QUESTION 1
ABC.com has a forest with a domain named ABC.com. A server named ABC-SR05 is configured
as the DNS server. During a routine security check you discover a number of outdated resource
records in the ABC.com zone. You successfully set up the DNS service to do scavenging on ABCSR05
but after a month ABC-SR05 was clogged up with the same stale resource records again.
What action should you take to take away all outdated resource records?
A. You should execute the dnscmd ABC-SR05 /AgeAllRecords command.
B. You should disable the DNS service on ABC-SR05 and manually start scavenging stale
records.
C. You should execute the dnscmd ABC-SR05 /StartScavenging command.
D. You should enable the DNS scavenging utility on the us.ABC.com zone.
E. You should execute the dnscmd /zonerefresh command.
F. You should increase the Expires After setting of the Start of Authority (SOA) record.
Answer: D
Explanation:
You again noticed the same stale resource records still lay na.contoso.com even after enabled
DNS scavenging on Server1 because the Server1 may not have na.contoso.com zone integrated
with AD DS and loaded at the server.
To ensure that the stale resource records are removed from na.contoso.com, you need to enable
DNS scavenging on the na.contoso.com zone. The aging and scavenging can be configured for
specified zones on the DNS server to make sure that the stale records are removed from the
specified zone.
Reference: Enable Aging and Scavenging for DNS
http://technet2.microsoft.com/windowsserver2008/en/library/7972082c-22a1-44fc-8e39-
841f7327b6051033.mspx?mfr=true
Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com
QUESTION 2
You work as the enterprise administrator at ABC.com. The ABC.com network uses the public
namespace ABC.com. All servers on the ABC.com network run Microsoft Windows Server 2008.
The ABC.com CIO does not want user to have the ability to copy the public DNS zone records.
You must make sure that the zone transfers are restricted to DNS servers that are listed in the
Name Servers option without affecting the operation of the public name resolution.
How will you comply with the CIO’s requirement?
A. Check the Service Locator (SRV) resource record enabled option on all ABC.com domain
controllers.
B. Configure the priority value for the SRV records on all the domain controllers of us.ABC.com to 1.
C. Check the Allow zone transfers only to servers listed on the Name Servers option on ABC.com.
D. Uncheck the DNS scavenging option on the us.ABC.com zone.
Answer: C
Explanation:
To ensure that public DNS zone records cannot be copied without impacting the functionality of
public DNS name resolutions, you need to configure the Allow zone transfers only to servers listed
on the Name Servers option on ABC.com. This setting allows you to restrict zone transfers only to
DNS servers listed in the Name Servers resource option on ABC.com.
Reference: DNS Zones
http://books.google.co.in/books?id=pL89TOMFcHsC&ABC=RA1-PA244&lABC=RA1-
PA244&dq=Allow+zone+transfers+only+to+servers+listed+on+the+Name+Servers+option+&sourc
e=web&ots=StFz29rSf5&sig=0wRSARkgYxCy2ohweQs4QUDMqEQ&hl=en#PRA1-PA243,M1
QUESTION 3
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run Windows Vista.
The ABC.com network has two Servers named ABC-SR05 and ABC-SR06. ABC-SR05 is a
domain controller that is configured as DNS server. ABC-SR06 is configured to run a legacy
application. You receive an instruction from the CIO to include parameters like Service, Weight
Protocol, and Port number for the legacy application on ABC-SR05.
What action should you take to accomplish this?
A. You must create a Host Info (HINFO) record on ABC-SR05.
B. You must create a Well-Known Service (WKS) record on ABC-SR05.
C. You must create a Service Locator (SRV) record on ABC-SR05.
D. You must create a Pointer (PTR) resource record on ABC-SR05.
E. You must create a Start of Authority (SOA) record on ABC-SR05.
Answer: C
Explanation:
Your best option in this scenario would be to create a Service Locator (SRV) record. To configure
DNS on ABC-SR05 to include the parameters such as Service, Priority, Weight Protocol, Port
number, and Host offering this service for the custom application, you need to configure Service
Locator (SRV) records. An SRV record or Service record is a category of data in the Internet
Domain Name System specifying information on available services. Service locator (SRV)
resource record. Allows multiple servers providing a similar TCP/IP-based service to be located
using a single DNS query operation. This record enables you to maintain a list of servers for a
well-known server port and transport protocol type ordered by preference for a DNS domain name.
References: SRV Record
http://en.wikipedia.org/wiki/SRV_record
Resource records reference / SRV
http://technet2.microsoft.com/windowsserver/en/library/9b561e1b-9a0d-43e5-89a8-
9daf07afac0d1033.mspx?mfr=true
QUESTION 4
You work as the network administrator at ABC.com. The ABC.com network has a forest with two
domains named us.ABC.com and uk.ABC.com.
All servers on the ABC.com network run Windows Server 2008 and all client computers run
Windows Vista. Users in the us.ABC.com zone complain that it takes a long time to access
resources in the uk.ABC.com zone.
What action should you take to reduce the resolution response times? (Each correct answer
presents part of the solution. Choose TWO.)
A. You should create and configure a GPO with DNS Suffix Search List option to uk.ABC.com,
us.ABC.com.
B. You should configure the priority value for the SRV records on all the domain controllers of
us.ABC.com to 5.
C. You should apply the policy to all user workstations in the us.ABC.com zone.
D. You should enable Scavenge Stale resource records in the Zone Aging /Scavenging Properties
dialog box of every workstation.
E. You should create and configure a GPO with the Local-Link Multicast Name Resolution feature enabled.
F. You should execute the dnscmd /zonerefresh command on the workstations in uk.ABC.com.
Answer: A,C
Explanation:
To configure the user workstations in the us.ABC.com zone to improve the name resolution
response time for resources in the uk.ABC.com zone you need to configure a new GPO that
configures the DNS Suffix Search List option to us.ABC.com, us.ABC.com. Thereafter the policy
can be applied to all user workstations in the us.ABC.com zone.
A customized DNS suffix search lists to ensures that clients can locate services and other
computers when they perform single-label name queries.
Link-Local Multicast Name Resolution cannot be used because it allows IPv6 hosts on a single
subnet without a DNS server to resolve each other names. Therefore it need not be used here.
DNS SRV records cannot be used because they are the service records, which are a type of DNS
entry that specify information on a service available in a domain. They are typically used by clients
who want to know the location of a service within a domain. When multiple hosts are configured
for the same service, the priority determines which host is tried first.
Reference: Create a Disjoint Namespace / Update the DNS suffix search list
http://technet2.microsoft.com/windowsserver2008/en/library/afe94bc3-41fb-4817-84b5-
5517c38a0d391033.mspx?mfr=true
Reference: Introducing MS Windows Vista/ Learning about Dual Stack and IP Management
Enhancements
http://download.microsoft.com/download/5/7/8/578cbb95-c42e-4b9f-9989-
93ffdeae8af4/Introducing_Windows_Vista.pdf
Reference: Understanding DNS SRV records and SIP
http://blog.lithiumblue.com/2007/07/understanding-dns-srv-records-and-sip.html
QUESTION 5
You are employed as the enterprise administrator at ABC.com. The ABC.com network has a
domain named ABC.com. ABC.com has a subsidiary company named TestLabs.com. The servers
on both domains are configured to run Windows Server 2008.
You are responsible for a ABC.com server named ABC-SR05. ABC-SR05 is a configured to run
the DNS server role. There is a server on the TestLabs.com network named TESTLABS-LR18
that is configured to run the DNS server role. ABC-SR05 contains a stub zone. The master for the
stub zone on ABC-SR05 is ABC-SR06. During routine monitoring you discover that ABC-SR06
has failed resulting in name resolution problems for ABC users connecting to the TestLabs.com
network.
What action should you take to overcome this problem?
A. You must decrease the Minimum (default) TTL setting in the SOA record for the zone on
TESTLABS-LR18.
B. You must modify the stub zone to a secondary zone on ABC-SR05.
C. You must create a new Service Locator (SRV) record in the primary DNS zone on TESTLABSLR18.
Also create a new host (A) record for ABC-SR05.
D. You must enable DNS scavenging in the DNS zone on TESTLABS-LR18.
E. You must use a DNS forwarder on TESTLABS-LR18.
Answer: B
Explanation:
Users are not able to resolve names for testlabs.com because the master server has failed. To
ensure that users are able to resolve names for testlabs.com in such a scenario, you need to
change the stub zone to a secondary zone on ABC-SR05. This is because the primary name
server notifies the secondary zone server keeps an identical copy of the primary zone. Although it
contains read-only zone information, it can resolve names of the existing names.
You need to remove the stub zone because it requires the IP address of at least one DNS server
in the source domain to the DNS server hosting the stub zone. If this server goes down, then the
stub zone records eventually expire.
Reference: The Long and Short of Stub Zones / What Happens if a Source Server Goes Offline?
http://redmondmag.com/columns/article.asp?EditorialsID=641
Reference: DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
QUESTION 6
You are employed as a network administrator at ABC.com. The ABC.com network has a domain
named ABC.com. All servers on the ABC.com network run Windows Server 2008 and all client
computers run Windows Vista.
The ABC.com domain contains three Windows Server 2008 servers named ABC-SR05, ABCSR06
and ABC-SR07. ABC-SR05 and ABC-SR06 are configured as DNS servers while ABCMicrosoft
70-642: Practice Exam
SR07 passes DNS requests on to ABC-SR06.
How can you configured to enable ABC-SR07 to be updated as soon as DNS records are updated
on ABC-SR06 ?
A. You should execute the ipconfig /flushdns command on all ABC.com client computers.
B. You should execute the dnscmd /clearcache command on ABC-SR07.
C. You should decrease the Retry Interval value of the Start of Authority (SOA) record of ABC.com
to 10 minutes in the DNS service.
D. You should increase the Expires After option of the Start of Authority (SOA) record to 10
minutes in the DNS service.
E. You should enable the DNS Client service on the all client computers in the zone.
Answer: B
Explanation:
To ensure that ABC-SR07 is able to resolve the updated DNS record immediately you need to run
the dnscmd . /clearcache command on ABC-SR07.
Both the DNS server and the local DNS resolver cache any records they receive for a period of
time determined by a TTL setting in the record. The SOA for the zone determines the default TTL,
which is one hour for Windows DNS servers. To ensure that server immediately finds the updated
record, you need to use the Clear Cache option in the server’s property menu in the DNS console
or use the Dnscmd utility with the syntax dnscmd /clearcache, so that less records needs to be
searched.
If you restart the DNS user workstations it will only clear the DNS client cache. This will not resolve
the problem and restore proper name resolution however the DNS server will still respond to query
the name of the workstation.
Reference: dnscmd . /clearcache
http://technet2.microsoft.com/windowsserver2008/en/library/e7f31cb5-a426-4e25-b714-
88712b8defd51033.mspx?mfr=true
Reference: 10 DNS Errors That Will Kill Your Network
http://mcpmag.com/features/article.asp?editorialsid=413
QUESTION 7
You work as an enterprise administrator for ABC.com. The ABC.com network consists of a forest
with a domain named us.ABC.com. All servers on the ABC.com network run Windows Server
2008.
You are responsible for a DNS server named ABC-SR10 that hosts numerous secondary zones of
which us.ABC.com is one.
What action should you take to have ABC-SR10 perform the function of a caching-only DNS
server?
A. You should have the DNS stub zones disabled on ABC-SR10 prior to re-enabling the DNS
service.
B. You should have the DNS service uninstalled on ABC-SR10 prior to re-installing the DNS
service.
C. You should configure DNS Scavenging on ABC-SR10.
D. You should modify the DNS zones on ABC-SR10 to standard primary zones.
E. You should re-configure the DNS service with one or more forwarders.
F. You should enable Zone Aging on ABC-SR10.
Answer: B
Explanation:
In order to reconfigure ABC-SR10 as a caching-only DNS server you need to disable and reenable
the DNS service on ABC-SR10. Uninstalling and reinstalling DNS service will remove all
the previously configured data from ABC-SR10.
Reference: Install the DNS Server service
http://technet2.microsoft.com/windowsserver/en/library/421cd57a-9fd4-42da-8d22-
067738f034ee1033.mspx?mfr=true
QUESTION 8
You work as the network administrator at ABC.com. The ABC.com network has a forest that
contains four domains. All servers on the ABC.com network run Windows Server 2008. The
domain controllers are configured as DNS servers. All ABC.com users make use of a Web server
named ABC-SR02 to accomplish their daily tasks.
What action should you take to make sure that ABC.com users can access ABC-SR02 by using
Internet Explorer? (Each correct answer presents part of the solution. Choose THREE.)
A. By creating a GlobalNames zone on a DNS server.
B. By configuring ABC-SR02 in order to enable DFS-R on it.
C. By replicating the GlobalNames zone to all domains controllers in the ABC.com forest.
D. By creating a host (A) record for ABC-SR02 in the GlobalNames zone.
E. By creating a LegacyWINS zone on a DNS server.
F. By replicating the GlobalNames zone in the DNS zone for the forest root domain.
Answer: A,C,D
Explanation:
To ensure that users from all domains are able to access a ABC-SR02 by browsing to https:: //Test
WebApp you need to create a zone named GlobalNames on a DNS server. Then GlobalNames
zone can be replicated to all domain controllers in the forest. Lastly a host (A) record can be
created for ABC-SR02 in the zone.
GlobalNames Zone (also known as GNZ) is designed to enable the resolution of the single-label,
static, global names for servers using DNS. GNZ is intended to aid the retirement of WINS, and it’s
not a replacement for WINS. GNZ is not intended to support the single-label name resolution of
records that are dynamically registered in WINS, records which typically are not managed by IT
administrators.
Reference: Understanding GlobalNames Zone in Windows Server 2008
http://www.petri.co.il/windows-DNS-globalnames-zone.htm
QUESTION 9
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com has its headquarters in Miami and a branch office in Toronto. IPv4
addressing is utilized at both offices.
During the course of the day you receive instruction from ABC.com to travel to the Toronto office
and deploy an additional server named ABC-SR06.
What action should you take to configure Routing and Remote Access on ABC-SR06?
A. You should have ABC-SR06 configured with the Routing and Remote Access role.
Then you should execute the netsh command with the interface ipv4 enable parameter.
B. You should have ABC-SR06 configured with the Routing and Remote Access role.
Then you should enable IPv4 Router Routing and Remote Access on ABC-SR06.
C. You should execute the netsh command with the interface ipv4 enable parameter on ABCSR06
prior to enabling Routing and Remote Access.
D. You should execute the netsh command with the ras ipv4 set access ALL parameter on ABCSR06.
Then you should have Router Routing and Remote Access enabled for IPv4 and IPv6.
Answer: B
Explanation:
To configure routing on the server at the branch office, you need to first install the Routing and
Remote Access role on the server and then enable the IPv4 Router Routing and Remote Access
option on the server.
QUESTION 10
You work as the enterprise administrator at ABC.com. The ABC.com network has a domain
named ABC.com. ABC.com currently has their headquarters located in Miami. The ABC.com
network servers run Microsoft Windows Server 2008 and the client computers run Microsoft
Windows Vista.
You are preparing to deploy a computer named ABC-SR21 which is configured with the Network
Access Policy (NAP) server role. ABC.com wants you to have the tunnel interface and the IPv6
Loopback interface as the only connections running IPv6.
What action should you take?
A. You should execute the netsh interface ipv4 enable command on ABC-SR21.
B. You should consider clearing the Internet Protocol Version 6 (TCP/IPv6) checkbox in the Local
Area Connection Properties window.
C. You should execute the netsh internal interface ipv6 delete command on ABC-SR21.
D. You should consider disabling the IPv4 Routing and Remote Access option on ABC-SR21.
Answer: B
Explanation:
To disable IPv6 for all connections except for the tunnel interface and the IPv6 Loopback interface,
you need to uncheck Internet Protocol Version 6 (TCP/IPv6) from the Local Area Connection
Properties window.
This is because unlike Windows XP and Windows Server 2003, IPv6 in Windows Vista and
Windows Server 2008 cannot be uninstalled. However, you can disable IPv6 in Windows Vista
and Windows Server 2008 by doing one of the following: In the Network Connections folder, obtain
properties on all of your connections and adapters and clear the check box next to the Internet
Protocol version 6 (TCP/IPv6) components in the list.
This method disables IPv6 on your LAN interfaces and connections, but does not disable IPv6 on
tunnel interfaces or the IPv6 loopback interface.
Reference: IPv6 for Microsoft Windows: Frequently Asked Questions
http://www.microsoft.com/technet/network/ipv6/ipv6faq.mspx
Best Microsoft MCTS Training – Microsoft MCITP Training at Certkingdom.com