VMware Workspace ONE Advanced (VCAP-DTM Design) — Question 50
An architect is designing Active Directory (AD) permissions for a Horizon environment that will use pre-existing computer accounts. The AD Security Team has restrictions about the use of service accounts.
What two sets of minimum permission are needed to delegate to an AD service account? (Choose two.)
Answer options
- A. Create Computer Objects, Delete Computer Objects
- B. List Contents, Read All Properties
- C. Read Permissions, Reset Password
- D. Write Permissions, Change Password
Correct answer: B, C
Explanation
The correct answers, B and C, are necessary because 'List Contents' and 'Read All Properties' allow the service account to view and access the relevant data while 'Read Permissions' and 'Reset Password' enable the account to manage user access. Options A and D involve creating or altering objects, which are not required for the service account's role in this scenario.