Your network contains an Active Directory domain named contoso.com. The domain contains 1,000
client computers that run Windows 10. A security audit reveals that the network recently
experienced a Pass-the-Hash attack. The attack was initiated from a client computer and accessed
Active Directory objects restricted to the members of the Domain Admins group. You need to
minimize the impact of another successful Pass-the-Hash attack on the domain. What should you
recommend?
A.
Instruct all users to sign in to a client computer by using a Microsoft account.
B.
Move the computer accounts of all the client computers to a new organizational unit (OU).
Remove the permissions to the new OU from the Domain Admins group.
C.
Instruct all administrators to use a local Administrators account when they sign in to a client computer.
D.
Move the computer accounts of the domain controllers to a new organizational unit (OU).
Remove the permissions to the new OU from the Domain Admins group.