System Administrator Interview Questions and Answers

A SA (System Administrator) is also known as a Systems Administrator, sys admin or sysadmin. A system administrator (SA) is responsible for managing, overseeing and maintaining a multiuser computing environment, such as a local area network (LAN). SA responsibilities vary, depending on an organization’s requirements. SAs should possess strong technical knowledge and skills, as well as expertise in personnel management. A small organization may have only one SA on staff, while an enterprise usually has a full system administrator’s team.

System administrators are experts at handling hardware and software. They are quick with both their hands and their head. They can work alone, but they know when and how to communicate with others, whether to report problems, learn information needed to fix problems, or instruct employees regarding technical issues.

FAT and NTFS were created of keeping/stored track of all the files in a hard disk/drive.

 FAT (File Allocation Table):

• It provides no security if the user logs in locally. The file and folder level security permission does not exist. It no supports file compression.
• It supports only 8 characters long file name.
• It is suitable for a partition disks that is less than 500 MB.
• Partition and file size can be up to 4 GB.
• Disk can get fragmented thus slowing down the access.
• It is not reliable since it does not support bad cluster mapping

NTFS (New Technology File system)

• NTFS provides security for both local and remote users. The security is provided to the level of files and folders. It supports file compression.
• It supports 255 characters long file name.
• It  is suitable for partition that is greater than 500 MB.
• Partition size can be up to 16 Exabyte.
• It provides lesser possibility of fragmentation.
• It is highly reliable since it supports bad cluster mapping and transaction logging.

Domains: Domains are container objects. Domains are a collection of administratively defined objects that share a common directory database, security policies, and trust relationships with other domains. In this way, each domain is an administrative boundary for objects. A single domain can span multiple physical locations or sites and can contain millions of objects.

Domain Trees: Domain trees are collections of domains that are grouped together in hierarchical structures. When you add a domain to a tree, it becomes a child of the tree root domain. The domain to which a child domain is attached is called the parent domain. A child domain might in turn have its own child domain. The name of a child domain is combined with the name of its parent domain to form its own unique Domain Name System (DNS) name such as Corp.nwtraders.msft. In this manner, a tree has a contiguous namespace.

Forests: A forest is a complete instance of Active Directory. A forest is a collection of multiple trees that share a common global catalog, directory schema, , global catalog, logical structure, and directory configuration. Forest has automatic two way transitive trust relationships. The first domain in the forest is called the forest root domain. The name of that domain refers to the forest, such as Nwtraders.msft. By default, information in Active Directory is shared only within the forest. In this way, the forest is a security boundary for the information that is contained in that instance of Active Directory.

A Virtual Private Network (VPN) is a network technology which extends private network (LAN) over a public network such as the Internet. A VPN allows a computer (or a network) to be connected securely as if they are physically wired together.

The pros is that the DHCP server configures all IP’s automatically and the cons is that when you receive a new IP address the machine name remains the same because of its association with the IP. It’s not a real problem but when somebody tries to access the machine by its name it become one.

DHCPInform is a DHCP message used by DHCP clients to obtain DHCP options. While PPP remote access clients do not use DHCP to obtain IP addresses for the remote access connection, Windows 2000 and Windows 98 remote access clients use the DHCPInform message to obtain DNS server IP addresses, WINS server IP addresses, and a DNS domain name.

Domain Name Service (DNS) is a mapping of a domain name to an IP address, so that humans can remember computer address by a domain name instead of IP address.

A DNS leak is currently a major threat to user’s online privacy and security since the network that is supposed to be anonymous is actually not, thereby providing a false sense of security to the user. A DNS leak is leaking of user’s real IP address while connected to a VPN service.

 In Computer Network, A proxy server is a computer that acts as a gateway between a local and a larger-scale network such as the Internet. Proxy servers provide increased performance and security. In some cases, they monitor employees’ use of outside resources.

Proxy servers are used for several purposes. If it is used as a caching web proxy, it can dramatically improve performance of a web response. When a request is made by a client, a caching proxy returns response directly from its cache if the document already exists. Otherwise, it makes the request to the real server, returns the result, and save it in its cache for later use.

Some of the most common types of Proxy servers:

• Web Proxy
• Open Proxy
• Transparent Proxy
• Anonymous Proxy
• Tunneling Proxy
• Forward proxy
• Reverse proxy
• Distorting proxy

CSVDE and LDIFDE are both commands and are used for importing and exporting objects but they are different in the way that CSVDE uses the format CSV (Comma Separated Value) which is an Excel file for files and LDIFDE uses LDIF (LDAP Data Interchange Format) file type which can be viewed with a simple text editor. LDIFDE can be also used for editing or deleting objects unlike CSVDE.

VOIP (Voice over Internet Protocol) is a category of hardware and software that enables people to use the Internet as the transmission medium for telephone calls by sending voice data in packets using IP rather than by traditional circuit transmissions.

APIPA (Automatic Private IP Addressing) is a DHCP fail over mechanism for local networks. With APIPA, DHCP clients can obtain IP addresses when DHCP servers are non-functional.  APIPA exists in all modern versions of Windows except Windows NT.

When a DHCP server fails, APIPA allocates IP addresses in the private range 169.254.0.1 to 169.254.255.254.

Rfc1518 was created to save Ip addresses, as it creates the possibility to assign ip addresses classless. Without the possibility to assign classless networks, we would have had ipv4 address shortages very long time ago.

‘Malware (short for “malicious software”) is a file or code, typically delivered over a network, that infects, explores, steals or conducts virtually any behavior an attacker wants.

Spyware is a type of malware (or “malicious software”) that collects and shares information about a computer or network without the user’s consent. It can be installed as a hidden component of genuine software packages or via traditional malware vectors such as deceptive ads, websites, email, instant messages, as well as direct file-sharing connections.

A denial-of-service attack is a security event that occurs when an attacker takes action that prevents legitimate users from accessing targeted computer systems, devices or other network resources.

A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests or malformed packets to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.

The Onion Router (Tor) is an open-source software program that allows users to protect their privacy and security against a common form of Internet surveillance known as traffic analysis.

According to the United States Computer Emergency Readiness Team (US-CERT), below are the symptoms of DDoS attacks:

• Unusually slow network performance (opening files or accessing web sites)
• Unavailability of a particular web site
• Inability to access any website
• Dramatic increase in the number of spam emails received (this type of DoS attack is considered an e-mail bomb)
• Disconnection of a wireless or wired internet connection
• Long-term denial of access to the web or any internet services

SATA (Serial Advanced Technology Attachment) is a bus used to transfer data from hard drives and other storage systems, like optical, to a controller, often built into the motherboard (picture at right), from where it can go to the rest of the computer.

IDE (Integrated Drive Electronics) or PATA is an acronym for Parallel Advanced Technology Attachment, often shortened to Parallel ATA. Parallel refers to the fact that data is sent 16 bits at a time through a single 16-bit connection, which is used for data traveling in both directions.

WINS (Windows Internet Naming Service) is a system that determines the IP address associated with a particular network computer. This is called name resolution. WINS support network client and server computers running Windows and can provide name resolution for other computers with special arrangements. It is Microsoft’s implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names.

Master Boot Record, a small program that is executed when a computer boots up. Typically, the MBR resides on the first sector of the hard disk. The program begins the boot process by looking up the partition table to determine which partition to use for booting.

Exploit kits (crime ware kit) are automated threats that utilize compromised websites to divert web traffic, scan for vulnerable browser-based applications, and run malware. Exploit kits are known by a number of other names, including infection kit, crimeware kit, DIY attack kit and malware toolkit.

BitLocker is an encryption feature available in Ultimate and Enterprise versions of Windows 7 and Vista, to encrypt an entire drive, simply right-click on the drive and select Turn on BitLocker from the context menu.

Loopback address is 127.0.0.1, an address that sends outgoing signals back to the same computer for testing.

What is Virtualization?

Virtualization is technology that lets you create useful IT services using resources that are traditionally bound to hardware. Virtualization is the process of running a virtual instance of a computer system in a layer abstracted from the actual hardware.  It allows you to use a physical machine’s full capacity by distributing its capabilities among many users or environments.

LDAP (Lightweight Directory Access Protocol) is an internet protocol which Email and other services is used to look up information from the server.

KCC (knowledge consistency checker) is used to generate replication topology for inter site replication and for intrasite replication. Within a site replication traffic is done via remote procedure calls over ip, while between sites it is done through either RPC or SMTP.

Inter-Site Topology Generator (ISTG) is responsible for managing the inbound replication connection objects for all bridgehead servers in the site in which it is located. This domain controller is known as the Inter-Site Topology Generator (ISTG). The domain controller holding this role may not necessarily also be a bridgehead server.

Windows Deployment Services is a server role used to deploy Windows operating systems remotely. WDS is mainly used for network-based OS installations to set up new computers.

A hardware or software flag. In multitasking systems, a semaphore is a variable with a value that indicates the status of a common resource. It’s used to lock the resource that is being used. A process needing the resource checks the semaphore to determine the resource’s status and then decides how to proceed.