Your network contains an Active Directory domain named contoso.com. The domain contains the servers shown in the following table.
Server name Operating system Role
DC1 Windows Server 2008 Domain controller
DC2 Windows Server 2008 R2 Domain controller
DNS1 Windows Server 2008 DNS server DNS2 Windows Server 2008 R2 DNS server
The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2003.
DNS1 and DNS2 host the contoso.com zone.
All client computers run Windows 7 Enterprise.
You need to ensure that all of the names in the contoso.com zone are secured by using DNSSEC.
What should you do first()
A.Change the functional level of the forest.
B.Change the functional level of the domain.
C.Upgrade DC1 to Windows Server 2008 R2.
D.Upgrade DNS1 to Windows Server 2008 R2.
您可能感兴趣的试卷
你可能感兴趣的试题
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is configured as an Active Directory-integrated zone and is replicated to all domain controllers in the domain.
The main office contains a writable domain controller named DC1. The branch office contains a read-only domain controller (RODC) named RODC1. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
You uninstall the DNS server role from RODC1.
You need to prevent DNS records from replicating to RODC1.
What should you do()
A.Modify the replication scope for the contoso.com zone.
B.Flush the DNS cache and enable cache locking on RODC1.
C.Configure conditional forwarding for the contoso.com zone.
D.Modify the zone transfer settings for the contoso.com zone.
Your network contains an Active Directory domain named contoso.com.
You create a GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone.
The target host of the record is server2.contoso.com.
When you ping Server1, you discover that the name fails to resolve. You successfully resolve server2.contoso.com.
You need to ensure that you can resolve names by using the GlobalNames zone.
What should you do()
A.From the command prompt, use the netsh tool.
B.From the command prompt, use the dnscmd tool.
C.From DNS Manager, modify the properties of the GlobalNames zone.
D.From DNS Manager, modify the advanced settings of the DNS server.
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com.
You discover that non-domain member computers register records in the contoso.com zone.
You need to prevent the non-domain member computers from registering records in the contoso.com
zone. All domain member computers must be allowed to register records in the contoso.com zone. What should you do first()
A.Configure a trust anchor.
B.Run the Security Configuration Wizard (SCW).
C.Change the contoso.com zone to an Active Directory-integrated zone.
D.Modify the security settings of the %SystemRoot%\System32\Dns folder.
Your network contains an Active Directory forest named contoso.com.
You plan to add a new domain named nwtraders.com to the forest. All DNS servers are domain controllers.
You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest.
What should you do()
A.Add the computer accounts of all the domain controllers to the DnsAdmins group.
B.Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.
C.Create a standard primary zone on a domain controller in the forest root domain.
D.Create an Active Directory-integrated zone on a domain controller in the forest root domain.
Your network contains a domain controller that has two network connections named Internal and Private. Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5.
You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address.
What should you do()
A.Modify the netlogon.dns file on the domain controller.
B.Modify the Name Server settings of the DNS zone for the domain.
C.Modify the properties of the Private network connection on the domain controller.
D.Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2.
DC1 hosts a standard primary DNS zone for the domain. Dynamic updates are enabled on the zone. DC2 hosts a standard secondary DNS zone for the domain.
You need to configure DNS to allow only secure dynamic updates.
What should you do first()
A.On DC1 and DC2, configure a trust anchor.
B.On DC1 and DC2, configure a connection security rule.
C.On DC1, configure the zone transfer settings.
D.On DC1, configure the zone to be stored in Active Directory.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2.
Server1 is configured as an Enterprise Root certification authority (CA).
You install the Online Responder role service on Server2.
You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA.
Which two tasks should you perform()
A.Import the enterprise root CA certificate.
B.Import the OCSP Response Signing certificate.
C.Add the Server1 computer account to the CertPublishers group.
D.Set the Startup Type of the Certificate Propagation service to Automatic.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your
company uses an Enterprise Root certificate authority (CA).
You need to ensure that revoked certificate information is highly available.
What should you do()
A.Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
B.Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
C.Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
D.Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2.
You need to create multiple password policies for users in your domain.
What should you do()
A.From the Active Directory Schema snap-in, create multiple class schema objects.
B.From the ADSI Edit snap-in, create multiple Password Setting objects.
C.From the Security Configuration Wizard, create multiple security policies.
D.From the Group Policy Management snap-in, create multiple Group Policy objects.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certification authority (CA) and an Enterprise Intermediate CA. The Enterprise Intermediate CA certificate expires.
You need to deploy a new Enterprise Intermediate CA certificate to all computers in the domain.
What should you do()
A.Import the new certificate into the Intermediate Certification Store on the Enterprise Root CA server.
B.Import the new certificate into the Intermediate Certification Store on the Enterprise Intermediate CA server.
C.Import the new certificate into the Intermediate Certification Store in the Default Domain Controllers group policy object.
D.Import the new certificate into the Intermediate Certification Store in the Default Domain group policy object.
最新试题
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
You have an enterprise subordinate certification authority (CA). You have a custom certificate template that has a key length of 1,024 bits. The template is enabled for autoenrollment. You increase the template key length to 2,048 bits. You need to ensure that all current certificate holders automatically enroll for a certificate that uses the new template. Which console should you use()
You need to compact an Active Directory database on a domain controller that runs windows Server 2008 R2. What should you do()
Your network contains two Active Directory forests named contoso.com and nwtraders.com. A two-way forest trust exists between contoso.com and nwtraders.com. The forest trust is configured to use selective authentication. Contoso.com contains a server named Server1. Server1 contains a shared folder named Marketing. Nwtraders.com contains a global group named G_Marketing. The Change share permission and the Modify NTFS permissions for the Marketing folder are assignes to the G_Marketing group. Members of G_Marketing report that they cannot accesss the Marketing folder. You need to ensure that the G_Marketing members can accesss the folder from the network. What should you do()
Your network contains an Active Directory domain. All domain controller run Windows Server 2003. You replace all domain controllers with domain controllers that run Windows Server 2008 R2. You raise the functional level of the domain to Windows Server 2008 R2. You need to minimize the amount of SYSVOL replication traffic on the network. What should you do()
What should you do()
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()
Your network contains an Active Directory domain. The domain contains a group named Group1. The minimum password lenght for the domain is set to six characters. you need to ensure that the passwords for all users in Group1 are at least 10 characters long. All other users must be able to use passwords that are six characters long. What should you do first()
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()