Securing Windows Server 2016 — Question 97

Your network contains an Active Directory Domain named contoso.com. The domain contains 10 servers that run Windows Server 2016 and 800 client computers that run Windows 10.
You need to configure the domain to meet the following requirements:
✑ Users must be locked out from their computer if they enter an incorrect password twice.
✑ Users must only be able to unlock a locked account by using a one-time password that is sent to their mobile phone.
You deploy all the components of Microsoft Identity Manager (MIM) 2016.
Which three actions should you perform before you deploy the MIM add-ins and extensions? Each correct answer presents part of the solution.

Answer options

• A. Deploy a Multi-Factor Authentication provider and copy the required certificates to the MIM server.
• B. From a Group Policy object (GPO), configure Public Key Policies.
• C. From the MIM Portal, configure the Owner Approval Workflow.
• D. Deploy a Multi-Factor Authentication provider and copy the required certificates to the client computers.
• E. From the MIM Portal, configure the Password Reset AuthN Workflow.
• F. From a Group Policy object (GPO), configure Security Settings.

Correct answer: A, E, F

Explanation

The correct answers A, E, and F are necessary steps to ensure proper security measures and functionality for user account management and password reset. Option A is crucial for enabling multi-factor authentication on the MIM server, option E is required to configure the password reset workflow, and option F ensures that security settings are appropriately established via GPO. Options B, C, and D do not directly address the requirements outlined in the question.