Exam4Training

Does this meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that runs Windows 10.

A service named Application1 is configured as shown in the exhibit.

You discover that a user used the Service1 account to sign in to Computer1 and deleted some files.

You need to ensure that the identity used by Application1 cannot be used by a user to sign in to sign in to the desktop on Computer1. The solution must use the principle of least privilege.

Solution: On Computer1, you assign Service1 the Deny log on as a service user right.

Does this meet the goal?
A . Yes
B . No

Answer: B

Explanation:

A service account needs the log on as a service user right. When you assign an account to be used by a service, that account is granted the log on as a service user right. Therefore, assigning Service1 the deny log on as a service user right would mean the service would not function.

To sign in to the desktop on the computer, an account needs the log on locally right which all user accounts have by default. To meet the requirements of this question, we need to assign Service1 the deny log on locally user right, not the deny log on as a service user right.

References: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-as-a­service

Latest MD-100 Dumps Valid Version with 272 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version