ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 2 discussion

Actual exam question from Microsoft's MS-500
Question #: 2
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings:
✑ Source Anchor: objectGUID
✑ Password Hash Synchronization: Disabled
✑ Password writeback: Disabled
✑ Directory extension attribute sync: Disabled
✑ Azure AD app and attribute filtering: Disabled
✑ Exchange hybrid deployment: Disabled

User writeback: Disabled -

You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection.
Solution: You modify the Azure AD app and attribute filtering settings.
Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by AmerSerhan at April 22, 2020, 1:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AmerSerhan
Highly Voted 5 years, 2 months ago
If your organization uses a hybrid identity solution with pass-through authentication or federation, then you should enable password hash sync for the following two reasons: The Users with leaked credentials report in the Azure AD management warns you of username and password pairs, which have been exposed on the "dark web." An incredible volume of passwords is leaked via phishing, malware, and password reuse on third-party sites that are later breached. Microsoft finds many of these leaked credentials and will tell you, in this report, if they match credentials in your organization – but only if you enable password hash sync!
upvoted 35 times
...
doublekill
Highly Voted 4 years, 4 months ago
The answer is NO, sourceanchor attribute is used to identify the objects. This is that MS says: "The sourceAnchor attribute is defined as an attribute immutable during the lifetime of an object. It uniquely identifies an object as being the same object on-premises and in Azure AD. The attribute is also called immutableId and the two names are used interchangeable." https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts#:~:text=%20To%20switch%20from%20objectGUID%20to%20ConsistencyGuid%20as,of%20the%20ms-DS-ConsistencyGuid%20attribute%20in%20your...%20More%20
upvoted 8 times
...
Jonclark
Most Recent 2 years, 4 months ago
Selected Answer: B
B is correct. App and attribute filtering in Azure AD connect lets you control which objects will sync from your on-premises Active Directory to your new Azure Active Directory. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering This does not meet the requirement. The correct solution is to enable password hash sync. Leaked credential detection is done by trying a list of known-exposed credentials against your users' password hashes to discover one being used in your directory. It's done in Azure, so unless you sync password hashes into Azure AD, the service has nothing to check against. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#password-hash-synchronization
upvoted 2 times
...
uchii
2 years, 4 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
sami0712
2 years, 6 months ago
B is correct
upvoted 1 times
...
mohamed_Saed
2 years, 8 months ago
Selected Answer: B
B is correct!
upvoted 1 times
...
Eltooth
2 years, 11 months ago
Selected Answer: B
B is correct answer.
upvoted 1 times
...
arska
3 years, 2 months ago
Selected Answer: B
No, since at least Password Hash Synchronization is required.
upvoted 1 times
...
Ferrix
3 years, 3 months ago
Selected Answer: B
corret
upvoted 1 times
...
mkoprivnj
3 years, 7 months ago
Selected Answer: B
https://docs.microsoft.com/en-us/answers/questions/391883/why-leaked-credentials-is-supported-only-in-azure.html
upvoted 1 times
...
MikeMatt2020
3 years, 10 months ago
Password Hash Sync is REQUIRED. Straight from Microsoft documentation: "Risk detections like leaked credentials require the presence of password hashes for detection to occur" https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#common-questions
upvoted 6 times
...
rkapoor8855
4 years, 5 months ago
The answer is NO
upvoted 2 times
...
svm_Terran
4 years, 6 months ago
given asnwer is correct.
upvoted 2 times
kiketxu
4 years, 4 months ago
The answer is NO
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel