IT135 Ch. 2-4 Review Questions
Your company just opened a small branch office where 10 computer users will work. You have installed a single Windows Server 2016 computer configured as a member server for basic file and print server needs. Users require DNS to access the Internet and to resolve names of company resources. You decide to install DNS on the existing server. Which of the following types of installations makes the most sense? a. A primary server hosting a standard zone b. An Active Directory-integrated zone hosting the zone in which the server is a member c. A caching-only DNS server d. A server that's a forwarder
a. A primary server hosting a standard zone
You have a DNS server outside your corporate firewall that's a standalone Windows Server 2016 server. It hosts a primary zone for your public Internet domain name, which is different from your internal Active Directory domain names. You want one or more of your internal servers to be able to handle DNS queries for your public domain and to serve as a backup for the primary DNS server outside the firewall. Which configuration should you choose for internal DNS servers? a. A standard secondary zone. b. A standard stub zone. c. A forwarder to point to the primary DNS server. d. An Active Directory-integrated stub zone.
a. A standard secondary zone.
You're in charge of a standard primary zone for a large network with frequent changes to the DNS database. You want changes to the zone to be transmitted as quickly as possible to all secondary servers. What should you configure and on which server? a. Configure DNS notifications on the primary zone server b. Configure DNS recursion on the secondary zone servers c. Configure round robin on the primary zone server d. Configure a smaller default TTL for the primary zone server
a. Configure DNS notifications on the primary zone server
You have a DHCP server with two NICs: NIC1 and NIC2. NIC1 is connected to a subnet with computers that use DHCP for address assignment. NIC2 is connected to the data center subnet where all computers should use static addressing. You want to prevent the DHCP server from listening for DHCP packets on NIC2. What should you do? a. Configure bindings. b. Disable the scope. c. Create a filter for NIC2. d. Configure failover.
a. Configure bindings.
You want all computers in the Management Department to use a default gateway that's different from computers in other departments. All departments are on the same subnet. What should you do first on the server? a. Create a User Class. b. Create a new scope. c. Create an allow filter. d. Create a Vendor Class.
a. Create a User Class.
A subnet on your network uses DHCP for address assignment. The current scope has start address 192.168.1.1 and an end address of 192.168.1.200 with the subnet mask 255.255.255.0. Because of network expansion, you have added computers, bringing the total number that need DHCP for address assignment to 300. You don't want to change the IP addressing scheme or the subnet mask for computers already on the network. What should you do? a. Create a new scope with start address 192.168.2.1 and end address 192.168.2.200 with prefix length 24 and add the existing scope and new scope to a superscope. b. Add a scope with start address 192.168.1.1 and end address 192.168.2.200 with the subnet mask 255.255.255.0. Then delete the existing scope. c. Create a new scope with start address 192.168.1.1, end address 192.168.2.200, and prefix length 16. d. Add another DHCP server. Using the split scope wizard, split the existing scope with the new server and assign each server 100% of the addresses.
a. Create a new scope with start address 192.168.2.1 and end address 192.168.2.200 with prefix length 24 and add the existing scope and new scope to a superscope.
You have four printers that are accessed via their IP addresses. You want to be able to use DHCP to assign addresses to the printers, but you want to make sure they always have the same address. What's the best option? a. Create reservations. b. Create exclusions. c. Configure filters. d. Configure policies.
a. Create reservations.
You have a DNS server that has multiple network interface cards; one is an internal interface and the second is an external interface that faces the Internet. You would like to enable recursion for your internal DNS clients and disable it for any Internet clients. Which Windows Server 2016 DNS feature will allow you to specify which DNS queries will use recursion and which DNS queries will not? a. DNS recursion scope b. DNS recursion rules c. Recursion permissions d. DNS recursion zones
a. DNS recursion scope
You want to give a junior administrator access to DNS servers so that he can configure zones and resource records, but you don't want to give him broader administrative rights in the domain. What should you do? a. Make his account a member of DnsAdmins. b. Add his account to the Administrators group on all DNS servers. c. Delegate control for the OU where the DNS computer accounts are. d. Add his account to the Administer DNS Servers policy.
a. Make his account a member of DnsAdmins.
What type of zone should you create that contains records allowing a computer name to be resolved from its IP address? a. RLZ b. FLZ c. Stub d. TLD
a. RLZ
What specific type of DNS query instructs a DNS server to process the query until the server replies with an address that satisfies the query or with an "I don't know" message? a. Recursive b. Referral c. Iterative d. resolver
a. Recursive
Which of the following are required elements of a DHCP scope? (Choose all that apply.) a. Subnet mask b. Scope name c. Router address d. Lease duration
a. Subnet mask b. Scope name d. Lease duration
Which of the following are criteria you can use with conditions in DHCP policies? (Choose all that apply.) a. Vendor Class b. MAC address c. OS version d. SSID
a. Vendor Class b. MAC address
You want a DNS server to handle queries for a domain with a standard primary zone hosted on another DNS server, and you don't want the server to be authoritative for that zone. How should you configure the server? (Choose all that apply.) a. As a secondary zone on the DNS server b. As a stub zone on the DNS server c. As a forwarder on the DNS server d. Configure zone hints for the primary zone
b. As a stub zone on the DNS server c. As a forwarder on the DNS server
Domain Name System Security Extension (DNSSEC) provides specific features and protocols for validating server responses. Which of the following methods are used by DNSSEC to ensure that the data they receive from DNS queries is accurate and secure? (Choose all that apply.) a. Data integrity b. Authenticated zone signing c. Authenticated denial of existence d. Origin authentication of DNS data
b. Authenticated zone signing d. Origin authentication of DNS data
A resource record containing an alias for another record is which of the following record types? a. A b. CNAME c. NS d. PTR
b. CNAME
You're reviewing DHCP server statistics and notice that the server has received many DHCPDECLINE messages. What should you configure on the server to reduce the number of DHCPDECLINE messages? a. DHCP policies b. Conflict detection c. Connection bindings d. DNS credentials
b. Conflict detection
You notice that some information shown in the DHCP console for DHCP leases doesn't agree with lease information you see on some client computers where you used ipconfig /all. What should you do to make DHCP information consistent? a. Back up and restore the database. b. Reconcile the scopes. c. Create a deny filter for the leases that look wrong. d. Delete the dhcp.mdb file and click Refresh
b. Reconcile the scopes.
You have defined a scope on your DHCP server with the start address 172.16.1.1, end address 172.16.1.200, and prefix length 16. You want to create another scope on the server. Which of the following is a valid scope you can create on this server? a. Start address 172.19.1.1, end address 172.19.1.255, prefix length 24 b. Start address 172.17.1.1, end address 172.17.1.200, prefix length 16 c. Start address 172.16.2.1, end address 172.19.2.100, prefix length 16 d. Start address 172.31.0.1, end address 172.31.1.254, prefix length 8
b. Start address 172.17.1.1, end address 172.17.1.200, prefix length 16
Which of the following is true about stub zones? (Choose all that apply.) a. They're authoritative for the zone. b. Their records are updated by the primary server automatically. c. They can't be Active Directory integrated. d. They contain SOA and NS records
b. Their records are updated by the primary server automatically. d. They contain SOA and NS records.
You have an Active Directory-integrated zone named csmtech.local on the DNS1 server. The forest root Active Directory domain is csmtech.local. Why is the _msdcs subdomain zone delegated on the DNS1 server? a. To offload the DNS processing required of DNS1 b. To change the replication scope of _msdcs c. To allow Windows clients to access Microsoft services d. To allow dynamic updates to the _msdcs zone
b. To change the replication scope of _msdcs
What's the default lease duration on a Windows DHCP server? a. 8 hours b. 16 minutes c. 8 days d. 16 hours
c. 8 days
Why might you need to create predefined options with code 060? a. To support WSUS clients b. To support Linux clients c. To support WDS clients d. To support mobile clients
c. To support WDS clients
You have several hundred client computers using WINS to resolve names of some enterprise servers. Many of the client computers are laptops used to connect to the network remotely. You're trying to eliminate WINS from your network to reduce the number of protocols and services you must support. With the least administrative effort, what can you do that allows you to stop using WINS yet still allows clients computers to use a single-label name for accessing enterprise servers? a. Create a GlobalNames zone and add CNAME records for enterprise servers. b. Create a Hosts file containing servers' names and addresses and upload this file to each client that needs it. c. Configure each client computer with the correct domain suffix. d. Create a stub zone and add CNAME records for each enterprise server.
a. Create a GlobalNames zone and add CNAME records for enterprise servers.
You have noticed that one of your DNS servers has possibly been compromised. You believe that a cached DNS entry for your domain is being targeted by an attacker. What new feature in Windows Server 2016 could you use on your DNS server to help prevent a man-in-the-middle attack in which your cached DNS entry for your domain is altered by an attacker? a. DNS-based Authentication of Named Entities b. DNS-Expiration c. DNS Cache Locking d. Authenticated-DNS
a. DNS-based Authentication of Named Entities
Which of the following is not part of a DHCPv6 scope configuration? a. Default gateway b. Prefix c. Preference d. Scope lease
a. Default gateway
Which of the following best describes DNS? (Choose all that apply.) a. Hierarchical database b. Flat database c. Monolithic database d. Distributed database
a. Hierarchical database d. Distributed database
Which of the following are true about a stub zone? (Choose all that apply.) a. It's not authoritative for the zone. b. It holds mostly A records. c. It can't be Active Directory integrated. d. It contains SOA and NS records.
a. It's not authoritative for the zone. d. It contains SOA and NS records.
You have noticed that your server's DNS cache locking value is configured to 100. What effect does this have on the DNS server's cached data? a. The data cannot be overwritten. b. All data will be completely overwritten. c. All data will be overwritten after it is cached. d. The data will be partially overwritten.
a. The data cannot be overwritten
Which of the following are true about the DHCP protocol? (Choose all that apply.) a. There are eight message types. b. DHCPDISCOVER messages sent by clients traverse routers. c. It uses the UDP Transport-layer protocol. d. An initial address lease involves three packets.
a. There are eight message types. c. It uses the UDP Transport-layer protocol.
You're having trouble with logons and other domain operations in your domain named csmtech.local. You want to verify that your domain clients can find domain controllers. Which of the following can you do? (Choose all that apply.) a. Use the dcdiag /test:dns /DnsRecordRegistration command b. Look at the %systemroot%\System32\Config\netlogon.dns file c. Look at the %systemroot%\System32\dns\cache.dns file d. Use the nslookup -type = CNAME -domain=csmtech.local command
a. Use the dcdiag /test:dns /DnsRecordRegistration command b. Look at the %systemroot%\System32\Config\netlogon.dns file
In the DHCP server's statistics, you notice that a lot of DHCPNAK packets have been transmitted. What's the most likely reason? a. You changed the range of addresses in a scope recently. b. The DHCP server has been taken offline. c. The server is offering a lot of addresses that are already in use. d. Client computers are getting multiple offers when they request an address.
a. You changed the range of addresses in a scope recently.
Which of the following protects against DNS cache poisoning by enabling a DNS server to randomize the source port when performing DNS queries? a. Zone signing b. Data integrity c. Socket pool d. Cache locking
a. Zone signing
Which of the following uses digital signatures contained in DNSSEC-related resource records to verify DNS responses? a. Zone signing b. Data integrity c. Socket pool d. Cache locking
a. Zone signing
You have decided to install the DNS server role on Nano Server. What specific type of zone configuration is not supported when using the DNS on Nano Server? a. Standard directory-based b. Active Directory-integrated c. Replication-integrated d. Standard file-based
b. Active Directory-integrated
You have a DNS server running Windows Server 2016. You would like to configure the DNS server to respond to requests based on the source of the query and include the capability to filter malicious queries. Which feature should you enable? a. DNS Policy and Security b. DNS Policy c. DNS Security d. DNS Zone Policy
b. DNS Policy
You have delegated a subdomain to a zone on another server. Several months later, you hear that DNS clients can't resolve host records in the subdomain. You discover that the IP address scheme was changed recently in the building where the server hosting the subdomain is located. What can you do to make sure DNS clients can resolve hostnames in the subdomain? a. Configure a forwarder pointing to the server hosting the subdomain. b. Edit the NS record in the delegated zone on the parent DNS server. c. Edit the NS record in the delegated zone on the DNS server hosting the subdomain. d. Configure a root hint pointing to the server hosting the subdomain.
b. Edit the NS record in the delegated zone on the parent DNS server.
You have a DNS server running Windows Server 2016 named DNS1 that contains a primary zone named csmtech.local. You have discovered a static A record for the server DB1 in the zone, but you know that DB1 was taken offline several months ago. Aging and scavenging are enabled on the server and the zone. What should you do first to ensure that stale static records are removed from the zone? a. Change the default TTL on static records. b. Enable the Advanced View setting in DNS Manager. c. Configure the "Expires after" value in the SOA. d. Change the "No-refresh interval" timer to a lower number.
b. Enable the Advanced View setting in DNS Manager.
What should you define in a scope to prevent the DHCP server from leasing addresses that are already assigned to devices statically? a. Reservation scope b. Exclusion range c. Deny filters d. DHCP policy
b. Exclusion range
You're scanning the local cache on a DNS client, and you come across the notation ::1. What does it mean? a. The cache is corrupt. b. It's the IPv6 localhost address. c. It's the link-local address. d. It's a reverse lookup record.
b. It's the IPv6 localhost address.
What do you configure if you need to assign addresses dynamically to applications or services that need a class D IP address? a. IPv6 relay b. Multicast scope c. Dynamic scope d. Autoconfiguration
b. Multicast scope
You have noticed that your DHCP service is not starting. You must immediately troubleshoot your DHCP server and determine the cause of the problem as quickly as possible. Which of the following DHCP troubleshooting steps should you perform? (Choose all that apply.) a. Reconcile all scopes. b. Verify the scope is not corrupted. c. Power cycle the DHCP Server immediately. d. Verify that the DHCP server is authorized.
b. Verify the scope is not corrupted. d. Verify that the DHCP server is authorized.
You want to verify whether a PTR record exists for the server1.csmtech.local host, but you don't know the server's IP address. Which of the following commands should you use to see whether a PTR record exists for server1.csmtech.local? a. ping -a server1.csmtech.local, and then ping IPAddress returned from the first ping b. nslookup server1.csmtech.local, and then nslookup IPAddress returned from the first nslookup c. dnscmd /PTR server1.csmtech.local d. dnslint /PTR server1.csmtech.local
b. nslookup server1.csmtech.local, and then nslookup IPAddress returned from the first nslookup
You have a DHCP server set up on your network and no DHCP relay agents. You're capturing DHCP packets with a protocol analyzer and see a broadcast packet with UDP source port 68 and UDP destination port 67. Which of the following DHCP message types can the packet be? a. A DHCPREQUEST to renew an IP address lease b. A DHCPACK to acknowledge an IP address lease request c. A DHCPDISCOVER to request an IP address d. A DHCPOFFER to offer an IP address lease
c. A DHCPDISCOVER to request an IP address
After you install the DHCP Server role on a member server, what must you do before the server can begin providing DHCP services? a. Configure options. b. Activate the server. c. Authorize the server. d. Create a filter.
c. Authorize the server.
Which is the correct order in which a DNS client tries to resolve a name? a. Cache, DNS server, Hosts file b. Hosts file, cache, DNS server c. Cache, Hosts file, DNS server d. DNS server, cache, Hosts file
c. Cache, Hosts file, DNS server
Which of the following is not an advantage of using Active Directory-integrated zones? a. Provides automatic zone replication b. Gives multimaster updates c. Can be stored on member servers d. Is able to configure secure updates
c. Can be stored on member servers
You have a primary zone stored in the myzone.local.dns file. Some devices that aren't domain members are creating dynamic DNS records in the zone. You want to make sure only domain members can create dynamic records in the zone. What should you do first? a. Configure the Secure only option for dynamic updates. b. Configure permissions in the Security tab of the zone's Properties dialog box. c. Configure the Store the zone in Active Directory option. d. Configure the None option for dynamic updates.
c. Configure the Store the zone in Active Directory option.
You have a network of 150 computers and notice that a computer you don't recognize has been leasing an IP address. You want to make sure this computer can't lease an address from your server. What's the best solution that takes the least administrative effort? a. Create an allow filter. b. Create a new policy. c. Create a deny filter. d. Create a Vendor Class.
c. Create a deny filter.
If you disable the option to use root hints when no forwarders are available, what are you doing? a. Enabling the socket pool b. Locking the cache c. Disabling recursion d. Configuring the netmask
c. Disabling recursion
What type of record does DNS create automatically to resolve the FQDN of an NS record? a. PTR b. CNAME c. Glue A d. Auto SRV
c. Glue A
The DNS server at your headquarters holds a standard primary zone for the abc.com domain. A branch office connected by a slow WAN link holds a secondary zone for abc.com. Updates to the zone aren't frequent. How can you decrease the amount of WAN traffic caused by the secondary zone checking for zone updates? a. In the SOA tab of the zone's Properties dialog box, increase the minimum (default) TTL. b. In the Advanced tab of the DNS server's Properties dialog box, increase the expire interval. c. In the SOA tab of the zone's Properties dialog box, increase the refresh interval. d. In the Zone Transfers tab of the SOA Properties dialog box, decrease the retry interval.
c. In the SOA tab of the zone's Properties dialog box, increase the refresh interval.
Which of the following records is returned when the requested resource record doesn't exist and is used to fulfill the authenticated denial of existence security feature of DNSSEC? a. DNSKEY b. Delegation Signer c. Next Secure d. zone-signing key
c. Next Secure
You manage the DNS structure on your network. The network security group has decided that only one DNS server should contact the Internet. Under no circumstances should other servers contact the Internet for DNS queries, even if the designated server is down. You have decided that the DNS server named DNS-Int should be the server allowed to contact the Internet. How should you configure your DNS structure to accommodate these requirements? a. On each DNS server except DNS-Int, configure a forwarder pointing to DNS-Int. Configure DNS-Int as a forwarder by enabling forwarded requests in the Forwarders tab of the server's Properties dialog box. b. On each DNS server except DNS-Int, configure a root hint to point to DNS-Int and delete all other root hints. Configure a root zone on DNS-Int. c. On each DNS server except DNS-Int, configure a forwarder pointing to DNS-Int. Disable the use of root hints if no forwarders are available. No changes are necessary on DNS-Int. d. On each DNS server except DNS-Int, in the Advanced tab of the server's Properties dialog box, disable recursion. No changes are necessary for DNS-Int.
c. On each DNS server except DNS-Int, configure a forwarder pointing to DNS-Int. Disable the use of root hints if no forwarders are available. No changes are necessary on DNS-Int.
You have just finished setting up your DNS infrastructure, and the DNS process seems to be working well. You want to be able to create a baseline of performance data so that if slowdowns occur later, you have information for comparison purposes. Which tool should you use? a. dnscmd.exe b. Debug logging c. Performance Monitor d. Event logging
c. Performance Monitor
You want mobile devices on your network to have a shorter lease time than other devices without having a different scope. You don't have detailed information about the mobile devices, such as MAC addresses because they are employees' personal devices. What DHCP feature might you use to assign a shorter lease to these mobile devices? a. Reservation options b. Scope options c. Policy options d. Filter options
c. Policy options
When a DNS server responds to a query with a list of name servers, what is the response called? a. Iterative b. Recursive c. Referral d. Resolver
c. Referral
You're in charge of a small group of DNS servers running Windows Server 2016. After careful review of your current security policies, you have decided you need to protect your servers from DNS amplification attacks. What specific feature can be used in Windows Server 2016 to provide you the resources to complete this task? a. DNS Cache Locking b. DNS Rate Limiting c. Response Rate Limiting d. DDoS mitigation
c. Response Rate Limiting
What should you create if you need to service multiple IPv4 subnets on a single physical network? a. Split scope b. Relay agent c. Superscope d. Multicast server
c. Superscope
Some of your non-Windows clients aren't registering their hostnames with the DNS server. You don't require secure updates on the DNS server. What option should you configure on the DHCP server so that non-Windows clients names are registered? a. Update DNS records dynamically only if requested by the DHCP clients. b. Always dynamically update DNS records. c. Update DNS records dynamically for DHCP clients that don't request updates. d. Configure name protection.
c. Update DNS records dynamically for DHCP clients that don't request updates.
You have two DCs, each with three Active Directory-integrated zones. You're getting inconsistent DNS lookup results and suspect there is a problem with Active Directory replication. What tool can you use to investigate the problem? (Choose all that apply.) a. nslookup b. dnscmd c. dcdiag d. ipconfig
c. dcdiag d. ipconfig
Which of the following accurately represents an FQDN? a. host.top-level-domain.subdomain.domain b. domain.host.top-level-domain c. host.subdomain.domain.top-level-domain d. host.domain.top-level-domain.subdomain
c. host.subdomain.domain.top-level-domain
You have DHCP clients on the network that aren't domain members. You want to be sure these computers can register their hostnames with your DNS servers. Which option should you configure? a. 003 Router b. 044 WINS/NBNS Servers c. 006 DNS Servers d. 015 DNS Domain name
d. 015 DNS Domain name
You have seven DNS servers that hold an Active Directory-integrated zone named csmpub.local. Three of the DNS servers are in the Chicago site, which is connected to three other sites through a WAN link with limited bandwidth. Only users in the Chicago site need access to resources in the csmpub.local zone. Where should you store the csmpub.local zone? a. ForestDNSZones partition b. csmpub.local.dns c. DomainDNSZones partition d. Custom application partition
d. Custom application partition
Which of the following is a DHCP high-availability option that includes hot standby mode? a. DHCP Load balancing b. Superscopes c. DHCP split scope d. DHCP failover
d. DHCP failover
You have configured your computers with static IP addresses but want them to get the DNS server and default gateway settings via DHCP. What type of DHCP message do you see as a result? a. DHCPREQUEST b. DHCPRELEASE c. DHCPNAK d. DHCPINFORM
d. DHCPINFORM
You have a zone containing two A records for the same hostname, but each A record has a different IP address configured. The host records point to two servers hosting a high-traffic Web site, and you want the servers to share the load. After some testing, you find that you're always accessing the same Web server, so load sharing isn't occurring. What can you do to solve the problem? a. Enable the load sharing option on the zone b. Enable the round robin option on both A records c. Enable the load sharing option on both A records d. Enable the round robin option on the server
d. Enable the round robin option on the server
You have been assigned the task of migrating the DHCP server role to another server. Which of the following PowerShell cmdlets will allow you to transfer the DHCP server configuration and database? a. Import-Dhcp -File C:\Dhcp.xml -Leases b. netsh dhcp server export Dhcp.txt all c. netsh dhcp server import C:\Dhcp.txt all d. Export-DhcpServer -File Dhcp.xml -Leases
d. Export-DhcpServer -File Dhcp.xml -Leases
After utilizing Performance Monitor to analyze your DNS server, you have decided to optimize your server's performance. After investigating the possible system settings you can configure, you decide to set the receive buffer to the maximum and enable RSS. Which type of setting will allow you to accomplish this task? a. Zone settings b. Recursion settings c. System configuration d. NIC Settings
d. NIC Settings
What type of resource record is necessary to get a positive response from the command nslookup 192.168.100.10? a. A b. CNAME c. NS d. PTR
d. PTR
You have decided that you need to change the setting of an existing DNS forwarder. Which of the following PowerShell cmdlets will allow you to accomplish this task? a. Add-DnsServerForwarder b. Import-DnsServerForwarder c. Set-DnsServerRecursion d. Set-DnsServerForwarder
d. Set-DnsServerForwarder
You want high availability for DHCP services, a primary server to handle most DHCP requests, and a secondary server to respond to client requests only if the primary server fails to in about a second. The primary server has about 85% of the IP addresses to lease, leaving the secondary server with about 15%. You don't want the servers to replicate with each other. What should you configure? a. Multicast scope b. Failover c. Superscope d. Split scope
d. Split scope
You have decided to create multiple zone scopes to configure your DNS server to respond to clients based on whether the client is on your internal network or an external network. What specific configuration can you use to implement this policy? a. Selected DNS b. Query filters c. Subnet-based DNS d. Split-brain DNS
d. Split-brain DNS
What type of IPv6 address configuration uses DHCPv6? a. Unicast allocation b. Stateless autoconfiguration c. Dynamic allocation d. Stateful autoconfiguration
d. Stateful autoconfiguration