exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam

Exam SC-300 topic 2 question 50 discussion

Actual exam question from Microsoft's SC-300
Question #: 50
Topic #: 2
[All SC-300 Questions]

HOTSPOT
-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. The AD DS domain contains the organizational units (OUs) shown in the following table.



You need to create a break-glass account named BreakGlass.

Where should you create BreakGlass, and which role should you assign to BreakGlass? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
DoMing
Highly Voted 1 year, 5 months ago
AzureAD and Global Admin https://learn.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access#how-to-create-an-emergency-access-account
upvoted 41 times
topzz
1 year, 5 months ago
break-glass account = emergency access account
upvoted 6 times
...
ANiMOSiTYOP
6 months, 2 weeks ago
Location: Azure AD Role: Global Administrator Explanation: A break-glass account is a highly privileged account meant to be used in emergency situations where normal administration cannot be performed. As such, it should be created directly in Azure AD so it's not dependent on the on-premises AD DS domain. The Global Administrator role will provide the broadest level of permissions to address potential emergency issues. Remember, such accounts should be protected with strong, complex passwords, ideally stored securely off-line, and should only be used for temporary and emergency purposes.
upvoted 3 times
...
...
kmk_01
Highly Voted 1 year, 5 months ago
https://learn.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access Create emergency access accounts Create two or more emergency access accounts. These accounts should be cloud-only accounts that use the *.onmicrosoft.com domain and that are not federated or synchronized from an on-premises environment.
upvoted 7 times
...
d1e85d9
Most Recent 3 days, 2 hours ago
If the resource is on-prem then the answer must be => OU1. Otherwise, the answer is => Azure AD. From the below link, take note this paragraph (Federation Guidance): Federation guidance The emergency access for on-premises systems and the emergency access for cloud services should be kept distinct, with no dependency of one on the other. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access#how-to-create-an-emergency-access-account
upvoted 1 times
...
HartMS
5 months, 2 weeks ago
Azure AD and Global Admin
upvoted 3 times
...
emartiy
5 months, 3 weeks ago
I searched this question and found exact and only one correct answer.. Create two or more emergency access accounts. These accounts should be cloud-only accounts that use the *.onmicrosoft.com domain and that are not federated or synchronized from an on-premises environment. Link: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/security-emergency-access#create-emergency-access-accounts Azure AD and Global Admin... chose these options and gain point from exam :)
upvoted 4 times
...
kijken
10 months ago
Sorry, but a break glass account for what? For Azure or for on prem AD?
upvoted 1 times
...
norkis97
10 months, 2 weeks ago
Break glass account must be only azure ad account ! Break glass account also must be Global Administrator
upvoted 4 times
...
sherifhamed
11 months, 4 weeks ago
What is a break-glass account in azure? A "break-glass" account, in the context of Azure and security, refers to a special or emergency account with elevated permissions that is used as a last resort to access and troubleshoot Azure resources in situations where normal access methods or credentials are unavailable or compromised. The term "break-glass" implies that this account is only to be used in emergency situations, just like breaking the glass to access a fire alarm or emergency tool.
upvoted 3 times
...
sgfurgi
1 year ago
OU1? Really? And what happens if for some reason you get the OU1 unsynced or the account is deleted or moved from that OU? You ALWAYS need to have the admin accounts with azure ad or 365 roles Cloud Only.
upvoted 3 times
...
StarMe
1 year ago
The breakglass account should be created in Azure AD and not OU1. Please correct the answer. And assign Global Admin privileges with MFA exempt for at least one such account. https://learn.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access#exclude-at-least-one-account-from-conditional-access-policies
upvoted 2 times
...
EmnCours
1 year, 1 month ago
AzureAD and Global Admin
upvoted 2 times
...
dule27
1 year, 3 months ago
Azure AD Global Admin Break-glass account has emergency access
upvoted 3 times
...
caef525
1 year, 4 months ago
Create two or more emergency access accounts. These accounts should be cloud-only accounts that use the *.onmicrosoft.com domain and that are not federated or synchronized from an on-premises environment. https://learn.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access#how-to-create-an-emergency-access-account
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago