HOTSPOT
Your network contains an Active Directory domain named adatum.com. All servers run
Windows Server 2012 R2. All domain controllers have the DNS Server server role installed.
You have a domain controller named DC1.
On DC1, you create an Active Directory-integrated zone named adatum.com and you sign
the zone by using DNSSEC.
You deploy a new read-only domain controller (RODC) named R0DC1.
You need to ensure that the contoso.com zone replicates to RODC1.
What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Answer: 
Explanation:
http://technet.microsoft.com/en-us/library/cc781340(v=ws.10).aspx
For additional servers to host a zone, zone transfers are required to replicate and
synchronize all copies of the zone used at each server configured to host the zone.
Explanation
In Windows Server 2008 and Windows Server 2008 R2, DNS servers running on read-only domain controllers (RODCs) host Active Directory-integrated copies of all zones. However, because the zone is read-only, the DNS server cannot make any updates to the zones that it hosts. Instead, updates occur on other DNS servers and are transferred to the RODC through Active Directory replication.
When an Active Directory-integrated zone is signed with DNSSEC, private keys are also replicated to all DNS servers running on domain controllers, with an exception: Private keys are not replicated to an RODC because RODCs are intended to operate in insecure environments.
In Windows Server 2012 and Windows Server 2012 R2, an RODC loads unsigned zones from Active Directory with no change in functionality from Windows Server 2008 R2. However, if the RODC finds a DNSSEC-signed zone in Active Directory, it does not load the zone as Active Directory-integrated. Instead, it creates a secondary copy of the zone, and then configures the closest writeable domain controller for the domain as the primary server. The RODC then attempts to perform a zone transfer. Zone transfers must be enabled on the primary DNS server for this transfer to succeed. If zone transfers are not enabled, the RODC logs an error event and takes no further action. In this scenario, you must manually enable zone transfers on the primary server that is selected by the RODC. Alternately, you can choose to reconfigure the
RODC to point to a different primary DNS server that has zone transfers enabled.
http://technet.microsoft.com/en-us/library/dn593674.aspx
2
0
Yep you need to enable zone transfers on the DC1.
0
0
Answer: Zone transfers tab.
Explanation:
When you have a DC with AD-Integrated zone (ex Contoso) and an AD-Integrated zone with DNSSEC(ex Adatum) on a writable DC and you install + promote a RoDC, this is the result:
-The Contoso zone is replicated to the RoDC (btw it is a read-only copy of the zone).
-The Adatum zone folder of is visible in the DNS manager on the RoDC, but with an error that it is not replicated.
To solve this, you need to allow the zone transfer on the writable DC to the RoDC.
So despite both of the zones are AD-Integrated, the extra security feature (DNSSEC) forbit the zone to be transferred to the RoDC. And when you open the Properties of the zone (Adatum in my example), you can see that is is a Secondary zone.
0
0