Interview Questions

I compiled a list of  questions (from various sources with credits at the end) and their answers for what one could expect attending a System Administrator/Engineer interview.

Personally I believe that slightly more important than technical skills is the attitude and approach of the individual whom I am interviewing. If they show passion for technology, desire to learn, improve and learn from mistakes than the skills and knowledge comes automatically.


  • What is the difference between a locked and disabled AD account?
    • Locked = condition
    • Disabled = Administrative
  • What is a VLAN?
    • Switch inside a switch.
    • Isolated broadcasts, segragations
  • How to ensure traffic from one VLAN to another?
    • Define ACLs
    • Configure routes
    • Same trunk
  • What is NAT and what is it used for?
    • Network Address Translation (NAT) is the process where a network device, usually a firewall/router, assigns a public address to a computer (or group of computers) inside a private network
  • What is ARP and what is it used for?
    • Systems keep an ARP look-up table where they store information about what IP addresses are associated with what MAC addresses
  • What are the differences between TCP and UDP?
    • TCP is a connection oriented stream over an IP network. It guarantees that all sent packets will reach the destination in the correct order.
    • UDP is a connection-less protocol. Communication is datagram oriented. The integrity is guaranteed only on the single datagram. Datagrams reach destination and can arrive out of order or don’t arrive at all.
  • What is a DMZ
    • Demilitarized zone is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to a usually larger and untrusted network, usually the Internet.
  • How can you segregate guest WiFi from production network?
    • Separate VLANs
    • 802.1x
  • What are NFS, iSCSI, FC and FCoE?
    • NFS
    • iSCSI
    • FC
    • FCoE
  • What is an AD certificate and how does it work?
    • It proves you are who you say you are.
    • It provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network.
  • How does HTTPS work?
    • HTTPS takes the well-known and understood HTTP protocol, and simply layers a SSL/TLS encryption layer on top of it. Servers and clients still speak exactly the same HTTP to each other, but over a secure SSL connection that encrypts and decrypts their requests and responses.
  • What is the difference between a self-signed and a 3rd party certificate?
    • Self-signed certificates will not validate up the chain
  • What is a virtual machine?
    • A virtual machine is a software computer that, like a physical computer, runs an operating system and applications. The virtual machine is comprised of a set of specification and configuration files and is backed by the physical resources of a host.
  • What are the differences between a guest and a host?
    • A host is the (operating) system hosting the guest virtual machine
  • What is the purpose of a hypervisor
    • A hypervisors sole purpose is to allow multiple “machines” to share a single hardware platform by sharing resources and abstraction for VMs.
  • How to reduce the amount of spam you receive?
    • Implement an email security gateway such as Barracuda/Symantec BrightMail
    • Don’t run an open relay
    • Verify PTRs
    • Accept email that follows strict protocol rules
    • Authenticated senders etc.
  • What do the following ports do – 25, 80, 443 & 587
    • 25 – SMTP
    • 80 – HTTP
    • 443 – HTTPS
    • 587 – SMTP
  • What is IDS?
    • Intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations
  • What is IPS?
    • Intrusion Prevention System (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits.
  • What is the difference between IDS and IPS?
    • The IDS is an Intrusion Detection System. An IPS is an Intrusion Prevention System.

Active Directory

  • What is Active Directory?
    • AD is an umbrella for a broad range of directory based identity related services (it’s a db that keeps track of all users, resources and passwords)
  • What is a forest?
    • A forest is a complete instance of AD. Each forest acts as a top-level container in that it houses all domain containers for that particular Active Directory instance.
    • A forest can contain one or more domain container objects, all of which share a common
  • What are Domains?
    • Domains are container objects.
    • Domains are a collection of administratively defined objects that share a common directory database, security policies, and trust relationships with other domains.
  • What are Domain Trees?
    • Domain trees are collections of domains that are grouped together in hierarchical structures.
    • When you add a domain to a tree, it becomes a child of the tree root domain.
    • The domain to which a child domain is attached is called the parent domain.
  • What is an Active Directory Trust?
    • AD trusts are logical relationships established between two domains which allows authnetication.
  • What are the FSMO roles and what do they do?
    • Schema Master
      • Performs updates to the AD schema such as ADPREP /FORESTPREP, Microsoft Exchange and other applicaitons that must modify the AD schema
    • Domain Naming Master
      • Adds and removes domains and application partitions from the Active Directory forest
    • PDC Emulator          
      • Manages password changes for computers and user accounts on replica domain controllers
    • RID Master    
      • Allocates active and standby Relative IDs (RID) pools to replica DCs in the same domain
      • Must be online for newly-promoted DCs to obtain a local RID pool or when existing DCs must update their current or standby RID pool allocation
    • Infrastructure Master          
      • Updates cross-domain references and phantoms/tombstones from the Global Catalog
      • A separate infrastructure master is created for each application partition including the default forest-wide and domain-wide application partitions
  • What is LDAP and what is it used for?
    • Lightweight Directory Access Protocol. It is an application protocol used over an IP network to manage and access the distributed directory information service


  • What is DNS
    • Domain Name Servers is used to resolve human-readable hostnames into machine-readable IP addresses
  • How does DNS work inside and outside the network?
    • By using Zones and Forwarders
  • What are A, CNAME, NS, MX, PTR records?
    • A – Address record (used to map hostnames to an IP address of the host)
    • CNAME – Canonical name record (Alias of one name to another)
    • NS – Name server record (Delegates a DNS zone to use the given authoritative name servers)
    • MX – Mail exchange record (Maps a domain name to a list of message transfer agents for that domain)
    • PTR – Pointer record (common use is for implementing reverse DNS lookups)
  • What command is used to lookup DNS records?
    • nslookup
  • What is meant by “Reverse Lookup”?
    • Is the determination of a domain name associated with an IP address via querying DN


  • What is DHCP
    • Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (i.e., a scope) configured for a given network.
  • How does DHCP work?
    • The DHCP client requests an IP address by broadcasting a DHCPDiscover message to the local subnet. The client is offered an address when a DHCP server responds with a DHCPOffer message containing an IP address and configuration information for lease to the client.
  • What is a DHCP scope?
    • A scope is the consecutive range of possible IP addresses that the DHCP server can lease to clients on a subnet. Scopes typically define a single physical subnet on your network to which DHCP services are offered.
  • When does a computer renew its DHCP lease?
    • When it expires, reboots or manually requested
  • How do you ensure systems get the correct DNS server?
    • Via network segment configuration or AD/OU depending on topology
  • What is the difference between a static IP and a reserved IP?
    • Static IP has been manually assigned
    • Reserved IP is allocated in DHCP


  • How many failures can the following RAID levels sustain?
    • RAID 0 – 0 failures
    • RAID 1 – 1 failures
    • RAID 5 – 1 failures
    • RAID 6 – 2 failures
  • What are SATA, Nearline SAS, SAS & SSD?
    • SATA – Slow, very large, ideal for backup or data which is rarely accessed
    • nSAS –  usually mechanically-equivalent to 7,200 RPM SATA disks, but feature a SAS interface and offer the benefits of the SAS protocol. They are available in higher capacities than enterprise SAS disks
    • SAS –  disks are your fastest and most resilient rotating media available at 10,000 and 15,000 RPM. Performance-optimized
    • SSD –  main characteristic is higher random read and write performance
  • What is storage tiering?
    • Automated tiered storage (also automated storage tiering) is the automated progression or demotion of data across different tiers (types) of storage devices and media.
  • Thin vs Thick storage provsioning
    • Thin – does not reserve space on the (hypervisor) file system nor does not reserve space on the back-end storage. Only consume blocks when data is written to disk from within the VM/Guest OS.
    • Thick – reserves space on the (hypervisor) file system but disk blocks are only used on the back-end (array) when they get written to inside in the VM/Guest OS.
  • What are the differences between replication, RAID, snapshots and backups?
    • Replication – multiple copies
    • RAID – integrity
    • Snapshots – point in time
    • Backup – continuity
  • What are the differences between on-site, off-site and cloud backups?
    • On-site – temporary use
    • Off-site – normal DR
    • Cloud – DR/business continuity


  • What is Prince2?
    • Prince2 stands for project in controlled environment. It is a process based method which is used for effective project management.
  • Define Project?
    • A project is a temporary endeavor that is unique with a definite start and an end time with a desired result.
  • What is the process model of prince2?
    • The process model includes:-
      • Directing a project(DP)
      • Starting up a project(SU)
      • Initiating a project(IP)
      • Controlling a stage(CS)
      • Managing a project delivery(MP)
      • Managing a stage Boundary(SB)
      • Closing a Project(CP)
  • What is the purpose of configuration management?
    • The purpose of Configuration Management is to track products.


  • What are the 3 types of SLAs
    • Service based SLA
    • Customer based SLA
    • Multi level SLA
  • What should an SLA contain?
    • SLA is made up of any of the following:

1.Service name

2.Clearance information (with location and date)

3.Contract duration

4.Description/ desired customer outcome

5.Service and asset criticality

6.Reference to further contracts which also apply (e.g. SLA Master Agreement)

7.Service times

8.Required types and levels of support

9.Service level requirements/ targets

10.Mandated technical standards and specification of the technical service interface


12.Costs and pricing

13.Change history

14.List of annexes

  • Why would you use Change Management?
    • We use Change Management to standardize our methods and procedures for dealing with changes and thereby reducing risk and disruption.
    • We record all changes to assets or confirmation items in the Configuration Management System. This allows us to define and agree on those changes and ensure that only people who have the appropriate authority can make changes.
  • What are the steps you would follow when a Change Request comes in?
    • Record it
    • Evaluate it
    • Prioritize it
    • Plan it
    • Test it
    • Finally, implement it


Sources for questions/answers/inspirations: [Reddit] [GitHub#1] [GitHub#2] [ITIL] [Prince2]