Shared Flashcard Set

Details

Exam 70-640 - Ch2
Chapter 2 - Domain Name System (DNS)
10
Computer Networking
Professional
08/10/2011

Additional Computer Networking Flashcards

 


 

Cards

Term
You are the network administrator for the ABC Company. Your network consists of two DNS servers named DNS1 and DNS2. The users who are configured to use DNS2 complain because they are unable to connect to Internet websites. The following table shows the configuration of both servers.

DNS1>_msdcs.abc.com/abc.com
DNS2>.(root)/_msdcs.abc.com/abc.com

The users connected to DNS2 need to be able to access the Internet. What needs to be done?

A. Build a new Active Directory Integrated zone on DNS2.
B. Delete the .(root) zone from DNS2 and configure Conditional forwarding on DNS2.
C. Delete the current cache.dns file.
D. Update your cache.dns file and root hints.
Definition
B. Because of the .(root) zone, users will not be able to access the Internet. The DNS forwarding option and DNS root hints will not be configurable. If you want your users to access the Internet, you must remove the .(root) zone.
Term
You are the network administrator for a large company that has one main site and one branch office. Your company has a single Active Directory forest, ABC.com. You have a single domain controller (ServerA) in the main site that has the DNS role installed. ServerA is configured as a primary DNS zone. You have decided to place a domain controller (ServerB) in the remote site and implement the DNS role on that server. You want to configure DNS so that if the WAN link fails, users in both sites can still update records and resolve any DNS queries. How should you configure the DNS servers?

A.Configure ServerB as a secondary DNS server. Set replication to occur every 5 minutes.
B. Configure ServerB as a stub zone.
C. Configure ServerB as an Active Directory Integrated zone and convert ServerA to an Active Directory Integrated zone.
D. Convert ServerA as an Active Directory Integrated zone and configure ServerB as a secondary zone.
Definition
C. Active Directory Integrated zones store their records in Active Directory. Since this company only has one Active Directory forest, it's the same Active Directory that both DNS servers are using. This allows ServerA to see all of the records of ServerB and ServerB to see all the records of ServerA.
Term
You are the network administrator for a midsize computer company. You have a single Active Directory forest, and your DNS servers are configured as Active Directory Integrated zones. When you look at the DNS records in Active Directory, you notice that there are many records for computers that do not exist on your domain. You want to make sure that only domain computers register with your DNS servers. What should you do to resolve this issue?

A. Set dynamic updates to None.
B. Set dynamic updates to Nonsecure and Secure.
C. Set dynamic updates to Domain Users Only.
D. Set dynamic updates to Secure Only.
Definition
D. The Secure Only option is for DNS servers that have an Active Directory Integrated zone. When a computer tries to dynamically register with DNS, the DNS server checks Active Directory to verify that the computer has an Active Directory account. If the computer that is trying to register has an account, DNS adds the host record. If the computer trying to register does not have an account, the record gets tossed away and the database is not updated.
Term
Your company consists of a single Active Directory forest. You have a Windows Server 2008 domain controller that also has the DNS role installed. You also have a Unix-based DNS server at the same location. You need to configure your Windows DNS server to allow zone transfers to the Unix-based DNS server. What should you do?

A. Enable BIND secondaries.
B. Configure the Unix machine as a stub zone.
C. Convert the DNS server to Active Directory Integrated.
D. Configure the Microsoft DNS server to forward all requests to the Unix DNS server.
Definition
A. If you need to complete a zone transfer from Microsoft DNS to a BIND (Unix) DNS server, you need to enable BIND Secondaries on the Microsoft DNS server.
Term
You are the network administrator for Stellacon Corporation. Stellacon has two trees in its Active Directory forest, stellacon.com and abc.com. Company policy does not allow DNS zone transfers between the two trees. You need to make sure that when anyone in abc.com tries to access the stellacon.com domain that all names are resolved from the stellacon.com DNS server. What should you do?

A. Create a new secondary zone in abc.com for stellacon.com.
B. Configure conditional forwarding on the abc.com DNS server for stellacon.com.
C. Create a new secondary zone in stellacon.com for abc.com.
D. Configure conditional forwarding on the stellacon.com DNS server for abc.com.
Definition
B. Conditional forwarding allows you to send a DNS query to different DNS servers based on the request. Conditional forwarding lets a DNS server on a network forward DNS queries according to the DNS domain name in the query.
Term
You are the network administrator for your organization. A new company policy states that all inbound DNS queries need to be recorded. What can you do to verify that the IT department is compliant with this new policy?

A. Enable Server Auditing-Object Access.
B. Enable DNS debug logging.
C. Enable server database query logging.
D. Enable DNS Auditing-Object Access.
Definition
B. On a Windows Server 2008 R2 DNS machine, debug logging is disabled by default. When it is enabled, you have the ability to log DNS server activity, including inbound and outbound queries, packet type, packet content, and transport protocols.
Term
You are the network administrator for a small company with two DNS servers, DNS1 and DNS2. Both DNS servers reside on domain controllers. DNS1 is set up as a standard primary zone and DNS2 is set up as a secondary zone. A new security policy was written stating that all DNS zone transfers must be encrypted. How can you implement the new security policy?

A. Enable the Secure Only setting on DNS1.
B. Enable the Secure Only setting on DNS2.
C. Configure Secure Only on the Zone Transfers tab for both servers.
D. Delete the secondary zone on DNS2. Convert both DNS servers to use Active Directory Integrated zones.
Definition
D. Active Directory Integrated zones give you many benefits over using primary and secondary zones including less network traffic, secure dynamic updates, encryption, and reliability in the event of a DNS server going down. The Secure Only option is for dynamic updates to a DNS database.
Term
You are responsible for DNS in your organization. You look at the DNS database and see a large number of older records on the server. These records are no longer valid. What should you do?

A. In the zone properties, enable Zone Aging and Scavenging.
B. In the server properties, enable Zone Aging and Scavenging.
C. Manually delete all the old records.
D. Set Dynamic Updates to None.
Definition
A. Windows Server 2008 R2 DNS supports two features called DNS Aging and DNS Scavenging. These features are used to clean up and remove stale resource records. DNS zone or DNS server aging and scavenging flags old resource records that have not been updated in a certain amount of time (determined by the scavenging interval). These stale records will be scavenged at the next cleanup interval.
Term
Your IT team has been informed by the compliance team that they need copies of the DNS Active Directory Integrated zones for security reasons. You need to give the Compliance department a copy of the DNS zone. How should you accomplish this goal?

A. Run dnscmd /zonecopy.
B. Run dnscmd /zoneinfo.
C. Run dnscmd /zoneexport.
D. Run dnscmd /zonefile.
Definition
C. The dnscmd /zoneexport command creates a file using the zone resource records. This file can be then given to the Compliance department as a copy.
Term
You are the network administrator for a Windows Server 2008 R2 network. You have multiple remote locations connected to your main office by slow satellite links. You want to install DNS into these offices so that clients can locate authoritative DNS servers in the main location. What type of DNS servers should be installed in the remote locations?

A. Primary DNS zones
B. Secondary DNS zones
C. Active Directory Integrated zones
D. Stub zones
Definition
D. Stub zones are very useful for slow WAN connections. These zones store only three types of resource records: NS records, glue host (A) records, and SOA records. These three records are used to locate authoritative DNS servers.
Supporting users have an ad free experience!