利用DNS支持活动目录考题分析(1)

文章作者 100test 发表时间 2007:03:13 21:48:36
来源 100Test.Com百考试题网

原题：
　　you are the administrator of your company’s network. the network consists of one windows 2000 domain that spans multiple subnets. you are configuring dns for hostname resolution throughout the network. you want to achieve the following goals:
&.#8226. dns zone transfer traffic will be minimized on the network.
&.#8226. administrative overhead for maintaining dns zone files will be minimized.
&.#8226. unauthorized host computers will not have records created in the zone.
&.#8226. all zone 0updates will come only from authorized dns servers.
&.#8226. all zone transfer information will be secured as it crosses the network. f. }(m{l ~!6A G [本资料来源于贵州学习网 http://www.gzu521.com]f. }(m{l ~!6A G
　　you take the following actions:
&.#8226. create an active directory integrated zone.
&.#8226. in the zone properties dialog box, set the allow dynamic 0updates option to yes
&.#8226. on the name servers tab of the zone properties dialog box, enter the names and addresses of all dns servers on the network.
&.#8226. on the zone transfers tab of the zone properties dialog box, 0select the allow zone transfers only to the servers listed on the name servers tab option
which result or results do these actions produce? (choose all that apply)
a. dns zone transfer traffic is minimized on the network.
b. administrative overhead for maintaining dns zone files is minimized.
c. unauthorized host computers do not have records created in the zone.
d. all zone 0updates come only from authorized dns servers
e. all zone transfer information is secured as it crosses the network.
　　你是公司网络的管理员，网络由一个跨越多个网段的windows 2000域组成，你正在为整个网络中的主机名解析配置dns，你希望完成如下目标：
·网络中dns区域传输流量最小化
·管理成本中维护dns区域文件最小化
·未验证的主机不在区域中创建记录
·所有区域更新只来自于授权的dns服务器发起
·所有跨越网络的区域传输信息都是安全的
　　你做了如下工作：
·创建一个活动目录集成区域
·在区域复制对话框中，设置“ allow dynamic 0updates ”选项为“yes”
·在区域属性对话框的名称服务器面板，输入网络中所有dns服务器的名称和地址
·在区域属性对话框的区域传输面板，选择“allow zone transfers only to the servers listed on the name servers tab ”选项
　　上面的动作将会实现哪些结果？(选择所有合适的答案)
题解：　
　　1，使用活动目录集成区域将实现增量区域文件传输，它只允许新的或者修改过的记录在dns服务器之间复制而不是复制所有区域数据文件，因此它的文件传输流量最小。
　　2，动态更新是客户端计算机在dns区域文件中更新自身记录的过程，无需要手工干预，因此它的管理成本也是最低的。
　　3，选择了“allow zone transfers only to the servers listed on the name servers tab”选项将阻止从未经授权的服务器更新区域文件。
　　4，活动目录dns区域复制数据是活动目录复制的一部分，活动目录复制使用的是安全的rpc通道，因此，信息的传输是安全的。
正确答案：abde