ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 40 discussion

Actual exam question from Microsoft's MS-100
Question #: 40
Topic #: 3
[All MS-100 Questions]

Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
The network uses a firewall that contains a list of allowed outbound domains.
You begin to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
✑ *.microsoft.com
*.office.com

Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

  • A. From the firewall, allow the IP address range of the Azure data center for outbound communication.
  • B. From Azure AD Connect, modify the Customize synchronization options task.
  • C. Deploy an Azure AD Connect sync server in staging mode.
  • D. From the firewall, create a list of allowed inbound domains.
  • E. From the firewall, modify the list of allowed outbound domains.
Show Suggested Answer Hide Answer
Suggested Answer: E 🗳️
Azure AD Connect needs to be able to connect to various Microsoft domains such as login.microsoftonline.com. Therefore, you need to modify the list of allowed outbound domains on the firewall.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports
by maikelb at May 26, 2021, 8:46 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Amir1909
1 year, 4 months ago
E is correct
upvoted 1 times
...
Wojer
3 years, 6 months ago
Hybrid Azure AD join requires devices to have access to the following Microsoft resources from inside your organization's network: https://enterpriseregistration.windows.net https://login.microsoftonline.com https://device.login.microsoftonline.com https://autologon.microsoftazuread-sso.com (If you use or plan to use seamless SSO)
upvoted 2 times
...
JakeH
3 years, 7 months ago
In exam today
upvoted 2 times
...
junior6995
3 years, 9 months ago
It doesn't feel right to only allow outbound connections, what if the tenant has a PHS enabled or a device writeback? I'd allow inbound and outbound.
upvoted 2 times
Eggsamine
3 years, 8 months ago
PHS, device and password writeback will all use the outbound connection from Azure AD Connect to communicate. No need for an explicit inbound rule as the firewall should handle it.
upvoted 4 times
...
Rudelke
3 years ago
You can set up Azure AD Connect from LAN network with no public address, port forwarding or anything like that. Simple conclusion is that Azure AD Connect does not need inbound connection. Also notice that changes are written back only as AD Connect does the sync cycle. In other words changes are written back only when AD Connect reaches out to Azure to gets an update.
upvoted 2 times
...
...
maikelb
4 years, 1 month ago
correct!
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel