ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-412 All Questions

View all questions & answers for the 70-412 exam
Go to Exam

Exam 70-412 topic 3 question 73 discussion

Actual exam question from Microsoft's 70-412
Question #: 73
Topic #: 3
[All 70-412 Questions]

HOTSPOT -
Your network contains an Active Directory domain named adatum.com. All servers run Windows Server 2012 R2. All domain controllers have the DNS Server server role installed.
You have a domain controller named DC1.
On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by using DNSSEC.
You deploy a new read-only domain controller (RODC) named RODC1.
You need to ensure that the contoso.com zone replicates to RODC1.
What should you configure on DC1?
To answer, select the appropriate tab in the answer area.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
For additional servers to host a zone, zone transfers are required to replicate and synchronize all copies of the zone used at each server configured to host the zone.

Reference: Understanding zones and zone transfer
http://technet.microsoft.com/en-us/library/cc781340(v=ws.10).aspx
by DanStafford at Feb. 29, 2020, 11:24 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DanStafford
4 years, 11 months ago
** As found out in a previous similar question, even if a zone is AD-integrated, if you sign it with DNSSEC, RODC's will load it as a standard secondary zone, and zone transfers must be configured for replication to take place. The key here is the zone was signed with DNSSEC ** https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn593674(v=ws.11)
upvoted 2 times
...
DanStafford
5 years, 3 months ago
TRICKY! "On DC1, you create an Active Directory-integrated zone named adatum.com and you sign the zone by using DNSSEC. You deploy a new read-only domain controller (RODC) named RODC1. You need to ensure that the *** contoso.com *** zone replicates to RODC1." The Adatum.com zone is the AD-Integrated zone. I'm assuming here that *** Contoso.com *** is NOT an AD-Integrated zone, but rather a standard Primary zone, which would necessitate zone transfer options to be configured. Close-reading is a must!!
upvoted 3 times
...
DanStafford
5 years, 3 months ago
https://serverfault.com/questions/90350/read-only-domain-controllers-and-dns-zone-updates
upvoted 1 times
...
DanStafford
5 years, 3 months ago
https://social.technet.microsoft.com/wiki/contents/articles/4031.how-read-only-domain-controllers-and-dns-works.aspx
upvoted 1 times
...
DanStafford
5 years, 3 months ago
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/active-directory-integrated-dns-zones
upvoted 1 times
...
DanStafford
5 years, 3 months ago
https://activedirectorypro.com/windows-dns-zones-explained/
upvoted 1 times
...
DanStafford
5 years, 3 months ago
The problem that I have with this question is that the zone clearly shows as an Active Directory-Integrated zone. With AD-Integrated zones, the zone and its updates are replicated through Active Directory replication, not through zone transfers. If the zone were a standard Primary zone, and the RODC were a standard Secondary zone, I would agree absolutely with the Zone Transfers tab options needing to be configured, but this zone is shown as AD-Integrated. Either the graphics are wrong for the question, or the question is invalid because of the AD-Integrated zone.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel