setting for the default DNS server other than what you want, this means
the computers IP configuration is incorrect. Therefore, the Windows 2000 client
computer needs to be reconfigured.
Q. Users are complaining of slow performance when they run server-based
applications.
The server has the following specifications:
> Compaq 1600
> 800 MHz Pentium 3
> 256MB of RAM
> 18GB EIDE hard drive
> 10/100 NIC
> Connected to a Cisco switch
The performance monitor shows the following:
Memory Pages/Sec: 5
Physical Disk % Disk Time: 20 percent
Processor % Processor Time: 90 percent
What is the best way to improve the systems performance?
A. This question tests your knowledge of server optimization. In this case, the
recommendation should be to upgrade the processor. Microsoft recommends you do
so if the CPU utilization averages over 70 to 75 percent.
Q. A user is having trouble sharing a folder from their NT Workstation. What is a
likely cause?
A. The interviewer is testing your basic knowledge of rights. In order to share a
folder you must be logged on as an administrator, server operator (in a domain), or
power user (in a workgroup).
Q. Youve shared a folder and set the share permissions to Everyone = Full
Control. However, none of the users can save information in the folder. Whats the
likely cause?
A. This is another question that tests your knowledge of permissions. The likely
cause is that someone has set the NTFS permissions in a more restrictive manner
than the share permissions. Between those two categories of permissions, the more
restrictive of the two always applies to users accessing the folder over the network.
Q. What is the most likely cause for the failure of a user to connect to an NT remote
access server?
A. Supporting remote users may be a big part of your job. Its important to
understand the proper configuration and troubleshooting of the NT RAS. In this case,
the user must be granted the RAS dial-in permission.
Q. A remote user in Montana, who is not technical and is scared to death of
computers, calls for help. The user logged in to your network via the terminal
server. You determine that the solution to the users problem requires an edit of a
hidden read-only file, deleting a system file in the winnt\system32 folder, and
creating a simple batch file on the users computer. What tools would you use to
resolve this problem?
A. This question tests your ability for remote troubleshooting. An administrator can
edit these files on the users computer by connecting to it over the network via the
Computer Management console in Windows 2000. Using this console, you can
access the administrative shares (C$, D$, and so on) that represent the partitions
on the users computer. From there, you can edit or create any files necessary to
repair the problem.
Windows NT Networking Questions
Windows NT is still the most popular operating system around. You should be
comfortable with this environment to be able to respond to the following questions
that an interviewer may ask you.
Q. Why is Windows Internet Name Server needed in a Windows NT domain?
A. An important part of network administration is setting up the server and clients
so they can find one another. WINS is necessary to achieve NetBIOS name
resolution. Your desktop clients can then log on to the domain, and the domain
controllers can authenticate to one another.
Q. What is the normal replication interval between the primary domain controll
er and the backup domain controller?
A. The PDC waits five minutes after a change in the domain database before
pulsing, or notifying, the BDCs.
Q. How can you synchronize a BDC immediately?
A. Within the server manager, select the BDCs account, choose the Computer
menu, and select Synchronize With Primary Domain Controller.
Q. Users change their passwords in the NT domain every 30 days. Our primary
domain controller is in New York, but we have users in our California office. When a
California user changes their password, will they be able to use the new password
immediately, or must they wait for replication to occur to a backup domain
controller in California?
A. You must have a firm grasp of replication. In this case, waiting for a replication
will not be necessary. If a BDC doesnt recognize a users password, it will
automatically appeal to the PDC to establish its validity.
Q. Ive created logon scripts for my users on the primary domain controller. Ive
correctly mapped them in the properties of my users accounts. Some run, some do
not. What should I check next?
A. The scripts should be replicated to all of your backup domain controllers. The
domain controller that validates the logon is the one that runs the script.
Q. Is it possible to create a domain account from an NT member server?
A. Yes. By using User Manager for Domains, you can create the account from the
member server. The account will actually be created on the primary domain
controller, however.
Q. Someone just dropped a safe on our primary domain controller. What should we
do next?
A. You should promote one of your backup domain controllers to become the
primary domain controller.
Q. After the promotion, what happens if we bring the old PDC back online?
A. When the old PDC gets back online, its Netlogon service will fail. You can resolve
this through Server Manager by first demoting it to a backup domain controller and
then promoting it to a primary domain controller.
Q. One of your users logs on to the domain from his NT Workstation. Due to a
network failure the following day, he is unable to contact a domain controller when
he tries to log on. Can the user log on with his domain account?
A. Yes. He will be able to log on with locally cached credentials.
Q. Someone deleted the account of one of my backup domain controllers in Server
Manager. When the BDC boots up, it is unable to authenticate to the primary
domain controller, and its Netlogon service fails. What can I do?
A. Either restore the account from a backup or reinstall the backup domain
controller from scratch.
Q. How can I promote one of my member servers to become a backup domain
controller?
A. You cant. You must reinstall the entire operating system as a domain controller
(either a backup or primary domain controller).
Q. Does it matter which of my domain controllers I upgrade to Windows 2000 first?
A. Yes. You must upgrade the primary domain controller to Windows 2000 before
any of the backup domain controllers.
Q. What about the member servers and workstations? Must I upgrade them in any
particular order?
A. No. member servers and workstations can be upgraded in any order.
Active Directory
In order to manage an Active Directory Services environment, you must be
comfortable with planning, security and permissions, authentication, and
synchronization. The following questions may be asked by the interviewer to assess
your experience with performing these functions.
Q. What rights must your logged-in account have when creating a Windows 2000
forest?
A. You must understand rights and permissions thoroughly. In this instance, the
account must have administrative rights on the Windows 2000 server used to create
the new forest.
Q. What rights must your account have when adding a domain to an existing forest?
A. In this case, you must be a member of the Enterprise Administrators group.
Q. My account has the proper rights, but when I try to create a new domain I get an
error message stating that the Domain Naming Master cannot be contacted. What
does this mean?
A. An experienced network administrator will be able to readily troubleshoot for
problems such as this one. This scenario can mean network connectivity issues or a
failed Domain Naming Master, which is the domain controller for the forest root
domain.
Q. Why is Domain Name System (DNS) so important to an Active Directory forest?
A. As a network administrator you must understand name resolution. DNS is critical
to your forest because it possesses all of the service (SRV) records. These records
indicate the TCP/IP address and port necessary to locate a specific service offered
by a server.
Q. Does the DNS server have to be a Windows 2000 server?
A. This is a trick question. DNS is independent of Windows 2000 and so the answer
is no. To support Active Directory, the DNS server must support two BIND (Berkeley
Internet Name Domain) version standards: 4.9.6 (SRV records) and 8.1.2 (dynamic
updates).
Q. What rights does a user need in order to create computer accounts in an Active
Directory domain?
A. By default, a user only needs to be recognized as a member of the Authenticated
Users group to add workstations to a domain. This permission is established in the
Default Domain Controllers policy, and permits users to create up to ten accounts.
Q. Is it possible to have entirely separate domain name spaces within the same
forest?
A. When it comes to Active Directory, you must have a thorough understanding of
forest limitations. In this case, you can have multiple domain name spaces within
the same forest.
Q. Do clocks synchronize automatically between Windows 2000 computers?
A. This question tests your understanding of Active Directory synchronization.
Clocks do synchronize only within a domain. The Primary Domain Controller
Emulator handles this task for you. But there is no server that automatically
synchronizes clocks between your separate domains.
Q. To create Group Policy objects in a domain, what group must you be a member
of?
A. You must be a member of the Group Policy Creator Owners group in your domain
to create these objects.
Q. Is it possible to prevent the application of a Group Policy to a user account within
one of our organizational units?
A. To prevent the application of a
Group Policy to a user, you would deny the Read and Apply Group Policy
permissions to the user in that organizational unit.
Q. Is it possible to schedule replication between two domain controllers in Active
Directory?
A. This question assesses your knowledge of configuration options for domain
controllers within Active Directory. In this case, place the domain controllers in
different sites. Then set the schedule on the Site Link object that connects the sites.
Q. My Windows 98 users cannot search for published objects in our Active Directory
domain. How do I add this capability to their computers?
A. Add the DSClient utility to their computers from the Windows 2000 Server CD.
Q. What are some of the ways of propagating permissions set on an Active Directory
object to lower-level child objects?
A. Administering security is a big part of an administrators job. One way to
accomplish this task is the following: On the Security tab of the parent object, click
the Advanced button. Using the special permissions list, be sure to select Apply
ontoThis object and all child objects. Another method is to use the Delegation of
Control Wizard.
Q. An organization is running a web site using Internet Information Server 5.0 on a
Windows 2000 Server. The site allows both Anonymous and Integrated Windows
authentication. When our domain users connect to the site, which authentication
method is used?
A. Understanding authentication modes is a critical part to troubleshooting and
effectively securing resources. In this case, they will authenticate as the Anonymous
account. An exception to this would be seen if the Anonymous account lacked
permissions to a particular resource on the web site, in which case Integrated
Windows authentication would be attempted.
Q. How can I move the Active Directory database and log files to a different drive on
the domain controller?
A. This can be accomplished by rebooting the domain controller using Directory
Services Restore Mode and running the ntdsutil tool.
Q. An administrator accidentally deleted an entire organizational unit containing
200 users from our domain. How can you recover the organizational unit?
A. Everyone has these types of situations. You must know how to recover from these
mistakes. In this case, rebooting a domain controller using Directory Services
Restore Mode and conducting an authoritative restore of the OU from a backup will
solve the problem.
Q. We demoted our Primary Domain Controller Emulator to become a member
server in our domain. What do we need to do to transfer the PDC Emulator role to
another domain controller?
A. This question tests how well you understand how the PDC Emulator works. In this
situation, the role was automatically transferred when the former PDC Emulator was
demoted.