ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-412 All Questions

View all questions & answers for the 70-412 exam
Go to Exam

Exam 70-412 topic 3 question 99 discussion

Actual exam question from Microsoft's 70-412
Question #: 99
Topic #: 3
[All 70-412 Questions]

You have a DNS server named Server1 that runs Windows Server 2012 R2.
Server1 has the zones shown in the following output.

You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1.
What should you do first?

  • A. Enable the distribution of the trust anchors for adatum.com.
  • B. Unsign adatum.com.
  • C. Store adatum.com in Active Directory.
  • D. Update the server data file for adatum.com.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
From the exhibit we see that the adatum.com zone is signed. A trust anchor (or trust "point") is a public cryptographic key for a signed zone. Trust anchors must be configured on every non-authoritative DNS server that will attempt to validate DNS data. You cannot distribute trust anchors until after a zone is signed.

Reference: Trust Anchors -
https://technet.microsoft.com/en-us/library/dn593672.aspx
by U4ea at Feb. 18, 2020, 8:20 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DanStafford
4 years, 11 months ago
* unsign so that it can be AD-Integrated to allow permissions to be set
upvoted 1 times
...
DanStafford
4 years, 11 months ago
The question & answer appear to be pulled from 2 different questions. The question asked is about assigning permissions to modify to a group, while the answer is talking about other DNS servers validating responses with DNSSEC. Not at all related. - My answer to the question would be to unsign the zone so that permissions can be set & then re-sign it. The answer & explanation don't actually apply here.
upvoted 2 times
...
U4ea
5 years, 3 months ago
Consensus seems to be that the zone must be unsigned first.
upvoted 4 times
wazmac
5 years, 2 months ago
Agreed it should be "B" Unsign. To enable the delegation of rights you have to change the zone to integrated but you can’t make changes to the zone until it’s unsigned.
upvoted 3 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel