- Install Ansible on Windows - Thu, Jul 20 2023
- Use Azure Bastion as a jump host for RDP and SSH - Tue, Apr 18 2023
- Azure Virtual Desktop: Getting started - Fri, Apr 14 2023
You are the administrator of an Active Directory domain named 4sysopslab.com. Your organization has established a strategic partnership with another company; this company consists of an Active Directory domain named fakedomain.local. Each organization’s IT security policy mandates that a minimum amount of information be exchanged between the two corporate networks.
You receive complaints from 4sysopslab.com users who are unable to resolve host names from the fakedomain.local domain.
Which of the following actions should you perform in order to enable 4sysopslab.com users to connect to fakedomain.local resources by using host names?
A. Ask the fakedomain.local administrator to create a stub zone for the 4sysopslab.com domain
B. Create a stub zone for the fakedomain.local domain.
C. Create a secondary zone for fakedomain.local within the 4sysopslab.com domain.
D. Configure conditional forwarding for the 4sysopslab.com domain.
The Correct Answer, Explanation, and Analysis
The correct answer here is D; we must configure conditional forwarding to the fakedomain.local domain from the 4sysopslab.com domain. In this case we have two requirements:
- We must strictly limit the amount of data transfer between organizations for security purposes
- We need to enable 4sysopslab.com users to resolve fakedomain.local resources by using DNS host names.
Therefore, we must configure our top-level internal DNS server to conditionally forward host name resolution requests for the fakedomain.local domain.
One strong hint that we are dealing with the resolution of non-public DNS names is the reference to a .local domain name.
We also need to cleave to the test-taker’s truism of never “reading into” IT certification items. In other words, we must read each word in the item stem and assume nothing else about the environment.
Recall that in the item stem it is stated that OUR users complain of not being able to resolve fakedomain.local names. We neither know nor care (for the purposes of this practice exam item) how well or poorly fakedomain.local users can resolve 4sysopslab.com host names.
The answer choices in this item use a potentially confusing format. In other words, you must be able to cleanly delineate the two DNS domains involved. This also means you must perform extra-careful analysis on each choice to make sure you understand exactly what is being offered as a solution.
This item also requires some detailed content knowledge of Windows Server 2008 DNS. If, for instance, you are fuzzy about what a stub zone is, then you immediately lost 50 percent of your available answer choices. (Take-home message: Know all about DNS stub zones before you sit for this test.)
You also have to compare each answer choice to the requirements set forth in the item stem. At first blush, the notion of installing a secondary DNS zone for fakedomain.local within the 4sysopslab.com infrastructure looks pretty good. However, this choice can be dismissed immediately when we remember that data sharing must be minimized between the two Active Directory forests.
Conclusion
I often tell my students that passing a Microsoft certification exam involves possessing a healthy mix of the following three skills:
- Subject matter proficiency
- Test-taking proficiency
- Familiarity with Microsoft marketing literature
The third bullet point is only intended partially tongue-in-cheek. As I mentioned in my previous post in this series, I have observed certification candidates fail their Microsoft exam because they applied too much of their real-world experience and not enough of the Microsoft-published approaches to their technology.
This isn’t necessarily good or bad—it just IS. Best of luck to you in your certification studies.
In the next post of this series I will cover DNS zone transfers and replication.
Subscribe to 4sysops newsletter!
Relevant resources
- How to Configure Conditional Forwarders in Windows Server 2008
- Configure a DNS Server to Use Forwarders
- Creating and Managing a Stub Zone
- What’s New in DNS in Windows Server 2008
- Internal vs. External Namespace
- Active Directory on Windows Server 2008 Requirements
This series of articles is well written and interesting, as I’m looking to cert up with 70-640 soon as well, thank you.
Timothy,
I am currently studying for the 70-640 exam and your series of articles is incredibly helpful. Thanks for posting these and I will continue to read your future articles!
Why is D a better answer than B in this case?