Net141: All

Ace your homework & exams now with Quizwiz!

You enter the ipconfig /all command and see the information shown in the image below. If you enter the nslookup command on this same system, which of the following do you expect to see as the address of the default server?

163.128.80.93

Your network has a single Active Directory domain named westsim.local. All westsim.local authoritative DNS servers are configured to forward DNS requests across a firewall to a public DNS server. All client computers are members of the westsim.local Active Directory domain and are configured to use westsim.local authoritative DNS servers. A new site in Seattle has just opened. The Seattle site is connected to company headquarters using a virtual private networking (VPN) connection. Company policy states that all client computers in all sites must receive internet access through a high-speed internet connection at company headquarters. You want to supply DNS service at the Seattle site, minimize unnecessary DNS traffic across the VPN connection, and configure DNS appropriately to meet company policy. What should you do? (Choose two. Each choice is part of the correct solution.)

- Install a DNS server in the Seattle site with no primary zones. - Configure the new DNS server to forward all DNS requests to westsim.local authoritative DNS servers at company headquarters.

Your network has a single Active Directory domain named westsim.local. All westsim.local authoritative DNS servers are configured to forward DNS requests across a firewall to a public DNS server. All client computersare members of the westsim.local Active Directory domain and are configured to use westsim.local authoritative DNS servers. Your company has opened one new site in South America. The South America site has its own internetconnection and uses a dedicated wide area network (WAN) link to company headquarters in North America for intranet traffic. The WAN link between company headquarters in North America and the South America site is expensive andsomewhat unreliable. DNS traffic across this WAN link must be minimized. You need to make appropriate DNS configurations to meet this requirement. What should you do? (Choose two. Each choice is part of the correct solution.)

- Install a DNS server with no zones in the South America site. Configure the server to conditionally forward westsim.local DNS requests to westsim.local authoritative DNS servers and to forward all other DNS requests to the local internet service provider's DNS server. - Configure all client computers in the South America site to use the new DNS server in the SouthAmerica site.

You are a network administrator. You have determined that you need to install and configure a local DNS server. You have decided that installing DNS on Nano Server is best for the following reasons. (Select three.)

- Nano Server requires fewer patches and reboots. - Nano Server requires less disk space. - Nano Server can be deployed as a Hyper-V VM.

Your Active Directory network uses the internal DNS namespace private.westsim.com. Several other Active Directory domains also exist, which are children to the private.westsim.com domain. On the internet, your company uses westsim.com for its public domain name. Your company manages its own DNS servers that are authoritative for the westsim.com zone. The private.westsim.com zone has been delegated to your company's Active Directory domain controllers, which are also DNS servers. Computers that are members of the private.westsim.com domain and all child domains must be able to resolve DNS names of internet resources. However, to help secure your network, DNS queries for resources in the private.westsim.com domain and all child domains must never be sent to internet DNS servers. Queries for internet names must go first to your public DNS server that is authoritative for the westsim.com domain. You need to configure your company's DNS servers to meet these requirements. What should you do? (Select two. Each correct choice is part of the solution.)

- On all DNS servers that are authoritative for the private.westsim.com zone or any child zone, create a forwarders list. Forward to DNS servers that are authoritative for the parent zone, westsim.com. - Delete root hints to internet DNS servers on all DNS servers that are authoritative for the private.westsim.com zone or any child zone.

1.10.5

1.10.5

1.11.8

1.11.8

1.4.8

1.4.8

1.5.10

1.5.10

1.6.8

1.6.8

1.7.5

1.7.5

1.8.10

1.8.10

1.9.9

1.9.9

You are the network manager for the westsim.private domain. You are in the process of transitioning from IPv4 to IPv6 on your internal network. You want to configure DNS to provide hostname-to-IPv6 address and IPv6 address-to-hostname resolution for a specific IPv6-only host. Which record types would you create? (Select two.)

AAAA PTR

You manage a network with Windows clients, multiple subnets, and Windows DNS servers. You want to be able to resolve a host name for a server on your network to its IPv4 address. What should you do?

Add an A record on the DNS server.

You manage the intranet servers for EastSim Corporation. The company network has three domains: eastsim.com, asiapac.eastsim.com, and emea.eastsim.com. The main company website runs on the web1.eastsim.com server with a public IP address of 101.12.155.99. A host record for the server already exists in the eastsim.com zone. You want internet users to be able to use the URL http://www.eastsim.com to reach the website. What type of DNS record should you create?

CNAME

You are the administrator for the corp.westsim.com domain. The network has two child domains, acct.corp.westsim.com and sales.corp.westsim.com. You need to configure DNS name resolution properties on the srv2.sales.corp.westsim.com server. You decide to change the network interface's TCP/IP settings to do this. When an unqualified name is submitted for name resolution, you want the server to search using the following suffixes: sales.corp.westsim.com acct.corp.westsim.com corp.westsim.com westsim.com What should you do?

Click Advanced and from the DNS tab, configure custom search suffixes of sales.corp.westsim.com, acct.corp.westsim.com, corp.westsim.com, and westsim.com.

Listed below are several DNS record types. Match the record type on the left with its function on the right. (Record types may be used once or not at all.)

Identify a domain controller. SRV Identify a mail server. MX Map a host name to an IPv4 address. A Map an IPv4 address to a host name. PTR

You administer a branch office connected to the main headquarters with a WAN link. Servers in the branch office provide DNS and DHCP services. The company network has multiple domains. A single domain represents the branch office. A DNS server named DCI at the branch office is authoritative for the branch office's primary zone and contains no other DNS zones. DNS servers at headquarters provide name resolution for hosts in other domains. One day, you come to work to find a number of customer service complaints. They all report something similar -- clients can resolve local host names, but cannot resolve host names for other domains on the network. You contact the enterprise administrator. She tells you the IP address for the DNS server that previously used as a forwarder for the branch office has been changed to 10.155.11.15. What should you do to fix the problem?

Configure DC1 to forward name resolution requests to 10.155.11.15.

Your organization uses one primary DNS zone that is backed up by seven secondary DNS zones on other servers. Your organization has changed ISPs. As a result, significant IP addressing changes are taking place within your infrastructure. To maintain availability, all of your secondary DNS servers need to be updated immediately whenever a change is made to the primary DNS server. What should you do?

Configure DNS Notify options in the properties of the primary zone.

You are the systems administrator for WestSim Corporation. You have been assigned to set up a new branch office in Tulsa. The branch will be represented by a single domain. You install a single DNS server called TulsaDNS and configure a primary zone for the branch office domain. You test name resolution and find that hosts can only resolve names for hosts within the domain. You need to enable clients in the Tulsa location to resolve names for hosts in other domains within your private network. You would like to minimize traffic across the WAN link between the sites. What should you do?

Configure TulsaDNS to use forwarders.

You manage a single private domain called westsim.private. All DNS servers run Windows Server 2016. Client computers run Windows 10 and are members of the westsim.private domain. Client computers have NetBT disabled and use only DNS for name resolution. You have a group of computers that use only NetBIOS names and do not use DNS. Your network does not have a WINS server. You need to enable all client computers to resolve host names for the NetBIOS computers. What should you do?

Configure a GlobalNames zone. Create records in the zone for all NetBIOS computers.

You manage the DNS servers for the eastsim.com domain. You company has just acquired a competitor. The competitor network uses a single domain named widgets.local. The new company is located in Denver. You connect your site to the Denver location using a WAN link. You want computers in your location and domain to be able to resolve names for computers in the widgets.local domain. You want to minimize zone transfer traffic, but you also want to make sure that changes to name servers in the Denver location to not disrupt name resolution. You need to configure your DNS servers in the eastsim.com domain. What should you do?

Configure a stub zone to widgets.local.

You are a network engineer working for WestSim Corporation. The company has an internet domain named westsim.com. The private network uses the namespace of private.westsim.com. Your company manages its own Domain Name System (DNS) servers that are authoritative for both the company's namespaces. Your network consists of several subnets at multiple locations. Sites are connected with WAN links. www.private.westsim.com is an intranet web server that is commonly used throughout the company. You want to ensure that users can always access this server by name, even if an authoritative DNS server is not available. What should you do?

Configure each client computer's hosts file with an entry for www.private.westsim.com.

You manage the network for the westsim.com domain. The network uses both DNS and WINS for name resolution. Client computers are configured to try DNS for name resolution first, and then try WINS if that fails. You would like to transition your network to use IPv6. You want to make sure that clients can contact hosts using single-label names that resolve to the IPv6 address for that host. You want to do this with the least amount of effort possible. What should you do?

Configure the GlobalNames zone in DNS. Create CNAME records for each host pointing to the corresponding AAAA record.

You are configuring the network for a new company with two sites. The main office is in Denver, and the branch office is in Phoenix. The sites are connected by a WAN link. All servers, including domain controllers, will run Windows Server 2012 R2 all servers will be members of an Active Directory Domain. The main office uses the corp.westsim.com domain. All domain members are currently located in the Denver location. The branch office uses the research.corp.com domain. All domain members are currently located in the Denver location. The branch office uses the research.corp.westsim.com domain. All domain members are located only in the Phoenix location. The following servers are in each location: Location Denver srv1.corp.westsim.com - Domain controller, DNS server srv2.corp.westsim.com - Domain controller, DNS server srv3corp.westsim.com - Domain controller Location Pheonix srv1.research.corp.westsim.com - Domain controller, DNS server srv2.research.corp.westsim.com - Domain controller, DNS server srv3.research.corp.westsim.com - Domain controller All zones are Avite Directory-integrated zones. and there are no other DNS servers on the network/ To improve name resolution at the Phoenix location. You want this server to have a copy of the corp.westsim.com zone. You do not want any servers in the Denver location to have a copy of the research.corp.westsim.com zone. You want to minimize the amount of DNS information stored on each server. What should you do?

Configure the replication scope for corp.westsim.com as To all DNS servers in this forest. Configure the replication scope for research.corpwestsim.com as To all DNS servers in this domain.

You are the administrator of the corp.westsim.com domain. All servers in the domain run Windows Server 2016, and all clients run Windows 10. The domain has two subdomains: • acct.corp.westsim.com • sales.corp.westsim.com The acct.corp.westsim.com zone is an Active Directory-integrated zone, while the sales.corp.westsim.com zone a primary zone. To improve name resolution, you set up DNS on the SRV3.acct.corp.westsim.com server. You create a secondary zone on that server pointing to the sales.corp.westsim.com zone. One day, you come to work to find that the primary server for the sales.corp.westsim.com zone has failed. You have a backup that was performed the previous night. You need to have a primary server online as quickly as possible while restoring as much of the zone data as possible. What should you do?

Convert the sales.corp.westsim.com secondary zone on SRV3 to a primary zone.

Your company has started the transition to IPv6. You need to configure records on the DNS server so that clients can submit a host name query and receive back an IPv6 address for the specified host. What should you do?

Create AAAA records

Your company has started the transition to IPv6. You need to configure records on the DNS server so that clients can submit an IPv6 address and receive back the host name for that computer. What should you do?

Create PTR records.

You are a systems administrator for WestSim Corporation. As part of a new security initiative, the IT department has developed a custom application hat reports the host name of all clients that try to access three sensitive servers in the Accounting department. The application has been working fine for the last three months. The company expands and adds a new building with a LAN connection to the rest of the network. This building has its own subnet, 192.168.5.0. You create a scope on an existing DHCP server for this subnet. During a random check of the reporting software, you discover that the application reports the IP addresses, but not the hostname for clients on the new subnet. Everything works as designed for hosts on other subnets. You check the DNS database and find that none of the hosts on that subnet have an associated PTR record. What should you do?

Create a primary reverse lookup zone fo subnet 192.168.5.0

Your company uses the internet domain westsim.com. Your network has a single Active Directory domain named westsim.local. You manage your network's DNS servers for the westsim.com zone and the westsim.local zone. All Domain Name Service (DNS) servers on your network run Windows Server 2016. Your company's Asia division wants its own internet namespace, and it also wants to manage its own DNS servers. The division will use asia.westsim.com as its internet domain name. You want to minimize administrative effort and communication between the two divisions as the Asia division installs DNS servers. To support this goal, you need to make appropriate configurations on the DNS servers that you manage. What should you do?

Create and configure a stub zone named asia.westsim.com.

Your private network consists of several domains. The forest root domain is called westsim.local. Additional domains represent each department (such as accounting.westsim.local and sales.westsim.local). All domains are in the same DNS tree. Servers on your network provide DHCP, DNS, and WINS. During a recent upgrade, you decide to upgrade all servers to Windows Server 2016 and all client computers to Windows 10. As part of the upgrade, you remove the WINS servers from the network, and disable NetBT on all client computers. Users have been used to contacting three servers using a single-label name. These servers are named as follows: file.it.westsim.local graphics.art.westsim.local iweb.hr.westsim.local You want to allow all users company-wide to be able to contact these servers using the names file1, graphics, and iweb. What should you do?

Create the GlobalNames zone. Configure CNAME records in the zone for the three servers.

Your private network consists of several domains. The forest root domain is called westsim.local. Additional domains represent each department (such as accounting.westsim.local and sales.westsim.local). All domains are in the same DNS tree, and all DNS servers run Windows Server 2016. All client computers run Windows 10. Each client computer is a member of the department domain. You have an intranet server whose fully qualified domain name is iweb.it.westsim.local and IP address is 192.168.199.12. You want all users in the company to be able to access this server using the URL: http://iweb. What should you do?

Create the GlobalNames zone. Create a CNAME record in the zone pointing to iweb.it.westsim.local.

The image shows the current scavenging settings for the eastsim.com domain. As you check records in the zone, you find several records that have not been updated for 16 days or longer. You need to make sure that records are automatically removed if they have not been updated in the last 14 days. What should you do?

Enable automatic scavenging on the zone.

You want to implement a protocol on your Network that allows computers to find the IP address of a host using a logical name. Which protocol should you implement?

DNS

You need to enable hosts on your network to find the IP address of logical names such as srv1.myserver.com. Which device would you use to accomplish this task?

DNS Server

You manage the branch office for your company network. The branch office consists of two subnets and 10 host computers. You use static addressing for all hosts on both subnets. To provide name resolution between subnets, you configure static entries on each computer. As the network grows, you decide to implement dynamic services. You configure a Windows Server 2016 server as a DHCP and DNS server. You configure a DNS zone and DHCP scopes. You configure DHCP options on the DHCP server to deliver the IP address of the DNS server to all hosts. You configure each client to get IP address and DNS server information from the DHCP server. You need to configure each client so that it no longer uses static entries for name resolution. What should you do?

Delete the hosts file on each client.

You are the network administrator for Corpnet.com. The company has three domains named corpnet.com, east.corpnet.com and west.corpnet.com. The DNS servers in each domain are only authoritative for the zones for their domains and are all member servers. You sign the corpnet.com DNS zone with DNSSEC. You need to enable the DNS servers that are not authoritative for the corpnet.com zone to perform DNSSEC validation of DNS responses for the corpnet.com zone. What should you do?

Distribute a Trust Anchor to all DNS servers that are not authoritative for the corpnet.com zone.

You manage a network with two locations, Denver and Phoenix. 80th sites are connected with a WAN link. The network uses westsim.private as the domain name. The DNS1 server is located in the Denver location and has the primary copy for the westsim.private zone. The DNS2 server is located in Phoenix and is a secondary server for the zone. You notice that when you add new A records to the zone, users in Phoenix are unable to resolve the hostname for the new host for up to 15 minutes after the record has been added. You want to reduce this time so that hostnames can be resolved in Phoenix as soon as possible. What should you do? (Select two. Each choice is a complete solution.)

Edit the zone properties on DNS1. On the SOA tab, decrease the refresh interval. Edit the zone properties on DNS1. On the Zone Transfers tab, configure the zone to automatically notify listed name servers.

You manage a network with two locations. The main office is in Phoenix, and a branch office is in Tulsa. SRV1 is a DNS server in Phoenix. SRVI holds the primary zone for the eastsim.local zone. To improve name resolution requests in the branch office, you place a secondary copy of the zone on SRV5 in the Tulsa location. Due to recent expansion, you are adding more servers to the Phoenix location. For each server, you manually create the A and PTR records. You find that after you add the server, computers in the Tulsa location are unable to contact the new servers for up to 10 minutes. You want to make sure that hosts in Tulsa can contact these servers using DNS as quickly as possible. What should you do?

Enable DNS Notify options on the zone on SRV1.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. The westsim.com organization has one main office with a single subnet. There are two application servers located in the main office that host a custom web application. They are named APP1 and APP2. You have been instructed to ensure that APP1 and APP2 each service about half of the clients who need access to the custom web application using the minimum amount of administrative effort. You create two CNAME records linking the customapp.westsim.com Fully Qualified Domain Name (FQDN) to each of the servers. What should you do next?

Enable Round Robin on the DNS server.

You administer the DNS and DHCP servers on your network. The network has just added a new subnet. The subnet is represented as a new domain in DNS named acct.istp.private. The subnet uses address 192.168.16.0/24. All servers on the subnet run Windows 2016 and all clients run Windows 10. The new subnet will use existing DNS and DHCP servers on another subnet. You need to configure DNS to support the new subnet. You configure a delegation to the new domain from its parent and create a primary zone for the new domain. You also create a primary reverse lookup zone for the subnet address. When you check the DNS database, you find that there are no A or PTR records for hosts on the subnet. At a client computer, you run the ipconfig /registerdns command. However, the corresponding DNS records are still not created. What should you do?

Enable dynamic updates on acct.istp.private and the reverse lookup zone for the subnet.

You are setting up a new network in a single location with a single domain named eastsim.com. All servers run Windows Server 2016, and all clients run Windows 10. You install a DHCP server and configure it with a scope for the single subnet. You install a DNS server with a primary zone for the domain. You want to use dynamic updates to update DNS records in the zone automatically. What should you do?

Enable dynamic updates on the eastsim.com zone.

You manage the DNS servers for the eastsim.com domain. You have a domain controller named DNS1 running Windows Server 2016 that holds a standard primary zone for the eastsim.com zone. You would like to configure DNS1 to use forwarders for all unknown zones. You edit the DNS server properties for DNS1. On the forwarders tab, you find that the Use root hints if no forwarders are available option is disabled. You also find that you are unable to edit the forwarders list. What should you do?

Enable recursion on DNS1.

You are the network administrator for a single domain with three subnets. Two subnets have all Windows 10 computers. The conference room uses the third subnet. Traveling salesmen come to the conference room and plug in their laptops to gain network access. You have configured a DHCP server to deliver configuration information to hosts on this subnet. DNS is configured for dynamic updates. Over time, you notice that the size of the DNS database continues to grow. It is beginning to have an adverse effect on DNS server performance. What should you do?

Enable scavenging of stale resource records on the zone.

You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016. All of the clients run Windows 10. There are two main sites, one in New York and one in Los Angeles. All of the computers in the New York site are configured with IP addresses in the 10.0.0.0/24 subnet. All of the computers in the Los Angeles site are configured with IP addresses in the 172.16.0.0/24 subnet. There is an application server located in New York named APP1 with an IP address of 10.0.0.10. There is a replica application server located in Los Angeles that is also named APP2. It has an IP address of 172.16.0.10. Users must access the application using a URL of http://customapp.eastsim.com. You create two CNAME records for customapp.eastsim.com that link to each of the two application servers. You need to ensure that users in each office will be referred to the local server when accessing the applications using this URL. What should you do?

Enable the Netmask Ordering option on the DNS server.

Listed below are several DNS record types. Match the record type on the left with its function on the right.

Identify a domain controller. SRV Identify a mail server. MX Map a host name to an IPv4 address. A Map an IPv4 address to a host name. PTR

You are the network administrator for eastsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016 Standard edition. All of the clients run Windows 10. A domain controller named DC1 functions as a DNS server that hosts a standard primary zone, eastsim.com. All of the other domain controllers host standard secondary zones for eastsim.com. A new corporate directive requires that all DNS communication be secure. The DNS records must be cryptographically signed by the DNS server so that clients can validate that the DNS server responses are authentic and have not been subject to tampering. You must configure DNS to comply with the new policy. What should you do?

Implement DNS Security Extensions (DNSSEC).

You are responsible for managing a Windows Server 2016 system named DNS1 that functions as a DNS server. One of the domains owned by your organization is westsim.com, which is not integrated with Active Directory. Your DNS server is authoritative for this zone. Two other DNS servers in your organization named DNS2 and DNS3 contain a copy of the zone data in a multi-master configuration. You want to use DNSSEC to digitally sign zone data. You want to use DNS1 as the Key Master for DNSSEC. Which should you do?

In DNS Manager, right-click the westsim.com zone and click DNSSEC > Sign the Zone.

You are the network administrator for corpnet.com. A new corporate policy requires that DNSSEC be implemented on the corpnet.com zone. A server named DNS1 is authoritative for the corpnet.com zone. You sign the corpnet.com zone and distribute trust anchors to all non-authoritative DNS servers that will perform DNSSEC validation of data from the zone. You need to prepare the clients to perform DNSSEC validation for the corpnet.com. What should you do?

In Group Policy, configure a Name Resolution Policy.

Mary is in charge of DNS administration for her network. The private network consists of a single Active Directory domain called private.westsim.com. DNS data is stored in an Active Directory-integrated zone. The sales department has just installed a web server called SalesWeb. This server will host an intranet site for use by the sales team. They want this server to be accessible using the URL sales.westsim.com. What should Mary do?

In the westsim.com domain, create a CNAME record called Sales. Identify SalesWeb.private.westsim.com as the target.

A user reports that they can't browse to a specific website on the internet. From their computer, you find that a ping test to the web server succeeds. A traceroute test shows 17 hops to the destination web server. What is the most likely cause of the problem?

Incorrect DNS server address

The image shows the current scavenging settings for the eastsim.com domain. Host (A) records within the zone are configured to refresh themselves every 7 days. You notice that sometimes a host record will be removed from the database, even though the host still exists on the network. You need to make sure that records are only removed when the host no longer exists. What should you do?

Increase the refresh interval setting.

Emma is a systems administrator for WestSim Corporation. The network has multiple domains with DNS and DHCP services configured in each domain. All servers are running Windows Server 2016, and all clients are running Windows 10. All hosts are members of the acct.westsim.com domain. This domain's records are stored in a primary zone. As part of a new security initiative, the IT department has developed a custom application that reports the hostname of each client that tries to access three sensitive servers in the accounting department. Emma has been asked to test the new application. During a random test, she finds that the program is not reporting the host names for some clients, even though it properly records their IP addresses. Emma realizes that the custom application submits reverse lookup requests to the DNS server to discover the host name for the specified IP address. She also realizes that the clients whose host names could not be notified have manually-configured static IP addresses on the 192.168.3.0 subnet using a default subnet mask. What should Emma do?

Manually create a PTR record in the 3.168.192.in-addr.arpa zone for each host.

Your organization's IT department has developed a custom application that reports the hostname of each client that tries to access three servers in the accounting department that store sensitive information. You do a random test and find that the program is not reporting the host names for some clients even though it properly records their IP addresses. This is because the custom application submits reverse lookup requests to the DNS server to discover the host names for the specified IP addresses. As you investigate further, you learn that the clients whose hostnames could not be reported have static IP addresses and are on subnet 192.168.3.0. What should you do?

Manually create a PTR record in the 3.168.192.in-addr.arpa zone for each host.

You are the network administrator for your company's network. Your network consists of eight Windows Server 2016 computers, 500 Windows 10 client computers, and five UNIX servers. One of your Windows Server 2016 computers is your DNS server. The DNS zone is configured as an Active Directory-integrated zone. The DNS zone is also configured to allow dynamic updates. Users report that although they can access the Windows 10 computers by host name, they cannot access the UNIX servers by host name. What should you do?

Manually enter A (host) records for the UNIX servers in the zone database.

Match each zone type on the left with the corresponding characteristics on the right. Each zone type may be used once, more than once, or not at all.

Multiple servers hold read-write copies of the zone data. Active Directory-integrated The only writeable copy of the zone database. Primary A read-only copy of the zone database. Secondary Initiates zone transfers. Secondary The replication scope specifies domain controllers that can receive a copy of zone data. Active Directory-integrated

You configured the IP address and DNS name of a new internal web server named WEB3. Your first test from a web browser on your workstation was successful. But when you came to work this morning, you were not able access WEB3 from the same client computer using the same browser. You get an error that this site cannot be reached. You have not changed the server's IP configuration since the successful test of the night before. You ping WEB3 using its IP address, and you get a response back. Next, you ping WEB3 using its fully qualified domain name (FQDN), and you get a message indicating that the host could not be found. What can you assume from this message?

Name resolution is not working properly.

You manage the DNS infrastructure for your network. Server DNSI holds a primary zone for the research.westsim.com domain. Server DNS2 holds a primary zone for the sales.westsim.com domain. 80th servers are also domain controllers. Computers configured to use DNSI as the preferred DNS server are unable to resolve names for hosts in the sales.westsim.com domain. You need to enable DNSI to resolve names for hosts in that domain. Your company security policy states that DNS zone transfers are not allowed between DNSI and DNS2. What should you do?

On DNS1, configure a conditional forwarder for sales.westsim.com.

Your network has a single domain named southsim.com. All client computers run Windows 10. DNS data for the domain is stored on the following servers: • DNS1 holds the primary zone for southsim.com. • DNS2 and DNS3 hold secondary zones for southsim.com. All three DNS servers are located on domain controllers. The DNS zone for the domain is configured to allow dynamic updates. You want to allow client computers to send DNS updates to any of the three servers and allow any of the three servers to update DNS records in the zone. What should you do?

On all three servers, change the zone type of the DNS zone to Active Directory-integrated.

You manage a network with a main office and one branch office. Each office has its own internet connection, and the offices are connected with a WAN link. All computers in the main office are members of the westsim.private domain. All computers in the branch office are members of the tulsa.westsim.private domain. The DNS1 server in the main office holds a primary zone for the westsim.private domain, while the DNS2 server in the branch office holds the primary zone for the tulsa.westsim.private domain. Clients in the branch office are able to resolve hostnames for the tulsa.westsim.private domain and for all internet hosts. However, they cannot resolve hostnames for hosts in the westsim.private domain. You need to allow hosts in the branch office to resolve names for hosts in the main office while still allowing internet name resolution and minimizing WAN traffic. What should you do?

On DNS2, configure a conditional forwarder for the westsim.private domain to forward all requests to DNS1.

You are the DNS manager for the southsim.com domain. You want to configure your single DNS server so that it never uses forwarders for name resolution. What should you do?

On the DNS server, disable recursion.

You are the DNS manager for the eastsim.com domain. You have set up a website for your intranet that holds company information for use by the employees. Employees access the website using the URL intraweb.eastsim.com. Because of the large number of employees, you decide to configure three different web servers that will hold the intranet content. When users enter the URL in their browsers, you want the DNS server to respond with the IP address of one of the three servers. The DNS server should evenly use each of the three web server addresses. What should you do? (Select two. Each choice is a required part of the solution.)

On the DNS server, enable DNS Round Robin. Configure three different host (A) records for intraweb.eastsim.com, with each pointing to a different server.

You are the DNS manager for the eastsim.com domain. You have a domain controller named DC1 that holds an Active Directory-integrated zone for the eastsim.com zone. Users have complained about multiple DNS name resolution errors. You have examined the configuration, but can't see anything wrong. To help identify the problem, you would like to track the DNS packets sent and received by the server. You would also like to filter by IP address. What should you do?

On the DNS server, enable debug logging.

You are the network administrator for westsim.com. The network consists of Active Directory domains named westsim.com and sales.westsim.com. The DNS servers in the westsim.com domain are authoritative for the westsim.com DNS domain. The DNS servers in the sales.westsim.com domain are authoritative for the sales.westsim.com DNS domain. All the servers run Windows Server 2016. All the clients run Windows 10. The company plans to implement a new domain named private.westsim.com. You need to design the DNS infrastructure to support the new domain. Your solution must meet the following requirements: • The DNS servers in private.westsim.com must be authoritative for the private.westsim.com DNS domain. • All clients in the forest must be able to resolve private.westsim.com fully qualified domain names (FQDNs). • DNS servers in the westsim.com and sales.westsim.com domains should not be authoritative for the private.westsim.com domain and should not contain any records for nodes in the private.westsim.com. You install Active Directory, create the new domain, and verify that DNS is working within the private.westsim.com domain. What should you do next?

On the DNS servers in westsim.com, you should create a delegation for private.westsim.com and point the delegation to the DNS servers that are authoritative for private.westsim.com.

Match each statistic on the right with the section in the output of the Get-DnsServerStatistics cmdlet where it can be found on the left. Each section may be used once, more than once, or not at all.

Total number of dynamic update requests received. Zone Update Statistics Number of queries for A records not responded to. Zone Query Statistics Number of queries for CNAME records received. Zone Query Statistics Total number of zone transfer requests sent as a secondary server. Zone Transfer Statistics Total number of dynamic updates rejected. Zone Update Statistics

You manage the DNS servers that are authoritative for the private.westsim.com zone. Two servers are authoritative for the zone. DNS1 hosts the primary DNS zone, and DNS2 holds a secondary copy of the zone. You have just manually created an A resource record for a new web server on your network that is configured with a static IP address. From a client computer, you open a browser and try to connect to the new web server. You get an error message stating that the web site is not found. You run ipconfig /all and find that he client is correctly configured to use the DNS1 server as its preferred DNS server. But, as you continue to troubleshoot the problem, you discover that you incorrectly typed the server's IP address while creating its A resource record. You correct the IP address in the A record and retry connecting to the web site. However, you get the same error on your workstation. What should you do?

On the client computer, run ipconfig /flushdns.

You configured the IP address and DNS name of a new internal web server named WEB3. Your first test from a web browser on your workstation was successful. But when you came to work this morning, you were not able access WEB3 from the same client computer using the same browser. You get an error message stating that this site cannot be reached. You have not changed the server's IP configuration since the successful test the night before. Which troubleshooting step should you try first to discover what the problem might be?

Ping WEB3 using its IP address.

Listed below are several DNS record types. Match the record type on the left with its function on the right.

Points a hostname to an IPv4 address. A Provides alternate names to hosts that already have a host record. CNAME Points an IP address to a hostname. PTR Points a hostname to an IPv6 address. AAAA Identifies servers that can be used to deliver mail. MX

Which utility is used to create and configure DNS policies?

PowerShell

Which type of DNS policy allows DNS servers to resolve a hostname to an IP address based on the geographical location of both the client and the host?

Query Resolution Policy

What is the first action that a DNS client will take when attempting to resolve a single-label name to an IP address?

Query a DNS server for a host name formed by appending the client's primary DNS suffix to the single-label name.

You want to provide single-label name resolution on your network. You have a domain controller named DC3 that is also a DNS server. You take the following actions on DC3: You enable GlobalNames support on DC3. You create the GlobalNames zone as an Active Directory-integrated zone. You manually create CNAME records for each host that requires single-label name resolution. All other settings use the default settings. DC3 is able to resolve single-label name requests successfully. You have two additional domain controllers in the same forest that are also DNS servers (DC7 and DC9). Single-label name requests sent to these other servers are not resolved correctly. You want these two servers to be able to resolve single-label names. What should you do?

Run dnscmd with the /enableglobalnamessupport 1 option on both servers.

You need to create a DNS record that identifies a service, protocol, and port number. Which record type would you create?

SRV

Your organization uses one primary DNS zone that is backed up by seven secondary DNS zones on other servers. You haven't made any changes to your primary zone. However, you want to be sure that all of your secondaries are up to date. To do this, you want to force a zone transfer to the secondary zones as soon as possible. Click the option in the zone properties that you would use to force a zone transfer.

Serial number / Increment

The image shows the current scavenging settings for the eastsim.com zone. Automatic scavenging has been configured on the zone to run every hour. You want to modify the existing settings so that DNS records are deleted within 10 days after they have not been refreshed. What should you do?

Set the refresh interval to 3

You are creating a new DNS zone. To protect your zone data from wire sniffers, your organization's security policy specifies that only secure zone transfers are allowed.Click the option you must use to configure this.

Store the zone in Active Directory (available only if DNS server is a writeable domainController)

Match each DNS policy type on the left with its description and associated PowerShell command on the right. Each option may be used once, more than once, or not at all.

This type of policy specifies how incoming resolution queries are handled by a DNS server. Query Resolution Policies This type of policy controls how the DNS server performs recursion for a query. Recursion Policies This type of policy controls whether a zone transfer is allowed or not. Zone Transfer Policies Add-DnsServerQueryResolutionPolicy Query Resolution Policies Add-DnsServerZoneTransferPolicy Recursion Policies Add-DnsServerRecursionScope Zone Transfer Policies

You are the network administrator for northsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. The northsim.com network has one main office with 1,500 users. There are two domain controllers named DC1 and DC2, as well as several file servers and an application server. DC1 hosts a standard primary zone for the northsim.com domain. DC2 hosts a standard secondary zone for the northsim.com domain. A new corporate security policy requires that all clients perform Secure Dynamic Updates to DNS records. You open the properties of the northsim.com forward lookup zone. The Secure Only option is missing from the Dynamic Updates drop-down combo box. You must ensure that all updates to the northsim.com DNS domain are secure. What should you do?

You should convert the northsim.com zone to an Active Directory-integrated zone.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016. All of the clients run Windows 10. Clients routinely access a web application on a server named web1.westsim.com. During the course of the business day, you receive complaints that users attempting to access web1.westsim.com were directed to an unknown IP address on the Internet. They accessed a website that looked similar to the web application on web1.westsim.com, but were provided no functionality. After researching the internet IP address, you find that it belongs to a group of attackers suspected of hacking into company web sites. You determine that the compromise occurred because of DNS cache poisoning. To protect the server, you need to ensure that cache records on the DNS server cannot be overwritten until the Time to Live (TTL) period has expired. What should you do?

You should implement the DNS Cache Locking feature.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. The company has one main office. There is one server named DNS1 with the DNS Server role installed. A new company security directive states that servers should not use port 49308. All other port ranges are acceptable and should not be excluded. You need to configure DNS1 to adhere to the new security requirement without any loss of DNS functionality. What should you do?

You should set the SocketPoolExcludedPortRanges setting in the registry on the DNS servers to 49308-49308.

You are the manager for the westsim.com domain. All computers are members of the westsim.com domain. A single Windows Server 2016 server is the domain controller and DNS server for the domain. You have recently installed a new server, srv12, with the IP address 192.168.3.199/24. You need to manually create a record in the DNS database that provides IP address-to-hostname resolution. Which command would you use?

dnscmd /recordadd 3.168.192.in-addr.arpa 199 PTR srv12.westsim.com

After reconfiguring the static address of an internal web server named WEB3, your client computer can no longer connect to WEB3. However, other users are still able to connect to the same web server. You suspect that your computer still has the old IP address for WEB3 in its DNS cache. Which command can you use to verify that this is the case before clearing the DNS cache on your computer?

ipconfig /displaydns

A client's primary DNS suffix is east.corpsim.com. The client is also configured with a DNS suffix search list containing west.corpsim.com and ny.east.corpsim.com. Which FQDNs will be included in DNS queries when DNS devolution is used by the client to resolve a single-label name of srv42? (Select two.)

srv42.corpsim.com srv42.east.corpsim.com


Related study sets

Ch. 22, "Romanticism, Realism, Photography: Europe & America 1800-1870", pp. 672-719

View Set

NURSING CONCEPTS CHAPTER 31 AND 33

View Set

Recognizing Titles of Long-Form and Short-Form Works

View Set

Vlad Head and Neck part 1 IN PROGRESS

View Set

Midterm Exam #2 Financial Management

View Set

Management 312 Final Exam Study Guide

View Set

MIS 140 Chapter 5 - Chapter 6 Questions

View Set

BUSMHR 4490 Quiz 2 (Chapters 6-9)

View Set