Your network contains an Active Directory domain named contoso.com. The network contains a domain
controller named DC1 that has the DNS Server server role installed. DC1 has a standard primary DNS zone for
contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their records to
the contoso.com zone.
What should you do first?
A.
Sign the contoso.com zone.
B.
Modify the Security settings of DC1.
C.
Modify the Security settings of the contoso.com zone.
D.
Store the contoso.com zone in Active Directory.
Explanation:
Only Authenticated users can create records when zone is stored in AD.
Secure dynamic updates allow an administrator to control what computers update what names and prevent
unauthorized computers from overwriting existing names in DNS.References:
Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 6: Network Administration,
Lesson 2: Implementing DNSSEC, p. 237
http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc755193.aspx