Your company has a single Active Directory domainnamed intranet.adatum.com.
The domain controllersrun Windows Server 2008and the DNS server role.
All computers, including non-domain members, dynamically register their DNS records.
You need to configure the intranet.adatum.com zone to allow only domain members to dynamically
register DNS records.
What should you do?
A.
Set dynamic updates to Secure Only.
B.
Remove the Authenticated Users group.
C.
Enable zone transfers to Name Servers.
D.
Deny the Everyone group the Create All Child Objects permission.
Explanation:
Answer.Set dynamic updates to Secure Only.
http://technet.microsoft.com/en-us/library/cc753751.aspx
Allow Only Secure Dynamic Updates
Domain Name System (DNS) client computers can use dynamic update to register and dynamically update
their resource records with a DNS server whenever changes occur. This reduces the need for manual
administration of zone records, especially for clients that frequently move or change locations and use Dynamic
Host Configuration Protocol (DHCP) to obtain an IP address.
Dynamic updates can be secure or nonsecure. DNS update security is available only for zones that are
integrated into Active Directory Domain Services (AD DS). After you directory-integrate a zone, accesscontrol
list (ACL) editing features are available in DNS Manager so that you can add or remove users or groupsfrom
the ACL for a specified zone or resource record.
Further information:
http://technet.microsoft.com/en-us/library/cc771255.aspx
Understanding Dynamic Update