PrepAway - Latest Free Exam Questions & Answers

Which two actions should you take? (Each correct answer presents part of the solution

You are the network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional computers. The company deploys two DNS servers. Both DNS servers run Windows Server 2003. One DNS server is inside of the corporate firewall, and the other DNS server is outside of the firewall.

The external DNS server provides name resolution for the external Internet name of the company on the Internet, and it is configured with root hints.

The internal DNS server hosts the DNS zones related to the internal network configuration, and it is not configured with root hints.You want to limit the exposure of the client computers to DNS-related attacks from the Internet, without limiting their access to Internet-based sites.

Which two actions should you take? (Each correct answer presents part of the solution. (Choose two.)

PrepAway - Latest Free Exam Questions & Answers

A.
Configure the firewall to allow only network traffic on the DNS ports.

B.
On the internal DNS server, add the external DNS server as the only root hint.

C.
On the internal DNS server, disable recursion.

D.
Configure the client computers to use both DNS servers. List the internal DNS server first.

E.
On the internal DNS server, configure the external DNS server as forwarder.

F.
Configure the client computers to use only the internal DNS server.

Explanation:
Install one server on your perimeter network, for Internet name resolution, and another on your internal network, to host your private namespace and provide internal name resolution services.

“A Composite Solution With Just One Click” – Certification Guaranteed 48 Microsoft 70-293 Exam

Then configure the internal DNS server to forward all Internet name resolution requests to the external DNS server. This way, no computers on the Internet communicate directly with your internal DNS server, making it less vulnerable to all kinds of attacks.

Reference:

Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, Chapter 4.


Leave a Reply