Securing Windows Server 2016 — Question 83

Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers run Windows Server 2016.
A new security policy states that you must modify the infrastructure to meet the following requirements:
✑ Limit the rights of administrators.
✑ Minimize the attack surface of the forest.
✑ Support Multi-Factor authentication for administrators.
You need to recommend a solution that meets the new security policy requirements.
What should you recommend deploying?

Answer options

• A. an administrative forest
• B. domain isolation
• C. an administrative domain in contoso.com
• D. the Local Administrator Password Solution (LAPS)

Correct answer: A

Explanation

The correct answer is 'an administrative forest' because it allows for the separation of administrative tasks and enhances security by limiting admin rights and minimizing the attack surface. The other options do not adequately address all specified requirements; for example, domain isolation focuses on network segmentation rather than administrative rights and authentication.