CompTIA SK0-005 Practice Test

Explanation

The core problem is that the technician inserted the firmware update media and restarted the server, but the server started normally into the OS instead of running the update. Firmware updates (like BIOS/UEFI, RAID controller, or NIC firmware) must typically be performed outside of the running operating system environment to prevent corruption or conflicts, as the OS itself relies on that firmware.

B. Boot from the media (Correct):
When a server ignores the bootable media (CD/DVD, USB drive) and loads the operating system, it means the boot order in the server's BIOS/UEFI settings is configured to prioritize the internal hard drive over the media device.

The technician needs to manually intervene during the server's boot process (often by pressing a key like $F12$, $F10$, $Esc$, or $F2$) to:

Access the Boot Menu and select the optical drive or USB media.
Alternatively, access the BIOS/UEFI Setup and change the permanent boot order to prioritize the media device.
By forcing the server to boot from the media, the technician will load the specialized firmware update utility contained on that media.

Why the other options are incorrect:

A. Press F8 to enter safe mode:
Safe mode is a diagnostic startup mode for the Operating System. It is used for troubleshooting OS issues and has no function in loading or flashing hardware firmware.

C. Enable HIDS on the server:
A Host-based Intrusion Detection System (HIDS) is a security measure used to monitor the server for suspicious activity. It is completely unrelated to the process of updating hardware firmware.

D. Log in with an administrative account:
While an administrator account is often needed to run software-based firmware updaters from the OS, the primary failure here is that the server didn't even begin the update process. If the update is designed to run from boot media, logging into the OS is the wrong path. The first step is fixing the boot order issue.

Reference
This question relates to the Hardware and Maintenance domains of the SK0-005 exam, focusing on the correct procedure for firmware management. Server administrators must understand that firmware flashing is a low-level operation requiring the machine to boot into a pre-OS environment, often via removable media.

Explanation:

A purple screen with white letters on an ESXi host is a Purple Screen of Death (PSOD) — VMware’s equivalent of a Windows BSOD or Linux kernel panic. It indicates a critical, unrecoverable hardware or kernel-level failure in the hypervisor.
The very first troubleshooting step is to read the error message and codes displayed on the PSOD screen, then review the host’s log files (if accessible via ILO/iDRAC, serial console, or another management host).

The PSOD always includes diagnostic information such as:

Error code (e.g., @BlueScreen, PF Exception 14, NMI)
Faulting module (e.g., driver, kernel component)
Stack trace
Hardware details (CPU, memory, PCIe device)

Log files to check (in order of priority):

/var/run/vmware/vmkdump/ – Core dump files
/var/log/vmkernel.log – Kernel messages leading to crash
/var/log/vmksummary.log – System health summary
iLO/iDRAC event logs – Hardware-level alerts (power, thermal, memory)

This information pinpoints the root cause — e.g., bad driver, faulty DIMM, overheating CPU, or incompatible hardware — before any physical intervention.

Why the other options are incorrect or premature:

A. Check the power supplies
Power issues usually cause shutdowns or reboots, not a PSOD. While possible (e.g., voltage ripple), no data supports this yet — log review comes first.

C. Reinstall the ESX server
This is destructive and unnecessary. Reinstalling wipes configuration and VMs. Never do this without knowing the cause — could mask a hardware fault that will recur.

D. Reseat the processors
Reseating CPUs is high-risk (bent pins, thermal paste damage) and requires full downtime. It should only be done after logs indicate CPU or memory controller failure.

Reference:
CompTIA Server+ SK0-005 Exam Objectives – Domain 5.0 Troubleshooting, Objective 5.1:
“Given a scenario, perform basic troubleshooting including… reviewing logs, hardware diagnostics…”
VMware KB 1004250 – Interpreting an ESX/ESXi host purple diagnostic screen
“The purple screen contains error messages and codes that help identify the cause of the failure.”

VMware vSphere Documentation:
“Always collect and review vmkernel logs before taking corrective action on a PSOD.”

Explanation

The primary reason for placing the heaviest equipment at the bottom of a server rack is stability and safety. A rack is a tall, freestanding structure. Loading it with the heaviest items at the top would raise its center of gravity, making it top-heavy and unstable. This creates a significant risk of the rack tipping over, which could:
Cause severe injury to personnel.
Destroy expensive and critical server hardware.
Cause extended downtime.
By placing the heaviest servers at the bottom, you lower the center of gravity, creating a stable and secure base. This is a fundamental principle of data center safety and rack loading procedures.

Why the Other Options Are Incorrect

A. Alternate the direction of the airflow:
This is incorrect and would be detrimental. Servers are designed with specific airflow patterns (typically front-to-back). "Alternating" the direction would create hot and cold air mixing within the rack, defeating the purpose of a hot aisle/cold aisle containment system and leading to severe cooling inefficiencies and potential hardware overheating. All servers should be mounted with consistent airflow direction.

C. Place a UPS at the top of the rack:
A UPS (Uninterruptible Power Supply) is one of the heaviest components you would install in a rack. Placing it at the top is extremely dangerous as it makes the rack dangerously top-heavy and unstable, directly contradicting the core safety principle explained above. A UPS should always be installed at the bottom of the rack if possible.

D. Leave 1U of space between each server:
While leaving space can sometimes help with airflow in specific, high-density scenarios, it is not a standard best practice and is a poor use of expensive rack space. Modern racks are designed for efficient cooling with proper blanking panels installed in any unused U-spaces to manage airflow. Leaving gaps between every server without blanking panels can actually allow hot exhaust air to recirculate to the cold air intake, causing overheating. It is more effective to mount servers contiguously and use blanking panels to fill all empty U-spaces.

Reference
This question falls under Domain 2.0: Hardware and Installation, specifically addressing:
2.1: Given a scenario, install physical hardware.
2.2: Given a scenario, deploy and manage storage.
2.4: Given a scenario, perform proper server maintenance techniques.

A key part of the Server+ certification is understanding data center best practices for safety and efficiency. Proper rack loading to ensure physical stability is a fundamental and critical safety practice.

Conclusion:
When loading a rack, safety is the paramount concern. Installing the heaviest equipment at the bottom is the best course of action to prevent the rack from becoming top-heavy and tipping over, ensuring a safe working environment and protecting the hardware investment.

Explanation:

To ensure all web traffic is secure, the system administrator needs to encrypt communication between the client’s web browser and the web server.
This is achieved using SSL (Secure Sockets Layer) or its modern successor TLS (Transport Layer Security).

SSL/TLS provides:
Encryption – Protects data in transit from eavesdropping or interception.
Authentication – Confirms that the website is legitimate using digital certificates.
Data integrity – Ensures the content sent and received is not altered.

When SSL/TLS is implemented correctly, web traffic uses HTTPS instead of HTTP, shown as:

https://www.example.com

Why the Other Options Are Incorrect:

A. SSH (Secure Shell)
Used for secure command-line access and file transfers (SCP/SFTP) to servers.
It does not secure web traffic (HTTP/HTTPS).
Incorrect for web security.

C. SMTP (Simple Mail Transfer Protocol)
Used for sending email messages between mail servers.
It has nothing to do with web traffic security.
Not applicable.

D. PGP (Pretty Good Privacy)
Used for encrypting and signing emails and files, not web traffic.
Not related to HTTP/HTTPS communication.

Reference:
CompTIA Server+ SK0-005 Exam Objective:
4.2 – Summarize server hardening and security best practices.

IETF RFC 5246:
TLS protocol specification (modern version of SSL).

OWASP Guidelines:
HTTPS (SSL/TLS) is the standard for securing web communications.

Summary:
To secure all web traffic and protect user data exchanged with a web server, the administrator should implement SSL (or modern TLS) encryption, enabling HTTPS connections

Explanation

The component that allows devices (like server blades) to connect to both the front (for server blades) and the rear (for network switches, storage, and power modules) inside a blade enclosure is the midplane.

A. Midplane (Correct):
A midplane is a printed circuit board (PCB) that is positioned in the middle of a blade chassis. It acts as the central wiring hub, providing connectors on both its front side and its rear side.

Front Side:
Connects to the server blade modules (CPU, RAM, storage).

Rear Side:
Connects to the I/O modules (Ethernet switches, Fibre Channel/FCoE switches, and sometimes power supply and cooling controllers).

This design allows for a clean, cable-free connection between the server blades and the network/storage infrastructure in the rear, which is the defining characteristic of a high-density blade enclosure.

Why the Other Options are Incorrect:

B. Active backplane / C. Passive backplane:
These terms are typically used in traditional rack-mount servers or storage arrays.

A backplane (active or passive) is a PCB that connects components along a single plane, usually the rear of the enclosure. While a midplane is technically a form of backplane, the term midplane is specifically used in blade server chassis to denote its central, dual-sided location and function, which is distinct from a traditional backplane.

D. Management module:
This is a separate, specialized component (often called the Chassis Management Controller or CMC) that monitors the enclosure's health, cooling, power, and often provides remote access for system administrators. It handles control and monitoring but is not the physical connection fabric itself.

Reference
This question relates to the Hardware domain, focusing on the architecture and components of a Blade Server Infrastructure. Understanding the role of the midplane is essential, as it is the key differentiator and enabler of the high-density, cable-reduced environment in a blade chassis.

Explanation:

The goal is to perform maintenance on 12 Windows servers in different racks without physically visiting each server. This requires remote, out-of-band or in-band management that works even if the OS is unresponsive or during BIOS-level tasks.

A. Remote desktop

What it is: Windows Remote Desktop Protocol (RDP) – allows full GUI access to the Windows OS once it is booted and network is up.

Use case:
Patch installation
Service restarts
Application updates
File management

Requirement:

OS must be running
Network connectivity
RDP enabled and firewall rules open

Why it works: Administrator can connect from a single workstation to all 12 servers without leaving their desk.

D. A virtual administration console
What it is: A centralized management platform such as:

Microsoft System Center Virtual Machine Manager (SCVMM)
VMware vCenter (if virtualized)
Dell iDRAC Enterprise / HPE iLO Advanced with virtual console
OpenManage Enterprise / OneView

Key advantage:
Provides remote KVM over IP (keyboard, video, mouse)
Works at BIOS, bootloader, or OS level
Can power cycle, mount ISO, view POST
Single pane of glass for all 12 servers


Why it works: One console → manage all servers remotely, even if Windows is down.

Why the other options are incorrect:

B. IP KVM
→ This is a physical hardware appliance (e.g., Avocent, Raritan) that connects one server at a time via CAT5 to a switch.
→ Requires manual port switching or physical access to change servers.
→ Not scalable for 12 servers across racks without constant intervention.

C. A console connection
→ Refers to serial console (COM port) or direct VGA/USB console.
→ Requires physical cable to each server → defeats the purpose of remote access.

E. Remote drive access
→ Tools like iSCSI, SMB, NFS allow file access, but not full system control.
→ Cannot reboot, install OS, or manage services.

F. A crash cart
→ A mobile cart with monitor, keyboard, mouse — requires physically rolling it to each rack.
→ Opposite of remote access.

Reference:
CompTIA Server+ SK0-005 Exam Objectives – Domain 2.0 Server Administration, Objective 2.7:
“Explain the purpose of administrative tools including… remote administration, virtual administration console…”

Microsoft Docs – Remote Desktop Services:
“RDP enables secure remote access to Windows servers.”

VMware vSphere Documentation:
“vCenter provides virtual console access to all VMs from a single interface.”

Explanation:

Even though least-privilege access controls are already in place (both administrative and technical), users with legitimate access can still copy, share, or exfiltrate sensitive data intentionally or accidentally.
To protect against this, the best next step is to deploy a Data Loss Prevention (DLP) solution.

C. Install a DLP Solution – Correct Answer
Data Loss Prevention (DLP) systems are designed to detect, monitor, and block unauthorized transmission of sensitive data outside the organization.

DLP solutions can:

Scan emails, web uploads, USB transfers, and cloud syncs for sensitive information.
Prevent or alert when users attempt to move or share data in violation of policy.
Classify data based on sensitivity (e.g., financial, PII, confidential).
This provides protection even when legitimate users have file access — addressing the insider threat or accidental leaks that least privilege alone can’t stop.

Why the Other Options Are Incorrect:

A. Utilize privacy screens

Privacy screens prevent shoulder surfing (visual data theft) by obscuring screen visibility from side angles.
They do not stop digital exfiltration or network-based leaks.
Only a physical protection, not sufficient for this issue.

B. Implement disk quotas

Disk quotas restrict how much disk space users can use.
They manage storage consumption, not data protection or exfiltration prevention.
Unrelated to data leakage prevention.

D. Enforce the lock-screen feature

Lock screens protect against unauthorized physical access when users step away.
While good security hygiene, it does not prevent authorized users from copying or leaking data.
Helps with physical security, not data exfiltration.

Reference:
CompTIA Server+ SK0-005 Exam Objective:
4.2 – Summarize server hardening and security best practices.

NIST SP 800-53 (SI-4, AC-4):
Recommends implementing Data Loss Prevention and data exfiltration controls for organizations handling sensitive data.

Gartner DLP Overview:
DLP systems monitor and control data movement across endpoints, networks, and cloud services.

Summary:
When users with valid access are still able to leak sensitive data, the most effective safeguard is to install a Data Loss Prevention (DLP) solution that monitors, detects, and blocks unauthorized data transfers.

Explanation

A hot site is a fully configured, operational secondary data center that allows an organization to failover immediately with minimal data loss and downtime (low RPO and RTO). Achieving this low RPO requires a continuous, real-time method of copying data to the hot site.

A. Asynchronous (Correct):
Asynchronous replication is the most common and practical method used to maintain data synchronization between a primary (production) data center and a remote hot site.

How it works:
Data is written to the primary storage first. Once the write is complete, the data is then copied to the remote hot site storage. The primary site does not wait for an acknowledgment from the remote site before confirming the write operation to the application.

Advantage in Disaster Recovery:
This method introduces a minimal delay (latency) and has a small risk of data loss (RPO of seconds to minutes), but it has a negligible performance impact on the production application. This balance of performance and relatively low data loss makes it ideal for maintaining a continuously updated hot site over long distances (WAN links).

Why the Other Options are Incorrect

B. Incremental:
Incremental backups only copy data that has changed since the last backup (full or incremental). This is a backup strategy and not a continuous replication method. It would not provide the near real-time data needed for a hot site's low Recovery Point Objective (RPO).

C. Application consistent:
Application-consistent backups/replication ensures that all pending transactions are flushed to disk, providing a perfect snapshot of the application state. While important for restorability (e.g., databases), it describes the quality of the copy, not the frequency or timing of the replication required to maintain a hot site.

D. Constant:
While the data is transferred constantly, "Constant" is not a formal industry term for a replication type. The correct, formalized terminology that describes the timing and acknowledgment process is Asynchronous or Synchronous. Synchronous is generally avoided for remote hot sites due to the high-latency performance penalty it imposes on the primary site.

Reference
This question relates to the Disaster Recovery and Storage domains. Server administrators must understand the difference between Synchronous (zero data loss, high latency, short distance) and Asynchronous (low data loss, low latency impact, long distance) replication methods and which one is appropriate for a geographically separate, high-availability hot site model.

Explanation:

The company needs to deploy software to all users, but only a few will use it simultaneously. The most cost-effective and efficient licensing model is per concurrent user (also called concurrent licensing or floating licensing).

How Per Concurrent User Works:

A license server tracks the number of active sessions.
Total licenses = maximum simultaneous users (e.g., 10 licenses).
Any authorized user can launch the software as long as a license is available.
When a user closes the app, the license is returned to the pool for another user.

Example:

1,000 employees have the software installed.
Only 10 users ever run it at once.
Cost: 10 concurrent licenses → huge savings vs. 1,000 per-user licenses.

Why the other options are incorrect:

A. Per site
→ Licenses the entire location (e.g., one office).
→ Overkill if only a few users need it.
→ Expensive and does not scale with actual usage.

C. Per core
→ Common for server software (e.g., SQL Server, VMware).
→ Based on CPU cores in the server, not users.
→ Irrelevant for end-user desktop software.

D. Per instance
→ One license per installation (e.g., per VM, per device). → Requires a license for every deployed copy, even if unused.
→ Most expensive when software is deployed widely but used rarely.

Reference:
CompTIA Server+ SK0-005 Exam Objectives – Domain 2.0 Server Administration, Objective 2.8:
“Explain licensing concepts including… per concurrent user, per core, per instance…”

Microsoft Volume Licensing Guide:
“Concurrent use licensing is ideal when software is used by many users but not simultaneously.”
Autodesk, Adobe, and Citrix all offer concurrent/floating licenses for this exact scenario.

Explanation

The key evidence in this scenario is the timing and predictability of the crash. The server runs normally for a set period (about five minutes) under a steady load and then consistently crashes. This pattern is a classic symptom of thermal overheating.

Here's why:

Power-On: When the server is powered on, components are cool.

Operation: As the server runs, the CPU and other components generate heat.

Heat Buildup: A poorly seated heat sink or dried-out thermal paste cannot transfer heat away from the CPU efficiently. The CPU temperature rises steadily.

Critical Temperature: After a predictable amount of time (in this case, five minutes), the CPU reaches its critical maximum temperature.

Automatic Shutdown: To prevent permanent physical damage from the heat, the server's hardware protection circuitry forces an immediate shutdown (a crash). This is a safety feature.

After the server is powered off, the components cool down. When it's powered on again, the cycle repeats. This perfectly matches the described behavior.

Why the Other Options Are Incorrect

A. Reseating any expansion cards in the server:
While a loose expansion card can cause crashes, the failure would typically be more random and not follow such a precise, time-based pattern linked to the server's operational runtime. It's often related to vibration or movement, not a steady time-to-failure.

B. Replacing the failing hard drive:
A failing hard drive usually causes symptoms like slow performance, read/write errors, corrupted data, or boot failures. It is unlikely to cause a complete, predictable system crash at regular intervals without any other I/O-related errors.

D. Restoring the server from the latest full backup:
The problem states that "none of the configurations have changed," which points away from a software or configuration issue. A backup restore would fix software corruption, but a hardware-related thermal issue would persist after the restore and continue to cause crashes.

Reference
This question falls under Domain 2.0: Hardware and Installation and Domain 4.0: Troubleshooting. It specifically tests the ability to:
4.2: Given a scenario, troubleshoot common hardware failures.
Recognize the symptoms of CPU overheating, which is a common hardware failure mode.

Key Takeaway:
A system crash that occurs predictably after a period of operation under load is a strong indicator of an overheating component, most commonly the CPU due to a failed cooling system (fan, heat sink, or thermal paste). This should be one of the first possibilities investigated when this symptom pattern appears.