Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft Exam SC-100 Topic 6 Question 36 Discussion

Actual exam question for Microsoft's SC-100 exam
Question #: 36
Topic #: 6
[All SC-100 Questions]

You have an Azure AD tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Azure AD tenant and are managed by using Microsoft Intune.

You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations:

* Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device.

* The Security Administrator role will be mapped to the privileged access security level.

* The users in Group1 will be assigned the Security Administrator role.

* The users in Group2 will manage the privileged access devices.

You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege.

What should you include in the solution?

Show Suggested Answer Hide Answer
Suggested Answer: C

Contribute your Thoughts:

Celestina
7 months ago
That makes sense, Freida. We need to ensure the Security Administrator has access.
upvoted 0 times
...
Freida
7 months ago
But shouldn't we also add the Security Administrator user to the local Administrators group?
upvoted 0 times
...
France
7 months ago
I agree with Celestina. Group2 should definitely have access.
upvoted 0 times
...
Celestina
7 months ago
I think we should include Group2 in the local Administrators group.
upvoted 0 times
...
Cherelle
8 months ago
Hmm, I don't know. Option B with the Windows LAPS emulation mode sounds interesting. That could be a way to manage the local admin passwords without having to directly add users to the local Administrators group. Might be worth considering.
upvoted 0 times
...
Golda
8 months ago
Yeah, I'm with you guys on that one. Option C covers all the bases - it gives Group2 the necessary access to manage the devices, while also giving the Security Administrators the privileges they need on their assigned devices. Plus, it adheres to the principle of least privilege, which is key.
upvoted 0 times
...
Mirta
8 months ago
I agree, option C seems to be the most comprehensive solution. Adding Group2 to the local Administrators group makes sense, as they'll be managing the privileged access devices. And adding the user with the Security Administrator role to their assigned device's local Administrators group is also a good call.
upvoted 0 times
...
Vanda
8 months ago
Hmm, this question seems a bit tricky. We need to configure the local Administrators group for the privileged access devices, while following the principle of least privilege. I'm thinking option C might be the way to go here.
upvoted 0 times
Carmen
7 months ago
Option C is definitely the most secure choice for configuring the local Administrators group for the privileged access devices.
upvoted 0 times
...
Dulce
8 months ago
Absolutely. The security of privileged access devices is crucial in any modernization plan.
upvoted 0 times
...
Yvonne
8 months ago
It's important to carefully consider access controls when designing a privileged access strategy.
upvoted 0 times
...
Barrett
8 months ago
That's right. Option C covers all the necessary configurations while following the principle of least privilege.
upvoted 0 times
...
Valentine
8 months ago
We should always aim for least privilege to reduce the risk of unauthorized access.
upvoted 0 times
...
Leeann
8 months ago
Agreed. Adding Group2 to the local Administrators group and including the user assigned the Security Administrator role sounds like a good plan.
upvoted 0 times
...
Julio
8 months ago
Option C seems like the best choice for ensuring least privilege.
upvoted 0 times
...
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77