Sys Admin Interview Questions
Please select from the following list.

1. What is Active Directory?

Active Directory offers centralized control of information and settings which are stored in a central database on a domain controller.

2. What is Group Policy?

Group Policy provides central control of the working environment of users and computer accounts in Active Directory. Group Policy is used to manage and configure operating systems, applications, and user’s settings.

3. What are GPOs?

Group Policy Objects are settings that control the working environment of user accounts and computer accounts. They define the security options, software installation, registry-based policies and maintenance options, script options, and folder redirection.

Nonlocal Group Policy objects: stored on an Active Directory domain controller

Local Group Policy Objects: Stored on local (individual) computers

4. Why would you not restore a DC that was last backed up eight months ago?

A Domain Controller backup should generally not be older than 180 days. Backing up a DC that is several months old could lead to inconsistent data, lingering objects, as well as old versions of files.

5. What is a lingering object?

Lingering object is a deleted active directory object that remains on the restored domain controller in its local copy of the active directory.

6. What is the difference between a domain, trees, and forests? 

A domain is a logical group of network objects like computers , users, and devices that have the same active directory database.

A tree is a collection of domains in a contiguous namespace within Active Directory in which each domain has exactly one parent, leading to hierarchical tree structure which is connected in a transitive trust hierarchy.

A forest is a group of Active Directory trees which shares a common global catalog, directory configuration, logical structure, and directory schema.

7. What are WINS servers? 

Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses.

8. What is the difference between a firewall and antivirus? 

Antivirus actively monitors the host for any virus threats and tries to clean or quarantine the virus.

A firewall protects your system from outside attacks. It can be in software or hardware form.

9. What is a domain controller? 

A domain controller is a Windows-based computer system which is used for storing user account data in a central database. It can allow or deny users access to system resources, such as printers, documents, folders, and network locations.

10. What is the difference between FAT and NTFS?


  • no security when the user logs in locally
  • file names have only 8 characters
  • does not support file compression
  • partition and file size can be up to 4 GB
  • no security permission for file and folder level


  • security for both the  local and the remote users
  • supports file names that have 255 characters
  • supports the file compression 
  • partition size can be up to 16 exabytes
  • security for file and folder level

11. What is a loopback address and how is it useful? 

A loopback address sends outgoing signals back to the same computer. It is managed entirely within the operating system. It is not physically connected to a network. Useful for testing.

12. What are proxy servers?

A proxy server is a gateway between a local network and a large-scale network like the internet. It can increase performance and security. It can be used to prevent users from browsing restricted sites. 

13. What is the Windows registry? 

A database used in Windows to store information that is necessary to configure the system for one or more users, applications, and hardware devices. The Windows Registry stores much of the information and settings for software programs, hardware devices, user preferences, and operating-system configurations.

14. What is the Sysvol folder? 

Sysvol is the folder which stores group policy information. It contains public files of the domain controllers that domain users can access. It is used to deliver policy and login scripts to domain members.

15. What is Windows Deployment Services? 

WDS enables the deployment of Windows operating systems. You can use WDS to set up new clients with a network-based installation without requiring that administrators visit each computer.

16. What is the difference between a work group and a domain? 

A domain uses a centralized authentication server in a standard client /server relationship.

A workgroup is a peer-to-peer network that allows all participating systems to access shared resources.

17. What is LDAP? 

LDAP (Lightweight Directory Access Protocol) is used to name the object in an AD and makes it widely accessible for management and query applications.

18. What is the difference between LDAP and Active Directory?

LDAP is a standard protocol for querying and modifying entries in a directory service.

Active Directory is a directory service that supports the LDAP protocol, among others.

19. What is the PPP protocol? 

PPP stands for point to point protocol. It is a layer 2 protocol used to communicate between two devices directly.

20. What is IP Spoofing and how can it be prevented? 

An intruder is sending a message to the computer with an IP address that is coming from a trusted source/host. It can be prevented by performing packet filtering.

21. What is frame relay? 

In the OSI model, it operates at the physical and data link layer and is a high-speed data communication technology. It uses frames for the transmission of data in the network. 

22. What is DNS? 

The Domain Name System translates human friendly text to an IP address.

23. What is difference between the Domain Admin group and Enterprise Admin group?

The members of the domain admin group have complete control of the domain.

The members of the enterprise admin group have complete control of all domains in the forest. 

24. What is an authoritative restore of AD?

An authoritative restore means you set one Domain Controller as the master replica for all other DCs. This DC will not try to replicate from another DC.

25. What are the advantages of RAID? 

A RAID is a virtualization data storage technology that integrates multiple components of a physical disk drive into a single or several logical units. The advantage of using RAID is that it increases a system’s storage capacity, improves overall performance, and offers fault tolerance.

RAID 0: Known as disk striping which increases performance by placing different parts of a file on different storage devices, but has no redundancy.

RAID 1: Increases the reliability of the data by placing the same information on two different storage devices, also known as mirroring.

RAID 5: Combines the advantages of the previous two levels and places only the parity data on several storage devices which increases performance while providing increased reliability.

RAID 6: An extension of RAID 5 that requires a minimum of four disks and adds another parity block to each of these. A tradeoff  is that it is a little slower during write operations.

RAID 10: Provides the performance of RAID 0 and data protection level of RAID 1, combining drives into groups of two in which data is mirrored. Requires four or more disks.

26. How does traceroute work and what protocol does it use?

Tracert allows you to see what routers are touched when you move along the chain of connections to reach the final destination. Traceroute uses ICMP protocol. The first step uses TCP to send the SYN requests for the response. It uses ICMP echo packets.

27. What is the difference between NetBIOS and NetBEUI?

NetBIOS is a layer 5 protocol that is non-routable. It allows applications to communicate with one another over LAN. NetBIOS results in having a network with both an IP address and a NetBIOS name corresponding to the host name.

NetBEUI is only on smaller networks. It is not suitable for WAN (wide area networks) and is a non-routable protocol. NetBEUI can be configured to work with NetBIOS in order to provide error checking and data arrangement in data transmissions, allowing a more efficient transfer.

28. Describe how email works.

The email gets sent by the client to an outgoing mail server via SMTP. The SMTP server contacts a DNS server to match the target domain to an IP address and finds the MX (mail exchange) record. The message gets sent to the target domain’s MTA (Mail Transfer Agent).
The recipient fetches the mail using a client via POP or IMAP. POP is a unidirectional protocol, incoming data only. IMAP is bi-directional.

29. What is the difference between a hub and a switch? 

A hub will broadcast all the data to every port.

With switches, the connections are created dynamically so the requesting port only receives the information that is intended for it.

30. What is HTTPS and what port does it use? 

HTTPS uses SSL certificates to confirm that the server you are connecting to is the one that it says it is.

HTTPS uses TCP port 443.

31. What is TCP? 

Transmission Control Protocol establishes the connection on both ends before any data starts to flow. It is used to sync data flow.

32. What is UDP?

User Datagram Protocol is a connectionless protocol, is faster, but doesn’t check reception.

33. What is port forwarding? 

Port forwarding is used to communicate with the inside of a secured network. A port forwarding table within the router will allow specific traffic to be automatically forwarded on to a particular destination.

34. What is the difference between Powershell and a command prompt? 

Powershell operates on both batch commands and Powershell commands. Output comes is in the form of an object and can be passed from one cmdlet to other cmdlets. PS can execute a sequence of cmdlets in a script and has access to programming libraries.

A command prompt only operates on batch commands. Output is in the form of text and cannot transfer or pass the output from one command to another command.

35. What is the difference between RDP and KVM? 

Remote Desktop Protocol is used to access systems remotely and is a software driven method.

KVM (keyboard video and mouse) allows fast-switching between different systems and is a hardware driven system.

36. What are FTP and SSH? What protocols do they use? 

File Transfer Protocol is for transferring files. It has the capability of anonymous access or a standard login.

FTP uses TCP 21 for control and TCP 20 for data. 

Secure SHell is used to create a secure tunnel between devices. It has the ability to tunnel other programs through it. SSH uses TCP 22.

37. What is ARP? 

Address Resolution Protocol maps a MAC addresses to an IP address in a LAN.

38. What is EFS?

In Windows, use EFS to encrypt individual files and directories, one by one. EFS requires you manually select the files you want to encrypt and change this setting. An alternative is Bitlocker, which is full disk encryption. 

39. What is an IDS? 

An Intrusion Detection System has two basic variations:

Host Intrusion Detection System (HIDS) runs as background utility on the host.

Network Intrusion Detection System (NIDS) sniffs packets on the network. 

40. What is Telnet? 

Telnet allows you to connect to remote devices and provides access to a command-line interface. It does not encrypt. Telnet uses TCP 23.

41. How do you resolve an issue where a website is down but you’re able to telnet to the port?

I look for systems overload, low memory, or runaway processes. I fix the cause, then verify the symptoms are no longer occurring and the system is up.

42. After you log in to a Unix server, what commands should you initially run?

netstat – Indicates which network connections are active

top –  Describes the processes running on the server

lsblk – Determines what information is on the block devices

df -khT – Reports the amount of disk space available on the server

who –  Lists the users logged into the server

43. What are some of the roles of the Flexible Single Master Operations?

Schema Master, Domain Naming Master, Infrastructure Master, RID Master, and PDC Emulator.

44. What is the difference between rm and rm -rf?

rm deletes the named files (and not directories)

-r –recursive flag recursively deletes the directory’s contents, including hidden files and subdirectories.

-f –force flag makes rm ignore nonexistent files, and never prompt for confirmation.

45. Compress.tgz has a file size of approximately 15GB. How can you list its contents, and how do you list them only for a specific file?

To list the file’s contents: tar tf Compress.tgz

To extract a specific file: tar xf Compress.tgz {filename}

46. Which port is used for the ping command?

Ping uses ICMP echo requests and ICMP echo reply packets. ICMP does not use either UDP or TCP. An ICMP message is carried directly in an IP datagram data field.

47. What is the difference between a router and a gateway? What is the default gateway?

A router (layer 3) is a device which is responsible for receiving and forwarding the data packets to other networks. A router actually determines the destination or the target IP address of the packet and thus the best way for transferring the packet is determined by the help of forwarding tables and headers.

A gateway is a node which acts as an entrance for the other nodes in the network. A gateway can join dissimilar systems.

Default gateway is the router on your LAN. It is the first point of contact for traffic to computers outside the LAN.

48. What is the boot process for Linux?

BIOS -> Master Boot Record (MBR) -> GRUB -> the kernel -> init -> runlevel

49. What is the difference between a symbolic link and a hard link?

A hard link is a link to the file data.

A symbolic link is a link to another file name.

50. What is LVM, and what are the advantages of using it?

Logical Volume Management is used to pool and abstract the physical layout of component storage devices by gathering existing storage devices into groups and allocating logical units from the combined space as needed.

51. What are sticky ports?

Sticky ports make a port on a switch only permit specific computers to connect on that port by locking it to a particular MAC address.

52. What is a false positive and false negative in the case of IDS?

False Positive- alert for an intrusion which has actually not happened

False Negative -no alert and the intrusion has actually happened

53. Explain the Proc file system.

Proc file system in Linux offers an interface to the kernel data structures. It allows kernel variables to be altered.

54. What is VOIP?

Voice Over Internet Protocol. It uses the internet as a medium of transmission for telephone calls by forwarding data in packets through an IP instead of the traditional POTS lines.

55. Where is the AD database stored?

By default, it is stored in the %SYSTEMROOT%\NTDS folder.

56. What is the SYSVOL folder?

SYSVOL stores a duplicate of the area’s public documents and is shared for regular access and replication at %SYSTEMROOT%\SYSVOL\sysvol

57. What is the Global Catalog?

The global catalog (GC) allows users and applications to find objects in an Active Directory domain tree, given one or more attributes of the target object. The global catalog contains a partial replica of every naming context in the directory. It contains the schema and configuration naming contexts as well. This means the GC holds a replica of every object in the directory but with only a small number of their attributes. The attributes in the GC are those most frequently used in search operations (such as a user’s first and last names or login names) and those required to locate a full replica of the object.

58. What is a Stub zone DNS?

DNS stub zones are used to enable your DNS servers to resolve records in another domain. The information in the stub zone allows your DNS to contact the authoritative DNS server directly. The stub zone will always keep just the information needed to contact the authoritative DNS servers (NS records and A records).

59. How is the Forward Lookup Zone not the same as the Reverse Lookup Zone in DNS?

Forward Lookup Zones translate a hostname string to an IP address. A reverse lookup zone is an authoritative DNS zone that is used to resolve IP addresses to hostnames.

60. What is an SRV record in DNS?

The DNS service (SRV) record specifies a host and port.

61. What is the importance of Repadmin.exe from Windows Server 2008?

Repadmin is a command-line tool used to diagnose and repair Active Directory replication problems.

62. Describe DHCP.

Dynamic Host Configuration Protocol is an IP network protocol wherein a DHCP server automatically assigns an IP address to each host on the network from the available pool. The server keeps track of lease times. DHCP automates configuration on a device and avoids duplicate IP addresses.

UPD port 67 is used on the destination server and UDP port 68 is used by the client.

DORA — Discover, Offer, Request, Acknowledge

Discover – device starts, checks for valid IP configuration, if not, sends DHCPDISCOVER broadcast to local LAN as to destination

Offer – Server responds with DHCPOFFER message: IP address, subnet mask, default gateway, domain name, DNS servers, and TFTP server address, lease duration, and client ID.

Request – host chooses between DHCPOFFER messages (if multiple DHCP servers reply), host replies with DHCPREQUEST containing TransactionID to accept offer.

Acknowledgment – DHCPPACK sent from server to client to confirm.

63. Describe the OSI model.

Please Do Not Throw Sausage Pizza Away
Physical – electrical and physical representation of the system
Data – data transfer between two connected nodes
Network – packet forwarding from routers
Transport – TCP/IP
Session – setup, coordination, and termination between each end of the session
Presentation – Presents data for the application
Application – What users see

64. What is the difference between a switch and a router?

Switches facilitate the sharing of resources by connecting together all the devices in network. A switch works in Data Link Layer (L2).

A router connects multiple switches, and their respective networks, to form an even larger network. A router works in Network Layer (L3). Compatible with NAT.

Leave a Reply