Configuring Windows Server Hybrid Advanced Services - Exam AZ-801 | Microsoft

Windows Defender Firewall Rules for Managing Server2

Q: Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains two servers named Server1 and Server2 that run WindowsServer.You need to ensure that you can use the Computer Management console to manage Server2. The solution must use the principle of least privilege.Which two Windows Defender Firewall with Advanced Security rules should you enable on Server2? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.

the COM+ Network Access (DCOM-In) ruleall the rules in the Remote Event Log Management group

Prev Question Next Question

Question

Your network contains an Active Directory Domain Services (AD DS) domain. The domain contains two servers named Server1 and Server2 that run Windows

Server.

You need to ensure that you can use the Computer Management console to manage Server2. The solution must use the principle of least privilege.

Which two Windows Defender Firewall with Advanced Security rules should you enable on Server2? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answers

A. the COM+ Network Access (DCOM-In) rule

B. all the rules in the Remote Event Log Management group

C. the Windows Management Instrumentation (WMI-In) rule

D. the COM+ Remote Administration (DCOM-In) rule

E. the Windows Management Instrumentation (DCOM-In) rule

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

https://docs.microsoft.com/en-us/windows-server/administration/server-manager/configure-remote-management-in-server-manager

To enable the Computer Management console to manage Server2 while adhering to the principle of least privilege, we need to enable specific Windows Defender Firewall with Advanced Security rules on Server2. The Computer Management console uses Distributed Component Object Model (DCOM) and Windows Management Instrumentation (WMI) to manage remote servers.

Out of the five rules provided as options, we need to select two rules that are required to allow remote management while following the principle of least privilege.

A. the COM+ Network Access (DCOM-In) rule: This rule allows incoming network traffic using DCOM protocol to COM+ applications. It is not required to manage Server2 remotely using the Computer Management console. Therefore, this rule is not required.

B. all the rules in the Remote Event Log Management group: This option is incorrect because it includes all the rules in the Remote Event Log Management group, which might allow more access than needed, violating the principle of least privilege.

C. the Windows Management Instrumentation (WMI-In) rule: This rule allows incoming network traffic for WMI. It is required to manage Server2 remotely using the Computer Management console.

D. the COM+ Remote Administration (DCOM-In) rule: This rule allows incoming network traffic using DCOM protocol to remote COM+ applications. It is not required to manage Server2 remotely using the Computer Management console. Therefore, this rule is not required.

E. the Windows Management Instrumentation (DCOM-In) rule: This rule allows incoming network traffic using DCOM protocol to WMI. It is required to manage Server2 remotely using the Computer Management console.

Therefore, the correct answers are C. the Windows Management Instrumentation (WMI-In) rule and E. the Windows Management Instrumentation (DCOM-In) rule.

Prev Question Next Question