Exam AZ-500 topic 1 question 6 discussion

Yes, he's High!

D. High Note: It is very unlikely the Microsoft will require the memorization of specific risk levels given that they have changed the documentation. Previously the risk levels were very well defined, however they now provide this very vague paragraph: "Microsoft doesn't provide specific details about how risk is calculated. Each level of risk brings higher confidence that the user or sign-in is compromised. For example, something like one instance of unfamiliar sign-in properties for a user might not be as threatening as leaked credentials for another user." Modern Documentation: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#investigate-risk Legacy Documentation: https://web.archive.org/web/20190419234045/https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risk-events

Answer: D, High Reason: Leaked credentials are classified as a high-risk level in Azure AD Identity Protection because they indicate that valid username/password combinations are available to malicious actors, posing a significant security threat to the organization. Reference: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#risk-levels

Risk level define is high

To support the answer: When a user has leaked credentials detected in Azure, the risk level is typically set to "High" in Conditional Access policies. This is because leaked credentials pose a significant security threat, as they indicate that the user's valid credentials have been compromised and are potentially available to unauthorized parties. To configure a Conditional Access policy for leaked credentials: In the Azure portal, navigate to Microsoft Entra ID > Security > Conditional Access. Create a new policy or edit an existing one. Under "Conditions", select "User risk". Set "Configure" to "Yes". Choose "High" as the risk level. By setting the risk level to "High" for leaked credentials, you ensure that the policy takes immediate action when such a threat is detected, such as requiring a password reset or multi-factor authentication Answer = D

The risk level that should be configured for users that have leaked credentials in a conditional access policy is High. When a user's credentials are leaked, it means that their username and password have been compromised and are potentially in the hands of an attacker. This puts the user's account and the resources that they have access to at a high level of risk, making it important to apply strict access controls and security measures. By setting the risk level to High, conditional access policies can be configured to enforce stricter security measures, such as requiring multifactor authentication or blocking access to certain resources entirely. Therefore, the correct answer is D. High.

D is the answer. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/security-operations-user-accounts#unusual-sign-ins Leaked credentials user risk detection - Risk Level: High

If your users credentials are leaked, you are yiffed, so it should always be the highest risk value, in this case "High"

Yes, It's High!

D. High

Someone confirm if these questions are still on the exam. These are no longer up to date, and now analyzed as Real-Time and Offline.

The correct answer is D

High is the right answer

D. High

D: High

The question is outdated and not relevant now

Use logic and think like a security professional, users with Leaked credentials are always at high risk. Imagine the user is global admin. MFA is there, but still it is high risk. Nothing is secure and privacy is a myth before Advance Persistent Threat.