ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 49 discussion

Actual exam question from Microsoft's MS-500
Question #: 49
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.
Solution: From the Access settings, you select Block access for User1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk
by zerrowall at Dec. 28, 2022, 7:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RomanV
2 years, 1 month ago
Answer Yes: If after investigation, an account is confirmed compromised: Select the event or user in the Risky sign-ins or Risky users reports and choose "Confirm compromised". If a risk-based policy wasn't triggered, and the risk wasn't self-remediated, then do one or more of the followings: Request a password reset. Block the user if you suspect the attacker can reset the password or do multifactor authentication for the user. Revoke refresh tokens. Disable any devices that are considered compromised. If using continuous access evaluation, revoke all access tokens. Source: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-remediate-unblock#confirm-a-user-to-be-compromised
upvoted 1 times
...
H0TDOGG
2 years, 1 month ago
Where are the access settings that the remediation mentions?
upvoted 1 times
...
Dzuljzebari
2 years, 3 months ago
Answer in this is not the complete solution. User Risk Policy > Assignments: User 1 > User Risk: High > Controls: block. I would select 2 previous solutions as YES (Low and Medium risk user will not be affected) and this one as no NO - solution not properly described.
upvoted 2 times
...
costaluisc
2 years, 3 months ago
The requirement is "You need to prevent User1 from signing in". So we need an action that only affects that user.
upvoted 1 times
...
zerrowall
2 years, 5 months ago
How can we assign an individual user to block when others at the same time allow access?
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel