You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create?
A . PTR
B . MX
C . NSEC3
D . RRSIG
Answer: B
Explanation:
TXT or MX: Correct
You can use either a TXT or MX record to verify the custom domain in the Azure AD. MX records can serve the purpose of TXT records
SRV: Incorrect
SRV records are used by various services to specify server locations. When specifying an SRV
record in Azure DNS
DNSKEY: Incorrect Choice
This will verify that the records are originating from an authorized sender.
NSEC: Incorrect Choice
This is Part of DNSSEC. This is used for explicit denial-of-existence of a DNS record. It is used to prove a name does not exist.
Reference: https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain#verify-your-custom-domain-name
https://www.cloudflare.com/dns/dnssec/how-dnssec-works/#:~:text=DNSKEY%20%2D%20Contains%20a%20public%20signing,s)%20in%20the%20p arent%20zone.