A server administrator needs to harden a server by only allowing secure traffic and DNS inquiries. A port scan reports the following ports are open:

1. A. 21
2. B. 22
3. C. 23
4. D. 53
5. E. 443
6. F. 636

Correct Answer: D
The administrator should only allow secure traffic and DNS inquiries on the server, which means that only ports 22, 53, and 443 should be open. Port 22 is used for SSH (Secure Shell), which is a protocol that allows secure remote login and command execution over a network connection using a command-line interface (CLI). Port 53 is used for DNS (Domain Name System), which is a service that translates domain names into IP addresses and vice versa. Port 443 is used for HTTPS (Hypertext Transfer Protocol Secure), which is a secure version of HTTP that encrypts the data exchanged between a web browser and a web server.
Reference: https://tools.cisco.com/security/center/resources/dns_best_practices

A server technician is configuring the IP address on a newly installed server. The documented configuration specifies using an IP address of 10.20.10.15 and a default gateway of 10.20.10.254. Which of the following subnet masks would be appropriate for this setup?

1. A. 255.255.255.0
2. B. 255.255.255.128
3. C. 255.255.255.240
4. D. 255.255.255.254

Correct Answer: A
The administrator should use a subnet mask of 255.255.255.0 for this setup. A subnet mask is a binary number that defines how many bits of an IP address are used for the network portion and how many bits are used for the host portion. The network portion identifies the specific network that the IP address belongs to, while the host portion identifies the specific device within that network. The subnet mask is usually written in dotted decimal notation, where each octet represents eight bits of the binary number. A 1 in the binary number means that the corresponding bit in the IP address is part of the network portion, while a 0 means that it is part of the host portion. For example, a subnet mask of 255.255.255.0 means that the first 24 bits (three octets) of the IP address are used for the network portion and the last 8 bits (one octet) are used for the host portion. This subnet mask allows up to 254 hosts per network (2^8 - 2). In this case, the IP address of 10.20.10.15 and the default gateway of 10.20.10.254 belong to the same network of 10.20.10.0/24 (where /24 indicates the number of bits used for the network portion), which can be defined by using a subnet mask of 255.255.255.0.

A technician learns users are unable to tog in to a Linux server with known-working LDAP credentials. The technician logs in to the server with a local account and confirms the system is functional can communicate over the network, and is configured correctly However, the server log has entries regarding Kerberos errors. Which of the following is the MOST likely source of the issue?

1. A. A local firewall is blocking authentication requests.
2. B. The users have expired passwords
3. C. The system clock is off by more than five minutes
4. D. The server has no access to the LDAP host

Correct Answer: C
Kerberos is a network authentication protocol that uses tickets to allow clients and servers to prove their identity to each other. Kerberos relies on accurate time synchronization between the parties involved, as the tickets have expiration dates and timestamps. If the system clock of a Linux server is off by more than five minutes from the LDAP server or the domain controller, the Kerberos authentication will fail and generate errors. A local firewall is unlikely to block authentication requests if the server can communicate over the network and is configured correctly. The users’ passwords are not relevant if they are known-working LDAP credentials. The server has access to the LDAP host if it can communicate over the network and is configured correctly. References:
✑ https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/identity_management_guide/kerberos_errors
✑ https://www.ibm.com/docs/en/aix/7.2?topic=authentication-kerberos-time- synchronization

SIMULATION
Users report that the FinanceApp software is not running, and they need immediate access. Issues with the FinanceApp software occur every week after the IT team completes server system updates. The users, however, do not want to contact the help desk every time the issue occurs. The users also report the new MarketApp software is not usable when it crashes, which can cause significant downtime. The technician who restarted the MarketApp software noticed it is running under a test account, which is a likely cause of the crashes.
INSTRUCTIONS
Using the Services menu provided, modify the appropriate application services to remedy the stated issues.

Solution:
FinanceApp software is running as a service named “FinanceApp Service”. The service description says “Provides financial data and calculations for the FinanceApp software”. The service status is “Stopped”, which means that the service is not running and the software is not functional. The service startup type is “Manual”, which means that the service needs to be started manually by the user or the administrator. The service log on as is “Local System”, which means that the service runs under a predefined local account that has extensive privileges on the local computer.
To fix the issue with the FinanceApp software, you need to do two things:
✑ First, you need to start the service, so that the software can run. To do this, you can right-click on the service name and select “Start” from themenu. Alternatively, you can select the service name and click on the “Start” button on the toolbar. You should see a message saying that the service has started successfully.
✑ Second, you need to change the service startup type, so that the service can start automatically every time the server boots up. This way, you don’t have to contact the help desk every time the issue occurs. To do this, you can right-click on the service name and select “Properties” from the menu. Alternatively, you can select the service name and click on the “Properties” button on the toolbar. You should see a window with several tabs and options. On the “General” tab, under “Startup type”, you can select “Automatic” from the drop-down list. Then, click on “OK” to save your changes.
By doing these two steps, you should be able to use the FinanceApp software without any problems.
The MarketApp software is running as a service named “MarketApp Service”. The service description says “Provides market data and analysis for the MarketApp software”. The service status is “Running”, which means that the service is running and the software is functional. However, as you reported, the software may crash sometimes, which can cause significant downtime. The service startup type is “Automatic”, which means that the service starts automatically every time the server boots up. The service log on as is “TestAccount”, which is a test account that was probably used for development or testing purposes.
To fix the issue with the MarketApp software, you need to do one thing:
✑ You need to change the service log on as, so that the service runs under a proper account that has sufficient permissions and security settings for production use. To do this, you can right-click on the service name and select “Properties” from the menu. Alternatively, you can select the service name and click on the “Properties” button on the toolbar. You should see a window with several tabs and options. On the “Log On” tab, under “Log on as”, you can select either “Local System account” or “This account”. If you choose “Local System account”, then the service will run under a predefined local account that has extensive privileges on the local computer. If you choose “This account”, then you will need to enter a valid username and password for an account that has appropriate permissions and security settings for running the service. You may need to consult with your IT team or your software vendor to determine which option is best for your situation. Then, click on “OK” to save your changes.

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

Which of the following environmental controls must be carefully researched so the control itself does not cause the destruction of the server equipment?

1. A. Humidity control system
2. B. Sensors
3. C. Fire suppression
4. D. Heating system

Correct Answer: C
Fire suppression systems are designed to extinguish or contain fires in a server room, but they can also damage the server equipment if they are not carefully researched and selected. For example, water-based fire suppression systems can cause electrical shortsand corrosion, while gas-based fire suppression systems can create thermal shock and reduce oxygen levels. Therefore, fire suppression systems must be compatible with the server environment and equipment.
References: CompTIA Server+ SK0-005 Certification Study Guide, Chapter 1, Lesson 1.5, Objective 1.5