Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server
named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the
fabrikam.com namespace.
Solution: From Windows PowerShell on Server1, you run the Add-DnsServertrustAnchor cmdlet.
Does this meet the goal?
A.
Yes
B.
No
Explanation:
The Add-DnsServerTrustAnchor command adds a trust anchor to a DNS server. A trust anchor (or trust “point”)
is a public cryptographic key for a signed zone. Trust anchors must be configured on every non-authoritative
DNS server that will attempt to validate DNS data. Trust Anchors have no direct relation to DSSEC validation.
References:
https://technet.microsoft.com/en-us/library/jj649932.aspx https://technet.microsoft.com/en-us/library/dn593672(v=ws.11).aspx