Note: This question is part of a series of questions that present the same scenario. Each question in the series
contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server
named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the
fabrikam.com namespace.
Solution: From Windows PowerShell on Server1, you run the Add-DnsServertrustAnchor cmdlet.
Does this meet the goal?
A.
Yes
B.
No
Explanation:
The Add-DnsServerTrustAnchor command adds a trust anchor to a DNS server. A trust anchor (or trust “point”)
is a public cryptographic key for a signed zone. Trust anchors must be configured on every non-authoritative
DNS server that will attempt to validate DNS data. Trust Anchors have no direct relation to DSSEC validation.https://technet.microsoft.com/en-us/library/jj649932.aspx
https://technet.microsoft.com/en-us/library/dn593672(v=ws.11).aspx