MCP 70-741 Chapter 1: Implement Domain Name System

  1. You have asked a colleague to deploy the DNS server role to a nano server installed as a member of the adatum.com domain. What must your colleague do?
    To install the DNS server role to an existing Nano Server, your colleague should create a remote Windows PowerShell session to the Nano Server and then use the Enable-WindowsOperationalFeature -Online -FeatureName DNS-Server-Full-Role command to add the DNS role.
  2. At a branch office, you do not want the local DNS server to perform queries for local clients aside from those for which it is authoritative. How could you address this objective?
    You could configure the branch DNS server to use forwarding. Specify a DNS server elsewhere in the organization to which it forwards all queries it cannot satisfy locally.
  3. You want only to allow recursion by your DNS servers for queries received on the internal network and not from internet-based clients. How could you address this objective?
    You could implement DNS policies. Specifically, you could create a recursion scope so that recursion is enabled when requested on a specific DNS server interface, or from a specific internal subnet. The following three Windows PowerShell commands would enable you to achieve your objective.

    Set-DnsServerRecursionScope -Name . -EnableRecursion $True

    Add-DnsServerRecursionScope - Name "InternalAdatumClients" -EnableRecursion $True

    Add-DnsServerQueryResolutionPolicy -Name "RecursionControlPolicy" -Action ALLOW -ApplyOnRecursion -RecursionScope "InternalAdatumClients" -ServerInterfaceIP "EQ.10.24.60.254"
  4. Managers at A. Datum are concerned with security and your boss has asked that you implement DNSSEC to help to secure DNS. You know that DNSSEC relies on distributing the NRPT. How could you configure NRPT distribution easily?
    The easiest way to distribute NRPT is to use a GPO. Edit the Default Domain GPO and navigate to Computer Configuration / Policies / Windows Settings / Name Resolution Policy. Create a rule containing the domain suffix you want to distribute for, and then enable both Enable DNSSEC in This Rule and Require DNS Clients to Check that the Name and Address Data Has Been Validated By the DNS Server.
  5. You have installed the DNS server role on a computer running Windows Server 2016. You now want to create zones on the server. You want to store the zone data in AD DS, but the option to store the zone in Active Directory is unavailable. Why might this be?
    The option to store the zone in Active Directory is only available on DNS servers that also have the AD DS server role installed and configured.
  6. You want to be able to deploy an AD DS–integrated primary zone by using Windows PowerShell. What command should you use?
    To deploy an AD DS–integrated primary zone on a DNS server, use the Add-DnsServerPrimaryZone cmdlet with the ReplicationScope parameter. For example: AddDnsServerPrimaryZone -Name “Contoso.com” -ReplicationScope “Domain”
  7. A. Datum has just purchased the Contoso Pharmaceuticals company. Your users are frequently accessing server resources in Contoso’s network infrastructure. You need to configure DNS to support this change in circumstances. What two options do you have to more efficiently manage name resolution in this situation?
    Consider implementing conditional forwarding or a stub zone. Both enable clients to more easily access the name servers for a foreign domain.
  8. Your network consists of many subnets distributed across the globe. You want to make a web server easily accessible from any location by using the same name. However, you want your users to be directed by DNS to a local web server. What feature of Windows Server 2016 would enable this?
    Use DNS policies and DNS zone scopes to configure this behavior. You can create DNS client subnets and assign these subnets into DNS scopes. Next, you create DNS resource records in the zone scopes. Finally, you would use a DNS policy to determine which records are returned to a DNS client, based on the originating subnet.
Author
RaptureRome
ID
337393
Card Set
MCP 70-741 Chapter 1: Implement Domain Name System
Description
Practice Questions for MCP 70-741 Networking with Windows Server 2016, from Chapter 1
Updated