ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-120 All Questions

View all questions & answers for the AZ-120 exam
Go to Exam

Exam AZ-120 topic 3 question 14 discussion

Actual exam question from Microsoft's AZ-120
Question #: 14
Topic #: 3
[All AZ-120 Questions]

HOTSPOT -
Your on-premises network contains SAP and non-SAP applications.
You have JAVA-based SAP systems that use SPNEGO for single-sign on (SSO) authentication.
Your external portal uses multi-factor authentication (MFA) to authenticate users.
You plan to extend the on-premises authentication features to Azure and to migrate the SAP applications to Azure.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
Need AD FS for MFA. See box 3.
Note: Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords. This feature is an alternative to Azure AD Password Hash Synchronization (see Box 2).

Box 2: Yes -
Password hash synchronization is one of the sign-in methods used to accomplish hybrid identity. Azure AD Connect synchronizes a hash, of the hash, of a users password from an on-premises Active Directory instance to a cloud-based Azure AD instance.
Password hash synchronization is an extension to the directory synchronization feature implemented by Azure AD Connect sync. You can use this feature to sign in to Azure AD services like Office 365. You sign in to the service by using the same password you use to sign in to your on-premises Active Directory instance.

Box 3: Yes -
If your organization is federated with Azure AD, you can use Azure Multi-Factor Authentication to secure AD FS resources, both on-premises and in the cloud.
Azure MFA enables you to eliminate passwords and provide a more secure way to authenticate.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-and-azure-mfa
by Sourabh1703 at June 25, 2020, 9 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pkum
Highly Voted 3 years, 11 months ago
Last answer appears correct, Yes. The ask is AD FS for on-prem. Refer: https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs#microsoft-and-third-party-additional-authentication-methods
upvoted 10 times
...
khadar
Highly Voted 3 years, 10 months ago
No,Yes,Yes. On premise ADFS can be used to enable MFA.
upvoted 9 times
...
ashishsureka
Most Recent 2 years, 8 months ago
Yes, Yes, Yes
upvoted 2 times
...
Azure1971
3 years, 1 month ago
The answer is NO,YES,YES https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
upvoted 3 times
...
Kaiju
3 years, 2 months ago
the first question is tricky : if by "pass through authentication can be used to enable MFA" they mean, can be used by itself, without additional components, than the answer is NO. PTA by itself does not support MFA. If the question is of enablement - Conditional Access capabilities, including Azure AD Multi-Factor Authentication, work with Pass-through Authentication => PTA does not preclude MFA, but it requires additional components, so one might argue, a YES - PTA can be used for MFA. I think I'm splitting hairs here; if I am to chose the answer to the question I think they meant to ask, the answer is NO - PTA by itself cannot be used to enable MFA. the other answers are YES, YES
upvoted 3 times
...
NarenderSingh
3 years, 4 months ago
Yes Yes Yes
upvoted 3 times
gills
3 years, 3 months ago
That is not correct. Pass Thru Authentication is to allow for authentication to happen on-prem domain controllers. That is all it does. It does not enable MFA. It is about deciding where the authentication needs to happen.
upvoted 3 times
...
...
bhushanag
3 years, 4 months ago
Pass through Authentication is for keeping your password on-premises and using the same password for SSO, it does not enable MFA. However, with MFA we avoid passwords for sign-in. So ans is No, Yes & YES
upvoted 7 times
...
Bhagirathi
3 years, 5 months ago
all 3 YES- possible
upvoted 6 times
gills
3 years, 3 months ago
That is not correct. Pass Thru Authentication is to allow for authentication to happen on-prem domain controllers. That is all it does. It does not enable MFA.
upvoted 3 times
...
...
imadedakir
3 years, 5 months ago
Y,Y,Y MFA is a features of Azure AD, as long as you are authenticated in Azure AD (PHS, PTA or ADFS) you can apply the MFA using conditional access to users
upvoted 3 times
...
MukeshKhamparia
3 years, 9 months ago
All 3 Yes- Reference - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta Check the Video in the link..
upvoted 3 times
...
Kapsy
3 years, 9 months ago
Ans - Yes, Yes, Yes. Azure Active Directory (Azure AD) Pass-through Authentication protects user accounts by working seamlessly with Azure AD Conditional Access policies, including Multi-Factor Authentication (MFA). So the answer to question 1 is 'Yes'. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta
upvoted 6 times
pk_etcom
3 years, 9 months ago
‘by working seamlessly with’ means it (AD Pass-through) itself does not do, but takes help of other service (AD Conditional access policy such as MFA). So thinking on this thought of line answer to Q1 would be ‘No’. What’s your thoughts?
upvoted 6 times
...
...
Sonu1890
3 years, 10 months ago
No Yes Yes Sign-in features not natively supported by Azure AD: Sign-in using smartcards or certificates. Sign-in using on-premises MFA Server. Sign-in using third-party authentication solution. Multi-site on-premises authentication solution.
upvoted 4 times
...
AS007
3 years, 10 months ago
Yes Yes No https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
upvoted 1 times
gills
3 years, 3 months ago
That is not correct. Pass Thru Authentication is to allow for authentication to happen on-prem domain controllers. That is all it does. It does not enable MFA.
upvoted 2 times
...
...
Sourabh1703
3 years, 11 months ago
C is No, it says ADFS not Azure ADFS
upvoted 1 times
ITDog99
11 months, 2 weeks ago
Azure ADFS is also ADFS okay? u are a human u are also a man
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel