Server 2 - Quiz 3

If a stub zone is a standard zone, what records will be updated through zone transfers? (Choose all that apply.)

• A. MX

• B. NS

• C. CNAME

• D. SOA

B & D

A Resource Record Signature (RRSIG) key contains the signature for a single resource record, such as an A or an MX record.

True

When a subdomain has been delegated to a zone on another server, the DNS server hosting the parent zone maintains only an NS record pointing to the DNS server hosting the delegated zone.

True

Zone queries show zone transfers between primary and secondary zone servers.

False

What feature in Windows Server 2016 is used to provide information about the certification authority (CA) used by your domain when a client is requesting DNS information for your domain?

DANE

The zone replication scope determines which of the following? (Choose all that apply.)

• A. The Active Directory permissions that are replicated

• B. The Domain Controllers the zone information is replicated to

• C. The Active Directory partition the zone is stored in

• D. The Domain Controller's security updates

B & C

Which PowerShell cmdlet allows you to see the default values and the status of Response Rate Limiting (RRL)?

Get-DNSServerRRL

A zone transfer report specifies whether a zone transfer is allowed.

False

What do DNS resolvers use to verify the digital signature in Resource Record Signature records?

DNSKEY

Scavenging parameters set at the zone level override those set at the server level.

True

What port is used by DNS servers to issue queries?

UDP 53

Which of the following is a subset of a zone where a zone can contain multiple zone scopes and each zone scope has its own set of resource records?

zone scope

The default scavenging value is set to what value by default?

7 days

Which of the following is true about the DnsAdmins group? (Choose all that apply.)

• A. It has no members by default

• B. It is a domain local group

• C. It is a global group

• D. Server Operators and Administrators are members

A & B

What specific type of DNS attack uses public DNS servers to overwhelm a target with DNS responses by sending DNS queries with spoofed IP addresses ?

DNS amplification attack

What option can be used by a system administrator to ensure that dynamic updates are made only by known clients when you have a standard primary zone?

Change the zone to an Active Directory–integrated zone

What process is taking place when one DNS server transfers zone changes to another DNS server?

zone replication

What DNS policy specifies how DNS queries are handled by the DNS server?

query resolution policy

Which PowerShell cmdlet below creates a stub zone?

Add-DnsServerStubZone

Which of the following is a suite of features and protocols for validating DNS server responses?

DNSSEC

Which feature is used to protect against DNS cache poisoning?

Socket pool

Which of the following are advantages that an Active Directory–integrated zone has over a standard zone? (Choose all that apply.)

• A. manual replication

• B. Secure updates

• C. Multimaster replication and update

• D. synchronized replication

B & C

Zone control is the transfer of authority for a subdomain to a new zone.

False

DNSSEC provides confidentiality of data through the use of encryption.

False

Which PowerShell cmdlet displays the records in the DNS server cache, including the name, record type, timestamp, TTL, and record data?

Show-DnsServerCache

Which of the following are methods provided by DNSSEC to ensure the data DNS clients receive from DNS queries is accurate and secure? (Choose all that apply.)

• A. Authenticated denial of existence

• B. Origin authentication of DNS data

• C. Data integrity

• D. Authorized zone signing

A, B, & C