ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 2 question 4 discussion

Actual exam question from Microsoft's MD-100
Question #: 4
Topic #: 2
[All MD-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows10.
A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you configure Application1 to sign in as the LocalSystem account and select the Allow service to interact with desktop check box. You delete the Service1 account.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by tumwvknt at Oct. 24, 2020, 9:15 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tonytones
Highly Voted 4 years, 5 months ago
this question confusing AF
upvoted 28 times
Hisandy
4 years, 4 months ago
you are not alone
upvoted 6 times
...
...
jcgm1990
Most Recent 2 years, 11 months ago
Selected Answer: B
Answer is No
upvoted 1 times
...
Tommo
3 years, 3 months ago
Selected Answer: B
B. No.
upvoted 1 times
...
TechMinerUK
3 years, 4 months ago
Selected Answer: B
Whilst changing it to use the LocalSystemAccount wouild likely work we need to meet the following criteria: "The solution must use the principle of least privilege" Because of this the service should use an account which has the minimum needed permissions which is then prevented from logging onto the system
upvoted 3 times
...
Goofer
3 years, 9 months ago
By default, services use a noninteractive window station and cannot interact with the user. However, an interactive service can display a user interface and receive user input. Once LocalSystem account (a services running in an elevated security context) creates a window on the interactive desktop, any other application that is running on the interactive desktop can interact with this window. That is, this exposes the service to any application that a logged-on user executes. Then it will be very dangerous.
upvoted 1 times
...
CARIOCA
3 years, 12 months ago
Essa questão ficou muito dividida no gabarito, afinal qual seria a resposta e qual a justificativa? Após um debate de 6 comentários, o gabarito é o mesmo ou não? Aguardo um retorno de todos e gostaria das opiniões do @Anthony_2770 e @Formmj.
upvoted 2 times
...
OnyxxOr
4 years ago
The reasoning is the local system account access. With a custom user account you have finer control over permissions and can use the GPO to deny login locally
upvoted 4 times
...
AVP_Riga
4 years, 2 months ago
B. No.
upvoted 4 times
...
Thalex
4 years, 4 months ago
Why is this a No? Do I have to keep the service1 account?
upvoted 1 times
AVP_Riga
4 years, 2 months ago
It must be turned off "Allow service to interact with desktop check box"
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel