ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 1 question 2 discussion

Actual exam question from Microsoft's AZ-500
Question #: 2
Topic #: 1
[All AZ-500 Questions]

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Jacquesvz at July 13, 2021, 5:01 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kakakayayaya
Highly Voted 3 years, 8 months ago
We have 3 options for solution: 1) Password hash synchronization + Seamless SSO 2) Pass-through Authentication + Seamless SSO 3) Federation with AD FS 1 - doesn't support "password policies and user logon limitations". 2 and 3 - support, but 3 requres more servers.
upvoted 55 times
kakakayayaya
3 years, 8 months ago
.. so answer YES
upvoted 5 times
omw2wealth
3 years, 5 months ago
Exactly.
upvoted 1 times
cfsxtuv33
3 years, 4 months ago
I will have to agree with this assessment based on supporting evidence and kakakayayaya "options for solution."
upvoted 1 times
...
...
...
ThatDowntownSmell
2 years, 6 months ago
There is a 4th option not listed: Pass-through Auth+Seamless SSO with Password Hash Sync: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
upvoted 4 times
...
...
moutaz1983
Highly Voted 3 years, 9 months ago
I will go Yes here because this password policy enfocement can be done only using Pass through auth See decision tree: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
upvoted 22 times
Shahrezza
3 years, 7 months ago
Agree with answer : YES . The decision tree support this
upvoted 4 times
...
...
stonwall12
Most Recent 2 months, 3 weeks ago
Selected Answer: A
Answer: A, Yes Reason: Pass-through authentication with password hash sync meets the goals by enforcing on-premises password policies while providing backup authentication, all with minimal server infrastructure. Reference: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/choose-ad-authn#cloud-authentication-pass-through-authentication
upvoted 1 times
...
somenick
7 months, 2 weeks ago
Selected Answer: A
We have 3 options for solution: 1) Password hash synchronization + Seamless SSO 2) Pass-through Authentication + Seamless SSO 3) Federation with AD FS 1 - doesn't support "password policies and user logon limitations". 2 and 3 - support, but 3 requres more servers.
upvoted 4 times
...
fahrulnizam
7 months, 2 weeks ago
Selected Answer: A
"must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant" keyword here in this question is 'synced'. So, answer is YES Password hash synchronization. A sign-in method that synchronizes a hash of a users on-premises AD password with Azure AD. Pass-through authentication. A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn't require the additional infrastructure of a federated environment.
upvoted 3 times
...
fr3ngdf
7 months, 2 weeks ago
Selected Answer: A
Answer is A (YES) https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta "Azure AD Password Hash Synchronization (...) provides the same benefit of cloud authentication to organizations. However, certain organizations wanting to enforce their on-premises Active Directory security and password policies, can choose to use Pass-through Authentication instead"
upvoted 3 times
...
zellck
7 months, 2 weeks ago
Selected Answer: A
A is the answer. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/choose-ad-authn#cloud-authentication-pass-through-authentication - Effort. For pass-through authentication, you need one or more (we recommend three) lightweight agents installed on existing servers. These agents must have access to your on-premises Active Directory Domain Services, including your on-premises AD domain controllers. They need outbound access to the Internet and access to your domain controllers. For this reason, it's not supported to deploy the agents in a perimeter network.
upvoted 1 times
zellck
2 years ago
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/choose-ad-authn#cloud-authentication Azure AD Pass-through Authentication. Provides a simple password validation for Azure AD authentication services by using a software agent that runs on one or more on-premises servers. The servers validate the users directly with your on-premises Active Directory, which ensures that the password validation doesn't happen in the cloud. Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use this authentication method.
upvoted 1 times
...
...
BigShot0
7 months, 2 weeks ago
Selected Answer: A
Azure AD Pass-through Authentication. Provides a simple password validation for Azure AD authentication services by using a software agent that runs on one or more on-premises servers. The servers validate the users directly with your on-premises Active Directory, which ensures that the password validation doesn't happen in the cloud. Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use this authentication method. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/choose-ad-authn
upvoted 1 times
...
123lmn
7 months, 2 weeks ago
Selected Answer: A
the solution of using pass-through authentication and seamless Single Sign-On (SSO) with password hash synchronization aligns with your goal of integrating Active Directory and the Azure AD tenant while ensuring that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant. Additionally, this solution helps reduce the number of necessary servers as it doesn't require additional infrastructure components like federation servers, which would be the case if you were to implement Active Directory Federation Services (AD FS) for SSO. In summary, the proposed solution is a valid and efficient approach for achieving the integration and meeting the specified requirements.
upvoted 1 times
...
yonie
7 months, 2 weeks ago
Selected Answer: A
Answer is YES organizations wanting to enforce their on-premises Active Directory security and password policies, can choose to use Pass-through Authentication instead https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/choose-ad-authn See also: https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/choose-ad-authn#decision-tree
upvoted 1 times
...
pentium75
7 months, 2 weeks ago
Selected Answer: A
"Make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant" - requires pass-through authentication or federation "amount of necessary servers are reduced" - federation would require additional servers while pass-through does not So we need pass-through authentication, which is part of the suggested solution here. Additional (!) password hash sync for seamless SSO is not required by the question, but it doesn't harm.
upvoted 2 times
...
Ruffyit
1 year, 1 month ago
We have 3 options for solution: 1) Password hash synchronization + Seamless SSO 2) Pass-through Authentication + Seamless SSO 3) Federation with AD FS 1 - doesn't support "password policies and user logon limitations". 2 and 3 - support, but 3 requres more servers.
upvoted 1 times
...
examexamtopics
1 year, 2 months ago
Yes, the solution does meet the goal. Azure AD Connect with pass-through authentication and seamless Single Sign-On (SSO) with password hash synchronization would allow you to integrate your on-premises Active Directory with Azure AD. Pass-through authentication allows users to use the same username and password on-premises and in the cloud, but doesn’t require the additional infrastructure of a federated environment. Seamless SSO automatically signs users in when they are on their corporate devices connected to your corporate network, providing a more integrated experience. Password hash synchronization is an extension to the same sign-on feature where the hash of the on-premises AD user’s password is synchronized to Azure AD, which can help reduce the number of servers since you don’t need to deploy Active Directory Federation Services (ADFS).
upvoted 1 times
...
Jastix
1 year, 2 months ago
Answer = B https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/choose-ad-authn
upvoted 1 times
...
b9e98e8
1 year, 3 months ago
PTA requires OnPrem AD to process authentication and PHS requires Azure AD to process authentication. If you want to reduce on prem servers using SSO then you should recommend PTA with SSO but not PHS with SSO.
upvoted 1 times
...
wardy1983
1 year, 5 months ago
Yes" - the main sign-in method is PTA fulfills the requirements and the PH sync is just for failover and for Identity protection. It is also recommended to do. Azure AD Identity Protection requires Password Hash Sync regardless of which sign-in method you choose, to provide the Users with leaked credentials report. Organizations can fail over to Password Hash Sync if their primary sign-in method fails and it was configured before the failure event. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
upvoted 1 times
...
Ssc91
1 year, 6 months ago
Selected Answer: B
Azure AD Pass-through Authentication. Provides a simple password validation for Azure AD authentication services by using a software agent that runs on one or more on-premises servers. The servers validate the users directly with your on-premises Active Directory, which ensures that the password validation doesn't happen in the cloud. Companies with a security requirement to immediately enforce on-premises user account states, password policies, and sign-in hours might use this authentication method. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/choose-ad-authn upvoted 1 times
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago