Home | Windows | Network | Interview Questions | Database | Virtualization | Knowledge Base | Contact Us

Quick Links

Windows 2003 KB

Windows 2008 KB

Windows 2012 KB

MS Cluster FAQ's



Command reference

Exchange Q&A

Linux Interview Q&A

VM Interview Q&A




Active Directory FAQ's

AD History

Configuring New Domain

Deleted Object Recovery in AD

Global Catalog Server


NetDom Command

Replmon Command

NTDS Utility Guide

FSMO Guide

FSMO Failure

Network Interview Questions

SQL Interview Questions

Active Directory Trust

Group Policy Guide

IIS 6.0


RAID Levels

RPC Guide

Domain & Forest Functional Levels

SQL Failover Cluster

Scenario Based AD Interview Questions and Answers - Microsoft 70-640 Exam


You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone.

What should you do?

A.From the properties of the zone, modify the TTL of the SOA record.

B.From the properties of the zone, enable scavenging.

C.From the command prompt, run ipconfig /flushdns.

D.From the properties of the zone, disable dynamic updates.

Answer: B


To remove the outdated DNS records from the DNS zone automatically, you should enable Scavenging through Zone properties. Scavenging will help you clean up old unused records in DNS. Since "clean up" really means "delete stuff" a good understanding of what you are doing and a healthy respect for "delete stuff" will keep you out of the hot grease. Because deletion is involved there are quite a few safety valves built into scavenging that take a long time to pop. When enabling scavenging, patience is required.


Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain.

You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes.

What should you do?

A. Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.

B. From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory service changes.

C. Enable the Audit account management policy in the Default Domain Controller Policy.

D. Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.

Answer: A


To make sure the changes made to active directory objects are logged and the logs show the old and new values of any attribute, you should run audipol.exe and configure the security settings for the domain controllers Organizational Unit.


Your company, Contoso, Ltd., has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com.

The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone.

You install a new domain controller named DC2 in the branch office. You install DNS on DC2.

You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails.

What should you do?

A. Create a new stub zone named ad.contoso.com on DC2.

B. Create a new standard secondary zone named ad.contoso.com on DC2.

C. Configure the DNS server on DC2 to forward requests to DC1.

D. Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.

Answer: D


To make sure that the DNS service on TK2 can update records and resolve DNS queries in the event of a MAN link failure, you should convert maks.contoso.com on TK1 to an Active Directory-integrated zone. Active Directory-integrated DNS offers two pluses over traditional zones. For one, the fault tolerance built into Active Directory eliminates the need for primary and secondary nameservers.

Effectively, all nameservers using Active Directory-integrated zones are primary nameservers. This has a huge advantage for the use of dynamic DNS as well: namely, the wide availability of nameservers that can accept registrations. Recall that domain controllers and workstations register their locations and availability to the DNS zone using dynamic DNS.

In a traditional DNS setup, only one type of nameserver can accept these registrations—the primary server, because it has the only read/write copy of a zone. By creating an Active Directory-integrated zone, all Windows Server 2008 nameservers that store their zone data in Active Directory can accept a dynamic registration, and the change will be propagated using Active Directory multimaster replication.

Continue Next Questions Previous Questions

      Windows Server 2008 Articles        Windows Server 2012 Articles      Virtualization Articles

Windows Server 2008 KB Articles            Windows Server 2003 KB Articles

HTML Comment Box is loading comments...

Home | Windows | Network | Post Ur Issues | Database| Knowledge Base | Contact Us

Designed by TechieBird