You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit. (Click the Exhibit button.)
You discover that stale resource records are not automatically removed from the contoso.com zone. You need to ensure that the stale resource records are automatically removed from the contoso.com zone.
What should you do()
A.Set the scavenging period of Server1 to 0 days.
B.Modify the Server Aging/Scavenging properties.
C.Configure the aging properties for the contoso.com zone.
D.Convert the contoso.com zone to an Active Directory-integrated zone.
您可能感兴趣的试卷
你可能感兴趣的试题
Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain.
You need to reduce how long it takes until stale records are deleted from the zone.
What should you do()
A.From the configuration directory partition of the forest, modify the tombstone lifetime.
B.From the configuration directory partition of the forest, modify the garbage collection interval.
C.From the aging properties of the zone, modify the no-refresh interval and the refresh interval.
D.From the start of authority (SOA) record of the zone, modify the refresh interval and the expire interval.
Your network contains an Active Directory domain named contoso.com. The domain contains the servers shown in the following table:
Server name Operating system Role
DC1 Windows Server 2008 Domain controller DC2 Windows Server 2008 R2 Domain controller DNS1 Windows Server 2008 DNS server DNS2 Windows Server 2008 R2 DNS server
The functional level of the forest is Windows Server 2003. The functional level of the domain is Windows Server 2003.
DNS1 and DNS2 host the contoso.com zone. All client computers run Windows 7 Enterprise.
You need to ensure that all of the names in the contoso.com zone are secured by using DNSSEC.
What should you do first()
A.Change the functional level of the forest.
B.Change the functional level of the domain.
C.Upgrade DC1 to Windows Server 2008 R2.
D.Upgrade DNS1 to Windows Server 2008 R2.
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The DNS zone for contoso.com is configured as an Active Directory-integrated zone and is replicated to all domain controllers in the domain.
The main office contains a writable domain controller named DC1. The branch office contains a read- only domain controller (RODC) named RODC1. All domain controllers run Windows Server
2008 R2 and are configured as DNS servers.
You uninstall the DNS server role from RODC1. You need to prevent DNS records from replicating to RODC1.
What should you do()
A.Modify the replication scope for the contoso.com zone.
B.Flush the DNS cache and enable cache locking on RODC1.
C.Configure conditional forwarding for the contoso.com zone.
D.Modify the zone transfer settings for the contoso.com zone.
Your network contains an Active Directory domain named contoso.com. You create a
GlobalNames zone. You add an alias (CNAME) resource record named Server1 to the zone. The target host of the record is server2.contoso.com. When you ping Server1, you discover that the name fails to resolve.
You successfully resolve server2.contoso.com. You need to ensure that you can resolve names by using the GlobalNames zone.
What should you do()
A.From the command prompt, use the netsh tool.
B.From the command prompt, use the dnscmd tool.
C.From DNS Manager, modify the properties of the GlobalNames zone.
D.From DNS Manager, modify the advanced settings of the DNS server.
Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1. DC1 hosts a standard primary zone for contoso.com.
You discover that non-domain member computers register records in the contoso.com zone. You need to prevent the non-domain member computers from registering records in the contoso.com zone. All domain member computers must be allowed to register records in the contoso.com zone.
What should you do first()
A.Configure a trust anchor.
B.Run the Security Configuration Wizard (SCW).
C.Change the contoso.com zone to an Active Directory-integrated zone.
D.Modify the security settings of the %SystemRoot%\System32\Dns folder.
Your network contains an Active Directory forest named contoso.com. You plan to add a new domain named nwtraders.com to the forest. All DNS servers are domain controllers.
You need to ensure that the computers in nwtraders.com can update their Host (A) records on any of the DNS servers in the forest.
What should you do()
A.Add the computer accounts of all the domain controllers to the DnsAdmins group.
B.Add the computer accounts of all the domain controllers to the DnsUpdateProxy group.
C.Create a standard primary zone on a domain controller in the forest root domain.
D.Create an Active Directory-integrated zone on a domain controller in the forest root domain.
Your network contains a domain controller that has two network connections named Internal and Private. Internal has an IP address of 192.168.0.20. Private has an IP address of 10.10.10.5.
You need to prevent the domain controller from registering Host (A) records for the 10.10.10.5 IP address.
What should you do()
A.Modify the netlogon.dns file on the domain controller.
B.Modify the Name Server settings of the DNS zone for the domain.
C.Modify the properties of the Private network connection on the domain controller.
D.Disable netmask ordering on the DNS server that hosts the DNS zone for the domain.
Your network contains an Active Directory domain. The domain contains two domain controllers named DC1 and DC2.
DC1 hosts a standard primary DNS zone for the domain. Dynamic updates are enabled on the zone. DC2 hosts a standard secondary DNS zone for the domain.
You need to configure DNS to allow only secure dynamic updates.
What should you do first()
A.On DC1 and DC2, configure a trust anchor.
B.On DC1 and DC2, configure a connection security rule.
C.On DC1, configure the zone transfer settings.
D.On DC1, configure the zone to be stored in Active Directory.
You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an Enterprise Root certification authority (CA). You install the Online Responder role service on Server2.
You need to configure Server2 to issue certificate revocation lists (CRLs) for the enterprise root CA.
Which two tasks should you perform()
A.Import the enterprise root CA certificate.
B.Import the OCSP Response Signing certificate.
C.Add the Server1 computer account to the CertPublishers group.
D.Set the Startup Type of the Certificate Propagation service to Automatic.
Your company has an Active Directory domain. You have a two-tier PKI infrastructure that contains an offline root CA and an online issuing CA. The Enterprise certification authority is running Windows Server 2008 R2.
You need to ensure users are able to enroll new certificates.
What should you do()
A.Renew the Certificate Revocation List (CRL) on the root CA . Copy the CRL to the CertEnroll folder on the issuing C
B.Renew the Certificate Revocation List (CRL) on the issuing CA . Copy the CRL to the SystemCertificates folder in th
C.Import the root CA certificate into the Trusted Root Certification Authorities store on all client workstations.
D.Import the issuing CA certificate into the Intermediate Certification Authorities store on all client workstations.
最新试题
Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table. All client computers run Windows 7. You need to ensure that all client computers in the domain keep the same time as an external time server. What should you do()
Your network contains an Active Directory forest. All domain controllers run Windows Server 2008 Standard. The functional level of the domain is Windows Server 2003. You have a certification authority (CA). The relevant servers in the domain are configured as shown in the following table: Server name Operating system Server role Server1 Windows Server 2003 Enterprise root CA Server2 Windows Server 2008 Enterprise subordinate CA Server3 Windows Server 2008 R2 Web Server You need to ensure that you can install the Active Directory Certificate Services (AD CS) Certificate Enrollment Web Service on the network. What should you do()
You create a new Active Directory domain. The functional level of the domain is Windows Server 2003. The domain contains five domain controllers that run Windows Server 2008 R2. You need to monitor the replication of the group policy template files. Which tool should you use()
Active Directory Rights Management Services (AD RMS) is deployed on your network. You need to configure AD RMS to use Kerberos authentication. Which two actions should you perform()
Your network contains an Active Directory forest. The forest contains an Acitve Directory site for a remote office. The remote site contains a read-only domain controller (RODC). You need to configure the RODC to store only the password of users in the remote site. What should you do()
Your company has four offices. The network contains a single Active Directory domain. Each office has domain controller. Each office has an organitational unit (OU) that contains the user accounts for the users in that office. In each office, support technicians perform basic troubleshooting for the users in their respective office. You need to ensure that the support technicians can reset the password for the user accounts in their respective office only. The solution must prevent the thechnicians from creating user accounts. What shoul you do()
Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You add a logoff script to an existing Group Policy object (GPO). You need to verify that each domain controller successfully replicates the updated group policy. Which two objects should you verify on each domain controller()
Your network contains an Active Directory forest. The forest contains two domains. You have a standalone root certification authority (CA). On a server in the child domain, you run the Add Roles Wizard and discover that the option to select an enterprise CA is disabled. You need to install an enterprise subordinate CA on the server. What should you use to log on to the new server()
Your network contains three Active Directory forest named Forest1, Forest2, and Forest3. Each forest contains three domains. A two-way forest trust exists between Forest1 and Forest2. A two-way forest trust exists between Forest2 and Forest3. You need to configure the forest to meet the following requirements Users in Forest3 must be able to access resources in Forest1. Users in Forest1 must be able to access resources in Forest3. The number of trusts must be minimized. What should you do()
You install a standalone root certification authority (CA) on a server named Server1. You need to ensure that every computer in the forest has a copy of the root CA certificate installed in the local computer’s Trusted Root Certification Authorities store. Which command should you run on Server1()