ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-301 All Questions

View all questions & answers for the AZ-301 exam
Go to Exam

Exam AZ-301 topic 2 question 20 discussion

Actual exam question from Microsoft's AZ-301
Question #: 20
Topic #: 2
[All AZ-301 Questions]

You manage a single-domain, on-premises Active Directory forest named contoso.com. The forest functional level is Windows Server 2016.
You have several on-premises applications that depend on Active Directory.
You plan to migrate the applications to Azure.
You need to recommend an identity solution for the applications. The solution must meet the following requirements:
✑ Eliminate the need for hybrid network connectivity.
✑ Minimize management overhead for Active Directory.
What should you recommend?

  • A. In Azure, deploy an additional child domain to the contoso.com forest.
  • B. In Azure, deploy additional domain controllers for the contoso.com domain.
  • C. Implement a new Active Directory forest in Azure.
  • D. Implement Azure Active Directory Domain Services (Azure AD DS).
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Shankar at Sept. 3, 2019, 10:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MadLad84
Highly Voted 5 years, 7 months ago
the question states "Eliminate the need for hybrid network connectivity" To deploy Additional domain controllers in Azure would require Hybrid network connectivity to maintain replication. AzureAD DS will allow Synced users from on prem AD to authenticate to applications, ADDConnect does not require Hybrid network, This makes me believe D is the answer
upvoted 79 times
SaurabhAzure
5 years, 4 months ago
I agree D is the right answer
upvoted 6 times
...
Rajuuu
5 years, 2 months ago
I concur ..D is correct
upvoted 5 times
...
booboo2shoes
4 years, 9 months ago
Yup. Table 2 from the following talks about TCP ports 80 and 443. https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports
upvoted 1 times
...
yaiba
4 years, 3 months ago
agree. plus it says minimize mgmt overheads
upvoted 1 times
...
...
Ekramy_Elnaggar
Highly Voted 5 years, 5 months ago
Correct answer is D
upvoted 20 times
...
j888
Most Recent 4 years, 3 months ago
I think B is correct, as soon as you involved the Azure AD DS it is hybrid.
upvoted 2 times
...
azurecert2021
4 years, 4 months ago
Option D AD DS is correct answer as it can work cloud only so no hybrid connectivity required and minimizes the management overhead as well which is not possible with option B as for this option the IT team must manage the VMs, then secure, patch, monitor, backup, and troubleshoot them. IT administrators often use one of the following solutions to provide an identity service to applications that run in Azure: Azure AD DS offers alternatives to the need to create VPN connections back to an on-premises AD DS environment or run and manage VMs in Azure to provide identity services. As a managed service, Azure AD DS reduces the complexity to create an integrated identity solution for both hybrid and cloud-only environments.
upvoted 3 times
...
glam
4 years, 4 months ago
D. Implement Azure Active Directory Domain Services (Azure AD DS).
upvoted 3 times
...
Junooni
4 years, 5 months ago
B is correct, as the question says 'Minimize management overhead for Active Directory'. Introduction of ADDS will add into it.
upvoted 1 times
...
sanketshah
4 years, 6 months ago
D is correct
upvoted 2 times
...
AakashNeedsEmAll
4 years, 6 months ago
D is correct. https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview
upvoted 1 times
AakashNeedsEmAll
4 years, 6 months ago
This link as well https://docs.microsoft.com/en-us/azure/active-directory-domain-services/scenarios#azure-ad-ds-for-cloud-only-organizations
upvoted 1 times
...
...
Merio
4 years, 9 months ago
B since dont know this -> Make sure that the application doesn't need to modify/write to the directory. LDAP write access to a managed domain isn't supported.
upvoted 1 times
...
Chartar
4 years, 9 months ago
D is correct domain controllers on the cloud will need hybrid connectivity of some sort to synch with in Prem domain controllers,
upvoted 3 times
...
Rooh
4 years, 9 months ago
Looks to be D
upvoted 2 times
...
bobby2
4 years, 9 months ago
my understand is ... application works as Azure App service after they migrated on to Azure and use Azure AD. Option B is correct answer if my assumption is right.
upvoted 1 times
...
Schen2020
4 years, 10 months ago
I have this question in my az-300 exam, D is correct.
upvoted 3 times
Test_Taker
4 years, 10 months ago
You dont get the answers after the exam, therefore, how do you know it's correct?
upvoted 8 times
DC_Stak
4 years, 10 months ago
maybe he got 100%
upvoted 9 times
...
...
...
kuome
4 years, 11 months ago
I support D, watch https://www.youtube.com/watch?v=GB1DvtkREzA
upvoted 2 times
...
ct84
4 years, 11 months ago
D ain't correct guys because AD DS isn't avail on 2016. Such a niche bit of info that.. but, if it didn't matter they wouldn't mention the OS version i guess..
upvoted 1 times
ct84
4 years, 11 months ago
you know what i take that back.. i believe it was only RENAMED in Windows 2018? (https://social.technet.microsoft.com/wiki/contents/articles/699.active-directory-domain-services-ad-ds-overview.aspx). I do believe the right answer is Di believe the right answer is D.. https://docs.microsoft.com/en-us/azure/active-directory-domain-services/overview#common-ways-to-provide-identity-solutions-in-the-cloud
upvoted 2 times
...
...
gboyega
4 years, 11 months ago
D AADDS
upvoted 2 times
...
kgangaram
4 years, 11 months ago
It Shud be D
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel