Salesforce Analytics-Admn-201 Salesforce Certified Tableau Server Administrator Exam Practice Test

When Tableau Server uses Active Directory (AD) for authentication, group synchronization imports AD groups and assigns a minimum site role (e.g., Viewer, Explorer) to users in that group. This ensures users meet a baseline access level. The behavior for existing users during sync is:

If the user’s current site role provides more access than the minimum (e.g., Explorer vs. Viewer), their role remains unchanged.

If the user’s current role provides less access than the minimum (e.g., Unlicensed vs. Viewer), their role is upgraded to the minimum.

This preserves higher privileges while enforcing a floor. “Reduces access” means the minimum role is lower than the current role (e.g., Viewer vs. Explorer), in which case the existing role stays.

Option A (It will change to the minimum site role only if the minimum site role reduces access): Correct. The user’s role changes only if the minimum increases access (e.g., Unlicensed to Viewer); otherwise, it stays higher.

Option B (It will change only if the minimum provides more access): Incorrect wording. This is the inverse of the actual behavior—change occurs when needed to meet the minimum, not to exceed it.

Option C (It will always change): Incorrect. Existing higher roles are preserved.

Option D (It will never change): Incorrect. It changes if the current role is below the minimum.

Installing Tableau Server on Windows requires an account with sufficient privileges to configure services, write to the file system, and manage registry settings. Let’s analyze this in depth:

Installation Requirements:

The installer creates services (e.g., Tableau Server Gateway), writes to Program Files and ProgramData, and configures TSM.

It needs local administrative privileges on the machine to perform these tasks.

Post-install, a "Run As" account can be set for services (e.g., NT AUTHORITY\NetworkService), but this is separate from the install account.

Option C (An account in the local administrator group): Correct.

Why: The account must be in the local Administrators group to:

Install software (UAC elevation).

Configure services and ports.

Write to protected directories (e.g., C:\Program Files\Tableau).

Examples: A local admin (e.g., Administrator) or a domain user added to the Administrators group (e.g., DOMAIN\AdminUser).

Process: Log in as this account, run the installer, and provide TSM admin credentials during setup.

Option A (A local user account): Incorrect.

A standard local user (not in Administrators) lacks permissions—installation would fail with "Access Denied" errors.

Option B (A domain user account): Incorrect unless clarified.

A domain user without local admin rights can’t install. If it’s in the Administrators group, it qualifies, but C is more specific.

Option D (NT AUTHORITY\NetworkService): Incorrect.

This is a built-in service account for running services (default "Run As" post-install), not for executing the installer—an interactive user account is required.

Why This Matters: Using the right account prevents install failures and ensures secure configuration—critical for production setups.

Tableau Server uses a role-based licensing model with three primary license levels: Creator, Explorer, and Viewer. Each license level corresponds to specific site roles that define what users can do on the server.

Viewer License: This is the most restrictive license, allowing users to view and interact with published content (e.g., dashboards and visualizations) but not to create or publish new content.

Site Role: The Viewer license can only be associated with the Viewer site role. This role restricts users to viewing capabilities, aligning with the license’s purpose.

Option A (Creator): Incorrect. The Creator license is for users who can create, edit, and publish content using Tableau Desktop and the web interface. It corresponds to the Creator site role, not Viewer.

Option B (Explorer (can publish)): Incorrect. This is a variation of the Explorer license, which allows users to edit and publish content within limits. It’s more permissive than Viewer.

Option C (Viewer): Correct. The Viewer site role matches the Viewer license level perfectly.

Option D (Explorer): Incorrect. The Explorer license allows users to explore data and create content in the web interface, exceeding the Viewer license’s capabilities.

Tableau Server uses caching to speed up workbook loading by storing query results. After a scheduled extract refresh updates the data, the cache may need recomputing—let’s dive into the mechanics:

Caching Basics:

VizQL Cache: Stores rendered views and query results for faster access.

Refresh Trigger: A scheduled refresh updates the underlying extract (.hyper), but the cache isn’t automatically invalidated—it’s demand-driven.

Recompute Conditions: Tableau recomputes the cache when the workbook is accessed (viewed) and its data has changed (e.g., via refresh).

Evaluation:

Option B (The workbook has upcoming scheduled refresh tasks): Correct.

Why: An upcoming refresh task indicates the workbook relies on an extract with a schedule. After the refresh runs, the data changes, priming the cache for recomputation on next view. Without a schedule, no refresh occurs, so this is a prerequisite.

Detail: Schedules are set in Schedules > Tasks—e.g., "Daily at 2 AM."

Option D (The workbook has been viewed recently): Correct.

Why: Viewing triggers cache recomputation if the data has changed (e.g., post-refresh). Tableau uses a "lazy caching" model—cache updates only when a user loads the workbook, ensuring fresh results.

Detail: "Recently" isn’t strictly defined but implies post-refresh access.

Option A (Published in the last month): Incorrect.

Why: Publish date is irrelevant—cache recomputation ties to data changes and access, not publication timing.

Option C (All Users group has permission rule allowing access): Incorrect.

Why: Permissions enable viewing, but recomputation requires actual access (viewing) and a refresh event, not just potential access.

Why This Matters: Caching balances performance and freshness—understanding triggers prevents stale data surprises.

Tableau Server’s minimum hardware recommendations for a production single-node deployment ensure reliable performance for small to medium workloads. As of the latest documentation:

CPU: 8 cores (2.0 GHz or higher) to handle concurrent users, rendering, and background tasks.

RAM: 32 GB to support in-memory processing (e.g., VizQL, Data Engine) and caching.

Disk Space: 50 GB free for installation, logs, extracts, and temporary files.

Let’s break it down:

Option C (8-Core CPU, 32 GB RAM, 50 GB free disk space): Correct. This matches Tableau’s official minimum for production:

8 cores ensure sufficient parallelism for processes like Backgrounder and VizQL.

32 GB RAM supports multiple users and extract refreshes.

50 GB disk space accommodates growth (initial install is ~1–2 GB, but logs and extracts expand).

Option A (4-Core, 16 GB RAM, 50 GB): Incorrect. Too low for production—4 cores and 16 GB RAM are below the threshold for reliable performance under load.

Option B (2-Core, 8 GB RAM, 15 GB): Incorrect. This is for non-production (e.g., trial) setups, insufficient for production stability.

Option D (4-Core, 64 GB RAM, 50 GB): Incorrect. 4 cores are inadequate, though 64 GB RAM exceeds the minimum (32 GB).

Why This Matters: Under-spec hardware can lead to slow performance, failed refreshes, or crashes in production—adhering to the minimum ensures stability.

Importing an AD group into Tableau Server syncs user management—let’s analyze the process and options:

AD Group Import Process:

How: In the UI (Users > Groups > Add Group > Active Directory), enter the AD group name, set a site role, and sync.

Behavior:

Existing Users: If a user is already in Tableau Server, their site role remains unchanged unless manually adjusted—sync applies the minimum role only if it upgrades access.

New Users: Added to Tableau with the site role specified during import.

Config: Requires AD authentication enabled in TSM.

Option D (New users created are assigned the site role specified during import): Correct.

Details: When importing (e.g., "SalesTeam" group, site role: Explorer):

New users get Explorer.

Existing users keep their role unless it’s below Explorer (e.g., Unlicensed → Explorer).

Why: Ensures consistent onboarding—new users align with the group’s intended access.

Option A (Existing users’ roles change to match import): Incorrect.

Why: Existing roles persist unless lower than the minimum—e.g., Viewer stays Viewer if import sets Explorer, but Unlicensed upgrades. Not a full overwrite.

Option B (Requires a .csv file): Incorrect.

Why: AD import uses live sync via LDAP—no .csv needed (that’s for local auth imports).

Option C (Change group name during import): Incorrect.

Why: The AD group name is fixed—you can’t rename it in Tableau during sync (it mirrors AD). Post-import renaming is possible but not part of the process.

Why This Matters: Accurate AD sync ensures seamless user management—missteps can disrupt access or licensing.

Tableau Server’s installer configures process instances based on hardware and deployment type (single-node vs. multi-node). For a single-node installation with 4 cores, we need to consider the default process topology. Let’s break this down exhaustively:

Key Processes:

Gateway: Handles incoming requests (1 instance).

Application Server (VizPortal): Manages UI and sessions (1 instance).

VizQL Server: Renders visualizations (2 instances).

Backgrounder: Runs extract refreshes, subscriptions (1 instance).

Data Server: Manages data connections (1 instance).

File Store: Stores extracts (1 instance).

Repository: Metadata database (1 instance, active).

Cluster Controller, Cache Server, etc.: Supporting processes (typically 1 each).

Default Configuration:

On a single-node install, Tableau sets 1 instance per process unless specified otherwise, except for VizQL, which defaults to 2.

The installer doesn’t scale instances linearly with cores (e.g., 4 cores ≠ 4 instances). Post-install, TSM can adjust this (e.g., tsm topology set-process), but the question asks for the installed default.

Minimum hardware (8 cores, 32 GB RAM) suggests higher defaults, but 4 cores still triggers a minimal setup.

Option B (1): Correct with Caveat.

Most processes (e.g., Backgrounder, Gateway, Data Server) default to 1 instance on install, regardless of 4 cores.

VizQL defaults to 2, but the question’s phrasing ("each process") implies a general rule. Historically (and per docs), 1 is the baseline for most, with VizQL as the exception.

Interpretation: Assuming "each" means the typical case, 1 fits most processes on a 4-core single-node setup.

Option A (2): Incorrect. Only VizQL defaults to 2; others don’t.

Option C (8): Incorrect. Far exceeds defaults—8 cores might justify more, but not 4.

Option D (4): Incorrect. Not tied to core count by default; manual config would be needed.

Why This Matters: Understanding defaults aids capacity planning—4 cores is below production minimum (8), so performance tuning may be needed post-install.

Tableau Server uses internal secrets (tokens) for secure communication between its processes (e.g., Repository, File Store). These are automatically generated during installation and can be regenerated if compromised or for security maintenance. The command to update these is:

tsm security regenerate-internal-tokens: This regenerates the internal security tokens, ensuring all processes use the new tokens after a restart.

Option C (tsm security regenerate-internal-tokens): Correct. This is the documented command for updating internal secrets.

Option A (tsm data-access caching set -r 1): Incorrect. This command configures caching behavior, not security tokens.

Option B (tsm licenses refresh): Incorrect. This refreshes license data, unrelated to internal secrets.

Option D (tsm security validate-asset-keys): Incorrect. This validates encryption keys for assets, not internal tokens.

Tableau Server uses a PostgreSQL database as its repository to store metadata, user information, and permissions. In a high-availability (HA) setup with multiple nodes, there are typically two repository instances: one active and one passive. The "preferred active repository" refers to designating which repository instance should take priority as the active one. This is managed through Tableau Services Manager (TSM).

The correct method to set the preferred active repository is by using the tsm configuration set command. Specifically, you would use a command like:

tsm configuration set -k pgsql.preferred_host -v

This command allows an administrator to specify the preferred host for the active repository, ensuring control over which node takes precedence in an HA environment.

Option B (tabcmd set command) is incorrect because tabcmd is a command-line utility primarily used for administrative tasks like managing users, groups, and content (e.g., publishing workbooks), not for configuring server topology or repository settings.

Option C (TSM browser client's Maintenance page) is incorrect because the Maintenance page in the TSM web interface is used for tasks like backups, restores, and cleanup, but it does not provide an option to set the preferred active repository.

Option D (TSM browser client's Configuration Topology page) is partially relevant since the Topology page displays the current configuration of services across nodes, including the repository. However, it does not allow direct modification of the preferred active repository; this must be done via the tsm command line.

Editing permissions on a workbook in Tableau Server depends on the user’s role and the project’s permission settings. Since permissions are not locked (i.e., "Managed by Owner"), let’s dissect who can edit them:

Permission Model:

Not Locked: Owners of content (workbooks, data sources) can set permissions, and Project Leaders can override at the project level.

Site Roles: Define maximum capabilities (e.g., Viewer, Explorer, Creator).

Capabilities: "Set Permissions" is explicit—only certain users get it.

Option C (The workbook’s owner): Correct.

Details: The owner (typically the publisher) has full control over their workbook when permissions are Managed by Owner:

How: In the UI, go to Content > Workbooks > Actions > Permissions—owners can edit rules (e.g., grant Editor to a group).

Site Role: Minimum of Explorer (can publish) or Creator to publish, ensuring "Set Permissions" capability.

Why: Ownership inherently includes permission management unless locked.

Option D (Users set to Project Leader for the workbook’s project): Correct.

Details: Project Leaders are assigned via Content > Projects > Actions > Permissions > Set Project Leader:

Power: Can edit permissions for all content in the project, even if not the owner.

Site Role: Requires Site Administrator or Server Administrator (Creator/Explorer variants suffice).

Why: Overrides ownership in Managed by Owner mode—ensures project-level governance.

Option A (Users with project and workbook Viewer role): Incorrect.

Why: Viewer role (site-level) limits users to viewing—lacks "Set Permissions" capability, regardless of project/workbook rules.

Option B (Users with workbook Interactor role): Incorrect.

Why: "Interactor" isn’t a standard role—likely a misnomer for Explorer or Viewer with interaction permissions (e.g., Filter). No permission-editing rights exist here.

Why This Matters: Knowing who can edit permissions prevents access control gaps—crucial for collaborative or regulated environments.

In Tableau Server, projects are containers for organizing and securing content. They help manage permissions and structure content hierarchically. Let’s define what can be contained:

Workbooks: Visualizations and dashboards published to the Server.

Data Sources: Published connections or extracts reusable across workbooks.

Nested Projects: Sub-projects within a parent project, introduced in later versions (e.g., 2018.2) for deeper organization.

Option B (Workbooks): Correct. Workbooks are the primary content type in projects, containing views and dashboards.

Option C (Nested Projects): Correct. Nested projects allow hierarchical structuring (e.g., a "Sales" project with "Q1" and "Q2" sub-projects), with inherited or custom permissions.

Option D (Data Sources): Correct. Published data sources reside in projects, providing reusable data connections.

Option A (Groups): Incorrect. Groups are collections of users managed at the site or server level, not stored within projects. Projects contain content, not user entities.

Why This Matters: Projects are key to content governance—knowing what they hold helps administrators organize and secure assets effectively.

Data-driven alerts notify users when data meets conditions (e.g., sales > $10K). Let’s examine when Tableau checks these:

Alert Mechanics:

Enabled per site (Settings > General > Data-Driven Alerts).

Backgrounder evaluates conditions against extract data.

Check Intervals: Configurable via tsm configuration set -k dataAlerts.checkIntervalInMinutes (default: 60 minutes).

Refresh Trigger: Also checks post-extract refresh for immediate updates.

Option A (Every 60 minutes): Correct.

Details: Default interval—Backgrounder polls every hour to evaluate alert conditions.

Config: Adjustable (e.g., -v 30 for 30 minutes).

Option D (Whenever extracts in the related workbook are refreshed): Correct.

Details: An extract refresh updates the data, triggering an immediate alert check to catch changes promptly.

Why: Ensures timely notifications without waiting for the next poll.

Option B (Every 10 minutes): Incorrect.

Why: Not the default—possible via config, but not standard.

Option C (Whenever a new extract is published): Incorrect.

Why: Publishing creates the extract; alerts trigger on refreshes or polling, not initial publication.

Why This Matters: Timing affects alert responsiveness—balancing frequency and server load is key.

Comments on Tableau Server visualizations facilitate collaboration. Let’s explore what’s supported:

Comments Feature: Enabled per site (Settings > General > Allow Comments). Users with "Add Comment" permission can post on views.

Option B (Text): Correct.

Details: The primary content type—users type free-form text in the comment box.

Use: Notes, questions, or feedback (e.g., "Sales spiked here—why?").

Option C (@mentions): Correct.

Details: Typing @username notifies the mentioned user via email or the UI (if notifications are enabled).

Use: Directs comments to specific people (e.g., "@John, check this trend").

Option A (Interactive snapshots of a view): Incorrect.

Details: Snapshots (static images) aren’t supported in comments—users must take screenshots externally and can’t embed them interactively.

Option D (Images - jpg, png): Incorrect.

Details: No attachment or image embedding in comments—text and mentions only. Workaround: Link to an image hosted elsewhere.

Why This Matters: Comments enhance teamwork, but their simplicity (text + mentions) keeps the interface lightweight and focused.

Tableau Server’s licensing ties product keys to specific machines. Moving an environment requires managing activations to stay compliant. Let’s break this down:

Licensing Rules:

A product key can be activated on multiple machines (e.g., Dev, Test, Prod), but only up to the licensed limit (typically 3 for such setups).

Deactivation frees the key for reuse elsewhere.

Recommended Workflow:

Deactivate first: Use tsm licenses deactivate on the old Test machine to release the key.

Then activate: Install on the new hardware and activate with tsm licenses activate -k .

Why: Ensures compliance and avoids activation conflicts (e.g., exceeding the key’s limit).

Option B (Deactivate on Test, then install/activate on new hardware): Correct.

Steps:

On old Test: tsm licenses deactivate.

Install Tableau Server on new hardware.

On new Test: tsm licenses activate -k .

Benefit: Clean, compliant transfer—preserves license integrity.

Option A (Activate new, then deactivate old): Incorrect.

Risk: If the key’s limit is reached (e.g., 3 activations), the new activation fails until deactivation occurs. Order matters.

Option C (Activate new, keep old as backup): Incorrect.

Issue: Exceeds license limit (4 activations) and risks non-compliance. Backup requires deactivation or a separate key.

Option D (Activate new, obliterate old): Incorrect.

Details: tableau-server-obliterate.cmd wipes the entire install (data, config)—overkill and doesn’t formally deactivate the key via TSM, potentially leaving licensing inconsistent.

Why This Matters: Proper license management prevents activation errors and ensures legal use across environments.

Tableau Server provides multiple methods to create groups (collections of users) and projects (content containers), catering to UI, CLI, and programmatic needs. Let’s dissect each option with depth:

Option B (Tableau Server browser interface): Correct.

Groups: Go to Users > Groups > Add Group, name it, and optionally sync with Active Directory.

Projects: Go to Content > Projects > New Project, set name, description, and permissions.

Details: The web UI is intuitive, requiring server/site administrator rights. It’s ideal for manual, ad-hoc creation with immediate visibility.

Permissions: For projects, you can set default permissions or lock them here.

Option C (tabcmd): Correct.

Groups: tabcmd creategroup "GroupName" creates a local group. Add users with tabcmd addusers "GroupName" --users "user1,user2".

Projects: tabcmd createproject -n "ProjectName" -d "Description" creates a project.

Details: tabcmd is a command-line tool for batch operations or scripting (e.g., automating group/project setup). It requires a server admin login (tabcmd login).

Limitation: No AD sync via tabcmd—that’s UI or REST API territory.

Option D (REST API): Correct.

Groups: Use the POST /api/api-version/sites/site-id/groups endpoint with a payload (e.g., {"group": {"name": "GroupName"}}). Supports AD import too.

Projects: Use POST /api/api-version/sites/site-id/projects (e.g., {"project": {"name": "ProjectName", "description": "Desc"}}).

Details: The REST API is programmatic, ideal for integration with external systems or bulk automation. Requires authentication via a token and server/site admin rights.

Power: Offers full control, including nested projects and custom permissions.

Option A (tsm customize): Incorrect.

Purpose: tsm customize modifies TSM UI branding (e.g., logos, colors) via commands like tsm customize --logo "path/to/logo.png".

Why Wrong: It’s unrelated to creating groups or projects—it’s for cosmetic server configuration, not content/user management.

Why This Matters: Offering UI, CLI, and API options ensures flexibility—manual for small tasks, automation for scale—critical in enterprise deployments.