Your company has an Active Directory domain named contoso.com. The company network has two
DNS servers named DNS1 and DNS2.
The DNS servers are configured as shown in the following table.
DNS1 DNS2
_msdcs.contoso.com contoso.com .(root)
_msdcs.contoso.com
contoso.com
Domain users, who are configured to use DNS2 as the preferred DNS server, are unable to connect to Internet Web sites.
You need to enable Internet name resolution for all client computers.
What should you do()
A.Create a copy of the .(root) zone on DNS1.
B.Update the list of root hints servers on DNS2.
C.Update the Cache.dns file on DNS2. Configure conditional forwarding on DNS1.
D.Delete the .(root) zone from DNS2. Configure conditional forwarding on DNS2.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has a main office and five branch offices that are connected by WAN links. The company has an Active Directory domain named contoso.com.
Each branch office has a member server configured as a DNS server. All branch office DNS servers host a secondary zone for contoso.com.
The safer , easier way to help you pass any IT exams. 7 / 90
You need to configure the contoso.com zone to resolve client queries for at least four days in the event that a WAN link fails. What should you do()
A.Configure the Expires after option for the contoso.com zone to 4 days.
B.Configure the Retry interval option for the contoso.com zone to 4 days.
C.Configure the Refresh interval option for the contoso.com zone to 4 days.
D.Configure the Minimum (default) TTL option for the contoso.com zone to 4 days.
Your company has a main office and a branch office. The company has a single-domain Active Directory forest.
The main office has two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. The branch office has a Windows Server 2008 R2 read-only domain controller (RODC) named DC3.
All domain controllers hold the DNS Server server role and are configured as Active Directory-integrated zones. The DNS zones only allow secure updates. You need to enable dynamic DNS updates on DC3. What should you do()
A.Run the Ntdsutil.exe DS Behavior commands on DC3.
B.Run the Dnscmd.exe /ZoneResetType command on DC3.
C.Reinstall Active Directory Domain Services on DC3 as a writable domain controller.
D.Create a custom application directory partition on DC1. Configure the partition to store Active Directory-integrated zones.
Your company has two domain controllers that are configured as internal DNS servers. All zones on The safer , easier way to help you pass any IT exams. 6 / 90
the DNS servers are Active Directory-integrated zones. The zones allow all dynamic updates.
You discover that the contoso.com zone has multiple entries for the host names of computers that do not exist.
You need to configure the contoso.com zone to automatically remove expired records. What should you do()
A.Enable only secure updates on the contoso.com zone.
B.Enable scavenging and configure the refresh interval on the contoso.com zone.
C.From the Start of Authority tab, decrease the default refresh interval on the contoso.com zone.
D.From the Start of Authority tab, increase the default expiration interval on the contoso.com zone.
Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.
The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office.
DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.
You install a new domain controller named DC2 in the branch office. You install DNS on DC2.
You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.
What should you do()
A.Create a new stub zone named ad.contoso.com on DC2.
B.Configure the DNS server on DC2 to forward requests to DC1.
C.Create a new secondary zone named ad.contoso.com on DC2.
D.Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
Your network contains a server that runs Windows Server 2008 R2. The server is configured as an
enterprise root certification authority (CA).
You have a Web site that uses x.509 certificates for authentication. The Web site is configured to use a
many-to-one mapping.
You revoke a certificate issued to an external partner.
You need to prevent the external partner from accessing the Web site. What should you do()
A.Run certutil.exe -crl.
B.Run certutil.exe -delkey.
C.From Active Directory Users and Computers, modify the membership of the IIS_IUSRS group.
D.From Active Directory Users and Computers, modify the Contact object for the external partner.
You add an Online Responder to an Online Responder Array.
You need to ensure that the new Online Responder resolves synchronization conflicts for all members of the Array.
What should you do()
A.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 1.
B.From Network Load Balancing Manager, set the priority ID of the new Online Responder to 32.
C.From the Online Responder Management Console, select the new Online Responder, and then select Set as Array Controller.
D.From the Online Responder Management Console, select the new Online Responder, and then select Synchronize Members with Array Controller.
You have an enterprise subordinate certification authority (CA). The CA issues smart card logon certificates.
Users are required to log on to the domain by using a smart card.
Your companys corporate security policy states that when an employee resigns, his ability to log on to the network must be immediately revoked.
An employee resigns.
You need to immediately prevent the employee from logging on to the domain. What should you do()
A.Revoke the employees smart card certificate.
B.Disable the employees Active Directory account.
C.Publish a new delta certificate revocation list (CRL).
D.Reset the password for the employees Active Directory account.
A.Run syskey.exe and use the Update option. T.he safer ,easier way to help you pass any IT exams. 4 / 90
B.Run sigverif.exe and use the Advanced option.
C.Run certutil.exe and specify the -verify parameter.
D.Run certreq.exe and specify the -retrieve parameter.
You have a server named Server1 that has the following Active Directory Certificate Services (AD CS)
role services installed:
( Enterprise root certification authority (CA)
.Certificate Enrollment Web Service
.Certificate Enrollment Policy Web Service
You create a new certificate template.
External users report that the new template is unavailable when they request a new certificate. You verify that all other templates are available to the external users.
You need to ensure that the external users can request certificates by using the new template. What should you do on Server1()
A.Run iisreset.exe /restart.
B.Run gpupdate.exe /force.
C.Run certutil.exe dspublish.
D.Restart the Active Directory Certificate Services service.
our network contains two Active Directory forests named contoso.com and adatum.com. The functional level of both forests is Windows Server 2008 R2. Each forest contains one domain. Active Directory Certificate Services (AD CS) is configured in the contoso.com forest to allow sers from
The safer , easier way to help you pass any IT exams. 3 / 90
both forests to automatically enroll user certificates.
You need to ensure that all users in the adatum.com forest have a user certificate from the contoso.com
certification authority (CA).
What should you configure in the adatum.com domain()
A.From the Default Domain Controllers Policy, modify the Enterprise Trust settings.
B.From the Default Domain Controllers Policy, modify the Trusted Publishers settings.
C.From the Default Domain Policy, modify the Certificate Enrollment policy.
D.From the Default Domain Policy, modify the Trusted Root Certification Authority settings.
最新试题
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
You have an enterprise subordinate certification authority (CA). The CA is configured to use a hardware security module. You need to back up Active Directory Certificate Services on the CA. Which command should you run()
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each domain controller successfully replicates the updated group policy. Which two objects should you verify on each domain controller()
You have an enterprise subordinate certification authority (CA) configured for key archival. Three key recovery agent certificates are issued. The CA is configured to use two recovery agents. You need to ensure that all of the recovery agent certificates can be used to recover all new private keys. What should you do()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
Your network contains an Active Directory domain that contains five domain controllers. You have a management computer that runs Windows 7. From the Windows 7 computer, you need to view all account logon failures that occur in the domain. The information must be consolidated on one list. Which command should you run on each domain controller()
Your network contain 10 domain controller that run Windows Server R2. The network contain a member server that is configured to collect all of events that occur on the domain controllers. Your need to ensure that administrators are notified when a specific event occurs on any of the domain controllers. You want to achive the goal by using the minimum amount effort. What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()