ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-100 All Questions

View all questions & answers for the SC-100 exam
Go to Exam

Exam SC-100 topic 1 question 34 discussion

Actual exam question from Microsoft's SC-100
Question #: 34
Topic #: 1
[All SC-100 Questions]

You have a Microsoft Entra tenant that contains 10 Windows 11 devices and two groups named Group1 and Group2. The Windows 11 devices are joined to the Microsoft Entra tenant and are managed by using Microsoft Intune.

You are designing a privileged access strategy based on the rapid modernization plan (RaMP). The strategy will include the following configurations:

• Each user in Group1 will be assigned a Windows 11 device that will be configured as a privileged access device.
• The Security Administrator role will be mapped to the privileged access security level.
• The users in Group1 will be assigned the Security Administrator role.
• The users in Group2 will manage the privileged access devices.

You need to configure the local Administrators group for each privileged access device. The solution must follow the principle of least privilege.

What should you include in the solution?

  • A. Only add Group2 to the local Administrators group.
  • B. Configure Windows Local Administrator Password Solution (Windows LAPS) in legacy Microsoft LAPS emulation mode.
  • C. Add Group2 to the local Administrators group. Add the user that is assigned the Security Administrator role to the local Administrators group of the user's assigned privileged access device.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 676ae1a at Jan. 29, 2025, 8:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
francescoc
3 weeks ago
Selected Answer: C
The correct answer is C, not A. Because A doesn’t allow Group1 users to perform their privileged duties on their own devices. Violates usability.
upvoted 1 times
...
francescoc
1 month, 2 weeks ago
Selected Answer: C
Answare is C, not A. Group1 users need local admin rights on their assigned device to perform privileged operations. This option would block them
upvoted 1 times
...
424ede1
2 months ago
Selected Answer: A
Under the RaMP guidelines, you want to enforce the principle of least privilege. To minimize the risk of lateral movement or compromise, these privileged access devices should not grant local administrator rights to the security administrators.
upvoted 1 times
...
olsookie
2 months, 2 weeks ago
Selected Answer: A
To follow the principle of least privilege, you should include Option A: Only add Group2 to the local Administrators group in your solution. This ensures that only the users responsible for managing the privileged access devices have administrative rights, minimizing the risk of unnecessary access. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/best-practices https://learn.microsoft.com/en-us/entra/identity/devices/assign-local-admin
upvoted 2 times
...
devop23
3 months, 1 week ago
Selected Answer: A
Answer is A: https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-deployment Remove local admin rights This method requires that users of the VIP, DevOps, and Privileged workstations have no administrator rights on their machines. Group2 users will manage these devices so they should have local admin access anyway. So option C is eliminated. Option B doesn't make sense here.
upvoted 2 times
...
Er_01
4 months, 1 week ago
Selected Answer: C
https://learn.microsoft.com/en-us/security/privileged-access-workstations/privileged-access-deployment It says not to add anyone to admin on privileged wa. So A and C are against best practice. B will not work as legacy laps not be used on cloud joined was. So the best answer would be C because it allows for different group to manage and only 1 person to use. Bad question.
upvoted 2 times
jim85
4 months ago
I think, the 2nd half of the answer would be D and in that case C gets its meaning
upvoted 1 times
...
...
676ae1a
4 months, 1 week ago
Selected Answer: C
Respuesta correcta
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel