Your network contains an Active Directory domain named adatum.com.
You have a standard primary zone named adatum.com.
You need to provide a user named User1 the ability to modify records in the zone. Other
users must be prevented from modifying records in the zone.
What should you do first?
A.
Run the Zone Signing Wizard for the zone.
B.
From the properties of the zone, modify the start of authority (SOA) record.
C.
From the properties of the zone, change the zone type.
D.
Run the New Delegation Wizard for the zone.
Explanation:
The Zone would need to be changed to a AD integrated zone When you use directoryintegrated zones, you can use access control list (ACL) editing to secure a dnsZone object
container in the directory tree. This feature provides detailed access to either the zone or a
specified resource record in the zone. For example, an ACL for a zone resource record can
be restricted so that dynamic updates are allowed only for a specified client computer or a
secure group, such as a domain administrators group. This security feature is not available
with standard primary zones
DNS update security is available only for zones that are integrated into Active Directory.
After you integrate a zone, you can use the access control list (ACL) editing features that are
available in the DNS snap-in to add or to remove users or groups from the ACL for a specific
zone or for a resource record.
Standard (not an Active Directory integrated zone) has no Security settings:You need to firstly change the “Standard Primary Zone” to AD Integrated Zone:
http: //technet. microsoft. com/en-us/library/cc753014. aspx
http: //technet. microsoft. com/en-us/library/cc726034. aspx
http: //support. microsoft. com/kb/816101
.
the currect ans is D
The Security tab, where you assign permissions to the zone, is missing if the zone is not AD-integrated. Because the question says that you have a standard primary zone, you must integrate it first.
I had this question on my test today and went with C – Change the Zone type and got 100% on the networking section.. go with that one!
I believe it’s C too
it is D
What on earth are you talking about Saad?
Its C.
you cant delegate the zone before you change it to active directory integrated
Saad….. fuck off you wank stain! This exam is hard enough!
LOL
Wayne screw you man! I was just giving my honest opinion!!!!
And Wayne was also just giving his own honest opinion as well. How about posting some explanations to support your “opinion” because any useless idiot can confuse others by just saying “the answer is XYZ”.
Saad you moron, everyone hates you because you blindly post answers with absolutely no knowledge or idea whatsoever. even my maid can do that. so please get a life and post an explanation when you give out an answer thats already there.
To delegate control, your DNS has to be AD integrated… https://blogs.technet.microsoft.com/activedirectoryua/2011/07/07/a-delegation-for-this-dns-server-cannot-be-created-because-the-authoritative-parent-zone-cannot-be-found-or-it-does-not-run-windows-dns-server/
I think it’s C
Answer is definitely C!
The Zone must be AD integrated to make the “Security” Tab appear, where you can then configure who is allowed to modify objects.
Delegation Wizard does something completely different.
Saad, go blow a goat you donkey fucker.
You’ve been commenting on these exams forever. I would be fucking SHOCKED if you have your MCSA. You run your stupid mouth around here with 1 letter answers that are WRONG.
If you have passed your exams, (well, i dont see how you even have a job if you needed your cert for it, but that’s another mystery) get the fuck off this website and stop commenting wrong answers.
such hate much wow
Anyway, the correct answer is definitely C.
To be able to view the security tab and modify permissions on the zone, you must integrate it with active directory first or else it does not have where to draw user data from.
There is no need to fight, little boys.
The answer is C. The zone type has to be changed first.
Agreed, definitely C.
A and D is not applicable (Zone Signing for DNSSEC and SOA – both got nothing to do with the question), so leaves us with C and D, and you cannot do D if you have not done C yet, answer C: change zone type (to AD integrated) first!
C for sure…
Saad is a microsoft representative to cause people to fail in exams in order to force them retake the exams (and repay…). I got you Saad!