SY0-701 Question #704: Real Exam Question with Answer & Explanation

The correct answer is A: GPO. GPO (Group Policy Object) is correct because it allows administrators to push configuration changes - including disabling legacy protocols like SMBv1 - across all domain-joined Windows machines simultaneously from a central location, making it the most efficient remediation metho

Submitted by suresh_in· Mar 6, 2026Threats, vulnerabilities, and mitigations

Question

A penetration test identifies that an SMBv1 is enabled on multiple servers across an organization. The organization wants to remediate this vulnerability in the most efficient way possible. Which of the following should the organization use for this purpose?

Options

AGPO
BACL
CSFTP
DDLP

Explanation

GPO (Group Policy Object) is correct because it allows administrators to push configuration changes - including disabling legacy protocols like SMBv1 - across all domain-joined Windows machines simultaneously from a central location, making it the most efficient remediation method at scale.

ACL (Access Control List) controls permissions and access to resources, but cannot disable or configure network protocols across systems. SFTP (SSH File Transfer Protocol) is a secure file transfer method - completely unrelated to protocol configuration management. DLP (Data Loss Prevention) focuses on detecting and preventing unauthorized data exfiltration, not system configuration enforcement.

Memory tip: Think "GPO = Group Push Out" - whenever a question asks how to efficiently enforce a configuration change across many machines in a Windows domain environment, GPO is almost always the answer.

Topics

#Vulnerability Remediation#Group Policy#Configuration Management#SMBv1

Community Discussion

No community discussion yet for this question.

Full SY0-701 Practice Browse All SY0-701 Questions