PrepAway - Latest Free Exam Questions & Answers

You need to ensure that the security token of User1 has…

The Job Title attribute for a domain user named User1 has a value of Sales Manager.
User1 runs whoami /claims and receives the following output

Kerberos support for Dynamic Access Control on this device has been disabled.
You need to ensure that the security token of User1 has a claim for Job Title. What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
From Windows PowerShell, run the New-ADClaimTransformPolicy cmdlet and specify the -Name
parameter

B.
From Active Directory Users and Computers, modify the properties of the User1 account.

C.
From Active Directory Administrative Center, add a claim type.

D.
From a Group Policy object (GPO), configure KDC support for claims, compound authentication, and
Kerberos armoring.

Explanation:
From the output, obviously, a claim type is missing (or disabled) so that the domain controller is not issuing
tickets with the “Job Title” claim type.

One Comment on “You need to ensure that the security token of User1 has…

  1. leonnl says:

    there are 2 outputs here.

    1. Kerberos support for Dynamic Access Control on this device has been disabled.

    2. a screenshot of a single claim for the proprty of Country,

    depending on the output, the answer is different;

    if you get; Kerberos support for Dynamic Access Control on this device has been disabled.

    then you need to enable kerberos armoring through GPO (so Answer D)

    If you get the screenshot with 1 claim; add the job title to the user (answer B). Although, this does imply that an actual claim has been made for Job Title




    3



    0

Leave a Reply