ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MD-100 All Questions

View all questions & answers for the MD-100 exam
Go to Exam

Exam MD-100 topic 1 question 5 discussion

Actual exam question from Microsoft's MD-100
Question #: 5
Topic #: 1
[All MD-100 Questions]

You have a computer named Computer1 that runs Windows 10.
You deploy an application named Application1 to Computer1.
You need to assign credentials to Application1.
You need to meet the following requirements:
✑ Ensure that the credentials for Application1 cannot be used by any user to log on to Computer1.
✑ Ensure that the principle of least privilege is maintained.
What should you do?

  • A. Configure Application1 to sign in as the Local System account and select the Allow service to interact with desktop check box.
  • B. Create a user account for Application1 and assign that user account the Deny log on locally user right
  • C. Create a user account for Application1 and assign that user account the Deny log on as a service user right
  • D. Configure Application1 to sign in as the Local Service account and select the Allow service to interact with desktop check box.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mikl at Oct. 4, 2021, 7:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Buruguduystunstugudunstuy
2 years, 3 months ago
Selected Answer: B
Assigning the Service1 account the Deny log-on locally user right would prevent any user from logging on to the computer using that account. This would meet the requirement of ensuring that the credentials for Application1 cannot be used by any user to log on to Computer1. Additionally, by creating a separate user account for Application1 and assigning that account the necessary permissions, you are maintaining the principle of least privilege. Answer B is the correct answer.
upvoted 2 times
Buruguduystunstugudunstuy
2 years, 3 months ago
Answer A is incorrect because configuring Application1 to sign in as the Local System account would give it too much privilege and potentially allow it to perform actions that it doesn't need to perform. Answer C is incorrect because denying the log-on as a service user right would prevent the Service1 account from starting any service on the computer, including Application1. Answer D is incorrect because configuring Application1 to sign in as the Local Service account would also give it too much privilege and potentially allow it to perform actions that it doesn't need to perform.
upvoted 2 times
...
...
azevedowba
3 years, 3 months ago
Selected Answer: B
Correct
upvoted 2 times
...
PiPe
3 years, 5 months ago
Selected Answer: B
Correct
upvoted 2 times
...
mikl
3 years, 6 months ago
Selected Answer: B
B. Create a user account for Application1 and assign that user account the Deny log on locally user right
upvoted 2 times
...
sa73and
3 years, 6 months ago
pota, pota and pota
upvoted 2 times
...
mikl
3 years, 7 months ago
B. Create a user account for Application1 and assign that user account the Deny log on locally user right
upvoted 2 times
...
Moderator
3 years, 8 months ago
Correct answer.
upvoted 3 times
...
mikl
3 years, 8 months ago
Correct! :)
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel