HOTSPOT - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Suggested Answer:
Box 1: Yes - Conditional access policies can be applied to all users
Box 2: No - Conditional access policies are applied after first-factor authentication is completed.
Box 3: Yes - Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies. Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Given answers are correct.
Conditional Access policies are enforced after first-factor authentication is completed. Conditional Access isn't intended to be an organization's first line of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access.
Source: https://learn.microsoft.com/en-us/entra/identity/conditional-access/location-condition
I would say YYY.
For the second one, Yes Conditional Access takes place after first factor authentication, but, a user is not authenticated after first factor authentication. First factor authentication is only part of the authentication process. A user is not fully authenticated until they have completed Conditional Access as well, so Conditional Access takes place BEFORE a user is authenticated as it is part of the authentication process.
Correct answer is: YYY
for the 2nd one, Conditional access policies in Azure Active Directory (Azure AD) are evaluated before a user is authenticated. Conditional access allows organizations to enforce additional security requirements and controls based on specific conditions, such as user location, device state, or risk level.
How is it, that a global administrator could be included in complience policies? Shouldn´t he be in the top of the hierarchy? isn´t the one who makes the rules?
Global admin accounts are the ones that you need to secure the most. If anything, more conditional access policies should apply to them, not less.
However, it is recommended to set up a break-glass account in case of emergency. Or in case you mess up configuring a conditional access policy and block yourself (and other admins) from reverting it. The emergency account should be excluded from all conditional access policies. But it should therefore be VERY closely monitored and not used for anything else.
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access#set-up-emergency-access-accounts
Anwers: YNY
Conditional Access policies are enforced AFTER first-factor authentication is completed. Conditional Access isn't intended to be an organization's first line of defense for scenarios like denial-of-service (DoS) attacks, but it can use signals from these events to determine access.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Fuji_56
Highly Voted 2 years, 5 months agoDhamus
1 year, 4 months agoM36570
Highly Voted 2 years, 4 months agorodrigoisalino
Most Recent 4 months agoloeloe5
4 months agouser_666
8 months, 1 week agoRamye
9 months, 2 weeks agoRahulX
1 year, 1 month agofurq2904
1 year, 3 months agoCertAddict69
1 year, 4 months agomanofsteel9
1 year, 4 months agoKing_Lam
1 year, 6 months agoNicochet
1 year, 7 months agoWhyiest
1 year, 8 months agoWhyiest
1 year, 8 months agoricardo_27_04_1978
1 year, 10 months agoOG_Diablo
1 year, 9 months agoJohn316
1 year, 9 months agoIXone
1 year, 11 months agoabilioneto
1 year, 12 months ago88xan
2 years, 1 month ago