Home » MCSA 70-741 EXAM mcq questions with answer – Set 4

MCSA 70-741 EXAM mcq questions with answer – Set 4

Important Instructions:

  • Total Number Of Questions : 10
  • Passing Marks : 7
  • Each Question Carry 1 Mark, No Negative Marking.
  • Do Not Refresh The Page.
  • This Is A FREE Online Test, DO NOT Pay Money To Anyone To Attend This Test.
  • Best Of Luck…



#1. You are responsible for the domain pearson.com. You don’t use hardware solutions to safeguard cryptographic keys. You have three domain controllers with the DNS server role installed: DC1, DC2, and DC3 (RODC). The DNSSEC key master DC1 for the file-based zone pearson.com goes offline. You try to transfer the DNSSEC key master role from DC1 to DC2. You get the following message: “The DNS server DC1.pearson.com is the Key Master, Status: Inactive.” DC1 cannot be recovered. You want to seize the key master role to DC2. You not want to redistribute trust anchors. From which location can DC2 get private key data for the zone?

#2. You plan to roll over a DNSSEC KSK that is waiting for a parent DS update. You manually have updated the DS record in the parent zone. Now you want to force the rollover. Which PowerShell cmdlet can you use?

#3. You want to enable DNSSEC verification for your Windows Server 2016 DNS server. Which setting or command can you use?

#4. You unsign the zone pearson.com on a Windows Server 2016 DNS server. After doing so, you notice that validation requests fail and DNS resolution for the zone fails. Which component do you need to remove to solve the problem?

#5. You want to add a DS record to your Windows Server 2016 DNS server. Which of the following configuration options is not a valid solution?

#7. You have one domain named pearson.com and a child domain named eu.pearson.com. You want to start with your DNSSEC chain of trust configuration. On your root Windows Server 2016 DNS server, you see in Trust Points and the root folder that no DS record exists. Which configuration can you use to install a root trust anchor using the RSA/SHA256 algorithm as the starting point of your chain of trust? (Choose two.)

Select all that apply:

#8. Your environment consists of one parent domain named pearson.com and two child domains named usa.pearson.com and eu.pearson.com. You must plan the DNSSEC chain of trust, including delegations. Which statement is correct?

#9. You want to produce a statement if you try to find a record that does not appear on your Windows Server 2016 DNS server. You also want to use hashing security for existing hosts. Which kinds of resource records do you need? (Choose two.)

Select all that apply:

#10. You have configured both Enable DNSSEC in This Rule and Require DNS Clients to Check That Name and Address Data Has Been Validated by the DNS Server in the Default Domain Policy of your domain pearson.com. Your DNSSEC-configured DNS is named DNS1. In the Default Domain Policy, you add a rule for sec.pearson.com with DNSSEC (Validation) = “Yes” and DNSSEC (IPsec) = “No”. You want to ensure that the value for DNSSECValidationRequired is True on client1 (Windows 10). Which PowerShell command can you use? (Choose two.)

Select all that apply:

You May Also Like :   MCSA 70-741 EXAM mcq questions with answer - Set 3
Rate this post
Scroll to Top