ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 47 discussion

Actual exam question from Microsoft's MS-500
Question #: 47
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.
Solution: You configure the user risk policy to block access when the user risk level is high.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by dwilding at Sept. 28, 2022, 3:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AVN1711
1 year, 9 months ago
Selected Answer: A
Hi everyone, I am a bit confused. Regarding to this: "How do the feedback mechanisms in Identity Protection work? Confirm compromised (on a sign-in) – Informs Azure AD Identity Protection that the sign-in wasn't performed by the identity owner and indicates a compromise. Upon receiving this feedback, we move the sign-in and user risk state to Confirmed compromised and risk level to High.(https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/troubleshooting-identity-protection-faq)" So, after you selected Confirm user compromised and set the policy to block user with risk level High, he should be blocked for sign-ins, right? I think right answer is A (Yes)
upvoted 1 times
...
RomanV
2 years, 2 months ago
Read the question again and again until you understand it. It's not talking about a high risky user but about a user that is reported as risky which YOU confirm as 'comprimised'. Read what Microsoft has to say about that: If after investigation, an account is confirmed compromised: Select the event or user in the Risky sign-ins or Risky users reports and choose "Confirm compromised". If a risk-based policy wasn't triggered, and the risk wasn't self-remediated, then do one or more of the followings: Request a password reset. Block the user if you suspect the attacker can reset the password or do multifactor authentication for the user. Revoke refresh tokens. Disable any devices that are considered compromised. If using continuous access evaluation, revoke all access tokens. You can answer the question yourself now. ;) Source: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock#confirm-a-user-to-be-compromised
upvoted 2 times
...
Franc_Coetzee
2 years, 3 months ago
Selected Answer: B
You only need User1 to not be able to sign in
upvoted 1 times
...
tecnicosoffshoretech
2 years, 4 months ago
Selected Answer: A
In my opinion it should be A, since it is only blocking high risk users and lower risk users are not affected
upvoted 4 times
...
hpl1908
2 years, 4 months ago
Selected Answer: B
The solution must minimize the impact on users at a *lower risk level*. Solution: You configure the user risk policy to block access when the user risk level is *high*. So the answer is No.
upvoted 1 times
...
costaluisc
2 years, 4 months ago
The requirement is "You need to prevent User1 from signing in". So we need an action that only affects that user.
upvoted 2 times
Stig_88
2 years, 2 months ago
It says prevent User1 from signing in and NOT prevent "only" User1 from signing in. You need to prevent User1 from signing in. YES this is satisfied with the solution. The solution must minimize the impact on users at a lower risk level. YES this is satisfied and in fact solution not only minimize the impact to users at lower risk level but it gives NO impact as it ONLY impacts High Risks level.
upvoted 1 times
Stig_88
2 years, 2 months ago
In addition for the other 2 instance of this question, An administrator may choose to block a sign-in based on their risk policy or investigations. A block may occur based on either "sign-in" or "user risk"
upvoted 1 times
...
...
...
abill
2 years, 5 months ago
Should it not be Yes?
upvoted 1 times
...
gaida
2 years, 7 months ago
it is correct, as it should enforce password change instead
upvoted 2 times
doody
2 years, 6 months ago
no, when the user is confirmed as compromised then he will be moved to 'high risk', hence any remediation action (block, password change) while setting the user risk policy level as high will impact only the 'high risk' users and not the lower risk level users https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock#confirm-a-user-to-be-compromised
upvoted 2 times
...
...
dwilding
2 years, 9 months ago
"The solution must minimize the impact on users at a lower risk level"
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel