ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 79 discussion

Actual exam question from Microsoft's MS-500
Question #: 79
Topic #: 1
[All MS-500 Questions]

You have a hybrid Azure Active Directory (Azure AD) tenant that has pass-through authentication enabled.

You plan to implement Azure AD Identity Protection and enable the user risk policy.

You need to configure the environment to support the user risk policy.

What should you do first?

  • A. Enable the sign-in risk policy.
  • B. Enforce the multi-factor authentication (MFA) registration policy.
  • C. Configure a conditional access policy.
  • D. Enable password hash synchronization.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Aleyah at March 27, 2023, 10:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sleb
Highly Voted 1 year, 11 months ago
ChatGPT says it's C.
upvoted 7 times
jamspurple
1 year, 11 months ago
Funny, but it's wrong in case anyone else is wondering...
upvoted 1 times
...
DavidBM
1 year, 10 months ago
Nice, i think the same :-)
upvoted 2 times
...
Citmerian
1 year, 10 months ago
Once password hash synchronization is enabled, you can proceed with configuring a conditional access policy to further enhance security measures based on risk factors. Therefore, option D is the correct answer for the first step in configuring the environment to support the user risk policy in Azure AD Identity Protection.
upvoted 4 times
...
...
Tweety1972
Most Recent 1 year, 10 months ago
You have to create a Conditional Access first to configure the user risk policy.
upvoted 2 times
...
AnonymousJhb
1 year, 12 months ago
Selected Answer: C
Begin by creating a CAP = option C https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies#enable-policies
upvoted 3 times
...
Dhamus
2 years ago
Selected Answer: D
The organization has pass-through authentication enabled. I'm going for option D.
upvoted 2 times
...
RomanV
2 years ago
Incorrect. Enabling password hash synchronization is a prerequisite for implementing pass-through authentication, but if you read the question with 2 eyes instead of 1, you will read "...that has pass-through authentication enabled" So the correct answer is A. Enable the sign-in risk policy.
upvoted 1 times
RomanV
2 years ago
Source: https://learn.microsoft.com/en-us/defender-cloud-apps/aadip-integration
upvoted 2 times
Tweety1972
1 year, 10 months ago
Microsoft's recommendation: Microsoft recommends the below risk policy configurations to protect your organization: 1. User risk policy Require a secure password change when user risk level is High. Azure AD MFA is required before the user can create a new password with password writeback to remediate their risk. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies
upvoted 2 times
...
...
Tanasi
1 year, 11 months ago
dude, you just contradicted yourself so much. pass-through authentication is different from password hash synchronization. sign-in risk =/= user risk. Answer is C. Use conditional access. https://portal.azure.com/#view/Microsoft_AAD_IAM/IdentityProtectionMenuBlade/~/UserPolicy
upvoted 2 times
...
RomanV
2 years ago
"For users to self-remediate risk though, they must register for Azure AD Multifactor Authentication before they become risky. For more information, see the article Plan an Azure Active Directory Multi-Factor Authentication deployment. Use the Identity Protection multifactor authentication registration policy to help get your users registered for Azure AD Multifactor Authentication before they need to use it. " So Enable MFA will be the correct answer. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/how-to-deploy-identity-protection
upvoted 6 times
RomanV
2 years ago
To make the MFA point stronger: "If organizations have a sign-in risk policy that requires multifactor authentication when the sign-in risk level is medium or high, their users must complete multifactor authentication when their sign-in risk is medium or high." Source: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies#azure-ad-mfa-registration-policy
upvoted 4 times
...
...
...
josh_josh
2 years ago
Selected Answer: D
D is the answer
upvoted 1 times
...
Aleyah
2 years, 1 month ago
Selected Answer: C
......
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago