Exam AZ-500 topic 1 question 7 discussion

Correct Answer is B IP addresses with suspicious/dubious activity risk level is LOW

The same with Sign-ins from IP addresses with suspicious activity so B is correct

Medium

Answer: C, Medium Reason: Sign-ins from IP addresses with suspicious activity are classified as medium-risk in Azure AD Identity Protection. It was consisted LOW, but was updated a couple years back. Reference: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#risk-levels

C. Medium Note: It is very unlikely the Microsoft will require the memorization of specific risk levels given that they have changed the documentation. Previously the risk levels were very well defined, however they now provide this very vague paragraph: "Microsoft doesn't provide specific details about how risk is calculated. Each level of risk brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user." Modern Documentation: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#investigate-risk Legacy Documentation: https://web.archive.org/web/20190419234045/https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events

Latest information on MS Learn: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks?source=recommendations#risk-levels Risk levels Identity Protection categorizes risk into three tiers: low, medium, and high. When configuring Identity protection policies, you can also configure it to trigger upon No risk level. No Risk means there's no active indication that the user's identity has been compromised. Microsoft doesn't provide specific details about how risk is calculated. Each level of risk brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user.

ChatGPT: 1) Low Risk Level: Use this level if you believe the suspicious activity is low-risk or if you are conducting further investigations. It may be appropriate for situations where the IP address is not well-known as a source of malicious activity. 2) Medium Risk Level: This risk level is a common choice and represents a compromise between security and convenience. It might be suitable for suspicious activities that have some level of risk but are not considered severe. 3) High Risk Level: Use this level if you believe the suspicious activity represents a serious and immediate threat. It may require additional authentication and security verification to mitigate the risk.

Leaked Credentials = High Impossible travel to atypical locations =Medium Sign IN from infected device =Low Sign-ins from anonymous Ip addresses = Medium Sign-ins from Ip address with suspicious Activity = Medium Sign-ins from unfamiliar locations = Medium

Answer is LOW

This rating was upgraded in 2022 and went from low to medium.

can you guys please stop asking ChatGPT for the answers? if you have answers based on Microsoft document, then state it in the comments, otherwise stfu.

Its Low

updated categorization

C. Medium

correct asnwer is C

Correct Answer is C Question outdated: It's C for now, only "Sign-ins from infected devices" is a "low" risk. Check with the link: https://github.com/toddkitta/azure-content/blob/master/articles/active-directory/active-directory-identityprotection-risk-events-types.md

I'm going with B it seems to match the question best