ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 38 discussion

Actual exam question from Microsoft's MS-100
Question #: 38
Topic #: 4
[All MS-100 Questions]

Your network contains an on-premises Active Directory domain.
You have a Microsoft 365 subscription.
You implement a directory synchronization solution that uses pass-through authentication.
You configure Microsoft Azure Active Directory (Azure AD) smart lockout as shown in the following exhibit.

You discover that Active Directory users can use the passwords in the custom banned passwords list.
You need to ensure that banned passwords are effective for all users.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From a domain controller, install the Azure AD Password Protection Proxy.
  • B. From a domain controller, install the Microsoft AAD Application Proxy connector.
  • C. From Custom banned passwords, modify the Enforce custom list setting.
  • D. From Password protection for Windows Server Active Directory, modify the Mode setting.
  • E. From all the domain controllers, install the Azure AD Password Protection DC Agent.
  • F. From Active Directory, modify the Default Domain Policy.
Show Suggested Answer Hide Answer
Suggested Answer: ADE 🗳️
Azure AD password protection is a feature that enhances password policies in an organization. On-premises deployment of password protection uses both the global and custom banned-password lists that are stored in Azure AD. It does the same checks on-premises as Azure AD does for cloud-based changes. These checks are performed during password changes and password reset scenarios.
You need to install the Azure AD Password Protection Proxy on a domain controller and install the Azure AD Password Protection DC Agent on all domain controllers. When the proxy and agent are installed and configured, Azure AD password protection will work.
In the exhibit, the password protection is configured in Audit mode. This is used for testing. To enforce the configured policy, you need to set the password protection setting to Enforced.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises
by PumbaMunich at Aug. 18, 2019, 11:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Goofer
Highly Voted 5 years, 3 months ago
The answers are: ADE
upvoted 28 times
thuba_TD
2 years, 6 months ago
"DEA got that dope!"
upvoted 5 times
Y2
2 years, 6 months ago
all that hippidy hop won't help in this exam
upvoted 6 times
...
...
...
PumbaMunich
Highly Voted 5 years, 8 months ago
The right answer should include D and exclude C. There was no request of adding any password to the banned list, but rather to make sure that those existing in the banned list do not get used. Therefore the list should be enforced, making one of the right actions D rather than C.
upvoted 24 times
charat
2 years, 11 months ago
I'm afraid that's incorrect. ADE are correct. The setting for banned list is already enforced according to the screenshot
upvoted 2 times
...
...
Amir1909
Most Recent 1 year, 3 months ago
A, D and E is correct
upvoted 1 times
...
One111
2 years, 4 months ago
You can't collocate proxy and protection agent on the same machine. At least not n DC will not have password protection agent and will allow to setup passwords not aligned with policy.
upvoted 1 times
...
One111
2 years, 4 months ago
Proxy on DC... 🤦‍♂️
upvoted 1 times
...
Cheekypoo
2 years, 9 months ago
Was in my exam today 05/08/22.
upvoted 1 times
...
Stiobhan
2 years, 11 months ago
Defo A&D, just not sure E is neccessary! But there you go!
upvoted 1 times
...
charat
2 years, 11 months ago
On exam 05/22/22. Great question!
upvoted 3 times
...
joergsi
3 years, 3 months ago
Of Topic Question to the other user, have you tried the following, copy the text of a question in google, and you will find out that there are several other providers in the internet with exactly the same question and answer combinations. Based on this, my suspicion was, that every "provider" is using the same source. If you check out the watermark of the image, you will see, that the source is Prepaway :)!
upvoted 1 times
...
jjong
3 years, 7 months ago
in exam today
upvoted 4 times
...
Ash473
3 years, 9 months ago
In exam today
upvoted 3 times
Mbewu
3 years, 9 months ago
how was it?
upvoted 1 times
...
...
mkoprivnj
4 years, 4 months ago
ADE is correct!
upvoted 3 times
...
Alvaroll
4 years, 7 months ago
3-14 https://www.examtopics.com/exams/microsoft/ms-100/view/19/
upvoted 2 times
...
STFN2019
4 years, 9 months ago
ade it is
upvoted 3 times
...
JaBe
4 years, 10 months ago
A D E although the AD Password Protection Proxy is installed on a member server, not a DC (see diagram in answer link).
upvoted 9 times
[Removed]
3 years, 8 months ago
I agree, MS even recommends at least 2 Proxies per forest on member servers, not on a DC "because it would need internet connectivity and that may be a security concern".
upvoted 3 times
...
...
shark1
4 years, 10 months ago
A, D, E This is duplicated question.
upvoted 7 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago