Exam AZ-301 topic 2 question 22 discussion

Actual exam question from Microsoft's AZ-301

Question #: 22
Topic #: 2

HOTSPOT -
You manage a network that includes an on-premises Active Directory Domain Services domain and an Azure Active Directory (Azure AD).
Employees are required to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all company resources by using a single account. The solution must implement an identity provider.
You need provide guidance on the different identity providers.
How should you describe each identity provider? To answer, select the appropriate description from each list in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer

Suggested Answer:

Box1: User management occurs on-premises. Azure AD authenticates employees by using on-premises passwords.
Azure AD Domain Services for hybrid organizations
Organizations with a hybrid IT infrastructure consume a mix of cloud resources and on-premises resources. Such organizations synchronize identity information from their on-premises directory to their Azure AD tenant. As hybrid organizations look to migrate more of their on-premises applications to the cloud, especially legacy directory-aware applications, Azure AD Domain Services can be useful to them.
Example: Litware Corporation has deployed Azure AD Connect, to synchronize identity information from their on-premises directory to their Azure AD tenant. The identity information that is synchronized includes user accounts, their credential hashes for authentication (password hash sync) and group memberships.

User accounts, group memberships, and credentials from Litware's on-premises directory are synchronized to Azure AD via Azure AD Connect. These user accounts, group memberships, and credentials are automatically available within the managed domain.
Box 2: User management occurs on-premises. The on-promises domain controller authenticates employee credentials.
You can federate your on-premises environment with Azure AD and use this federation for authentication and authorization. This sign-in method ensures that all user authentication occurs on-premises.

References:
https://docs.microsoft.com/en-us/azure/active-directory-domain-services/active-directory-ds-overview https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

by [deleted] at April 22, 2020, 5:20 p.m.

Comments

Submit Cancel

WynterTsai

Highly Voted 4 years, 12 months ago

ans correct Three identity model:  Cloud identity- user management/authenticate both occurs on cloud  Synchronized identity- user management on premise while authenticates occurs on cloud  Federated identity- user management and authenticate both occurs on premise

upvoted 26 times

asdfgh1234567

4 years, 11 months ago

Unless they've configured PTA.

upvoted 2 times

...

gsbence

Highly Voted 5 years ago

The first one in not clearly specified because it can be either PTA or PHS. PTA: the on-premises DC authenticates through an agent PHS: Azure AD authenticates using the same creds as on-prem

upvoted 9 times

...

glam

Most Recent 4 years, 4 months ago

Box1: User management occurs on-premises. Azure AD authenticates employees by using on-premises passwords. Box 2: User management occurs on-premises. The on-promises domain controller authenticates employee credentials.

upvoted 3 times

...

[Removed]

4 years, 10 months ago

I'd say this question is outdated. If we look at the change log of Azure AD Connect "Pass-through Authentication" came in later (was in preview on Dec. 2016). https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-version-history#113700

upvoted 2 times