ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam
Go to Exam

Exam 70-742 topic 1 question 256 discussion

Actual exam question from Microsoft's 70-742
Question #: 256
Topic #: 1
[All 70-742 Questions]

HOTSPOT -
Your network contains an Active Directory domain named adatum.com. The domain uses Active Directory Federation Services (AD FS). AD FS has a relying party trust named RP1 to a claims-aware application named App1. The domain contains the users shown in the following table.

The network contains the network segments shown in the following table.

The following access control policy is assigned to RP1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
References:
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs
by panda at Dec. 9, 2019, 1:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Timock
Highly Voted 5 years ago
Access Control Policy - RP1 1st Rule - Devices connected to Network1 and part of Group2 are permitted. Devices connected to Network1 and in Group1 are NOT permitted. 2nd Rule - Devices connected to Network2 and part of Group1 are permitted. 3rd Rule - Devices connected to the Extranet are permitted IF their authentication includes MFA (Multi-Factor Authentication). Statements 1.) User1's device is connected to Network2 and User1 is part of Group1 only - 2nd Rule applies here and the answer is Yes 2.) User2's device is connected to Network1 and User2 is part of Groups1 and 2. 1st Rule applies here and User2 is blocked and the answer is No. Even though User2 is part of both groups .... a deny always trumps allowed when speaking about access/firewall rules. 3.) User3's device is connected to Network1 and is part of Group2 only - 1st rule applies here and the answer is Yes
upvoted 12 times
...
V1980
Most Recent 4 years, 5 months ago
I don't see where else it says that user3 has accessed the app using MFA in any way....
upvoted 1 times
...
panda
5 years, 6 months ago
I think example answer is correct. The base is as follow. About (*1)(*4), nobody offers a counterargument. With (*3) I suppose that User2 is permitted to access to Network1. However, with (*2) that User2 is rejected to access to Newtork1. In case of permit and reject, reject is prior to permit. (*1)User1 Group1 Network1× Network2〇 Option1 >> Yes (*2)User2 Group1 Network1× Network2〇 Option2 >> No (*3)User2 Group2 Network1〇 (*4)User3 Group2 Network1〇 Option3 >> Yes
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel