Your company Datum Corporation, has a single ActiveDirectory domain named intranet.adatum.com. The
domain has two domain controllers that run Windows Server 2008 R2 operating system. The domain
controllers also run DNS servers.
The intranet.adatum.com DNS zone is configured as an Active Directory-integrated zone with the Dynamic
updates setting configured to Secure only.
A new corporate security policy requires that the intranet.adatum.com DNS zone must be updated only by
domain controllers or member servers.
You need to configure the intranet.adatum.com zone to meet the new security policy requirement.
Which two actions should you perform? (Each correctanswer presents part of the solution. Choose two.)

A.
Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone
properties.
B.
Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com DNS
zone properties.
C.
Assign the server computer accounts the Allow on Write All Properties permission on the Security tabof the
intranet.adatum.com DNS zone properties.
D.
Assign the server computer accounts the Allow on Create All Child Objects permission on the Securitytab
of the intranet.adatum.com DNS zone properties.