You work as an administrator at ABC.com. The ABC.com network consists of a single domain
named ABC.com. All servers in the ABC.com domain, including domain controllers, have Windows
Server 2012 R2 installed.
A domain controller named ABC_DC04 has the DNS Server Role installed and hosts the standard
primary DNS zone.
You want to prevent computers that are not members of the ABC.com domain from adding their
DNS records to the ABC.com zone.
Which of the following actions should you take?
A.
You should change the ABC.com zone to an Active Directory-Integrated DNS zone.
B.
You should run the netdiag /v command on ABC_DC04.
C.
You should enable Secure dynamic updates on ABC_DC04.
D.
You should configure the Integration Services settings on ABC_DC05.
E.
You should run the Dnscmd /config command on ABC_DC05.
Explanation:
Reference:
http://technet.microsoft.com/en-us/library/ee941211(v=ws.10).aspx
Why not A and C am I missing something?
Another trick question. SDU is set as default when AD integrated zone is configured.
From question we can conclude that we need to change ABC zone so that non members cannot add their DNS records.
First step is to change ABC.com zone to active directory integrated zone.
When this is done, dynamic update needs to be changed to secure only. This is not done automatically, so final answer is A & C.
A then C. (usually the question states “choose all that apply” or “what is the first action”).
Please check this link
https://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx
Multiple masters are created for DNS replication. Therefore, any domain controller in the domain running the DNS Server service can write updates to the Active Directory–integrated DNS zones for the domain name for which they are authoritative. A separate DNS zone transfer topology is not needed.
Secure dynamic updates are supported. Secure dynamic updates allow an administrator to control what computers update what names and prevent unauthorized computers from overwriting existing names in DNS.