Your network contains two single-domain Active Directory forests named contoso.com and contosoadmin.com.
Contosoadmin.com contains all of the user accounts used to manage the servers in contoso.com.You need to recommend a workstation solution that provides the highest level of protection from vulnerabilities
and attacks.
What should you include in the recommendation?
A.
Provide a Privileged Access Workstation (PAW) for each administrator. Join each PAW to the
contosoadmin.com domain.
B.
Provide a Privileged Access Workstation (PAW) for each user in the contoso.com forest. Join each PAW to
the contoso.com domain.
C.
Provide a Privileged Access Workstation (PAW) for each administrator. Join each PAW to the contoso.com
domain.
D.
Provide a Privileged Access Workstation (PAW) for each user account in both forests. Join each PAW to
the contoso.com domain.
Explanation:
https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privilegedaccess-reference-material
Strange, I thought PAW’s needed a separate OU in the Production domain NOT in the administrative domain to prevent compromisation of the administrative domain?
Am I missing something?
also the examref book never states that the PAW’s need to be joined to the administrative domain
aparently correct, but ref link doesn’t work, correct: https://docs.microsoft.com/en-us/windows-server/identity/securing-privileged-access/securing-privileged-access-reference-material