- Home
- Server Administration
- Windows
- Administering Windows server 2012 (70-411)
26.
You are the network administrator for your organization. A new company policy states
that all inbound DNS queries need to be recorded. What can you do to verify that the IT
department is compliant with this new policy?
- A.Enable Server Auditing – Object Access.
- B.Enable DNS debug logging.
- C.Enable server database query logging.
- D.Enable DNS Auditing – Object Access.
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| On a Windows Server 2012 R2 DNS machine, debug logging is disabled by default. When it is enabled, you have the ability to log DNS server activity, including inbound and outbound queries, packet type, packet content, and transport protocols. |
27.
You are the network administrator for a small company with two DNS servers: DNS1
and DNS2. Both DNS servers reside on domain controllers. DNS1 is set up as a standard
primary zone, and DNS2 is set up as a secondary zone. A new security policy was written
stating that all DNS zone transfers must be encrypted. How can you implement the new
security policy?
- A.Enable the Secure Only setting on DNS1.
- B.Enable the Secure Only setting on DNS2.
- C.Configure Secure Only on the Zone Transfers tab for both servers.
- D.Delete the secondary zone on DNS2. Convert both DNS servers to use Active Directory Integrated zones.
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Active Directory Integrated zones give you many benefits over using primary and secondary zones including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database. |
28.
You are responsible for DNS in your organization. You look at the DNS database and see a
large number of older records on the server. These records are no longer valid. What should
you do?
- A.In the zone properties, enable Zone Aging and Scavenging.
- B.In the server properties, enable Zone Aging and Scavenging.
- C.Manually delete all of the old records.
- D.Set Dynamic Updates to None.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| Windows Server 2012 R2 DNS supports two features called DNS Aging and DNS Scavenging. These features are used to clean up and remove stale resource records. DNS zone or DNS server aging and scavenging flags old resource records that have not been updated in a certain amount of time (determined by the scavenging interval). These stale records will be scavenged at the next cleanup interval. |
29.
Your IT team has been informed by the compliance team that they need copies of the DNS
Active Directory Integrated zones for security reasons. You need to give the Compliance
department a copy of the DNS zone. How should you accomplish this goal?
- A.Run dnscmd /zonecopy.
- B.Run dnscmd /zoneinfo.
- C.Run dnscmd /zoneexport.
- D.Run dnscmd /zonefile.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| The dnscmd /zoneexport command creates a file using the zone resource records. This file can then be given to the Compliance department as a copy. |
30.
You are the network administrator for a Windows Server 2012 R2 network. You have
multiple remote locations connected to your main office by slow satellite links. You want
to install DNS into these offices so that clients can locate authoritative DNS servers in the
main location. What type of DNS servers should be installed in the remote locations?
- A.Primary DNS zones
- B.Secondary DNS zones
- C.Active Directory Integrated zones
- D.Stub zones
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| Stub zones are useful for slow WAN connections. These zones store only three types of resource records: NS records, glue host (A) records, and SOA records. These three records are used to locate authoritative DNS servers. |
|
|
||||||||||||||||||||||||||||
