You need to provide a user named User1 the ability to modify records in the zone

Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone. Other
users must be prevented from modifying records in the zone.
What should you do first?

Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone. Other
users must be prevented from modifying records in the zone.
What should you do first?

A.
Run the Zone Signing Wizard for the zone.

B.
From the properties of the zone, modify the start of authority (SOA) record.

C.
From the properties of the zone, change the zone type.

D.
Run the New Delegation Wizard for the zone.

Explanation:
The Zone would need to be changed to a AD integrated zone When you use directoryintegrated zones, you can use access control list (ACL) editing to secure a dnsZone object
container in the directory tree. This feature provides detailed access to either the zone or a
specified resource record in the zone. For example, an ACL for a zone resource record can
be restricted so that dynamic updates are allowed only for a specified client computer or a
secure group, such as a domain administrators group. This security feature is not available
with standard primary zones
DNS update security is available only for zones that are integrated into Active Directory.
After you integrate a zone, you can use the access control list (ACL) editing features that are
available in the DNS snap-in to add or to remove users or groups from the ACL for a specific
zone or for a resource record.
Standard (not an Active Directory integrated zone) has no Security settings:

You need to firstly change the “Standard Primary Zone” to AD Integrated Zone:

Now there’s Security tab:

http: //technet. microsoft. com/en-us/library/cc753014. aspx
http: //technet. microsoft. com/en-us/library/cc726034. aspx
http: //support. microsoft. com/kb/816101



Leave a Reply 20

Your email address will not be published. Required fields are marked *


khalid arshad

khalid arshad

the currect ans is D

Akoachi

Akoachi

The Security tab, where you assign permissions to the zone, is missing if the zone is not AD-integrated. Because the question says that you have a standard primary zone, you must integrate it first.

Jay

Jay

I had this question on my test today and went with C – Change the Zone type and got 100% on the networking section.. go with that one!

André

André

I believe it’s C too

Saad

Saad

it is D

VanDan

VanDan

What on earth are you talking about Saad?
Its C.

Gal

Gal

you cant delegate the zone before you change it to active directory integrated

Wayne Fulton

Wayne Fulton

Saad….. fuck off you wank stain! This exam is hard enough!

Saad

Saad

Wayne screw you man! I was just giving my honest opinion!!!!

Ricky

Ricky

And Wayne was also just giving his own honest opinion as well. How about posting some explanations to support your “opinion” because any useless idiot can confuse others by just saying “the answer is XYZ”.

Alex

Alex

Saad you moron, everyone hates you because you blindly post answers with absolutely no knowledge or idea whatsoever. even my maid can do that. so please get a life and post an explanation when you give out an answer thats already there.

sne

sne

Answer is definitely C!

The Zone must be AD integrated to make the “Security” Tab appear, where you can then configure who is allowed to modify objects.

Delegation Wizard does something completely different.

MJG

MJG

Saad, go blow a goat you donkey fucker.

You’ve been commenting on these exams forever. I would be fucking SHOCKED if you have your MCSA. You run your stupid mouth around here with 1 letter answers that are WRONG.

If you have passed your exams, (well, i dont see how you even have a job if you needed your cert for it, but that’s another mystery) get the fuck off this website and stop commenting wrong answers.

dskyo

dskyo

such hate much wow

Anyway, the correct answer is definitely C.
To be able to view the security tab and modify permissions on the zone, you must integrate it with active directory first or else it does not have where to draw user data from.

Arkansas-chuggabug

Arkansas-chuggabug

There is no need to fight, little boys.
The answer is C. The zone type has to be changed first.

Reinhard

Reinhard

Agreed, definitely C.

A and D is not applicable (Zone Signing for DNSSEC and SOA – both got nothing to do with the question), so leaves us with C and D, and you cannot do D if you have not done C yet, answer C: change zone type (to AD integrated) first!

ofer

ofer

C for sure…
Saad is a microsoft representative to cause people to fail in exams in order to force them retake the exams (and repay…). I got you Saad!