ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 4 question 41 discussion

Actual exam question from Microsoft's MS-100
Question #: 41
Topic #: 4
[All MS-100 Questions]

HOTSPOT -
You have a Microsoft 365 Enterprise E5 subscription.
You create a password policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts. In this question, the lockout threshold if 5 failed attempts.
The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts.
Password evaluation goes through several steps including normalization and Substring matching which is used on the normalized password to check for the user's first and last name as well as the tenant name.
The next step is to identify all instances of banned passwords in the user's normalized new password. Then:
1. Each banned password that is found in a user's password is given one point.
2. Each remaining unique character is given one point.
3. A password must be at least five (5) points for it to be accepted.
Conto$01Pa$$word contains two banned passwords and no remaining unique characters so is given a score of 2 points. This is less than the required 5 points so will be rejected.
Pa$$w0rd contains a banned password and no remaining unique characters so is given a score of 1 point. This is less than the required 5 points so will be rejected.
AzureAD!!111 contains a banned password (AzureAD!!) and has three remaining characters. However, the remaining characters are all the same (they're all 1s) so that is only one unique character. So that password will be given a score of 2. One for the banned password and 1 for the unique character. This is less than the required 5 points so will be rejected.
PasswordPa55w.rd does not contain a banned password. PasswordPa55w.rd contains 16 characters. However, there are two 'P', two 'a', two 's', two 'w', two 'r', two 'd', and two '5' so there are 9 unique characters. Therefore, the password will be given a score of 9 points. This is more than the required 5 points so the password will be accepted.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
by TheWallPTA at April 15, 2021, 5:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Moderator
2 years, 9 months ago
Still a valid question (July 30th 2022).
upvoted 3 times
...
JakeH
3 years, 5 months ago
In exam today
upvoted 4 times
...
Eggsamine
3 years, 6 months ago
Agree with the answer, just thought I would add that the custom banned passwords list is case-insensitive, so Pa$$w0rd is the same as pa$$w0rd: https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-configure-custom-password-protection#:~:text=The%20custom%20banned%20password%20list%20is%20case-insensitive
upvoted 3 times
...
TimurKazan
3 years, 8 months ago
correct
upvoted 2 times
...
Azreal_75
3 years, 8 months ago
I have a query, in the given answer it says: "PasswordPa55w.rd does not contain a banned password." Am I being thick or is that incorrect? The first part of the p/w is Password - in the banned passwords list is Pa$$w0rd. After normalisation would that not equate to Password? Or is normalisation only done on the entered passwords and not the ones in the banned password list?
upvoted 4 times
Paolo2022
2 years, 5 months ago
You are correct - NONE of the passwords given here would be eligible to be chosen! Normalisation is exactly what prevents that, see: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad#step-1-normalization Thankfully the rules are rather clear - otherwise this lack of a correct option would be a problem...
upvoted 1 times
...
...
MigrationEndpoint
4 years ago
"If the first sign-in after a lockout also fails, the account locks out again. If an account locks repeatedly, the lockout duration increases." - https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
upvoted 2 times
...
Gus01
4 years ago
Yes 5 Sign in Attempts after every minute is the correct answer
upvoted 3 times
dsiisus
3 years, 10 months ago
vikingSWE is correct https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
upvoted 1 times
...
VikingSWE
3 years, 11 months ago
No it is not. After the first lockout, the user gets only one try per lockout duration.
upvoted 6 times
...
joergsi
3 years, 2 months ago
one sign-in attempt every minute, after 5 fails the account will be blocked! In your case, the user can sign in 5 times within 1 Minute!
upvoted 1 times
...
...
TheWallPTA
4 years ago
Lockout Threshold = How many failed sign-ins are allowed on an account before its first lockout. If the first sign-in after a lockout also fails, the account locks out again. Lockout duration in seconds = The minimum length in seconds of each lockout. If an account locks repeatedly, this duration increases. So I think it should be: 5 Signin Attempts each Minute.
upvoted 1 times
VikingSWE
3 years, 11 months ago
No. After the first lockout, the user gets only one try per lockout duration.
upvoted 5 times
subbuhotmail
3 years, 8 months ago
S0 basically, 1. If users attempts 5 wrong password then it will lock. --> Locked 2. After 60 seconds, lock released. 3. If user enter wrong password , then in the 1st attempt after lockout ---> it will lock again. 4. If user enter correct password then all reset to normal again.
upvoted 9 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago