Home » Microsoft » 70-417 v.2 » What should you do first?
You have a DNS server named Server1 that runs Windows Server 2012 R2. Server1 has the zones shown in the following output:
You need to delegate permissions to modify the records in the adatum.com zone to a group named Group1.
What should you do first?
A. Enable the distribution of the trust anchors for adatum.com.
B. Unsign adatum.com.
C. Store adatum.com in Active Directory.
D. Update the server data file for adatum.com.
Correct Answer: B
Explanation/Reference:
Explanation:
When a zone is signed with DNSSEC, the DNS server will explicitly block attempts to change the zone replication scope or zone type. This is primarily to avoid complexities related to key storage when DNSSEC signing keys are stored in Active Directory. To change the zone replication scope, you must first using the zone.
References:
https://technet.microsoft.com/en-us/library/dn593637.aspx#poc