ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 5 question 5 discussion

Actual exam question from Microsoft's MD-100
Question #: 5
Topic #: 5
[All MD-100 Questions]

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

Username and password -

Use the following login credentials as needed:
To enter your password, place your cursor in the Enter password box and click on the password below.

Username: Contoso/Administrator -
Password: Passw0rd!
The following information is for technical support purposes only:

Lab Instance: 10921597 -

You need to create a user account named User5 on Client2. The solution must meet the following requirements:
✑ Prevent User5 from changing the password of the account.
✑ Ensure that User5 can perform backups.
✑ Use the principle of least privilege.
To complete this task, sign in to the required computer or computers.

Show Suggested Answer Hide Answer
Suggested Answer: See explanation below.
1. On Client2, press the Win + X keys on your keyboard. Then, click or tap the Computer Management option from the menu.
2. Expand the Local Users and Groups from the left side of the window, and select Users.
3. Right-click somewhere on the blank space found in the middle section of the window, and click or tap on New User. This opens the New User window, where you can enter all the details about the new user account.
4. Type the user name and, optionally, its full name and description.
5. Type the password to be used for that user and confirm it.
6. Select the User cannot change password check box.
7. Click Create and Windows immediately creates the user account. When you are done creating user accounts, click Close in the New User window.
1. Press the Win + R keys to open Run, type secpol.msc into Run, and click/tap on OK to open Local Security Policy.
2. Expand open Local Policies in the left pane of Local Security Policy, click/tap on User Rights Assignment, and double click/tap on the Back up files and directories policy in the right pane.
3. Click/tap on the Add User or Group button.
4. Click/tap on the Object Types button.
5. Check all the boxes for Object types, and click/tap on the OK.
6. Click/tap on the Advanced button.
7. Click/tap on the Find Now button, select the name of the user or group
8. Click/tap on OK.
9. Click/tap on OK.
10.When finished, you can close Local Users and Groups.
Reference:
https://www.digitalcitizen.life/geeks-way-creating-user-accounts-and-groups https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment
by jeroenj33 at Nov. 23, 2020, 11:59 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AnoniMouse
Highly Voted 4 years, 1 month ago
If a user needs to perform a backup, the user needs to be part of [BACKUP OPERATORS] group. Period! You either reinvent the wheel by doing it manually using SECPOL and complicate stuff or simply make the user part of this group, because at the end, you will end up giving this user the same rights that the backup operators have! Ensure that User5 can perform backups This also includes CAN PERFORM RESTORE.
upvoted 16 times
...
dlast
Most Recent 2 years, 3 months ago
The question is user5 needs to be able to make back-ups with least privileges. I agree with the suggested answer.
upvoted 1 times
...
Barrybobslee_111
2 years, 10 months ago
Just create the user and add it to the Backup Operators group.
upvoted 3 times
...
veteran_tech
2 years, 12 months ago
The provided answer is correct. Backup Operators permits both backup and restore, which exceeds minimum privilege. In a secure environment, you have a separation of duties: one group backs up, another group restores.
upvoted 1 times
...
Natsumiko
3 years, 3 months ago
In my opinion the suggested answer is correct. Through secpol you can user that User5 can only create backups. Backup Operators are also able to shut down a system by default which is something that you might not want happening and goes against the least privilege principle.
upvoted 2 times
...
Anthony_2770
4 years, 7 months ago
In some cases, however, you might want a user to have a particular right but not have all the other rights of the group, hence when using the principle of least privilege assign the relevant user the particular user rights rather than group membership
upvoted 3 times
redadz
4 years, 6 months ago
it will be horrible and unmanageable if we do that in large environment. The best way is to work with Security Groups and assign permissions or delegations to these groups. Adding users to the specific group will make this a lot easier. In this Case Backup Operators are nothing but a Sec. Group which has the permission to backup files using Security Policy.
upvoted 1 times
vanr2000
3 years, 11 months ago
With Microsoft questions, if you overthink, you lose.
upvoted 1 times
...
Anthony_2770
4 years, 6 months ago
You have to answer this specific question though as it stands.
upvoted 1 times
...
Balena
4 years, 5 months ago
No. The Backup Operators group has also the restore right. You only must give the user backup rights. Nobody said how big the org is.
upvoted 1 times
BAbdalla
3 years, 10 months ago
You are wrong man... Backup Operators have permission to back up and restore files and directories: https://www.backup4all.com/what-are-backup-operators-kb.html
upvoted 1 times
...
...
...
MR_Eliot
3 years, 7 months ago
what is the point of making backups when you cant restore it!?
upvoted 1 times
RodrigoT
3 years, 5 months ago
Maybe he is not the guy authorized to perform restores. Maybe he is just the night guy that runs backups. Least privilege.
upvoted 1 times
...
...
...
jeroenj33
4 years, 7 months ago
why not adding the user to the group (Backup Operators)? still Using the principle of least privilege
upvoted 3 times
markservices
4 years, 3 months ago
Yea you are right, but i think the catch is that User 5 may only have this permissions, and not the group "Backup Operators"...
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel