HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Box 2: Yes - Leaked Credentials indicates that the user's valid credentials have been leaked.
Box 3: Yes - Multi-Factor Authentication can be required based on conditions, one of which is user risk. Reference: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa
The third question I think is YES
"These risk detections can trigger actions such as requiring users to provide multifactor authentication, reset their password, or block access until an administrator takes action."
https://docs.microsoft.com/en-us/learn/modules/describe-identity-protection-governance-capabilities/5-describe-azure?ns-enrollment-type=LearningPath&ns-enrollment-id=learn.wwl.describe-capabilities-of-microsoft-identity-access-management-solutions
The key hre is "user risk" The ID Protection feature will go to CA and ask for a secure password change. A sign in risk will require MFA. As per a link below on the subject. I agree with NYN
NYY is the answer.
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#nonpremium-user-risk-detections
- Leaked credentials
This risk detection type indicates that the user's valid credentials have been leaked. When cybercriminals compromise valid passwords of legitimate users, they often share those credentials. This sharing is typically done by posting publicly on the dark web, paste sites, or by trading and selling the credentials on the black market. When the Microsoft leaked credentials service acquires user credentials from the dark web, paste sites, or other sources, they're checked against Azure AD users' current valid credentials to find valid matches.
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-policies#sign-in-risk-based-conditional-access-policy
During each sign-in, Identity Protection analyzes hundreds of signals in real-time and calculates a sign-in risk level that represents the probability that the given authentication request isn't authorized. This risk level then gets sent to Conditional Access, where the organization's configured policies are evaluated. Administrators can configure sign-in risk-based Conditional Access policies to enforce access controls based on sign-in risk, including requirements such as:
- Block access
- Allow access
- Require multifactor authentication
For third question, I think it should be No.
Bcoz, 1. I know you can use User risk level condition in CA to enforce MFA but no way i can relate the 3rd point talking about CA.
2. In Azure Identity protection, for User risk (High, medium or Low) we only have 2 options either block access or allow access with password change.
3. User risk indicates Identity is compromised, hence its best reset the password rather than doing MFA.
it is yes, because: https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa
The following three policies are available in Azure AD Identity Protection to protect users and respond to suspicious activity. You can choose to turn the policy enforcement on or off, select users or groups for the policy to apply to, and decide if you want to block access at sign-in or prompt for additional action.
User risk policy
Identifies and responds to user accounts that may have compromised credentials. Can prompt the user to create a new password.
Sign in risk policy
Identifies and responds to suspicious sign-in attempts. Can prompt the user to provide additional forms of verification using Azure AD Multi-Factor Authentication.
MFA registration policy
Makes sure users are registered for Azure AD Multi-Factor Authentication. If a sign-in risk policy prompts for MFA, the user must already be registered for Azure AD Multi-Factor Authentication.
"Require MFA for users with medium or high sign-in risk"
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
So last one is YES
for the third question I feel it is Y : "Organizations can choose to block access when risk is detected. Blocking sometimes stops legitimate users from doing what they need to. A better solution is to allow self-remediation using Azure AD Multi-Factor Authentication (MFA) and self-service password reset (SSPR)."
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies
Should be N, Y, N
user risk policy access control requires password change
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies#user-risk-with-conditional-access
It's a tricky question because like you said it require to change the password, but changing the password needs MFA validation.
I think they want to us to say NO, because is "Sign-in risk" wich can invoque MFA.
When a user risk policy triggers:
Administrators can require a secure password reset, requiring Azure AD MFA be done before the user creates a new password with SSPR, resetting the user risk.
When a sign-in risk policy triggers:
Azure AD MFA can be triggered, allowing to user to prove it's them by using one of their registered authentication methods, resetting the sign-in risk.
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
lgab
Highly Voted 3 years, 1 month agoRH10
Highly Voted 3 years, 1 month agoNoursBear
Most Recent 3 months, 3 weeks agoLorenz1974
1 year, 1 month agozellck
1 year, 5 months agozellck
1 year, 5 months agozellck
1 year, 5 months agoYelad
2 years, 2 months agoNawafAli
2 years, 7 months agodatahop
1 year, 10 months agosas000
2 years, 8 months agoCodexFT
2 years, 8 months agoalopezme
2 years, 12 months agohapai
3 years, 2 months agoCookiekaikai
3 years, 2 months agoAlvaroll
2 years, 1 month ago