X

AZ-800 / Q31 / T2

  • 5 views
Exam
Microsoft AZ-800
Answer confirmed
Question

Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains a user named User1 and the servers shown in the following table.



User1 is a member of the Protected Users security group.

User1 performs the following actions:

• From Server1, establishes a remote PowerShell session on Server2
• From the PowerShell session on Server2, attempts to access a resource on Backup1

The request to access the resource on Backup1 is denied.

You need to ensure that User1 can access the resources on Backup1 by using the PowerShell session on Server2. The solution must follow the principle of least privilege and minimize administrative effort.

What should you configure?

Proposed answer
  • A. Kerberos delegation (unconstrained)
  • B. CredSSP
  • C. PSSessionConfiguration by using RunAs
  • D. resource-based Kerberos constrained delegation
Correct answer
  • D. resource-based Kerberos constrained delegation

 

Comments

 

Krayzr

2 days, 14 hours ago 

Selected Answer: D

Resource-based Kerberos constrained delegation Resource-based Kerberos constrained delegation allows you to specify which services can delegate to which resources, providing a more secure and controlled delegation compared to unconstrained delegation. This setup ensures that User1 can access the necessary resources without granting excessive permissions

upvoted 1 times 

Ksk08

1 month, 1 week ago 

Answer: D

upvoted 1 times 

 

Related exam questions

AZ-800 / Q1 / T1

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com. 

You need to identify which server is the PDC emulator for the domain.

AZ-800 / Q2 / T1

Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com.
You need to identify which server is the PDC emulator for the domain.

AZ-800 / Q3 / T1

You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant.

AZ-800 / Q7 / T1

Your network contains a single domain Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a single Active Directory site.

AZ-800 / Q9 / T1

You deploy a new Active Directory Domain Services (AD DS) forest named contoso.com. The domain contains three domain controllers named DC1, DC2, and
DC3.

AZ-800 / Q10 / T1

A failure of which domain controller will prevent you from creating application partitions?

AZ-800 / Q12 / T1

Your network contains a multi-site Active Directory Domain Services (AD DS) forest.

AZ-800 / Q13 / T1

DRAG DROP -
You deploy a single-domain Active Directory Domain Services (AD DS) forest named contoso.com.

AZ-800 / Q15 / T1

Your network contains an Active Directory Domain Services (AD DS) forest named contoso.com. The forest contains a child domain named east.contoso.com.

AZ-800 / Q18 / T1

Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers.