ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 1 question 26 discussion

Actual exam question from Microsoft's MS-100
Question #: 26
Topic #: 1
[All MS-100 Questions]

Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.
Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.
Solution: You configure the use of pass-through authentication and seamless SSO.
Does the solution meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by zul_n at Oct. 1, 2021, 12:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
MikeMatt2020
Highly Voted 3 years, 8 months ago
I don't really see how Seamless SSO has anything to do with what the question is asking. It's asking that we choose and authentication method that has high availability, which PTA offers (especially with the scalability of its PTA agents) and passwords are stored on-prem, which PTA also does. Question does not mention any parameter that requires users be automatically signed in while on-prem without cred prompts...Am I wrong?
upvoted 9 times
...
TimurKazan
Highly Voted 3 years, 9 months ago
correct, PTA is also considered as highly available by Microsoft
upvoted 6 times
bake73
3 years, 5 months ago
No no and no. PTA is considered HA IF you have more than 1 agent. The minimum for PTA is 1, thus no redundancy IF only 1 agent.
upvoted 4 times
Mea988
3 years, 4 months ago
But it's not stated you can only install one, only that you have to use the existing infrastructure and have HA. So it's ok, PTA is HA in this case
upvoted 8 times
...
...
...
osxzvkwpfcfxobqjby
Most Recent 1 year, 10 months ago
Selected Answer: A
PTA is de correct answer, do not over complicate your answers. It does not state "you configure PTA half-way". If you configure PTA you install at least one agent, so you can also install more agents. "only" can also refer to SSO or something else. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta
upvoted 1 times
...
proxyma93
2 years, 1 month ago
Selected Answer: A
It's PTA vs PHS, so it's PTA
upvoted 2 times
...
ijarosova
2 years, 3 months ago
I vote B. By configuring PTA and SSO, users will be able to access Microsoft 365 services using their on-premises credentials without having to enter their credentials again.
upvoted 1 times
...
Meebler
2 years, 3 months ago
Pass-through authentication and seamless single sign-on (SSO) provide a comprehensive solution for enabling users to access Microsoft 365 services using their on-premises credentials. With pass-through authentication, user sign-in credentials are verified against the on-premises Active Directory, providing a secure and highly available authentication method. User passwords are not stored in the cloud, ensuring that they remain on-premises. Seamless SSO further simplifies the user experience by allowing users to access Microsoft 365 services without having to enter their credentials again. This is accomplished through the use of Kerberos authentication, which enables the user's on-premises credentials to be used for authentication to Microsoft 365 services. Both pass-through authentication and seamless SSO can be implemented using the current server infrastructure, without the need for additional hardware or software. This makes it a cost-effective solution for enabling secure and seamless access to Microsoft 365 services. Therefore, this is the best answer.
upvoted 2 times
Meebler
2 years, 3 months ago
While Pass-through Authentication (PTA) provides a secure authentication method, users must still enter their credentials each time they sign in to Microsoft 365 services. This can be inconvenient for users and may increase the risk of credential phishing attacks. In contrast, seamless Single Sign-On (SSO) provides a more user-friendly experience by allowing users to access Microsoft 365 services without having to re-enter their credentials. This is achieved through the use of Kerberos authentication, which allows users to authenticate to Microsoft 365 services using their on-premises credentials without being prompted to enter their username and password. Implementing PTA with seamless SSO provides the best of both worlds by providing a secure authentication method and a convenient user experience. It also eliminates the need for users to remember multiple sets of credentials for on-premises and cloud-based services. Therefore, PTA with seamless SSO is better than just PTA because it provides a better user experience, while maintaining security and reducing the risk of credential phishing attacks.
upvoted 1 times
...
...
Feyenoord
2 years, 4 months ago
Selected Answer: B
100% B while PTA is indeed correct you still need to install at least 2 agents. Since they talk about enabling PTA only it is not enough!
upvoted 1 times
...
ColmTheMeanie
2 years, 4 months ago
When you enable password-based SSO for an application, Azure AD collects and securely stores usernames and passwords for the application. User credentials are stored in an encrypted state in the directory. Password-based SSO is supported for any cloud-based application that has an HTML-based sign-in page Although the above does relate to app passwords, it would open up the possibility for credential storage in Azure so i would say no
upvoted 2 times
...
Don123
2 years, 5 months ago
A. Yes The solution of configuring pass-through authentication and seamless SSO meets the goal of allowing users to access Microsoft 365 by using their on-premises credentials, utilizing the current server infrastructure, and ensuring that all user passwords are stored on-premises and highly available. Pass-through authentication allows for on-premises Active Directory credentials to be verified directly against the on-premises Active Directory, rather than syncing the credentials to Azure Active Directory. Seamless SSO provides a way for users who are already signed in to their on-premises network to be automatically signed in to their cloud-based resources without having to enter their password again. This way, it meets the requirement of storing the passwords on-premises, being highly available and providing a seamless experience for the end user.
upvoted 1 times
...
Baset100
2 years, 5 months ago
B. No, the solution does not meet the goal. Pass-through Authentication (PTA) and Seamless Single Sign-On (SSO) are features of Azure AD Connect that allows users to authenticate against on-premises Active Directory using their on-premises credentials when accessing cloud-based resources and also allow for a Single Sign-On (SSO) experience for the users. While PTA does allow for on-premises credentials to be used and passwords to be stored on-premises, the use of Seamless SSO would allow for users to be authenticated automatically when signing in to Azure AD, without having to enter their credentials again. This would require the user's password hash to be stored in Azure AD which violates the requirement of having the passwords stored only on-premises. It's important to note that, it's possible to achieve SSO experience without storing the password hash in Azure AD, but that would require additional components, such as ADFS or another third-party identity provider.
upvoted 3 times
Don123
2 years, 5 months ago
It is possible that the solution of using pass-through authentication and seamless SSO meets the goal, as it allows users to access Microsoft 365 by using their on-premises credentials, without the need for additional servers or infrastructure. Pass-through Authentication (PTA) is a feature of Azure Active Directory Connect that allows users to authenticate to Azure AD by validating their credentials against on-premises Active Directory. Seamless SSO is a feature of Azure AD Connect that provides a single sign-on experience to users that are signed in to their on-premises domain-joined devices. With this solution, user's passwords are only stored on-premises and users can access to Microsoft 365 services with the same password they use to sign in to their on-premise domain. However, it is important to note that this solution is not the only one and other factors such as environment and security considerations may play a role in determining if the solution truly meets the goal.
upvoted 1 times
...
...
One111
2 years, 6 months ago
Selected Answer: A
They have 5 DCs. This is HA for onprem authentication and password storing. They must have at least 1 AADC server. We can enable PtA and install agents on all DC. All requirements fulfilled. Seamless SSO does not change anything.
upvoted 1 times
...
areis
2 years, 7 months ago
If configuring PTA only doesn't meet the goal, configuring PTA w/ SSO will definitely not either. I'll go to No for both coz both solutions don't meet the requirement of being highly available, install more than 1 PTA agent is missing.
upvoted 2 times
...
Contactfornitish
3 years, 2 months ago
Selected Answer: A
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso Seamless SSO can be combined with PTA and PTA only fills the requirement of keeping passwords On-Premise. Adding Seamless doesn't change a thing so A is right
upvoted 3 times
...
trexar
3 years, 2 months ago
Selected Answer: A
Password are onpremise first requirement is ok, HA the sentence say you configure it means you install the agents
upvoted 1 times
...
joergsi
3 years, 4 months ago
Selected Answer: B
Following the argument of the previous question, to achieve HA we need PTA +, at least, three Agents. What we get is PTA and Seamless, in this case the answer could only be NO!
upvoted 3 times
Durden871
3 years, 4 months ago
The previous question said enabling the feature of PTA only. This is talking of configuring PTA with SSO, but doesn't use the delimiter of "Only". These questions are awful. Even with these study aides I'm incredibly confused.
upvoted 3 times
...
...
Bulldozzer
3 years, 5 months ago
In my opinion, the answer of the previous question is A and for this one, it' B.
upvoted 2 times
...
tf444
3 years, 6 months ago
So what is the difference between this Q and the previous one? SSO has anything to do with what the question is asking, why this q is yes and the other one is No?
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel