Chapter 1

Question 1

What is the length limit of a host name?

Answer 1

255 characters

Question 2

What kinds of characters can a host name contain?

Answer 2

Letters, numbers, periods, and hyphens

Question 3

What is the length limit of a NetBIOS name?

Answer 3

16 characters

Question 4

What are the requirements to install the DNS server role?

Answer 4

You must be signed in as an administrator, and the server must have a static IP address

Question 5

How do you install the DNS server role using PowerShell?

Answer 5

Add-WindowsFeature DNS -IncludeManagementTools

Question 6

How do you install the DNS server role as part of a Nano Server deployment?

Answer 6

New-NanoServerImage Packages Microsoft-NanoServer-DNS-Package

Question 7

How do you enable the DNS server role on Nano Server using PowerShell?

Answer 7

Enable-WindowsOptionalFeature -Online -FeatureName DNS-Server-Full-Role

Question 8

What type of DNS integration is not supported by Nano Server?

Answer 8

Active Directory

Question 9

What DNS function enables a server to redirect requests it is unable to resolve?

Answer 9

Forwarding

Question 10

What DNS function enables a server to redirect requests for certain domain names to designated servers?

Answer 10

Conditional forwarding

Question 11

What DNS function helps DNS servers resolve domains for which they do not have authoritative information?

Answer 11

Root hints

Question 12

Where are root hints stored on a DNS server?

Answer 12

%systemroot%\System32\dns\CACHE.DNS

Question 13

What PowerShell commands can be used to view and modify DNS root hints?

Answer 13

Add, Remove, Set, Get, and Import-DnsServerRootHint

Question 14

What DNS function enables a server to perform DNS queries on a client’s behalf?

Answer 14

Recursion

Question 15

For security reasons, what DNS feature should be disabled on DNS servers and how can it be disabled?

Answer 15

Recursion should be disabled (if not needed) to prevent DoS attacks
From DNS Manager, right-click server > Properties > Advanced tab > Server options list > Select “Disable Recursion” > Click OK

Question 16

What DNS server feature allows for recursion to be performed more securely?

Answer 16

Recursion scopes

Question 17

Which PowerShell cmdlets are used to create DNS recursion scopes?

Answer 17

Add-DnsServerRecursionScope to create scope

Add-DnsServerQueryResolutionPolicy to send certain queries to scope

Question 18

What DNS function allows clients to verify they are communicating with a genuine DNS server?

Answer 18

DNSSEC

Question 19

From where does a DNSSEC client obtain a public key to validate a DNS server’s signature?

Answer 19

Trust anchors

Question 20

What must be created on a DNS server to use DNSSEC?

Answer 20

TrustAnchors zone to store public keys

Name Resolution Policy Table (NRPT) to provide clients with DNSSEC rules

Question 21

How are NRPTs usually distributed?

Answer 21

Through a GPO

Question 22

What DNS function enables a server to use a random source port when issuing DNS queries?

Answer 22

DNS socket pool

Question 23

What is the size range of a socket pool?

Answer 23

0 - 10,000

Question 24

What is the default size of a socket pool?

Answer 24

2,500

Question 25

What command is used to resize the DNS socket pool?

Answer 25

dnscmd /config /socketpoolsize 
# The DNS server must be restarted after this

Question 26

What DNS function helps a server prevent attackers from poisoning the DNS cache?

Answer 26

Cache locking

Question 27

Which PowerShell cmdlet is used to configure DNS cache locking?

Answer 27

Set-DnsServerCache -LockingPercent

Question 28

What DNS function helps servers prevent DoS attacks on other DNS servers?

Answer 28

Response rate limiting

Question 29

How can response rate limiting be enabled on DNS servers?

Answer 29

Set-DnsServerResponseRateLimiting

Question 30

What DNS function helps prevent man-in-the-middle attacks?

Answer 30

DNS-Based Authentication of Named Entities (DANE)

Question 31

How are DNS resource records with multiple IP addresses stored?

Answer 31

In multiple zone scopes

Question 32

How can DNS be configured to respond with different results based a client’s location?

Answer 32

Add clients to a client subnet, then create a query resolution policy pointing their requests to a particular zone scope

Question 33

What three groups have administrative access to DNS servers?

Answer 33

Domain Admins: Full permissions in home domain
Enterprise Admins: Full permissions in forest
DnsAdmins: View/modify in home domain

Question 34

What DNS server objects can have delegated administrative permissions?

Answer 34

Servers and zones

Question 35

What is the name for a general DNS query to translate a hostname to an IP address, and how are these queries resolved?

Answer 35

Forward lookup queries, resolved by referencing forward lookup zones

Question 36

What is the name for a DNS query to translate an IP address to a hostname, and how are these queries resolved?

Answer 36

Reverse lookup queries, resolved by referencing reverse lookup zones

Question 37

What type of records do reverse lookup zones contain?

Answer 37

Pointer (PTR) records

Question 38

What is a primary zone?

Answer 38

A copy of a zone that can be updated directly on a server

Question 39

What info is contained in the Start of Authority (SOA) record?

Answer 39

Primary server
Responsible person 
Refresh interval
Retry interval 
Expires after 
TTL

Question 40

What is a secondary zone?

Answer 40

A read-only copy of a zone

Question 41

What DNS feature allows for delegating authority over part of a domain to another server?

Answer 41

DNS delegation

Question 42

What features are provided by AD DS-integrated zones?

Answer 42

Multimaster updates
Replication
Secure dynamic updates
Security through ACLs

Question 43

What AD DS feature allows clients to update their own DNS records?

Answer 43

Secure dynamic updates

Question 44

What are two ways to redirect query traffic to designated DNS servers?

Answer 44

Conditional forwarding and stub zones

Question 45

What is the primary difference between a stub zone and conditional forwarding?

Answer 45

A stub zone contains the complete list of DNS servers in the other domain that is updated automatically, while conditional forwarding allows for pointing to a specific DNS server

Question 46

What zone can be used as an alternative to running a WINS server for legacy clients?

Answer 46

GlobalNames zone

Question 47

What DNS records contain IPv4 addresses?

Answer 47

Host A records

Question 48

What DNS records contain IPv6 addresses?

Answer 48

Host AAAA records

Question 49

What DNS record is created automatically with every primary zone?

Answer 49

A start of authority (SOA) record

Question 50

What DNS record identifies authoritative name servers in a zone, along with delegated zones?

Answer 50

Name server (NS) records

Question 51

What are SRV records?

Answer 51

Specify by service, protocol, and domain name which servers host a partiuclar service, so clients can find them using A or AAAA records

Question 52

What is the format of a SRV record?

Answer 52

_Service.Proto.Name TTL Class SRV Priority Weight Port Target
I.e. http._tcp.Contoso.com. IN SRV 0 0 80 www.Contoso.com

Question 53

What DNS record is an alias for a host?

Answer 53

CNAME records

Question 54

What DNS record identifies mail servers for SMTP?

Answer 54

MX records

Question 55

How can MX records be used to distribute load across mail servers?

Answer 55

Use multiple MX records with different priorities

Question 56

What DNS records are likely to be updated dynamically?

Answer 56

A, AAAA, PTR, and SRV records

Question 57

Which PowerShell cmdlet is used to create DNS records?

Answer 57

Add-DnsServerResourceRecord

Question 58

What DNS feature allows for outdated DNS records to be periodically removed?

Answer 58

Zone aging/scavenging

Question 59

What two parameters determine scavenging behavior?

Answer 59

No-refresh interval: Period of time record is not eligible to be refreshed, default 7 days
Refresh interval: Time between earliest moments when record can be refreshed and scavenged, default 7 days

Question 60

In what order does DNS choose between different servers in a zone?

Answer 60

It finds the record with the lowest priority value. If the priorities are the same, it decides based on the proportion of weight values. If there are MX records, it looks for the one with the lowest preference value.

Question 61

What value determines how long a record can reside in the DNS cache of a client or server?

Answer 61

Time to Live (TTL)

Question 62

How do you add unknown records to DNS via PowerShell?

Answer 62

Use Add-DnsServerResourceRecord with the -Unknown parameter

Question 63

How do you implement DNS round robin?

Answer 63

Used the Advanced server settings dialog to add multiple IP addresses to the same record

Question 64

What is a form of DNS round robin that allows clients to receive a result based on their subnet?

Answer 64

Netmask ordering

Question 65

What are the two kinds of DNS scopes?

Answer 65

Zone scopes: collections of resource records

Recursion scopes: collection of settings that define recursion behavior in a zone

Question 66

What is the relationship between zones, scopes, and records?

Answer 66

Zones can contain multiple scopes, scopes contain records, but records can exist across multiple scopes using different IP addresses

Question 67

Which PowerShell cmdlet is used to create DNS client subnets?

Answer 67

Add-DnsServerClientSubnet

Question 68

Which PowerShell cmdlet is used to create zone scopes in DNS?

Answer 68

Add-DnsServerZoneScope

Question 69

How do you place resource records into a particular zone scope?

Answer 69

Use the Add-DnsServerResourceRecord cmdlet with the -ZoneScope option

Question 70

What type of events log every time a DNS server, zone, or resource record is changed?

Answer 70

DNS Audit Events

Question 71

What type of events log every time a DNS server sends or receives DNS information?

Answer 71

DNS Analytic Events

Question 72

How do you view zone level statistics of a DNS server?

Answer 72

Use the Get-DnsServerStatistics cmdlet with the -ZoneName option