Issuu on Google+

83-640

TS: Windows Server 2008 Active Directory, Configuring

↘

http://www.testsexpert.com/83-640.html


Question: 1 CertKiller.com has an Active Directory forest that contains a single domain named ad.CertKiller.com. All domain controllers are configured as DNS servers and have Windows Server 2008 installed. The network has two Active directory-integrated zones: CertKilleres.com and CertKillerws.com. The company has instructed you to make sure that a user is able to modify records in CertKilleres.com while preventing the user from modifying the SOA record in CertKillerws.com zone. What should you do to achieve this task? A. Modify the permissions of the CertKilleres.com zone by accessing the DNS Manager Console B. Configure the user permissions on CertKilleres.com to include all the users and configure the user permissions on CertKillerws.com to allow only the administrators group to modify the records C. Modify the permission of CertKillerws.com zone by accessing the DNS Manager Console D. Modify the Domain Controllers organizational unit by accessing the Active Directory Users and Computers console. E. None of the above.

Answer: A Explanation: To allow the user to modify records in CertKilleres.com and prevent him/her from modifying the SOA record in CertKillerws.com zone, you should set the permissions of CertKilleres.com through DNS Manager Console. You set the permissions for the users to modify the records in CertKilleres.com. By setting permission on one Active directory-integrated zone, you will be preventing the users from modifying anything else on the other zones.

Question: 2 CertKiller.com has an Active Directory Domain Controller. All domain controllers are configured as DNS servers and have Windows Server 2008 installed. Only one Active-Directory integrated DNS zone is configured on the domain. You need to make sure that outdated DNS records are removed from the DNS zone automatically. What should you do to achieve this task? A. Modify the TTL of the SOA record by accessing the zone properties B. Disable updates from the zone properties C. Execute netsh/Reset DNS command from the Command prompt D. Enable Scavenging by accessing the zone properties E. None of the above

Answer: D

www.testsexpert.com

2


Explanation: To remove the outdated DNS records from the DNS zone automatically, you should enable Scavenging through Zone properties. Scavenging will help you clean up old unused records in DNS. Since "clean up" really means "delete stuff" a good understanding of what you are doing and a healthy respect for "delete stuff" will keep you out of the hot grease. Because deletion is involved there are quite a few safety valves built into scavenging that take a long time to pop. When enabling scavenging, patience is required. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088a6bbce0a4304&ID=211

Question: 3 CertKiller.com has a single Active Directory domain. You have configured all domain controllers in the network as DNS servers and they run Windows Server 2008. A domain controller named CK1 has a standard Primary zone for CertKiller.com and a domain controller named CK2 has a standard secondary zone for CertKiller.com. You need to make sure that the replication of the CertKiller.com zone is encrypted so you might not loose any zone data. What should you do to achieve this task? A. Create a stub zone and delete the secondary zone B. Convert the primary zone into an active directory zone and delete the secondary zone C. Change the interface where DNS server listens on both servers D. On the standard primary zone, configure zone transfer settings. After that modify the master servers lists on the secondary zone E. None of the above

Answer: B Explanation: To make sure that the replication of the CertKiller.com zone is encrypted to prevent data loss, you should convert the primary zone into an active directory zone and delete the secondary zone

Question: 4 CertKiller.com has a main office and a branch office. All servers in both offices run Windows Server 2008. The offices are connected through a WAN link. CertKiller.com has an Active Directory domain that hosts a single domain called maks.CertKiller.com. There is a domain controller in the maks.CertKiller.com domain called CK1. It is located in the main office. You have configured CK1 as a DNS server for the maks.CertKiller.com DNS zone. It is configured as a standard primary zone. You are instructed to install a new domain controller called CK2 in the branch office. After installing the domain controller, you install DNS on CK2. You want to ensure that the DNS service on CK2 can update records and resolve DNS queries in the event of a WAN link failure. What should you do to achieve this objective?

www.testsexpert.com

3


A. Configure the DNS on CK1 to forward requests to CK2 B. Add a secondary zone named maks.CertKiller.com on CK2 C. Convert maks.CertKiller.com on CK1 to an Active Directory-integrated zone D. Configure a new stub zone on CK1 and set the forwarding option to CK2

Answer: C Explanation: To make sure that the DNS service on CK2 can update records and resolve DNS queries in the event of a MAN link failure, you should convert maks.CertKiller.com on CK1 to an Active Directoryintegrated zone. Active Directory-integrated DNS offers two pluses over traditional zones. For one, the fault tolerance built into Active Directory eliminates the need for primary and secondary nameservers . Effectively, all nameservers using Active Directory-integrated zones are primary nameservers . This has a huge advantage for the use of dynamic DNS as well: namely, the wide availability of nameservers that can accept registrations. Recall that domain controllers and workstations register their locations and availability to the DNS zone using dynamic DNS. In a traditional DNS setup, only one type of nameserver can accept these registrations-the primary server, because it has the only read/write copy of a zone. By creating an Active Directoryintegrated zone, all Windows Server 2008 nameservers that store their zone data in Active Directory can accept a dynamic registration, and the change will be propagated using Active Directory multimaster replication. Reference: http://safari.adobepress.com/9780596514112/active_directory-integrated_zones

Question: 5 CertKiller.com has a DNS server with 10 Active Directory Integrated Zones. For auditing purposes, you need to provide copies of the zone files of the DNS server to the security audit group. What should you do to achieve this task? A. Execute ntdsutil > Partition Management > Display commands B. execute ipconfig/registerdns command C. execute the dnscmd/ZoneExport command D. Execute dnscmd/Zoneoutput command

Answer: C Question: 6 CertKiller.com has a domain controller named EDC11 that runs Windows Server 2008. It is configured as a DNS server for CertKiller.com. You install the DNS server role on a member server named S1 and after this, you create a standard secondary zone for CertKiller.com. You configure EDC11 as the master server for the zone. What should you do to make sure that S1 receives zone updates from EDC11?

www.testsexpert.com

4


A. On Server1, add a conditional forwarder. B. On DC1, modify the zone transfer settings for the CertKiller.com zone. C. Add the Server1 computer account to the DNSUpdateProxy group. D. On DC1, modify the permissions of CertKiller.com zone.

Answer: B Question: 7 CertKiller.com has a network consisting of an Active Directory forest named ebd.com. All servers run Windows Server 2008. All domain controllers are configured as DNS servers. The ebd.com DNS zone is stored in the ForestDnsZones Active directory partition. A member server contains a standard primary DNS zone for eb.ebd.com. You need to make sure that all domain controllers can resolve names for eb.ebd.com. What should you do to achieve this task? A. Create a delegation in the ebd.com zone B. Change the properties of SOA record in the eb.ebd.com zone C. Add NS record in the ebd.com zone D. Create a secondary zone on a Global catalog server

Answer: A Question: 8 CertKiller.com has five Windows Server 2008 servers all are operating as domain controllers. Your DNS servers are all currently running as primary DNS zones. A DNS strategy which allows all DNS servers to hold the same database will need to be set up and your company necessitates that you use secure DNS dynamic updates for every client. What type of DNS strategy should you implement? A. One server should be upgraded as a primary master and the rest as stub zones. B. One server should be upgraded as a primary master and the rest as secondary servers. C. All servers should be upgraded to Active Directory Integrated servers. D. All servers should be kept primary servers and replication will need to be set up.

Answer: A,C Explanation: Having all the DNS servers upgraded to Active Directory Integrated zones will permit all DNS servers to share the identical Active Directory DNS database. Active Directory Integrated zones also permit secure dynamic updates. In the case of the TTL being too minute the load on the DNS server escalates.

www.testsexpert.com

5


Question: 9 You are responsible for CertKiller's network infrastructure. You are unsure whether or not you have a problem with name resolution and therefore you require confirmation that you are making use of the correct hostname. You want to test DNS on the local system and you need to establish if the hostname "server-1" resolves to the IP address 10.1.1.1. Which of the following actions provides a solution to the problem? A. A DNS server should be added to your local subnet. B. The mapping for the hostname "server-1" should be added to the IP address 10.1.1.1 in the local system's HOSTS file. C. An A record should be added to your local WINS server. D. An MX record should be added to your local DNS server.

Answer: B Explanation: The HOSTS file is a text file-based database of mappings amid hostnames and IP addresses. It performs similar to a file based version of DNS and resolves a hostname to an IP address.

Question: 10 You work as an administrator at CertKiller.com. You have chosen to have DNS placed on a readonly domain controller (RODC). Which of the following types of DNS zones do you now possess? A. Primary with Active Directory integration B. Read-only DNS C. Secondary DNS D. Stub DNS

Answer: B Explanation: When choosing to load DNS on a RODC, the copy of DNS is then a read-only copy. The negative aspect to a read-only DNS server is that it will not permit dynamic updates. The advantage is that it can be situated in a non-secure location.

www.testsexpert.com

6


You will not find better practice material than testsexpert PDf questions with answers on the web because it provides real exams preparation environment. Our practice tests and PDF question, answers are developed by industry leading experts according to the real exam scenario. At the moment we provides only question with detailed answers at affordable cost. You will not find comparative material elsewhere on the web at this price. We offer Cisco, Microsoft, HP, IBM, Adobe, Comptia, Oracle exams training material and many more.

We also provide PDF Training Material for: Cisco CCNA CCNP CCIP CCIE CCVP CCSP CXFF CCENT CCDE

Microsoft MCTS MCSE MCITP MBS MCPD MCAD MCAS MCSA MCDBA

HP AIS APC APS ASE CSA MASE APP CSD CSE

IBM Adobe Comptia Oracle Lotus CS4 A+ 11g DBA WebSphere CS3 Security+ 10g DBA Mastery ACE Server+ OSA 10g SOA CS5 Network+ OCA 9i Storage CS2 Linux+ 11i Rational Captivate iNet+ 9i Forms Tivoli Flex Project+ Weblogic IBM DB2 CSM RFID+ Oracle 8i IBM XML MX7 HTI+ PTADCE

We provide latest exams preparation material only. Contact US at: support@testsexpert.com Join Us at Twitter: www.twitter.com/testsexpert FaceBook: www.facebook.com/testsexpert

www.testsexpert.com

7


TS Windows Server 2008 Active Directory, Configuring