Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is configured as an Active Directory-integrated zone and is replicated to all domain controllers in the domain.
The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named RODC1. All domain controllers run Windows Server
2008 R2 and are configured as DNS servers.
You uninstall the DNS server role from RODC1. You need to prevent DNS records from replicating to RODC1.
What should you do()
A.Modify the replication scope for the contoso.com zone.
B.Flush the DNS cache and enable cache locking on RODC1.
C.Configure conditional forwarding for the contoso.com zone.
D.Modify the zone transfer settings for the contoso.com zone.
您可能感兴趣的试卷
你可能感兴趣的试题
Your network contains an Active Directory domain named contoso.com. You create a
GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com. When you ping Server1, you discover that the name fails to resolve.
You successfully resolve server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone.
What should you do()
A.From the command prompt, use the netsh tool.
B.From the command prompt, use the dnscmd tool.
C.From DNS Manager, modify the properties of the GlobalNames zone.
D.From DNS Manager, modify the advanced settings of the DNS server.
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com.
You discover that non-domain member computers register records in the contoso.com zone. You need to prevent the non-domain member computers from registering records in the contoso.com zone. All domain member computers must be allowed to register records in the contoso.com zone.
What should you do first()
A.Configure a trust anchor.
B.Run the Security Configuration Wizard (SCW).
C.Change the contoso.com zone to an Active Directory-integrated zone.
D.Modify the security settings of the %SystemRoot%\System32\Dns folder.
Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named nwtraders.com to the forest. All DNS servers are domain controllers.
You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest.
What should you do()
A.Add the computer accounts of all the domain controllers to the DnsAdmins group.
B.Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.
C.Create a standard primary zone on a domain controller in the forest root domain.
D.Create an Active Directory-integrated zone on a domain controller in the forest root domain.
Your network contains a domain controller that has two network connections named Internal and Private. Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5.
You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address.
What should you do()
A.Modify the netlogon.dns file on the domain controller.
B.Modify the Name Server settings of the DNS zone for the domain.
C.Modify the properties of the Private network connection on the domain controller.
D.Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2.
DC1 hosts a standard primary DNS zone for the domain. Dynamic updates are enabled on the zone. DC2 hosts a standard secondary DNS zone for the domain.
You need to configure DNS to allow only secure dynamic updates.
What should you do first()
A.On DC1 and DC2, configure a trust anchor.
B.On DC1 and DC2, configure a connection security rule.
C.On DC1, configure the zone transfer settings.
D.On DC1, configure the zone to be stored in Active Directory.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2.
You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA.
Which two tasks should you perform()
A.Import the enterprise root CA certificate.
B.Import the OCSP Response Signing certificate.
C.Add the Server1 computer account to the CertPublishers group.
D.Set the Startup Type of the Certificate Propagation service to Automatic.
Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2.
You need to ensure users are able to enroll new certificates.
What should you do()
A.Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing C
B.Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in th
C.Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.
Your company has an Active Directory domain. All servers run Windows Server 2008 R2.
Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available.
What should you do()
A.Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
B.Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration S
C.Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
D.Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2.
You need to create multiple password policies for users in your domain.
What should you do()
A.From the Active Directory Schema snap-in, create multiple class schema objects.
B.From the ADSI Edit snap-in, create multiple Password Setting objects.
C.From the Security Configuration Wizard, create multiple security policies.
D.From the Group Policy Management snap-in, create multiple Group Policy objects.
Your company has an Active Directory domain.
You plan to install the Active Directory Certificate Services (AD CS) server role on a member server that runs Windows Server 2008 R2.
You need to ensure that members of the Account Operators group are able to issue smartcard credentials. They should not be able to revoke certificates.
Which three actions should you perform()
A.Install the AD CS server role and configure it as an Enterprise Root CA .
B.Install the AD CS server role and configure it as a Standalone CA .
C.Restrict enrollment agents for the Smartcard logon certificate to the Account Operator group.
D.Restrict certificate managers for the Smartcard logon certificate to the Account Operator group.
E.Create a Smartcard logon certificate.
F.Create an Enrollment Agent certificate.
最新试题
You need to receive an e-mail message whenever a domain user account is locked out. Which tool should you use()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2008 R2. The domain contains five domain controllers. You need to monitor the replication of the group policy template files. Which tool should you use()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()
Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computer run Windows 7. From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO). You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers. You need to ensure that the audit policy is applied to all member servers and all client computers. What should you do()
Your network contains an Active Directory domain. The domain contains 1000 user accounts. You have a list that contains the mobile phone number of each user You need to add the mobile number of each user to Active Directory. What should you do()
Your network contains an Active Directory domain. A user named User1 takes a leave of absence for one year. You need to restrict access to the User1 user account while User1 is away. What should you do()
Your network contains an Active Directory domain named contoso.com. Contoso.com contains three servers.The servers are configure as shown in the following table. Server name Server roel Service Server1 Certification authority (CA) Server2 Certificate Enrollment Web Service Server3 Certificate Enrollment Policy Web Service You need to ensure that users can manually enroll and renew their certificates by using the Certificate Enrollment Web Service. Which two actions should you perform()
You have a domain controller named Server1 that runs Windows Server 2008 R2. You need to determine the size of the Active Directory database on Server1. What should you do()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()
What should you do()