Exam AZ-304 topic 2 question 8 discussion

Correct

Right ans. Sync identity denotes Pass thru authentication or Pass hash sync. Federated idemtity denotes ADFS and in ADFS, authentication happens at on-prem DCs.

Does anyone understand this part? It said "Employees are required to use different accounts. ", But "you must recommend a solution that lets employees sign in to all company resources by using a single account." This is confusing. "Employees are required to use different accounts when using on-premises or cloud resources. You must recommend a solution that lets employees sign in to all company resources by using a single account. "

We can figure out given that following 4 points are hiccups of AZ AD domain service :- 1.This is a stand-alone managed domain. It is not an extension of Litware's on-premises domain. 2.Litware's IT administrator does not need to manage, patch or monitor this domain or any domain controllers for this managed domain. 3.There is no need to manage AD replication to this domain. User accounts, group memberships and credentials from Litware's on-premises directory are synchronized to Azure AD via Azure AD Connect. These are automatically available within this managed domain. 4. Since the domain is managed by Azure AD Domain Services, Litware's IT administrator does not have Domain Administrator or Enterprise Administrator privileges on this domain. Aware what kind of on-premise tasks there. Thence , answers are correct.

answer is correct

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-hybrid-identity-design-considerations-identity-adoption-strategy#:~:text=Synchronized%3A%20these%20are%20identities%20that,is%20called%20a%20password%20hash. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/media/plan-hybrid-identity-design-considerations/integration-scenarios.png Synchronized: these are identities that exist on-premises and in the cloud. Using Azure AD Connect, these users are either created or joined with existing Azure AD accounts. The user’s password hash is synchronized from the on-premises environment to the cloud in what is called a password hash. When using synchronized the one caveat is that if a user is disabled in the on-premises environment, it can take up to three hours for that account status to show up in Azure AD. This is due to the synchronization time interval. Federated: these identities exist both on-premises and in the cloud. Using Azure AD Connect, these users are either created or joined with existing Azure AD accounts. Answer is correct

correct as provided

Box1: User management occurs on-premises. Azure AD authenticates employees by using on-premises passwords. Box 2: User management occurs on-premises. The on-promises domain controller authenticates employee credentials.

for Sych , Pass through authentication as well the authentication will be done in on premises AD...hence the authentication is done via on premises domain controller? bit confised about the answer here

given answer is correct.