Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft Exam AZ-800 Topic 3 Question 50 Discussion

Actual exam question for Microsoft's AZ-800 exam
Question #: 50
Topic #: 3
[All AZ-800 Questions]

You have an on-premises server named Server1 that runs Windows Server. Server1 contains an app named App1 and a firewall named Firewall1.

You have an Azure subscription.

Internal users connect to App1 by using WebSockets.

You need to make App1 available to users on the internet. The solution must minimize the number of inbound ports open on Firewall 1.

What should you include in the solution?

Show Suggested Answer Hide Answer
Suggested Answer: A

To ensure that all computers in the domain use DNSSEC to resolve names in the adatum.com zone, you'll need to configure both the DNS servers and the client computers. Here's how you can do it:

Step 1: Sign the adatum.com Zone First, you need to sign the adatum.com DNS zone. This can be done using the DNS Manager or PowerShell. Here's a PowerShell example:

Add-DnsServerSigningKey -ZoneName 'adatum.com' -CryptoAlgorithm RsaSha256

Set-DnsServerDnsSecZoneSetting -ZoneName 'adatum.com' -DenialOfExistence NSEC3 -NSEC3Parameters 1,0,10,''

This will add a signing key and configure DNSSEC for the zone with NSEC3 parameters.

Step 2: Configure DNS Servers Ensure that your DNS servers are configured to support DNSSEC. This includes setting up trust anchors for the zones that you want to validate and configuring the DNS servers to provide DNSSEC validation for DNS queries.

Step 3: Configure DNS Clients For DNSSEC validation to occur on the client side, the client computers must be configured to trust the DNS server's validation process. This typically involves configuring the client's DNS settings to point to a DNS server that supports DNSSEC.

Step 4: Validate Configuration You can validate that DNSSEC is working correctly by using tools like nslookup or dig to query DNS records and check for the presence of DNSSEC signatures in the responses.

Note: The exact steps may vary depending on your environment and the version of Windows Server you are using. Ensure that you have the appropriate administrative rights to make these changes and that you test the configuration in a controlled environment before deploying it domain-wide12.

By following these steps, you should be able to ensure that all computers in your domain use DNSSEC to resolve names in the adatum.com zone.


Contribute your Thoughts:

Janey
22 hours ago
I'm not sure about Azure Application Gateway. I think we should consider using Azure Relay instead.
upvoted 0 times
...
Alpha
7 days ago
I agree with Lillian. Azure Application Gateway can help minimize the number of inbound ports open on Firewall1.
upvoted 0 times
...
Lillian
8 days ago
I think we should include Azure Application Gateway in the solution.
upvoted 0 times
...

Save Cancel