----------------------------- Chapter 1 PLANNING SYSTEM 1. What is the formal definition of utilization? 2. Name the common units in which heat load is measured. 3. What is the easiest way to determine the heat output of a piece of electronic equipment? 1. Utilization is formally defined as the ratio of usage to capacity. 2. Heat load is measured in British Thermal Units (BTU) or kilowatts (kw). 3. Heat output from electronic equipment is documented by the manufacturer, both in printed documentation and in spec sheets listed on the web. ----------------------------- Chapter 2 INSTALLING AND CONFIGURING SYSTEM 1. What are the two methods of remote installation for Mac OS X Server? 2. What are the two processes that broadcast and receive notifications for a machine booted from Mac OS X Server installation media, ready for installation? 3. Name the command-line utility that allows manipulation of disk devices, such as partitioning and repair. 4. Name the command-line utility that allows you to install Apple packages from the command line. 5. Name the three configurations in which Mac OS X Server can be installed and run. 6. After a server configured in a standard or workgroup mode is converted to advanced mode, can Server Preferences.app still be used to manage the server? 7. What is the command-line utility that allows an administrator to retrieve operating system and other updates from Apple, verify, and install them? 8. Where does Apple list the SHA-1 cryptographic hash that allows you to verify the authenticity of files that you download from the Apple website? 9. Which utility do you use to verify the SHA-1 hash? 10. What is the purpose of a package receipt? 11. Which command-line utility is used to query bill-of-material (BOM) files? 12. Name the four domains to which managed preferences can be applied. 13. Where are managed preferences initially stored? 14. What is a preference manifest? 1. Graphical, using Apple Remote Desktop or Screen Sharing, and text-based via ssh. 2. sa_rspndr runs on the server awaiting installation and sa_srchr runs on the local client machine. 3. diskutil allows manipulation of disk devices, such as partitioning and repair. 4. installer allows you to install Apple packages from the command line. 5. Standard, workgroup, and advanced are the three configurations in which Mac OS X Server can be installed and run. 6. No. Once converted to advanced mode, Server Preferences.app cannot manage the server. Advanced mode requires Server Manager.app and Workgroup Manager.app. 7. softwareupdate allows an administrator to retrieve operating system and other updates from Apple, verify, and install them. 8. The SHA-1 hash is listed on the same webpage, along with the download itself. 9. openssl lets you verify the SHA-1 hash. 10. A package receipt serves two purposes: to track the files installed with a package, and to inform the installer whether a particular package has previously been installed. 11. lsbom is used to query bill-of-material (BOM) files. 12. User, group, computer, and computer group are the four domains to which managed preferences can be applied. 13. A directory service, such as Open Directory, stores managed preferences. 14. A preference manifest is a list of preferences provided by an application that lets the managed preference system know which preferences can be set for that particular application. To use a preference manifest in Workgroup Manager, it must first be imported. ----------------------------- Chapter 3 UPGRADING AND MIGRATING SYSTEM 1. Which command-line tool is used to verify both the host name and IP address against DNS? 2. Which prior versions of Mac OS X Server can be upgraded to Mac OS X Server v10.5 Leopard? 3. Which command-line tool is used to export service settings? 4. Which command-line tool is used to export user and group records from the directory service? 5. List the three methods of bringing user or group data into Open Directory.
1. changeip verifies both the host name and IP address against DNS. 2. Mac OS X Server versions 10.4.11, 10.3.9, and 10.2.8 can be upgraded to Mac OS X Server v10.5 (Leopard). 3. serveradmin exports service settings. 4. dsexport exports user and group records from the directory service. 5. Workgroup Manager, dsimport, and restoring an Open Directory Backup are three methods used to bring user or group data into Open Directory. ----------------------------- Chapter 4 ASSESSING SYSTEM 1. Which command-line utility supplies detailed statistics and information about a network interface? 2. What is the function of the sysctl command? 3. Which Mac OS X Server command reports detailed information about currently connected AFP and SMB users? 4. Name three ways to display the current load average. 5. Which command-line utility can quickly summarize disk capacity? 6. Where does the installer program write its receipts to? 7. Which command-line utility is used to query the receipts database? 8. Does every installation leave a trail in the install.log file? 9. What are the five steps to follow when evaluating a workflow? 1. netstat supplies detailed statistics and information about a network interface. 2. sysctl reads and writes kernel operating variables. 3. serveradmin reports detailed information about currently connected AFP and SMB users. 4. The following commands reveal the current load average: uptime, top, iostat, and sysctl vm.loadavg. Another possibility is Activity Monitor. 5. df (disk free) quickly summarizes disk capacity. 6. The installer program writes its receipts to /Library/Receipts/bom. 7. pkgutil queries the receipts database. 8. No. Any method of installation not using the Apple installer is not obligated to log installation activity. This includes third-party installers, drag-and-drop installations, and software compiled and directly installed on the machine. 9. Examine, interview, observe, document, and optimize are the five steps to follow to evaluate a workflow. ----------------------------- Chapter 5 WORKING WITH DNS AND NTP 1. What is the name of the daemon that runs the DNS service in Mac OS X? 2. What function does a DNS A record perform? 3. What is the name and full path of the configuration file for named? 4. Are there any security issues in exposing an internal DNS server to the public Internet? 5. Why is NTP important for daily administration? 6. Why is NTP important to Kerberos? 7. Which are the most accurate set of NTP servers? 8. Which port and protocol does the NTP service use? 1. named is the daemon that runs the DNS service in Mac OS X. 2. An A record maps a name to an IPv4 address, allowing a forward lookup. 3. /etc/named.conf is the name and full path of the configuration file for named. 4. Security issues in exposing an internal DNS server to the public Internet include making available a list of valid hostnames and IP addresses to the network, if zone transfers to everyone are not disabled. Also, potential bugs in BIND can be exploited to compromise a computer. If a DNS server is exposed in error, queries from public sources will consume resources and compete with other services at your site. 5. With multiple machines, it is important to be able to correlate system events accurately. 6. Kerberos uses the time on each machine to prevent replay attacks. By default, Kerberos authentication fails if clocks differ by 5 minutes or more. 7. The servers that make up strata 0 are the most accurate NTP sources. 8. The NTP service listens on UDP port 123. ----------------------------- Chapter 6 CONTROLLING ACCESS TO RESOURCES 1. What is the stateful firewall that is built into Mac OS X and Mac OS X Server?
2. When enabling the default set of firewall rules in Mac OS X Server, which traffic is allowed? 3. What is the primary way the Mac OS X Application Level Firewall differs from ipfw? 4. Why is tcpdump such a good utility for troubleshooting the firewall configuration? 5. When using the RADIUS service, how can use of wireless base stations be restricted to a certain group of users? 1. The IP Firewall, ipfw, is the stateful firewall built into Mac OS X and Mac OS X Server. 2. By default, all traffic is allowed out, and only Apple administrative ports and established traffic is allowed in. 3. The Application Level Firewall uses the application generating or receiving traffic in the decision-making process about which traffic to let through. ipfw strictly uses ports, not knowing which application is behind the traffic. 4. When used on the server side, tcpdump enables you to see whether traffic is making it past the firewall and arriving at the application layer. On a client, it lets you know whether traffic is being generated and accepted on the remote end. 5. Use Server Admin to apply a system access control list (SACL) to the RADIUS service. ----------------------------- Chapter 7 SECURING ACCESS TO RESOURCES 1. What is the definition of authentication? 2. What is the definition of authorization? 3. What is the command-line utility used to enable the root user on an out-of-the-box installation of Mac OS X? 4. What is the command-line utility used to enable the root user on an out-of-the-box installation of Mac OS X Server? 5. What command should be used to edit the sudoers file? 6. The contents of which file should be copied to a remote host to provide key-based authentication for the SSH protocol? 7. Which file contains the systemʼs authorization database? 8. Which command-line utility is used to set file system ACLs? 9. Where are certificates stored? 10. Which command-line tool creates disk images, including encrypted disk images? 1. Authentication is the process of identifying the identity of an account or service. 2. Authorization is the process by which an entity gains the right to perform a restricted operation. 3. dsenableroot 4. The root user is enabled by default on Mac OS X Server, so there is no need to enable it after a default installation. 5. visudo, because it checks the syntax of the file upon save. 6. The user public key, typically ~/.ssh/id_rsa.pub, or ~/.ssh/id_dsa.pub. 7. The authorization database is contained in the /etc/authorization file. 8. The chmod command sets file system ACLs. 9. Certificates are stored in a keychain file. 10. The hdiutil command manipulates disk images and can create encrypted disk images. ----------------------------- Chapter 8 MONITORING SYSTEM 1. What is the name of the logging daemon used in Mac OS X? 2. How does the Apple System Logger (ASL) differ from traditional UNIX logging daemons? 3. What is the purpose of log levels and facilities? 4. Do all programs need syslogd to create logs? 5. Name two statistics to help determine CPU usage. 6. What is the graphical application that allows an administrator of an Xserve to send notifications when problems are detected with its hardware? 1. syslogd is the logging daemon used in Mac OS X. 2. ASL immediately writes all entries to a database at /var/log/asl.log. It is a binary file that can only be inspected using the syslog command-line tool or various interfaces. 3. Log levels and facilities help classify a log entry. The level determines the severity of the message, and the facility helps determine which subsystem sent the message. The Apple system logger can also route messages based on their level and facility designation. 4. Since a log file is simply text, a program is free to create its own method of logging and determine where to put that method on disk. 5. CPU percentage and load average are two statistics that help determine CPU usage. 6. Server Monitor.app is the graphical application that allows an Xserve administrator to send notifications when problems are detected with the hardware.
----------------------------- Chapter 9 AUTOMATING SYSTEM 1. What are the automation technologies included in Mac OS X? 2. What is the default shell for newly created accounts in Mac OS X v10.5? 3. Which bash variables are inherited by subshells? 4. In which directories does the bash shell search when a command is typed at the prompt? 5. What is the command that runs the help system built into the shell? 6. What is the command that queries and manipulates user and system preferences? 7. What is the system in Mac OS X that boots the system and maintains job control? 8. What file format is used to specify to launchd what program to run and how to run it? 1. AppleScript, Automator, shell scripting, Perl, Python, PHP, Tcl, and Ruby. 2. The bash shell. 3. Any variables exported with the export keyword. 4. The directories in the $PATH variable, in the order they are listed. 5. The man command searches and looks up manual pages. 6. The defaults command can read and write preferences in property lists (plists). 7. launchd. 8. launchd requires a valid plist to describe a job. ----------------------------- Chapter 10 ENSURING DATA INTEGRITY 1. What is the first step in backing up data? 2. What unique properties need to be considered when backing up and restoring Macintosh data? 3. What is the medium used in a LAN-free backup? 4. Which Mac OS X built-in command-line utility is available to perform a block-based clone of an entire volume? 5. What is unique about backing up data from databases? 1. The creation of a backup policy, specifying scope of backup and with senior management sign-off. 2. Metadata in the form of extended attributes, file system access control lists, resource forks, and general file system metadata. 3. LAN-free backups travel over a SAN. 4. asr, the Apple Software Restore utility. 5. Databases should either be shut down before backup, or dumped to separate files that get backed up. ----------------------------- Chapter 11 ENSURING RELIABILITY 1. What is the difference in downtime per year between a 99.99% available service and a five-nines 99.999% available service? 2. Which command-line tool is used to alter on-battery behavior of a Mac OS X system? 3. Which command-line tool is used to create mirrored disk sets? 4. What are two advantages of creating a bonded network interface? 5. What are the two processes responsible for monitoring an IP failover pair? 6. What are the four scripts run by ProcessFailover to run actions on failover state change? 1. The 99.99% available per year service can be down for 53 minutes per year. A fivenines 99.999% available service can only be down for 5 minutes per year. Thatʼs a difference of 48 minutes per year. 2. The pmset (Power Management Settings) command. 3. diskutil 4. A bonded network interface creates redundancy and improves throughput. 5. heartbeatd and failoverd send and receive the heartbeat signal, respectively. 6. The four scripts are PreAcq, PostAcq, PreRel, and PostRel. ----------------------------- Chapter 12 TROUBLESHOOTING 1. Why is it important to follow a methodology when troubleshooting? 2. What are The Four Cs? 3. What is the command used to cause a Macintosh to boot in verbose mode with no
keypress at boot time? 4. What is the Apple bug-tracking system called, and how do you access it? 1. It helps you remain consistent, and follow a systematic plan. 2. Connections, components, configurations, and combinations. 3. The nvram command manipulates the nonvolatile RAM available at boot. Issuing nvram boot-args= -v sets a verbose boot. 4. The Apple bug-tracking system is called radar. It is accessible at http://radar. apple.com, and sign-in requires a valid developer ID.