exam questions

Exam 70-741 All Questions

View all questions & answers for the 70-741 exam

Exam 70-741 topic 1 question 11 discussion

Actual exam question from Microsoft's 70-741
Question #: 11
Topic #: 1
[All 70-741 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com. The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.


You have the following subnets defined on Server1.


You need to prevent Server1 from resolving queries from DNS clients located on Subnet4. Server1 must resolve queries from all other DNS clients.
Solution: From Windows Firewall with Advanced Security on Server1, you create an inbound rule.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
https://technet.microsoft.com/en-us/library/dd421709(v=ws.10).aspx

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Besmuci
Highly Voted 5 years, 7 months ago
Answer A is correct. In the firewall all dns traffic with port 53 from subnet4 can be blocked. Or outbound dns traffic at that subnet can be blocked as well. The hosts on that subnet cannot resolve any query from server1.
upvoted 20 times
...
mvdb87
Highly Voted 4 years, 11 months ago
Funny thing is, this question is on the 70-740 exam questions here also and it says yes. Which is the correct answer.
upvoted 6 times
...
panda
Most Recent 3 years, 10 months ago
I think A is correct. I understand this solution with following link. https://www.howtogeek.com/112564/how-to-create-advanced-firewall-rules-in-the-windows-firewall/
upvoted 1 times
Thermal
3 years, 10 months ago
Be careful not to get tripped up by this. Whilst technically the solution A would work 70-741 does not cover windows firewall, our course tutor was very clear to point this out to those of us taking exams. Windows Firewall is not the answer MS is looking for.
upvoted 1 times
...
...
simocb
3 years, 11 months ago
Answer A yes is correct
upvoted 1 times
...
Vortex_SA
4 years ago
The Book teaches us to use DNS policies, not windows firewall to block queries from being resolved for a specific subnet. As the book teaches, your going to add the subnet with the Add-DnsServerClientSubnet command, and then use that in the Add-DnsServerQueryResolutionPolicy command.
upvoted 1 times
...
TA77
4 years, 2 months ago
Answer is NO. The provided answer is correct. Firewall is used to monitor and limit network traffic between the web and the internal network. Here in the question it states that this a dns server in a domain network. Also, firewall rules is applied on the gateway, i.e. the router, although you can set firewall rule on any computer separately. Last, 741 don't cover firewalls. So, answer is NO in my opinion.
upvoted 3 times
...
Bret0150
4 years, 3 months ago
So "A" is correct, adding a firewall rule would solve this issue. However, MS believes this is not the "proper" way of resolving the issue. This is one of those questions that does not match real life. On the test make sure you say "B"; no.
upvoted 4 times
V1980
4 years, 2 months ago
DING DING DING this is the correct answer. It may fix the scenario, but it isn't the 'proper Microsoft way'.
upvoted 2 times
...
...
Semm
4 years, 3 months ago
https://www.examtopics.com/exams/microsoft/70-740/view/15/ Question 74 of the 7-740 exam is exactly the same and says yes....
upvoted 2 times
...
Koko3d
4 years, 5 months ago
The answer is A!!!!
upvoted 2 times
...
shaunakpandey
4 years, 6 months ago
Add-DnsServerQueryResolutionPolicy cmdlet will do the trick. you cannot do it by setting a inbound rule in this scenario is because all these zone are configured within server1 itself, therefore, there will be no inbound connection has to be established at the first place.
upvoted 2 times
Thermal
4 years, 5 months ago
This is the correct answer, 70-741 does not cover windows firewall. see question 12 for the answer they area actually looking for... Add-DnsServerQueryResolutionPolicy
upvoted 3 times
Thermal
4 years, 5 months ago
Therefore B (No) is the answer to this question.
upvoted 1 times
Hellothere1993
4 years, 5 months ago
both answers can be yes. It is asking if the method is valid or not
upvoted 2 times
...
...
...
...
khalid86
4 years, 8 months ago
The same question is in 70-740 Q.74 Topic 1 and the answer is Yes. check the link below. https://www.examtopics.com/exams/microsoft/70-740/view/15/
upvoted 2 times
Gomer
4 years, 8 months ago
I know this is the correct answer. Whether you can also do this in firewall settings is up for debate. The practice exams seem to say no. Add-DnsServerClientSubnet -Name "BlockedSubnet" -IPv4Subnet 172.16.1.0/24 -PassThru Add-DnsServerQueryResolutionPolicy -Name "BlackholePolicyMalicious" -Action IGNORE -ClientSubnet "EQ,BlockedSubnet" -PassThru
upvoted 3 times
...
...
Dhelailla
4 years, 8 months ago
Correct Answer is A. See also: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd421709(v=ws.10)?redirectedfrom=MSDN
upvoted 2 times
...
[Removed]
4 years, 8 months ago
This is an exact question from 70-740 test which A is the correct answer. Answer is A.
upvoted 2 times
...
Ario
4 years, 9 months ago
That is possible but not recommended so correct answer is A
upvoted 1 times
...
Topical
4 years, 10 months ago
A is correct i agree as well
upvoted 2 times
...
Nhan
4 years, 10 months ago
A is correct answer I agree with Besmuci
upvoted 2 times
...
Ant0ny
4 years, 11 months ago
I don't see how you can block port 53 to or from a specific subnet, are we sure thats possible from windows firewall?
upvoted 1 times
SmackedWookiee
4 years, 11 months ago
You create a new Inbound Rule. When you are given an option of what type of rule to create, select Custom. Then you can choose to block port 53 and put in the IP range you want to block it on.
upvoted 5 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago