You work as the network administrator at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com. Domain.com has its headquarters located in London and branch office located in Paris. All servers on the Domain.com network run Windows Server 2008 and all client computers run Windows Vista.
During the course of the day you receive instruction from Domain.com do design a security solution for Domain.com which is isolated from the Internet. Domain.com has additionally requested that you determine the recommendations for DNS.
What should you do? (Choose two)
A.
You should consider having Active Directory integrated zones used on the network.
B.
You should consider having secondary zones used on the network.
C.
You should consider having a private DNS infrastructure used with internal root hint servers.
D.
You should consider having secure dynamic updates used on the network.
Explanation:
In this scenario your best option would be to recommend the use of integrated Active Directory zones and a private DNS infrastructure with internal root hint servers. When the DNS infrastructure is isolated from the Internet you have to configure it with root hints. The root hints have to be pointed to the internal servers. The default Windows Server 2008 servers usually point
to the Internet’s root name servers. The Active Directory zones will supply you with extra security and fault tolerance.
Recommending the use of secure dynamic updates is incorrect. Dynamic updates should not be permitted in secure environments.
Recommending the use of secondary zones is incorrect. Secondary zones are less secure than Active Directory zones.
Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008