Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Microsoft Discussions

Exam AZ-300 topic 4 question 19 discussion

Actual exam question from Microsoft's AZ-300
Question #: 19
Topic #: 4
[All AZ-300 Questions]

You are the global administrator for an Azure Active Directory (Azure AD) tenant named adatum.com.
You need to enable two-step verification for Azure users.
What should you do?

  • A. Create an Azure AD conditional access policy.
  • B. Configure a playbook in Azure Security Center.
  • C. Enable Azure AD Privileged Identity Management.
  • D. Install an MFA Server.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
by capibar at May 30, 2020, 9:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
capibar
Highly Voted 3 years, 6 months ago
A. is Correct according to the https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
upvoted 12 times
photon99
1 month, 1 week ago
What is difference between MFA and Conditiona Access?
upvoted 1 times
...
tartar
3 years, 2 months ago
A is ok
upvoted 2 times
...
...
gboyega
Highly Voted 3 years, 4 months ago
Given answer is correct
upvoted 5 times
...
azurecert2021
Most Recent 2 years, 10 months ago
given answer is correct. Azure AD Multi-Factor Authentication is deployed by enforcing policies with Conditional Access. A Conditional Access policy can require users to perform multi-factor authentication when certain criteria are met such as: All users, a specific user, member of a group, or assigned role Specific cloud application being accessed Device platform State of device Network location or geo-located IP address Client applications Sign-in risk (Requires Identity Protection) Compliant device Hybrid Azure AD joined device Approved client application
upvoted 1 times
...
[Removed]
3 years, 4 months ago
Could be C as well. It depends how one interprets "two-step-verification". As with PIM you would be able to setup a process where e.g. a manager needs to manually acknowledge an elevated access. Sure answer A is standing for reason... but this question is quite vague IMHO
upvoted 1 times
maheshwary
3 years, 4 months ago
nope. It is 'A'
upvoted 1 times
...
Oluwaseyi
3 years, 4 months ago
PIM would is based on AAD Roles and Resources while CA policy includes all application. "A" is the only answer here.
upvoted 2 times
...
arseyam
3 years, 3 months ago
PIM is for "Privileged Identities" not for normal users.
upvoted 1 times
...
...
azureexaminer
3 years, 5 months ago
this could be an old question as MFA server was previously available but prior to july 2019. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
upvoted 1 times
...
kondapaturi
3 years, 6 months ago
Enable Multi-Factor Authentication with Conditional Access Conditional Access policies enforce registration, requiring unregistered users to complete registration at first sign-in, an important security consideration.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel