Securing Windows Server 2016 — Question 141

Your network contains an Active Directory forest named Corp. The forest functional level is Windows Server 2016.
You deploy a new forest named Priv and set the forest functional level to Windows Server 2016.
You need to implement Privileged Access Management (PAM).
What should you do next?

Answer options

• A. Install Microsoft Identity Manager (MIM) on a server in the Priv forest.
• B. Install Microsoft Identity Manager (MIM) in the Corp forest.
• C. Create shadow accounts in the Priv forest.
• D. Create shadow accounts in the Corp forest.

Correct answer: C

Explanation

The correct answer is C, as shadow accounts must be created in the Priv forest to facilitate Privileged Access Management (PAM) within that specific environment. Options A and B do not directly address the requirement for PAM in the Priv forest, and option D contradicts the need to implement PAM in the new forest.