| All the review questions are based on the following scenario: Case Study: Acme Bowling Ball Corporation The Acme Bowling Ball Corporation is a multinational corporation with offices in 16 cities on three continents: North America, Europe, and Asia. Acme's headquarters is in New York, and the centralized IT department, which supports the 10,000 Acme employees worldwide, is located there. Acme recently acquired Able Wax, a small manufacturer of bowling alley wax located in Chicago. Acme is also partnered in a joint venture with two other companies, a major financial services firm and a construction company. This joint venture is called MMW Holdings. The 900 employees in this joint venture are located in Acme facilities in North America but are paid as employees of MMW Holdings. Current LAN/Network Structure Acme Bowling Ball Corporation has a mixed environment consisting of Unix servers, Windows NT 4.0 servers, and Windows NT 4.0 workstations. Acme's NT domain structure consists of three master account domains (one for each continent ) and sixteen resource domains (one at each corporate location). Although Acme has a DNS infrastructure, it is not used internally. Instead, WINS is used for NetBIOS name resolution. An additional master accounts domain was created last year to support the MMW Holdings employees. Able Wax runs Windows NT 4.0 servers with predominantly Windows 95 workstations. Able uses a single domain for its employees and runs NT 4.0 DNS for name resolution. Acme's LAN uses twisted-pair Ethernet, with a 100Mbps backbone and 10Mbps out to the desktop. Able Wax's network is entirely 10Mbps twisted-pair Ethernet. Proposed LAN/Network Structure Acme is migrating to Windows 2000 at all North American locations. Desktop deployments of Professional have already begun, and the server migration project will begin soon. The European and Asian location will not migrate for at least one year. The Able Wax migration will start when Acme completes the upgrade in its North American facilities. Able will need to replace most of the existing servers and workstations to support Windows 2000. No physical network changes are planned at this time. Current WAN Connectivity Acme locations throughout North America are connected via full 1.5Mbps T-1 circuits, although most of these circuits are underutilized today. The New York office has an additional T-1 connection to the Internet for the corporate Web site and email. 256Kbps leased lines link the three European facilities, and these connections are rarely saturated . Acme's four Asian offices are connected by 64Kbps links, which are very heavily utilized during normal business hours. The New York headquarters office is connected to London and Singapore by 64Kbps leased lines. The circuits are seldom saturated, but the New York “Singapore line has been unreliable lately. Able Wax is not currently connected to either Acme or the Internet. Proposed WAN Connectivity Asian locations will be upgraded to full T-1 circuits by the end of the year. These shared voice/data links will have 512Kbps dedicated to data transmission. At the same time, the New York “Singapore link will be moved to a new carrier, in hopes of improving reliability. A T-1 circuit will be installed at Able Wax, linking it to the Internet. A virtual private network (VPN) link will connect Able to Acme through the Internet. No other changes will be made in North America or Europe. Directory Design Commentary Chief Technology Officer: Our DNS infrastructure might not support our Windows 2000 deployment without some major upgrades. The business requirements that must be supported with the new DNS design include -
Maintenance of existing BIND DNS servers at Acme -
An upgrade, if necessary, of Able Wax's Windows NT 4.0 DNS server -
Maintenance of the existing Web presence for Acme and MMW Holdings -
Support for email and a Web presence for Able Wax with an ablewax.com domain name -
Reliable access to DNS from remote locations Director, Human Resources : We need to be able to consolidate information from Acme, our new Able Wax subsidiary, and the MMW joint venture. We currently have to put in a lot of manual effort to compile employee lists, organization charts , and so on. President, Able Wax : We need to get our products out on the Internet. We were a small company and are very much behind the times. Still, we want to be sure to maintain the Able Wax brand name. Current Internet Positioning Acme has had an Internet presence for many years and maintains a registered domain name of acme.com . Primary and secondary DNS servers running BIND version 4.8.3 handle external (Internet) name resolution. Able Wax does not have an Internet presence, nor has it registered a domain name yet, but it is using Microsoft Windows NT 4.0 DNS internally. MMW Holdings has a Web site with a registered domain name of mmwholdings.com . Currently, the MMW Web site is being hosted by Acme, and that is expected to remain the case for the foreseeable future. Employees in this joint venture are located in Acme facilities but have mmwholdings.com email addresses. The organization's domain model is shown graphically in Figure 4.4. Figure 4.4. Acme Bowling Ball Corporation's domains.  Future Internet Positioning There are plans to create a new Able Wax Web site and to give employees ablewax.com email addresses. | Question 1 | Should the Able Wax domain be made a subdomain of the Acme parent company domain? | | A1: | The correct answer is b. The business requirements call for an ablewax.com domain, and making Able Wax a subdomain of Acme would create an ablewax.acme.com domain name. | | Question 2 | If no additional DNS servers are deployed, can the current DNS servers at Acme and Able Wax be used to support Windows 2000 and Active Directory without upgrades? [Select all that apply.] -
a. Yes, the current DNS servers will work with Windows 2000 and Active Directory. -
b. No, the BIND server will not support SRV records. -
c. No, the Windows NT 4.0 server will not support dynamic update. -
d. No, the Windows NT 4.0 server will not support SRV records. -
e. No, BIND servers cannot be used in the same enterprise as Windows NT 4.0 DNS. | | A2: | The correct answers are b and d. BIND version 4.9.7 is required for SRV record support, and Acme is currently running version 4.8.3. Microsoft Windows NT 4.0 DNS will support SRV records if Service Pack 4 or higher has been applied. Because Able Wax is at Service Pack 3, its DNS server will not work. Although it is true that Windows NT 4.0 DNS servers do not support dynamic update, dynamic update is not a requirement for Windows 2000. Finally, answer e is incorrect because BIND and Windows NT 4.0 DNS are compatible. | | Question 3 | Because the availability of DNS is so crucial to the operation of Windows 2000, Acme's IT director has asked the network services manager to devise a plan for ensuring DNS availability at all locations. Which of the following options would be appropriate for the manager to consider when creating her DNS infrastructure design? [Select all correct answers.] -
a. Use Active Directory-integrated zones for all DNS servers. -
b. Place one forwarding-only DNS server in Europe and one in Asia. -
c. Delegate the European and Asian subdomains to DNS servers located in those two regions . -
d. Place at least two DNS servers in each region (continent). -
e. Ensure that all Windows 2000 DNS servers are manually updated with host records for the Acme corporate Web site and email server. | | A3: | The correct answers are a and d. Using Active Directory-integrated zones enables dynamic hostname registration to occur even if one DNS server is unavailable. If at least two servers per region exist, a WAN link failure will not affect DNS operation, even if one server is down as well. Answer b is incorrect because forwarding-only DNS servers are used for performance, not fault tolerance. Delegation of European and Asian subdomains is a step in the right direction, but other domains, such as North America and the root, would need to be replicated to these servers as well for a true fault-tolerant solution. Therefore, answer c is incorrect. Finally, although answer e is certainly something that needs to be done, it has no bearing on fault tolerance. | | Question 4 | You are ready to create the first domain controller in the acme.com domain. Arrange the DNS- related tasks from the following list in the proper order. You might not need to use all the tasks . Manually copy SRV records from the netlogon.dns file to the root zone of the primary DNS server. Install at least one Windows 2000 DNS server. Run the dcpromo utility to create a Windows 2000 domain controller. Enable dynamic update on the Windows 2000 DNS server. Verify that the Windows 2000 server to be promoted is pointed to a Windows 2000 DNS server. Use the domain name of acme.com when creating the Active Directory domain. | | A4: | The correct answer is as follows : Install at least one Windows 2000 DNS server. Enable dynamic update on the Windows 2000 DNS server. Verify that the Windows 2000 server to be promoted is pointed to a Windows 2000 DNS server. Run the dcpromo utility to create a Windows 2000 domain controller. Use the domain name of acme.com when creating the Active Directory domain. Note that you don't need to copy SRV records from the netlogon.dns file as long as the DNS server supports dynamic update. | | Question 5 | The IT director wants to know some of the advantages of Active Directory-integrated zones. Which of the following are real advantages of Active Directory integration? [Select all correct answers.] -
a. Compression of zone transfer traffic reduces network load. -
b. Single-replication topology shared with AD replication simplifies troubleshooting. -
c. Secure dynamic updates prevent name theft and sniffing of DNS network traffic. -
d. Any DNS server can receive updates, thus improving fault tolerance. -
e. Active Directory integration is required for proper Windows 2000 operation. | | A5: | The correct answers are a, b, c, and d. Because only updated records are transferred, network load is reduced compared with standard full zone transfers. Active Directory integration of DNS means greater fault tolerance because all servers act as primary and can receive updates, which results in a more secure dynamic update environment and a shared replication topology with regular Active Directory updates. Answer e is incorrect because any DNS with SRV record support will work with Windows 2000. | | Question 6 | A consultant has told the network manager at Able Wax that his Windows NT 4 DNS server cannot be used with Windows 2000, even if updated with the latest service pack. The reason he gives is that Active Directory-integrated DNS servers cannot perform standard zone transfers with down-level secondary DNS servers. Is this reason true or false? | | A6: | The correct answer is b. Any Windows 2000 DNS server can supply a standard secondary DNS server with a valid zone file transfer, even one that is Active Directory integrated. | | Question 7 | In reviewing the Active Directory design documentation for Acme, an auditing firm has questioned the use of the same DNS name inside and outside the firewall. It has recommended using different names for the private and public networks. What are some of the advantages of using different DNS names for the internal and external network? [Select two answers.] -
a. The internal (private) naming hierarchy is not exposed to the Internet. -
b. Only one DNS domain name needs to be registered. -
c. Managing resources is easier because there is no confusion as to which resources are available to the Internet and which are internally accessible only. -
d. Users might be confused by the different domain names used for internal and external resources. | | A7: | The correct answers are a and c. By using a different DNS namespace, internal DNS information is not available to users on the Internet. Network management staff can easily distinguish between servers and other resources located internally versus external to the firewall because of the different DNS hostname. Answer b is incorrect because both the private and the public DNS names should be registered. Answer d is incorrect because this is a disadvantage of having separate internal and external namespaces. | | Question 8 | If Acme decides to use a delegated subdomain name (such as ad.acme.com ) for the internal network, what will need to be done with the existing BIND 4.8.3 DNS servers? -
a. The servers will have to be upgraded to BIND 4.9.7. -
b. The servers will have to be replaced by Windows 2000 DNS servers. -
c. The servers will have to be upgraded to BIND 8.2.2. -
d. No changes will be needed to the existing BIND servers. | | A8: | The correct answer is d. No changes are necessary to the existing DNS infrastructure. Delegating the ad.acme.com subdomain means that the current servers will not handle name registration or resolution for the Windows 2000 network. Therefore, answers a and c are incorrect; because SRV record support is unnecessary, the older BIND servers can be retained. Answer b is incorrect for much the same reason and also is counter to the business requirement of keeping the existing BIND servers. | | Question 9 | Acme has decided to use standard primary and secondary DNS servers. However, the network services manager is concerned about excessive zone transfer traffic when the secondary servers pull updates from the primary. How can the impact of zone transfer traffic be reduced on the Acme network? [Select all correct answers.] -
a. Configure the DNS servers for incremental zone transfer. -
b. Create two forwarding-only DNS servers on the network. -
c. Schedule zone transfers for off-peak hours only. -
d. Configure the DNS servers to use UTF-8 character encoding. | | A9: | The correct answers are a and c. Incremental zone transfers copy only new or updated DNS records from the primary to the secondary servers. For large zones in which most records do not change, this can result in a significant reduction in network traffic. If the DNS servers do not support incremental zone transfers, the transfers can be scheduled for times when the network is not busy. Answer b is incorrect because forwarding-only name servers do not have any impact on zone transfer traffic. Answer d is incorrect because UTF-8 encoding allows for non-RFC-compliant DNS hostnames and also does not affect zone transfers. | | Question 10 | Match the DNS servers in the first list with the features in the second list. You can use a feature more than once. DNS servers: BIND 4.9.7 BIND 8.2.2 Windows NT 4.0 ”SP 2 Windows NT 4.0 ”SP 4 or higher Windows 2000 Features: Secure dynamic update Incremental zone transfer SRV record support Dynamic update Active Directory integration WINS integration | | A10: | The correct answer is as follows: BIND 4.9.7: SRV record support BIND 8.2.2: Incremental zone transfer SRV record support Dynamic update Windows NT 4.0 ”SP 2: WINS integration Windows NT 4.0 ”SP 4 or higher: SRV record support WINS integration Windows 2000: Secure dynamic update Incremental zone transfer SRV record support Dynamic update Active Directory integration WINS integration |  |
