What should you recommend deploying?

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers run Windows Server 2016.

A new secunty policy states that you must modify the infrastructure to meet the following requirements:

* Limit the nghts of administrators.

* Minimize the attack surface of the forest

* Support Multi-Factor authentication for administrators.

You need to recommend a solution that meets the new secunty policy requirements.

What should you recommend deploying?
A . an administrative forest
B . domain isolation
C . an administrative domain in contoso.com
D . the Local Administrator Password Solution (LAPS)

Answer: A

Explanation:

You have to “-Minimize the attack surface of the forest”, then you must create another forest for administrators.https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privilegedaccess-reference-material#ESAE_BMThis section contains an approach for an administrative forest based on the Enhanced Security AdministrativeEnvironment (ESAE) reference architecture deployedby Microsoft’s cybersecurity professional services teams to protect customers against cybersecurity attacks. Dedicated administrative forests allow organizations to host administrative accounts, workstations, and groups in an environment that has stronger security controlsthan the production environment.

Latest 70-744 Dumps Valid Version with 207 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments