The question is about preventing a VMConnect user from taking over another user's VMConnect session. - "Turn on enhanced session mode on Hyper-V host."
Prevent a VMConnect user from taking over another user's VMConnect session
Turn on enhanced session mode on Hyper-V host.
Not having enhanced session mode turned on may pose a security and privacy risk. If a user is connected and logged on to a virtual machine through VMConnect and another authorized user connects to the same virtual machine, the session will be taken over by the second user and the first user will lose the session. The second user will be able to view the first user's desktop, documents, and applications.
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-more/hyper-v-virtual-machine-connect
https://www.examtopics.com/discussions/microsoft/view/75608-exam-az-800-topic-10-question-2-discussion/
When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP can't use the signed-in credentials.
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-more/hyper-v-virtual-machine-connect
Prevent a VMConnect user from taking over another user's VMConnect session Turn on enhanced session mode on Hyper-V host.
Not having enhanced session mode turned on may pose a security and privacy risk. If a user is connected and logged on to a virtual machine through VMConnect and another authorized user connects to the same virtual machine, the session will be taken over by the second user and the first user will lose the session. The second user will be able to view the first user's desktop, documents, and applications.
Answer is D
The best solution to meet the technical requirement for VM2 is to enable Enhanced Session Mode. Enhanced Session Mode allows the user to redirect local devices and resources, including credentials, from the client to the virtual machine.
Current Problems -
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
Now add them together. = Enhanced Mode = D
When Windows Defender Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault, which are not protected by Windows Defender Credential Guard with any of these protocols. It is recommended that valuable credentials, such as the sign-in credentials, are not to be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases.
When Windows Defender Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials.
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-how-it-works
No. dont read the Tech requirements in isolation. Remember the:
Current Problems -
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
Now add them together. = Enhanced Mode = D
Answer is D. Tested in the environment, after enable the "Shielding" on the image, you cannot see the login screen in HyperV Virtual Machine connections. You need to enable "Enhanced-session-mode" and then you can see the login screen.
it's not D. ESM is for enhanced Rdp functionality to a hyperv guest.
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/enhanced-session-mode
I AM WRONG. THE ANSWER IS C! SORRY!
"Prevent a VMConnect user from taking over another user's VMConnect session, Turn on enhanced session mode on Hyper-V host." as per:
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/learn-more/hyper-v-virtual-machine-connect
Question relates to passwords. Credential Guard is more fitting than enhanced session mode.
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-how-it-works
http://www.hypervrockstar.com/tag/enhanced-session-mode/
no. Read the scenario. the question is about preventing a VMConnect user from taking over another user's VMConnect session. Turn on enhanced session mode on Hyper-V host."
upvoted 4 times
...
...
This section is not available anymore. Please use the main Exam Page.AZ-800 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
bastien95
Highly Voted 2 years, 3 months agorimvydukas
Highly Voted 2 years, 1 month agoJoedn
Most Recent 5 months, 1 week agoKuikz
7 months agoMR_Eliot
1 year, 1 month agooro_blu
1 year, 4 months agosyu31svc
1 year, 7 months agoempee1977
1 year, 9 months agoSJHCI
2 years, 3 months ago[Removed]
2 years, 3 months agovalgaw
2 years, 4 months agoAnonymousJhb
2 years, 3 months agoHKEX388
2 years, 4 months agoAnonymousJhb
2 years, 4 months agoAnonymousJhb
2 years, 4 months agoAnonymousJhb
2 years, 4 months agoTheUltimateHac
2 years, 5 months agoRJM
2 years, 5 months agoAnonymousJhb
2 years, 4 months ago