*70-291 Practice Questions*
Comments
-
Jiggsaww Member Posts: 195the 2 best answers are B and E.....however E is more applicable in this situation........my reason is they ask for a temporary solution......B will cause some type of transfer of name server records which i don't think is a requirement of this quest......they need to resolve names not know of changes as it happens.......ma 2 cents
-
eurotrash Member Posts: 817E for me.
A - a standard forwarder...is that the default forwarder that's already there? if so, you wouldn't want to forward all other name requests to the goodstuffing.com domain, just the relevant queries.
B - a stub zone will point to the name servers...that would work i think, but so will E and i think E is simpler and just a better idea for this scenario.
C - err...not there yet...
D - i don't believe there is a DNS relay agent.
E - a conditional forwarder will forward all requests for *.goodstuffing.com over to DNS_SrvA.witty comment -
Webmaster Admin Posts: 10,292 AdminI hope you guys just know your stuff and that the question isn't too easy
The correct answer to question 6 is indeed E. It may seem (well I wrote it with that intention) that B is a valid answer as well, but there's a line in the question that prevents this answer from achieving the desired results, apart from E being indeed a simpler solution. That line is "The routers..."
Here's the full explanation: A conditional forwarder allows you to forward DNS requests to one or more particular DNS servers for particular domain or child domain. In this case, you configure a conditional forwarder on the DNS servers in the greatseating.com domain, to forward all request for resolving names of the goodstuffing.com domain to the IP address of DNS_SrvA.
A stub zone would provide DNS clients that send iterative requests with the address of an authoritative DNS server for the goodstuffing.com domain, while not all clients are allowed to connect to the other domain because of the restrictions on the routers. A conditional forwarder on the DNS servers in greatseatings.com can make the request at DNS_SrvA on behalf of the clients. Also, though most changes can be undone, and any solution could be temporary, the simplicity and efficiency of the conditional forwarder, make it a more applicable solution.
Configuring a standard forwarder the DNS servers in the greatseatings.com domain and point it to the DNS server in the goodstuffing.com domain will forward all unresolved requests to DNS_SrvA and will result in problems with resolving host names from the Internet if they are currently using the default root hints. So the solution in answer A may also cause requests in the greatseatings.com domain to resolve names of Internet sites to be send to DNS_SrvA. This DNS server may in turn be able to forward the requests to DNS servers on the Internet, the request needlessly use bandwidth on the network connection between the two domains. Also, a DNS server in the greatseatings.com domain may already be configured with a forwarder to a DNS server of an ISP. Note that you cannot configure a root DNS server with standard forwarding. Read the references below for more information.
Trust relationships related primarily to permissions, as in allowing users from one domain to access resources in another, and will not provide the desired results. And there is no such thing as a name-based DNS relay agent.
Exam objective: Configure DNS forwarding.
Reference: Understanding forwarders
Reference 2: Using forwarders
Reference 3: Directing queries through forwarders
I'll post the next one later today... so stay tuned for more
And by the way, thanks for also including your reasoning for the correct and incorrect answers. It gives me a better idea to see if the scenario is interpreted as I intend it to.
Also, for those answering correctly, incorrectly, and not answering at all, do read those references (primarily pages from the product documentation) as they contain the most essential for the exam. -
Webmaster Admin Posts: 10,292 AdminQuestion 7:
You are the network administrator at an enterprise with a large Active Directory forest. All servers run Windows Server 2003 and all clients run Windows XP Professional. The following network diagram depicts the relevant portion of the Active Directory forest.
Question moved to test engine: www.techexams.net/microsoft/70-291.shtml
In our exam engine it would be obvious there's only one correct answer because it won't allow multiple multiple answers to be marked, but just in case: unless I explicitely include something like Choose all that apply, or 'which two of the following', there's only one correct answer.
Answer+explanation+new question later today, maybe tomorrow... -
eurotrash Member Posts: 817i think i will have to go with the conditional forwarder again.
A - i can understand creating a stub zone on DNS_Srv4, but it seems pointless to involve DNS_Srv1 in this.
B - standard forwarder - again, no.
C - this should work.
D - again, why involve DNS_Srv1? i would imagine that you could make a secondary zone on DNS_Srv4, and that would help, but as all domains are linked to all domains, might as well go straight to the relevant server.
E - this would slow things down.
F - no reason that would help.
now i'm thinking that i'm missing the relevance of DNS_Srv1 to the question. oh well let's wait and seewitty comment -
Webmaster Admin Posts: 10,292 Admin_omni_ wrote:now i'm thinking that i'm missing the relevance of DNS_Srv1 to the question.
-
TeKniques Member Posts: 1,262 ■■■■□□□□□□Alright, I am going to take a stab at this and say the answer is D. I'm saying this because I think the presence of a Secondary Zone with help load balance the amount of DNS queries happening on the network and decrease the work of DNS_Srv_1.
Although I could be totally wrong, but I'm not sure the conditional forwarder would be a permanent solution. Just my best analysis of the situation
A very good question indeed. -
eurotrash Member Posts: 817let's see, must have something to do with the hierarchy.
*thinks*
i really don't know. or it escapes me. crap, i'm supposed to do this exam on thursday.
i will assume the DNS_SRV1 is relevant because it is the top-level domain, and res.dev.etc is on a different "branch" so to speak. hmmm.
using the process of elimination i will go through them again.
B - no. same reason as before.
D - this will not ease the load of DNS_Srv1, as it will have to do all the resolving itself, seeing that it hosts the zone.
E - this will put an even greater load on DNS_Srv1
F - irrelevant
so A or C.
A would work. C would also work. i still think C would decrease the workload of DNS_Srv1 more than A.
so i stick with C.witty comment -
Webmaster Admin Posts: 10,292 AdminAlthough we covered only a couple of exam objectives in this topic, based on your responses it seems to me you'll do fine on Thursday, but good luck nevertheless!
The answer to question 7 is indeed C, the conditional forwarder. Again, because I wanted to show another common purpose for the conditional forwarder than the example of the merged companies.
Explanation: The delay occurs because clients in the res.dev.techexams.net domain contact their local DNS server, DNS_Srv4, when they need to resolve hostnames of the pub.techexams.net domain, but DNS_Srv4 by default does not contain the records for resources in the res.dev.techexams.net domain. This means DNS_Srv4 will forward the request to DNS servers higher in the DNS hierarchy until it ends up at the root server of the domain, DNS_Srv1, to find the authoritative DNS server for pub.techexams.net, which is DNS_Srv2. DNS_Srv4 will then request DNS_Srv2 to resolve pub.techexams.net on behalf of the clients in the res.dev.techexams.net domain.
Configuring a conditional forwarder on DNS_Srv4 to forward all requests from clients in the res.dev.techexams.net domain to resolve host names of the pub.techexams.net domain directly to DNS_Srv2 decreases the workload for the root server DNS_Srv1, and decreases the delay for clients in the res.dev.techexams.net domain. There is a VPN connection between all domains, also between the res.dev.techexams.net domain and the pub.techexams.net domain, so the shortest path for any network traffic, including DNS queries and answers, should follow that path.
Creating a standard forwarder, stub zone, or secondary zone on the root server DNS_Srv1, will not decrease its workload 'and' will not decrease the delay as much as possible because DNS_Srv4 will still have to contact at least DNS_Srv1. Configuring clients in res.dev.techexams.net to use a DNS_Srv1 or DNS_Srv3 will not have the desired results either.
Exam objective: Configure DNS forwarding.
Reference: Understanding forwarders (Intranet name resolution section)
Reference 2: How DNS query work
I'm going to post another one later day, which bring the total in this post to 8. I have 2 questions from the 70-292 MCSA/MCSE 2003 upgrade exam that cover exam objectives identical to 70-291 and will be combined with these 8 and moved to our test engine. I'll try to keep posting at least one question per day. -
Webmaster Admin Posts: 10,292 AdminQuestion nr 8.
You are the network administrator at an enterprise with a large Active Directory domain. All servers run Windows Server 2003 and all clients run Windows XP Professional. The following network diagram depicts the relevant portion of the Active Directory domain.
Question moved to test engine: www.techexams.net/microsoft/70-291.shtml -
Jiggsaww Member Posts: 195ight straight off the golf club B and E outta it cause they need 2 resolve before a connection is made.....
now A will allow clients to find the name servers but still not the actuall hosts (correct me if am wrong)....
wouldn't C cause pub.techexams.net clients to look to dns_svr1 for name resolution?
so i guess i'll go with D....although is ah dial-up hmmm nice question.....anticaptin the answer and explanation -
eurotrash Member Posts: 817this is easy, definately D.
A - a stub zone will not allow resolution without the (vpn) connection (the name servers will be unreachable).
B - same as above.
C - don't delegated zones work hierarchically?
D - a secondary zone will allow clients to resolve hostnames before the connection to pub.etc is established. and it will provide the best possible performance for the clients in dev.etc.
E - a cache-only will first have to resolve the hostname, then store it in the cache. without a connection, it will be unable to resolve it.
the only problem with this scenario is that even if clients in dev.techexams.net are able to resolve hostnames in pub.techexams.net, they will be unable to connect without the internet connection up and running. so there wouldn't be much point in being able to resolve hostnames that they can't connect to.witty comment -
Webmaster Admin Posts: 10,292 AdminYeah, I figured it would be an easy one. Not really specific to Windows 2003 DNS, but basic DNS deployment. Regardless, still essential information, and the question's purpose is also to emphasize that the other options are not appropriate in a situation like this. Read the explanation for a clarification of why this scenario is really not that unrealistic even without the performance requirement.
Explanation question 8:
Creating a secondary zone for the pub.techexams.net domain on DNS_Srv1 will result in a periodic zone transfer between DNS_Srv2 and DNS_Srv1, which means the DNS records of the pub.techexams.net domain are copied to DNS_Srv2. This allows clients in the dev.techexams.net domain to contact their local DNS server, DNS_Srv2, to resolve host names of the pub.techexams.net domain, even when the client cannot contact DNS_Srv1 or any of the other computers in the pub.techexams.net domain yet.
Being able to resolve the hostname before the actual VPN connection is established is a more realistic scenario than it may seem at first. Since the networks, not the clients and servers directly, are connected by a dialup VPN itself, you can assume the connection is established on demand. This obviously also allows DNS_Srv1 to forward requests to DNS_Srv2, and allows zone transfers. However, just because a DNS client needs to resolve a hostname, doesn’t always mean it actually wants to or can (restrictions configured in the local network may prevent it for example) establish a connection with the remote host. Or the requested host may not even exist at all. The main point is that you do not want the on-demand connection to be established just for DNS queries.
Apart from that, the performance requirement by itself dictates the answer. The secondary zone will result in an incremental periodic transfer of the records from the pub.techexams.net domain to DNS_Srv1, making them available locally for the DNS clients in the dev.techexams.net domain. None of the other solutions measure up to having an entire ‘remote’ zone available at the local DNS server, and require a connection unless the requested information has been requested and cached earlier.
Exam objective:
Manage DNS zone settings.
Configure DNS zone options.
Reference: Using secondary servers
Reference 2: Understanding zones and zone transfer
New question later today... -
Webmaster Admin Posts: 10,292 AdminQuestion number 9.
You are the network administrator for a large company with 15 Windows Server 2003 computers and 750 Windows XP Professional computers. Your company recently acquired a research division from another company and you are in charge of incorporating the new division’s network.
The division’s network contains an SMTP server on a Linux box that is used as a mail gateway for an application running on hundreds of clients in the research division. You have been asked to remove the server and direct the application to your company’s Exchange 2003 server.
Which of the following records should you create on your DNS server to allow the application to use the Exchange server to send email, without having to reconfigure hundreds of clients?
a. Create an A record with the host name of the Exchange server and the IP address of the Linux SMTP server
b. Create a CNAME record with the host name of the Linux SMTP server and the IP address of the Exchange server
c. Create an MX record with the domain name of the Linux SMTP server and the IP address of the Exchange server
d. Create an MX record with the host name of the Linux SMTP server and the IP address of the Exchange server
e. Create an MX record with the host name of the Exchange server and the IP address of the Linux SMTP server
Take a stab and shoot it to pieces -
Jiggsaww Member Posts: 195i'll say C: y cause the clients are configured with the name of the linux box already and you need them to be rerouted to the exchange one....MX cause it's a Mail Exchanger record......plz Correct me if am wrong
-
eurotrash Member Posts: 817i also say C.
i'm not sure if i understand it, but essentially it would be the same as pointing the original mx record to another ip address. so the clients will continue to send mail to the same name and DNS will give the updated ip.witty comment -
Webmaster Admin Posts: 10,292 AdminSince the 'resource records' is a relatively basic topic I tried to make a tricky question, so I'm kinda glad the answer isn't that obvious after all.
The answer to question 9 is B.
Explanation: Creating a CNAME (Alias) record with the host name of the Linux SMTP server and the IP address of the Exchange server will allow the application on the clients to keep using the Linux SMTP server’s hostname to connect to the Exchange.
Although SMTP is mentioned quite a lot in the question and answers, you do not need to create an MX record to allow the application on the clients to send mail. When you configure an SMTP client, you typically configure it with the hostname of the mail server. It does not need an MX record to reach the SMTP server. MX records are used by other SMTP servers to locate the Mail Exchanger (MX) for a particular domain, not by local clients.
Exam objective: Manage DNS record settings.
Reference: Add an alias (CNAME) resource record to a zone
Reference 2: Resource records reference
I'm going to change the answers of the question slightly by changing 'host name' into 'FQDN'. Comes down to the same thing and doesn't influence the actual question or correct answer, but is a bit more accurate.
New question later today. I'll probably also finish moving the first 10 questions to our online test engine, it's a bit of a tedious job so it may be delayed until tomorrow. -
Webmaster Admin Posts: 10,292 AdminAs you may have noticed, no question yesterday, and probably no new question today either. The good news is that I moved the first 8 questions, together with 2 I wrote before, to our exam engine:
www.techexams.net/microsoft/70-291.shtml
I'll have some time this weekend to write a couple of question in advance, so next week I'll post at least one per day again.
The next question will be about DNS again, after that one we'll move on to the 'network security' domain. -
Webmaster Admin Posts: 10,292 Admin...which is now. I'm sorry for the delay, there's always something unexpected messing up my schedule so consider my predictions optimistic. Here's question number 10, read carefully.
10. You are the network administrator for a company with a large mixed environment. 6 Windows Server 2003 computers, 800 Windows XP Professional computers, and 160 Windows NT4 Workstation computers are joined to as single Active Directory domain.
All of these computers are configured to use a domain controller running an Active Directory integrated zone called techexams.net as the primary DNS server, and another Windows 2003 server as the primary WINS server.
Your company recently acquired a new research division and you have been asked to integrate 120 UNIX clients and a UNIX server. The UNIX server runs BIND DNS and you decide to configure it as a secondary server for the techexams.net domain. You reconfigure all clients to use the Windows 2003 domain controller as the primary DNS server, and the UNIX BIND server as the secondary server.
When you test the configuration, you discover the UNIX clients are not able to connect to the Windows NT 4 computers by name. What should you do to allow to provide working name resolution for all clients?
a. Configure WINS forward lookup on the DNS server and enable the Replicate this record option.
b. Configure WINS forward lookup on the techexams.net zone and enable the Do not replicate this record option.
c. Reconfigure the UNIX clients to use the BIND DNS server as their primary DNS server
d. Configure the Windows NT 4 clients to dynamically register their host name in DNS
e. Configure the UNIX clients to use the WINS server as the secondary DNS server
Answer + explanation + new question tomorrow..., probably -
eurotrash Member Posts: 817ok. wow. i'll have a go at this.
i think the problem here is that Windows NT 4.0 does not register itself dynamically. so the unix comps (in fact, all the computers) are unable to find them in the DNS database.
so we would need to use WINS.
D - is eliminated first, because that is impossible.
C - will not do much good.
E - i don't think you can do that.
A or B - i will go with B simply because the WINS lookup is configured on the zone rather than the server object.witty comment -
Webmaster Admin Posts: 10,292 AdminThat's correct for both the explanation and the answer.
Answer: B
Explanation: Configuring WINS forward lookup on the DNS server, allows the DNS server to query the WINS server for names for which it does not have a record. In this scenario, the Windows NT 4 computers do not dynamically register their names in DNS, which is not a problem for the Windows computers since they are configured to use the WINS server as well. The UNIX computers that are added to the network are not able to connect to the Windows NT 4 computers by name because they do not use the WINS server. Configuring the DNS server to forward requests from the UNIX computers to the WINS server, allows the UNIX servers to use the WINS server transparently and without any additional configuration.
Because the BIND servers functions as a secondary server for the zone, the option Do not replicate this record should be enabled. Replicated the special WINS lookup record to non-Windows DNS servers can result in zone transfer problems.
WINS forward lookup is configured in the zone properties, not for the entire server.
Exam objectives:
Manage DNS zone settings.
Configure DNS zone options.
Reference: Integrating DNS with WINS
Reference 2: Using WINS lookup -
Webmaster Admin Posts: 10,292 AdminI might post another one today, but in the meantime here's a little challenge:
: What two other solutions would solve the problem in the scenario of the previous question? -
eurotrash Member Posts: 817assuming the unix comps must be able to access the WinNT comps via DNS:
1. configure DHCP to dynamically update the A/PTR records for clients that do not request it.
if the zone is 'secure updates only' then you will have to add the DHCP server to the DNSUpdateProxy group.
2. add the records manually to the DNS zone or the unix machines' hosts file.witty comment -
Webmaster Admin Posts: 10,292 Admin
Another, 'manual' option would be to configure SAMBA on the UNX clients to allow them to query the WINS server directly. Not a 'recommended' solution of course.
New question later today...