You have a Microsoft 365 E5 tenant that contains 100 Windows 10 devices.
You plan to deploy a Windows 10 Security Baseline profile that will protect secrets stored in memory.
What should you configure in the profile?
You have a Microsoft 365 E5 tenant that contains 100 Windows 10 devices.
You plan to deploy a Windows 10 Security Baseline profile that will protect secrets stored in memory.
What should you configure in the profile?
To protect secrets stored in memory on Windows 10 devices, Microsoft Defender Credential Guard should be configured. This feature uses virtualization-based security to isolate and protect sensitive data such as NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications. By isolating these secrets, only privileged system software can access them, thus preventing credential theft attacks like Pass-the-Hash and Pass-The-Ticket.
Agreed Introduced in Windows 10 Enterprise and Windows Server 2016, Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard
came in exam 27.07.2021
Agreed, A is the correct answer.
still valid, it was in my exam last feb 5, 2022 but the choices are reshuffled
Came in exam 22.09.2021
As usual, Thanks for the heads up!
A. Microsoft Defender Credential Guard, Correct.