You need to create a DNS zone that is available on DC1 and DC2

Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and east.contoso.com.
The contoso.com domain contains a domain controller named DC1. The east.contoso.com
domain contains a domain controller namedDC2. DC1 and DC2 have the DNS Server server
role installed.
You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure
that zone transfers are encrypted. What should you do?

Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and east.contoso.com.
The contoso.com domain contains a domain controller named DC1. The east.contoso.com
domain contains a domain controller namedDC2. DC1 and DC2 have the DNS Server server
role installed.
You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure
that zone transfers are encrypted. What should you do?

A.
Create a primary zone on DC1 and store the zone in a zone file. Configure IPSec on DC1
and DC2. Create a secondary zone on DC2 and select DC1 as the master.

B.
Create a primary zone on DC1 and store the zone in the
DC=DomainDNSZones,DC=Contoso,DC=com naming context. Create a secondary zone on
DC2 and select DC1 as the master.

C.
Create a primary zone on DC1 and store the zone in a zone file. Configure Encrypting
File System (EFS) encryption. Create a secondary zone on DC2 and select DC1 as the
master.

D.
Create a primary zone on DC1 and store the zone in the DC=Contoso,DC=com naming
context. Create a secondary zone on DC2 and select DC1 as the master.

Explanation:
*DomainDnsZones
DNS application directory partition for each domain in the forest. DNS zones stored in this
application directory partition are replicated to all DNS servers running on domain controllers
in the domain.



Leave a Reply 4

Your email address will not be published. Required fields are marked *


Tony

Tony

It’s A. It can’t be B because they are in DIFFERENT DOMAINS, it would work if DC=ForestDomainDNSZones, AND left it. If you create as a secondary, and secondaries are not encrypted.

The answer is A.

Bruno Silva

Bruno Silva

If the answer has the option of IPSEC, this option is the right.