ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 2 question 113 discussion

Actual exam question from Microsoft's AZ-500
Question #: 113
Topic #: 2
[All AZ-500 Questions]

HOTSPOT
-

Your network contains an on-premises Active Directory domain named adatum.com that syncs to a Microsoft Entra tenant.

The Microsoft Entra tenant contains the users shown in the following table.



You configure the Microsoft Entra Password Protection settings for adatum.com as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by elster at April 2, 2024, 9:18 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
chiquito
Highly Voted 10 months, 3 weeks ago
Going with NYY This is not a new question. Please see Question #62Topic 2 for discussion Reference: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad#score-calculation https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-operations#enable-on-premises-password-protection https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-deploy
upvoted 8 times
sauliusm
1 month, 2 weeks ago
user 2 can not change the pass, as after normalization it is matching adatum https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad#step-1-normalization
upvoted 1 times
sauliusm
1 month, 2 weeks ago
apologies, it is yes for user2, because of high score due to complexity
upvoted 1 times
...
...
pentium75
6 months, 4 weeks ago
Audit mode applies to on-premises AD, User2 is native Entra user
upvoted 1 times
...
...
elster
Highly Voted 10 months, 3 weeks ago
NYY bc of audit mode.
upvoted 7 times
pentium75
6 months, 4 weeks ago
Audit mode applies to on-premises AD, User2 is native Entra user
upvoted 1 times
...
...
Hot_156
Most Recent 1 week, 2 days ago
First of all - AUDIT AND ENFORCE MODE This just applies to ON-PREM. Password protection is always on for cloud identities. https://learn.microsoft.com/en-us/entra/identity/authentication/howto-password-ban-bad-on-premises-operations#enable-on-premises-password-protection Second of all - Azure AD Password Protection's Modern Approach Azure AD Password Protection doesn't rely on a points system. Instead uses, -Banned Password Lists -Smart Detection Algorithms -Policy Enforcement Summarizing, Complexity Points Don't Override Banned Terms. Third of all, N –Policy applies when the password is changed N – The new password matches the banner (Complexity doesn’t override Banned Terms) Y – Audit mode is enabled which affects just ON-PREM
upvoted 1 times
...
chema77
5 months, 2 weeks ago
I would go for NYY: User1 will be prompted to change the password in the next sign in Password Protection Enforcement: Only applies during password changes, not during sign-ins. Answer: No User2 can change the password to @d@tum_C0mpleX123 Fuzzy Matching: No match. Substring Matching: No direct match. Score Calculation: High score due to complexity. adatum [1] + _ [2] + complex [3] + 1 [4] + 2 [5] + 3 [6] Answer: Yes User3 can change the password to Adatum123! Fuzzy Matching: Exact match with “Adatum.” Substring Matching: Contains “Adatum.” Score Calculation: Low score due to banned word. However, since Audit mode applies, the change will be logged but not blocked. Answer: Yes
upvoted 3 times
chema77
5 months, 2 weeks ago
For #2, assumed that tenant name is not Adatum and the user's name is not Adatum.
upvoted 1 times
...
...
pentium75
6 months, 4 weeks ago
User1 - No (password protection is applied at password change) User2 - No (he is native Entra user, audit mode applies only to on-premises AD) User3 - Yes (he is on-premises user that uses audit mode, and the password is not in the list)
upvoted 3 times
...
Apptech
9 months, 2 weeks ago
NNY is correct. Here is why: 1. Existing passwords cannpot be checked . 2. The custom banned password list considers common character substitution, such as "o" and "0", or "a" and "@". --> Conclussion @d@tum_Complex123 contains a banned word 3. Audit mode is only for OnPremAD
upvoted 4 times
Sparkletoss
8 months, 2 weeks ago
I think user2 is yes because the mode is not enforced and set to audit. if it is enforced, then the custom will ban character substitution. That is how I see it
upvoted 2 times
pentium75
6 months, 4 weeks ago
Audit mode applies to on-premises AD, User2 is native Entra user
upvoted 2 times
...
...
...
Alagong
10 months, 1 week ago
gonna with NNY
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago