Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. All servers run Windows Server 2012 R2. All client
computers run Windows 8.1.
The DNS zone of adatum.com is Active Directory-integrated.
You need to implement DNSSEC to meet the following requirements:
Ensure that the zone is signed.
Ensure that the zone signing key (ZSK) changes every 30 days.
Ensure that the key signing key (KSK) changes every 365 days.
What should you do? To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may
need to drag the split bar between panes or scroll to view content.
Select and Place:
Explanation:
* Invoke-DnsServerZoneSign
The Invoke-DnsServerZoneSign cmdlet signs a Domain Name System (DNS) server zone.
* Add-DnsServerSigningKey
The Add-DnsServerSigningKey cmdlet adds a Key Signing Key (KSK) or Zone Signing Key (ZSK) key to a Domain Name System (DNS) signed zone.
1. https://technet.microsoft.com/en-us/itpro/powershell/windows/dnsserver/invoke-dnsserverzonesign
2 & 3. https://technet.microsoft.com/en-us/itpro/powershell/windows/dnsserver/add-dnsserversigningkey
Correct
wrong
Invoke-DnsServerZoneSign
Enable-DnsServerSigningKeyRollover
Enable-DnsServerSigningKeyRollover