ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 5 question 3 discussion

Actual exam question from Microsoft's MD-100
Question #: 3
Topic #: 5
[All MD-100 Questions]

HOTSPOT -
Your network contains an Active Directory domain named adatum.com. The domain contains two computers named Computer1 and Computer2 that run Windows
10.
The domain contains the user accounts shown in the following table.

Computer2 contains the local groups shown in the following table.

The relevant user rights assignments for Computer2 are shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -
User1 is an administrator and has the Allow log on through Remote Desktop Services.

Box 2: No -
User2 is a member of Group2 which has the Deny log on through Remote Desktop Services.

Box 3: Yes -
User3 is a member of the administrators group and has the Allow log on through Remote Desktop Services.
Note: Deny permissions take precedence over Allow permissions. If a user belongs to two groups, and one of them has a specific permission set to Deny, that user is not able to perform tasks that require that permission even if they belong to a group that has that permission set to Allow.
Reference:
https://docs.microsoft.com/en-us/azure/devops/organizations/security/about-permissions?view=azure-devops&tabs=preview-page%2Ccurrent-page
by Anthony_2770 at Nov. 25, 2020, 2:12 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Anthony_2770
Highly Voted 4 years, 6 months ago
Answer is Correct but the explanation for part3 is poor. It is possible for a user to establish a Remote Desktop Services connection to a particular server but not be able to log on to the console of that same server. The same should apply to win 10.
upvoted 19 times
...
AnoniMouse
Highly Voted 3 years, 12 months ago
Answer should be YES, NO, NO. The last NO is because Users3 is part of Group3 which has DENY LOGON LOCALLY
upvoted 10 times
vanr2000
3 years, 9 months ago
You're not log in locally, you're tryint to log in remotely using RDS. So the answer is yes
upvoted 11 times
mikl
3 years, 5 months ago
Agree!
upvoted 2 times
...
...
...
Amir1909
Most Recent 1 year, 4 months ago
Correct
upvoted 1 times
...
raduM
2 years, 11 months ago
yes no yes user 3 has deny logon localy but he can connect over the network.
upvoted 1 times
...
BAbdalla
3 years, 8 months ago
The answer is correct, but the explanation for User3 is wrong. User3 is not a member of the Administrators Group. User3 is a member of Group1 and Group3, and Group1 is a member of the Remote Desktop Users group. The Remote Desktop Users Group, as well as the Administrators Group, have the Allow log on through Remote Desktop Services policy. Group3 has the Deny log on policy locally assigned. This way, user3 cannot log in locally to computer2, but user3 has the privilege to log in remotely to computer2.
upvoted 3 times
...
Junhhhch
3 years, 11 months ago
Answer : Yes No No. I want to share what I found about part 3 only as you are sure for part 1,2 Potential impact If you assign the Deny log on through Remote Desktop Services user right to other groups, you could limit the abilities of users who are assigned to specific administrative roles in your environment. Accounts that have this user right cannot connect to the device through Remote Desktop Services or Remote Assistance. You should confirm that delegated tasks are not negatively affected. https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-through-remote-desktop-services
upvoted 3 times
Junhhhch
3 years, 11 months ago
Sorry, Answer : Yes No Yes you need "Deny logon through Remote Desktop Services" to deny the user 3 to access through remote service but it is deny logon locally.
upvoted 10 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel