ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 34 discussion

Actual exam question from Microsoft's MS-102
Question #: 34
Topic #: 1
[All MS-102 Questions]

HOTSPOT -
You have a Microsoft 365 E5 subscription.
You need to implement identity protection. The solution must meet the following requirements:
Identify when a user's credentials are compromised and shared on the dark web.
Provide users that have compromised credentials with the ability to self-remediate.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by RAG at Aug. 11, 2023, 11:49 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RAG
Highly Voted 2 years ago
Looks correct - https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa
upvoted 19 times
certma2023
1 year, 12 months ago
The second one is obviously correct. Require password change is the MS recommendation for a compromised account (user with a high risk or high sign-in risk). For the first one the question is unclear. To identity a user with compromised credentials we would go the the "Risky Users" blade. But if the question is about configuring a rule that apply an action on account with credentials shared on the dark Web (or the regular Web like GitHub repos), we would create either a conditional access policy (new way with only an Azure AD P1 license) or either a risk user policy inside the Azure AD Identity Protection blade (legacy way that require an Azure AD P2 license). Therefore the second one should be correct too, assuming that the question about configuring a rule that apply a specific action to compromised account (MS also say "leaked credentials" is some documentations).
upvoted 6 times
NrdAlrt
1 year, 9 months ago
Thanks for sharing new way!
upvoted 1 times
...
amurp35
1 year, 11 months ago
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-risk-user?source=recommendations "admins with P2 can create CA policies incorporating Identity Protection risk policies" also references p2 required to utilize user risk in CA policies: https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa
upvoted 1 times
...
Nandokun01
1 year, 11 months ago
Correct (as expected :) ) but since I dont see the CA policy option as an answer they must be looking for the old risk policy option to set these up. I didnt realize the P1 vs P2 difference until you mentioned it so thanks!
upvoted 3 times
...
...
...
60ed5c2
Highly Voted 1 year, 9 months ago
I know the answer is correct. I am looking at the user risk policy setting that says "allow access" with a check box for require password change. And my vent means nothing - but I have to say it. How stupid is it that if a user's credentials are compromised and shared on the dark web you think requiring a password change is a good idea? Couldn't the person that has the credentials execute the password change and still have access because they know what they changed the password to? Wouldn't it make more sense to require multi factor authentication? More sense in a practical sense - not in a what do I have to answer in order to pass the exam sense. I hate these exams.
upvoted 8 times
...
feaf0a7
Most Recent 1 month ago
Q34 User risk policy Require password change User risk represents the probability that a given identity or account is compromised. Leaked credentials - dark web https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks#leaked-credentials Sign-in risk represents the probability that a given authentication request (session) wasn't made by the identity owner. Example - Activity from anonymous IP address. A secure password change using self-service password reset is the only way to self-remediate user risk, regardless of the risk level. A successful multifactor authentication is the only way to self-remediate the sign-in risk, regardless of the risk level. https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-risk-policies
upvoted 1 times
...
digats
10 months, 1 week ago
correct: Just in User risc you have the option to change the password https://learn.microsoft.com/de-de/entra/id-protection/concept-identity-protection-policies
upvoted 1 times
...
Tomtom11
1 year, 1 month ago
https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks User risk detections might flag a legitimate user account as at risk, when a potential threat actor gains access to an account by compromising their credentials or when they detect some type of anomalous user activity. Sign-in risk detections represent the probability that a given authentication request isn't the authorized owner of the account. Having the ability to identify risk at the user and sign-in level is critical for customers to be empowered to secure their tenant.
upvoted 1 times
...
Tomtom11
1 year, 5 months ago
https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks
upvoted 1 times
...
Tomtom11
1 year, 5 months ago
Multifactor authentication registration policy Makes sure users are registered for Microsoft Entra multifactor authentication. If a sign-in risk policy prompts for MFA, the user must already be registered for Microsoft Entra multifactor authentication. User risk policy Identifies and automates response to user accounts that might have compromised credentials. Can prompt the user to create a new password.
upvoted 1 times
...
benpatto
1 year, 8 months ago
Surely second means SSPR? As far as I'm aware, you require 2FA for this right? So realistically MFA and Password change are both viable options but I guess pw change is needed 1st
upvoted 1 times
...
365cm
1 year, 8 months ago
Yes, answer is correct. "user-risk policy" User risk is related to the probability that a given identity or account is compromised. It can be triggered by various factors such as leaked credentials
upvoted 1 times
...
daye
1 year, 8 months ago
Correct https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-policies#user-risk-based-conditional-access-policy
upvoted 2 times
...
Tatinho
1 year, 9 months ago
@60ed5c2 - Totally agree with you. Have you already taken the exam? If you have, do you think the questions from here are in fact useful on the real exam?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel