Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft Exam AZ-800 Topic 1 Question 39 Discussion

Actual exam question for Microsoft's AZ-800 exam
Question #: 39
Topic #: 1
[All AZ-800 Questions]

You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server 1, Server2, and Server3 that run Windows Server.

You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3. but access to the resource is denied.

You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

Contribute your Thoughts:

Jolanda
5 months ago
That's a good point, Nu. But I still think Kerberos constrained delegation is the best option.
upvoted 0 times
...
Nu
5 months ago
I believe option B) Configure Just Enough Administration (JEA) could also work. It restricts administrative rights.
upvoted 0 times
...
Glennis
6 months ago
I agree with Jolanda. Kerberos constrained delegation allows your credentials to be passed.
upvoted 0 times
...
Jolanda
6 months ago
I think the answer is A) Configure Kerberos constrained delegation.
upvoted 0 times
...
Vilma
6 months ago
I don't think so, Derick. Selective authentication restricts which users have the ability to authenticate to the domain, not the passing of credentials between servers.
upvoted 0 times
...
Derick
7 months ago
But wouldn't configuring selective authentication for the domain also work in this scenario?
upvoted 0 times
...
Margot
7 months ago
I agree with Derick. It allows a service to impersonate the clients and use their credentials to access resources on another server.
upvoted 0 times
...
Derick
7 months ago
I think we should configure Kerberos constrained delegation.
upvoted 0 times
...
Erick
8 months ago
Yeah, I agree. Kerberos constrained delegation is the way to go here. It's a bit more complicated to set up, but it's the most secure option and minimizes administrative effort.
upvoted 0 times
...
Lawrence
8 months ago
Ha! Yeah, that would be a classic exam question move. Trying to distract us with something that sounds reasonable but is actually a terrible idea. Good thing we're on the same page here.
upvoted 0 times
...
Dalene
8 months ago
You know, I was just thinking the same thing. JEA is more for fine-grained access control, and this seems like a simpler use case. Kerberos constrained delegation is probably the best bet here.
upvoted 0 times
...
Flo
8 months ago
Alright, I think I've got it now. Kerberos constrained delegation it is! Let's just hope the exam doesn't try to trick us with some random option like 'Disable the Enforce user logon restrictions policy setting for the domain.' That would be a real head-scratcher.
upvoted 0 times
Glendora
7 months ago
Definitely, let's focus on understanding all the options.
upvoted 0 times
...
Malcom
8 months ago
We should be prepared for anything the exam might throw at us.
upvoted 0 times
...
Laine
8 months ago
Yeah, like disabling the user logon restrictions, that would be tricky.
upvoted 0 times
...
Fannie
8 months ago
I hope the exam doesn't throw us off with random options.
upvoted 0 times
...
Lashonda
8 months ago
Good choice, it minimizes administrative effort.
upvoted 0 times
...
Mollie
8 months ago
Agreed, it passes credentials between servers.
upvoted 0 times
...
Danica
8 months ago
Kerberos constrained delegation is the way to go.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77