|
Home > Archive > 70-217 > November 2002 > Deja's Fri 70-217 Question of the Day! Win a Price!
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Deja's Fri 70-217 Question of the Day! Win a Price!
|
|
| Deja-vue 2002-11-22, 1:22 am |
| Ok, lets spice things up a bit.
The first member, who answers this one correct, gets a price!
I went to the COMDEX Show this week and picked up some Copies of Windows .NET 120 Day Evaluation CD's. They are un-opened, completely sealed and have a registerable Key included.
The CD comes also with the Resource Kit.
Also:
It comes with 3 additional CD's which include:
Windows XP Professional Eval 120 Days
Windows 2000 Advanced Server Eval 120 Days
Systems Management Server (SMS)Eval 120 Days
Windows 2000 ISA Server 120 Day Eval
Security Resource Kit, which includes:
Windows XP Servicepack 1
Windows 2000 Servicepack 3
Security Operations Guide Win2000 Server
MS Business Security Analyzer
IIS Lockdown 2.1
MS Security Response Center Documents,
Security-related white-papers.
URL-Scan Tool
...and many more...
Remember, this is an un-opened, sealed Eval Version of the Products above, therefore i can give this thing away for free...anyone walking in at COMDEX could have picked up one of those;
All yours just for answering this simple (?) Question and to be the first to do it!
Why am i doing this?
Because i apreciate your Support in this Forum.
Ready for the Question?
Here it goes:
You are the administrator of your company's network. The network consists of one Windows 2000 domain that spans multiple subnets. You are configuring DNS for host name resolution throughout the network.
You want to accomplish the following goals
DNS zone transfer traffic will be minimized on the network.
Administrative overhead for maintaining DNS zone files will be minimized.
Unauthorized host computers will not have records created in the zone.
All zone updates will come only from authorized DNS servers.
All zone transfer information will be secured as it crosses the network.
You take the following actions:
1 - Create an Active Directory integrated zone.
2 - In the Zone Properties dialog box, set the "Allow Dynamic Updates" option to Yes.
3 - On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network.
Which results do these actions produce?
(Choose all that apply)
A. DNS zone transfer traffic will be minimized on the network.
B. Administrative overhead for maintaining DNS zone files will be minimized.
C. Unauthorized host computers will not have records created in the zone.
D. All zone updates will be sent only to authorized DNS servers
E. All zone transfer information will be secured as it crosses the network.
We'l see ya' Monday morning with the answers!
| |
| me? I dunno... 2002-11-22, 2:14 am |
| To bad it involves dns and requires a correct answer
oh well, what the hey...
A,IXFR and compression will minimize network load
B, dynamic updates will ease administrative demands
D, Dynamic updates only allowed to authorized servers
I think that all computer objects in active directory will have have host records created/migrated from dhcp
I don't think E is right because no mention of protocol used? rcp or smtp.
I think smtp would have capacity to be secure but is not mentioned? | |
| robertmillar 2002-11-22, 5:23 am |
| A & B | |
| dvinton 2002-11-22, 5:31 am |
| I'm going for:
A,B,D | |
| NetChild1985 2002-11-22, 8:02 am |
| a, b, c, d & e | |
| ClintonN 2002-11-22, 8:02 am |
| A, B D, E | |
| ClintonN 2002-11-22, 8:31 am |
| actually It's a,b,e | |
| dhenricks 2002-11-22, 10:00 am |
| I am going to go with A and B. | |
| aklab 2002-11-22, 11:06 am |
| I'll throw in my 2 cents and say A, B, and D. | |
| Teck Shark 2002-11-22, 12:01 pm |
| It's A,B, & E  | |
| unreal 2002-11-22, 9:29 pm |
| A, B, D & E . | |
| Riverwind6 2002-11-23, 2:26 am |
| Its ABD.. E doesnt work because the Allow only secured updates is not checked. | |
| hlang 2002-11-23, 12:45 pm |
| A B & D | |
| Tech Ranger 2002-11-23, 8:34 pm |
| A, B, D, E | |
| CyberDude 2002-11-24, 1:28 pm |
| A, B, D.  | |
| ClintonN 2002-11-24, 6:41 pm |
| d will not work because you have to specify allow zone transfers only from these servers | |
| Deja-vue 2002-11-24, 11:19 pm |
| quote:
Originally posted by Deja-vue
Ok, lets spice things up a bit.
The first member, who answers this one correct, gets a price!
I went to the COMDEX Show this week and picked up some Copies of Windows .NET 120 Day Evaluation CD's. They are un-opened, completely sealed and have a registerable Key included.
The CD comes also with the Resource Kit.
Also:
It comes with 3 additional CD's which include:
Windows XP Professional Eval 120 Days
Windows 2000 Advanced Server Eval 120 Days
Systems Management Server (SMS)Eval 120 Days
Windows 2000 ISA Server 120 Day Eval
Security Resource Kit, which includes:
Windows XP Servicepack 1
Windows 2000 Servicepack 3
Security Operations Guide Win2000 Server
MS Business Security Analyzer
IIS Lockdown 2.1
MS Security Response Center Documents,
Security-related white-papers.
URL-Scan Tool
...and many more...
Remember, this is an un-opened, sealed Eval Version of the Products above, therefore i can give this thing away for free...anyone walking in at COMDEX could have picked up one of those;
All yours just for answering this simple (?) Question and to be the first to do it!
Why am i doing this?
Because i apreciate your Support in this Forum.
Ready for the Question?
Here it goes:
You are the administrator of your company's network. The network consists of one Windows 2000 domain that spans multiple subnets. You are configuring DNS for host name resolution throughout the network.
You want to accomplish the following goals
DNS zone transfer traffic will be minimized on the network.
Administrative overhead for maintaining DNS zone files will be minimized.
Unauthorized host computers will not have records created in the zone.
All zone updates will come only from authorized DNS servers.
All zone transfer information will be secured as it crosses the network.
You take the following actions:
1 - Create an Active Directory integrated zone.
2 - In the Zone Properties dialog box, set the "Allow Dynamic Updates" option to Yes.
3 - On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network.
Which results do these actions produce?
(Choose all that apply)
A. DNS zone transfer traffic will be minimized on the network.
B. Administrative overhead for maintaining DNS zone files will be minimized.
C. Unauthorized host computers will not have records created in the zone.
D. All zone updates will be sent only to authorized DNS servers
E. All zone transfer information will be secured as it crosses the network.
We'l see ya' Monday morning with the answers!
And the Answer was: A,B & E !
The Winner is ...ClintonN !
Explanation:
Action 1 ensures "DNS zone traffic minimized". Creating an AD-integrated zone involves configuring DC's as DNS servers (which automatically become primary servers for the zone). Zone transfers are performed during AD replication and this creates less network traffic than standard zone transfers.
Action 2 ensures "Admin overhead for maintaining DNS zone files minimized". Enabling dynamic updates minimizes admin overhead for zone maintenance because each host auto registers itself with DNS and updates its records as needed.
Action 3 almost ensures "All zone updates only to authorized DNS servers". This is done by explicitly listing the IP's of those DNS servers (that will receive zone information) on the Properties > Zone Transfers tab for the zone. Alternatively, you can specify authoritative servers for the zone on the Name Servers tab and then select the option to "Allow zone transfers to Only those server that are listed on the Name Servers tab". Selecting "Allow zone transfers...Name Servers tab" was NOT done so "All zone updates only to authorized DNS servers" was NOT met. Be careful on this point.
To ensure "Unauthorized host computers will not have records created in zone", you need "Only Secure Updates" (only available in an AD-integrated zone). Secure updates specify that only users, groups or computers that have been granted the right to write to the zone or record have the ability to update the record. However, this action wasn't taken in this scenario.
 | |
| charlie69 2002-11-26, 4:14 pm |
| Dang I got this one right before looking at the answer, wish I had tried a few days ago! DNS was very heavy on my 216 test! | |
| Deja-vue 2002-11-26, 4:48 pm |
| A bit too late,charlie69....
And the Price is well on it's way....
But i do appreciate the posts!
| |
| klawrie 2002-11-28, 4:58 am |
| I would say B and D
The DNS traffic hasn't been minimised, Dynamic updates are enabled, unathorised clienths can dynamicly add to DNS through DHCP, and zone transfered aren't secured. | |
| Tech Ranger 2002-11-28, 7:47 am |
| I would say G, H, and J. |
|
|
|
|