ITS7 Server+ — CompTIA SK0-005

CompTIA Server+ Study Guide

90 questions · 90 minutes · Pass at 750/900 · Cost $358 USD

Domains

Hardware, Admin, Security, Storage, DR, Troubleshooting

Questions

Max performance-based + multiple choice

750/900

Pass Score

~83% correct to pass

3 years

Valid For

Renew via CE or retake

Jump to domain

13%Server Hardware Installation 21%Server Administration 20%Security 19%Storage 9%Disaster Recovery & Business Continuity 18%Troubleshooting

Exam-day tips

1RAID math: memorize minimum drives (RAID 5 = 3, RAID 6 = 4, RAID 10 = 4) and usable space formulas.

2RTO vs RPO: RTO is how long until you're back up; RPO is how much data you can afford to lose.

3Hypervisor type: "bare-metal" = Type 1; "runs inside an OS" = Type 2. Exam loves this distinction.

4iLO / iDRAC / IPMI = out-of-band management — manage the server even when the OS is completely dead.

5TLER is the enterprise drive feature RAID controllers need. Consumer drives (WD Blue) lack it.

6Troubleshooting steps are in order: Identify → Theory → Test → Plan → Implement → Verify → Document.

Domain · 13% of exam

Server Hardware Installation

13%

Server Form Factors

Tower servers — standalone, easy access, good for small offices; high floor space
Rack servers — 1U/2U/4U, mounted in standard 19" racks; data center standard
Blade servers — high-density chassis; individual blades share power, cooling, networking
Micro-form factor — ultra-compact; edge computing use cases
HPE ProLiant ML350p Gen8 — tower server; dual Xeon socket, up to 768 GB RAM, Smart Array P420i RAID controller

Server Components

CPU — Intel Xeon E5 (dual socket capable); server CPUs have ECC support, more cores, no integrated graphics
RAM — ECC (Error Correcting Code) RAM required for servers; detects and corrects single-bit errors; RDIMM (Registered) for large configs
Storage controllers — RAID HBA (e.g. HP Smart Array P420i); handles RAID offload from CPU
NIC — server NICs support jumbo frames, VLAN tagging, PXE boot, teaming/bonding (LACP)
PSU — hot-swappable redundant PSUs (1+1 or N+1); prevent single-point-of-failure on power
iLO / IPMI / iDRAC — out-of-band management; manage server even when OS is offline
PCIe expansion — riser cards for add-in cards; depends on CPU socket count (single CPU = fewer slots)

RAID Levels

RAID 0 — striping only; best performance, zero fault tolerance; ONE drive fails = ALL data lost
RAID 1 — mirroring; 2 drives, 50% usable space; survives 1 drive failure
RAID 5 — striping with parity; minimum 3 drives; usable = (n−1) drives; survives 1 drive failure; best balance of performance + redundancy
RAID 6 — double parity; minimum 4 drives; survives 2 simultaneous drive failures
RAID 10 (1+0) — mirror then stripe; minimum 4 drives; high performance + high redundancy; most expensive
Hot spare — idle drive that automatically rebuilds when another fails
Write cache — RAID controller cache (battery-backed) accelerates writes; HP Smart Array has cache + capacitor
HP P420i terminology: ORCA = Option ROM Config for Arrays (F8 at POST); SSA = Smart Storage Administrator (F10)

Power & Cooling

Hot-swappable components — replace failed drives, PSUs, fans without downtime
UPS (Uninterruptible Power Supply) — battery backup for clean shutdown; not a substitute for generator
PDU (Power Distribution Unit) — rack-level power management; metered, switched, or basic
BTU calculations — 1 watt = 3.41 BTU/hr; used for data center cooling capacity planning
Hot aisle / cold aisle — alternating rack orientation to direct airflow; prevents hot air recirculation
CRAC / CRAH units — computer room air conditioner/handler; precision cooling for data centers

Domain · 21% of exam

Server Administration

21%

Virtualization

Type 1 hypervisor (bare-metal) — runs directly on hardware; VMware ESXi, Microsoft Hyper-V, Proxmox VE, KVM
Type 2 hypervisor (hosted) — runs on top of OS; VMware Workstation, VirtualBox; not for production servers
Proxmox VE — open-source Type 1 based on KVM + LXC; managed via web UI at port 8006; uses ZFS or ext4 on local storage
VM components: vCPU, RAM (static or balloon), virtual disk (raw, qcow2, or thin-provisioned LVM), virtual NIC (virtio for best perf, e1000 for compatibility)
Linux bridges — virtual switches in Linux; vmbr0/1/2 connect VMs to physical NICs and to each other
Snapshots — point-in-time VM state; use before risky changes; NOT a backup replacement
Templates — cloning source VMs; mark as template to prevent direct boot
Containers (LXC) vs VMs — LXC shares host kernel (lighter, faster); VMs have isolated kernel (stronger isolation)

Network Configuration

Bridged networking — VM connected to physical network via bridge; appears as physical device on LAN
NAT — IP masquerading; private IPs translated to one public IP; iptables MASQUERADE on Linux
VLAN — Virtual LAN; logical network segmentation using 802.1Q tags; carried over trunks
Bonding/Teaming — aggregate multiple NICs for throughput or failover; modes: active-backup, LACP (802.3ad), round-robin
Static IP assignment — preferred for servers; no DHCP dependency; configure in /etc/network/interfaces or netplan
DNS — servers should use a reliable DNS (pfSense Unbound, Windows DNS server, or public 1.1.1.1)
NTP — time sync critical for logs, Kerberos, certificates; use chrony or ntpd; point to reliable stratum 2/3 sources

Operating Systems

Windows Server 2022/2025 — Roles: AD DS, DNS, DHCP, File Server, IIS, Remote Desktop Services; licensed per core
Ubuntu Server LTS — headless; managed via SSH; APT package manager; systemd service management
Minimal install principle — install only required roles/features; reduces attack surface
AD DS (Active Directory Domain Services) — centralised identity and authentication for Windows networks; requires static IP before promoting
DNS integration — AD DS requires DNS; typically installed on the same DC; creates SRV records automatically
DHCP server — dynamically assigns IPs; scope = IP range, exclusions, lease duration; must not overlap with static assignments
File and Storage Services — Windows role for SMB shares, iSCSI target, deduplication
IIS (Internet Information Services) — Windows web server; serves HTTP/HTTPS; configurable per site
NGINX — high-performance Linux web server / reverse proxy; config in /etc/nginx/sites-available/

Scripting & Automation

PowerShell — primary Windows automation; Install-WindowsFeature, Get-ADUser, Test-NetConnection
Bash — Linux shell scripting; if/for/while loops, cron jobs, systemd units
iptables — Linux firewall and NAT rules; FILTER (allow/deny), NAT (MASQUERADE, DNAT), MANGLE tables
iptables-persistent — saves iptables rules across reboots; `netfilter-persistent save`
DNAT port forwarding — redirect external port to internal host: `iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to 172.16.0.x:22`
SSH key management — generate with ssh-keygen; copy with ssh-copy-id; disable password auth in sshd_config

Domain · 20% of exam

Security

20%

Physical Security

Server room access control — keycard, biometric, mantrap; only authorized personnel
Cable locks — physical anchor for portable equipment
Asset tagging — track hardware; identify theft or unauthorized removal
Environmental controls — HVAC, fire suppression (clean agent, not water sprinklers near servers)
Drive encryption — encrypt at rest; BitLocker (Windows), LUKS (Linux); protects data if drive is stolen

Logical Security

Principle of least privilege — users and services get only the access they need; no more
Role-Based Access Control (RBAC) — assign permissions to roles, not individuals; easier to manage
Local Administrator accounts — rename default Administrator; disable Guest; set strong password
SSH hardening: PermitRootLogin no, PasswordAuthentication no (key-only), change default port 22, AllowUsers specific-user
UFW (Uncomplicated Firewall) — front-end for iptables on Ubuntu; default deny incoming, allow specific ports
Windows Firewall — built-in host firewall; configure inbound/outbound rules per profile (Domain/Private/Public)
Patching — keep OS and software updated; Windows Update, `apt upgrade`; critical patches within 30 days
Audit logging — enable Windows Event logging, Linux auth log (/var/log/auth.log); review regularly

Network Security

Defense in depth — multiple security layers; no single point of failure in security posture
Firewall rules — pfSense/iptables rules applied top-down; first match wins; default deny at bottom
DMZ (Demilitarized Zone) — semi-trusted network segment for public-facing services; isolated from LAN
Jump box / bastion host — hardened server used as single entry point to private network; reduces attack surface
VPN — encrypted tunnel for remote administration; prefer over exposing RDP/SSH directly to internet
Port scan awareness — open ports are attack surface; close unnecessary services
Intrusion Detection / Prevention — IDS (alerts), IPS (blocks); Snort/Suricata integration in pfSense

Certificates & Encryption

TLS/SSL — encrypts data in transit; required for HTTPS, LDAPS, secure RDP
Self-signed certificates — generated internally; not trusted by public browsers; OK for internal lab use
CA (Certificate Authority) — issues trusted certificates; enterprise deploys internal CA via Windows CA Services
SSH host keys — verify server identity; accept fingerprint on first connect; stored in ~/.ssh/known_hosts
Bitlocker / LUKS encryption — full disk encryption at rest; TPM for hardware-backed key storage

Domain · 19% of exam

Storage

19%

Storage Technologies

HDD (Hard Disk Drive) — magnetic spinning disk; high capacity, lower cost, slower than SSD; 7200 RPM typical for servers
SSD (Solid State Drive) — no moving parts; much faster than HDD; SATA, SAS, or NVMe interface
NVMe — PCIe-attached SSD; extremely fast (3–7 GB/s); preferred for high-performance workloads
SATA — 6 Gbps max; connects HDDs and SSDs; consumer-grade and some enterprise
SAS (Serial Attached SCSI) — 12 Gbps; enterprise HDDs/SSDs; better error recovery than SATA
TLER (Time Limited Error Recovery) — enterprise drive feature; limits error recovery time so RAID controller doesn't drop the drive; WD RE series has TLER; WD Blue consumer does NOT

Storage Interfaces & Protocols

DAS (Direct Attached Storage) — storage directly connected to server; simplest, lowest latency
NAS (Network Attached Storage) — file-level storage over network; NFS (Linux) or SMB/CIFS (Windows)
SAN (Storage Area Network) — block-level storage over network; Fibre Channel or iSCSI
iSCSI — SCSI over TCP/IP; NAS device presents block device to server; no FC HBA required
Fibre Channel — dedicated high-speed SAN fabric; requires FC switches and HBAs; enterprise data centers
NFS — Linux file sharing protocol; mount remote shares as if local filesystem
SMB/CIFS — Windows file sharing; used by Windows shares and Samba on Linux

Storage Management

LVM (Logical Volume Manager) — Linux; abstract physical disks into logical volumes; easy resize
Thin provisioning — allocate storage on demand rather than up front; used in Proxmox local-lvm
Deduplication — eliminate duplicate data blocks; saves space; compute-intensive
Compression — reduce storage footprint; ZFS has built-in inline compression (lz4)
Quotas — limit storage per user or volume; prevents one user from filling the disk
Storage tiers — hot (fast SSD), warm (HDD), cold (tape/archive); move data based on access frequency
Capacity planning — monitor utilization; plan expansion before reaching 80% full

Domain · 9% of exam

Disaster Recovery & Business Continuity

Backup Strategies

Full backup — complete copy of all data; slowest to run, fastest to restore
Incremental backup — only changes since last backup; fast to run, slow to restore (chain dependency)
Differential backup — changes since last FULL backup; middle ground on speed
3-2-1 rule — 3 copies, 2 different media, 1 offsite; gold standard for backup resilience
RTO (Recovery Time Objective) — maximum acceptable downtime after a failure
RPO (Recovery Point Objective) — maximum acceptable data loss (how old can the backup be?)
Backup testing — restore from backup regularly; untested backups are not backups

High Availability

Failover clustering — multiple servers share workload; one fails, others take over automatically
Load balancing — distribute requests across multiple servers; prevents overload
Redundant hardware — RAID, dual PSU, bonded NICs eliminate hardware single points of failure
Replication — synchronous (zero data loss, slower) or asynchronous (small window of loss, faster)
Snapshots — quick rollback for VM changes; NOT a substitute for off-machine backup
Cold/warm/hot standby — cold (off, needs manual start), warm (on, needs sync), hot (live, takes over instantly)

Domain · 18% of exam

Troubleshooting

18%

Troubleshooting Methodology

1. Identify the problem — gather symptoms, check logs, talk to users
2. Establish a theory — most likely cause first; don't jump to complex explanations
3. Test the theory — confirm or eliminate the hypothesis
4. Establish a plan — steps to resolve; document before executing
5. Implement the solution — make one change at a time
6. Verify functionality — confirm the problem is resolved and nothing else broke
7. Document — record what happened, what was done, outcome; update runbook

Common Commands

ping — basic connectivity test; ICMP echo request/reply; firewall may block ICMP
traceroute / tracert — shows hop-by-hop path to destination; identifies routing issues
netstat / ss — show open ports and active connections; `ss -tuln` shows listening ports
nmap — port scanner; discover open services; `nmap -sV target` for version detection
ip addr / ipconfig — show IP addresses, subnet, gateway on Linux/Windows
ip route / route print — show routing table; verify default gateway and static routes
systemctl status <service> — check if a Linux service is running; `journalctl -u <service>` for logs
Event Viewer (Windows) — System, Application, Security logs; critical error source
dmesg — Linux kernel ring buffer; hardware errors, driver issues, RAID events
df -h — disk usage on Linux; check for full filesystems
top / htop — live CPU/RAM utilization; identify resource-hungry processes

Network Troubleshooting

Can't ping gateway — check IP/subnet/gateway config; check if NIC is up (`ip link`)
DNS resolves but ping fails — ICMP may be blocked by firewall (this is normal on hardened networks)
Can't reach internet from VM — check NAT/MASQUERADE rules on host or pfSense; check default route
SSH connection refused — service not running, wrong port, firewall blocking; check `systemctl status sshd`
DHCP not assigning — check DHCP server is running; check scope/exclusions; check pfSense DHCP leases table
169.254.x.x address — APIPA; DHCP failed; configure static or fix DHCP
iptables -L -n -v — list all firewall rules with packet counts; zero packet count = rule never matched

Educational content only. CompTIA and Server+ are registered trademarks of CompTIA Inc. Exam objectives and passing scores may change — always verify at comptia.org before sitting the exam.