ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 2 question 24 discussion

Actual exam question from Microsoft's AZ-500
Question #: 24
Topic #: 2
[All AZ-500 Questions]

HOTSPOT -
You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: Yes -
The Contoso location is included in the policy and MFA is required.

Box 2: No -
The policy applies to the Azure portal and Azure management endpoints. The policy does not apply to web services host in Azure.

Box 3: No -
The policy applies only to users in the Contoso location. The policy does not apply to users external to the Contoso location.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
by gsidhwani77 at July 5, 2021, 2:43 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Orel123
Highly Voted 2 years, 4 months ago
YES - Contoso location requires MFA to use AZ Portal NO - Contoso location does not require MFA to use web NO - External users from Contoso location are not required to use MFA for AZ portal https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa?toc=/azure/active-directory/conditional-access/toc.json&bc=/azure/active-directory/conditional-access/breadcrumb/toc.json#configure-the-conditions-for-multi-factor-authentication https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#microsoft-cloud-applications
upvoted 24 times
...
Dushank
Highly Voted 2 years, 6 months ago
Given answer is correct. 1) Yes - B'cos the users are accessing from Contoso location and it's included in the condition. 2) No - The cloud App is selected as "Microsoft Azure Management cloud app" . The question asks when users are accessing "Web services hosted in Azure subscription" 3) No - No other location other than "Contoso" location is selected. So when users connect from other locations, it will not prompt for MFA.
upvoted 11 times
...
tutonata
Most Recent 10 months, 2 weeks ago
We don't know whether Contoso is marked as Trusted Location or not...
upvoted 1 times
MS_KoolaidMan
9 months, 3 weeks ago
I don't think it matters if Contoso is trusted or not. It is simply a named location and used to determine if the CAP applies or not.
upvoted 3 times
...
...
icebw22
10 months, 3 weeks ago
Yes, no, no As per diagram, condition is limited to azure portal not web services.
upvoted 1 times
...
majstor86
11 months ago
Yes No No
upvoted 2 times
...
Amialijoonz
1 year, 1 month ago
Yes No No
upvoted 1 times
...
F117A_Stealth
1 year, 2 months ago
Answer is correct.... Y N N
upvoted 1 times
...
Eltooth
1 year, 10 months ago
Yes No No
upvoted 3 times
...
udmraj
1 year, 11 months ago
Yes-No-No is the correct Answer
upvoted 2 times
...
rohitmedi
2 years, 2 months ago
correct answer
upvoted 1 times
...
ashishg2105
2 years, 4 months ago
Given answer is correct YES NO NO
upvoted 1 times
...
kakakayayaya
2 years, 5 months ago
For me answers are: n n n Portal Policy is used to provide access to the Microsoft Azure Management cloud app. Policy is not limit access to portal. It limits access to cloud app only. Unfortunately we don't know the name of used Cloud App but it definitely not Web or Portal.
upvoted 1 times
kakakayayaya
2 years, 5 months ago
I was wrong! The Microsoft Azure Management application includes Azure portal! So provided answers are correct. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps
upvoted 6 times
us3r
1 year, 9 months ago
plot twist
upvoted 2 times
...
...
...
ad7399
2 years, 6 months ago
I just tested this on the portal. People in the Contoso location are included in the policy. The policy does not apply to those who are not in the Contoso location, therefore the answer to the third question is "No". The answer to the first two questions depends on what's selected under "Cloud Apps and Actions". As this isn't shown in the question (although it might be shown on the exam), it's impossible to say what the correct answer is. For anyone interested in trying this out, I noticed a long delay (>30 mins) between making changes to the policy and them taking effect.
upvoted 3 times
...
justinp
2 years, 6 months ago
on exam, today
upvoted 2 times
catsforthewin
2 years, 6 months ago
What do you think the correct answer is?
upvoted 1 times
...
...
gsidhwani77
2 years, 6 months ago
Yes Yes No [ Contoso is included for MFA] and hence OutSide Contose it will be allowed without MFA
upvoted 1 times
Jacquesvz
2 years, 6 months ago
Given answers are correct. for nr2, The policy does not apply to web services host in Azure.
upvoted 2 times
...
...
gsidhwani77
2 years, 6 months ago
All should be yes. As Approved Apps are not selected. All Apps used from Contoso Location should be allowed access MFA. In case of Location Constraint - If coming from outside Contoso then MFA is mandatory.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel