Securing Windows Server 2016 — Question 189

Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.
A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active
Directory objects restricted to the members of the Domain Admins group.
You need to minimize the impact of another successful Pass-the-Hash attack on the domain.
What should you recommend?

Answer options

• A. Instruct all users to sign in to a client computer by using a Microsoft account.
• B. Move the computer accounts of all the client computers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
• C. Instruct all administrators to use a local Administrators account when they sign in to a client computer.
• D. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.

Correct answer: C

Explanation

The correct answer is C because using a local Administrators account limits the exposure of domain credentials and reduces the risk of Pass-the-Hash attacks. Options A and B do not effectively address the issue of credential security, while option D focuses on domain controllers rather than the client computers where the attack originated.