Certified Ethical Hacker v8

QUESTION NO: 8

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1. Server1 runs Windows Server 2012 and has the DHCP Server server role installed.

You create two IPv4 scopes on Server1. The scopes are configured as shown in the following table.

The DHCP clients in Subnet1 can connect to the client computers in Subnet2 by using an IP address or a FQDN.

You discover that the DHCP clients in Subnet2 can connect to client computers in Subnet1 by using an IP address only.

You need to ensure that the DHCP clients in both subnets can connect to any other DHCP client by using a FQDN.

What should you add?

A. The 006 DNS Servers option to Subnet2

B. The 015 DNS Domain Name option to Subnet1

C. The 006 DNS Servers option to Subnet1

D. The 015 DNS Domain Name option to Subnet2

Answer: D

Explanation:

To configure DNS server as a scope option or server option is as follows:

Click Start, point to Administrative Tools and then click DHCP.

In the console tree, expand the applicable DHCP server, expand IPv4, and then right-click Server Options

Click Configure Options, check 015 DNS Domain Name, type the applicable domain name in String value:, and then click OK.

Incorrect answers:

A: The 006 option is used in IPv6 scopes.

B: This is the wrong subnet to do the addition of the 015 DNS Domain Name option.

C: The 006 option should be used in IPv6 scopes.

References:

http://technet.microsoft.com/en-us/library/ee941136%28v=WS.10%29.aspx

Training Guide: Installing and Configuring Windows Server 2012, Chapter 6: Network Administration, p.253

QUESTION NO: 9

You have a server named dc2.contoso.com that runs Windows Server 2012 and has the DNS Server server role installed.

You open DNS Manager as shown in the exhibit. (Click the Exhibit button.)

You need to view the DNS server cache from DNS Manager.

What should you do first?

A. From the View menu, click Advanced.

B. From the Action menu, click Configure a DNS Server...

C. From the View menu, click Filter...

D. From the Action menu, click Properties.

Answer: A

Explanation:

Navigating the DNS Manager console you should go to the View menu and click the Advanced tab. That will yield the DNS server cache.

References:

http://technet.microsoft.com/en-us/library/ee683892%28v=WS.10%29.aspx

QUESTION NO: 10

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.

You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.

You configure all of the client computers to use Server1 as their primary DNS server.

You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Remove all root hints.

B. Create a primary zone named "GlobalNames".

C. Create a primary zone named "root".

D. Create a stub zone named "root".

Answer: C

Explanation:

A Primary zone is basically a zone that contains the master copy of the zone database, where administrators make all changes to the zone’s resource records. If the Store The Zone In Active Directory (Available Only If DNS Server Is A Domain Controller) check box is cleared, the server creates a primary master zone database file on the local drive. Thus you need to create a primary zone named ‘root’.

Incorrect answers:

A: Removing all root hints will prevent any name resolution whatsoever. Every DNS server should be able to contact root name servers to operate properly.

B: This is not required since in Windows Server 2012 the DNS Server role already supports the GlobalNames zone.

D: When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Cpnfigure the DNS service, Chapter 4: Deploying and Configuring core network services, p. 234

Understanding Zone Types

QUESTION NO: 11

Your network contains an Active Directory domain named contoso.com. The domain contains a member server named Server1 and a domain controller named DC2. All servers run Windows Server 2012. All domain controllers are configured as DNS servers. On Server1, you open Server Manager and you add DC2 as another server to manage.

From Server Manager on Server2, you right-click DC2 as shown in the exhibit. (Click the Exhibit button.)

You need to ensure that when you right-click DC2, you see the option to run DNS Manager.

What should you do?

A. In the domain, add Server1 to the DNS Admins group.

B. On DC2 and Server1, run winrmquickconfig.

C. On DC2, install the Feature Administration Tools.

D. On Server1, install the Role Administration Tools.

Answer: D

Explanation:

The Domain Name System (DNS) role is a role that provides a standard method for associating names with numeric Internet addresses. This lets users refer to network computers by using easy-to-remember names instead of a long series of numbers. Windows DNS services can be integrated with DHCP services, eliminating the need to add DNS records as computers are added to the network.

Incorrect answers:

A: The DNS manager is a role that should be added.

B: To run DNS manager you need to install the role.

C: DNS manager is a role not a feature.

References:

http://technet.microsoft.com/en-us/library/cc732263.aspx

http://technet.microsoft.com/en-us/magazine/ff700227.aspx

QUESTION NO: 12

Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2. You plan to install a new domain controller named DC4 that runs Windows Server 2012.

The new domain controller will have the following configurations:

  • Schema master

  • Global catalog server

  • DNS Server server role

  • Active Directory Certificate Services server role

You need to identify which configurations Administrators by using the Active Directory Installation Wizard.

Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)

A. Transfer the schema master.

B. Enable the global catalog server.

C. Install the DNS Server role

D. Install the Active Directory Certificate Services role.

Answer: A, D

Explanation:

Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server. Active Directory Certificate Services and schema must be done separately.

Incorrect answers:

B: The Installation Wizard automatically enables the global catalogue server.

C: The Installation Wizard automatically installs the DNS Server role.

References:

http://technet.microsoft.com/en-us/library/hh831457.aspx

QUESTION NO: 13

You have a server that runs a Server Core installation of Windows Server 2012.

You need to change the DNS server used by IPv6.

What should you do?

A. From Windows PowerShell, run the Set-NetIpv6Protocol cmdlet.

B. From Sconfig, configure the Network Settings.

C. From Windows PowerShell, run the Set-DnsClientServerAddresscmdlet.

D. Run the sc.exe command and specify the config parameter.

Answer: C

Explanation:

The Set-DnsClientServerAddress cmdlet sets one or more IP addresses for DNS servers associated with an interface. This cmdlet statically adds DNS server addresses to the interface. If this cmdlet is used to add DNS servers to the interface, then the DNS servers will override any DHCP configuration for that interface.

PS C:\> Set-DnsClientServerAddress -InterfaceIndex 12 -ServerAddresses "10.0.0.1","10.0.0.2")

Incorrect answers:

A: You need to make use of the Windows PowerShell, but running this command will change the DNS server.

B: In Windows Server 2012, you can use the Server Configuration tool (Sconfig.cmd) to configure and manage several common aspects of Server Core installations. You must be a member of the Administrators group to use the tool. Sconfig.cmd is available in the Minimal Server Interface and in Server with a GUI mode. But to change the DNS server used by IPv6 it is best accomplished running the Set-DnsClientServerAddress cmdlet from the Windows PowerShell.

D: Executing the sc.exe command with the config parameter will modify service configuration.

References:

http://technet.microsoft.com/en-us/library/jj592692.aspx

http://technet.microsoft.com/en-us/library/jj590768.aspx

QUESTION NO: 14

Your network contains two Active Directory forests named contoso.com and adatum.com. Each forest contains one domain. A two-way forest trust exists between the forests.

The forests use the address spaces shown in the following table.

From a computer in the contoso.com domain, you can perform reverse lookups for the servers in the contoso.com domain, but you cannot perform reverse lookups for the servers in the adatum.com domain.

From a computer in the adatum.com domain, you can perform reverse lookups for the servers in both domains.

You need to ensure that you can perform reverse lookups for the servers in the adatum.com domain from the computers in the contoso.com domain.

What should you create?

A. a delegation

B. a trust point

C. a conditional forwarder

D. a GlobalNames zone

Answer: C

Explanation:

Conditional forwarders are DNS servers that only forward queries for specific domain names. Instead of forwarding all queries it cannot resolve locally to a forwarder, a conditional forwarder is configured to forward a query to specific forwarders based on the domain name contained in the query. Forwarding in terms of domain names improves conventional forwarding by adding a name-based condition to the forwarding process.

Incorrect answers:

A: A zone delegation is not the tool used to perform reverse lookups.

B: A trust point will not ensure reverse lookups.

D: There is no need to create a zone delegation because the DNS Server Role in Windows Server 2008 now supports the GlobalNames Zone. This has been introduced to assist organizations to move away from WINS and allow organizations to move to an all-DNS environment. Unlike WINS, The GlobalNames zone is not intended to be used for peer-to-peer name resolution.

References:

http://technet.microsoft.com/en-us/library/cc757172(v=ws.10).aspx

QUESTION NO: 15 DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that has the DNS Server server role installed. DC1 hosts an Active Directory-integrated zone for the domain. The domain contains a member server named Server1.

You install the DNS Server server role on Server1.

You need to ensure that Server1 can respond authoritatively to queries for the existing contoso.com namespace.

Which cmdlets should you run on each server? (To answer, drag the appropriate cmdlets to the correct servers. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)

Answer: <map><m x1="7" x2="259" y1="48" y2="77" ss="0" a="0" /><m x1="4" x2="263" y1="83" y2="110" ss="0" a="0" /><m x1="6" x2="259" y1="117" y2="145" ss="0" a="0" /><m x1="6" x2="255" y1="156" y2="178" ss="0" a="0" /><m x1="6" x2="258" y1="186" y2="210" ss="0" a="0" /><m x1="5" x2="261" y1="217" y2="243" ss="0" a="0" /><m x1="3" x2="265" y1="257" y2="275" ss="0" a="0" /><m x1="222" x2="233" y1="310" y2="309" ss="0" a="0" /><m x1="4" x2="262" y1="286" y2="311" ss="0" a="0" /><m x1="349" x2="609" y1="57" y2="92" ss="1" a="0" /><m x1="353" x2="607" y1="100" y2="125" ss="1" a="0" /><c start="5" stop="0" /><c start="2" stop="1" /></map>

Explanation:

The Set-DnsServerPrimaryZone cmdlet changes settings for an existing Domain Name System (DNS) primary zone. You can change values that are relevant for either Active Directory-integrated zones or file-backed zones. This cmdlet should be run on Server1 to make it authoritative. The Add-DnsServerSecondaryZone cmdlet adds a specified secondary zone on a Domain Name System (DNS) server. You can create either a forward lookup zone or a reverse lookup zone. This cmdlet should be run on DC1.

Incorrect answers:

The Add-DnsServerForwarder cmdlet adds one or more forwarders to a DNS server's forwarders list.

The Add-DnsServerTrustAnchor cmdlet adds a trust anchor (DNSKEY record or DS record) to a DNS server. If no trust anchor is present, the cmdlet creates one.

The Add-DnsServerPrimaryZone cmdlet adds a specified primary zone on a Domain Name System (DNS) server.

The Set-DNSServerDSSetting cmdlet modifies DNS Active Directory settings.

The Set-DnsServerPrimaryZone cmdlet changes settings for an existing Domain Name System (DNS) primary zone.

The Set-DNSServerSetting cmdlet modifies DNS server settings.

References:

http://technet.microsoft.com/en-us/library/jj649865.aspx

http://technet.microsoft.com/en-us/library/jj649900.aspx

QUESTION NO: 16

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy. You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed. You configure all of the client computers to use Server1 as their primary DNS server.

You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Configure the Security settings of the contoso.com zone.

B. Remove all root hints.

C. Create a primary zone named “.”.

D. Create a primary zone named “root”.

E. Create a primary zone named "GlobalNames".

F. Create a forwarder that points to 169.254.0.1.

G. Create a stub zone named “root”.

H. Create a zone delegation for GlobalNames.contoso.com.

Answer: B, C

Explanation:

You must remove the default root hints files if you want to stop Server1 from trying to resolve internet host names for the client computers.

You should install a root (.) zone on all internal DNS servers to prevent name resolution on the Internet

Incorrect answers:

A: Configuring security settings are not what are required in this situation. Creating a stub zone is a better option.

D: You should not create a primary zone named ‘root’ because then the zone will contain a master copy of the zone database and will thus not prevent the Server from resolving Internet host names. The DNS Server Role in Windows Server 2008 now supports the GlobalNames Zone. This has been introduced to assist organizations to move away from WINS and allow organizations to move to an all-DNS environment. Unlike WINS, The GlobalNames zone is not intended to be used for peer-to-peer name resolution.

E: Creating a primary zone named ‘GlobalNames’ because primary zones contain a master copy of the zone database and will thus not prevent Server1 from resolving Internet host names.

F: On a network with several servers and/or client computers a server that is configured as a forwarder will manage the Domain Name System (DNS) traffic between your network and the Internet.

G: When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.

H: Creating zone delegations does not resolve issues concerning Internet host name resolving.

References:

http://support.microsoft.com/kb/298148

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 4: Deploying and Configuring core network services, Objective 4.3: Deploy and Configure the DNS service, p. 233

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure the DNS service, Chapter 4: Deploying and Configuring core network services, p. 234

Understanding Zone Types

QUESTION NO: 17

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.

You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.

You configure all of the client computers to use Server1 as their primary DNS server.

You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Create a primary zone named "root".

B. Create a primary zone named ".".secondary zone.

C. Create a stub zone named "root".

D. Create a zone delegation for GlobalNames.contoso.com.

Answer: C

Explanation:

When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.

A stub zone will forward and refer requests only for the key resource records that identify the authoritative servers for the zone. Thus a stub zone can be used to prevent Server1 to try and resolve Internet host names.

Incorrect answers:

A: You should not create a primary zone because then the zone will contain a master copy of the zone database and will thus not prevent the Server from resolving Internet host names.

B: A secondary zone will create a duplicate of the primary zone on another server which essentially makes it a backup copy of the primary master zone database file.

D: A zone delegation is not used to prevent servers from trying to resolve Internet host names.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 4: Deploying and Configuring core network services, Objective 4.3: Deploy and Configure the DNS service, p. 233

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure the DNS service, Chapter 4: Deploying and Configuring core network services, p. 234

Understanding Zone Types

QUESTION NO: 18

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.

You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.

You configure all of the client computers to use Server1 as their primary DNS server.

You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Create a zone delegation for GlobalNames.contoso.com.

B. Remove all root hints.

C. Create a stub zone named "root".

D. Create a primary zone named "root".

Answer: C

Explanation:

A stub zone will forward and refer requests only for the key resource records that identify the authoritative servers for the zone and the stub zone will maintain a current list of authoritative DNS servers for the child zone. Thus a stub zone can be used to prevent Server1 to try and resolve Internet host names.

Stub zones are used to improve name resolution so that the DNS server will perform recursion using the stub zone’s list of name server without querying the Internet or even an internal root server.

Incorrect answers:

A: There is no need to create a zone delegation because the DNS Server Role in Windows Server 2008 now supports the GlobalNames Zone. This has been introduced to assist organizations to move away from WINS and allow organizations to move to an all-DNS environment. Unlike WINS, The GlobalNames zone is not intended to be used for peer-to-peer name resolution.

B: Removing root hints will hinder any name resolution processes whatsoever.

D: You should not create a primary zone because then the zone will contain a master copy of the zone database and will thus not prevent the Server from resolving Internet host names.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 4: Deploying and Configuring core network services, Objective 4.3: Deploy and Configure the DNS service, p. 233

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure the DNS service, Chapter 4: Deploying and Configuring core network services, p. 234

Understanding Zone Types

QUESTION NO: 19

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.

You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.

You configure all of the client computers to use Server1 as their primary DNS server.

You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Configure the Security settings of the contoso.com zone.

B. Create a stub zone named "root".

C. Create a primary zone named ".". secondary zone .

D. Create a primary zone named "GlobalNames".

Answer: B

Explanation:

When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.

A stub zone will forward and refer requests only for the key resource records that identify the authoritative servers for the zone. Thus a stub zone can be used to prevent Server1 to try and resolve Internet host names.

Stub zones are used to improve name resolution so that the DNS server will perform recursion using the stub zone’s list of name server without querying the Internet or even an internal root server.

Incorrect answers:

A: Configuring security settings are not what are required in this situation. Creating a stub zone is a better option.

C: A secondary zone will create a duplicate of the primary zone on another server which essentially makes it a backup copy of the primary master zone database file.

D: You should not create a primary zone because then the zone will contain a master copy of the zone database and will thus not prevent the Server from resolving Internet host names. The DNS Server Role in Windows Server 2008 now supports the GlobalNames Zone. This has been introduced to assist organizations to move away from WINS and allow organizations to move to an all-DNS environment. Unlike WINS, The GlobalNames zone is not intended to be used for peer-to-peer name resolution.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 4: Deploying and Configuring core network services, Objective 4.3: Deploy and Configure the DNS service, p. 233

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure the DNS service, Chapter 4: Deploying and Configuring core network services, p. 234

Understanding Zone Types

QUESTION NO: 20

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 8. All of the client computers connect to the Internet by using a web proxy.

You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.

You configure all of the client computers to use Server1 as their primary DNS server.

You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Create a primary zone named ".".

B. Configure the Security settings of the contoso.com zone.

C. Create a zone delegation for GlobalNames.contoso.com.

D. Create a stub zone named "root".

Answer: D

Explanation:

A stub zone will forward and refer requests only for the key resource records that identify the authoritative servers for the zone. Thus a stub zone can be used to prevent Server1 to try and resolve Internet host names.

Incorrect answers:

A: a primary zone contains the master copy of the zone database and will thus not prevent server1 from trying to resolve Internet host names.

B: Configuring the security settings of the zone is not required when all you need to do is to create a stub zone.

C: a zone delegation is not the tool used to stop a server from trying to resolve internet host names.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 4: Deploying and Configuring core network services, Objective 4.3: Deploy and Configure the DNS service, p. 233

QUESTION NO: 21 DRAG DROP

Your network contains an Active Directory domain named contoso.com. The domain contains a server named Server1. Server1 runs a Server Core installation of Windows Server 2012.

You install the DNS Server server role on Server1.

You need to perform the following configurations on Server1:

  • Create an Active Directory-integrated zone named adatum.com.

  • Send unresolved DNS client queries for other domain suffixes to the DNS server of your company's Internet Service Provider (ISP).

Which Windows PowerShell cmdlets should you use?

To answer, drag the appropriate cmdlet to the correct configuration in the answer area. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

Answer: <map><m x1="2" x2="278" y1="63" y2="90" ss="0" a="0" /><m x1="3" x2="278" y1="97" y2="125" ss="0" a="0" /><m x1="0" x2="278" y1="132" y2="156" ss="0" a="0" /><m x1="4" x2="282" y1="165" y2="192" ss="0" a="0" /><m x1="0" x2="279" y1="196" y2="223" ss="0" a="0" /><m x1="4" x2="278" y1="234" y2="258" ss="0" a="0" /><m x1="577" x2="851" y1="63" y2="88" ss="1" a="0" /><m x1="575" x2="853" y1="137" y2="164" ss="1" a="0" /><c start="1" stop="0" /><c start="3" stop="1" /></map>

Explanation:

Add-DnsServerDirectoryPartition: Creates a DNS application directory partition.

Add-DnsServerPrimaryZone: Adds a primary zone to a DNS server.

Set-DNSServer Overwrites a DNS server configuration.

SET-DNSServerForwarder Changes forwarder settings on a DNS server

Set-DNSServerDSSetting Modifies DNS Active Directory settings.

Set-DNSServerSetting Modifies DNS server settings.

References:

http://technet.microsoft.com/en-us/library/jj649942(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/jj649876(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/jj649845(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/jj649887(v=wps.620).aspx

http://technet.microsoft.com/en-us/library/jj649874.aspx

http://technet.microsoft.com/en-us/library/jj649909.aspx

QUESTION NO: 22

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 2012. All of the client computers connect to the Internet by using a web proxy. You deploy a server named Server1 that runs Windows Server 2012.

Server1 has the DNS Server server role installed. You configure all of the client computers to use Server1 as their primary DNS server. You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Configure the Security settings of the contoso.com zone.

B. Remove all root hints.

C. Create a primary zone named “GlobalNames”.

D. Create a forwarder that points to 169.254.0.1.

E. Create a stub zone named “root”.

F. Create a zone delegation for GlobalNames.contoso.com.

Answer: E

Explanation:

When a zone that this DNS server hosts is a stub zone, this DNS server is a source only for information about the authoritative name servers for this zone. The zone at this server must be obtained from another DNS server that hosts the zone. This DNS server must have network access to the remote DNS server to copy the authoritative name server information about the zone.

A stub zone will forward and refer requests only for the key resource records that identify the authoritative servers for the zone. Thus a stub zone can be used to prevent Server1 to try and resolve Internet host names.

Stub zones are used to improve name resolution so that the DNS server will perform recursion using the stub zone’s list of name server without querying the Internet or even an internal root server.

Incorrect answers:

A: Configuring security settings are not what are required in this situation. Creating a stub zone is a better option.

B: Removing root hints would be incorrect since root hints are a vital cog in configuring your DNS Server. If your server receives a query for an unknown domain, then the root hints give a clue as to where to search for the answer.

C: You should not create a primary zone because then the zone will contain a master copy of the zone database and will thus not prevent the Server from resolving Internet host names. The DNS Server Role in Windows Server 2008 now supports the GlobalNames Zone. This has been introduced to assist organizations to move away from WINS and allow organizations to move to an all-DNS environment. Unlike WINS, The GlobalNames zone is not intended to be used for peer-to-peer name resolution.

D: A: On a network with several servers and/or client computers a server that is configured as a forwarder will manage the Domain Name System (DNS) traffic between your network and the Internet.

F: Creating zone delegations does not resolve issues concerning Internet host name resolving.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 4: Deploying and Configuring core network services, Objective 4.3: Deploy and Configure the DNS service, p. 233

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure the DNS service, Chapter 4: Deploying and Configuring core network services, p. 234

Understanding Zone Types

QUESTION NO: 23

Your network contains an Active Directory domain named contoso.com. The network contains 500 client computers that run Windows 2012. All of the client computers connect to the Internet by using a web proxy.

You deploy a server named Server1 that runs Windows Server 2012. Server1 has the DNS Server server role installed.

You configure all of the client computers to use Server1 as their primary DNS server.

You need to prevent Server1 from attempting to resolve Internet host names for the client computers.

What should you do on Server1?

A. Create a forwarder that points to 169.254.0.1.

B. Create a primary zone named “GlobalNames”.

C. Remove all root hints.

D. Create a zone delegation for GlobalNames.contoso.com.

Answer: C

Explanation:

Root Hints are a vital cog in configuring your DNS Server. If your server receives a query for an unknown domain, then the root hints give a clue as to where to search for the answer.

If you operate internal root DNS servers on a private network that is not connected to the Internet, edit or replace root hints to point to your own internal root DNS servers. Delete root hints from your internal root DNS servers.

Incorrect answers:

A: On a network with several servers and/or client computers a server that is configured as a forwarder will manage the Domain Name System (DNS) traffic between your network and the Internet.

B: GlobalNames is to help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. Some customers in particular require the ability to have the static, global records with single-label names that WINS currently provides. These single-label names typically refer to records for important, well-known and widely-used servers for the company, servers that are already assigned static IP addresses and are currently managed by IT-administrators using WINS. GNZ is designed to enable the resolution of these single-label, static, global names for servers using DNS.

D: Creating zone delegations does not resolve issues concerning Internet host name resolving. You should rather remove all root hints.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure the DNS service, Chapter 4 Deploying and Configuring core network services, p. 231, 236

QUESTION NO: 24

Your network contains an Active Directory domain named contoso.com. The domain contains a domain controller named DC1 that hosts the primary DNS zone for contoso.com.

All client computers are configured to use DC1 as the primary DNS server.

You need to configure DC1 to resolve any DNS requests that are not for the contoso.com zone by querying the DNS server of your Internet Service Provider (ISP).

What should you configure?

A. Name server (NS) records

B. Condition& forwarders

C. Forwarders

D. Naming Authority Pointer (NAPTR) DNS resource records (RR)

Answer: C

Explanation:

On a network with several servers and/or client computers a server that is configured as a forwarder will manage the Domain Name System (DNS) traffic between your network and the Internet.

Incorrect answers:

A. Specifies a name server for the domain, which allows DNS lookups within various zones. Each primary and secondary name server should be declared through this record. However, in this scenario you require a forwarder.

B. Conditions are not required here, you need to resolve DNS issues regarding DNS requests.

D. A pointer is to provide an address to name mapping that supplies a DNS name for a specific address in the in-addr.arpa domain.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 4.3: Deploy and Configure the DNS service, Chapter 4 Deploying and Configuring core network services, p. 231, 236

http://technet.microsoft.com/en-us/library/cc722542.aspx

http://technet.microsoft.com/en-us/library/cc754931.aspx

QUESTION NO: 25

Your network contains a domain controller that is configured as a DNS server. The server hosts an Active Directory-integrated zone for the domain. You need to reduce how long it takes until stale records are deleted from the zone.

What should you do?

A. From the configuration directory partition of the forest, modify the tombstone lifetime.

B. From the configuration directory partition of the forest, modify the garbage collection interval.

C. From the aging properties of the zone, modify the no-refresh interval and the refresh interval.

D. From the start of authority (SOA) record of the zone, modify the refresh interval and the expire interval.

Answer: C

Explanation:

Scavenging automates the deletion of old records. When scavenging is enabled, then you should also change the no-refresh and refresh intervals of the aging properties of the zone else it may take too long for stale records to be deleted and the size of the DNS database can become large and have an adverse effect on performance.

Incorrect answers:

A: Tombstones are in essence the deleted objects of the directory database. This is usually the garbage collection products.

B: Garbage collection in Active Directory Domain Services (AD DS) is the process of removing deleted objects (tombstones) from the directory database. This process results in free disk space in the directory database. By default, this free space is not reported in Event Viewer.

D: The Refresh interval of the SOA specifies the refresh interval for the zone. The standard setting is 3600 seconds (one hour). The Expire interval of the SOA specifies the expire interval for the zone. The standard setting is 86400 seconds (one day). However both these settings affect how zone transfers are made between servers and not how long it takes for stale records to be deleted.

References:

http://technet.microsoft.com/en-us/library/ff807390%28v=WS.10%29.aspx

QUESTION NO: 26

You have an Active Directory domain named contoso.com. You have a domain controller named Server1 that is configured as a DNS server. Server1 hosts a standard primary zone for contoso.com. The DNS configuration of Server1 is shown in the exhibit.

PhotoShare(2)

You discover that stale resource records are not automatically removed from the contoso.com zone. You need to ensure that the stale resource records are automatically removed from the contoso.com zone.

What should you do?

A. Set the scavenging period of Server1 to 0 days.

B. Modify the Server Aging/Scavenging properties.

C. Configure the aging properties for the contoso.com zone.

D. Convert the contoso.com zone to an Active Directory-integrated zone.

Answer: C

Explanation:

Scavenging or aging as it is also known as automates the deletion of old records. When scavenging is disabled, these records must be deleted manually or the size of the DNS database can become large and have an adverse effect on performance. In the exhibit it shows that scavenging is enabled on Server1, thus you should configure the aging properties for the zone.

Incorrect answers:

A: Setting the scavenging period from 1 to 0 is disabling scavenging.

B: The server scavenging properties shows that it is already enabled. You should just set the zone properties as well.

D: There is no need for zone modifications.

References:

Training Guide: Installing and Configuring Windows Server 2012, Chapter 6: Network Administration, Lesson 3: Managing networking using Powershell, p. 256

http://technet.microsoft.com/en-us/library/ff807390%28v=WS.10%29.aspx

Topic 13, Install domain controllers

Add or remove a domain controller from a domain; upgrade a domain controller; installActive Directory Domain Services (AD DS) on a Server Core installation; install a domain controller from Install from Media (IFM); resolve DNS SRV record registration issues; configure a global catalog server

QUESTION NO: 1

Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. One of the domain controllers is named DCI.

The network contains a member server named Server1 that runs Windows Server 2012.

You need to promote Server1 to a domain controller by using install from media (IFM).

What should you do first?

A. Create a system state backup of DC1.

B. Create IFM media on DC1.

C. Upgrade DC1 to Windows Server 2012.

D. Run the Active Directory Domain Services Configuration Wizard on Server1.

E. Run the Active Directory Domain Services Installation Wizard on DC1.

Answer: C

Explanation:

This is the only valid option. You could install ADDS role on Server 1 and run ADDS configuration wizard and add DC to existing domain.

Incorrect answers:

A. Backs up system state data to be restored

B. One can install a domain controller from IFM, however in this scenario the server named DC1 is best served by an upgrade to Windows Server 2012 to use to promote Server1 to a domain controller.

D. Need to add ADDS role first.

E. Wrong server.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 5.1 Install Domain Controllers, Chapter 5: Install and Administer Active Directory, p. 250

http://technet.microsoft.com/en-us/library/jj574166.aspx

QUESTION NO: 2

Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers named DC1 and DC.

You install Windows Server 2012 on a new computer named DC3.

You need to manually configure DC3 as a domain controller.

Which tool should you use?

A. Server Manager

B. winrm.exe

C. Active Directory Domains and Trusts

D. dcpromo.exe

Answer: A

Explanation:

A. The Server manager is used to configure domains. You should navigate to the Add Roles Wizard in Server Manager, followed by the Active Directory Domain Services Configuration Wizard to configure DC3 as a domain controller.

Incorrect answers:

B. winrm is the server side service for remote management

C. Active Directory Domains and Trusts is used for trust between multiple domains

D.Dcpromo.exe has been deprecated. In Windows Server 2012, if you run dcpromo.exe (without any parameters) from a command prompt, you receive a message directing you to Server Manager

References:

http://technet.microsoft.com/en-us/library/hh472162.aspx#BKMK_GUI

http://technet.microsoft.com/en-us/library/dd163506.aspx

http://technet.microsoft.com/en-us/library/hh831568.aspx

QUESTION NO: 3

Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.

You plan to install a new domain controller named DC4 that runs Windows Server 8.

The new domain controller will have the following configurations:

  • Schema master

  • Global catalog server

  • DNS Server server role

  • Active Directory Certificate Services server role

You need to identify which configurations cannot be fulfilled by using the Active Directory Installation Wizard.

Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)

A. Transfer the schema master.

B. Enable the global catalog server.

C. Install the DNS Server role.

D. Install the Active Directory Certificate Services role.

Answer: A, D

Explanation:

AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server. ADCS and schema must be done separately.

Incorrect answers:

B: The global catalogue server is automatically installed.

C: the DNS server role is automatically installed.

References:

http://technet.microsoft.com/en-us/library/hh831457.aspx

Exam Ref 70-410: Installing and Configuring Windows Server 2012, Chapter 5: Install and administer Active Directory, Objective 5.1: Install domain controllers, p. 262

QUESTION NO: 4

You have a server named Server1 that runs Windows Server 2012.

You promote Server1 to domain controller.

You need to view the service location (SVR) records that Server1 registers on DNS.

What should you do on Server1?

A. Open the Srv.sys file

B. Open the Netlogon.dns file

C. Run ipconfig/displaydns

D. Run Get-DnsServerDiagnostics

Answer: B

Explanation:

The Netlogon service creates a log file that contains all the locator resource records stored in netlogon. This will allow you to view the SVR records.

Incorrect answers:

A. This file contains the Timestamp server driver and will thus not yield the SVR records.

C. This command is used to display current resolver cache content and not to view SVR records.

D. Executing this command will get DNS event logging details.

References:

http://technet.microsoft.com/en-us/library/cc959303.aspx

http://technet.microsoft.com/en-us/library/jj649883(v=wps.620).aspx

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Chapter 5: Install and Administer Active Directory, Objective 5.1 Install Domain Controllers, p. 251-256

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.