Question 1
Question
You are the network administrator for the ABC Company. Your network consists of two DNS servers named DNS1 and DNS2. The users who are configured to use DNS2 complain because they are unable to connect to Internet websites. The following table shows the configuration of both servers.
DNS1>_msdcs.abc.com/abc.com
DNS2>.(root)/_msdcs.abc.com/abc.com
The users connected to DNS2 need to be able to access the Internet. What needs to be done?
Answer
-
Build a new Active Directory Integrated zone on DNS2.
-
Delete the .(root) zone from DNS2 and configure Conditional forwarding on DNS2.
-
Delete the current cache.dns file.
-
Update your cache.dns file and root hints.
Question 2
Question
You are the network administrator for a large company that has one main site and one branch office. Your company has a single Active Directory forest, ABC.com. You have a single domain controller (ServerA) in the main site that has the DNS role installed. ServerA is configured as a primary DNS zone. You have decided to place a domain controller (ServerB) in the remote site and implement the DNS role on that server. You want to configure DNS so that if the WAN link fails, users in both sites can still update records and resolve any DNS queries. How should you configure the DNS servers?
Answer
-
Configure ServerB as a secondary DNS server. Set replication to occur every 5 minutes.
-
Configure ServerB as a stub zone.
-
Configure ServerB as an Active Directory Integrated zone and convert ServerA to an Active Directory Integrated zone.
-
Convert ServerA as an Active Directory Integrated zone and configure ServerB as a secondary zone.
Question 3
Question
You are the network administrator for a midsize computer company. You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain. You want to make sure that only domain computers register with your DNS servers. What should you do to resolve this issue?
Answer
-
Set dynamic updates to None.
-
Set dynamic updates to Nonsecure and Secure.
-
Set dynamic updates to Domain Users Only.
-
Set dynamic updates to Secure Only.
Question 4
Question
Your company consists of a single Active Directory forest. You have a Windows Server 2008 domain controller that also has the DNS role installed. You also have a Unix-based DNS server at the same location. You need to configure your Windows DNS server to allow zone transfers to the Unix-based DNS server. What should you do?
Answer
-
Enable BIND secondaries.
-
Configure the Unix machine as a stub zone.
-
Convert the DNS server to Active Directory Integrated.
-
Configure the Microsoft DNS server to forward all requests to the Unix DNS server.
Question 5
Question
You are the network administrator for Stellacon Corporation. Stellacon has two trees in its Active Directory forest, stellacon.com and abc.com. Company policy does not allow DNS zone transfers between the two trees. You need to make sure that when anyone in abc.com tries to access the stellacon.com domain that all names are resolved from the stellacon.com DNS server. What should you do?
Answer
-
Create a new secondary zone in abc.com for stellacon.com.
-
Configure conditional forwarding on the abc.com DNS server for stellacon.com.
-
Create a new secondary zone in stellacon.com for abc.com.
-
Configure conditional forwarding on the stellacon.com DNS server for abc.com.
Question 6
Question
You are the network administrator for your organization. A new company policy states that all inbound DNS queries need to be recorded. What can you do to verify that the IT department is compliant with this new policy?
Answer
-
Enable Server Auditing-Object Access.
-
Enable DNS debug logging.
-
Enable server database query logging.
-
Enable DNS Auditing-Object Access.
Question 7
Question
You are the network administrator for a small company with two DNS servers, DNS1 and DNS2. Both DNS servers reside on domain controllers. DNS1 is set up as a standard primary zone and DNS2 is set up as a secondary zone. A new security policy was written stating that all DNS zone transfers must be encrypted. How can you implement the new security policy?
Answer
-
Enable the Secure Only setting on DNS1.
-
Enable the Secure Only setting on DNS2.
-
Configure Secure Only on the Zone Transfers tab for both servers.
-
Delete the secondary zone on DNS2. Convert both DNS servers to use Active Directory Integrated zones.
Question 8
Question
Active Directory Integrated zones give you many benefits over using primary and secondary zones including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database.
Answer
-
In the zone properties, enable Zone Aging and Scavenging.
-
In the server properties, enable Zone Aging and Scavenging.
-
Manually delete all the old records.
-
Set Dynamic Updates to None.
Question 9
Question
Your IT team has been informed by the compliance team that they need copies of the DNS Active Directory Integrated zones for security reasons. You need to give the Compliance department a copy of the DNS zone. How should you accomplish this goal?
Answer
-
Run dnscmd /zonecopy.
-
Run dnscmd /zoneinfo.
-
Run dnscmd /zoneexport.
-
Run dnscmd /zonefile.
Question 10
Question
You are the network administrator for a Windows Server 2012 R2 network. You have multiple remote locations connected to your main office by slow satellite links. You want to install DNS into these offices so that clients can locate authoritative DNS servers in the main location. What type of DNS servers should be installed in the remote locations?
Question 11
Question
You are the systems administrator of a large organization that has recently implemented Windows Server 2008 R2. You have a few remote sites that do not have very tight security. You have decided to implement read-only domain controllers (RODC). What forest and function levels does the network need for you to do the install? (Choose all that apply.)
Answer
-
Windows 2000 Mixed
-
Windows 2008 R2
-
Windows 2003
-
Windows 2008
Question 12
Question
What is the maximum number of domains that a Windows Server 2008 R2 computer, configured as a domain controller, may participate in at one time?
Answer
-
0
-
1
-
2
-
Any number of domains
Question 13
Question
A systems administrator is trying to determine which filesystem to use for a server that will become a Windows Server 2008 file server and domain controller. His company's requirements include the following:
- The filesystem must allow for file-level security from within Windows 2008 Server.
- The filesystem must make efficient use of space on large partitions.
- The domain controller SYSVOL must be stored on the partition.
Which of the following filesystems meets these requirements?
Question 14
Question
For security reasons, you have decided that you must convert the system partition on your Windows Server 2008 R2 from the FAT32 filesystem to NTFS. Which of the following steps must you take in order to convert the filesystem? (Choose two.)
Answer
-
Run the command CONVERT /FS:NTFS from the command prompt.
-
Rerun Windows Server 2008 R2 Setup and choose to convert the partition to NTFS during the reinstallation.
-
Boot Windows Server 2008 R2 Setup from the installation CD-ROM and choose Rebuild File System.
-
Reboot the computer.
Question 15
Question
Windows Server 2008 R2 requires the use of which of the following protocols or services in order to support Active Directory? (Choose two.)
Answer
-
DHCP
-
TCP/IP
-
NetBEUI
-
IPX/SPX
-
DNS
Question 16
Question
You are promoting a Windows Server 2008 R2 computer to an Active Directory domain controller for test purposes. The new domain controller will be added to an existing domain. While you are using the Active Directory Installation Wizard, you receive an error message that prevents the server from being promoted. Which of the following might be the cause of the problem? (Choose all that apply.)
Answer
-
The system does not contain an NTFS partition on which the SYSVOL directory can be created.
-
You do not have a Windows Server 2008 R2 DNS server on the network.
-
The TCP/IP configuration on the new server is incorrect.
-
The domain has reached its maximum number of domain controllers.
Question 17
Question
You have one Active Directory forest in your organization that contains one domain named Stellacon.com. You have two domain controllers configured with the DNS role installed. There are two Active Directory Integrated zones named stellacon.com and stellatest.com. One of your IT members (who is not an administrator) needs to be able to modify the Stellacon.com DNS server, but you need to prevent this user from modifying the Stellatest.com SOA record. How do you accomplish this?
Answer
-
Modify the permissions of stellacon.com zone from the DNS Manager snap-in.
-
Modify the permissions of stellatest.com zone from the DNS Manager snap-in.
-
Run the Delegation of Control Wizard in Active Directory.
-
Run the Delegation of Control Wizard in the DNS snap-in.