Professional Documents
Culture Documents
A GUIDE TO PREPARATION
SERVER STORAGE AND DATA CENTER (SSD)
RESTRICTED
RESTRICTED
Contents
A. Questions on Server Related Services ................................................................................ 2
B. Questions on Azure and Hyper-V .............................................................................................. 20
C. Questions on Storage System.................................................................................................... 22
D. Questions and Answers on Exchange Server ............................................................................ 25
E. Question & Answers on Datacenter .......................................................................................... 40
F. How to Backup Windows Active Directory Server................................................................. 44
G. How to update windows clients from WSUS Server ............................................................. 49
H. Create and Apply VM Checkpoints from Windows Hyper-V ................................................ 52
I. Creating Distribution Group in Exchange Server 2016 ........................................................... 55
J. Map a Shared Folder to Network Drive Using Group Policy in Windows .............................. 57
1
RESTRICTED
RESTRICTED
1. You have been assigned to deploy a new Windows Server that will be used as a
file server for a small organization. What steps would you take to ensure the
server is secure and can handle the expected load of files and users?
Answer:
a) Ensure that the server has the latest Windows Server updates installed and that it
meets the minimum hardware requirements for the expected workload.
b) configure the server with appropriate security settings, such as disabling
unnecessary services, configuring firewall rules, and enabling antivirus software.
c) Create shared folders for the different groups of users and set appropriate
permissions to control access.
d) Finally configure backups and disaster recovery procedures to ensure that the
organization’s data is protected in case of any unforeseen incidents.
2
RESTRICTED
RESTRICTED
3
RESTRICTED
RESTRICTED
e) Once the root cause of the issue has been identified, implement appropriate
solutions, such as increasing system resources, optimizing services, or resolving
network issues.
7. Your organization is planning to implement a Remote Desktop Services (RDS)
environment. What steps would you take to ensure a successful
implementation?
Answer:
a) Plan the RDS environment, including the number of servers required, user groups,
and the applications that will be published.
b) Configure the RDS roles on the servers, including the Remote Desktop Gateway,
Remote Desktop Session Host, and Remote Desktop Web Access.
c) Also configure security settings, such as SSL certificates, group policies, and
firewall rules, to ensure that the RDS environment is secure.
d) Finally, test the RDS environment to ensure that it is functioning correctly and that
all users can access the published applications.
4
RESTRICTED
RESTRICTED
10. Your organization is planning to implement a new backup strategy for its
Windows Servers. What steps would you take to ensure that the backup strategy
is effective and efficient?
Answer:
a) Determine the organization’s data backup requirements, such as retention periods,
backup frequency, and recovery time objectives.
b) Select an appropriate backup solution, such as Windows Server Backup or a third-
party backup tool, based on the organization’s needs and budget.
c) Configure the backup jobs to ensure that they are scheduled and run regularly, and
that they back up all critical data and system files.
d) Test the backup and recovery process to ensure that it is reliable and efficient.
e) Finally, ensure that the backups are securely stored and that there are procedures in
place to handle any backup failures or data loss.
11. How do you configure and manage Remote Access in Windows Server?
Answer: To configure and manage remote access in Windows Server, you can follow
these steps:
a) Install the Remote Access role: Open Server Manager and select Add Roles and
Features. Follow the wizard to select the Remote Access role, and choose the
appropriate sub-roles such as DirectAccess, VPN, or Web Application Proxy.
b) Configure Remote Access policies: After installing the Remote Access role, you
can configure policies for remote access, such as authentication methods, network
access rules, and connection protocols. To configure policies, open the Remote
Access Management Console and select the appropriate policy type such as VPN
or DirectAccess.
c) Configure Remote Access clients: Once policies are configured, you can configure
clients to connect to the remote access server. Clients can be configured using
standard Windows VPN clients, DirectAccess clients, or web-based clients using
Web Application Proxy.
d) Monitor and troubleshoot Remote Access: To monitor and troubleshoot Remote
Access, you can use built-in tools such as the Remote Access Management
Console, the Routing and Remote Access console, or event logs. These tools can
help you track connection attempts, diagnose connection issues, and view
performance statistics.
e) Secure Remote Access: It’s important to secure remote access by using
appropriate authentication methods, such as multi-factor authentication or
certificate-based authentication, and by using encryption for data in transit. You
can also use features such as Network Access Protection (NAP) to enforce
security policies on remote access clients.
f) Manage Remote Access infrastructure: To manage Remote Access infrastructure,
you can use tools such as PowerShell, System Center Configuration Manager
(SCCM), or third-party management tools. These tools can help you automate
5
RESTRICTED
RESTRICTED
12. What is a certificate authority (CA) and how do you set one up in Windows
Server?
Answer: A Certificate Authority (CA) is a trusted entity that issues digital certificates used
for secure communication over the Internet. Digital certificates are used to verify the
identity of an individual, organization, or server and ensure secure communication
between two parties. In Windows Server, you can set up a CA using the following steps:
a) Install the Certificate Services role: Open Server Manager and select Add Roles
and Features. Follow the wizard to select the Certificate Services role.
b) Configure the CA: After installing the Certificate Services role, you can configure
the CA by running the Certification Authority snap-in from the Start menu. Choose
the type of CA you want to set up, such as an enterprise CA or standalone CA,
and configure the CA settings, such as the certificate validity period, key length,
and certificate revocation settings.
c) Configure certificate templates: Certificate templates are used to define the types
of certificates that can be issued by the CA. You can create and configure
certificate templates by running the Certificate Templates snap-in from the Start
menu.
d) Issue certificates: Once the CA and certificate templates are configured, you can
issue certificates by running the Certificate Authority snap-in and selecting the
appropriate template. You can choose to issue certificates manually or
automatically, depending on your needs.
e) Manage the CA: To manage the CA, you can use tools such as the Certification
Authority snap-in, the Certificate Templates snap-in, or PowerShell cmdlets. These
tools can help you monitor certificate issuance, revoke certificates, and manage
certificate revocation lists (CRLs).
f)
13. What is the role of LDAP?
Answer: LDAP stands for Lightweight Directory Access Protocol which is a directory
service similar to the database that is used for storing computers, users, objects, etc.
Moreover, it helps in adding, removing, and updating computer objects in the directory.
14. What is Active Directory Federation Services (ADFS) and how does it work in
Windows Server?
Answer: Active Directory Federation Services (ADFS) is a Microsoft technology that
enables secure single sign-on (SSO) between different organizations, allowing users to
authenticate with their own organization’s identity provider (IDP) and access resources in
another organization without having to provide separate login credentials. ADFS uses
standards-based authentication protocols such as Security Assertion Markup Language
6
RESTRICTED
RESTRICTED
(SAML) and OAuth to establish trust relationships between identity providers and service
providers.
In Windows Server, ADFS can be set up using the following steps:
Install ADFS: Open Server Manager and select Add Roles and Features. Follow the
wizard to select the ADFS role.
Configure ADFS: After installing the ADFS role, you can configure ADFS by running the
ADFS Management snap-in from the Start menu. Configure the ADFS settings, such as
the federation service name, certificate settings, and trust relationships.
Add identity providers and service providers: ADFS relies on trust relationships between
identity providers and service providers to enable SSO. You can add identity providers
and service providers to ADFS by using the ADFS Management snap-in and specifying
the appropriate SAML or OAuth endpoints.
Test SSO: Once the identity providers and service providers are configured, you can test
SSO by logging in to a service provider application and being redirected to the identity
provider for authentication. After successful authentication, you should be redirected back
to the service provider application and granted access.
Monitor and troubleshoot ADFS: To monitor and troubleshoot ADFS, you can use tools
such as the ADFS Management snap-in, the Event Viewer, or the ADFS diagnostics
cmdlets. These tools can help you diagnose authentication issues, view log files, and
monitor performance statistics.
15. What do you understand by WSUS and WDS?
WSUS stands for Windows Server Update Services (WSUS) which refers to a computer
program and network service developed by Microsoft. This helios the managing and
handling of the distribution of updates of products in the Windows environment.
WDS stands for Windows Deployment Services, and it’s used to remotely install Windows
operating systems (OS) over the network. This is a Microsoft server technology that
facilitates the installation of Windows operating systems via a network. Remote Installation
Services has been superseded by this.
17. What is the difference between a stand-alone server and a member server in
Windows Server?
In Windows Server, a stand-alone server is a server that operates independently and does
not belong to any domain or Active Directory forest. It has its own set of local user accounts
7
RESTRICTED
RESTRICTED
and security policies and does not share resources or authentication information with other
servers.
On the other hand, a member server is a server that belongs to a domain or Active
Directory forest and can share resources and authentication information with other servers
in the same domain or forest. It relies on the domain or forest for user authentication and
security policies, and can be managed centrally using tools such as Group Policy.
The main difference between a stand-alone server and a member server is their
relationship with Active Directory. A stand-alone server does not participate in Active
Directory, while a member server is a participant in Active Directory and can leverage its
features and benefits, such as centralized management and authentication, resource
sharing, and group policy control.
18. How do you configure and manage server roles and features in Windows
Server?
In Windows Server, you can configure and manage server roles and features using Server
Manager, a graphical tool that provides a central location for managing servers, roles, and
features. Here are the steps to configure and manage server roles and features using
Server Manager:
a) Open Server Manager: Click on the Server Manager icon in the taskbar or search for
Server Manager in the Start menu.
b) Add a server: If the server you want to manage is not already listed in the Server
Manager dashboard, you can add it by clicking on the Add servers button and
specifying the server name or IP address.
c) Install a role or feature: To install a role or feature, click on the Add roles and features
button in the Dashboard or select the Manage menu and choose Add Roles and
Features. Follow the wizard to select the desired roles and features, customize the
installation settings, and complete the installation.
d) Configure a role or feature: Once a role or feature is installed, you can configure its
settings by selecting the appropriate role or feature from the Server Manager
dashboard and choosing the appropriate options.
e) Manage a role or feature: To manage a role or feature, you can use the Server
Manager tools and features, such as the Remote Desktop Services Manager or the
DHCP Manager. These tools allow you to monitor and manage the settings and activity
of the selected role or feature.
f) Remove a role or feature: If you no longer need a role or feature, you can remove it
by selecting the appropriate role or feature from the Server Manager dashboard and
choosing the Remove option.
8
RESTRICTED
RESTRICTED
22. What is the difference between a file share and a file system in Windows Server?
In Windows Server, a file system is the underlying structure used to organize and store
files and folders on a storage device, such as a hard drive, SSD, or network-attached
storage (NAS) device. Common file systems used in Windows Server include NTFS (New
Technology File System) and ReFS (Resilient File System).
A file share, on the other hand, is a resource that allows multiple users and computers to
access the files and folders stored on a file system over a network. When you share a
folder or drive on a server, you create a file share that can be accessed by other users
and computers on the network.
The main difference between a file system and a file share is their level of accessibility. A
file system is a low-level component that is managed by the operating system and is
responsible for organizing and managing files and folders on a storage device. A file share,
on the other hand, is a higher-level component that allows users and computers to access
and interact with the files and folders stored on a file system over a network.
9
RESTRICTED
RESTRICTED
A thread consists of many executable programs that combine as a solitary process. For
example, a thread can send a notification error to the customer. Therefore, an alternative
can contract with the signals of error even though the third thread may execute the primary
action.
26. Explain Group Policy Objects (GPO) and name its types.
GPO refers to the setting that manages the client records at the workplace, and also at
computer records. This helps in explaining the programming establishment, security
alternatives, upkeep choices and library-dependent arrangements, folder redirection
choices, and content choices. Further, there are two types of GPO:
Firstly, Local GPO. These are kept on close devices.
Secondly, Non-local GPO. These can be accessed from the Active Directory and are kept
on a domain controller.
10
RESTRICTED
RESTRICTED
To integrate a third-party directory service with AD, you will typically need to use a
synchronization tool that can connect to both AD and the third-party directory service. This
tool will synchronize user identities and attributes between the two directories, ensuring
that user information is consistent across both systems.
Once the integration is set up, users can authenticate using their credentials from either
directory service, and access permissions can be managed across both environments.
This allows for a more flexible and scalable identity management solution, which can be
especially useful in complex and heterogeneous environments.
11
RESTRICTED
RESTRICTED
can simplify management and monitoring, and provide a unified view of your entire hybrid
cloud environment.
30. Explain the basic functionality of the domain controller?
The domain controller is responsible for verifying the customer’s too many networks.
Moreover, it also brings a set of objects that are involved in the Active Directory.
34. What is Windows Server Core and how is it different from the full GUI version of
Windows Server?
Windows Server Core is a minimalistic installation option of Windows Server that includes
only the essential components needed to run specific server roles. It does not include the
full graphical user interface (GUI) that is included in the full version of Windows Server.
Instead, it provides a command-line interface for managing the server, along with a limited
set of graphical tools.
The main difference between Windows Server Core and the full GUI version of Windows
Server is the amount of resources that each version requires to run. Since Windows Server
Core has fewer components and services installed, it requires less disk space, memory,
and CPU resources, making it a more lightweight and efficient option for running certain
server roles. This can be especially useful in scenarios where resources are limited, such
as in virtualized environments.
Another benefit of Windows Server Core is improved security. Since it includes fewer
components and services, there are fewer attack surfaces that can be exploited by
12
RESTRICTED
RESTRICTED
malicious actors. Additionally, the lack of a GUI reduces the need for additional software,
reducing the overall attack surface of the server.
However, the lack of a GUI in Windows Server Core means that management tasks must
be performed using command-line tools or remote management tools. This can be more
difficult for administrators who are used to using the graphical tools in the full GUI version
of Windows Server.
13
RESTRICTED
RESTRICTED
39. What is PowerShell Desired State Configuration (DSC) and how does it work in
Windows Server?
PowerShell Desired State Configuration (DSC) is a configuration management tool that
allows administrators to define and manage the configuration of Windows servers using
PowerShell scripts. DSC enables administrators to automate the configuration of servers,
ensuring that they remain in a desired state and are always compliant with established
policies.
DSC works by defining a desired state for a server or group of servers, which is defined
in a PowerShell script. This script defines the configuration settings that need to be applied
to the server, including settings related to the operating system, applications, and security.
Once the desired state is defined, DSC continuously monitors the server to ensure that it
remains in the desired state.
If the configuration of the server changes, DSC will automatically apply the necessary
configuration changes to bring the server back into the desired state. This ensures that
servers remain compliant with established policies and reduces the risk of configuration
drift and other issues that can impact server performance and security.
DSC can be used to manage configuration across a wide range of Windows Server roles
and features, including Active Directory, Internet Information Services (IIS), Hyper-V, and
more. It can also be integrated with other Microsoft technologies, such as System Center
Configuration Manager (SCCM), to provide a comprehensive configuration management
solution for Windows Server environments.
40. Explaining the DHCP server configuring process for assigning the same IP
address to define devices whenever there is a change or removing of the
address?
For configuring the DHCP server, you can build a reservation for the device. However, for
creating a reservation, you must know the MAC hardware address of the device. Further,
for discovering the MAC address for a network device you can use the IP config command-
line utilities.
14
RESTRICTED
RESTRICTED
This refers to a set of files and folders placed on the local hard disk of each domain
controller in a domain. They are replicated by the File Replication Service with having files
containing group or user policy details.
42. What is Windows Server Manager and how is it used to manage multiple
servers?
Windows Server Manager is a management tool included in Windows Server that provides
a centralized interface for managing multiple servers in a Windows Server environment.
With Server Manager, administrators can manage multiple servers from a single console,
reducing the amount of time and effort required to manage server infrastructure.
Server Manager provides a dashboard-style interface that displays an overview of server
status, including system health, updates, and alerts. Administrators can use this interface
to view and manage server roles and features, monitor performance, configure security
settings, and more.
Server Manager also supports remote management of servers, which allows
administrators to manage servers from a central location without having to physically
access each server. This can be especially useful in large, distributed environments where
servers are located in different geographic locations.
In addition to managing individual servers, Server Manager also provides the ability to
create server groups, which allows administrators to manage multiple servers as a single
unit. This can be useful for managing servers that share common characteristics or roles,
such as web servers, file servers, or database servers.
15
RESTRICTED
RESTRICTED
Windows OS was released for user systems like desktop, Laptop, Tablet, Mobile, X-box,
etc. In this, multiple user accounts can be created, but, only one user can log in at a time.
Further, this has the support of limited CPU(2), core(256), and RAM(2TB).
45. What is the Windows Server Storage Spaces feature and how does it work?
Windows Server Storage Spaces is a feature in Windows Server that allows administrators
to create virtual storage pools by combining multiple physical storage devices into a single,
logical storage unit. Storage Spaces provides a flexible and scalable storage solution for
Windows Server environments, allowing administrators to easily manage and expand
storage capacity as needed.
Storage Spaces works by abstracting physical storage devices, such as hard drives or
solid-state drives (SSDs), into virtual storage pools. These pools can then be partitioned
into virtual disks, which can be used to store data. Administrators can configure various
features of the virtual disks, including their size, resiliency, and performance
characteristics.
One of the key benefits of Storage Spaces is its ability to provide resiliency to storage. By
combining multiple physical storage devices into a virtual storage pool, Storage Spaces
can create redundant copies of data to protect against hardware failures. There are
several resiliency options available, including simple, mirror, parity, and dual parity.
In addition to providing resiliency, Storage Spaces can also improve performance by using
techniques such as striping and tiered storage. Striping involves dividing data across
multiple physical storage devices, which can improve read and write performance. Tiered
storage involves using multiple tiers of storage, such as SSDs and hard drives, to improve
performance for frequently accessed data while reducing costs for less frequently
accessed data.
16
RESTRICTED
RESTRICTED
48. What is the difference between Windows Server Backup and third-party backup
solutions?
Windows Server Backup is a backup and recovery solution included in Windows Server,
while third-party backup solutions are backup and recovery solutions developed by third-
party vendors. While both types of solutions are designed to provide data protection for
Windows Server environments, there are several differences between them.
One key difference is the level of functionality and features provided. Windows Server
Backup provides basic backup and recovery functionality, including support for system
state backups, full server backups, and selective file backups. However, it does not
provide advanced features such as backup scheduling, backup replication, or centralized
management of backups across multiple servers. Third-party backup solutions, on the
other hand, typically provide a broader range of features and functionality, including
support for cloud backups, backup replication, advanced scheduling, and more.
Another difference between Windows Server Backup and third-party backup solutions is
the level of support and customization available. While Windows Server Backup is a
Microsoft product and is fully supported by Microsoft, third-party backup solutions may
have different levels of support and may require additional configuration or customization
to integrate with Windows Server environments.
Finally, there may be differences in cost between Windows Server Backup and third-party
backup solutions. While Windows Server Backup is included with Windows Server at no
additional cost, third-party backup solutions may require a separate license or subscription
fee.
51. What are some best practices for monitoring and optimizing the performance of
a Windows Server?
Here are some best practices for monitoring and optimizing the performance of a Windows
Server:
17
RESTRICTED
RESTRICTED
Monitor key performance indicators: Use performance monitoring tools to track key
metrics such as CPU usage, memory usage, disk usage, network traffic, and application
performance. This can help you identify potential performance issues before they become
critical.
Analyze performance data: Analyze the performance data you collect to identify trends
and patterns that may indicate performance bottlenecks or other issues. Use this data to
optimize your server configuration and make informed decisions about capacity planning.
Optimize hardware resources: Ensure that your hardware resources (CPU, memory,
storage, and network) are properly configured and allocated to support the applications
and services running on your server. Make sure to periodically review and adjust resource
allocation as needed.
Use optimized software settings: Ensure that your server is configured with optimized
software settings to improve performance. This includes settings for the operating system,
applications, and services.
Use best practices for storage: Implement best practices for storage, including using RAID
arrays, optimizing disk performance, and using storage tiering to balance performance
and cost.
Use virtualization where appropriate: Consider using virtualization to optimize hardware
resources and improve performance. Virtualization can also make it easier to manage and
scale your server environment.
Implement caching: Implement caching solutions such as Content Delivery Networks
(CDNs) or server-side caching to improve performance for web-based applications and
services.
Regularly update and maintain the server: Regularly update and maintain the server with
the latest patches, firmware, and drivers to ensure optimal performance and security.
Monitor system logs: Monitor system logs to detect and diagnose potential issues before
they become critical. Use this information to improve performance and optimize server
configurations.
Use automation: Use automation tools to help streamline routine tasks such as backups,
updates, and maintenance. This can help reduce downtime and improve overall
performance.
18
RESTRICTED
RESTRICTED
59. What will you do if an HTTP monitor warns that a website is down, and you can
telnet to the port?
Firstly, I will figure the problem with the monitor if the web page is up. The other issues
can be flapping, or system overload.
19
RESTRICTED
RESTRICTED
on your system. Moreover, it provides access to a large amount of data backup and in
this, you can access the server backup using command lines and the management
console.
63. What is Microsoft Azure and how does it integrate with Windows Server?
Microsoft Azure is a cloud computing platform and infrastructure offered by Microsoft. It
provides a wide range of cloud services, including virtual machines, storage, database
services, networking, and more. Azure is designed to enable businesses to build, deploy,
and manage applications and services in the cloud, using a flexible and scalable
infrastructure.
20
RESTRICTED
RESTRICTED
b) Azure Backup: Windows Server can be backed up to Azure using Azure Backup.
This provides a reliable and secure way to protect your data, without having to
maintain your own backup infrastructure. You can also use Azure Backup to
restore your Windows Server environment in case of a disaster.
c) Azure Active Directory: Windows Server can be integrated with Azure Active
Directory (AAD), which is Microsoft’s cloud-based identity and access
management service. This allows you to manage user identities and access
permissions across your Windows Server environment and Azure services from a
single console.
d) Azure Site Recovery: Windows Server can be protected with Azure Site Recovery,
which provides disaster recovery and business continuity services. This enables
you to replicate your Windows Server environment to Azure, and failover to Azure
in case of a disaster.
21
RESTRICTED
RESTRICTED
1. SAN Definition
A Storage Area Network (SAN) is a network of storage devices that can be accessed by
multiple servers or computers, providing a shared pool of storage space. Each computer on
the network can access storage on the SAN as though they were local disks connected directly
to the computer.
A SAN and network-attached storage (NAS) are two different types of shared networked
storage solutions. While a SAN is a local network composed of multiple devices, NAS is a
single storage device that connects to a local area network (LAN).
3. How do SANs differ from other data storage solutions like NAS or DAS?
The main difference between a SAN and other data storage solutions is that a SAN is designed
to be a high-performance storage network that is separate from the rest of the network. This
allows for much higher data transfer speeds and more flexibility in terms of how the storage is
used.
There are three different types of SAN architectures: block, file, and object. Block SANs are
the most common and use a block-based storage protocol, such as Fibre Channel, to connect
storage devices to servers. File SANs use a file-based storage protocol, such as NFS or CIFS,
to connect storage devices to servers. Object SANs use an object-based storage protocol,
such as Amazon S3, to connect storage devices to servers.
22
RESTRICTED
RESTRICTED
5. Fabric-based SAN
A Fabric-based SAN is a type of storage area network that uses a Fibre Channel fabric to
connect storage devices to servers. This type of SAN is typically used in enterprise
environments where high levels of performance and availability are required.
6. Difference between Fiber Channel and iSCSI? Which one would you recommend
for a certain use case?
Fiber Channel is a point-to-point connection that uses optical fiber, while iSCSI is a point-to-
point connection that uses copper wire. I would recommend Fiber Channel for use cases that
require high bandwidth and low latency, while iSCSI would be a better choice for use cases
that are more concerned with cost.
7. SAN switch
A SAN switch is hardware that connects servers to shared pools of storage devices. It is
dedicated to moving storage traffic in a SAN. SAN switch is responsible for connecting devices
in a SAN and providing a path for data to travel between them. In order for data to be read
from or written to a storage device, it must first pass through the Fibre Channel switch.
A system of abstracting data storage so that the provisioning and management of storage are
separated from the underlying hardware. This allows separate pools of physical storage
resources to be managed together as a single logical device.
23
RESTRICTED
RESTRICTED
10. RAID
RAID is a technology that is used to increase the performance and/or reliability of data storage.
The abbreviation stands for either Redundant Array of Independent Drives or Redundant Array
of Inexpensive Disks, which is older and less used. A RAID system consists of two or more
drives working in parallel. These can be hard discs, but there is a trend to also use the
technology for SSD (Solid State Drives). There are different RAID levels, each optimized for a
specific situation. These are not standardized by an industry group or standardization
committee. This explains why companies sometimes come up with their own unique numbers
and implementations. This article covers the following RAID levels:
RAID 0 – striping
RAID 1 – mirroring
RAID 5 – striping with parity
RAID 6 – striping with double parity
11. Advantages of using a SAN over other storage options like NAS, RAID, etc.
Some advantages of using a SAN over other storage options include the ability to scale
storage capacity and performance independently, the ability to connect multiple servers to the
same storage pool, and the ability to provide high availability and disaster recovery capabilities.
12. Difference between block level and file level access to a SAN
Block level access is when each individual block of data is addressed separately. This is the
most common type of access. File level access is when the data is accessed as a whole file.
This is less common, but can be useful in certain situations.
13. Difference between SCSI and IP protocols
SCSI is a bus-oriented protocol, meaning that it uses a shared bus to connect devices. IP is a
network-oriented protocol, meaning that it uses a network to connect devices.
14. Pros and cons of using a SAN as compared to other storage solutions like NAS
There are several key advantages to using a SAN over other storage solutions like NAS. First,
SANs offer much higher performance due to their ability to directly connect to servers. This
can be a big advantage in applications where speed is critical. Additionally, SANs tend to be
more scalable and offer more flexibility in terms of configuration.
There are a few potential drawbacks to using a SAN as well. First, they can be more expensive
to set up and maintain than other storage solutions. Additionally, SANs can be more complex
to manage, as they require specialized knowledge and skills.
15. How many devices can be connected to a single SAN
There is no limit to the number of devices that can be connected to a single SAN. The only
limit is the amount of storage that is available on the SAN.
24
RESTRICTED
RESTRICTED
1. What are the different versions of Exchange Server? tell some latest
version of Exchange server?
Answer:
Microsoft Exchange Server has evolved over time, and several versions have been
released. Here are the major versions of Exchange Server:
25
RESTRICTED
RESTRICTED
is designed to perform specific tasks, ensuring efficient operation and scalability of the
Exchange environment. Here are the main Exchange Server roles:
a. Mailbox Server
b. Client Access Server
c. Hub Transport Server
d. Edge Transport Server
e. Unified Messaging Server
Client Access Role: The Client Access role provides access to Exchange services
for clients, such as Microsoft Outlook, Outlook on the web (OWA), Exchange
ActiveSync, and Exchange Web Services (EWS). It handles client authentication,
connectivity, and proxying requests to the appropriate Mailbox server.
Hub Transport Role (deprecated in Exchange Server 2013 and later): The Hub
Transport role was responsible for routing messages within the organization, applying
transport rules, and performing message hygiene tasks like anti-spam and anti-
malware filtering. In newer versions of Exchange Server, its functionality has been
integrated into the Mailbox role.
Edge Transport Role: The Edge Transport role is deployed on the network perimeter
and provides an additional layer of security by filtering inbound and outbound email
traffic. It helps protect the Exchange organization from external threats, such as spam
and viruses, and provides enhanced message protection.
Unified Messaging Role: The Unified Messaging role enables voicemail, fax, and
speech recognition functionality within Exchange Server. It integrates telephony
services with Exchange, allowing users to access and manage their messages
through various devices and clients.
Answer:
26
RESTRICTED
RESTRICTED
As part of planning and configuring your hybrid deployment, you need to decide
whether you want all messages from Internet senders to be routed through Exchange
Online or your on-premises organization. All messages from Internet senders will
initially be delivered to the organization you select and then routed according to where
the recipient's mailbox is located. Whether you choose to have messages routed
through Exchange Online or your on-premises organization depends on various
factors, including whether you want to apply compliance policies to all messages sent
to both organizations, how many mailboxes are in each organization, and so on.
The path messages sent to recipients in your on-premises and Exchange Online
organizations take depends on how you decide to configure your MX record in your
hybrid deployment. The preferred method is to configure your MX record to point to
Exchange Online Protection (EOP) in Microsoft 365 and Office 365 as this
configuration provides the most accurate spam filtering. The Hybrid Configuration
wizard doesn't configure the routing for inbound Internet messages for either the on-
premises or Exchange Online organizations. You must manually configure your MX
record if you want to change how your inbound Internet mail is delivered.
Answer: The Unified Messaging role enables voicemail, fax, and speech recognition
functionality within Exchange Server. It integrates telephony services with Exchange,
allowing users to access and manage their messages through various devices and
clients.
27
RESTRICTED
RESTRICTED
Autodiscover Service URL: The DNS lookup returns the Autodiscover service URL,
which is typically a subdomain like autodiscover.example.com. The email client then
sends an Autodiscover request to this URL.
Autodiscover Request: The email client sends an HTTP or HTTPS request to the
Autodiscover service URL. The request includes the user’s email address and other
identification information.
Automatic Configuration: The email client uses the received server settings and
configuration information to establish a connection with the Exchange server. It
configures the appropriate protocols (e.g., Exchange ActiveSync, Outlook Anywhere)
and sets up the user’s mailbox in the client.
28
RESTRICTED
RESTRICTED
Active Directory database stores the information in three types of logical partitions.
Schema partition: defines all the types of objects that can be created and stored in
Active Directory and the properties that can be used for the objects that are stored in
Active Directory.
Configuration partition stores the information about the forest-wide configuration. It
includes the configuration of Active Directory sites, Exchange global settings, transport
settings, and mailbox policies.
Domain partition stores the information in default containers and in the organizational
units that are created by the Active Directory administrator. This information includes
Exchange system objects and the information about the computers, users, and groups in
that particular domain.
9. What does the Role that Active Directory Plays in Exchange Server?
Answer: Active Directory plays a crucial role in the integration and operation of Microsoft
Exchange Server, which is Microsoft’s email and collaboration platform. Here’s how they
are related:
User Authentication and Authorization: Active Directory handles the authentication
and authorization process for Microsoft Exchange Server. When a user logs in to their
computer or attempts to access their email, Active Directory verifies their credentials and
grants appropriate permissions based on their user account properties and group
memberships.
User and Mailbox Management: Active Directory is used to create and manage user
accounts, including their associated email mailboxes, in Microsoft Exchange Server.
User information, such as display names, email addresses, and mailbox settings, is
stored in Active Directory. Exchange Server leverages this information to provide email
services and manage mailboxes.
Global Address List (GAL): The Global Address List, which contains contact
information for all users and resources in an Exchange Server organization, is derived
from Active Directory. Exchange Server queries Active Directory to obtain user attributes
and builds the GAL accordingly. This allows users to easily search for and communicate
with other users within the organization.
29
RESTRICTED
RESTRICTED
10. What is the difference between a transport rule and a mailbox rule?
Answer:
Transport Rule: A transport rule in Microsoft Exchange Server is a server-side rule that
is applied during the email transport process. It allows administrators to define and
enforce specific actions on email messages based on predetermined conditions.
Transport rules operate on messages as they pass through the Exchange Server, before
they reach the recipient’s mailbox. Key points about transport rules include:
1. Applied at the server level: Transport rules are implemented on the Exchange
Server itself and are enforced during the message routing process.
2. Broad scope: Transport rules can affect multiple users or groups and are often
used for organization-wide policies or compliance requirements.
3. Actions on messages: Transport rules can perform actions such as modifying
message content, adding headers, redirecting or forwarding messages, applying
disclaimers, or blocking or quarantining messages.
4. Conditions and exceptions: Transport rules can be based on various
conditions, including sender, recipient, subject, message content, attachments, or
message size. Exceptions can also be defined to exclude specific scenarios from the
rule’s application.
Mailbox Rule: A mailbox rule, also known as an inbox rule or client-side rule, is set
up by individual mailbox users to manage and organize their own email messages
within their mailbox. Mailbox rules are applied after the email message reaches the
user’s mailbox. Key points about mailbox rules include:
1. Applied at the mailbox level: Mailbox rules are created and executed within the
individual user’s mailbox. They are processed by the user’s email client or the
Exchange Server, depending on the client used.
2. User-specific scope: Mailbox rules apply only to the mailbox of the user who
creates them. They allow users to automate actions within their own mailbox without
affecting other users.
3. Actions on messages: Mailbox rules typically perform actions such as moving
messages to specific folders, forwarding messages, deleting messages, marking
messages as read, or categorizing messages based on certain criteria.
4. Conditions and exceptions: Mailbox rules can be configured based on sender,
recipient, subject, message content, attachments, or other message properties. Users
can also set exceptions to exclude specific scenarios from the rule’s application.
30
RESTRICTED
RESTRICTED
In summary, transport rules are enforced at the server level and operate on
messages during the transport process, affecting multiple users, while mailbox rules
are user-specific and applied within individual mailboxes to manage and organize
incoming messages.
Every email server has a database where mailboxes, calendars, and recipients are
stored.
Client Access service is used by the email applications. For example, Outlook, OWA,
and mobile clients. Users can use these applications to manage their emails and
calendars.
Mailbox Transport service is used to send and receive emails within the
organization or outside the organization.
So, these are the 3 basic functions of Microsoft exchange server or any other email
server.
31
RESTRICTED
RESTRICTED
12. What are the basic prerequisites that need to be met before installing
Exchange Server?
Answer:
Before you can install Exchange Server, you need to first install Active Directory
Domain Services and create a domain controller. You will also need to create a user
account that has administrative privileges, as well as a mailbox for the Exchange
Server. Additionally, you will need to verify that your system meets the minimum
hardware and software requirements for Exchange Server.
13. What are the different types of recipients available in Exchange Server?
Answer:
The different types of recipients available in Exchange Server are mailbox-enabled
users, mail-enabled users, mail contacts, and distribution groups.
14. What is the difference between Edge Transport Servers and Hub Transport
Servers?
Answer:
Edge Transport Servers are designed to be placed in a perimeter network, separate
from the internal network, in order to provide additional security. Hub Transport
Servers are designed to be placed in the internal network and are responsible for
routing mail between servers and to the Edge Transport Servers.
15. What are some common problems associated with Exchange Server
installations and migrations?
Answer:
Some common problems that can occur during an Exchange Server installation or
migration include:
32
RESTRICTED
RESTRICTED
-Incorrect DNS settings, which can prevent clients from connecting to the server
-Problems with Active Directory integration
-Incorrect mailbox permissions, which can prevent users from accessing their
mailboxes
-Problems with email routing, which can prevent messages from being delivered to
the intended recipients
-Incorrectly configured security settings, which can leave the server vulnerable to
attack
20. What are some common problems associated with Exchange Server
installations and migrations?
Answer:
Some common problems that can occur during an Exchange Server installation or
migration include:
-Incorrect DNS settings, which can prevent clients from connecting to the server
-Problems with Active Directory integration
33
RESTRICTED
RESTRICTED
-Incorrect mailbox permissions, which can prevent users from accessing their
mailboxes
-Problems with email routing, which can prevent messages from being delivered to
the intended recipients
-Incorrectly configured security settings, which can leave the server vulnerable to
attack
There are pros and cons to both hosted and local exchange servers. With a hosted
server, you are relying on the hosting company to keep your server up and running,
which can be a risk if they are not reliable. However, hosted servers can be a good
option for small businesses that don’t have the resources to manage a local server.
Local exchange servers give you more control over your server, but they can be
more expensive and require more maintenance.
22. What is Outlook Web App (OWA) and Exchange ECP?
Answer:
Outlook Web Access is a full-featured, web-based email client with the look and feel of
the Outlook client. With OWA, users can access their mailboxes from any Internet
connection regardless of whether or not the computer is equipped with Outlook.
OWA provides most of the same functionality found in Outlook, easy-to-use interface,
and the essential tools needed to create a professional email (spell check, signatures,
HTML support and more).
In addition to email, OWA allows users to access their calendars, contacts, tasks and
folders through a secure connection, just like they would in the office. Users can also
search their old email, set up or edit out of office notifications, manage junk mail
settings, and more.
1. Obtain a Certificate:
• Purchase a certificate from a trusted commercial certificate authority (CA) or
generate a certificate from an internal CA if available.
2. Generate a Certificate Signing Request (CSR):
• Open the Exchange Management Shell.
• Generate a CSR using the New-ExchangeCertificate cmdlet: New-
ExchangeCertificate -GenerateRequest -SubjectName
34
RESTRICTED
RESTRICTED
24. What are the best practices for disaster recovery in Microsoft Exchange
Server?
Implementing disaster recovery (DR) practices for Microsoft Exchange Server is crucial
to ensure business continuity and minimize downtime in the event of a disaster. Here are
some best practices for Exchange Server disaster recovery:
1. Regular Backups:
• Perform regular backups of Exchange Server databases, including mailbox
databases and public folder databases. Use a backup solution that supports
Exchange Server and enables granular recovery options.
2. Offsite Backup Storage:
• Store backup copies in an offsite location, preferably in a different geographical
location than the primary data center. This safeguards against physical disasters
such as fires, floods, or earthquakes.
3. Test Backup and Recovery:
35
RESTRICTED
RESTRICTED
• Periodically test backup and recovery processes to ensure they are working
correctly and data can be restored successfully. Conduct test recoveries in a
non-production environment.
4. Database Availability Groups (DAG):
• Deploy Database Availability Groups (DAG) in Exchange Server. DAG provides
high availability and automatic database failover, ensuring that mailbox
databases are replicated across multiple servers.
5. Redundant Hardware:
• Use redundant hardware components such as power supplies, network adapters,
and disk arrays. Redundancy at the hardware level reduces the risk of a single
component failure causing a service outage.
6. Site Resilience and Data Centers:
• Design Exchange Server infrastructure with site resilience in mind. Consider
using multiple data centers or leveraging cloud-based services to ensure service
availability during site-level disasters.
7. Regular Testing and Maintenance:
• Conduct regular tests of your disaster recovery plan to validate its effectiveness
and identify any areas that require improvement. Perform routine maintenance
tasks such as patch management and server health checks.
25. What is the difference between IMAP and Microsoft Exchange Server?
Answer:
IMAP (Internet Message Access Protocol) and Microsoft Exchange Server are
both related to email communication, but they differ in terms of functionality and
capabilities. Here’s the difference between IMAP and Microsoft Exchange Server:
IMAP enables users to view and organize their email messages without
downloading them to their local devices. It keeps emails stored on the server and
synchronizes changes between the client and server.
With IMAP, users can create folders, move messages between folders, search for
specific emails, and manage their mailbox hierarchy.
IMAP supports both online and offline modes, allowing users to access and
manage emails even when not connected to the internet.
36
RESTRICTED
RESTRICTED
Microsoft Exchange Server offers advanced features beyond basic email retrieval,
such as server-side rules, message tracking, mailbox management, shared
calendars and contacts, and integration with other Microsoft services and
products.
26. What is the process of configuring and managing Microsoft Exchange Server
mobile devices?
Configuring and managing Microsoft Exchange Server mobile devices involves
setting up and managing the synchronization of email, contacts, calendars, and
other data between Exchange Server and mobile devices. This process typically
involves the following steps:
b. Define the mobile device access policy to control which devices can connect to
Exchange Server and the level of access they have. This policy helps enforce
security settings and restrictions on mobile devices.
c. In Exchange Admin Center (EAC), go to “Mobile > Mobile Device Access” and
configure the desired policy settings. You can set policies for device types, device
PIN requirements, encryption, and more.
d. Enable mobile device access for specific user mailboxes. This allows users to
connect their mobile devices to Exchange Server and access their email,
contacts, calendars, and other data.
e. In EAC, go to “Recipients > Mailboxes,” select the user mailbox, and click on
“Enable Exchange ActiveSync.” You can also use the Enable-
ActiveSyncMailboxPolicy cmdlet in Exchange Management Shell (EMS).
37
RESTRICTED
RESTRICTED
h. Manage the partnerships between mobile devices and user mailboxes. This
includes approving or blocking device partnerships, remotely wiping or blocking
devices, and managing device quarantines.
i. In EAC, go to “Mobile > Mobile Device Access” and click on “Mobile Device
Mailboxes.” Select the user mailbox and manage the device partnerships.
j. Monitor mobile device activity, such as the number of devices connected, device
types, and device compliance status. Track device-related events and logs to
identify any issues or security concerns.
k. Use tools like the Exchange Admin Center, Exchange Management Shell cmdlets,
or mobile device management (MDM) solutions to monitor and track mobile
device activity.
38
RESTRICTED
RESTRICTED
39
RESTRICTED
RESTRICTED
Building: Data centers are typically large, secure buildings with controlled access and
environmental controls to ensure optimal operating conditions.
Power Systems: Data centers require significant amounts of power to operate servers
and cooling systems. They are equipped with redundant power sources, such as utility
power and backup generators, to ensure uninterrupted operation.
Cooling Systems: High-density computing generates heat, so data centers incorporate
sophisticated cooling systems, including air conditioning, liquid cooling, and hot/cold aisle
containment, to maintain appropriate temperature and humidity levels.
Fire Suppression: Data centers have advanced fire suppression systems that use
specialized gases or chemicals to extinguish fires without damaging equipment.
Physical Security: Access controls, surveillance cameras, biometric authentication, and
security personnel ensure the physical security of the data center.
IT Components:
40
RESTRICTED
RESTRICTED
Servers: Data centers house a vast array of servers, which are powerful computers
designed to perform specific tasks, such as hosting websites, processing data, or running
applications.
Storage Systems: Data centers use storage solutions like hard drives, solid-state drives
(SSDs), and network-attached storage (NAS) devices to store and manage vast amounts
of data.
Networking Equipment: This includes routers, switches, and load balancers that manage
data traffic within and outside the data center, ensuring efficient communication between
servers and users.
Firewalls and Security Appliances: These devices protect the data center infrastructure
from cyber threats and unauthorized access, controlling network traffic based on
predefined security rules.
Backup and Disaster Recovery Systems: Data centers implement backup and disaster
recovery solutions to ensure data integrity and availability in case of hardware failures or
other emergencies.
Virtualization Software: Data centers often use virtualization technology to optimize
resource utilization by creating multiple virtual instances (virtual machines) on a single
physical server.
Monitoring and Management Software: Software tools provide administrators with real-
time insights into the performance, health, and utilization of data center resources.
Remote Management Systems: These systems enable administrators to remotely
control and manage servers and other IT equipment within the data center.
Connectivity:
41
RESTRICTED
RESTRICTED
42
RESTRICTED
RESTRICTED
43
RESTRICTED
RESTRICTED
Step-1: Open Server Manager and select Add roles and features.
Step-6: On the Features screen, select Windows Server Backup and select
Next
44
RESTRICTED
RESTRICTED
Step-8: Open Server Manager, select Tools, and then select Windows Server
Backup.
Step-9: If you're prompted, in the User Account Control dialog box, provide
Backup Operator credentials, and then select OK.
45
RESTRICTED
RESTRICTED
Step-12: In the Backup Once Wizard, on the Backup options page, select
Different options, and then select Next.
46
RESTRICTED
RESTRICTED
sure to select “Bare metal recovery” and the items is selected automatically:
Step-14: On the Specify destination type page, select Local drives or Remote
shared folder, and then select Next.
Step-15: On the Select Backup Destination page, choose the backup location.
If you selected local drive choose a local drive or if you selected remote share
choose a network share.
Step-14: On the confirmation screen, select Backup.
47
RESTRICTED
RESTRICTED
48
RESTRICTED
RESTRICTED
Step-2: In the Add Update View dialog box, select Updates are in a specific
classification and Updates are for a specific product.
Step-3: Edit the properties, click any classification. Clear all check boxes
except Upgrades, and then click OK.
Step-4: Edit the properties, click any product. Clear all check boxes except
Windows 10, and then click OK.
Step-5: Specify a name box, type All Windows 10 Upgrades, and then click
OK.
49
RESTRICTED
RESTRICTED
Step-6: Now that you have the All Windows 10 Upgrades view, complete the
following steps to manually approve an update for the Ring 4 Broad Business
Users deployment ring:
Step-8: Right-click the feature update you want to deploy, and then click
Approve.
Step-9: In the Approve Updates dialog box, from the Ring 4 Broad Business
Users list, select Approved for Install.
50
RESTRICTED
RESTRICTED
Step-10: In the Approve Updates dialog box, from the Ring 4 Broad Business
Users list, click Deadline, click One Week, and then click OK.
Step-11: If the Microsoft Software License Terms dialog box opens, click
Accept.
51
RESTRICTED
RESTRICTED
Hyper-V checkpoints are differencing file that captures the state, data and
hardware configuration of a VM in operation. Checkpoints establish a known-
good or known-working VM snapshot at a given point in time.
Step-3: Right-click the name of the VM, and then click the Checkpoint.
52
RESTRICTED
RESTRICTED
Hyper-V checkpoints are primarily used to revert a VM to its previous state. Use
the steps below to apply the checkpoint for this purpose.
53
RESTRICTED
RESTRICTED
Step-3: In the Checkpoints section, you will see the list of checkpoints created for
that VM. Right-click the checkpoint that you want to use and click Apply.
Step-4: After that, a dialog box including the following options will appear:
54
RESTRICTED
RESTRICTED
When somebody sends email to a group email address the email will be sent to
all the members of the group.
Step-2: Type name and alias of the group name. Under Organization unit,
click browse to select the particular OU. Here, I have selected IT OU. The
distribution group will be created in the IT OU. If you don’t specify the OU, the
distribution group will be created in Users OU by default. Under Owners, you
can add users who can manage this group.
55
RESTRICTED
RESTRICTED
Step-3: Under Members, you can specify if the group owners should be member
of the group by clicking the option, Add group owners as members. There are
various options for users to join or leave the group. There are three options for
users to join the group, Open, Closed and Owner as shown above. I have
selected Closed, which means members can be added only by group owners.
Similarly, there are two options for users leaving the group, Open or Closed.
Here, I have selected Open which allows any group member to leave the group
without group owners approval. Click save.
56
RESTRICTED
RESTRICTED
57
RESTRICTED
RESTRICTED
58
RESTRICTED
RESTRICTED
f) Press ‘Done’
59
RESTRICTED
RESTRICTED
b) In the Group Policy Management Console, Right Click and Select “Create a
GPO in this domain, and Link it here”
60
RESTRICTED
RESTRICTED
The new GPO is now created and linked, now it’s time to configure the settings.
d) On the GPO right click and select edit
61
RESTRICTED
RESTRICTED
e) Navigate to User Configuration -> Preferences -> Windows Settings -> Drive
Mappings
62
RESTRICTED
RESTRICTED
63
RESTRICTED
RESTRICTED
64
RESTRICTED
RESTRICTED
Step-4: As you can see above the distribution group has been created with
IT@Sifad.ae email address. By default, only users inside the organization can
send email to the distribution group. However, you can change this behavior and
allow senders from inside and outside to send emails to this group. Open the
properties of distribution group.
65
RESTRICTED
RESTRICTED
66
RESTRICTED