PrepAway - Latest Free Exam Questions & Answers

You need to implement DNSSEC to meet the following requ…

Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. All servers run Windows Server 2012 R2. All client
computers run Windows 8.1.
The DNS zone of adatum.com is Active Directory-integrated.
You need to implement DNSSEC to meet the following requirements:
Ensure that the zone is signed.
Ensure that the zone signing key (ZSK) changes every 30 days.
Ensure that the key signing key (KSK) changes every 365 days.
What should you do? To answer, drag the appropriate cmdlets to the correct requirements. Each cmdlet may be used once, more than once, or not at all. You may
need to drag the split bar between panes or scroll to view content.
Select and Place:

PrepAway - Latest Free Exam Questions & Answers

Answer:

Explanation:
* Invoke-DnsServerZoneSign
The Invoke-DnsServerZoneSign cmdlet signs a Domain Name System (DNS) server zone.
* Add-DnsServerSigningKey
The Add-DnsServerSigningKey cmdlet adds a Key Signing Key (KSK) or Zone Signing Key (ZSK) key to a Domain Name System (DNS) signed zone.

5 Comments on “You need to implement DNSSEC to meet the following requ…

    1. pauliusp says:

      It seems this one could work, but first you’d need to list specific key and use Enable-DnsServerSigningKeyRollover in combination.

      Get-DnsServerSigningKey -ZoneName “adatum.com” | Enable-DnsServerSigningKeyRollover -RolloverPeriod 2592000 #RolloverPeriod in seconds. This would apply same rollover period for both keys and this is not what we want. I guess Get-DnsServerSigningKey should be used at least twice to check ZSK/KSK KeyID.

      I would stick with provided answer, since Add-DnsServerSigningKey also support -RolloverPeriod parameter.
      Add-DnsServerSigningKey -ZoneName “adatum.com” -Type “ZoneSigningKey” -RolloverPeriod 2592000
      Add-DnsServerSigningKey -ZoneName “adatum.com” -Type “KeySigningKey” -RolloverPeriod 31536000




      0



      2

Leave a Reply