You need to configure the contoso.com zone to ensure that clients cache records from the zone for 4 days
Your company has a main office and five branch offices that are connected by WAN links.
The company has an Active Directory domain named contoso.com.
Each branch office has a member server configured as a DNS server. All branch office DNS
servers host a secondary zone for contoso.com.
You need to configure the contoso.com zone to ensure that clients cache records from the
zone for 4 days.
What should you do?
You need to ensure that the stale resource records are automatically removed from the contoso.com zone
You have an Active Directory domain named contoso.com.
You have a domain controller named Server1 that is configured as a DNS server.
Server1 hosts a standard primary zone for contoso.com. The Zone Aging/Scavenging
Properties of the contoso.com zone are shown in the exhibit. (Click the Exhibit button.)
You discover that stale resource records are not automatically removed from the
contoso.com zone.
You need to ensure that the stale resource records are automatically removed from the
contoso.com zone.
What should you do?
You need to create a DNS zone that is available on DC1 and DC2
Your network contains an Active Directory forest. The forest contains two domains named
contoso.com and east.contoso.com.
The contoso.com domain contains a domain controller named DC1. The east.contoso.com
domain contains a domain controller namedDC2. DC1 and DC2 have the DNS Server server
role installed.
You need to create a DNS zone that is available on DC1 and DC2. The solution must ensure
that zone transfers are encrypted. What should you do?
You need to ensure that users in Branch2 only authenticate to the domain controllers in Main
Your network contains an Active Directory domain. The domain is configured as shown in
the following table.
Users in Branch2 sometimes authenticate to a domain controller in Branch1.
You need to ensure that users in Branch2 only authenticate to the domain controllers in
Main.
What should you do?
You need to ensure that members of Group1 can revoke certificates
You have an enterprise subordinate certification authority (CA).
You have a group named Group1.
You need to ensure that members of Group1 can revoke certificates.
What should you do?
You need to ensure that DNS records can only be updated by the computer that registered the record
Your network contains an Active Directory domain. All DNS servers are domain controllers.
You view the properties of the DNS zone as shown in the exhibit. (Click the Exhibit button.)
You need to ensure that DNS records can only be updated by the computer that registered
the record.
What should you do first?
Which command should you run?
You deploy a certification authority (CA) named CA1. CA1 will be used to issue a large
number of temporary certificates to provide users with access to public wireless access
points (WAPs).
You create a certificate template named Template1. You enable the Do not store certificates
and requests in the CA database option.
You need to configure CA1 to ensure that certificate requests and issued certificates for
Template1 are not stored in the CA database.
Which command should you run?
Which Object Access audit policy should you configure?
Your network contains an Active Directory domain named contoso.com. The domain
contains a file server named Server1 that runs Windows Server 2008 R2. Server1 has a file
share named Share1.
You plan to configure the audit policy settings of Server1 by using a Group Policy object
(GPO).
You need to ensure that entries are generated in the Event Log when the users in a group
named Group1 successfully access or fail to access the files in Share1. The event entries
must show the specific operation each user attempted. The solution must minimize the
number of audit entries in the Event Log.
Which Object Access audit policy should you configure?
Which two FSMO roles should you identify?
Your network contains an Active Directory forest named contoso.com. The forest contains
three domains named contoso.com, childl.contoso.com, and child2.contoso.com. The
childl.contoso.com domain contains five domain controllers. The domain controllers are
configured as shown in the following table.
You plan to decommission the child1.contoso.com domain.
You need to identify which two FSMO roles can be moved from childl.contoso.com to
child2.contoso.com.
Which two FSMO roles should you identify? (Each correct answer presents part of the
solution. Choose two.)
You need to ensure that the passwords for all users in Group1 are at least 10 characters long
Your network contains an Active Directory domain. The domain contains a group named
Group1. The minimum password length for the domain is set to six characters.
You need to ensure that the passwords for all users in Group1 are at least 10 characters
long. All other users must be able to use passwords that are six characters long.
You create an Active Directory Fine Grained Password Policy.
What should you do next?