Which two configurations should you perform from DNS Manager?

Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the
DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)

You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
Which two configurations should you perform from DNS Manager? (Each correct answer
presents part of the solution. Choose two.)

Your network contains an Active Directory domain named contoso.com. The domain
contains a domain controller named DC1 that runs Windows Server 2012 R2. DC1 has the
DNS Server server role installed.
The network contains client computers that run either Linux, Windows 7, or Windows 8.
You have a standard primary zone named adatum.com as shown in the exhibit. (Click the Exhibit button.)

You plan to configure Name Protection on all of the DHCP servers.
You need to configure the adatum.com zone to support Name Protection.
Which two configurations should you perform from DNS Manager? (Each correct answer
presents part of the solution. Choose two.)

A.
Sign the zone.

B.
Store the zone in Active Directory.

C.
Modify the Security settings of the zone.

D.
Configure Dynamic updates.

E.
Add a DNS key record

Explanation:
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx

Show Hint

Leave a Reply 27

Your email address will not be published. Required fields are marked *

Tyson

Tyson

I’m confused… The zone is already AD Intergrated…

Reply

Michael

Michael

Me too, not sure about his one!

Reply

George

George

I think the exhibit is the wrong one.
The question states the zone is a standard primary zone.

Reply

nos

nos

It’s C and D

Reply

October

October

I agree with you George. Explanation describes clearly how to support Name Protection.

Reply

bigfly

bigfly

agreed C&D

Reply

Ebrahim Ali

Ebrahim Ali

It this exhibit is correct then the answer is correct because at the beginning of the question it said contoso.com and then it said the exhibit is for adatum.com, so B. Store the zone in Active Directory is for contoso.com and D. Configure Dynamic updates is for adatum.com.

But if the exhibit is wrong then the correct exhibit is this http://www.cram4tests.com/wp-content/uploads/2014/05/clip_image00146.jpg, then again the correct answer is same B. Store the zone in Active Directory and D. Configure Dynamic updates.

In both cases the correct answer is B and D.

Reply

Ebrahim Ali

Ebrahim Ali

Correction:
If this exibit is correct then the answer is correct becasue at the begining of the question it said contoso.com and then it said the exibit is for adatum.com, so B. Store the zone in Active Directory is for contoso.com and D. Configure Dynamic updates. is for adatum.com.

But if the exibit is wrong then the correct exibit is this http://www.cram4tests.com/wp-content/uploads/2014/05/clip_image00146.jpg, then again the conrrect answer is same B. Store the zone in Active Directory and D. Configure Dynamic updates.

In both cases the correct answer is B and D.

Reply

bigfly

bigfly

After looking over this question again it states “adamtum is a primary zone”. With that said the yes B and C would be correct.

Only thing here is I don’t understand why you would need to change it again if the AD integrated if it is already on. each domain dns can server as a master in this case.

Reply

Chamil Dilhan

Chamil Dilhan

C and D
its already AD integrated

Reply

JD

JD

The zone has to be AD integrated so it’s B & C

Reply

JD

JD

Correction I meant B & D

Reply

defstar

defstar

A = False – DNSSEC related only
B = TRUE – Question states it is a STANDARD primary zone. Just because the DNS role is installed on DC doesn’t mean it has to be AD-integrated.
C = False – What security settings do you need to modify?
D = TRUE – DHCP: Secure DNS updates should be configured if Name Protection is enabled on any IPv4 scope – https://technet.microsoft.com/en-us/library/ee941152%28v=ws.10%29.aspx
E = False – DNSSEC related only

Reply

B-Art

B-Art

I disagree.
Read:
https://technet.microsoft.com/en-us/library/ff793405.aspx

https://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx
DHCP: Secure DNS updates should be configured if Name Protection is enabled on any IPv4 scope

A = True, you NEED DNSSEC! (you have NONE-Windows clients)
B = False, it is already AD intergrated.
C = False, no need for AD intergrated security (DNSSEC is a public security mecahnism)
D = True, you will allow Secure AND None-Secure DNS updates
E = False, you NEED a DS key record (NOT DNS key record)

https://www.youtube.com/watch?v=ZHdcFJQOEto

Reply

TM

TM

The non-Windows clients are a red herring here, I think. You’re configuring name protection on the ***DHCP servers***. This means that Linux clients that register themselves in DHCP will have their DNS registered by the the DCHP server itself. Linux clients are not running off to the DNS servers to perform their own registrations.

So the requirements for DHCP updates are that the zone needs to be AD-integrated, and it needs to have *secure* dynamic updates configured.

AD integrated is already configured according to the exhibit, so I can only assume that option C and D are the correct ones:

* Configure dynamic updates
* Update security = Secure

Rather than “zone security”, it should really be “dynamic update security”.

Reply

Joe

Joe

it is B and D just the wrong exhibit!

Reply

Bruce

Bruce

On a bit of a different tangent. I have a question and this problem illustrates it fairly well. In my last exam, I had the text of the problem say one thing and the exhibit say another. Tell me, do I go by the text or the exhibit? Does anyone know which way MS goes on something like this? I commented on the problem but a lot of good that will do. Thanks. I knew the answer from the exhibit but the text just wasn’t matching up.

Reply

lucasdrums

lucasdrums

I had this question on my exam. The answer is correct, the screenshot is not. In my exam the zone was not AD-integrated so you needed these two answers to achieve the goal.

Reply

PeeHarda

PeeHarda

You are so fantastic. Thanks

Reply

Salman

Salman

Correct answer: C, D

Explanation:
http://technet.microsoft.com/en-us/library/ee941152(v=ws.10).aspx

Reply

Hank

Hank

? Your link doesn’t say anything about needing to modify the security settings of the zone so why C? I think the exhibit is just wrong.

Reply

BitterSysAdmin

BitterSysAdmin

The exhibit is wrong. stop looking at the exhibit and pay attention to the question

“YOU HAVE A STANDARD PRIMARY ZONE”

Doesnt say its AD-Integrated.

The screenshot is wrong.

Reply

Andrey

Andrey

Official Microsoft Course:

You can configure cache locking with the dnscmd tool by performing the following procedure:
1.       Launch an elevated command prompt.
2.       Run the following command:
dnscmd /Config /CacheLockingPercent
3.       Restart the DNS service to apply the changes.
Alternatively, you can use the Windows PowerShell Set-DnsServerCache –LockingPercent cmdlet to set this value. For example:
Set-DnsServerCache –LockingPercent

F%&^ing Exam Questions!

Reply

Andrey

Andrey

Sorry, another question )

Reply