Your network contains a single-domain Active Directory forest named contoso. com. The forest functional level is Windows Server 2016. The forest has Dynamic Access Control enabled. The domain contains two domain controllers named DC1 and DC2. Privileged user accounts used to manage Active Directory reside in a group named ContosoAD_Admins.
You create an authentication policy named Policy1 and an authentication policy silo named Silo1.
You need to ensure that the accounts in the ContosoAD_Admins group can sign in to the domain controllers only.
Which three configurations should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Create an access control condition in Policy1.
B. Create a managed service account and add the account to Permitted Accounts in Silo1.
C. Add the domain controllers to the ContosoAD_Admins group.
D. Add the privileged user accounts and the domain controllers to Permitted Accounts in Silo1.
E. Assign Silo1 to the privileged user accounts and the domain controllers.
right
Can anyone confirm this answer?