MCSA Interview Questions Part II
1) Can we have more than one RID master in the domain?
Ans: We cannot have more than one RID master per domain. By default primary is RID mastre where as if primary fails you can transfer FSMO roles to another DC in the domain.
2) What is group type and group scope? Explain types group types?
Ans: When we create group we are supposed to define type and scope for group. Type will define wheathere group can be used to assign permissions on resources or not. We can create a group of type security and distributed wherein security group can be used to assign permission and distributed group used for listing purposes.
3) In which situations do we use authoritative and non authoritative restore?
Ans: We do take backups to provision fault tolerance . There are two ways to restore active directory backup- authoritative and non authoritative. When there is a hardware or software failure we can restore the backup and let other DCs to replicate the restored one. This is non authoritative backup. Which is a default one.
If some object gets deleted by mistake and the changes not yet propagated to all DCs then we pick one DC where e can still find this object. Making this DC as authoritative we can allow other DCs to be replicated from this DC.
But here not whole directory is not restored instead the specific object can be made authoritative.
4) What are lingering objects?
Ans: Suppose if I delete some objects and the domain controller is offline, then it wont receive any replication because of which the object still persist in offline DC . If server is down for the period of tombstone lifetime then it will be termed as lingering object.
5) What is active directory defragmentation?
Ans: Active directory database is stored in ntds.dit. In order to optimize data storage , active directory automatically performs defragmentation every 12 hrs. Which will allow reclaiming space to store new objects.
6) What are related commands related to active directory replication ?
Ans: Repadmin tool by microsoft used to check replication between domain controllers.
Repadmin /replsummary- To check current replication health and summary state for DCs.
Repadmin /showrepl- will display the last replication for specific DC.
Repadmin /syncall- Forcefully initiating replication to sync with other DCs.(This can cause a lot of traffic so run it carefully )
Repadmin /replicate – This command will immediately replicate directory partition from source to destination.
7) What is ADSIEDIT ?
Ans: It is a tool which provides access to active directory objects and its attributes. We can manage using this tool.
8) What are superseded updates?
Ans: Microsoft sometimes provides a complete replacement for multiple updates called superseded updates. You may need this update when you are installing new PC and want to patch it with latest updates. WSUS does not by default decline superseded updates. We need to make sure that superseded updates are no longer needed by your machines and then you can decline them .
9) What are express updates?
Ans: When you enable express updates it will only download the changes between current month CU and previous updates. Using express update feature reduces bandwidth while downloading updates.
10) What are Cumulative updates?
Ans: Cumulative updates includes previously released ( bundle of updates). If cumulative updates is installed you won’t need to install previous updates (as they are now the part of CU) .
11) What is USN ?
Ans: USN is called as Update sequence Number. When we make changes to the object USN increments and during AD replication higher version only will retain.
12) When do the non authoritative restore is done?
Ans: It is default restore method. When there is a server crash, we can simply restore the latest backup of server. When server comes up it gets replicated by other DCs and gets sync.
13) What is blue screen error?
Ans: Blue screen error will cause system to restart or shutdown unexpectedly. It will display the blue screen with indication of some kernel module fault. I can be caused by wrong device drivers, or malfunctioning of hardware components.
14) What is active directory federation service?
Ans: It is single sign on service which provides authentication for the users who want to access applications outside the forest. We use federation service when we want to provide access to users from other organizations without the need to create their account in our directory.
15) What is RAID?
Ans: RAID is Redundant Array of Independent Disk. It is fault tolerance technique used to provide redundancy which ultimately provide protection from data loss. We have several RAID levels in through which we can achieve fault tolerance. There are two types of RAID configuration – Hardware RAID , in which we need RAID card and it can be configured with BIOS. where other is software RAID which RAID configuration can be done which the help of operating system.
16) What is break mirror vs Remove Mirror option in RAID?
Ans: If we want to stop mirroring on selected volume then we should say Break Mirror. It will not erase data on volume. If you want to get extra space then simply use remove mirror option as it will flush data on selected disk.
17) What is sysprep Tool?
Ans: Sysprep Tool is used while capturing image of machine which will be deployed on multiple machines without creating duplicate SIDs.
18) What is active directory?
Ans: Active directory is a service available in windows server by using which we can create domain. It allows the user accounts to be created on server in active directory database. And it allows central management of users and devices in the domain.
19) What is tombstone object?
Ans: When we delete any object from active directory , it still remain it database for 180 days and can be easily restored before getting deleted permanently.
20) What is difference between fsmo role transfer and seize role?
Ans: When PDC fails, we perform seize role on ADC (forcefully transferring FSMO roles). But if PDC is alive and we want to isolate server for some reason we can transfer FSMO roles from PDC to ADC . This operation is performed on PDC .
21) What is certificate revocation means?
Ans: Certificate Authority can Revoke (cancel) certificate before expiration so that they can not be trusted any longer. The certification Revocation list can be published by Certificate Authority.
22) I am having 8 GB pen drive and trying to copy win server 2012 R2 iso, but it is showing error. What is the reason?
Ans: The iso file is around 4GB and the space in pen drive is more but if the pen drive is formatted with FAT then it won’t allow the file size more than 4 GB. So format it with NTFS or else if there is some data which you don;t want to lose then just convert it to NTFS using convert <drive name> /fs:ntfs command.
23) What are different files of HyperV?
The HyperV Virtual Machine file formats are as follows:
VHD/VHDX- Virtual Hard disk file
BIN- HyperV machine saved state file. (Pre server 2016 HyperV)
AVHD/AVHDX- These are differencing disk format and created when checkpoint(snapshot) is taken for VM.
VSV- is saved state file. (Available in win 2016 )
VMCX- Virtual Machine Configuration File. (Available in win 2016) It replaces XML file used in pre server 2016 HyperV.
VMRS- VM runtime state file. This file replaces the pre- srever 2016 BIn and VSV files.
25) What is nano server?
Ans: Nano server is smallest version of windows specially developed by Microsoft for cloud applications and for containers.
26) What is HyperV shielding feature?
Ans: HyperV shielding is feature which protects VMs from getting tampered by unauthorized access. It used secure boot and Bitlocker features.
27) I have standard primary DNS zone for my abc.com domain configured on server DC1 in Mumbai. For Ans: the same domain I am having another server DC2 at Pune location on which DNS is installed. If both locations are connected by a WAN link and I want to make sure that DNS should resolve and update even if the WAN link is down. What can be done in this situation?
When we use standard primary DNS , we need to manually configure secondary DNS server which only can resolve DNS queries but wont update DNS database. But if we use active directory integrated DNS it replicates on DC’s hence maintain redundancy and also support write operations on any server. Hence in the given example We should convert standalone DNS to AD integrated Zone.
28) What is role of OCSP in certificate Authority?
Ans: Online certificate status protocol determines status of digital certificate without the need of downloading certificate revocation list.
For MCSA Interview Questions Part – I please refer my earlier blog Top MCSA Interview Questions 2019
SevenMnetor Pvt Ltd
Call the Trainer and Book your free demo Class for JAVA now!!!
© Copyright 2019 | Sevenmentor Pvt Ltd.