Top MCQs of MCSA Networking with windows server 2016 Exam for both freshers and experienced candidates Page 5 -- Infibee

General Knowledge
General Aptitude
General English
Networking
Interview Questions
- .NET
- Java
- ASP.NET
- C++
- Perl
- Python
- Ruby and Rails
- Struts
- Core Java
- Hibernate
- DB2
- MS SQL Server
- MySQL
- Oracle
- SQL
- DBMS
- Data Warehousing
- Data structures and Algorithms
- CCNA
- CCNP Routing
- CCNP Switching
- Internetworking
- Border Gateway Protocol
- MCSE
- Exchange Server
- Windows Server 2008
- DNS & Active Directory
- Firewall Questions
- Unix
- Linux Server Administrator
- Linux System Administrator
- Linux File Manipulation
Database

Home
Server Administration
Windows
Networking with Windows server 2016 (70-741)

21.

You have some static A resource records on the DNSSEC-signed zone pearson.com on your Windows Server 2016 DNS server. You have enabled automatic scavenging with default settings. You notice that existing static A records are not removed through the automatic scavenge process; you must manually remove them. In the future, you want static A records to be removed through automatic scavenging. Which of the following is the best solution to accomplish this?

A.
Dnscmd /StartScavenging
B.
Add new static A records through the DNS manager
C.
Add-DNSServerResourceRecordA
D.
Unsign zone pearson.com

Answer & Explanation
Report

Answer : [C]
Explanation :

DNS records added dynamically are time stamped. Static records that you enter manually have a time stamp value of 0; therefore, they will not be affected by aging and will not be scavenged out of the database. Instead, you must remove them manually. An exception to the exception arises if you use the new Windows Server 2016 PowerShell cmdlets, such as Add-DnsServerResourceRecordPtr or Add-DNSServerResourceRecordA. These cmdlets have a parameter named AgeRecord. Using this parameter, the DNS server can use a time stamp for the record that these cmdlets add.

Report

Name

22.

You want to prevent man-in-the-middle attacks, in which an attacker corrupts the DNS cache to point to a different website and provides a certificate issued from a different CA. Which kind of record can you use for this?

A.
TSIG.
B.
RRSIG
C.
TLSA
D.
DNSKEY

Answer & Explanation
Report

Answer : [C]
Explanation :

You can use TLSA records. With Windows Server 2016 and DNSSEC, a new protocol called DANE (DNS-Based Authentication of Named Entities) enables you to securely specify exactly which TLS/SSL certificate an application or service should use to connect to your site. You can use TLSA records in four ways:
1) to specify the CA that will provide RLS certificates for the domain, 2) to specify the exact TLS certificate that should be used, 3) to specify the trust anchor to be used for validating the TLS certificate for the domain, and 4) to specify the exact TLS certificate that should be used for the domain, but without needing the TLS certificate to be signed by a valid CA (for self-signed certificates). You cannot use TSIG, RRSIG, or DNSKEY resource records to verify the CA, certificate, or trust anchor.

Report

Name

23.

You have enabled analytical event auditing on your Windows Server 2016 DNS server. You have very high DNS query rates, so your DNS server performance has decreased unacceptably. You want to disable analytical event audit tracing, to see whether this feature is the cause of the unacceptable burden. Which command should you use?

A.
Set-DnsServer Diagnostics -EnableLoggingForServerStartStop Event $true
B.
Set-DnsServerDiagnostics -DebugLogging 0x10000
C.
Stop-PefTraceSession
D.
tracelog -stop Dns

Answer & Explanation
Report

Answer : [D]
Explanation :

You can stop the analytical event tracing on the DNS server with the tracelog -stop DNS command. You cannot stop analytical event tracing on the DNS server with the Set-DnsServer Diagnostics -EnableLoggingForServerStartStopEvent $true PowerShell command because that gives you log start and stop events of the DNS server. You also cannot use Set-DnsServer Diagnostics -DebugLogging 0x10000 to stop analytical event tracing on the DNS server because that enables DNS logging for sent packages. You cannot use the PowerShell cmdlet Stop-PefTraceSession because that stops a specified trace session of the Message Analyzer utility.

Report

Name

24.

You have configured your Windows Server 2016 DHCP server with a scope of 10.0.0.0/16 and the two scope options Option 003: 10.0.0.10 and Option 006: 10.0.0.20. Some of your DHCP clients get a DNS server of 10.0.0.100 and a default gateway of 10.0.0.200 from that DHCP server. What is a possible cause?

A.
DHCP failover
B.
DHCP Policy
C.
DNS Policy
D.
DNSSEC

Answer & Explanation
Report

Answer : [B]
Explanation :

DHCP Policies are a possible cause because you can configure DHCP scope options through a DHCP Policy based on different criteria. It seems that a DHCP Policy is responsible for delivering other options to some clients. The DHCP failover feature is not the possible cause here because you have only a single DHCP server. DNS Policy also is no cause of this because you cannot deliver DHCP options through DNA Policies. With DNSSEC, you sign zones; this has nothing to do with which DHCP options a DHCP client gets.

Report

Name

25.

You use a DHCP server to automatically register client resource records on a DNS server. Which feature should you enable on your DHCP server to protect your environment from name squatting attacks?

A.
DHCP server policies
B.
DNS Policies
C.
Name Protection
D.
DNSSEC

Answer & Explanation
Report

Answer : [C]
Explanation :

You can use the Name Protection feature of the DHCP server to protect against name squatting attacks. Such conflicts happen if one client registers a name with DNS but another client is already using that name. With DHCP server policies (new Windows Server 2012 feature), you can create policies that deliver specific IP address and option information to clients based on a set of conditions. This enables you to have different types of IP devices receive addresses and other options from a subset of IP addresses in the scope range; it does not protect against such name squatting conflicts. With DNS server policies (new Windows Server 2016 feature), you can manipulate how a DNS server handles queries based on different factors.
As an example, you might create a DNS Policy to respond to queries asking for the IP address of a web server to respond with a different IP address based on the closest datacenter to the client. This differs from netmask reordering because the client does not have the same local subnet address of the web server, but the web server is closer than others from the client’s perspective. DNSSEC enables a DNS zone and all records in the zone to be signed cryptographically so that client computers can validate the DNS response. DNS is often subject to various attacks, such as spoofing and cache tampering. DNSSEC helps protect against these threats.

Report

Name

Pages
1
2
3
4
5
6
7
8
9
10