HOTSPOT - To meet the authentication requirements of Fabrikam, what should you include in the solution? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
no specific location is necessary: "All administrative access to the Azure portal must be secured by using multi-factor authentication."
Id go with only one conditional access policy
"only available within the company" is not talking about physical location it's talking about user location. if it said "data cannot be accessed outside of the company network" then we can control that with a CAP.
However, it is talking about Guest access, which can be controlled with a CAP.
A Blocking policy would be implemented which targets guest accounts, i.e. no guest users can access the Azure AD tenancy, but further to this that would be a blanket rule of "no guest users" and in which case this would be better configured by disabling guest access to Azure AD entirely, i.e. no CAP required.
My answer is 1, 1, 1 - CAP only reqiured to enforce MFA for Admin accounts.
I agree with 0 as conditional policy
- data cannot be accessed outside of the company network (this is not restricted through conditional access. I suspect it's through policy)
2. admin group must be secured by using multi-factor authentication (there is nothing specify of condition a such from offsite address, so it must be the priviledge management.)
given answer is correct
answer is 1,1,2
We just need one Azure AD tenant to host the information for corp.fabrikam.com,Since there is only one forest that needs to be synced with Azure AD, one can opt for having one Azure AD tenant.
We just need one custom domain to be created for corp.fabrikam.com
Conditional access :
1. data cannot be accessed outside of the company network (Condition based on Location name or IP)
2. admin group must be secured by using multi-factor authentication ( Condition based on user/group membership)
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-admin-mfa
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-location
1,1,2
Conditional access :
1. data cannot be accessed outside of the company network (Condition based on Location name or IP)
2. admin group must be secured by using multi-factor authentication ( Condition based on user/group membership)
Shouldn´t be two domains "The network contains two Active Directory forests named corp.fabrikam.com and rd.fabrikam.com. There are no trust relationships between the forests."
dont go with high upvoted for this question....you dont need to create any new policies . You can try use the free policy Baseline hence i would go with 1,1,0
Baseline policies are now deprecated, below is what you get when you click on the baseline policy
"This policy has been deprecated and is no longer being enforced. If you are looking to enable similar functionality, we recommend enabling security defaults or configuring the equivalent conditional access policies."
So we have to create a new policy for controlling admin access.
No, you can enable security defaults instead which enforces MFA for admins. If your tenant was created after Nov 2919, then security defaults are likely enabled by default.
the correct answer:
1, 1, 0
There is already a policy with the name of “Baseline policy: Require MFA for admins” that comes along with even the Free tier of Azure AD. This enables multi-factor authentication for all types of administrators. You can just enable this policy. There is no need to create a new policy.
"All administrative access to the Azure portal must be secured by using multi-factor authentication." how does this achevied without conditional access policiy?
This section is not available anymore. Please use the main Exam Page.AZ-301 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MadhuG
Highly Voted 5 years, 3 months agoRStover
5 years, 1 month agojuri
4 years, 11 months agoasdfgh1234567
4 years, 11 months agolevianthan
4 years, 9 months agoAS007
Highly Voted 5 years, 2 months agoglam
Most Recent 4 years, 3 months agoj888
4 years, 3 months agoazurecert2021
4 years, 4 months agosejalo
4 years, 4 months agosanketshah
4 years, 5 months agoEdhotp
4 years, 7 months agocitizen_zero
4 years, 7 months agoDavid_986969
4 years, 8 months agosmsulai
4 years, 10 months agoro_yahoo
4 years, 10 months agotmurfet
4 years, 9 months agoeug45
4 years, 11 months agoNKnab
4 years, 11 months agogboyega
4 years, 11 months agoKaawa
4 years, 11 months agogboyega
4 years, 11 months agosaran1987
4 years, 9 months agogboyega
4 years, 11 months agodev2dev
4 years, 12 months agoDeveshSolanki
5 years agossrr
5 years agosuperbutt
5 years agoruval
5 years, 1 month agoasdfgh1234567
4 years, 11 months agopandeya442
5 years, 1 month agoShiven
5 years, 1 month ago