Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and east.contoso.com.
The contoso.com domain contains a domain controller named DC1. The east.contoso.com
domain contains a domain controller namedDC2. DC1 and DC2 have the DNS Server server
role installed.
You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure
that zone transfers are encrypted. What should you do?
A.
Create a primary zone on DC1 and store the zone in a zone file. Configure IPSec on DC1
and DC2. Create a secondary zone on DC2 and select DC1 as the master.
B.
Create a primary zone on DC1 and store the zone in the
DC=DomainDNSZones,DC=Contoso,DC=com naming context. Create a secondary zone on
DC2 and select DC1 as the master.
C.
Create a primary zone on DC1 and store the zone in a zone file. Configure Encrypting
File System (EFS) encryption. Create a secondary zone on DC2 and select DC1 as the
master.
D.
Create a primary zone on DC1 and store the zone in the DC=Contoso,DC=com naming
context. Create a secondary zone on DC2 and select DC1 as the master.
Explanation:
*DomainDnsZones
DNS application directory partition for each domain in the forest. DNS zones stored in this
application directory partition are replicated to all DNS servers running on domain controllers
in the domain.
It’s A. It can’t be B because they are in DIFFERENT DOMAINS, it would work if DC=ForestDomainDNSZones, AND left it. If you create as a secondary, and secondaries are not encrypted.
The answer is A.
Can’t be A, as it needs to be Encrypted , Active Directory Replication provides the encrypted data, So B is the closest to provides encryption?
It is A. A quick google search clears this up. CTRL F to find “IPSec”
https://technet.microsoft.com/en-us/library/cc781101(v=ws.10).aspx
Used to help with Zone Transfers. So yes, it is A.
If the answer has the option of IPSEC, this option is the right.