Exam AZ-304 topic 2 question 32 discussion

Correct answer

With password hash sync and seamless single sign on it will first try to use kerberos against your on prem infrastructure. If that is offline or you are outside the office, you will be able to enter your password to access the services. With adfs or pass through auth, you are offline if the on prem service is offline.

PHS will allow to authenticate to cloud resources with or without onprem internet connectivity. PtA always require onprem (AADC server or other member server with PtA agent to be up, running and communicating with Azure). Correct answer is PtA.

On exam 31.03.2022

correct

Answer is correct

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn#comparing-methods What are the requirements for on-premises Internet and networking beyond the provisioning system? -> shows "None" for Password hash synchronization + Seamless SSO Answer is correct

It's A or B depending on how you read the question. If you read it as "users must still be able to authenticate IN AZURE if internet ..." then it's A. If you rather read it as "on-prem users must be able to authenticate if internet ..." then it's B. This question is like the picture of the old woman/young girl, if you see one version it's difficult to see the other. Since the company doesn't have AAD yet, I assume we're in scenario B: users are still mainly on-prem, and a connection between AAD and on-prem AD must not complicate authentication if internet is down.

on Exam (7-19-2021). passed 304 exam

This shows the importance of reading the question "if the internet connection to the on-premises Active Directory is unavailable". I originally read it as if users were on prem with the AD and the risk was the internet connection to AAD might be lost. Doh.

Answer is correct.: You need to ensure that users can authenticate if the internet connection TO THE on-premises Active Directory is unavailable If there is no internet in On-Premises the other two methods will not work, but he can still sign-in through Azure with first method.

Ans: B Pass through Explanation Since here users should still be able to authenticate even if the internet connection is not available, you must use Pass-through authentication. This would ensure users are authenticated via the on-premises Active Directory setup.

Correct Answer is Password Hash Sync... Refer: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn scroll down to "Comparing Methods"

Incorrect Answer. Answer is B. Since here users should still be able to authenticate even if the internet connection is not available, you must use Pass-through authentication. This would ensure users are authenticated via the on-premises Active Directory setup.

On Exam 05/01/2021

it should be B. pass-through authentication and Azure AD Seamless Single Sign-On (Azure AD Seamless SSO) Explanation Since here users should still be able to authenticate even if the internet connection is not available, you must use Pass-through authentication. This would ensure users are authenticated via the on-premises Active Directory setup.