Securing Windows Server 2016 — Question 108

Your network contains an Active Directory forest named contoso.com. The forest contains three domains. All domain controllers run Windows Server 2016.
You deploy a second Active Directory forest named admin.contoso.com. The forest contains a domain member server named Server1. Server1 has Microsoft
Identity Manager (MIM) 2016 deployed.
You need to implement Privileged Access Management (PAM) and to use admin.contoso.com as an administrative forest.
Which two actions should you perform? Each correct answer presents part of the solution.

Answer options

• A. From Server1, run the New-PAMTrust cmdlet.
• B. From a domain controller in contoso.com, run the New-PAMDomainConfiguration cmdlet.
• C. From a domain controller in admin.contoso.com, run the New-PAMTrust cmdlet.
• D. From a domain controller in contoso.com, run the New-PAMTrust cmdlet.
• E. From a domain controller in admin.contoso.com, run the New-PAMDomainConfiguration cmdlet.
• F. From Server1, run the New- PAMDomainConfiguration cmdlet.

Correct answer: A, F

Explanation

The correct actions to implement PAM involve running the New-PAMTrust cmdlet from Server1 to establish trust relationships and the New-PAMDomainConfiguration cmdlet from Server1 to configure the domain for PAM. The other options either involve incorrect locations for running the cmdlets or do not contribute directly to setting up PAM.