Your network contains an Active Directory forest named corp.contoso.com. All servers run Windows Server 2012.
The network has a perimeter network that contains servers that are accessed from the Internet by using the contoso.com namespace.
The network contains four DNS servers. The servers are configured as shown in the following table.
All of the client computers on the perimeter network use Server1 and Server2 for name resolution.
You plan to add DNS servers to the corp.contoso.com domain.
You need to ensure that the client computers automatically use the additional name servers. The solution must ensure that only computers on the perimeter network
can resolve names in the corp.contoso.com domain.
Which DNS configuration should you implement on Server1 and Server2?
To answer, drag the appropriate DNS configuration to the correct location in the answer area. Each DNS configuration may be used once, more than once, or not at
all. Additionally, you may need to drag the split bar between panes or scroll to view content.
Select and Place:
Answer: 
Explanation:
* stub zone
A Stub Zones allows an organization to resolve names to a private namespace or speed up name resolution to a public namespace without the use of Conditional
Forwarders or Secondary Zones.
DNS Stub Zones in each domain will be configured to forward request for the other organization name space to a DNS server that is authoritative. All other names
needing resolved will use the default name resolution method.
How to configure a DNS Stub Zone in Windows Server
I believe that the correct answer is twice a conditional forwarder.
When using stub zones, SOA records are included in the zone file, which exposes the SOA and NS data, which is a concern in a perimeter network. Regarding security concerns with zone data exposure, the better choice would be to use conditional forwarders, because no data is exposed.
Conditional forwarders were introduced in Windows Server 2003, but it did not have the option to make it Active Directory-integrated. If you would have several DNS servers, you would have had to create the conditional forwarder on each server manually. The Active Directory-integrated option was added to Windows Server 2008 and newer DNS servers, so you do not have to manually create a conditional forwarder on each DNS server. This way the conditional forwarder will be available domain or forest-wide.
0
2
D’oh! Please ignore my previous reply. The DNS servers in the perimeter network are not Active Directory-integrated, therefore the correct answer is twice a stub zone.
0
0
Answer is correct
https://technet.microsoft.com/en-us/library/cc771898(v=ws.11).aspx
1
0
I would have thought using a Stub zone on Server1 & a conditional forwarder on server 2 pointing to Server 1. This would ensure only 1 DNS server in the perimeter zone would be doing iterative requests.?
0
0
That cannot be correct, as two answers would be the right answer then; the answer for server 1 could be a stub zone then and the answer for server 2 would be a conditional forwarder, but it could also be the other way around, so that gives two correct answers and with Microsoft exams, there is always only one correct answer. The answer is either using two stub zones, or using two conditional forwarders, which I believe is the correct answer (see my previous explanation).
0
0
or maybe
create stub zone for server1
and delegate to replicate this stub zone for server2?
0
0