Your network contains an Active Directory domain named contoso.com. The network contains a
domain controller named DC1 that has the DNS Server server role installed. DC1 has a standard
primary DNS zone for contoso.com.
You need to ensure that only client computers in the contoso.com domain will be able to add their
records to the contoso.com zone.
What should you do first?
A.
Sign the contoso.com zone.
B.
Modify the Security settings of DC1.
C.
Modify the Security settings of the contoso.com zone.
D.
Store the contoso.com zone in Active Directory.
Explanation:
Only Authenticated users can create records when zone is stored in AD.
Secure dynamic updates allow an administrator to control what computers update what names and
prevent unauthorized computers from overwriting existing names in DNS.
References:Training Guide: Installing and Configuring Windows Server 2012 R2: Chapter 6: Network
Administration, Lesson 2: Implementing DNSSEC, p. 237
http://technet.microsoft.com/en-us/library/cc731204(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc755193.aspx
Answer should be C, contoso.com is in DC1 which is already an Active Directory.
0
0
I would agree with Carlo where it not for the following.
An AD integrated DNS already does what is asked unless it is configured improperly. (Hence no configuration required if it was one. The text also describes that we are talking about a ‘standard’ DNS zone. Which is a very obscure term as standard can imply a standard integrated AD DNS or a standard old fashioned DNS that is not integrated.
You can set an integrated AD DNS zone to secure only, but that is not part of security, it is part of properties of the zone. Security only arranges who can do what on that specific DNS zone. Hence C can’t be right because that is not the way to do it.
So my option would be D, which is yet another confusing way to describe how to integrate a DNS zone into AD.
0
0