Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/28

Click to flip

28 Cards in this Set

  • Front
  • Back
Which DNS management tool can be used to verify the consistency of a particular group of DNS resource records on multiple DNS servers?


a. DNSLint
b. Dnscmd
c. Nslookup
d. Ipconfig
a. DNSLint

EXPLANATION: DNSLint is a tool that is used to verify the consistency of a particular set of records on multiple Domain Name System (DNS) servers.
A DNS server running on a Microsoft Windows Server 2003 network is, by default, configured to load zone data on startup from which locations?


a. File and registry
b. Disk and registry
c. Active Directory directory service and registry
d. Registry only
c. Active Directory directory service and registry

EXPLANATION: By default, the Load Zone Data On Startup property is set to load zone data from Active Directory and the registry. Therefore, by default, Domain Name System (DNS) servers on Windows Server 2003 networks initialize with the settings specified in the Active Directory database and server registry.
Which of the following is a recommended method for increasing DNS security?


a. Run DNS only on member servers.
b. Have all DNS servers perform recursive queries to Internet name servers.
c. Use the same DNS server to resolve internal and external name queries.
d. Enable forwarding to deal with requests for resources outside of the internal network.
d. Enable forwarding to deal with requests for resources outside of the internal network.

EXPLANATION: One method to increase Domain Name System (DNS) security is to enable forwarding. This allows all DNS servers to forward remote queries to one DNS server, which issues recursive queries to Internet name servers.
You use Nslookup to troubleshoot a name resolution problem. Which command should you enter at the Nslookup prompt to display the DNS response messages communicated from the DNS server?


a. Ipconfig /displaydns.
b. Nslookup displaydns.
c. Set debug.
d. None. DHCP response messages are displayed by default.
c. Set debug.

EXPLANATION: When issuing multiple Nslookup commands, it is generally more efficient to use Nslookup in interactive mode. To enter interactive mode, type nslookup and press Enter. From interactive mode, you can enter the debugging mode by entering the Set debug command. Debugging displays messages communicated from Domain Name System (DNS) servers.
You are a network administrator and you have been asked to determine the FQDN associated with 207.1.1.19. Which command will provide the requested information?

a. Nslookup FQDN 207.1.1.19.
b. Nslookup domain.
c. Nslookup 207.1.1.19.
d. Nslookup cannot perform this function.
c. Nslookup 207.1.1.19.

EXPLANATION: Nslookup is a command-line tool that performs Domain Name System (DNS) queries and enables examination of the content of zone files. Issuing the Nslookup command followed by an Internet Protocol (IP) address will return the fully qualified domain name (FQDN) associated with the IP address as long as the appropriate pointer (PTR) record is found.
Your Microsoft Windows Server 2003 network has three DNS servers running on Windows Server 2003 member servers. All DNS servers are configured to use forwarders to resolve external names and to allow zone transfers only to servers listed in the NS resource records in their zone. Which level of DNS security is in use on this network?


a. Low-level security
b. Medium-level security
c. High-level security
d. Active Directory–integrated security
b. Medium-level security

EXPLANATION: Domain Name System (DNS) security implementations can be grouped into three levels: low level, medium level, and high level. Medium-level security uses the DNS security features available without running DNS servers on domain controllers.
You would like to capture and examine packet traffic that your local DNS servers send. Ideally, this information would be stored in a text file that could be opened and viewed using Microsoft WordPad. How can this be accomplished with the least amount of administrative effort?


a. Configure Event Viewer to capture all outgoing DNS packets.
b. Microsoft Windows Server 2003 cannot accomplish this without the use of third-party software.
c. No action is required; by default, the DNS Events Log captures this information.
d. Use the DNS debug log to capture the packets. In the packet options, choose Outgoing as the specified value.
d. Use the DNS debug log to capture the packets. In the packet options, choose Outgoing as the specified value.


EXPLANATION: By default, the Domain Name System (DNS) debug log contains only DNS errors. This log can be configured to capture packets the local DNS servers send or receive.
You are a network administrator of a Microsoft Windows Server 2003 network. Your primary DNS server runs on a Windows Server 2003 server named DNS1. To allow fault tolerance, you have a secondary DNS server that runs on a UNIX server named DNS2. To perform maintenance, you take the primary DNS server offline. While the primary DNS server is offline, users complain that they cannot access resources on your network. What should you do to correct this problem?

a. Enable round robin on DNS1.
b. Enable netmask ordering on DNS2.
c. Select the BIND Secondaries option on the DNS Advanced Server Properties page on DNS1.
d. Select the BIND Secondaries option on the DNS Advanced Server Properties page on DNS2.
c. Select the BIND Secondaries option on the DNS Advanced Server Properties page on DNS1.

EXPLANATION: The BIND Secondaries option controls whether fast transfer format is used during Domain Name System (DNS) zone transfer. Only Berkeley Internet Name Domain (BIND) version 4.9.4 or later can handle the fast zone transfer format. If zone transfer does not occur between a Microsoft DNS server and a UNIX server, you should enable the BIND Secondaries option on the Advanced DNS Server Properties page. (Discussion starts on page 117.)
Which of the following is not a DNS management tool?


a. Nslookup
b. Dnscmd
c. DNSLint
d. DNSmgt
d. DNSmgt



EXPLANATION: (Discussion starts on page 106.)
You are a network administrator for a Microsoft Windows Server 2003 network. Your network consists of four branch offices, each of which is configured with a different IP subnet. You have enabled round robin and netmask ordering. Each branch office has an identical intranet server named intranet.contoso.com, and all branch offices are connected through a VPN connection. All four Web servers have a unique IP address as listed here:
Web server 1 192.168.15.1/20
Web server 2 192.168.30.2/20
Web server 3 192.168.42.40/20
Web server 4 192.168.50.100/20
A DNS client with the IP address 192.168.33.5 submits a query to a DNS server for the name internet.contoso.com. Which IP address will be returned to the client?

a. 192.168.15.1
b. 192.168.30.2
c. 192.168.42.40
d. 192.168.50.100
c. 192.168.42.40

EXPLANATION: When round robin and netmask ordering are both configured, the local subnet priority used in netmask ordering takes precedence over round robin. In this example, the client’s Internet Protocol (IP) address indicates that both the client and the intranet server are located on the 192.168.32.0/20 subnet. The 192.168.32.0/20 subnet includes all IP addresses in the range of 192.168.32.0 through 192.168.47.255.
You are the network administrator of contoso.com. Your network has a connection to the Internet, and all of the DNS servers run on domain controllers. Your DNS zones are all Active Directory–integrated zones. Which level of DNS security is in use on this network?


a. Low-level security
b. Medium-level security
c. High-level security
d. Active Directory–integrated security
c. High-level security

EXPLANATION: High-level security uses the features available with medium-level security; however, high-level security requires that all DNS servers run on domain controllers for additional security. (Discussion starts on page 125.)
Which command should you execute at the Nslookup prompt to view a list of the SRV resource records in the domain contoso.com?

a. Nslookup srv
b. Set debug
c. Ls -t srv contoso.com
d. Nslookup www.contoso.com
c. Ls -t srv contoso.com

EXPLANATION: Nslookup is a command-line tool that performs Domain Name System (DNS) queries and enables the examination of the contents of the DNS zone file. Issuing the Nslookup command using the Ls -t subcommand will list the records of a specific type.
DNS is used to resolve host or FQDN names to IP addresses, and WINS is designed to provide NetBIOS name-to-IP address resolution. Describe how these two services can be integrated so that Microsoft Windows XP clients can use DNS for both host and NetBIOS name resolution.
Correct answer: Student responses should include the following points.
EXPLANATION: For Windows XP clients to use the Domain Name System (DNS) for NetBIOS name resolution, you must either manually configure NetBIOS name-to-IP address mappings on the DNS server, or you must configure the DNS server to forward NetBIOS names queried to a Windows Internet Naming Service (WINS) server.
Which steps should you take to enhance security when you have a multihomed DNS server?


a. Ensure that the DNS server listens and responds to name queries on all IP addresses.
b. Limit the DNS server to listen for queries on only the IP address that the clients list as their preferred DNS server.
c. No action is required. By default, DNS will listen for queries on only the first network adapter.
d. Disable the network adapters except for the adapter that DNS is configuredto use.
b. Limit the DNS server to listen for queries on only the IP address that the clients list as their preferred DNS server.

EXPLANATION: By default, the Domain Name System (DNS) Server service that runs on a multihomed computer is configured to listen for DNS queries on all of its Internet Protocol (IP) addresses. You should limit the IP addresses on which a DNS server will listen for queries to only the preferred DNS server address configured on the client computers. (Discussion starts on page 124.)
Your Microsoft Windows Server 2003 network has Microsoft Windows 2000 Professional and Microsoft Windows XP Professional clients. Your DNS server is configured to allow dynamic updates. Your DNS database appears to have many outdated records, and you suspect that they are a result of mobile users not properly shutting down their client computers. Which process should you use to automatically cleanse your DNS database of stale resource records?


a. Run the Ipconfig /flushdns command.
b. Enable aging and scavenging of DNS resource records.
c. Run DNSclean from the command prompt.
d. Run the Jetpack utility
b. Enable aging and scavenging of DNS resource records.

EXPLANATION: Dynamic updates allow client computers to dynamically register with the Domain Name System (DNS). When clients perform a proper shutdown, the records are also removed from DNS. When clients improperly disconnect from the network, stale resource records can accumulate. Windows Server 2003 has the capability to clean up the DNS database through the aging and scavenging process.
Which command would you enter at the command prompt to display the contents of the DNS resolver cache?

a. Ipconfig /all
b. Ipconfig /dns
c. Ipconfig /displaydns
d. Ipconfig /show
c. Ipconfig /displaydns

EXPLANATION: (Discussion starts on page 124.)
Your network consists of only Microsoft Windows Server 2003 servers and Microsoft Windows XP clients. To provide fault tolerance, your network has a primary DNS server and a secondary DNS server, both of which use default configurations. While loading a zone file, your primary DNS server detects errors in the file. The DNS server will take which action?


a. The zone file will be loaded, but the DNS Server service will not start.
b. The zone file will be loaded. The errors will be logged and ignored.
c. The zone file will not be loaded. The DNS server will answer queries using cached information only.
d. The DNS server will not load the zone file, but will continue to attempt to load the file at five-minute intervals.
b. The zone file will be loaded. The errors will be logged and ignored.

EXPLANATION: Domain Name System (DNS) servers running on Windows Server 2003 will, by default, load a zone even if the zone contains errors. The server will log the errors and ignore them. Selecting the Fail On Load If Bad Zone Data option on the Advanced DNS Server Properties page prevents the zone file from loading if it contains errors.
Which command can be issued at the command prompt to purge the DNS resolver cache?

a. Ipconfig /clearcache
b. Ipconfig /deletecache
c. Ipconfig /flushdns
d. Ipconfig /flushcache
c. Ipconfig /flushdns

EXPLANATION: (Discussion starts on page 124.)
When clients query your DNS server, instead of receiving a definitive answer, they receive referrals to other DNS servers. You would like your DNS server to return a definitive answer to client queries. Which action should you take to accomplish this?


a. This cannot be accomplished; DNS servers always return referrals to other DNS servers to clients.
b. Update the Cache.dns file.
c. Select the option to disable iterative queries on the Advanced DNS Server Properties page.
d. Clear the Disable Recursion option on the Advanced DNS Server Properties page.
d. Clear the Disable Recursion option on the Advanced DNS Server Properties page.


EXPLANATION: By default, recursion is enabled on Domain Name System (DNS) servers that run on Microsoft Windows Server 2003. If your DNS server does not perform recursive queries, recursion might have been disabled. To reenable recursion, clear the Disable Recursion check box in the DNS Advanced Server Properties page. When a DNS server performs recursive queries on behalf of clients, the DNS server contacts other DNS servers while attempting to resolve the client request. When the DNS server has a definitive answer, it responds with the definitive answer to the client.
One of your Microsoft Windows XP clients issues an unsuccessful query for a remote domain. You suspect that the Cache.dns file that contains the root hints for your DNS server might contain inaccurate entries. What could you do to test and verify that your DNS server is configured with the correct root hints?


a. Issue an iterative query to your local DNS server.
b. Open the folder named Root Hints and verify each IP address.
c. Issue a recursive query to another DNS server.
d. Query your WINS server for the address of the root server.
c. Issue a recursive query to another DNS server.

EXPLANATION: Issuing a recursive test to other Domain Name System (DNS) servers involves performing an NS-type query to the root of the DNS domain namespace. The location of the root servers is contained in the root hints that are stored in the Cache.dns file.
You are the network administrator for Wingtip Toys. Your internal DNS server runs on a Microsoft Windows Server 2003 server. Your company maintains three Web servers that handle catalog sales. All three Web servers maintain identical content and respond to the host name www.wingtiptoys.com. You would like to ensure that load balancing occurs among the three Web servers. Which action should you take to accomplish this?


a. Enable round robin on the three Web servers.
b. Enable round robin on the Advanced DNS Server Properties page of the DNS server.
c. Configure each of the three Web servers with unique host names.
d. Windows Server 2003 does not contain a load-balancing feature.
b. Enable round robin on the Advanced DNS Server Properties page of the DNS server.

EXPLANATION: Round robin is a load-balancing mechanism that DNS servers use to share and distribute network resource loads. When multiple resource records satisfy a query, you can enable round robin to rotate the order of resource record types returned to the client.
You are the administrator for a Microsoft Windows 2003 network. Users complain that they can access local resources but have difficulty accessing Internet resources. Which type of test should you run from the DNS console to troubleshoot this problem?


a. Recursive query to another DNS server
b. Iterative query to a local DNS server
c. Forward lookup query to the WINS server
d. Ping your local DNS server
a. Recursive query to another DNS server

EXPLANATION: You can use the Domain Name System (DNS) console to test a DNS server by issuing an iterative or recursive test. In the situation in which clients are unable to resolve remote domain names, a recursive query to another DNS server would be the appropriate test.
Which of the following is not a typical DNS security threat?

a. Foot printing
b. Denial of Service (DoS) attack
c. Data modification
d. Redirection
e. Redistribution
e. Redistribution

EXPLANATION: (Discussion starts on page 125.)
Replication Monitor is a tool that monitors Active Directory replication. Which command is issued at the command prompt to start the Replication Monitor?


a. Replmon
b. Start
c. Repl
d. Replication Monitor cannot be started from the command prompt.
a. Replmon

EXPLANATION: Replication Monitor is a graphical tool that is included in the Microsoft Windows Support tools. It can be launched from the command prompt by entering the Replmon command.
You are the network administrator for a large network consisting of eight domains. You have a primary DNS server named DNS1, which runs on a Microsoft Windows Server 2003 server and it hosts your standard primary zone. You also have a UNIX server named DNS2, which hosts a secondary zone. The UNIX server runs BIND 8.2.1. What could you do to decrease zone transfer traffic between DNS1 and DNS2?


a. Select the BIND Secondaries option on DNS1.
b. Convert the UNIX server to BIND 4.9.4.
c. Clear the BIND Secondaries option on DNS1.
d. Convert the UNIX DNS server to an Active Directory–integrated zone.
c. Clear the BIND Secondaries option on DNS1.

EXPLANATION: Clearing the BIND Secondaries check box on the Advanced DNS Server Properties page allows the Domain Name System (DNS) to use the fast transfer format, which improves zone transfer efficiency.
You are the network administrator for contoso.com, which uses the default settings for clients running Microsoft Windows XP and Microsoft Windows NT 4. Your Windows XP clients are configured to use DNS for name resolution, and your Windows NT 4 clients are configured to register with a WINS server. Your Windows XP clients cannot communicate with the Windows NT 4 clients by NetBIOS name. What could you do so that your Windows XP clients can communicate with the Windows NT 4 clients by NetBIOS name?


a. Configure your WINS server to forward name queries to the DNS server for name resolution.
b. Configure a HOSTS file on the WINS server with the NetBIOS names to IP address mapping for each Windows NT 4 client.
c. Install a secondary DNS server for the Windows NT 4 clients.
d. Configure your DNS server to forward name queries to the WINS server for name resolution.
d. Configure your DNS server to forward name queries to the WINS server for name resolution.


EXPLANATION: The Domain Name System (DNS) is used to resolve host names to Internet Protocol (IP) addresses, and a Windows Internet Naming Service (WINS) server is used to resolve NetBIOS names to IP addresses. You can manually configure NetBIOS names to IP address mappings on the DNS server, or you can configure your DNS server to forward name queries to a WINS server for name resolution.
Which DNS tool can be used from the command line to perform most DNS management functions?

a. DNScmd
b. Nslookup
c. DNSLint
d. Ipconfig
a. DNScmd

EXPLANATION: (Discussion starts on page 106.)
As a system administrator, you perform a manual test on your DNS server. The results indicate that the iterative query was successful, but the recursive query failed. Which of the following is most likely the problem?


a. Invalid root hints.
b. The DNS server service is stopped.
c. All root hints are valid.
d. DNS monitoring is disabled.
a. Invalid root hints.

EXPLANATION: A recursive query test issues an NS-type query for the root of the Domain Name System (DNS) domain namespace. The address of the root server is contained in the root hint that is located in the Cache.dns file. Should the Cache.dns file contain invalid root hints, the recursive query would not reach the root server and would be unsuccessful.