Securing Windows Server 2016 — Question 60

Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.
A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active
Directory objects restricted to the members of the Domain Admins group.
You need to minimize the impact of another successful Pass-the-Hash attack on the domain.
What should you recommend?

Answer options

• A. Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
• B. Configure the Domain Admins groups as a restricted group.
• C. Remove all the members from the Domain Admins group, and then remove the Domain Admins group from all other groups.
• D. Instruct all administrators to use a restricted Remote Desktop connection when they sign in to a client computer

Correct answer: B

Explanation

The correct answer is B because configuring the Domain Admins group as a restricted group helps limit the number of users who can access sensitive resources, thereby reducing the risk of unauthorized access through a Pass-the-Hash attack. Options A and C are ineffective as they don't address the underlying permissions issue, while D does not directly mitigate the risk associated with the attack vector.