Your network contains an Active Directory domain named contoso.com. The domain contains 1,000 client computers that run Windows 10.
A security audit reveals that the network recently experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed Active Directory objects restricted to the members of the Domain Admins group.
You need to minimize the impact of another successful Pass-the-Hash attack on the domain.
What should you recommend?
A . Move the computer accounts of the domain controllers to a new organizational unit (OU). Remove the permissions to the new OU from the Domain Admins group.
B . Configure the Domain Admins groups as a restricted group.
C . Remove all the members from the Domain Admins group, and then remove the Domain Admins group from all other groups.
D . Instruct all administrators to use a restricted Remote Desktop connection when they sign in to a client computer
Answer: B
Explanation:
References:
https://download.microsoft.com/download/7/7/a/77abc5bd-8320-41af-863c-6ecfb10cb4b9/mitigating% 20pass-the-hash%20(pth)%20attacks%20and%20other%20credential%20theft%20techniques_english.pdf
Leave a Reply