Your network contains an Active Directory domain named contoso.com. The network contains a
domain controller named DC1 that has the DNS Server server role installed. DC1 has a standard
primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their
records to the contoso.com zone.
What should you do first?
A.
Sign the contoso.com zone.
B.
Modify the Security settings of DC1.
C.
Modify the Security settings of the contoso.com zone.
D.
Store the contoso.com zone in Active Directory.
Explanation:
Only Authenticated users can create records when zone is stored in AD.
Secure dynamic updates allow an administrator to control what computers update what names and
prevent unauthorized computers from overwriting existing names in DNS.
References:Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 6: Network
Administration, Lesson 2: Implementing DNSSEC, p. 237
http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc755193.aspx
I think the correct answer is C
since DC1 is a DC that means already has the ADDS installed therefore DNS is already in AD.
we just need to configure Secure dynamic updates allow
While this could be correct, you can install AD without an integrated DNS if there is already a DNS there. Also, the configuration of dynamic updates is not done from security settings but from the general tab.
Answer should be C, contoso.com is in DC1 which is already an Active Directory.
I would agree with Carlo where it not for the following.
An AD integrated DNS already does what is asked unless it is configured improperly. (Hence no configuration required if it was one. The text also describes that we are talking about a ‘standard’ DNS zone. Which is a very obscure term as standard can imply a standard integrated AD DNS or a standard old fashioned DNS that is not integrated.
You can set an integrated AD DNS zone to secure only, but that is not part of security, it is part of properties of the zone. Security only arranges who can do what on that specific DNS zone. Hence C can’t be right because that is not the way to do it.
So my option would be D, which is yet another confusing way to describe how to integrate a DNS zone into AD.