Securing Windows Server 2016 — Question 178

Your network contains an Active Directory forest named contoso.com. The forest functional level is Windows Server 2012. All servers run Windows Server 2016.
You create a new bastion forest named admin.contoso.com. The forest functional level of admin.contoso.com is Windows Server 2012 R2.
You need to implement a Privileged Access Management (PAM) solution.
Which two actions should you perform? Each correct answer presents part of the solution.

Answer options

• A. Raise the forest functional level of admin.contoso.com.
• B. Deploy Microsoft Identify Management (MIM) 2016 to admin.contoso.com.
• C. Configure contoso.com to trust admin.contoso.com.
• D. Deploy Microsoft Identity Management (MIM) 2016 to contoso.com.
• E. Raise the forest functional level of contoso.com.
• F. Configure admin.contoso.com to trust contoso.com.

Correct answer: B, C

Explanation

The correct answers are B and C because deploying Microsoft Identity Management (MIM) 2016 to the bastion forest admin.contoso.com is necessary for PAM implementation. Additionally, configuring a trust from contoso.com to admin.contoso.com allows for the necessary permissions and access control. The other options either pertain to actions that are not required or involve forests that do not need to be altered for this specific solution.