QUESTION 1
ABC.com has a forest with a domain named ABC.com. A server named ABC-SR05 is configured
as the DNS server. During a routine security check you discover a number of outdated resource
records in the ABC.com zone. You successfully set up the DNS service to do scavenging on ABCSR05
but after a month ABC-SR05 was clogged up with the same stale resource records again.
What action should you take to take away all outdated resource records?
A. You should execute the dnscmd ABC-SR05 /AgeAllRecords command.
B. You should disable the DNS service on ABC-SR05 and manually start scavenging stale
records.
C. You should execute the dnscmd ABC-SR05 /StartScavenging command.
D. You should enable the DNS scavenging utility on the us.ABC.com zone.
E. You should execute the dnscmd /zonerefresh command.
F. You should increase the Expires After setting of the Start of Authority (SOA) record.
Answer: D
Explanation:
You again noticed the same stale resource records still lay na.contoso.com even after enabled
DNS scavenging on Server1 because the Server1 may not have na.contoso.com zone integrated
with AD DS and loaded at the server.
To ensure that the stale resource records are removed from na.contoso.com, you need to enable
DNS scavenging on the na.contoso.com zone. The aging and scavenging can be configured for
specified zones on the DNS server to make sure that the stale records are removed from the
specified zone.
Reference: Enable Aging and Scavenging for DNS
http://technet2.microsoft.com/windowsserver2008/en/library/7972082c-22a1-44fc-8e39-
841f7327b6051033.mspx?mfr=true
QUESTION 2
You work as the enterprise administrator at ABC.com. The ABC.com network uses the public
namespace ABC.com. All servers on the ABC.com network run Microsoft Windows Server 2008.
The ABC.com CIO does not want user to have the ability to copy the public DNS zone records.
You must make sure that the zone transfers are restricted to DNS servers that are listed in the
Name Servers option without affecting the operation of the public name resolution.
How will you comply with the CIO’s requirement?
A. Check the Service Locator (SRV) resource record enabled option on all ABC.com domain
controllers.
B. Configure the priority value for the SRV records on all the domain controllers of us.ABC.com to
1.
C. Check the Allow zone transfers only to servers listed on the Name Servers option on ABC.com.
D. Uncheck the DNS scavenging option on the us.ABC.com zone.
Answer: C
Explanation:
To ensure that public DNS zone records cannot be copied without impacting the functionality of
public DNS name resolutions, you need to configure the Allow zone transfers only to servers listed
on the Name Servers option on ABC.com. This setting allows you to restrict zone transfers only to
DNS servers listed in the Name Servers resource option on ABC.com.
Reference: DNS Zones
http://books.google.co.in/books?id=pL89TOMFcHsC&pg=RA1-PA244&lpg=RA1-
PA244&dq=Allow+zone+transfers+only+to+servers+listed+on+the+Name+Servers+option+&sourc
e=web&ots=StFz29rSf5&sig=0wRSARkgYxCy2ohweQs4QUDMqEQ&hl=en#PRA1-PA243,M1
QUESTION 3
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run Windows Vista.
The ABC.com network has two Servers named ABC-SR05 and ABC-SR06. ABC-SR05 is a
domain controller that is configured as DNS server. ABC-SR06 is configured to run a legacy
application. You receive an instruction from the CIO to include parameters like Service, Weight
Protocol, and Port number for the legacy application on ABC-SR05.
What action should you take to accomplish this?
A. You must create a Host Info (HINFO) record on ABC-SR05.
B. You must create a Well-Known Service (WKS) record on ABC-SR05.
C. You must create a Service Locator (SRV) record on ABC-SR05.
D. You must create a Pointer (PTR) resource record on ABC-SR05.
E. You must create a Start of Authority (SOA) record on ABC-SR05.
Answer: C
Explanation:
Your best option in this scenario would be to create a Service Locator (SRV) record. To configure
DNS on ABC-SR05 to include the parameters such as Service, Priority, Weight Protocol, Port
number, and Host offering this service for the custom application, you need to configure Service
Locator (SRV) records. An SRV record or Service record is a category of data in the Internet
Domain Name System specifying information on available services. Service locator (SRV)
resource record. Allows multiple servers providing a similar TCP/IP-based service to be located
using a single DNS query operation. This record enables you to maintain a list of servers for a
well-known server port and transport protocol type ordered by preference for a DNS domain name.
References: SRV Record
http://en.wikipedia.org/wiki/SRV_record
Resource records reference / SRV
http://technet2.microsoft.com/windowsserver/en/library/9b561e1b-9a0d-43e5-89a8-
9daf07afac0d1033.mspx?mfr=true
QUESTION 4
You work as the network administrator at ABC.com. The ABC.com network has a forest with two
domains named us.ABC.com and uk.ABC.com.
All servers on the ABC.com network run Windows Server 2008 and all client computers run
Windows Vista. Users in the us.ABC.com zone complain that it takes a long time to access
resources in the uk.ABC.com zone.
What action should you take to reduce the resolution response times? (Each correct answer
presents part of the solution. Choose TWO.)
A. You should create and configure a GPO with DNS Suffix Search List option to uk.ABC.com,
us.ABC.com.
B. You should configure the priority value for the SRV records on all the domain controllers of
us.ABC.com to 5.
C. You should apply the policy to all user workstations in the us.ABC.com zone.
D. You should enable Scavenge Stale resource records in the Zone Aging /Scavenging Properties
dialog box of every workstation.
E. You should create and configure a GPO with the Local-Link Multicast Name Resolution feature
enabled.
F. You should execute the dnscmd /zonerefresh command on the workstations in uk.ABC.com.
Answer: A,C
Explanation:
To configure the user workstations in the us.ABC.com zone to improve the name resolution
response time for resources in the uk.ABC.com zone you need to configure a new GPO that
configures the DNS Suffix Search List option to us.ABC.com, us.ABC.com. Thereafter the policy
can be applied to all user workstations in the us.ABC.com zone.
A customized DNS suffix search lists to ensures that clients can locate services and other
computers when they perform single-label name queries.
Link-Local Multicast Name Resolution cannot be used because it allows IPv6 hosts on a single
subnet without a DNS server to resolve each other names. Therefore it need not be used here.
DNS SRV records cannot be used because they are the service records, which are a type of DNS
entry that specify information on a service available in a domain. They are typically used by clients
who want to know the location of a service within a domain. When multiple hosts are configured
for the same service, the priority determines which host is tried first.
Reference: Create a Disjoint Namespace / Update the DNS suffix search list
http://technet2.microsoft.com/windowsserver2008/en/library/afe94bc3-41fb-4817-84b5-
5517c38a0d391033.mspx?mfr=true
Reference: Introducing MS Windows Vista/ Learning about Dual Stack and IP Management
Enhancements
http://download.microsoft.com/download/5/7/8/578cbb95-c42e-4b9f-9989-
93ffdeae8af4/Introducing_Windows_Vista.pdf
Reference: Understanding DNS SRV records and SIP
http://blog.lithiumblue.com/2007/07/understanding-dns-srv-records-and-sip.html
Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com
