ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-800 All Questions

View all questions & answers for the AZ-800 exam
Go to Exam

Exam AZ-800 topic 1 question 64 discussion

Actual exam question from Microsoft's AZ-800
Question #: 64
Topic #: 1
[All AZ-800 Questions]

You have a Microsoft Entra Domain Services domain named contoso.com.

You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.

To which group should you add the administrator?

  • A. AAD DC Administrators
  • B. Domain Admins
  • C. Schema Admins
  • D. Enterprise Admins
  • E. Group Policy Creator Owners
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Ksk08 at Oct. 14, 2024, 6:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SunRise
4 months, 1 week ago
Selected Answer: A
Please do your research by if my analysis is right: The question is talking about Entra DS, not on-prim, so if I am not mistake there no group as GP Creator Owner there, the the Answer should be A
upvoted 2 times
...
Krayzr
4 months, 3 weeks ago
Selected Answer: A
AAD AD Admins
upvoted 3 times
...
VirtuaTech
5 months ago
Selected Answer: E
Group Policy Creator Owners = Just the right access to just manage GPOs
upvoted 2 times
...
Ksk08
6 months, 4 weeks ago
Answer is E
upvoted 2 times
Abdullah993
6 months, 2 weeks ago
Answer is A
upvoted 5 times
Ksk08
5 months, 3 weeks ago
Imagine a building with many rooms: Domain Admins = Access to everything (too much) Enterprise Admins = Access to multiple buildings (way too much) Schema Admins = Access to building blueprints (wrong type of access) AAD DC Administrators = Access to different areas (not specific enough) Group Policy Creator Owners = Just the right access to just manage GPOs
upvoted 1 times
FERNFHIT
5 months ago
Wrong. The Group Policy Creator Owners group lets its members create new GPOs. However, those members can only edit or delete GPOs that they have created. The Group Policy Creator Owners group also has no permission to link GPOs to a container such as a domain or OU.... therefor members of that group cannot sufficiently manage group policies.
upvoted 3 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago