You need to ensure that only the client computers in the Active Directory domain can register records in the contoso.com zone

Your network contains an Active Directory domain named contoso.com. The DNS zone for
contoso.com is Active-Directory integrated.
The domain contains 500 client computers. There are an additional 20 computers in a
workgroup.
You discover that every client computer on the network can add its record to the
contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can
register records in the contoso.com zone.
What should you do?

Your network contains an Active Directory domain named contoso.com. The DNS zone for
contoso.com is Active-Directory integrated.
The domain contains 500 client computers. There are an additional 20 computers in a
workgroup.
You discover that every client computer on the network can add its record to the
contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can
register records in the contoso.com zone.
What should you do?

A.
Sign the contoso.com zone by using DNSSEC.

B.
Configure the Dynamic updates settings of the contoso.com zone.

C.
Configure the Security settings of the contoso.com zone.

D.
Move the contoso.com zone to a domain controller that is configured as a DNS server.

Show Hint

Leave a Reply 6

Your email address will not be published. Required fields are marked *

nineteen + nineteen =

Shabbir

Shabbir

B

Reply

Rpaxton

Rpaxton

Im still torn between B and D. Ive noticed D in other dumps.

Reply

jc

jc

Is B. Contoso.com is already a Active Directory integrated zone.

Reply

Bob

Bob

Agree it’s B – you need to enable Secure dynamic updates only and then use an ACL to restrict Dynamic updates to only domain member computers.

Reply

Peter

Peter

Answer is B – answer D in case then Server is not domain controler (whenoption from B is not available)

Reply