You have a DNS server named Server1 that runs Windows Server 2012 R2.
Server1 has the zones shown in the following output.
You need to delegate permissions to modify the records in the adatum.com zone to a group named
Group1.
What should you do first?
A.
Enable the distribution of the trust anchors for adatum.com.
B.
Unsign adatum.com.
C.
Store adatum.com in Active Directory.
D.
Update the server data file for adatum.com.
Explanation:
From the exhibit we see that the adatum.com zone is signed.A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust anchors must
be configured on every non-authoritative DNS server that will attempt to validate DNS data. You
cannot distribute trust anchors until after a zone is signed.Trust Anchors
https://technet.microsoft.com/en-us/library/dn593672.aspx
Answer B
To enable the delegation of rights you have to change the zone to integrated but you can’t make changes to the zone until it’s unsigned
The question asked what should we do first. We should first unsighn the zone and than store it on active directory.
Yes, I agree B should be the first step. If you try and convert a signed primary zone to Active Directory-Integrated you get an error message “The data on the primary zone failed to set. This operation is not allowed on a zone that is signed or has signing keys.”
ChaserZX says:
January 12, 2016 at 2:26 am
Answer B
To enable the delegation of rights you have to change the zone to integrated but you can’t make changes to the zone until it’s unsigned
So the right answer is…which?