ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-741 All Questions

View all questions & answers for the 70-741 exam
Go to Exam

Exam 70-741 topic 1 question 52 discussion

Actual exam question from Microsoft's 70-741
Question #: 52
Topic #: 1
[All 70-741 Questions]

HOTSPOT -
You have a DNS server named Server1 that runs Windows Server 2016. Server1 has network interfaces that have the following IP addresses:
✑ 10.0.0.100
✑ 131.107.0.100
The internal network uses an IP address space of 10.0.0.0/16.
Server1 provides DNS name resolution to both internal and external clients. Server1 hosts the primary zone for contoso.com.
You need to configure Server1 to meet the following requirements:
✑ Internal clients must be able to use Server1 to resolve Internet-based DNS names.
✑ External clients must not be able to use Server1 to resolve Internet-based DNS names.
✑ External clients must be able to use Server1 to resolve names in the contoso.com zone.
Which commands should you run on Server1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
References: https://docs.microsoft.com/en-us/powershell/module/dnsserver/add-dnsserverqueryresolutionpolicy?view=win10-ps
by dritter at Feb. 25, 2019, 9:38 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
coleman
Highly Voted 5 years ago
. -Name 'scope1' -EnableRecursion $true -Name . -EnableRecursion $false -ServerInterfaceIP 'EQ,10.0.0.100' . .
upvoted 18 times
...
DD
Highly Voted 5 years, 7 months ago
1. Disable resursion all together (gloabally) 2. create a scope for policy, so name of scope and enabling recursion for scope 3. Create dns policy. Identify scope above and allow, tell it to allow on recursion and only for internal interface 10.0.0.0 this results in recursion turned off globally but allows internal to resolve on recursion
upvoted 10 times
...
Dlam
Most Recent 3 years, 11 months ago
Got this on exam 12/18/2020
upvoted 3 times
...
ykarma
4 years ago
Got this question on exam. My exam was November 27th 2020.
upvoted 2 times
GoldenFox
4 years ago
Same. Pay attention to it.
upvoted 2 times
...
...
Vortex_SA
4 years ago
I hate how MS tries to trick you by setting the first command to Add- and not Set- Because you would normally first disable recursion with the set command and then add a recursion scope with the Add command... but in typical MS tradition, they know you are in a hurry and change the two around knowing you would most likely choose the first command as the one to disable recursion and not look and see that they put the Add command first
upvoted 1 times
panda
3 years, 10 months ago
I understand what you say. IT is that the order for cmdlet isn't correct.
upvoted 1 times
...
...
TA77
4 years, 3 months ago
With the command "Add-DnsServerQueryResolutionPolicy" you specify which clients belong to the scope you created and allowed the recursion on. Selecting the ip 10.0.0.100 tells the DNS server that any client request received on this interface is belonging to the recursion scope you created, which means the recursion will be enabled for those requests. But, for all other requests that come to other interfaces recursion will be disabled. Therefore, the answer for the third part is 10.0.0.1 ip.
upvoted 1 times
V1980
4 years, 1 month ago
Considering how often you insist that the answer given is wrong and the overwhelming majority in comments are wrong...I would love to know how you fared in tjis exam.
upvoted 1 times
...
...
Aminebvb
4 years, 5 months ago
example lab: Set-DnsServerRecursionScope -Name . -EnableRecursion $False Add-DnsServerRecursionScope -Name "InternalAdatumClients" -EnableRecursion $True Add-DnsServerQueryResolutionPolicy -Name "RecursionControlPolicy" -Action ALLOW -ApplyOnRecursion -RecursionScope "InternalAdatumClients" -ServerInterfaceIP "EQ,10.24.60.254"
upvoted 1 times
...
daluadanilo
4 years, 9 months ago
"External clients must be able to use Server1 to resolve names in the contoso.com zone" i think the -ServerInterfaceIP must be 131.... Ip address, because the DNS server has 2 NICs, internal and external and the previous commands you able the internal clients to use recursion
upvoted 1 times
TA77
4 years, 3 months ago
No, it should be 10.0.0.100. Because with the this command "Add-DnsServerQueryResolutionPolicy" you specify which clients belong to the scope you created and allowed the recursion on. Selecting the ip 10.0.0.100 tells the DNS server that any client request received on this interface is belonging to the recursion scope you created, which means the recursion will be enabled for those requests. But, for all other requests that come to other interfaces recursion will be disabled.
upvoted 1 times
...
...
ITGEEK
4 years, 11 months ago
1. I believe with -Name 'scope1' -EnableRecursion $true u allow internal clients to use server1 to resolve internet based names 2.With -Name . -EnableRecursion $false External clients cannot use Server to resolve internet based DNS names 3. with -ServerInterfaceIP 'EQ,10.0.0.100' external clients can use server to resolve name in contoso.com
upvoted 8 times
...
Spud1993
5 years, 5 months ago
it satisfies external users because dns is now authoritative for them meaning it seeks the IP address from the source rather than using cached DNS queries which are used in recursive mode. not sure if this makes sense but the link below explains it more https://umbrella.cisco.com/blog/2014/07/16/difference-authoritative-recursive-dns-nameservers/
upvoted 2 times
...
TMW
5 years, 6 months ago
I don't exactly understand how the query resolution policy satisfies the last two requirements for external users....
upvoted 1 times
...
dritter
5 years, 9 months ago
I don't exactly understand why the query resolution policy satisfies the last two requirements for external users. Why is it enough to set -ServerInterfaceIP to the internal IP address of the DNS server? (I do understand though, that you can eliminate the parameters with the -ClientSubnet as this would mean no resolution for external clients.)
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago