Wednesday, 30 December 2015

Windows server 2008 active directory interview questions and answers

Here I am going to discuss some windows server 2008 active directory interview questions and answers. These questions are very common in interview session. I hope you will be benefited from this.

What is Active Directory?
An active directory (AD) is a centralized database system which performs variety of functions including organize different object like computers and users, allows administrator to apply different policy for those objects. Active directory is specially designed for distributed networking system.

What is domain controller?
A Domain controller is a server which performs active directory server roles in a network. The idea of domain is to manage access to resources in a network including applications, printers and share folders. Here user can access network resources using their assigned user name and password.

What is LDAP?
Lightweight Directory Access Protocol (LDAP) is a set of standard protocol to access directory information. It is useful for internet access.

What’s the major difference between FAT and NTFS on a local machine?
FAT and FAT32 does not provide security for local users. On the other hand, NTFS provides security for local user as well as for domain users. Moreover, NTFS provides file level security which is impossible in FAT32.

 What is domain?
A domain is a group of network resources like applications, printers and shared folders. To access those resources users need to use their assigned username and password. DNS is a server level service which we will have to install during active directory installation. It is very difficult for human being to remember different IP address but they can remember domain name easily. A Domain Name Service resolves domain name to IP and IP to domain name.
What is the replication folder?
The SYSVOL is called the replication folder. It keeps all the public files of any domain. It replicates all policy and users level data after an interval.

Where is the Active Directory database file located?
The Active Directory database file is stored in c:\windows\ntds\ntds.dit.

What is forest?
A group of single or multiple domain trees which follow trust relationship and common logical structure among them. A forest is a complete instance of AD. The first domain of any forest is called root domain and the other child domains follow the root domain. The root domain in a forest must be included in Global Catalogue. 

What’s the basic difference between guest accounts in Server 2008 R2 and other editions?
Guest accounts in Server 2008 R2 are more restrictive than any other editions

 Why it is not possible to restore a DC backed up 4 months ago?
Because of the lifetime of backed up file is either 60 or 120 days.

What is GPO?
Group Policy Object.

What is Site?
A site represents physical network structure of Active Directory. It is an object in AD which represents geographic location that hosts networks. Moreover, it comprises of one or more subnets that are connect together with sufficient internet speed.
 What is the use of SYSVOL folder?
The SYSVOL folder stores the server’s copy of the domain’s public files. It is used to deliver the policy and logon scripts to domain members. Moreover, it replicates file-based data among domain controllers. The Sysvol folder is shared on an NTFS volume on all the domain controllers in a particular domain. All active directory data base security related information store in SYSVOL folder and it’s only created on NTFS partition.
What is the Global Catalog?
The Global Catalog is a server that contains all of the information pertaining to objects within all domains in the Active Directory environment. It is something that each domain has, and it is used for authenticating the user on the network, on windows 2000 network logon’s were protected from failures by assigning a Global Catalog to every site. Global Catalog is a database which maintains the information about multiple domains with trust relationship agreement.
What is the use of Group Policy?
Group Policy is a feature of the Microsoft Windows NT family which gives you administrative control over users and computers in your network. It provides the working environment for server users and computers. In addition, it gives us the central management and configuration for windows operating systems and settings.


Courtesy: http://hubpages.com/technology/Windows-server-2008-active-directory-interview-questions-and-answers
Posted by at No comments:

Tuesday, 29 December 2015

Technical Interview Questions – Networking (Part-3)
Part 1
Part 2


  1. Describe the differences between WINS push and pull replications.
Ans: To replicate database entries between a pair of WINS servers, you must configure each WINS server as a pull partner, a push partner, or both with the other WINS server.

* A push partner is a WINS server that sends a message to its pull partners, notifying them that it has new WINS database entries. When a WINS server’s pull partner responds to the message with a replication request, the WINS server sends (pushes) copies of its new WINS database entries (also known as replicas) to the requesting pull partner.
* A pull partner is a WINS server that pulls WINS database entries from its push partners by requesting any new WINS database entries that the push partners have. The pull partner requests the new WINS database entries that have a higher version number than the last entry the pull
partner received during the most recent replication. 

  1. What is the difference between tombstoning a WINS record and simply deleting it?
Ans: Simple deletion removes the records that are selected in the WINS console only from the local WINS server you are currently managing. If the WINS records deleted in this way exist in WINS data replicated to other WINS servers on your network, these additional records are not fully removed.
Also, records that are simply deleted on only one server can reappear after replication between the WINS server where simple deletion was used and any of its replication partners. Tombstoning marks the selected records as tombstoned, that is, marked locally as extinct and immediately released from active use by the local WINS server. This method allows the tombstoned records to remain present in the server database for purposes of subsequent replication of these records to other servers. When the tombstoned records are replicated, the tombstone status is updated and applied by other WINS servers that store replicated copies of these records. Each replicating WINS server then updates and tombstones.

  1. Name the NetBIOS names you might expect from a Windows 2003 DC that is registered in WINS.
Ans:
  1. Describe the role of the routing table on a host and on a router.
Ans: During the process of routing, decisions of hosts and routers are aided by a database of routes known as the routing table. The routing table is not exclusive to a router. Depending on the routable protocol, hosts may also have a routing table that may be used to decide the best router for the packet to be forwarded. Host-based routing tables are optional for the Internet Protocol, as well as obsolete routable protocols such as IPX.
  1. What are routing protocols? Why do we need them? Name a few.
Ans: A routing protocol is a protocol that specifies how routers communicate with each other, disseminating information that enables them to select routes between any two nodes on a computer network, the choice of the route being done by routing algorithms. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network. For a discussion of the concepts behind routing protocols, see: Routing.
The term routing protocol may refer specifically to one operating at layer three of the OSI model, which similarly disseminates topology information between routers. Many routing protocols used in the public Internet are defined in documents called RFCs. Although there are many types of routing protocols, two major classes are in widespread use in the Internet: link-state routing protocols, such as OSPF and IS-IS; and path vector or distance vector protocols, such as BGP, RIP and EIGRP.
  1. What are router interfaces? What types can they be?
Ans: Routers can have many different types of connectors; from Ethernet, Fast Ethernet, and Token Ring to Serial and ISDN ports.  Some of the available configurable items are logical addresses (IP,  IPX), media types, bandwidth, and administrative commands.  Interfaces are configured in interface mode which you get to from global configuration mode after logging in.
The media type is Ethernet, FastEthernet, GigabitEthernet, Serial, Token-ring, or other media types. You must keep in mind that a 10Mb Ethernet interface is the only kind of Ethernet interface called Ethernet. A 100Mb Ethernet interface is called a FastEthernet interface and a 1000Mb Ethernet interface is called a GigabitEthernet interface.

  1. What is NAT?
Ans: Windows Server 2003 provides network address translation (NAT) functionality as a part of the Routing and Remote Access service. NAT enables computers on small- to medium-sized organizations with private networks to access resources on the Internet or other public network. The computers on a private network are configured with reusable private Internet Protocol version 4 (IPv4) addresses; the computers on a public network are configured with globally unique IPv4 (or, rarely at present, Internet Protocol version 6 [IPv6]) addresses. A typical deployment is a small office or home office (SOHO), or a medium-sized business that uses Routing and Remote Access NAT technology to enable computers on the internal corporate network to connect to resources on the Internet without having to deploy a proxy server.

  1. What is the real difference between NAT and PAT?
Ans: Take NAT (Network Address Translation) and PAT (Port Address Translation). NAT allows you to translate or map one IP address onto another single ip address. PAT on the other hand is what is most commonly referred to as NAT. In a PAT system you have a single or group of public IP addresses that are translated to multiple internal ip addresses by mapping the TCP/UDP ports to different ports. This means that by using some “magic” on a router or server you can get around problems that you might have with two web browsers sending a request out the same port.
  1. How do you configure NAT on Windows 2008/2012?
Ans:
  1. How do you allow inbound traffic for specific hosts on Windows 2008/2012
             NAT?
Ans:
  1. What is VPN? What types of VPN does Windows 2008/2012 and beyond work with natively?
Ans:
  1. What is IAS? In what scenarios do we use it?
Ans: IAS is called as Internet Authentication Service. It’s used by for configuring centralized authentication using RADIUS server.

  1. What’s the difference between Mixed mode and Native mode in AD when dealing with RRAS?
Ans: When you are in Mixed mode certain options in the dial-in tab of the user properties are disabled. And some of the RRAS policies are also disabled. So if you want high level security with all the advanced feature then change the AD to Native mode.
  1. What is the “RAS and IAS” group in AD?
Ans: Used for managing security and allowing administration for the respective roles of the server.
  1. What are Conditions and Profile in RRAS Policies?
Ans: The conditions and profiles are used to set some restrictions based on the media type, connection method, group membership and lot more. So if used matches those conditions mentioned in the profile then he can allowed /denied access to RAS / VPN server.
  1. What types or authentication can a Windows 2008/ 2012 based RRAS work     with?
  2. How does SSL work?
Ans: Internet communication typically runs through multiple program layers on a server before getting to the requested data such as a web page or cgi scripts. The outer layer is the first to be hit by the request. This is the high level protocols such as HTTP (web server), IMAP (mail server), and FTP (file transfer). Determining which outer layer protocol will handle the request depends on the type of request made by the client. This high level protocol then processes the request through the Secure Sockets Layer. If the request is for a non-secure connection it passes through to the TCP/IP layer and the server application or data. If the client requested a secure connection the ssl layer initiates a handshake to begin the secure communication process. Depending on the SSL setup on the server, it may require that a secure connection be made before allowing communication to pass through to the TCP/IP layer in which case a non-secure request will send back an error asking for them to retry securely (or simply deny the non-secure connection).

  1. How does IPSec work?
Ans: IPSec is an Internet Engineering Task Force (IETF) standard suite of protocols that provides data authentication, integrity, and confidentiality as data is transferred between communication points across IP networks. IPSec provides data security at the IP packet level. A packet is a data bundle that is organized for transmission across a network, and it includes a header and payload (the data in the packet). IPSec emerged as a viable network security standard because enterprises wanted to ensure that data could be securely transmitted over the Internet. IPSec protects against possible security exposures by protecting data while in transit.

  1. How do I deploy IPSec for a large number of computers?
Ans: Just use this program Server and Domain Isolation Using IPsec and Group Policy.

  1. What types of authentication can IPSec use?
Ans:

  1. What is PFS (Perfect Forward Secrecy) in IPSec?
Ans: In an authenticated key-agreement protocol that uses public key cryptography; perfect forward secrecy (or PFS) is the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the (long-term) private keys is compromised in the future. Forward secrecy has been used as a synonym for perfect forward secrecy, since the term perfect has been controversial in this context. However, at least one reference distinguishes perfect forward secrecy from forward secrecy with the additional property that an agreed key will not be compromised even if agreed keys derived from the same long-term keying material in a subsequent run are compromised.

  1. How do I monitor IPSec?
Ans: To test the IPSec policies, use IPSec Monitor. IPSec Monitor (Ipsecmon.exe) provides information about which IPSec policy is active and whether a secure channel between computers is established.
  1. Looking at IPSec-encrypted traffic with a sniffer. What packet types do I see?
Ans: You can see the packages to pass, but you cannot see its contents IPSec Packet Types
IPSec packet types include the authentication header (AH) for data integrity and the encapsulating security payload (ESP) for data confidentiality and integrity. The authentication header (AH) protocol creates an envelope that provides integrity, data origin identification and protection against replay attacks. It authenticates every packet as a defense against session-stealing attacks. Although the IP header itself is outside the AH header, AH also provides limited verification of it by not allowing changes to the IP header after packet creation (note that this usually precludes the use of AH in NAT environments, which modify packet headers at the point of NAT). AH packets use IP protocol 51. The encapsulating security payload (ESP) protocol provides the features of AH (except for IP header authentication), plus encryption. It can also be used in a null encryption mode that provides the AH protection against replay attacks and other such attacks, without encryption or IP header authentication. This can allow for achieving some of the benefits of IPSec in a NAT environment that would not ordinarily work well with IPSec. ESP packets use IP protocol 50.

  1. What can you do with NETSH?
Ans: Netsh is a command-line scripting utility that allows you to, either locally or remotely, display, modify or script the network configuration of a computer that is currently running.

  1. How do I look at the open ports on my machine?

Ans: Windows: Open a command prompt (Start button -> Run-> type
“cmd”), and type:
netstat -a

Linux: Open an SSH session and type:
netstat -an

Courtesy: 
1) Syed Jahanzaib
2) DanielPetri

Part 1
Part 2
Posted by at No comments:

Friday, 25 December 2015

Technical Interview Questions – Networking 
(Part-1)
Part 2
Part 3

  1. What is an IP address?
Ans: An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: Host or Network interface identification and location addressing.
  1. What is a subnet mask?
Ans: An IP address has two components, the network address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>) if additional subnetwork is needed.

  1. What is ARP?
Ans: The address resolution protocol (arp) is a protocol used by the Internet Protocol (IP) [RFC826], specifically IPv4, to map IP network addresses to the hardware addresses used by a data link protocol. The protocol operates below the network layer as a part of the interface between the OSI network and OSI link layer.

  1. What is ARP Cache Poisoning?
Ans: In computer networking, ARP spoofing, ARP cache poisoning, or ARP poison routing, is a technique by which an attacker sends (spoofed) Address Resolution Protocol(ARP) messages onto a local area network.
  1. What is the ANDing process?
Ans: When a source host attempts to communicate with a destination host, the source host uses its subnet mask to determine whether the destination host is on the local network or a remote network. This is known as theANDing process.

  1. What is a default gateway? What happens if I don’t have one?
Ans: A gateway is a routing device that knows how to pass traffic between different subnets and networks. A computer will know some routes (a route is the address of each node a packet must go through on the Internet to reach a specific destination). If you don’t have a gateway your network communication have no problem. But you cannot communicate with other networks.

  1. Can a workstation computer be configured to browse the Internet and yet NOT have a default gateway?
Ans: If we are using public ip address, we can browse the internet. If it is having an intranet address a gateway is needed as a router or firewall to communicate with internet.
  1. What is a subnet?
Ans: A portion of a network which shares a network address in which each component is identified by a subnet number. A subnet is a logical organization of network address ranges used to separate hosts and network devices from each other to serve a design purpose. In many cases, subnets are created to serve as physical or geographical separations similar to those found between rooms, floors, buildings, or cities.

  1. What is APIPA?
Ans: Short for Automatic Private IP Addressing, a feature of later Windows operating systems. With APIPA, DHCP clients can automatically self-configure an IP address and subnet mask when a DHCP server isn’t available. When a DHCP client boots up, it first looks for a DHCP server in order to obtain an IP address and subnet mask. If the client is unable to find the information, it uses APIPA to automatically configure itself with an IP address from a range that has been reserved especially for Microsoft. The IP address range is 169.254.0.1 through 169.254.255.254. The client also configures itself with a default class B subnet mask of 255.255.0.0. A client uses the self- configured IP address until a DHCP server becomes available.
The APIPA service also checks regularly for the presence of a DHCP server (every five minutes, according to Microsoft). If it detects a DHCP server on the network, APIPA stops, and the DHCP server replaces the APIPA networking addresses with dynamically assigned addresses. APIPA is meant for non routed small business environments, usually less than 25 clients.

10.  What is an RFC? Name a few if possible (not necessarily the numbers, just the ideas behind them)
Ans: Short for Request for Comments, a series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.
Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an original RFC are assigned a new RFC number.

  1. What is RFC 1918?
Ans: RFC 1918 is Address Allocation for Private Internets The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0 – 10.255.255.255 (10/8 prefix) 172.16.0.0 – 172.31.255.255
(172.16/12 prefix) 192.168.0.0 – 192.168.255.255 (192.168/16 prefix) We will refer to the first block as “24-bit block”, the second as “20-bit block”, and to the third as “16-bit” block. Note that (in pre-CIDR notation) the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and third block is a set of 256 contiguous class C network numbers.

  1. What is CIDR?
Ans: CIDR (Classless Inter-Domain Routing, sometimes known as supernetting) is a way to allocate and specify the Internet addresses used in inter-domain routing more flexibly than with the original system of Internet Protocol (IP) address classes. As a result, the number of available Internet addresses has been greatly increased.

  1. You have the following Network ID: 192.115.103.64/27. What is the IP range for your network?
Ans: It ranges from 192.115.103.64 – 192.115.103.96
But the usable address are from 192.115.103.64 –192.115.103.94
192.115.103.95 – it is the broadcast address
192.115.103.96 – will be the ip address of next range
we can use 30 hosts in this network.

  1. You have the following Network ID: 131.112.0.0. You need at least 500 hosts per network. How many networks can you create? What subnet mask will you use?
Ans: If you need 500 users then 2^9th would give you 512 (remember the first and last are network and broadcast), 510 usable. So of your 32 bits you would turn the last 9 off for host and that would give you give you a 255.255.254.0 subnet mask (11111111.11111111.11111110.00000000).
Now that we know that
we can see that you have the first 7 of your third octet turned on so to figure out how many subnets you have us the formula
2^7th= 128. So you can have 128 subnets with 500 people on them.

  1. You need to view at network traffic. What will you use? Name a few tools
Ans: WireShark or TCP Dump , or Ethereal.

  1. How do I know the path that a packet takes to the destination?
Ans: use “tracert” command-line

  1. What does the ping 192.168.0.1 -l 1000 -n 100 command do?
Ans: The ping command will send roundtrip packets to a destination (other PC, router, printer, etc.) and see how long it takes. The 192.168.0.1 is the destination (which, by the way is a typical default IP address of a router. ) The -l 1000 is how big the packet should be in bytes. The default is 32, if the -l parameter is not used. And the -n 100 is saying to send it 100 times. The default is 4, when this parameter is not used.

  1. What is DHCP? What are the benefits and drawbacks of using it?
Ans: Benefits:
1. DHCP minimizes configuration errors caused by manual IP address configuration.
2. Reduced network administration.
Disadvantage: Your machine name does not change when you get a new IP address. The DNS (Domain Name System) name is associated with your IP address and therefore does change. This only presents a problem if other clients try to access your machine by its DNS name.
  1. Describe the steps taken by the client and DHCP server in order to obtain an IP address.
Ans: *  At least one DHCP server must exist on a network.
Once the DHCP server software is installed, you create a DHCP scope, which is a pool of IP addresses that the server manages. When clients log on, they request an IP address from the server, and the server provides an IP address from its pool of available addresses.
* DHCP was originally defined in RFC 1531 (Dynamic Host Configuration Protocol, October 1993) but the most recent update is RFC 2131 (Dynamic Host Configuration Protocol, March 1997). The IETF Dynamic Host Configuration (dhc) Working Group is chartered to produce a protocol for automated allocation, configuration, and management of IP addresses and TCP/IP protocol stack parameters.
  1. What is the DHCPNACK and when do I get one? Name 2 scenarios.
Ans: Recently I saw a lot of queries regarding when the Microsoft DHCP server issues a NAK to DHCP clients.For simplification purposes, I am listing down the possible scenarios in which the server should NOT issue a NAK. This should give you a good understanding of DHCP NAK behavior.When a DHCP server receives a DHCPRequest with a previously assigned address specified, it first checks to see if it came from the local segment by checking the GIADDR field. If it originated from the local segment, the DHCP server compares the requested address to the IP address and subnet mask belonging to the local interface that received the request.
DHCP server will issue a NAK to the client ONLY IF it is sure that the client, “on the local subnet”, is asking for an address that doesn’t exist on that subnet.The server will send a NAK EXCEPT in the following scenarios:-

1. Requested address from possibly the same subnet but not in the address pool of the server:-
This can be the failover scenario in which 2 DHCP servers are serving the same subnet so that when one goes down, the other should not NAK to clients which got an IP from the first server.
2. Requested address on a different subnet:-
If the Address is from the same superscope to which the subnet belongs, DHCP server will ACK the REQUEST.

  1. What ports are used by DHCP and the DHCP clients?
Ans: Requests are on UDP port 68, Server replies on UDP 67

  1. Describe the process of installing a DHCP server in an AD infrastructure.
Ans: Use Add/Remove program wizard . . .

  1. What is DHCPINFORM?
Ans: DHCPInform is a new DHCP message type, defined in RFC 2131, used by computers on the network to request and obtain information from a DHCP server for use in their local configuration. When this message type is used, the sender is already externally configured for its IP address on the network, which may or may not have been obtained using DHCP. This message type is not currently supported by the DHCP service provided in earlier versions of Windows NT Server and may not be recognized by third-party implementations of DHCP software.

  1. Describe the integration between DHCP and DNS.
Ans: Traditionally, DNS and DHCP servers have been configured and managed one at a time. Similarly, changing authorization rights for a particular user on a group of devices has meant visiting each one and making configuration changes. DHCP integration with DNS allows the aggregation of these tasks across devices, enabling a company’s network services to scale in step with the growth of network users, devices, and policies, while reducing administrative operations and costs.
This integration provides practical operational efficiencies that lower total cost of ownership. Creating a DHCP network automatically creates an associated DNS zone, for example, reducing the number of tasks required of network administrators. And integration of DNS and DHCP in the same database instance provides unmatched consistency between service and management views of IP address-centric network services data.
  1. What options in DHCP do you regularly use for an MS network?
Ans: Automatic providing IP address
Subnet mask
DNS server
Domain name
Default getaway or router
Part 2
Part 3

Courtesy: 
1) Syed Jahanzaib

2) Daniel Petri
Posted by at No comments:
Subscribe to: Posts (Atom)