Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Exam AZ-300 topic 4 question 19 discussion

Actual exam question from Microsoft's AZ-300
Question #: 19
Topic #: 4
[All AZ-300 Questions]

You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
You need to enable two-step verification for Azure users.
What should you do?

  • A. Create an Azure AD conditional access policy.
  • B. Configure a playbook in Azure Security Center.
  • C. Enable Azure AD Privileged Identity Management.
  • D. Install an MFA Server.
Show Suggested Answer Hide Answer
Suggested Answer: A ūüó≥ÔłŹ


Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Highly Voted 2 years, 12 months ago
A. is Correct according to the https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
upvoted 12 times
2 years, 8 months ago
A is ok
upvoted 2 times
Highly Voted 2 years, 10 months ago
Given answer is correct
upvoted 5 times
Most Recent 2 years, 4 months ago
given answer is correct. Azure AD Multi-Factor Authentication is deployed by enforcing policies with Conditional Access. A Conditional Access policy can require users to perform multi-factor authentication when certain criteria are met such as: All users, a specific user, member of a group, or assigned role Specific cloud application being accessed Device platform State of device Network location or geo-located IP address Client applications Sign-in risk (Requires Identity Protection) Compliant device Hybrid Azure AD joined device Approved client application
upvoted 1 times
2 years, 10 months ago
Could be C as well. It depends how one interprets "two-step-verification". As with PIM you would be able to setup a process where e.g. a manager needs to manually acknowledge an elevated access. Sure answer A is standing for reason... but this question is quite vague IMHO
upvoted 1 times
2 years, 10 months ago
nope. It is 'A'
upvoted 1 times
2 years, 10 months ago
PIM would is based on AAD Roles and Resources while CA policy includes all application. "A" is the only answer here.
upvoted 2 times
2 years, 9 months ago
PIM is for "Privileged Identities" not for normal users.
upvoted 1 times
2 years, 11 months ago
this could be an old question as MFA server was previously available but prior to july 2019. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
upvoted 1 times
2 years, 11 months ago
Enable Multi-Factor Authentication with Conditional Access Conditional Access policies enforce registration, requiring unregistered users to complete registration at first sign-in, an important security consideration.
upvoted 1 times
Community vote distribution
A (35%)
C (25%)
B (20%)
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Loading ...