利用DNS支持活动目录考题分析(1)
添加时间: 2007-4-1 6:57:12 作者: 微软认证参考 阅读次数:73 来源: http://www.d9soft.com
原题:
You are the administrator of your company's network. The network consists of one Windows 2000 domain that spans multiple subnets. You are configuring DNS for hostname resolution throughout the network. You want to achieve the following goals:
• DNS zone transfer traffic will be minimized on the network.
• Administrative overhead for maintaining DNS zone files will be minimized.
• Unauthorized host computers will not have records created in the zone.
• All zone updates will come only from authorized DNS servers.
• All zone transfer information will be secured as it crosses the network.
You take the following actions:
• Create an Active Directory integrated zone.
• In the Zone Properties dialog box, set the Allow Dynamic Updates option to Yes
• On the Name Servers tab of the Zone Properties dialog box, enter the names and addresses of all DNS servers on the network.
• On the zone transfers tab of the zone properties dialog box, select the Allow Zone transfers only to the servers listed on the Name servers tab option
Which result or results do these actions produce? (Choose all that apply)
A. DNS zone transfer traffic is minimized on the network.
B. Administrative overhead for maintaining DNS zone files is minimized.
C. Unauthorized host computers do not have records created in the zone.
D. All zone updates come only from authorized DNS servers
E. All zone transfer information is secured as it crosses the network.
你是公司 网络 的 管理 员,网络由一个跨越多个网段的Windows 2000域组成,你正在为整个网络中的主机名解析配置DNS,你希望完成如下目标:
·网络中DNS区域传输流量最小化
·管理成本中维护DNS区域文件最小化
·未验证的主机不在区域中创建记录
·所有区域更新只来自于授权的DNS服务器发起
·所有跨越网络的区域传输信息都是 安全 的
你做了如下工作:
·创建一个活动目录集成区域
·在区域复制对话框中,设置“ Allow Dynamic Updates ”选项为“Yes”
·在区域属性对话框的名称服务器面板,输入网络中所有DNS服务器的名称和地址
·在区域属性对话框的区域传输面板,选择“Allow Zone transfers only to the servers listed on the Name servers tab ”选项
上面的动作将会实现哪些结果?(选择所有合适的答案)
题解:
1,使用活动目录集成区域将实现增量区域文件传输,它只允许新的或者修改过的记录在DNS服务器之间复制而不是复制所有区域数据文件,因此它的文件传输流量最小。
2,动态更新是客户端计算机在DNS区域文件中更新自身记录的过程,无需要手工干预,因此它的管理成本也是最低的。
3,选择了“Allow Zone transfers only to the servers listed on the Name servers tab”选项将阻止从未经授权的服务器更新区域文件。
4,活动目录DNS区域复制数据是活动目录复制的一部分,活动目录复制使用的是安全的RPC通道,因此,信息的传输是安全的。
正确答案:ABDE
正确配置DNS动态更新
问题:
You are configuring a Windows 2000 DNS Server on your company network. The network consists of one Windows NT domain. You already have DNS installed on a Windows NT Server on the Windows NT domain. You want to use dynamic updates on a DNS database, but company management will not allow an upgrade or decommission of the Windows NT DNS server. All DNS information must be synchronized between the two DNS servers.
What do you do to accomplish these goals? (Choose three)
A. Create a standard primary zone on a Windows 2000 DNS Server and import the existing zone file.
B. Create a standard secondary zone on a Windows 2000 DNS Server.
C. Delete and re-create the primary zone on the NT DNS Server.
D. Delete the existing zone and create a new secondary zone on the NT DNS Server.
E. Configure the primary zone on the NT DNS Server as the master zone for the secondary zone on the Windows 2000 DNS Server.
F. Configure the secondary zone on the NT DNS Server to use the Windows 2000 Standard primary zone as its master zone.
你正在为公司的 网络 配置一台Windows 2000 DNS服务器,这个网络由一个Windows NT域组成,你已经在这个NT域内的一台Windows NT Server安装了DNS,你希望使用动态更新DNS数据库,但是公司 管理 层并不想要升级或者让这台Windows NT DNS服务器退休,所有的DNS信息必须在这两台DNS服务器间同步。
要做到这点,你需要怎么怎样去做?
题解:
DNS在解析名称查询时,为了提供可用性和容错功能,区域数据应该能够从网络中的多个DNS服务器获取。例如,如果采用单个DNS服务器,那么如果该服务器没有响应,名称查询将失败。如果有多个服务器被配置为驻留某区域,就需要利用区域传输功能,在配置为驻留该区域的所有服务器这间对区域数据进行复制和同步,即区域传输。
所谓区域传输,指的是向另一个DNS服务器复制区域文件的过程。如果在你的域内、名称和IP地址之间的映射发生了变化,区域舆即发生。出现这种情况时,就将区域内容的变化从主控服务器复制到它的辅助服务器。
在这个问题中,在公司网络中已经存在着一台DNS服务器,并且是基于NT的服务器,由于Windows NT DNS服务器并不支持动态更新,我们就不能指望着由这台服务器作为主控DNS,那样的话,是不可能实现动态更新的,因此,我们需要首先在Windows 2000服务器上创建一个标准主区域资助导入当前区域文件,然后,删除 NT服务器上的DNS主区域,重建一个从属区域,以让它被动的接收同步,最后,在NT服务器上配置从属区域来使用Windows 2000标准主区域作为它的主控服务器,这样一来,当发生变化时,主控区域将主动进行区域传输(又称为区域复制),即可实现目标。
正确答案:ADF
参考资料:
MS Training Kit(70-217)第二版:Lesson 2: Understanding and Configuring Zones
利用ADUC进行跨域 管理
问题:
You are the Domain Administrator for your company's Windows 2000 Active Directory network and you want to manage a different domain.You open the Active Directory Users and Computers and in the console tree,right-click the Active Directory Users and Computers node,and then click____________
A.Connect As
B.Open
C.Connect to Domain
D.Connect to Domain Controller
E.Connect to Server
Select the 1 best answer
作为一名Windows 2000活动目录的域管理员,你想要管理不同的域,你打开活动目录用户和计算机控制台树,右键单击活动目录用户和计算机节点,然后你需要如何操作呢?
解答:
这是一道非常明显的考查操作的题目,想要管理不同的域,在控制台树中的相关节点右键单击,然后选择连接到域就可以了。
正确答案:C
To manage a different domain
Open Active Directory Users and Computers
In the console tree, right-click the Active Directory Users and Computers node, and then click Connect to Domain.
Type the domain name.
Or, click Browse, and then select the domain from the list.
Notes
To open Active Directory Users and Computers, click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
You must have the correct permissions to manage the domain you select.
Use Run as to use Active Directory administrative tools with appropriate permissions. For more information, see Related Topics.
上一篇文章: 自动私有IP寻址技术考题分析(1) 下一篇文章: 合理分配使用磁盘分区考题分析(1)
相关文章: