Exam SC-300 topic 2 question 7 discussion

The AzureAD Password Protection proxy service initiates an outbound connection (Port 443) to Azure to pull the banned password list. The downloaded banned password list is pulled by the agent installed on DCs. Given answer is correct.

There is only one server functioning as the AZ AD Connect which is Server 3. What if Server 3 goes down? This is a single point of failure which I think should Server 4 be configured to be doing. So I would have A as an answer.

if Azure AD Password Protection requires an azure ad password protection proxy service server, and we only install that proxy service on server4, won't we still have a problem "if a single server fails" and that single server is named 'server4'? from the linked article: "You need network connectivity between at least one DC in each domain of the forest and one password protection proxy server." (so it breaks if single server4 goes down?) "We recommend at least two Microsoft Entra Password Protection proxy servers per forest for redundancy, " (we only have one, server4, right? ) am i missing the part of the question that says we already have a proxy service installed on a second server?

Correct Answer: D

To ensure that Azure AD Password Protection will continue to work if a single server fails, you should implement D. the Azure AD Password Protection proxy service on Server4

D. the Azure AD Password Protection proxy service

D correct

two Azure AD Password Protection proxy servers is enough to ensure availability - https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy "What happens if my Azure AD Connect server goes offline?" https://www.ipswitch.com/blog/provide-high-availability-for-azure-ad-connect You already have two instance of Azure AD Password Protection on two different servers. There is no need to have third instance. But you can provide HA for Azure AD connect.

D. el servicio de proxy de protección con contraseña de Azure AD

The answer given is a correct answer. Azure AD Password Protection proxy service.

ON EXAM 14/11/2022

on the exam 09222022, i answered the same. Passed the exam, btw.

On the exam, 7/23/2022.

would the answer not be A. Azure AD Connect? there are 2 domain controllers both configured with Azure AD Password Protection. The question is to ensure Azure AD Password protection will continue if a "single" server fails. If one of the DCs fail, the other will still be availble. There is only 1 Azure AD Connect server; I would think you would configure a HA Azure AD connect server. Bad question, because the password list is cached on the DCs and only a single server failure.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy Choose one or more servers to host the Azure AD Password Protection proxy service. The following considerations apply for the server(s): The host machine must be joined to any domain in that forest

On the exam - June 12, 2022

This question was in the exam 28/April/2022