HOTSPOT -
Your network contains an Active Directory domain named contoso.com.
Some user accounts in the domain have the P.O. Box attribute set.
You plan to remove the value of the P.O. Box attribute for all of the users by using Ldifde.
You have a user named User1 who is located in the Users container.
How should you configure the LDIF file to remove the value of the P.O. Box attribute for User1? To answer, select the appropriate options in the answer area.
Hot Area:
Correct Answer:
DRAG DROP -
Your company has multiple offices.
The network contains an Active Directory domain named contoso.com. An Active Directory site exists for each office. All of the sites connect to each other by using DEFAULTIPSITELINK.
The company plans to open a new office. The new office will have a domain controller and 100 client computers.
You install Windows Server 2016 on a member server in the new office. The new server will become a domain controller.
You need to deploy the domain controller to the new office. The solution must ensure that the client computers in the new office will authenticate by using the local domain controller.
Which three actions should you perform next in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Correct Answer:
Your network contains an Active Directory forest named contoso.com. Users frequently access the website of an external partner company. The URL of the website is http://partners.adatum.com.
The partner company informs you that it will perform maintenance on its Web server and that the IP addresses of the Web server will change.
After the change is complete, the users on your internal network report that they fail to access the website. However, some users who work from home report that they can access the website.
You need to ensure that your DNS servers can resolve partners.adatum.com to the correct IP address immediately.
What should you do?
Correct Answer: D
Running Set-DnsServerCache is the correct approach. When users can access the external website from home but not from within the internal network, it indicates that the issue is likely due to outdated DNS cache entries in the internal DNS server. The Set-DnsServerCache cmdlet can be used to clear the DNS server cache, ensuring that the DNS servers resolve the URL to the updated IP address immediately. This directly addresses the problem of the internal DNS server holding onto stale records. Options involving dnscmd, Set-DnsServerGlobalQueryBlockList, or ipconfig commands do not directly address clearing the DNS cache in this context.
You network contains one Active Directory domain named adatum.com. The domain contains a DNS server named Server1 that runs Windows Server 2016. All domain computers use Server1 for DNS.
You sign adatum.com by using DNSSEC.
You need to configure the domain computers to validate DNS responses for adatum.com records.
What should you configure in Group Policy?
Correct Answer: C
To configure domain computers to validate DNS responses for the signed adatum.com zone, you should configure the Name Resolution Policy in Group Policy. The Name Resolution Policy Table (NRPT) allows you to define rules for DNS queries, including DNSSEC validation settings. This ensures that DNS responses are processed according to the security policies defined for the domain, thereby validating the authenticity and integrity of DNS data.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution. Determine whether the solution meets the stated goals.
Your network contains an Active Directory domain named contoso.com.
The domain contains a DNS server named Server1. All client computers run Windows 10.
On Server1, you have the following zone configuration.
You need to ensure that all of the client computers in the domain perform DNSSEC validation for the fabrikam.com namespace.
Solution: From a Group Policy object (GPO) in the domain, you add a rule to the Name Resolution Policy Table (NRPT).
Does this meet the goal?
Correct Answer: A
To ensure that all client computers in the domain perform DNSSEC validation for the fabrikam.com namespace, adding a rule to the Name Resolution Policy Table (NRPT) from a Group Policy object (GPO) is a valid solution. The NRPT is designed to store configurations and settings related to DNS Security Extensions (DNSSEC) and DirectAccess. It includes rules that specify DNS settings or specific behaviors for names or namespaces. When the DNS Client service performs name resolution, it checks the NRPT before making DNS queries. If a query matches an NRPT entry, it follows the specified policy settings, allowing for DNSSEC validation. Thus, this solution is correct.