New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Microsoft AZ-800 Exam - Topic 9 Question 61 Discussion

Actual exam question for Microsoft's AZ-800 exam
Question #: 61
Topic #: 9
[All AZ-800 Questions]

Your network contains an on-premises Active Directory Domain Services (AD DS) domain. The domain contains a user named User1 and the servers shown in the following table.

User1 is a member of the Protected Users security group.

User1 performs the following actions:

* From Server1, establishes a remote PowerShell session on Server2

* From the PowerShell session on Server2, attempts to access a resource on Backup1

The request to access the resource on 8ackup1 is denied.

You need to ensure that User1 can access the resources on Backup1 by using the PowerShell session on Server2. The solution must follow the principle of least privilege and minimize administrative effort.

What should you configure?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Lili at Nov 15, 2024, 02:33 PM

Limited Time Offer

25%

Off

Get Premium AZ-800 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Salina
3 months ago
Wait, why is the access denied in the first place? That’s surprising!
upvoted 0 times
...
Stephaine
3 months ago
Unconstrained delegation seems risky, right?
upvoted 0 times
...
Scot
3 months ago
I think CredSSP could work too, but not sure if it's the best choice.
upvoted 0 times
...
Karol
4 months ago
Definitely should go with resource-based Kerberos constrained delegation!
upvoted 0 times
...
Hobert
4 months ago
User1 needs proper permissions to access Backup1.
upvoted 0 times
...
Odelia
4 months ago
Resource-based Kerberos constrained delegation sounds familiar, but I’m not entirely confident it fits the least privilege requirement we need to follow.
upvoted 0 times
...
Helaine
4 months ago
I practiced a similar question where we had to configure PSSessionConfiguration, but I can't recall if RunAs is the right approach for this scenario.
upvoted 0 times
...
Gerald
4 months ago
I think CredSSP might be the answer since it allows secure connections for remote sessions, but I need to double-check how it interacts with Protected Users.
upvoted 0 times
...
Marylyn
5 months ago
I remember something about Kerberos delegation, but I'm not sure if unconstrained is the right choice here. It seems too broad for least privilege.
upvoted 0 times
...
Alex
5 months ago
This is a good test of my understanding of Kerberos delegation. I'll need to make sure I fully grasp the differences between the options to select the right one.
upvoted 0 times
...
Adell
5 months ago
I'm feeling pretty confident about this one. The key is to use the delegation method that provides the necessary access while adhering to the principle of least privilege.
upvoted 0 times
...
Anastacia
5 months ago
Okay, I think I've got a strategy here. Resource-based Kerberos constrained delegation seems like the way to go to meet the requirements.
upvoted 0 times
...
Shawana
5 months ago
Hmm, I'm a bit confused about the different delegation options. I'll need to review the details of each one to determine the best approach.
upvoted 0 times
...
Michael
5 months ago
This looks like a tricky one. I'll need to carefully consider the requirements around least privilege and minimizing administrative effort.
upvoted 0 times
...
Anissa
1 year ago
I don't know, but I'm hoping the exam doesn't have any trick questions like 'What is the square root of -1?' or 'How many angels can dance on the head of a pin?'
upvoted 0 times
Moon
1 year ago
D) resource-based Kerberos constrained delegation
upvoted 0 times
...
Veronika
1 year ago
C) PSSessionConfiguration by using RunAs
upvoted 0 times
...
Laticia
1 year ago
B) CredSSP
upvoted 0 times
...
Niesha
1 year ago
A) Kerberos delegation (unconstrained)
upvoted 0 times
...
...
Elli
1 year ago
I'm not sure about that. I think C) PSSessionConfiguration by using RunAs could also work. It minimizes administrative effort.
upvoted 0 times
...
Micah
1 year ago
Option C, using PSSessionConfiguration with RunAs, could work, but it might be more administratively complex than the constrained delegation approach.
upvoted 0 times
Keena
1 year ago
D) resource-based Kerberos constrained delegation
upvoted 0 times
...
Yoko
1 year ago
C) PSSessionConfiguration by using RunAs
upvoted 0 times
...
Filiberto
1 year ago
B) CredSSP
upvoted 0 times
...
Ulysses
1 year ago
A) Kerberos delegation (unconstrained)
upvoted 0 times
...
...
Barney
1 year ago
Unconstrained Kerberos delegation (option A) would be too risky, as it could allow User1 to impersonate other users. CredSSP (option B) doesn't seem to be the best fit here.
upvoted 0 times
Ammie
1 year ago
Let's implement option D to minimize administrative effort and ensure User1 can access the resources on Backup1.
upvoted 0 times
...
Karma
1 year ago
I agree, option D would allow User1 to access the resources on Backup1 while following the principle of least privilege.
upvoted 0 times
...
Hyman
1 year ago
We should go with option D, resource-based Kerberos constrained delegation.
upvoted 0 times
...
...
Hubert
1 year ago
I agree with Shay. It makes sense to use resource-based Kerberos constrained delegation to ensure User1 can access the resources on Backup1.
upvoted 0 times
...
Shay
1 year ago
I think the answer is D) resource-based Kerberos constrained delegation.
upvoted 0 times
...
Nguyet
1 year ago
I think the correct answer is D. Resource-based Kerberos constrained delegation allows User1 to access the resource on Backup1 without granting unnecessary privileges, which aligns with the principle of least privilege.
upvoted 0 times
Pearly
1 year ago
Great, that aligns with the principle of least privilege.
upvoted 0 times
...
Lura
1 year ago
Exactly, it minimizes administrative effort as well.
upvoted 0 times
...
Nikita
1 year ago
That's correct. It allows User1 to access Backup1 without extra privileges.
upvoted 0 times
...
Boris
1 year ago
User1 should configure resource-based Kerberos constrained delegation.
upvoted 0 times
...
...

Save Cancel