Designing and Implementing a Server Infrastructure — Question 35

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
A company has a line-of-business application named App1 that runs on an internal IIS server. App1 uses a SQL Server 2008 database that is hosted on the same server. You move the database to a dedicated SQL Server named SQL1. Users report that they can no longer access the application by using their domain credentials.
You need to ensure that users can access App1.
Solution: You configure Kerberos-constrained delegation and then run the following command from an administrative command prompt: setspn -a http/App1 <domain>\<app_service>
Does this meet the goal?

Answer options

• A. Yes
• B. No

Correct answer: B

Explanation

The solution does not meet the goal because while configuring Kerberos-constrained delegation is a step in the right direction, simply adding the service principal name (SPN) for App1 does not address potential issues such as the need for the SQL Server to also be configured for delegation. Additionally, if the application or SQL Server are not properly set up for Kerberos authentication, user access will still be denied.