Securing Windows Server 2016 — Question 129
Your network contains an Active Directory domain named contoso.com. The domain contains two DNS servers that run Windows Server 2016. The servers host two zones named contoso.com and admin.contoso.com.
You sign both zones.
You need to ensure that all client computers in the domain validate the zone records when they query the zone.
What should you deploy?
Answer options
- A. a Microsoft Security Compliance manager (SCM) policy
- B. a Name Resolution Policy Table (NRPT)
- C. a zone transfer policy
- D. a connection security rule
Correct answer: B
Explanation
The correct answer is B, as the Name Resolution Policy Table (NRPT) allows clients to enforce DNSSEC validation for DNS queries. The other options do not pertain to the validation of zone records during DNS queries; for instance, option A relates to compliance management, C involves DNS zone transfers, and D pertains to security connections rather than DNS record validation.