Your network contains an Active Directory domain named contoso.com. The domain contains five servers. All servers run Windows Server 2016.
A new security policy states that you must modify the infrastructure to meet the following requirements:
* Limit the nghts of administrators.
* Minimize the attack surface of the forest
* Support Multi-Factor authentication for administrators.
You need to recommend a solution that meets the new security policy requirements.
What should you recommend deploying?
A . an administrative forest
B . domain isolation
C . an administrative domain in contoso.com
D . the Local Administrator Password Solution (LAPS)
Answer: A
Explanation:
References:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material#ESAE_BM