You have a DNS server named Server1 that runs Windows Server 2012 R2.
Server1 has the zones shown in the following output.
You need to delegate permissions to modify the records in the adatum.com zone to a group named
Group1.
What should you do first?
A.
Enable the distribution of the trust anchors for adatum.com.
B.
Unsign adatum.com.
C.
Store adatum.com in Active Directory.
D.
Update the server data file for adatum.com.
Explanation:
From the exhibit we see that the adatum.com zone is signed.A trust anchor (or trust “point”) is a public cryptographic key for a signed zone. Trust anchors must
be configured on every non-authoritative DNS server that will attempt to validate DNS data. You
cannot distribute trust anchors until after a zone is signed.Trust Anchors
https://technet.microsoft.com/en-us/library/dn593672.aspx
Unsign the zone and then integrate it into ADDS
I agree
yup
B is correct
I not know why you need to unsign the zone?
AD Integrated Zones can be Singed or Not, makes no Difference!
The Security Tab does not appear in the Zone Properties until the Zone is AD-Integrated.
Q:
to delegate permissions to modify the records in the adatum.com zone to a group named
Group1
A: make Adatum.com Ad-Integrated
Answer is C
Gary, before you can “convert” te zone to AD Integrated, you need to UNSIGN it.
So what should you do FIRST : unsign the zone
After that you can make it AD Integrated, Sign it and Delegate the permissions.
Hello Guys
The A is correct.
Why? We can modify the permission of dns zone file under system32
I know … It’s dirty but possibile!