Your  company，  A.  Datum  Corporation，  has  a  single  Active  Directory  domain  named  intranet.adatum.com. The domain has two domain controllers that run Windows Server 2008 R2  operating system. The domain controllers also run DNS servers.  The intranet.adatum.com DNS zone is configured as an Active Directoryintegrated zone with the  Dynamic updates setting configured to Secure only.  A new corporate security policy requires that the intranet.adatum.com DNS zone must be updated only by  domain controllers or member servers.  You need to configure the intranet.adatum.com zone to meet the new security policy requirement.  Which two actions should you perform（）

• A、Remove the Authenticated Users account from the Security tab of the intranet.adatum.com DNS zone  properties.
• B、Assign the SELF Account Deny on Write permission on the Security tab of the intranet.adatum.com  DNS zone properties.
• C、Assign the server computer accounts the Allow on Write All Properties permission on the Security tab  of the intranet.adatum.com DNS zone properties.
• D、Assign the server computer accounts the Allow on Create All Child Objects permission on the Security  tab of the intranet.adatum.com DNS zone properties.