Microsoft 70-741 Objective 1.0: Implement Domain Name System (DNS)

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com You need to configure DNS name resolution properties on the srv2.sales.corp.westsim.com server. You decide to change the network interface's TCP/IP settings to do this. When an unqualified name is submitted for name resolution, you want the server to search using the following suffixes: following suffixes: • sales.corp.westsim.com • acct.corp.westsim.com • corp.westsim.com • westsim.com What should you do?

Click Advanced and from the DNS tab, configure custom search suffixes of sales.corp.westsim.com, acct.corp.westsim.com, corp.westsim.com, and westsim.com

Your organization uses one primary DNS zone that is backed up by seven secondary DNS zones on other servers. Your organization has changed ISPs. As a result, significant IP addressing changes are taking place within your infrastructure. To maintain availability, all of your secondary DNS servers need to be updated immediately whenever a change is made to the primary DNS server. What should you do?

Configure DNS Notify options in the properties of the primary zone

You want to implement a protocol on your network that allows computers to find the IP address of a host from a logical name. What protocol should you implement?

DNS

You are the network administrator for Corpnet.com. The company has three domains named corpnet.com, east.corpnet.com and west.corpnet.com. The DNS servers in each domain are only authoritative for the zones for their domains and are all member servers. You sign the corpnet.com DNS zone with DNSSEC. You need to enable the DNS servers that are not authoritative for the corpnet.com zone to perform DNSSEC validation of DNS responses for the corpnet.com zone. What should you do?

Distribute a Trust Anchor to all DNS servers that are not authoritative for the corpnet.com zone.

You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016 Standard edition. All of the clients run Windows 10. A domain controller named DC1 functions as a DNS server that hosts a standard primary zone, eastsim.com. All of the other domain controllers host standard secondary zones for eastsim.com. A new corporate directive requires that all DNS communication be secure. The DNS records must be cryptographically signed by the DNS server so that clients can validate that the DNS server responses are authentic and have not been subject to tampering. You must configure DNS to comply with the new policy. What should you do?

Implement DNS Security Extensions (DNSSEC)

Match each zone type on the left with the corresponding characteristics on the right. Each zone type may be used once, more than once, or not at all.

Multiple servers hold read-write copies of the zone data. - Active Directory-integrated The only writeable copy of the zone database. - Primary A read-only copy of the zone database - Secondary Initates zone transfers. - Secondary The replication scope specifies domain controllers that can receive a copy of zone data. - Active Directory-integrated

which utility is used to create and configure dns policies

Powershell

Which type of DNS policy allows DNS servers to resolve a hostname to an IP address based on the geographical location of both the client and the host?

Query Resolution Policy

Match each DNS policy on the left with its description and associated Powershell command on the right. Each option may be used once, more than once, or not at all.

This type of policy specifies how incoming resolution queries are handled by a DNS server. - Query Resolution Policies This type of policy controls how the DNS server performs recursion for a query. - Recursion Policies This type of policy controls whether a zone transfer is allowed or not. - Zone Transfer Policies Add-DnsServerQueryResolutionPolicy - Query Resolution Policies Add-DnsServerZoneTransferPolicy - Zone Transfer Policies Add-DnsServerRecursionScope - Recursion Policies

You are a network administrator. You have determined that you need to install and configure a local DNS server. You have decided that installing DNS on Nano Server is best for the following reasons. (Select three.)

- Nano Server requires fewer patches and reboots. - Nano Server requires less disk space. - Nano Server can be deployed as a Hyper-V VM.

You are configuring the network for a new company with two sites. The main office is in Denver, and a branch office is in Phoenix. The sites are connected by a WAN link. All servers, including domain controllers, will run Windows Server 2012 R2. All servers will be members of an Active Directory domain. The main office uses the corp.westsim.com domain. All domain members are currently located in the Denver location. The branch office uses the research.corp.westsim.com domain. All domain members are located only in the Phoenix location. The following servers are in each location: All zones are Active Directory-integrated zones, and there are no other DNS servers on the network. To improve name resolution at the Phoenix location, you install a domain controller and DNS named srv4.research.corp.westsim.com in the Phoenix location. You want this server to have a copy of the corp.westsim.com zone. You do not want any servers in the Denver location to have a copy of the research.corp.westsim.com zone. You want to minimize the amount of DNS information stored on each server. What should you do?

Configure the replication scope for corp.westsim.com as To all DNS servers in this forest. Configure the replication scope for research.corp.westsim.com as To all DNS servers in this domain. servers in this domain.

You are the administrator of the corp.westsim.com domain. All servers in the domain run Windows Server 2016, and all clients run Windows 10. The domain has two subdomains: • acct.corp.westsim.com • sales.corp.westsim.com The acct.corp.westsim.com zone is an Active Directory-integrated zone, while the sales.corp.westsim.com zone is a primary zone To improve name resolution, you set up DNS on the SRV3.acct.corp.westsim.com server. You create a secondary zone on that server pointing to the sales.corp.westsim.com zone. One day, you come to work to find that the primary server for the sales.corp.westsim.com zone has failed. You have a backup that was performed the previous night. You need to have a primary server online as quickly as possible while restoring as much of the zone data as possible. What should you do?

Convert the sales.corp.westsim.com secondary zone on SRV3 to a primary zone.

You need to enable hosts on your network to find the IP address of logical names such as srv1.myserver.com. Which device would you use to accomplish this task?

DNS Server

You manage a network with two locations, Denver and Phoenix. Both sites are connected with a WAN link. The network uses westsim.private as the domain name. The DNS1 server is located in the Denver location and has the primary copy for the westsim.private zone. The DNS2 server is located in Phoenix and is a secondary server for the westsim.private zone. You notice that when you add new A records to the zone, users in Phoenix are unable to resolve the hostname for the new host for up to 15 minutes after the record has been added. You want to reduce this time so that hostnames can be resolved in Phoenix as soon as possible. What should you do?

Edit the zone properties on DNS1. On the SOA tab, decrease the refresh interval. Edit the zone properties on DNS1. On the Zone Transfers tab, configure the zone to automatically notify listed name servers.

You manage a network with two locations. The main office is in Phoenix, and a branch office is in Tulsa. SRV1 is a DNS server in Phoenix. SRV1 holds the primary zone for the eastsim.local zone. To improve name resolution requests in the branch office, you place a secondary copy of the zone on SRV5 in the Tulsa location. Due to recent expansion, you are adding more servers to the Phoenix location. For each server, you manually create the A and PTR records. You find that after you add the server, computers in the Tulsa location are unable to contact the new servers for up to 10 minutes. You want to make sure that hosts in Tulsa can contact these servers using DNS as quickly as possible. What should you do?

Enable DNS Notify options on the zone on SRV1

You manage the DNS servers for the eastsim.com domain. You have a domain controller named DNS1 running Windows Server 2016 that holds a standard primary zone for the eastsim.com zone. You would like to configure DNS1 to use forwarders for all unknown zones. You edit the DNS server properties for DNS1. On the forwarders tab, you find that the Use root hints if no forwarders are available option is disabled. You also find that you are unable to edit hints if no forwarders are available option is disabled. You also find that you are unable to edit the forwarders list. What should you do?

Enable recursion on DNS1

You are responsible for managing a Windows Server 2016 system named DNS1 that functions as DNS server. One of the domains owned by your organization is westsim.com, which is not integrated with Active Directory. Your DNS server is authoritative for this zone. Two other DNS servers in your organization named DNS2 and DNS3 contain a copy of the zone data in a multi-master configuration. You want to use DNSSEC to digitally sign zone data. You want to use DNS1 as the Key Master for DNSSEC Which should you do?

In DNS Manager, right-click the westsim.com zone and click DNSSEC > Sign the Zone

You are the network administrator for corpnet.com. A new corporate policy requires that DNSSEC be implemented on the corpnet.com zone. A server named DNS1 is authoritative for the be implemented on the corpnet.com zone. You sign the corpnet.com zone and distribute trust anchors to all non-authoritative DNS servers that will perform DNSSEC validation of data from the zone. You need to prepare the clients to perform DNSSEC validation for the corpnet.com. What should you do?

In Group Policy, configure a Name Resolution Policy.

Your network has a single domain named southsim.com. All client computers run Windows 10. DNS data for the domain is stored on the following servers: • DNS1 holds the primary zone for southsim.com. • DNS2 and DNS3 hold secondary zones for southsim.com. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers and allow any of the three servers to update DNS records in the zone. What should you do?

On all three servers, change the zone type of the DNS zone to Active Directory-integrated.

You are the DNS manager for the southsim.com domain. You want to configure your single DNS server so that it never uses forwarders for name resolution. What should you do?

On the DNS server, disable recursion.

You are the DNS manager for the eastsim.com domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the eastsim.com zone. Users have complained about multiple DNS name resolution errors. You have examined the configuration, but can't see anything wrong. To help identify the problem, you would like to track the DNS packets sent and received by the server. You would also like to filter by IP address. server. What should you do?

On the DNS server, enable debug logging.

What is the first action that a DNS client will take when attempting to resolve a single-label name to an IP address?

Query a DNS server for a host name formed by appending the client's primary DNS suffix to the single-label name.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016. All of the clients run Windows 10. Clients routinely access a web application on a server named web1.westsim.com. During the course of the business day, you receive complaints that users attempting to access web1.westsim.com were directed to an unknown IP address on the Internet. They accessed a website that looked similar to the web application on web1.westsim.com, but were provided no website that looked similar to the web application on web1.westsim.com, but were provided no functionality. After researching the internet IP address, you find that it belongs to a group of functionality. After researching the internet IP address, you find that it belongs to a group of attackers suspected of hacking into company web sites. You determine that the compromise attackers suspected of hacking into company web sites. You determine that the compromise occurred because of DNS cache poisoning. To protect the server, you need to ensure that cache occurred because of DNS cache poisoning. To protect the server, you need to ensure that cache records on the DNS server cannot be overwritten until the Time to Live (TTL) period has expired. What should you do?

You should implement the DNS Cache Locking feature

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. The company has one main office. There is one server named DNS1 with the DNS Server role installed. A new company security directive states that servers should not use port 49308. All other port ranges are acceptable and should not be excluded. You need to configure DNS1 to adhere to the ranges are acceptable and should not be excluded. You need to configure DNS1 to adhere to the new security requirement without any loss of DNS functionality What should you do?

You should set the SocketPoolExcludedPortRanges setting in the registry on the DNS servers to 49308-49308.

A client's primary DNS suffix is east.corpsim.com. The client is also configured with a DNS suffix search list containing west.corpsim.com and ny.east.corpsim.com. Which FQDNs will be included in DNS queries when DNS devolution is used by the client to resolve a single-label name of srv42? (Select two.)

srv42.east.corpsim.com srv42.corpsim.com


Ensembles d'études connexes

Geometry Right Triangles and Similarity: Theorems, Postulates and Corollaries

View Set

Sociology Ch. 9: Sex, gender, sexual orientation, sexuality

View Set

ATI: RN Nursing Care of Children Online Practice 2016 A

View Set

lengthen & shorten upper limb, thorax & abs

View Set

Chapter 20 Early Renaissance and Late Medieval

View Set

Solving One-Variable Inequalities: Assignment

View Set

IDSV Chap. 11 - Artificial Intelligence

View Set