[MCSE真题]DNS服务逆向查找出错原因解析
You are the administrator of PConline's network. You configure a Windows 2000 Server computer as the DNS server for your network. You create both standard primary forward lookup and reverse lookup zones.You discover that when you use the nslookup utility, you cannot resolve host names from IP addresses on your network. You also discover that when you run the Tracert.exe utility, you receive the following error message. "Unable to resolve target system name."
What should you do?
A. Configure the DNS to forward requests to an external DNS
B. Install a WINS server and configure DHCP to issue the IP address of the WINS server to all DHCP clients
C. Create PTR (pointer) records in your reverse lookup zone
D. Copy the systemrootsystem32dnscachesamplescache.dns to systemrootsystem32dnscachecache.dns
Select the 1 best answer
作为一名PConline的网络管理员,你配置了一台Windows 2000 Server作为企业网络的DNS服务器。你创建了标准主区域的正向查找与逆向查找,但你发现当你在局域网络中使用nslookup命令行时,不能够将IP地址解析为主机名称,而当你使用Tracet.exe命令时,收到了这样的提示“Unable to resolve target system name.”
解答:
Tracert 命令是用来检查通往远程系统的路由状况的,它必需将主机名解析为IP地址以及将IP地址解析为主机名来运行,如果tarcert不能够工作,看起来很像是反向查找机制没有工作的原因。
Nslookup命令行使用逆向查找来查询并返回主机名称。
逆向查找区域虽然建立了,但逆向查找区域并没有被激或者其中并没有PTR记录,通常就是这种原因造成上述问题的出现。
正确答案:C
tracert 命令通过发送 Internet 控制消息协议 (ICMP) 回响请求和回响答复消息(类似于 ping 命令),产生关于经过的每个路由器的命令行报告输出以及每个跃点的往返时间 (RTT),从而跟踪路径。路由器、防火墙或其他类型安全性网关上的数据包筛选策略可能会阻止该通信的转发
Nslookup.exe 是命令行管理工具,用于测试或解决 DNS 服务器问题。Nslookup.exe 可以在两种模式下运行:交互式和非交互式。当需要返回单块数据时,请使用非交互式模式。非交互模式的语法如下:
nslookup [-option] [hostname] [server]
要在交互模式缕舳?Nslookup.exe,只需在命令提示符下输入 nslookup:
C:> nslookup
Default Server: nameserver1.domain.com
Address: 10.0.0.1
>
参考资料:
MCSE Trainking Kit -- Microsoft Windows 2000 Network Infrasturucture Administration -- Chapter8 Using the Windows 2000 DNS Server-- Lesson 5 :Monitoring and Troubleshooting DNS
Internet密钥交换鉴别方法
问题:
You are working as a network administrator.You know that Internet Key Exchange (IKE) is the new term for ISAKMP/Oakley.But what are the tree authentication methods you can use with IKE?
A.IPSec AH
B.IPSec ESP
C.Kerberos
D.Pre-shared key
E.X.509 Certificates
F.NTLM
Select the 3 best answers
可以借助IKE使用的三种鉴别方法是什么?
解答:
·Kerberos V5
·X.509 Version3 证书
·预共享密钥(Pre-shared key)
正确答案:CDE
参考资料:
MSEE Training Kit -- Microsoft Windows 2000 Network Infrastructure Administration -- Chapter 10 Securing Network Protocoles