- Home
- Server Administration
- Windows
- Networking with Windows server 2016 (70-741)
11.
You want to get information about DNS request types and DNS query packet content. What kind of DNS logging do you need to enable to get that information?
- A.DNS server log
- B.Debug logging
- C.Analytic event logging
- D.DNS monitoring
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| When you enable debug logging, you get information about the DNS request types and DNS query packet content. Debug logging is disabled by default on a Window Server 2016 DNS server. As in earlier versions, a Windows Server 2016 DNS server maintains a DNS server log. You can view the DNS server events in the Event Viewer in the Applications and Service Logs folder. It records common events such as Start/Stop DNS Service, Change DNS Configuration Settings, background loading, and zone signing events. You do not have to enable analytic event logging to get the requested information. DNS server analytic events enable you to track activity on the DNS server. An analytic event gets logged every time the server sends or receives DNS information. You can view Windows Server 2016 DNS analytic and debug logs in the Event Viewer. DNS monitoring does not deliver DNS request types and query packet contents. |
12.
You are responsible for the administration of your Windows Server 2016 DNS server, which is installed on a domain controller as an AD-integrated DNS server. Paul, a new employee, also needs full administrative rights for the DNS server. Which security group must he become a member of?
- A.DomainAdmins
- B.DNSAdmins
- C.Administrators
- D.DNSUpdateProxy
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Paul must become a member of the security group DNSAdmins because he needs administrative permissions to manage only the DNS server. If you add him to the Domain Admins security group, he gets too-broad permissions. If you add him to the Administrators security group, he gets local administrator permissions. If you add him to the DNSUpdateProxy security group, he cannot manage the DNS server. |
13.
Which of the following is part of a Windows Server 2016 stub zone? (Choose two.)
- A.The IP of one or more master servers that you can use to update the zone
- B.Resource records not contained in a DNS server’s zone
- C.A cache of domain names and their associated IP addresses for the most common domains that the organization uses or accesses
- D.Requests for all Internet names forwarded to a DNS server at an ISP
- E.The delegated zone’s SOA record, NS record, and A record
- Answer & Explanation
- Report
Answer : [A, E]
Explanation :
Explanation :
| A stub zone hosts only the SOA record, NS record, and A record of authoritative DNS servers of a zone. In a stub zone, you have listed master DNS servers from a zone, and you can find the IP addresses of those master servers. You need this information to know about these DNS servers so that you can configure forwarding to them. Client resource records and records from other servers, such as mail servers and file servers, are not transferred to a stub zone. |
14.
You have less DNS zone security after you have used the ConvertTo-DnsServerPrimaryZone PowerShell cmdlet to convert an AD-integrated zone to a file-based DNS zone. Which statement about file-based DNS zones is not correct?
- A.A file-based DNS zone can use the secure dynamic update feature.
- B.A file-based DNS zone cannot use DNSSEC.
- C.Records in a file-based DNS zone have fewer security settings.
- D.File-based DNS zones data can be protected with NTFS.
- Answer & Explanation
- Report
Answer : [A]
Explanation :
Explanation :
| With a file-based DNS zone, you cannot use the secure dynamic update feature. This is not correct. All other answers are correct. |
15.
You are managing a Windows Server 2008 R2 domain named pearson.com (productive domain). All domain controllers are Windows Server 2008 R2 with a DNS server role and AD-integrated DNS zones. You want to perform a step-by-step migration from this existing domain to a newly created empty forest root domain (future domain) with the same domain name. You have installed the Windows Server 2016 forest root domain controller of the future domain (including DNS server role with the AD-integrated zone pearson.com). You want to migrate all DNS zone data from the zone pearson.com (productive domain) to the forest root DNS server (future domain) so that this DNS server is authoritative for that zone and DNS data is saved in the Active Directory of the future domain. This has to be done with the least administrative effort. Which configuration steps are the best option?
- A.Create a forest trust between the productive and future domain. Replicate DNS data through Active Directory.
- B.Create a stub zone on the DNS server of the future domain. Convert the stub zone to primary. (Store the zone in Active Directory.)
- C.Activate a zone transfer on the DNS server of the productive domain for pearson.com. Configure the DNS server in the future domain as the secondary DNS server.
- D.Convert the zone type of pearson.com from AD-integrated to primary without Active Directory. Copy the zone file to the %systemroot% \system32\dns folder of the DNS server of the future domain. Create a new primary zone on that DNS server and select Use This Existing File. Change the zone type to primary. (Store the zone in Active Directory.)
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| You simply can copy the zone file from the DNS server of the productive domain to the DNS server of the future domain and import that file. You can select the zone file in DNS manager only if you copy it to the %systemroot%\system32\dns folder of that DNS server. When you create a forest trust between the two forests, you still cannot replicate Active Directory data between the forests. No option exists for replicating this through different forests. When you create a stub zone on the DNS server of the future domain, you lose all DNS records except SOA, NS, and A records of DNS servers. All resource records of all other servers and clients are not transferred to a stub zone. When you convert the stub zone to a primary zone, you do not have all the DNS data of pearson.com as in the productive domain. When you transfer the DNS data of pearson.com to a secondary DNS server, this server is not authoritative for the zone; instead, the zone in the future domain then is read only and DNS data is not saved in Active Directory. |
|
|
||||||||||||||||||||||||||||
