ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-744 All Questions

View all questions & answers for the 70-744 exam
Go to Exam

Exam 70-744 topic 1 question 135 discussion

Actual exam question from Microsoft's 70-744
Question #: 135
Topic #: 1
[All 70-744 Questions]

Your network contains an Active Directory forest named contoso.com. You deploy another Active Directory forest named admin.contoso.com.
You create a trust relationship between the two forests. The trust relationship has the following configurations:
✑ SID history is disabled
✑ SID filtering is disabled
You need to implement Privileged Access Management (PAM) and to specify admin.contoso.com as an administrative forest. What should you do?

  • A. Run netdom.exe and specify the /quarantine switch.
  • B. Enable SID filtering on the trust.
  • C. Run netdom.exe and specify the /transitive switch.
  • D. Enable SID history on the trust.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
References:
https://www.petri.com/windows-server-2016-set-privileged-access-management
by RVR at April 13, 2020, 12:17 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
why_does_it_matter
Highly Voted 5 years, 2 months ago
D. Enable SID history on the trust. https://docs.microsoft.com/en-us/microsoft-identity-manager/pam/sp1-step7-setup-sidhistory-sidfiltering
upvoted 7 times
...
Kamikazekiller
Highly Voted 4 years, 10 months ago
D. Enable SID history on the trust.
upvoted 5 times
...
Yebubbleman
Most Recent 4 years, 5 months ago
I'm gonna lean A on this one: From the Exam Ref 70-744 book: The New-PAMTrust cmdlet performs three tasks: it creates the forest trust, it enables SID history for the trust and it disables SID filtering. Instead of using NewPAMTrust, you can perform these three tasks individually with the following commands using the netdom tool: netdom trust production.local /domain:bastion.local /userO:production\ administrator /passwordO:password /add netdom trust production.local /domain:bastion.local /EnableSIDHistory:yes / userO:production\administrator /passwordO:password netdom trust production.local /domain:bastion.local /Quarantine:no / userO:production\administrator /passwordO:password You do have to enable SID History, and New-PAMTrust will do that for you. But given that the trust is already set up, it looks like that will be done manually as detailed from the commands above. All that to say that, A ought to accomplish D.
upvoted 1 times
Yebubbleman
4 years, 5 months ago
Scratch that. I think I misinterpreted the book's formatting. C is correct as that is an individual action and the whole point of this exercise is that all of the functions provided by New-PAMTrust are being done individually.
upvoted 1 times
Yebubbleman
4 years, 5 months ago
Sorry, meant D. there.
upvoted 1 times
...
...
...
rodobew
4 years, 6 months ago
The correct answer is D. Enable SID history. Without it, you won't be able to create shadow groups in your bastion forest and won't be able to set up the ESAE.
upvoted 3 times
...
SamsOtro
4 years, 6 months ago
Trust was already configured - no need for Netdom cmd. D is correct.
upvoted 5 times
...
KidCastaldo
4 years, 8 months ago
D. https://secureidentity.se/msds-shadowprincipal/ (echos RVR)
upvoted 5 times
...
RVR
5 years, 2 months ago
/ForestTRANsitive:Yes /EnableSIDHistory:Yes /EnablePIMTrust:Yes /Quarantine:No
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel