ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 2 question 21 discussion

Actual exam question from Microsoft's AZ-800
Question #: 21
Topic #: 2
[All AZ-800 Questions]

You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server1, Server2, and Server3 that run Windows Server.

You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3, but access to the resource is denied.

You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort.

What should you do?

  • A. Configure Kerberos constrained delegation.
  • B. Configure Just Enough Administration (JEA).
  • C. Configure selective authentication for the domain.
  • D. Disable the Enforce user logon restrictions policy setting for the domain.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by cb0900 at Nov. 17, 2023, 1:35 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ksk08
5 months, 4 weeks ago
A: kerberos
upvoted 1 times
...
SIAMIANJI
12 months ago
Selected Answer: A
To ensure that your credentials are passed from Server1 to Server3 while minimizing administrative effort, you should configure Kerberos constrained delegation. Therefore, the correct answer is: A. Configure Kerberos constrained delegation.
upvoted 4 times
...
Kuikz
1 year ago
Selected Answer: A
I will go with A, because the Questions says to minimize administrative effort. The table in the liked source states, that Just Enough Administration (JEA) can provide the best security but requires more detailed configuration. https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7.3
upvoted 2 times
...
fbx01
1 year, 2 months ago
Selected Answer: A
Configure Kerberos constrained delegation.
upvoted 1 times
...
bdbea79
1 year, 3 months ago
Selected Answer: B
I agree with B. In order to do Kerberos Constrained Delegation, you need domain admin permissions where it only mentions that you have a domain account. If it stated resource-based KCD then I would go with that but since not, then JEA it is according to Microsoft's preference list: https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7.3
upvoted 3 times
sardonique
8 months, 2 weeks ago
a domain account without admin privileges cannot configure KCD, do you think that same account can configure JEA? good luck!
upvoted 1 times
...
...
rknichols01
1 year, 3 months ago
Option A, Configure Kerberos constrained delegation, would be the best solution for passing your credentials from Server1 to Server3. This option allows you to specify which services can use Kerberos to delegate the user’s credentials to another service 1. By configuring constrained delegation, you can ensure that your credentials are passed from Server1 to Server3, and you can minimize administrative effort.
upvoted 3 times
...
dolphan904
1 year, 4 months ago
FROM MS: Just Enough Administration (JEA) JEA allows you to restrict what commands an administrator can run during a PowerShell session. It can be used to solve the second hop problem.
upvoted 2 times
...
Aliabdo
1 year, 5 months ago
Selected Answer: A
Configuring Kerberos constrained delegation allows you to pass your credentials from Server1 to Server3 when accessing a resource. Constrained delegation is a Kerberos feature that restricts the servers to which a service can delegate a user's credentials. This ensures that the delegation is secure and limited to specific services.
upvoted 2 times
...
cb0900
1 year, 5 months ago
Selected Answer: A
I would edge towards A on this one. Solution to minimise administrative effort. https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7.3
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago