ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 2 question 5 discussion

Actual exam question from Microsoft's MD-100
Question #: 5
Topic #: 2
[All MD-100 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer named Computer1 that runs Windows 10.
A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.
You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.
Solution: On Computer1, you assign Service1 the Deny log on locally user right.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
By using the Service1 account as the identity used by Application1, we are applying the principle of least privilege as required in this question.
However, the Service1 account could be used by a user to sign in to the desktop on the computer. To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. Therefore, we can prevent this by assigning Service1 the deny log on locally user right.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally
by Sn3k at Nov. 10, 2020, 2:10 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AVP_Riga
Highly Voted 4 years, 2 months ago
A. Yes.
upvoted 11 times
...
jcgm1990
Most Recent 2 years, 11 months ago
Selected Answer: A
Answer is A
upvoted 1 times
...
Tommo
3 years, 3 months ago
Selected Answer: A
A. Yes.
upvoted 1 times
...
mikl
3 years, 8 months ago
Deny log on locally is the only proper way to make sure the user account doesn't get used the wrong way.
upvoted 3 times
...
CARIOCA
3 years, 9 months ago
This question 5 is the same as question 6 with different answers. What would be the final answer and the justification?
upvoted 1 times
xian05
3 years, 4 months ago
Next question says: Deny log on as a service user right. Whilst this answer states: Deny log on locally user right.
upvoted 2 times
...
...
CARIOCA
3 years, 12 months ago
Essa questão ficou muito dividida no gabarito, afinal qual seria a resposta e qual a justificativa? Após um debate de 6 comentários, o gabarito é o mesmo ou não?
upvoted 1 times
...
Davidchercm
4 years ago
is the answer correct ?
upvoted 1 times
...
Sn3k
4 years, 7 months ago
" to sign in to sign in "
upvoted 2 times
Anthony_2770
4 years, 6 months ago
What does this mean.
upvoted 2 times
R03l4nd
4 years, 6 months ago
He pointed out a double sentence in the question... don't you read questions Anthony?
upvoted 2 times
Anthony_2770
4 years, 6 months ago
I do and I see what he meant but it is a very mute point and why bother commenting about it anyway.
upvoted 17 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel