ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam
Go to Exam

Exam 70-742 topic 1 question 35 discussion

Actual exam question from Microsoft's 70-742
Question #: 35
Topic #: 1
[All 70-742 Questions]

Your network contains a single-domain Active Directory forest named contoso.com. The forest functional level is Windows Server 2016. The forest has Dynamic
Access Control enabled. The domain contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named Contoso\AD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the Contoso\AD_Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. Create an access control condition in Policy1.
  • B. Create a managed service account and add the account to Permitted Accounts in Silo1.
  • C. Add the domain controllers to the Contoso\AD_Admins group.
  • D. Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1.
  • E. Assign Silo1 to the privileged user accounts and the domain controllers.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
by TMW at Sept. 13, 2019, 7:08 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TMW
Highly Voted 5 years, 9 months ago
An "Authentication Policy Silo" This is NOT in the official exam reference. Like TLSA records on the 70-741, I bet it will be on the exam. If you have not heard of this yet, get yourself a cup of Jo, it is a good read. https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/authentication-policies-and-authentication-policy-silos
upvoted 12 times
Yebubbleman
4 years, 5 months ago
Both Exam Ref 70-741 and Exam Ref 70-742 suffer from not containing enough information on these topics. Though, to be fair, Exam Ref 70-741 is much worse in this regard.
upvoted 3 times
...
...
[Removed]
Highly Voted 4 years, 9 months ago
got this q
upvoted 5 times
...
bdlm
Most Recent 4 years, 5 months ago
This appears to be correct as far as I can tell. Starting at step 4, You get an idea of what this looks like. https://azurecloudai.blog/2019/12/09/protect-administrative-accounts-with-authentication-policies-and-silos/
upvoted 1 times
...
Dlam
4 years, 5 months ago
On exam
upvoted 1 times
...
lofzee
4 years, 5 months ago
right.
upvoted 1 times
...
CISCO_CCNP
4 years, 9 months ago
I am taking exam next monday
upvoted 4 times
...
coleman
5 years, 6 months ago
right.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel