Exam SY0-701 topic 1 question 483 discussion

B. Implement a privileged access management solution. Explanation: A privileged access management (PAM) solution minimizes the risk of pass-the-hash attacks by enforcing stricter controls on privileged accounts, such as domain administrators. PAM solutions include features like just-in-time access, session monitoring, credential vaulting, and isolating privileged credentials, ensuring that attackers cannot easily exploit administrative credentials. Why not the other options? A. Audit each domain administrator account weekly for password compliance: While auditing is good practice, it does not directly prevent pass-the-hash attacks because the attack uses hashed credentials, not passwords themselves. C. Create IDS policies to monitor domain controller access: Monitoring is helpful for detection, but it does not prevent the attack. Pass-the-hash attacks exploit credential reuse, which monitoring alone cannot stop.

Privileged access management (PAM) refers to policies, procedures, and technical controls to prevent compromise of privileged accounts. These controls identify and document privileged accounts, giving visibility into their use, and managing the credentials used to access them.