ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 3 discussion

Actual exam question from Microsoft's MS-500
Question #: 3
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled
✑ User writeback: Disabled
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Password Hash Synchronization settings.
Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by m2L at Jan. 16, 2020, 4:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KeepingITreal
Highly Voted 5 years, 2 months ago
Leaked credentials detection in Azure AD Identity Protection requires Password Hash Sync enabled in Azure AD Connect
upvoted 37 times
...
m2L
Highly Voted 5 years, 5 months ago
https://www.microsoft.com/security/blog/2019/05/30/demystifying-password-hash-sync/
upvoted 9 times
...
Jonclark
Most Recent 2 years, 4 months ago
Selected Answer: A
Answer is correct: Enabling PHS will meet the requirement. Leaked credential detection is done by trying a list of known-exposed credentials against your users' password hashes to discover one being used in your directory. It's done in Azure, so unless you sync password hashes into Azure AD, the service has nothing to check against. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#password-hash-synchronization
upvoted 1 times
...
hb0011
2 years, 5 months ago
Why are so many people saying Yes? It clearly says hash sync is disabled! Answer is a resounding NO!
upvoted 1 times
hb0011
2 years, 5 months ago
My bad. Needed to read the solution. Carry on. It's YES.
upvoted 1 times
...
...
NarenKA
2 years, 10 months ago
A is correct answer. Password Hash Sync needs to be enabled in Azure AD Connect
upvoted 1 times
...
Eltooth
2 years, 11 months ago
Selected Answer: A
A is correct answer.
upvoted 1 times
...
arska
3 years, 2 months ago
Selected Answer: A
Yes, since the use of leaked credentials detection need Password Hash Sync.
upvoted 1 times
...
mkoprivnj
3 years, 7 months ago
Selected Answer: A
Leaked credentials detection in Azure AD Identity Protection requires Password Hash Sync enabled in Azure AD Connect
upvoted 2 times
...
kobura7
3 years, 7 months ago
Which answer is correct, A or B?
upvoted 1 times
...
Chris_Rock
3 years, 9 months ago
Given answer is correct. YES PHS is needed
upvoted 2 times
...
[Removed]
3 years, 10 months ago
the answer is A. Yes. It is explained in this article, as previously mentioned by m2L. https://www.microsoft.com/security/blog/2019/05/30/demystifying-password-hash-sync/
upvoted 3 times
...
PrimeAltariz
4 years, 1 month ago
The answer is correct, so that it can be validated if the credential is compromised, it must be in Azure AD, in this environment it is achieved with the password has sync: https://docs.microsoft.com/en-us/azure / security / fundamentals / steps-secure-identity # protect-against-leaked-credentials-and-add-resilience-against-outages
upvoted 2 times
...
kiketxu
4 years, 4 months ago
NO (....but only if you enable password hash sync or have cloud-only identities!) https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity
upvoted 1 times
kiketxu
4 years, 3 months ago
You need to ENABLE not modify settings....
upvoted 2 times
bingomutant
4 years, 3 months ago
agree - modify does not necessarily mean Enable...
upvoted 1 times
prats005
4 years, 2 months ago
what else could it mean?
upvoted 2 times
chaoscreater
4 years ago
I guess people are now taking a strict englisn exam rather than an IT exam
upvoted 5 times
...
...
llama321
4 years, 1 month ago
It has either enable or disable. Now its in disable state and modify mean enable. What else it could be? half enable?
upvoted 5 times
...
...
...
...
kmsrajan
4 years, 4 months ago
Answer is no because Leaked credential detection need Password Hash sync enabled
upvoted 2 times
...
doublekill
4 years, 4 months ago
The answer is NO
upvoted 1 times
...
AshTac
4 years, 4 months ago
You would need to enable PHS for that..
upvoted 1 times
...
shanti0091
4 years, 5 months ago
The answer is No, Correct.
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel