70-640

Microsoft 70-640

70-640TS: Windows Server 2008 Active Directory, ConfiguringPractice TestVersion 20.0QUESTION NO: 1You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The TestKing.com network currently has two Active Directory-integrated zones: TestKing.com and Weyland.com.

During the course of the day you receive instruction from TestKing.com to ensure that Rory Allen from the Paris office Weyland.com zone is allowed to modify records in the TestKing.com zone. TestKing.com additionally wants you to prevent Rory Allen from modifying the SOA record in the TestKing.com zone.

What should you do?

A. You should consider having the permission of the Weyland.com zone modified by accessing the DNS Manager Console.

B. You should consider having the Domain Controllers organizational unit modified by accessing the Active Directory Users and Computers console.

C. You should consider having the permissions of the TestKing.com zone modified by accessing the DNS Manager Console.

D. You should consider having the user permissions on TestKing.com modified to include all the users.

You should then have Rory Allen's permissions on TestKing.com configured to allow only the administrators group to modify the records.

Answer: CExplanation:In the scenario you should set the permissions of TestKing.com using DNS Manager Console which would allow you to prevent users from modifying the SOA record in the TestKing.com zone. You set permissions for network users to modify records in TestKing.com but setting permissions on the Active Directory-integrated zone would prevent users from modifying anything else on other zones.

QUESTION NO: 2You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 and TESTKING-SR02 configured as DNS servers.

During the course of the day you are informed that only one Active-Directory integrated zone has been configured in the domain. TestKing.com has requested that you start removing the outdated DNS records from the DNS zone automatically.

What should you do?

A. You should consider having the netsh/Reset DNS command run from the Command prompt. B. You should consider having the zone properties accessed and enable Scavenging.

C. You should consider having the zone propertied accessed to modify the TTL of the SOA record. D. You should consider having the zone properties accessed to disable updates.

Answer: BExplanation:In the scenario you should enable scavenging through the zone properties because scavenging removes the outdated DNS records from the DNS zone automatically. You should additionally note that patience would be required when enabling scavenging as there are some safety valves built into scavenging which takes long to pop.

Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088- a6bbce0a4304&ID=211

QUESTION NO: 3You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 and TESTKING-SR02 that is configured as DNS servers.

TestKing.com currently has the Standard Primary zone for TestKing.com on TESTKING-SR01 and the Standard Secondary zone for TestKing.com on TESTKING-SR02. During the course of the

day you receive instruction from TestKing.com to make sure that the replication of the

TestKing.com zone is encrypted without the loss of zone data.

What should you do?

A. You should consider having the interface changed where the DNS server listens on both servers.

B. You should consider having the zone transfer settings configured on the standard secondary zone.

You should then have the Schema master servers lists modified on the primary zone. C. You should consider having a stub zone.

You should then have the secondary zone deleted.

D. You should consider having the primary zone converted to active directory zone. You should then have the secondary zone deleted.

Answer: DExplanation:In the scenario you should have the TestKing.com primary zone converted to an active directory- integrated zone and delete the secondary zone as this would ensure replication of the TestKing.com zone is encrypted whilst preventing data loss.

QUESTION NO: 4You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently has the London and Paris office connected via a WAN link.

TestKing.com additionally makes use of a computer in the London office named TESTKING-SR01 configured as the DNS server hosting a standard primary zone. During the course of the day you receive instruction from TestKing.com to install a computer named TESTKING-SR02 in the Paris office configured as a DNS server. TestKing.com additionally wants you to ensure that the DNS service on TESTKING-SR02 in the Paris office is able to update records and resolve queries in the event of a WAN link failure.

What should you do?

A. You should consider having TestKing.com converted to an Active Directory-integrated zone on

TESTKING-SR01.

B. You should consider having a new stub zone configured on TESTKING-SR01. You should then set the forwarding option to TESTKING-SR02.

C. You should consider having DNS on TESTKING-SR01 configured to forward request to

TESTKING-SR02.

D. You should consider having a secondary zone added on TESTKING-SR02 named testking.com.

Answer: A Explanation:In the scenario you should ensure that TESTKING-SR01's DNS service is able to update and resolve DNS queries if the WAN link fails. In addition you should have the mask converted to an Active Directory-integrated zone on TESTKING-SR01 as this eliminates the need for primary and secondary name servers as fault tolerance is built into Active Directory which in addition is a bonus when using dynamic DNS.

Reference: http://safari.adobepress.com/9780596514112/active_directory-integrated_zones

QUESTION NO: 5You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a DNS server configured with seven Active Directory Integrated Zones. During the course of the day you receive instruction from TestKing.com to provide copies of the zone files of TESTKING-SR01 to the security audit group for auditing purposes.

What should you do?

A. You should consider having the dnscmd/ZoneInfo command executed at the command prompt. B. You should consider having the dnscmd/ZoneOutput command executed at the command prompt.

C. You should consider having the ntdsutil > Partition Management > Display command executed at the command prompt.

D. You should consider having the ipconfig/registerdns command executed at the command prompt.

Answer: AQUESTION NO: 6You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

TestKing.com currently makes use of a computer named TESTKING-SR01 configured as the network DNS server. During the course of the day you receive instruction from TestKing.com to

install the DNS server role on a member server in the Paris office named TESTKING-SR02 whilst creating a standard secondary zone for TestKing.com on TESTKING-SR02. TestKing.com has additionally requested that you configure TESTKING-SR01 as the master server for the zone whilst ensuring that TESTKING-SR02 is able to obtain zone updates from TESTKING-SR01.

What should you do?

A. You should consider having the TESTKING-SR01 computer account added to the

DNSUpdateProxy group.

B. You should consider having the permission on TESTKING-SR01 modified for the TestKing.com zone.

C. You should consider having TestKing.com added as a conditional forwarder.

D. You should consider having the zone transfer settings on TESTKING-SR01 modified for the

TestKing.com zone.

Answer: DQUESTION NO: 7You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The current TestKing.com DNS zone is stored on the ForestDnsZones Active directory partition.

During the course of the day you receive instruction from TestKing.com to add a domain controller named TESTKING-SR01 with a standard primary zone for uk.TestKing.com. TestKing.com has additionally requested all company domain controllers be configured appropriately to resolve names for uk.TestKing.com.

What should you do?

A. You should consider having a NS record added in the TestKing.com.com zone

B. You should consider having a secondary zone created on a Global catalog server. C. You should consider having a delegation created in the TestKing.com zone.

D. You should consider having the properties of SOA record changed in the uk.TestKing.com zone.

Answer: CQUESTION NO: 8You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a DNS server running a standard primary zone.

During the course of the day you receive instruction from TestKing.com to setup a strategy which allows the TestKing.com DNS server to hold the same database whilst ensuring that secure DNS dynamic updates are used for all clients. TestKing.com wants you to decide on which DNS strategy type to use.

What should you do? (Choose two)

A. You should consider having all servers configured as primary servers. You should then have replication configured.

B. You should consider having all network servers upgraded to Active Directory Integrated servers.

C. You should consider having a server upgraded as a primary master.

You should then have the rest of the servers configured as secondary zones. D. You should consider having a server upgraded as a primary master.

You should then have the rest of the servers configured as stub zones.

Answer: B,D Explanation:In the scenario you should have the DNS server upgraded to Active Directory-integrated zones which would permit the DNS servers to share an identical Active Directory database. You should additionally note that Active Directory-integrated zones support secure dynamic updates. You should also note that when the TTL is to minute that the load on the DNS servers would be increased.


During the course of the day you receive reports from TestKing.com that they are experiencing problems with a computer named TESTKING-SR01 which is configured as a DNS server. TestKing.com wants you to determine whether the correct host name is used whilst testing DNS on the local system to establish the host name 'TESTKING-SR01' is resolved to the IP address

137.134.12.33. TestKing.com wants you to provide a solution to the problem at hand.

What should you do?

A. You should consider having an MX record added to the local DNS server. B. You should consider having an MX record added to the local WINS server. C. You should consider having a DNS server added to the local subnet.

D. You should consider having the host name mapped to "TESTKING-SR01 and add the IP

address 137.134.12.33 in the local systems HOSTS file.

Answer: D Explanation:Your best option to select in this scenario would be Option D. The HOSTS file is a text file-based database of mappings amid hostnames and IP addresses. It performs similar to a file based version of DNS and resolves a hostname to an IP address.


TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a Read- Only Domain Controller (RODC) server running DNS. During the course of the day you receive instruction from TestKing.com to determine which types of DNS zones are available on

TESTKING-SR01.

What would your reply be?

A. You should inform TestKing.com that TESTKING-SR01 would only be able to host Secondary

DNS.

B. You should inform TestKing.com that TESTKING-SR01 would only be able to host stub DNS. C. You should inform TestKing.com that TESTKING-SR01 would only be able to host Primary DNS with Active Directory integration.

D. You should inform TestKing.com that TESTKING-SR01 would only be able to host Read-only

DNS. Answer: D Explanation:In the scenario you should note that installing DNS on a Read-Only Domain Controller (RODC) server that the copy of DNS would be a read-only copy. You should additionally note that the use of the read-only DNS zone does not permit making use of dynamic updates. Additionally an advantage of read-only DNS zones is that they can be placed in a non-secure location.


TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office which has the DNS service role installed. During the course of the day you are informed by TestKing.com that non-domain members are able to dynamically register DNS records. TestKing.com has recently requested that you ensure that only the domain controllers of TestKing.com are able to dynamically register their DNS registration information.

What should you do?

A. You should consider ensuring that the zone transfers are enabled to Name Servers

B. You should consider ensuring that the Authenticated Users group is removed

C. You should consider ensuring that the dynamic updates are set to Secure Only.

D. You should consider ensuring that the Everyone group is denied the Create All Child Objects permission.

Answer: CExplanation:In order to ensure that only domain members are able to register their DNS records dynamically you need to set the option Secure only for Dynamic updates. This will only allow the domain members to register their DNS records dynamically.

Reference :

www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspxQUESTION NO: 12You are employed as the enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers at TestKing.com are configured to run Windows Server 2003.

You have received instruction from management to install Windows Server 2008 on a server. You decide to add the Windows Server 2008 server as a domain controller to the TestKing.com domain. You need to identify the first step that needs to be performed.

What should you identify?

A. You should consider running the rundcpromo /createdcaccount command on the Windows

Server 2008 domain controller.

B. You should consider running the adprep /forestprep command on a domain controller.

C. You should consider running the runadprep /rodcprep command on a domain controller.

D. You should consider running the rundcpromo /adv command on the Windows Server 2008 domain controller.

Answer: BQUESTION NO: 13You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 and TESTKING-SR02 configured as DNS servers. The configuration of TESTKING-SR01 and TESTKING-SR02 is shown below:

During the course of the day you receive complaints from network users who have TESTKING- SR02 configured as their preferred DNS server are unable to access the Internet. TestKing.com wants you to ensure that the network users are able to access the Internet by enabling Internet name resolutions for all client computers.

What should you do?

A. You should consider having the .(root) zone updated on TESTKING-SR02 server. B. You should consider having TESTKING-SR01 configured to have a .(root) zone.

C. You should consider having the .(root) zone deleted from the TESTKING-SR02 DNS server. D. You should consider having the DNS cache on TESTKING-SR02 deleted.

E. You should consider having TESTKING-SR01 DNS server reconfigured and connect it to the domain.

Answer: CExplanation:In this scenario, you should delete the .(root) zone on TestKing2 server. The .(root) zone is creating a problem. Windows Server 2008 follows specific steps for host name resolution. The server checks its zone records after querying its cache. After that, the DNS server sends requests to the forwarders and then tries resolution by using root servers. The TestKing2 server contains a root zone by default. This disables the DNS forwarding option and the DNS cannot act as a forwarder. To enable DNS forwarding, you have to delete the root zone. To delete the root zone you can either use the DNS snap-in or the dnscmd.exe command-line utility. You can use dnscmd

/zonedelete parameter and specify the name of the DNS zone that you want to delete.


TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS server role installed. TestKing.com currently has TESTKING-SR01 configured with a single network interface named KingAreaNetwork. During the course of the day you determine that the static IP address of the network interface is 192.168.1.100. TestKing.com recently requested that you create a DNS zone named local.TestKing.com on TESTKING-SR01.

What should you do?

A. You should consider having the dnscmd TESTKING-SR01/ZoneAdd local.TestKing.com/DSPrimary command run from the command prompt. B. You should consider having the dnscmd TESTKING-SR01/ZoneAdd

local.TestKing.com/Primary /file local.TestKing.com.dns command run from the command prompt. C. You should consider having the ipconfig /registerdns:local.TestKing.com command run from the command prompt.

D. You should consider having the netsh interface ipv4 set dnsserver name=local.TestKing.com static 192.168.1.100 primary command run from the command prompt.

Answer: BExplanation:In the scenario you should make use of the dnscmd TESTKING-SR01/ZoneAdd local.TestKing.com/Primary /file local.TestKing.com.dns command to create the zone named local.TestKing.com on TESTKING-SR01.

You should additionally note that the DNS command used to add a zone uses the syntax bellow:

dnscmd [ ServerName ] /zoneadd ZoneName ZoneType [ /dp FQDN |{ /domain | /enterprise |

/legacy }]

You should also note that the ServerName specifies where you specify the DNS server and ZoneName specifies the name of the zone and ZoneType would specify the type of zone to create which all requires different parameters to be used.

Reference : Dnscmd Syntax http://technet2.microsoft.com/windowsserver/en/library/d652a163-279f-4047-b3e0-

0c468a4d69f31033.mspx?mfr=true

QUESTION NO: 15You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office as the network DNS server.

TestKing.com currently has the network configured with each office containing a file server used to access and store files. During the course of the day you receive complaints from network users complaining about the long wait when connecting to network resources. You later checked the WAN bandwidth and discovered no problems. TestKing.com requested that you ensure the network users are able to access resources quickly as possible.


A. You should consider having a DNS server installed in the Paris office.

B. You should consider having a secondary zone configured in the Paris office.

You should then ensure the secondary zone used the London office DNS server as a master. C. You should consider having forwarders configured in the Paris office.

You should then configure the Paris office DNS server to point to the DNS server in the London office.

D. You should consider having the Paris office configured with a standard primary zone.

Answer: A,B Explanation:In the scenario you should have a DNS server installed in the Paris office with a separate zone for the office as a single zone can become overburdened consuming the bandwidth and we should ensure that the network users receive access to resources as quickly as possible.

The Paris office should be configured with a secondary zone which uses the London office DNS server as a master. You should then consider having copies of the zone file distributed among several name servers to ensure quick access to network resources.

You should finally know that changes made to the primary zone are replicated to the secondary zone which is known as a zone transfer. You should also not confuse that a name server is necessarily the primary or secondary server because a DNS server might host the primary zone for a specific portion of the Organization name space and a secondary for another name space. You should then note that you would not be able to have forwarders set in the Paris office which means you would not be able to resolve names outside your own network.

Reference : Getting Started With Microsoft DNS Server Primary and Secondary Zones http://www.microsoft.com/technet/archive/winntas/plan/dns0197.mspx?mfr=true

Reference : Understanding forwarders http://technet2.microsoft.com/windowsserver/en/library/a3cf0184-0594-4e78-8247-

609f038434381033.mspx?mfr=true

QUESTION NO: 16You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 configured as the network DNS server hosting the Active Directory integrated DNS zone.

TestKing.com recently partnered with Weyland Industries which has an Active Directory Forest containing a single domain named Weyland.com. The Weyland.com domain additionally has an Active Directory Integrated DNS zone named Weyland.com. During the course of the day you receive instruction from TestKing.com to change the IP addresses of the Weyland.com DNS servers whilst ensuring name resolution for the TestKing.com users to the resources at Weyland.com.

What should you do?

A. You should consider having an application directory partition configured in the TestKing.com forest which enlists all DNS servers in the TestKing.com forest in the partition.

B. You should consider having an application directory partition configured in the Weyland.com forest which enlists all DNS server in the TestKing.com forest in the partition.

C. You should consider having a stub zone created for Weyland.com on TESTKING-SR01 at

TestKing.com.

D. You should consider having the Zone Replication Scope for Weyland.com configured to replicate to all DNS servers in the TestKing.com forest in the partition.

Answer: CExplanation:In the scenario you should consider having a stub zone created to ensure that the TestKing.com users are able to access resources in Weyland.com. You should additionally note that stub zones were introduced in Windows Server 2003 DNS which can be used to streamline name resolution especially in a split name scenario.

You should additionally note that a stub zone is actually a copy of a zone containing only resource records requires to identify authoritative Domain Name System (DNS) server for the specific zone. The use of a stub zone is to resolve name resolution requests between separate DNS namespaces.

Reference : DNS Stub Zones in Windows Server 2003 http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html

QUESTION NO: 17You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office and TESTKING-SR02 in the Paris office both servers configured as Read-Only Domain Controllers (RODC) running DNS.

TestKing.com as additionally configured the servers in both offices to have Active Directory- integrated DNS zones configured. During the course of the day you receive instruction from TestKing.com to ensure that all the client computers are configured to use their local DNS servers for name resolution whilst ensuring that the changes are immediately reflected at the Paris office DNS server when you change the IP address of TESTKING-SR01 in the London office.

What should you do?

A. You should consider having the standard domain controllers used at the Paris office instead of ththe Read-Only Domain Controller (RODC) server.

B. You should consider having the Minimum (default) TTL option decreased to 15 minutes on the

Start of Authority (SOA) record for the zone.

C. You should consider having the dnscmd /ZoneUpdateFromDs command run at the command prompt on a domain controller in the London office

D. You should consider having the dnscmd /ZoneUpdateFromDs command run at the command prompt on the Paris office servers.

Answer: DExplanation:In order to reflect the change immediately, you need to run the dnscmd /ZoneUpdateFromDs command on the branch office servers. This command updates the specified ActiveDirectory- integrated zone from ADDS.

Reference : dnscmd /zoneupdatefromds http://technet2.microsoft.com/windowsserver2008/en/library/e7f31cb5-a426-4e25-b714-

88712b8defd51033.mspx?mfr=true

QUESTION NO: 18You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently has the Paris office DNS server hosting a standard secondary zone configured to have the London office DNS servers as their Master servers.

During the course of the day you receive instruction from TestKing.com to add an additional computer named TESTKING-SR03 to the newly acquired Toronto office. You have later installed and configured DNS service and configured a secondary zone on TESTKING-SR03 for the domain.

Whilst performing your routine maintenance you discovered that the zone transfer has failed on TESTKING-SR03. TestKing.com wants you to configure DNS to provide zone data to the DNS server TESTKING-SR03 in the Toronto office.

What should you do?

A. You should consider having TESTKING-SR03 added to the DNSUpdateProxy Global security group in Active Directory Users and Computers.

B. You should consider having dnscmd /ZoneResetMasters command run at the command prompt.

C. You should consider having the Zone Transfers tab opened on one of the DNS servers in the

London office.

You should then have TESTKING-SR03 added to the list.

D. You should consider having the dnscmd /ZoneResetSecondaries command run at the command prompt.

Answer: CExplanation:In the scenario you should consider having a new DNS server added via the Zone Transfers tab on the DNS Server in the London office to configure the DNS zone to provide zone data to the DNS servers in the Paris office. You should additionally note that the DNS servers in the London office can be configured as Active Directory-integrated zones which would have the London office DNS server configured as primary name servers.

You should then additionally remember that you would be required to click the 'Records' button in the main window when enabling zone transfers for a single zone in addition to right clicking the zone you ish to enable zone transfers and selecting the 'Properties' option from the popup menu in the "Zone Properties" tab when specifying which IP addresses are allowed fir zone transfers.

Reference : 4.8. Active Directory-Integrated Zones http://safari.adobepress.com/9780596514112/active_directory-integrated_zones

Reference : Enabling Zone Transfers from another DNS server http://www.simpledns.com/kb.aspx?kbid=1156

QUESTION NO: 19You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com and a public name space uk.TestKing.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the business day you receive instruction from TestKing.com to ensure that the public DNS records are not copied without impacting the functionality of public DNS name resolution requests.

What should you do?

A. You should consider having the All domain controllers in the domain zone replication option enabled on TestKing.com.

B. You should consider having the Notify feature deselected for the uk.TestKing.com zone.

C. You should consider having the Allow - Read permission disabled in the Everyone group on the uk.TestKing.com DNS domain.

D. You should consider having the Allow zone transfers only to servers listed on the Name

Servers option enabled on uk.TestKing.com

In the scenario you should consider having the public zone configured to Allow zone transfers only to servers listed on the Names Servers option on TestKing.com which would ensure that public DNS zone records are able to be copied without impacting the functionality of the public DNS servers. You should additionally note that using only the allowed server listed that you are restricting zone transfers to only known servers listed in the Name Servers resource option on TestKing.com.

Reference : DNS Zones http://books.google.co.in/books?id=pL89TOMFcHsC&pg=RA1-PA244&lpg=RA1- PA244&dq=Allow+zone+transfers+only+to+servers+listed+on+the+Name+Servers+option+&sourc e=web&ots=StFz29rSf5&sig=0wRSARkgYxCy2ohweQs4QUDMqEQ&hl=en#PRA1-PA243,M1

QUESTION NO: 20You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 that is configured as the network public DNS server. TestKing.com additionally uses a computer named TESTKING-SR02 configured as an e-mail server.

During the course of the day you receive complaints from client computers on the external network that they are unable to send e-mail messages to the TestKing.com network. Whilst doing routine maintenance you discover that a host (A) DNS record exists for TESTKING-SR02 on the external computers. TestKing.com wants you to ensure that TESTKING-SR02 is configured correctly to receive e-mail messages.

What should you do?

A. You should consider having a Service Location (SRV) record added for TESTKING-SR02.

You should then set the Service field to _smtp and the Protocol field to _tcp using Port Number 25. B. You should consider having a Canonical (CNAME) record added which maps TESTKING-SR02 to TestKing.com.

C. You should consider having a Mail Exchanger (MX) record added for TESTKING-SR02. D. You should consider having a Mailboc (MB) record added for TESTKING-SR02.

You should then set the Mailbox Host setting to TESTKING-SR02.

In the scenario you should consider having a Mail Exchanger (MX) record added for TESTKING- SR02 to ensure that TESTKING-SR02 is to receive e-mail from external client computers. You should additionally note that the MX record controls the way e-mail is delivered and are particularly used to locate the receiving mail servers for a given host with the order of priority of these mail servers. You should also remember that non-RFX-compliant server fail to deliver e-mail for domain which lack MX records which includes certain versions of Microsoft Exchange.

In the scenario you are aware that host (A) DNS records are available to the external client computers soo configuring the Mail Exchanger record for TESTKING-SR02 defines the destination host record for the mail server. You should finally note that the destination mail server record uses the host (A record not a CNMAE or IP address.

Reference : E-mail, Mail Exchangers, and DNS

http://www.dyndns.com/support/kb/email_mail_exchangers_and_dns.htmlQUESTION NO: 21You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The TestKing.com network currently contains multiple DNS servers in the London office.

During the course of the day you receive instruction from TestKing.com to install DNS on a member server in the Paris office named TESTKING-SR02 which meets the requirements set below:TESTKING-SR02 should be able to query the London office DNS servers.TESTKING-SR02 should be configured to ensure a limited number of DNS records would be transferred to TESTKING-SR02 in the Paris office.

What should you do?

A. You should consider having TESTKING-SR02 configured with a secondary zone. B. You should consider having TESTKING-SR02 installed in the Paris office.

You should then configure a stub zone in the London office.

C. You should consider having TESTKING-SR02 configured with a primary zone. D. You should consider having TESTKING-SR02 configured with a stub zone.

Answer: DExplanation:You should consider having a DNS server install in the Paris office configured as a stub zone which would ensure that the DNS server in the Paris office is able to query any DNS server in the London office ensuring that only a limited number of DNS records are transferred to the DNS server in the Paris office.

You should note that the stub zone is a copy of a zone containing only the resource records required to identify authoritative name server for the zone. You should be aware that a stub zone keeps a DNS server hosting a parent zone aware of the authoritative DNS servers for its child zone.

You should additionally note that the stub zone would only contain a copy of the SOA and NS records for the name servers authoritative for the for the zone and no CNAME records, MX records or SRV records for the other hosts in the zone.

Reference : DNS Server Role http://technet2.microsoft.com/windowsserver2008/en/library/533a1cfc-5173-4248-914c-

433bd018f66d1033.mspx?mfr=true

Reference : What is Stub zone in DNS/ What Stub Zones Do http://caloni00net.blog.dada.net/post/439393/What+is+Stub+zone+in+DNS

QUESTION NO: 22You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The London and Paris office are connected via a WAN link.

TestKing.com currently makes use of a computer named TESTKING-SR01 configured as a DNS server hosting the Active Directory Integrated zone and TESTKING-SR02 in the Paris office configured as a DNS server hosting the secondary zone for TestKing.com. TestKing.com has recently requested that you configure TESTKING-SR02 to have TESTKING-SR01 as the DNS Master server for the zone whilst minimizing the DNS zone transfer traffic over the WAN link.

What should you do?

A. You should consider having the refresh interval setting increased in the Start of Authority (SOA)

record for the zone.

B. You should consider having the refresh interval setting decreased in the Start of Authority

(SOA) record for the zone.

C. You should consider having the Retry Interval setting decreased in the Start of Authority (SOA)

record for the zone.

D. You should consider having the netmask ordering option disabled in the properties of

TESTKING-SR01.

Answer: A Explanation:In the scenario you should consider having the Refresh Interval setting increased in the Start Of Authority record for the zone to have DNS zone transfer traffic minimized over the WAN link. You should additionally note that the Refresh Interval is responsible for informing the secondary name server when to poll the primary names server and how often to check for a serial number change.

You should also be aware that the Refresh Interval effects how long DNS changes made on the Primary server takes to propagate which means the configurations made would ensure that zone transfers occur less frequently.

Reference : DNS Resource Records/ SOA Record Data Fields http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094727.shtml#t opic2

QUESTION NO: 23You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS server role installed. During the course of the day whilst performing routine maintenance you discovered a few stale resource records in the TestKing.com zone. You later decided to enable scavenging on TESTKING-SR01 to get rid of the stale records. A month later you during your security maintenance you discover that the same stale records still exist. TestKing.com wants you to ensure that the stale records are removed from the TestKing.com zone.

What should you do?

A. You should consider having the dnscmd TESTKING-SR01 /AgeAllRecords command run at the command prompt.

B. You should consider having the DNS service on TESTKING-SR01 stopped and restarted.

C. You should consider having the dnscmd TESTKING-SR01 /StartScavenging command run at the command prompt.

D. You should consider having scavenging enabled on the TestKing.com zone.

Answer: D Explanation:You again noticed the same stale resource records still lay TestKing.com even after enabled DNS scavenging on TESTKING-SR01 because the TESTKING-SR01 may not have TestKing.com zone integrated with ADDS and loaded at the server.

To ensure that the stale resource records are removed from na.TestKing.com, you need to enable DNS scavenging on the TestKing.com zone. The aging and scavenging can be configured for specified zones on the DNS server to make sure that the stale records are removed from the specified zone.

Reference : Enable Aging and Scavenging for DNS

http://technet2.microsoft.com/windowsserver2008/en/library/7972082c-22a1-44fc-8e39-841f7327b6051033.mspx?mfr=true

QUESTION NO: 24You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of a computer named TESTKING-SR01 which is configured as a DNS server hosting the DNS primary zone for TestKing.com and a computer named TESTKING-SR02 in the Paris office configured as a DNS server hosting the DNS secondary zone for TestKing.com.

During the course of the day you configure the client computer to use their respective office DNS servers for DNS name resolution. TestKing.com has recently requested that you change the IP address of TESTKING-SR03 a member server in the London office. TestKing.com wants you to ensure that TESTKING-SR02 reflects the changes immediately.

What should you do?

A. You should consider having the dnscmd /zonerefresh command run at the command prompt on

TESTKING-SR02.

B. You should consider having the dnscmd /zonerefresh command run at the command prompt on

TESTKING-SR01.

C. You should consider having the refresh interval ser to 10 minutes on the Start Of Authority

(SOA) record.

D. You should consider having the DNS Server service restarted on TESTKING-SR01.

Answer: B Explanation:In order to ensure that TESTKING-SR02 reflects the change immediately you need to run the dnscmd command on TESTKING-SR01 and use the /zonerefresh option for the command

The dnscmd /zonerefresh option will manually force zone replication on TESTKING-SR02

Reference : How can I easily administer DNS servers by using the command prompt?

http://www.petri.co.il/dnscmd_command_in_windows_2000_2003.htmQUESTION NO: 25You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office which has the DNS Server role installed. During the course of the day you receive instruction from TestKing.com to prepare the network for decommissioning the WINS service from the network. TestKing.com wants you to have forest-wide single name resolution.

What should you do?

A. You should consider having a LegacyWINS zone created.

You should then have host (A) records created for single name resources. B. You should consider having a GlobalNames zone created.

You should then have host (A) records created for single name resources. C. You should consider having WINS-R lookup enabled in DNS.

D. You should consider having Service Locator (SRV) records created for single name resources.

Answer: B Explanation:In order to decommission the WINS service and to enable forest-wide single name resolution, you need to create an Active Directory-integrated zone named GlobalNames and create host (A) records for the single name resources.

GNZ is intended to aid the retirement of WINS. Windows Server 2008 (WS2K8) introduces the

GlobalNames zone (GNZ) where larger environments with multiple DNS suffixes can use a single

To help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server

2008 supports a special GlobalNames Zone (also known as GNZ) feature. Some customers in particular require the ability to have the static, global records with single-label names that WINS currently provides. These single-label names typically refer to records for important, well-known and widely-used servers for the company, servers that are already assigned static IP addresses and are currently managed by IT-administrators using WINS. GNZ is designed to enable the resolution of these single-label, static, global names for servers using DNS.

Reference : Understanding GlobalNames Zone in Windows Server 2008 http://www.petri.co.il/windows-DNS-globalnames-zone.htm


During the course of the day you receive instruction from TestKing.com do design a security solution for TestKing.com which is isolated from the Internet. TestKing.com has additionally requested that you determine the recommendations for DNS.


A. You should consider having Active Directory integrated zones used on the network. B. You should consider having secondary zones used on the network.

C. You should consider having a private DNS infrastructure used with internal root hint servers. D. You should consider having secure dynamic updates used on the network.

Answer: A,CExplanation:In this scenario your best option would be to recommend the use of integrated Active Directory zones and a private DNS infrastructure with internal root hint servers. When the DNS infrastructure is isolated from the Internet you have to configure it with root hints. The root hints have to be pointed to the internal servers. The default Windows Server 2008 servers usually point to the Internet's root name servers. The Active Directory zones will supply you with extra security and fault tolerance.

Recommending the use of secure dynamic updates is incorrect. Dynamic updates should not be

Recommending the use of secondary zones is incorrect. Secondary zones are less secure than

Active Directory zones.

Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008


During the course of the day you receive instruction from TestKing.com to prepare the TestKing.com network for the transition of DNS services to Active Directory Integrated zones whilst determining the key features.

What should you do?

A. You should consider having all the options below used.

B. You should consider having Zone records kept as Active Directory objects.

C. You should consider having Active Directory integrated zones stored in Active Directory. D. You should consider having dynamic updates allowed.

E. You should consider having replication be more efficient and secure.

Answer: A Explanation:Permissions permits secure dynamic updates. The replication of zone recordswill happens at the property level. These records are encrypted and compressed. The records of the integrated zones are kept in the AD directory services. The records are kept inactive Directory which is objects that the permissions are assigned to.

Reference : Syngress.The.Real.MCTS.MCITP.Exam.70-648.Prep.Kit.Mar.2008

Section 2, Configure DNS server settings (12 Question)

QUESTION NO: 28You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of two computer named TESTKING-DC01 and TESTKING- DC02 in the London office which have the DNS Server role installed.

TestKing.com additionally deployed a computer named TESTKING-DC03 configured as a Read- only Domain Controller (RODC) which has the DNS Server role installed and configured with Active Directory-integrated zones. During the course of the day you receive instruction from TestKing.com to configure secure updates on the DNS servers whilst ensuring that TESTKING- DC03 is configured to accept dynamic DNS updates.

What should you do?

A. You should consider having TESTKING-DC03 the Read-only Domain Controller (RODC)

reconfigured to allow dynamic updates.

B. You should consider having the dnscmd/ZoneResetType command run at the command prompt on TESTKING-DC03.

C. You should consider having an active partition created and configured on TESTKING-DC01 to store the Active Directory-integrated zones.

D. You should consider having Active Directory Domain services uninstalled in TESTKING-DC03. You should then re-install Active Directory as a writeable domain controller.

Answer: DExplanation:In order to enable the dynamic DNS updates on TESTKING-DC03 you need uninstall the Active Directory Domain services on TESTKING-DC03. Thereafter you can reinstall it as a writeable domain controller. A writeable domain controller performs originating updates and outbound replication.

Reference: http://msdn.microsoft.com/en-us/library/cc207937.aspx


TestKing.com currently makes use of a computer named TESTKING-SR01 in the London office

which has the DNS Server role installed with Active Directory-integrated zone configured for two sites containing four domain controllers each. A new company directive is received during the day that states that a new NS record needs to be added to the zone. Additionally TestKing.com informs you that the newly created NS record has to be received instantaneously by the domain controllers.

What should you do?

A. You should consider having a Start-Of Authority (SOA) record created in the DNS Manager console.

B. You should consider having the DNS server service shutdown and restarted from the services snap-in.

C. You should consider having the repadmin/syncall command executed at the command prompt. D. You should consider having the zone reloaded from the DNS Manager console.

Answer: CQUESTION NO: 30You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of

two computers named TESTKING-SR01 and TESTKING-SR02 configured with the DNS server role.

During the course of the day you receive instruction from TestKing.com to install an additional DNS server named TESTKING-SR03 on the perimeter network. You have later decided to configure TESTKING-SR01 to forward all unresolved requests to TESTKING-SR03. During your routine maintenance you discover that DNS forward option is unavailable on TESTKING-SR02. TestKing.com recently requested that you travel to the Paris office and configure DNS forwarding on TESTKING-SR02 to forward the unresolved name requests to TESTKING-SR03.


A. You should consider having the Root zone deleted on TESTKING-SR02. B. You should consider having zone forwarding added on TESTKING-SR02. C. You should consider having the DNS cached cleared on TESTKING-SR02.

D. You should consider having conditional forwarding configured on TESTKING-SR02.

Answer: A,DQUESTION NO: 31You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS server role installed. During the course of the day you receive instruction from TestKing.com to have all inbound DNS queries to TESTKING-SR01 recorded.

What should you do?

A. You should consider having automatic testing for recursive queries enabled in the DNS Manager Console.

B. You should consider having debug logging enabled in the DNS Manager Console.

C. You should consider having event logging configured to log errors and warnings in the DNS Manager Console.

D. You should consider having automatic logs for recursive queries disabled in the DNS Manager

Console.

Answer: BQUESTION NO: 32You work as the network administrator at TestKing.com. The TestKing.com network consists of two Active Directory forests named TestKing.com and us.TestKing.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use of three computer named TESTKING-SR01, TESTKING-SR02 and TESTKING-SR03 which are configured as DNS servers. The settings of the DNS servers are shown in the exhibit below:

TESTKING-SR03 is configured for all workstations in the testking-south.com domain as the DNS server. TESTKING-SR01 is configured as the DNS server for the other workstations. During routine monitoring you discover that employees from testking-south.com are unable to connect to the servers belonging to testking-north.com. You receive an instruction from the CIO to make sure that all testking-south.com queries can be resolved by employees at testking-north.com.

What should you do?

A. This can be accomplished by creating a copy of the_msdcs.testking-north.com zone on

TESTKING-SR03.

B. This can be accomplished by creating configuring conditional forwarding on TESTKING-SR03 in order to forward testking-north.com queries to TESTKING-SR01.

C. This can be accomplished by creating a copy of the testking-south.com zone on TESTKING- SR01 as well as TESTKING-SR02.

D. This can be accomplished by configuring conditional forwarding on TESTKING-SR01 and

TESTKING-SR02 in order to forward testking-south.com queries to TESTKING-SR03.

Answer: BQUESTION NO: 33You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

TestKing.com currently makes use of a computer named TESTKING-SR01 which has the DNS Server role installed. During the course of the day you a network user named Rory Allen send a recursive query looking for the IP address of www.Weyland.com. Rory Allen has then discovered that the DNS server cannot find any local zones matching the requested domain name and the DNS server forwards the request to a root name server. Rory Allen wants to know what the root name server should reply with.


A. The root name server would reply with the IP address of www.Weyland.com

B. The root name server would reply with the IP address of the name server for the .com top-level domain.

C. The root name server would reply with the IP address of the name server for the Weyland.com domain.

D. The root name server would reply with the DNS name of the .com top-level domain.

Answer: B Explanation:The root name server has control over the root domain and has to reply with the IP address of a name server for the .com top-level domain. Upon receiving the IP address of the top-level domain the system should inquire for the Weyland.com address.


During the course of the day whilst performing routine maintenance you discovered that a

spammer tried sending junk mail via an unwary mail server at TestKing.com. You have additionally determined that the spammer used a fake DNS name which they assumed would be accepted by the mail server but is still rejected. TestKing.com has later asked you what caused to mail server

to refuse the spammer's mail.


A. You should inform TestKing.com that the mail is rejected when a mail server doing a reverse lookup zone with the aim of confirming that DNS names are not fake.

B. You should inform TestKing.com that the mail is rejected when the spammer has no MX record in the database of the DNS server which serves the mail server's domain.

C. You should inform TestKing.com that the mail is rejected when the spammer's DNS name is not found in the cache file of the primary DNS server serving the mail server's domain.

D. You should inform TestKing.com that the mail is rejected when a fake DNS name is detected.

Answer: A Explanation:The majority of mail servers are capable of being configured to have incoming mail rejected from servers whose IP addresses cannot be determined with a reverse lookup.


During the course of the day you receive instruction from TestKing.com to troubleshoot an error reported by a network user named Rory Allen who states the client computer appears to contain outdated DNS data. You later decided to use the ipconfig command line utility to view what DNS servers the client is using when pinging to confirm connectivity to those server.

What should you do?

A. You should consider having the dns /register command run at the command prompt.

B. You should consider having the ipconfig /flushdns command run at the command prompt. C. You should consider having the ipconfig /cleardns command run at the command prompt. D. You should consider having the nslookup /flushdns command run at the command prompt.

Answer: BExplanation:The command ipconfig /flushdns clears up the local DNS cache.


During the course of the day TestKing.com is approached by Weyland Industries who wants TestKing.com to configure their Windows Server 2008 DNS server to answer queries for hosts on the local intranet but not the Internet.


A. You should consider having the forwarding option left turned off.

B. You should consider having the Weyland Industries DNS server installed behind the Weyland

Industries firewall.

C. You should consider having recursive lookups disabled.

D. You should consider having the Weyland.com server configured as a root server. You should then leave the root hints for the top-level domains.

Answer: A,DExplanation:Having the server configured as a root server and leaving forwarding off indicates that the server will either answer a query for known addresses or return a failure for unknown addresses.

QUESTION NO: 37You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day a network user named Rory Allen asked you which tools can be used to configure DNS server services.


A. You should inform Rory Allen that the Network Properties can be used to configured DNS

server services.

B. You should inform Rory Allen that the Active Directory Users and Computers can be used to configured DNS server services.

C. You should inform Rory Allen that the DNS administrative tool can be used to configured DNS

server services.

D. You should inform Rory Allen that the Computer Management can be used to configured DNS

server services.

Answer: C Explanation:The DNS administrative tool is to be used to configure settings for the DNS server service. DNS zone files can be manually edited by making use of a standard text file editor.


During the course of the day you receive instruction from TestKing.com to utilize multiple account lockout policies. A network user named Rory Allen has recently asked you which policy type you would use.

What would you reply be?

A. You should inform Rory Allen that you plan on using the OU password policy.

B. You should inform Rory Allen that you plan on using the fine-grained password policy. C. You should inform Rory Allen that you plan on using the Multiple password policy.

D. You should inform Rory Allen that you plan on using the DSA password policy.

Answer: B Explanation:Windows Server 2008 boasts a new fine-grained password policy which permits an organization to have different password as well as account lockout policies for diverse sets of users in the same domain.

QUESTION NO: 39You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. During the course of the day you received instruction from TestKing.com to prevent the network users from starting or stopping a particular service on a domain controller named TESTKING-DC01.

What should you do?

A. You should consider having the Domain Security Policy used. B. You should consider having the Local System Policy used.

C. You should consider having the Active Directory Users and Computers tool used. D. You should consider having the Domain Controller Security Policy used.

Answer: DExplanation:The settings made in the Domain Controller Security Policy tool are only relevant to domain controllers.

Section 3, Configure zone transfers and replication (8 Questions)


TestKing.com currently makes use of a computer named TESTKING-DC01 in the London office and TESTKING-DC02 in the Paris office each configured as an Active Directory site. During the course of the day you notice all sites are connected with the DEFAULTIPSITELINK object. You receive an instruction from the CIO to reduce any replication latency that may exist between TESTKING-DC01 and TESTKING-DC02.

What should you do?

A. You should consider having the replication interval for the DEFAULTIPSITELINK object decreased.

B. You should consider having the replication interval for the DEFAULTIPSITELINK object increased.

C. You should consider having the connection replication interval for all connection objects decreased.

D. You should consider having the cost between the connection objects decreased.

Answer: AQUESTION NO: 41You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

TestKing.com currently makes use of two computers named TESTKING-SR01 in the London

office and TESTKING-SR02 in the Paris office which has the DNS Server role installed. During the course of the day you receive instruction from TestKing.com to create a new Active Directory- integrated zone. TestKing.com additionally wants you to ensure that the new zone is only replicated to one domain controller.

What should you do?

A. You should consider having a new delegation configured in the ForestDnsZones application directory partition.

B. You should consider having the dnscmd/createdirectorypartition command run at the command prompt.

C. You should consider having the dnscmd/enlistdirectorypartition command executed from the command prompt.

D. You should consider having a delegation created in the DomainDnsZones application directory partition.

Answer: BQUESTION NO: 42You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. TestKing.com currently makes use two computers named TESTKING-SR01 and TESTKING-SR02 configured as DNS servers. The configuration of the DNS servers is shown in the exhibit below:

During the course of the day you receive complaints from the network users that they are not able to connect to Internet websites while using TESTKING-SR02 as their preferred DNS server. TestKing.com recently requested that you enable Internet name resolution for all client computers on the network.

What should you do?

A. You should consider having the list of root hints servers updated on TESTKING-SR02. B. You should consider having a copy of the .(root) zone created on TESTKING-SR01.

C. You should consider having the .(root)zone deleted from TESTKING-SR02. You should then have conditional forwarding configured on TESTKING-SR02.

D. You should consider having the Cache.dns file updated on TESTKING-SR02. You should then have conditional forwarding configured on TESTKING-SR01.

Answer: CQUESTION NO: 43You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest containing a single domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista.

One of the administrators in your department created an Active Directory-integrated zone for TestKing.com. TestKing.com has recently acquired a UNIX-based DNS server named TESTKING- SR01. During the course of the business day you receive an instruction from the CIO to configure the Windows Server 2008 organization. TestKing.com plans to make use of this configuration to permit zone transfers of the TestKing.com zone to TESTKING-SR01.

What should you do?

A. You should consider having recursion disabled in the DNS Manager console. B. You should consider having a stub zone created in the DNS Manager console.

C. You should consider having a secondary zone created in the DNS Manager console. D. You should consider having BIND secondaries enabled in the DNS Manager console.

Answer: DQUESTION NO: 44You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. TestKing.com has its headquarters located in London and branch office located in Paris. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows Vista. The London office and Paris office are linked via a slow satellite link.

During the course of the day you receive instruction from TestKing.com to install DNS into the Paris office to ensure that the client computers in the Paris office are easily locate authoritative DNS server located in the London office.

What should you do?

A. You should consider having Active Directory-integrated zones created in the Paris office. B. You should consider having a stub zone created in the Paris office

C. You should consider having a primary DNS zone created in the Paris office.

D. You should consider having a secondary DNS zone created in the Paris office.

Answer: B Explanation:Stub zones are extremely effective for use in slow WAN connections. These zones only store three types of resource records that being: NS records, glue host (A) records, and SOA records. These three records can be utilized to locate authoritative DNS servers.


TestKing.com currently makes use two computers named TESTKING-SR01 running the DNS service configured as a primary master and TESTKING-SR02 configured as a secondary master for the TestKing.com zone. A network user named Rory Allen wants to know which part of the DNS zone would be used to establish whether or not zone data has changed.


A. You should inform Rory Allen that the secondary master would use the serial number.

B. You should inform Rory Allen that the secondary master would use the database record tombstone.

C. You should inform Rory Allen that the secondary master would use the TTL, or time to live. D. You should inform Rory Allen that the secondary master would use the NS record.

Answer: AExplanation:The serial number is utilized by secondary servers to establish whether or not the zone data has changed. This value is routinely updated with Windows Server 2008 DNS server by default. The zone's TTL is used to verify what time to query for an update of the zone file from the master server except if a Notify message has been sent by the master server in the interim.


During the course of the day you receive instruction from TestKing.com to have several server in the network mirror each other in the occurrence of server failure. TestKing.com has recently deployed a Web server named TESTKING-SR01 hosting the www.testking.com web site. During your routine maintenance you decided to replicate the website replicated to the Paris office with all required host records in DNS. During the week you have discovered that only one DNS server is responding to client requests. TestKing.com has requested that you check if the default settings which were changed whilst ensuring the Web site would be able to utilize all the mirrored web servers.

What should you do?

A. You should consider having Round robin enabled.

B. You should consider having the request redirector enabled.

C. You should consider having the correct priorities metric configured for the hostname. D. You should consider having DNS sharing enabled.

E. You should consider having IIS sharing enabled.

Answer: A Explanation:The round robin option permits you to bear a hostname listed with multiple IP addresses and then, as each request enters the DNS server, rotate the list, in succession presenting all of the IP

addresses. This will have the load balanced out across all the servers which you have mirrored as well as configured in the DNS.

QUESTION NO: 47You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. The Testking.com network contains two DNS servers.

The DNS servers are named TESTKING-SR13 and TESTKING-SR14. The exhibit below illustrates how the DNS servers are configured:

You receive numerous complaints from domain users that they are unable to establish a connection to Internet Web sites. You check and discover that the error occurs with the users that make use of TESTKING-SR14. To ensure that enhance productivity you need to ensure that the Internet name resolution is enabled for all user workstations.

What should you do?

A. This can be accomplished by ensuring that a list of root hints servers is updated on TESTKING- SR14.

B. This can be accomplished by ensuring that the .(root) zone is deleted from TESTKING-SR14. Thereafter conditional forwarding should be configured on TESTKING-SR14.

C. This can be accomplished by ensuring that the Cache.dns file is updated on TESTKING-SR14. Thereafter conditional forwarding should be configured on TESTKING-SR13.

D. This can be accomplished by ensuring that a copy of the .(root) zone is created on DNSL.

Answer: BQUESTION NO: 48TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional.

TestKing.com has acquired another company named TestLabs Inc that contains an Active Directory domain named intranet.testlabs.com. A security policy of TestLabs Inc prevents internal DNS zone data to be transfered to users outside the testlabs.com network. During the course of the day you receive an instruction from the CIO to grant employees of TestKing.com the necessary permissions to allow them to resolve names from intranet.testlabs.com.

What should you do?

A. This can be accomplished by putting intranet.testlabs.com in the Active Directory of

TestKing.com.

B. This can be accomplished by having a subzone established for the intranet.testlabs.com domain.

C. This can be accomplished by reconfiguring the intranet.testlabs.com domain as a standard primary zone.

D. This can be accomplished by setting conditional forwarding for the intranet.testlabs.com domain.

Answer: DExplanation:In order to permit a TestKing.com user to resolve names from intranet.testlabs.com domain you need to set the conditional forwarding for the intranet.testlabs.com domain. A conditional forwarding is a DNS query setting that allows a DNS server to route a request for a particular name to another DNS server by specifying a name and IP address.

QUESTION NO: 49TestKing.com has employed you as a network administrator. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.

You are responsible for managing two domain controllers named TESTKING-DC01 and TESTKING-DC02. You receive numerous complaints from other administrators attempting to log on to TESTKING-DC01 and TESTKING-DC02. You decide to determine the logon attempts on TESTKING-DC01 and TESTKING-DC02.

What should you do?

A. You should consider checking the security tab on the domain controller computer object. B. You should consider accessing the Event Viewer on the Administrators workstations.

C. You should consider checking the security log on domain controller using event viewer.

D. You should consider checking executing the netsh/events command on the command prompt.

Answer: C Explanation:In order to identify the logon attempts on the domain controllers you need to access the Event

Viewer and check the logon attempts. The Event viewer will tell you the IP address and other

details of the user account which was used to logon to the domain controllers.

QUESTION NO: 50You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008 and all client computers run Windows XP Professional.

All domain controllers on the testking.com network have the DNS server role installed. All computers in the domain as well as non domain members register their DNS records

automatically. During the course of the day you receive an instruction from management to ensure that only domain members is able to register their DNS records automatically.

What should you do?

A. You should consider setting the Primary DNS server to only register authenticated members. B. You should consider disabling the Everyone group in the Dynamic Objects permission.

C. You should consider setting the option Secure only for Dynamic updates. D. You should consider configuring zone transfers to Name Servers.

Answer: CExplanation:In order to ensure that only domain members are able to register their DNS records dynamically you need to set the option Secure only for Dynamic updates. This will only allow the domain members to register their DNS records dynamically.

Reference :

www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cncf_imp_afpf.mspxQUESTION NO: 51You work as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All servers on the TestKing.com network run Windows Server 2008. Half the client computers run Windows XP Professional, and the rest run Windows Vista.

A number of domain controllers in the TestKing.com network are configured to host the forest wide operations master roles. A new company directive states that all domain controllers hosting this master role be decommissioned. You thus decide to have the forest wide operations master roles transferred to a new domain controller named TESTKING-DC03 prior to taking down the domain controllers.

What should you do? (Choose all that apply.)

A. You should consider transferring the Forest-wide server master roles. B. You should consider transferring the PDC Master.

C. You should consider transferring the Schema master.

D. You should consider transferring the Domain naming master.

E. You should consider transferring the Secondary domain master.

Answer: C,D Explanation:In order to transfer all forest-wide operation master roles to another domain you need to transfer Domain naming master as well as the Schema master. Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest. Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.

Reference: http://support.microsoft.com/kb/324801

QUESTION NO: 52You are the newly appointed network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory domain named testking.com. All domain controllers on the TestKing.com network run Windows Server 2003 and all client computers run Windows XP Professional.

You are in the process of upgrading the domain controllers on the network to Windows Server

2008. You receive an instruction from the CIO to ensure that the application of multiple password policies will be supported. You thus decide to configure the Active Directory environment to accomplish this.

What should you do?

A. You should consider executing executing dcpromo/adv on 2 domain controllers. B. You should consider creating four Active Directory sites.

C. You should consider setting the functional level of the domain to Windows Server 2008. D. You should consider executing dcpromo/adv on all domain controllers on the network.

Answer: CQUESTION NO: 53You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named TestKing.com. At present the domain controllers on the TestKing.com network is configured to run Windows Server 2003.

You receive an instruction from the CIO to prepare the Active Directory domain in order to deploy Windows Server 2008 on all domain controllers. You need to determine the appropriate actions that need to be executed to accomplish this task.

What should you do? (Choose all that apply.)

A. You should consider running the adprep /domainprep command.

B. You should consider raising the forest functional level to Windows Server 2008. C. You should consider running the adprep /forestprep command.

D. You should consider raising the domain functional level to Windows Server 2008.

Answer: A,CQUESTION NO: 54You work as an enterprise administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest named us.testking.com and uk.testking.com.

The functional level of us.testking.com is set at Windows Server 2008 and the functional level of uk.testking.com is set at Windows Server 2003 Native Mode. During the course of the day you receive an instruction from management to have an external trust configured between us.testking.com and uk.testking.com. To ensure productivity throughout the organization you thus decide to have Kerberos AES encryption enabled.

What should you do?

A. This can be accomplished by ensuring that the uk.testking.com forest functional level is raised to Windows Server 2008.

B. This can be accomplished by ensuring that the uk.testking.com domain functional level is raised to Windows Server 2008.

C. This can be accomplished by ensuring that the us.testking.com forest functional level is raised to Windows Server 2008.

D. This can be accomplished by ensuring that a new forest trust created and forest-wide authentication is enabled.

Answer: BQUESTION NO: 55You are employed as the network administrator at TestKing.com. The TestKing.com network consists of a single Active Directory forest that contains a single domain named testking.com. The functional level of the forest is set at Windows Server 2008.

During the course of the day you receive an instruction from the CIO to create a global distribution group as well as adding users to it. After creating the global distribution group and adding the users you create a shared folder named KINGDATA on a Windows Server 2008 member server. Thereafter you place the global distribution group in a domain local group that has access to KINGDATA. To ensure productivity you need to make sure that all users are able to access KINGDATA.

What should you do?

A. This can be achieved by having the global distribution group renamed to a universal distribution group.

B. This can be achieved by having the global distribution group type modified to a security group. C. This can be achieved by havin the forest functional level set to Windows Server 2008.

D. This can be achieved by having the Domain Administrators added to the global distribution group.

Answer: BQUESTION NO: 56TestKing.com has hired you as a systems administrator for their network. The TestKing.com network consists of a single Active Directory forest that contains two domains named us.testking.com and uk.testking.com.

TestKing.com has its headquarters in Phoenix and a branch office in Dallas. To ensure productivity management wants you to minimize the time needed to authenticate users from the us.testking.com when they access resources in the uk.testking.com.

What should you do?

A. This can be accomplished by increasing the replication interval for the DEFAULTIPSITELINK

site link.

B. This can be accomplished by creating a one-way shortcut trust from us.testking.com to uk.testking.com.

C. This can be accomplished by increasing the replication interval for all connections objects. D. This can be accomplished by creating a one-way shortcut t

Documents

70-640