ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 64 discussion

Actual exam question from Microsoft's SC-300
Question #: 64
Topic #: 4
[All SC-300 Questions]

Your on-premises network contains an Active Directory Domain Services (AD DS) domain and a certification authority (CA) named CA1.

You have an Azure AD tenant.

You need to implement certificate-based authentication in Azure AD. The solution must ensure that users can sign in by using certificates issued by CA1. What should you do first?

  • A. Deploy an Azure key vault.
  • B. Add CA1 as a Certificate Authority to the Microsoft Entra ID tenant.
  • C. Enable auto-enrollment for CA1.
  • D. Deploy Windows Hello for Business.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by cpaljchc4 at Jan. 26, 2024, 2:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Obi_Wan_Jacoby
2 months, 1 week ago
Selected Answer: B
Answer is: B. Add CA1 as a Certificate Authority to the Microsoft Entra ID tenant. Answer C comes later in the process.
upvoted 1 times
...
Panama469
1 year ago
Selected Answer: B
Yes that's the first step in Azure Portal... Entra ID... Security... Certificate Authorities.
upvoted 1 times
...
Sozo
1 year, 5 months ago
Selected Answer: B
This is the first step to configure and use certificate-based authentication in Azure AD. You need to upload the root certificate and the certificate revocation list (CRL) of CA1 to Azure AD and specify the CRL distribution point. This allows Azure AD to validate the certificates issued by CA1 and check their revocation status.
upvoted 2 times
...
cpaljchc4
1 year, 5 months ago
Selected Answer: B
I think answer is correct Ref: https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-certificate-based-authentication Prerequisites Make sure that the following prerequisites are in place: Configure at least one certification authority (CA) and any intermediate CAs in Microsoft Entra ID. The user must have access to a user certificate (issued from a trusted Public Key Infrastructure configured on the tenant) intended for client authentication to authenticate against Microsoft Entra ID. Each CA should have a certificate revocation list (CRL) that can be referenced from internet-facing URLs. If the trusted CA doesn't have a CRL configured, Microsoft Entra ID won't perform any CRL checking, revocation of user certificates won't work, and authentication won't be blocked.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel