高校问答前奏好听且长的英文歌:关于mcse考试习题的问题
来源:百度文库 编辑:高校问答 时间:2024/05/01 08:32:30
和大家讨论一道TK 293的题目:
You are the network administrator for TestKing. The network contains Windows
Server 2003 computers and Windows XP Professional computers.
TestKing deploys two DNS servers. Both DNS servers run Windows Server 2003.
One DNS server is inside of the corporate firewall, and the other DNS server is
outside of the firewall. The external DNS server provides name resolution for the
external Internet name of TestKing on the Internet, and it is configured with root
hints. The internal DNS server hosts the DNS zones related to the internal network
configuration, and it is not configured with root hints.
You want to limit the exposure of the client computers to DNS-related attacks from
the Internet, without limiting their access to Internet-based sites.
Which two actions should you take? (Each correct answer presents part of the
solution. (Choose two)
A. Configure the client computers to use only the internal DNS server.
B. Configure the client computers to use both DNS servers. List the internal DNS server
first.
C. Configure the firewall to allow only network traffic on the DNS ports.
D. On the internal DNS server, disable recursion.
E. On the internal DNS server, configure the external DNS server as forwarder.
F. On the internal DNS server, add the external DNS server as the only root hint.
答案是:A,E
但我觉得是D,E.因为题目要求“You want to limit the exposure of the client computers to DNS-related attacks from the Internet”对于外网内部DNS是不可见的,只可以通过外部的DNS递归访问攻击,所以选D,紧掉递归。又为了“without limiting their access to Internet-based sites”,只能选E配置forwarder。F选项需要递归服务,所以不选
大家认为呢?
You are the network administrator for TestKing. The network contains Windows
Server 2003 computers and Windows XP Professional computers.
TestKing deploys two DNS servers. Both DNS servers run Windows Server 2003.
One DNS server is inside of the corporate firewall, and the other DNS server is
outside of the firewall. The external DNS server provides name resolution for the
external Internet name of TestKing on the Internet, and it is configured with root
hints. The internal DNS server hosts the DNS zones related to the internal network
configuration, and it is not configured with root hints.
You want to limit the exposure of the client computers to DNS-related attacks from
the Internet, without limiting their access to Internet-based sites.
Which two actions should you take? (Each correct answer presents part of the
solution. (Choose two)
A. Configure the client computers to use only the internal DNS server.
B. Configure the client computers to use both DNS servers. List the internal DNS server
first.
C. Configure the firewall to allow only network traffic on the DNS ports.
D. On the internal DNS server, disable recursion.
E. On the internal DNS server, configure the external DNS server as forwarder.
F. On the internal DNS server, add the external DNS server as the only root hint.
答案是:A,E
但我觉得是D,E.因为题目要求“You want to limit the exposure of the client computers to DNS-related attacks from the Internet”对于外网内部DNS是不可见的,只可以通过外部的DNS递归访问攻击,所以选D,紧掉递归。又为了“without limiting their access to Internet-based sites”,只能选E配置forwarder。F选项需要递归服务,所以不选
大家认为呢?
我也认为是A,E
从安全上来说,一般对于内部DNS是禁掉递归的,而禁掉后对于外部的查询,应配置转发。
对于TK上是题并不是全对,关键是学到知识技能。