ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-744 All Questions

View all questions & answers for the 70-744 exam
Go to Exam

Exam 70-744 topic 1 question 105 discussion

Actual exam question from Microsoft's 70-744
Question #: 105
Topic #: 1
[All 70-744 Questions]

Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run Windows Server 2016.
The Job Title attribute for a domain user named User1 has a value of Sales Manager.
User1 runs whoami/claims and receives the following output.

You need to ensure that the security token of User1 has a claim for Job Title.
What should you do?

  • A. From Active Directory Users and Computers, modify the properties of the User1 account.
  • B. From a Group Policy object(GPO), configure KDC support for claims, compound authentication, and Kerberos armoring.
  • C. From Active Directory Administrative Center, add a claim type. parameter.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
References:
https://www.nyazit.com/how-to-configure-dynamic-access-control-in-windows-server-2012-r2-2/
by Boehlie at April 12, 2020, 10:22 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
dumpmaster
4 years, 5 months ago
I think the answer is B: https://www.itprotoday.com/security/what-you-need-know-about-dynamic-access-control-windows-server In the image you have this: "kerberos support for dynamic access control on this device has been disabled"
upvoted 1 times
...
SamsOtro
4 years, 6 months ago
C. From Active Directory Administrative Center, add a claim type. parameter.
upvoted 1 times
...
jam7272
4 years, 7 months ago
Yes, you do need to enable KDC via GP for claims to work. However this question does not focus on claims actually working. It asks 'You need to ensure that the security token of User1 has a claim for Job Title' - this is about the security token having a claim for Job Title. To ensure that the security token has a claim you need to add the Claim Type in AD Administrative Center. KDC is needed but it is not the answer here.
upvoted 3 times
...
Maku5555
4 years, 8 months ago
Why C? For me B is right. B. From a Group Policy object(GPO), configure KDC support for claims, compound authentication, and Kerberos armoring
upvoted 1 times
...
Protomike
4 years, 9 months ago
A. From Active Directory Users and Computers, modify the properties of the User1 account. B. From a Group Policy object(GPO), configure KDC support for claims, compound authentication, and Kerberos armoring C. From Active Directory Administrative Center, add a claim type. D. From Windows PowerShell, run the New-ADCIaimTransformPolicy cmdlet and specify the -Name parameter. Answer: C
upvoted 3 times
...
Kamikazekiller
4 years, 10 months ago
C. From Active Directory Administrative Center, add a claim type. parameter.
upvoted 2 times
...
SIMSIM741
5 years, 2 months ago
c . the right answer
upvoted 2 times
...
Boehlie
5 years, 2 months ago
Step 7. Enabling Kerberos Support for claim-based Access Control Used GPO We use Group Policy to make the CAP available to our domain file server(s). Whether you create a new GPO or edit an existing one is completely up to you. In a nutshell, we need to configure the following Group Policy elements
upvoted 1 times
...
Boehlie
5 years, 2 months ago
The correct answer is B
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel