nerdexam
Exams70-467Questions#87
Microsoft

70-467 · Question #87

70-467 Question #87: Real Exam Question with Answer & Explanation

The correct answer is A: Implement Kerberos delegation.. When SSRS must access a back-end data source on behalf of an authenticated Windows user, Kerberos constrained delegation is required to forward credentials across the double-hop.

Question

You need to ensure that managers can successfully run reports. What should you do?

Options

  • AImplement Kerberos delegation.
  • BConfigure the SSRS data sources to store Windows credentials.
  • CImplement forms-based authentication.
  • DConfigure the CustomData property in the connection strings.

Explanation

When SSRS must access a back-end data source on behalf of an authenticated Windows user, Kerberos constrained delegation is required to forward credentials across the double-hop.

Common mistakes.

  • B. Storing Windows credentials in the data source would use a fixed service account rather than the individual manager's identity, which undermines per-user security and would not resolve a delegation failure.
  • C. Forms-based authentication replaces Windows authentication entirely and does not resolve the Kerberos double-hop problem for back-end data source access.
  • D. The CustomData property passes an extra string token to a data source for row-level security filtering; it does not address authentication delegation failures.

Concept tested. Kerberos constrained delegation for SSRS double-hop

Reference. https://learn.microsoft.com/en-us/sql/reporting-services/report-server/configure-windows-authentication-on-the-report-server

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 70-467 Practice