PrepAway - Latest Free Exam Questions & Answers

You need to ensure that only the client computers in the Active Directory domain can register records in the c

Your network contains an Active Directory domain named contoso.com. The DNS zone for
contoso.com is Active-Directory integrated.
The domain contains 500 client computers. There are an additional 20 computers in a
workgroup.
You discover that every client computer on the network can add its record to the
contoso.com zone.
You need to ensure that only the client computers in the Active Directory domain can
register records in the contoso.com zone.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Sign the contoso.com zone by using DNSSEC.

B.
Configure the Dynamic updates settings of the contoso.com zone.

C.
Configure the Security settings of the contoso.com zone.

D.
Move the contoso.com zone to a domain controller that is configured as a DNS server.

7 Comments on “You need to ensure that only the client computers in the Active Directory domain can register records in the c

  3. mkbell says:

    https://technet.microsoft.com/en-gb/library/cc771255.aspx
    Enable only secure dynamic updates
    Click Start, point to Administrative Tools, and then click DNS.
    Under DNS, double-click the applicable DNS server, double-click Forward Lookup Zones or Reverse Lookup Zones, and then right-click the applicable zone.
    Click Properties.
    On the General tab, verify that the zone type is Active Directory-integrated.
    In the Dynamic updates box, click Secure only.
    Click OK.




    0



    0
      1. william says:

        The answer D is correct because if you install DNS server on non DC, then you are not able yo create AD-integrated zone.DNSupdate security is available only for zone that are integrated into AD DS




        0



        0
  5. karl says:

    not D
    from question: “..The DNS zone for contoso.com is Active-Directory integrated.”

    from https://technet.microsoft.com/en-us/library/cc978010.aspx: “Only DNS servers that run on domain controllers can load Active Directory–integrated zones.”

    B:
    from https://technet.microsoft.com/en-us/library/cc753751.aspx
    “To allow only secure dynamic updates using the Windows interface
    Open DNS Manager.
    In the console tree, right-click the applicable zone, and then click Properties.
    On the General tab, verify that the zone type is Active Directory-integrated.
    In Dynamic Updates, click secure only”




    0



    0

Leave a Reply