- 4 views
Exam
Answer needs confirmation
Question
Your network contains an Active Directory Domain Services (AD DS) domain. All domain members have Microsoft Defender Credential Guard with UEFI lock configured.
In the domain, you deploy a server named Server1 that runs Windows Server. You disable Credential Guard on Server1.
You need to ensure that Server1 is NOT subject to Credential Guard restrictions.
What should you do next?
Proposed answer
- A. Disable the Turn on Virtualization Based Security group policy setting.
- B. Run dism and specify the /Disable-Feature and /FeatureName:IsolatedUserMode parameters.
- C. Run the Device Guard and Credential Guard hardware readiness tool.
Suggested answer
A. Disable the Turn on Virtualization Based Security group policy setting.
syu31svc
3 months, 1 week ago
Selected Answer: A
https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage If Windows Defender Credential Guard was enabled via Group Policy without UEFI Lock, Windows Defender Credential Guard should be disabled via Group Policy. Answer is A
upvoted 3 times
jecawi9630
6 months, 2 weeks ago
https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage#disabling-windows-defender-credential-guard-using-group-policy
upvoted 4 times