Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft Exam AZ-800 Topic 1 Question 39 Discussion

Actual exam question for Microsoft's AZ-800 exam
Question #: 39
Topic #: 1
[All AZ-800 Questions]

You have an Active Directory Domain Services (AD DS) domain. The domain contains three servers named Server 1, Server2, and Server3 that run Windows Server.

You sign in to Server1 by using a domain account and start a remote PowerShell session to Server2. From the remote PowerShell session, you attempt to access a resource on Server3. but access to the resource is denied.

You need to ensure that your credentials are passed from Server1 to Server3. The solution must minimize administrative effort. What should you do?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Annmarie at Feb 12, 2024, 04:26 PM

Limited Time Offer

25%

Off

Get Premium AZ-800 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Jolanda
8 months ago
That's a good point, Nu. But I still think Kerberos constrained delegation is the best option.
upvoted 0 times
...
Nu
8 months ago
I believe option B) Configure Just Enough Administration (JEA) could also work. It restricts administrative rights.
upvoted 0 times
...
Glennis
8 months ago
I agree with Jolanda. Kerberos constrained delegation allows your credentials to be passed.
upvoted 0 times
...
Jolanda
8 months ago
I think the answer is A) Configure Kerberos constrained delegation.
upvoted 0 times
...
Vilma
9 months ago
I don't think so, Derick. Selective authentication restricts which users have the ability to authenticate to the domain, not the passing of credentials between servers.
upvoted 0 times
...
Derick
9 months ago
But wouldn't configuring selective authentication for the domain also work in this scenario?
upvoted 0 times
...
Margot
9 months ago
I agree with Derick. It allows a service to impersonate the clients and use their credentials to access resources on another server.
upvoted 0 times
...
Derick
10 months ago
I think we should configure Kerberos constrained delegation.
upvoted 0 times
...
Erick
11 months ago
Yeah, I agree. Kerberos constrained delegation is the way to go here. It's a bit more complicated to set up, but it's the most secure option and minimizes administrative effort.
upvoted 0 times
...
Lawrence
11 months ago
Ha! Yeah, that would be a classic exam question move. Trying to distract us with something that sounds reasonable but is actually a terrible idea. Good thing we're on the same page here.
upvoted 0 times
...
Dalene
11 months ago
You know, I was just thinking the same thing. JEA is more for fine-grained access control, and this seems like a simpler use case. Kerberos constrained delegation is probably the best bet here.
upvoted 0 times
...
Flo
11 months ago
Alright, I think I've got it now. Kerberos constrained delegation it is! Let's just hope the exam doesn't try to trick us with some random option like 'Disable the Enforce user logon restrictions policy setting for the domain.' That would be a real head-scratcher.
upvoted 0 times
Glendora
10 months ago
Definitely, let's focus on understanding all the options.
upvoted 0 times
...
Malcom
10 months ago
We should be prepared for anything the exam might throw at us.
upvoted 0 times
...
Laine
10 months ago
Yeah, like disabling the user logon restrictions, that would be tricky.
upvoted 0 times
...
Fannie
10 months ago
I hope the exam doesn't throw us off with random options.
upvoted 0 times
...
Lashonda
10 months ago
Good choice, it minimizes administrative effort.
upvoted 0 times
...
Mollie
10 months ago
Agreed, it passes credentials between servers.
upvoted 0 times
...
Danica
10 months ago
Kerberos constrained delegation is the way to go.
upvoted 0 times
...
...

Save Cancel