exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 1 question 35 discussion

Actual exam question from Microsoft's AZ-305
Question #: 35
Topic #: 1
[All AZ-305 Questions]

Your company has the divisions shown in the following table.

Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend?

  • A. Configure the Azure AD provisioning service.
  • B. Configure assignments for the fabrikam.com users by using Azure AD Privileged Identity Management (PIM).
  • C. Use Azure AD entitlement management to govern external users.
  • D. Configure Azure AD Identity Protection.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
santi1975
Highly Voted 2 years, 3 months ago
Selected Answer: A This is exactly question 32, and in the 32 question the answer is A (what makes sense BTW). This is ridiculous.
upvoted 23 times
...
Gowind
Highly Voted 2 years, 3 months ago
Selected Answer: C
Correct Application is single tenant so users must be in the same directory as the home tenant https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users Azure AD entitlement management uses Azure AD business-to-business (B2B) to share access so you can collaborate with people outside your organization. With Azure AD B2B, external users authenticate to their home directory, but have a representation in your directory. A is for populated users to SaaS applications (third party like Dropbox or Salesforce), but the users must first be in the directory....
upvoted 21 times
...
SeMo0o0o0o
Most Recent 3 weeks, 2 days ago
Selected Answer: C
C is correct
upvoted 1 times
...
KaoticShadow
1 year, 4 months ago
Selected Answer: C
I used to think the answer was A until I read this There are three ways that entitlement management lets you specify the users that form a connected organization. It could be - users in another Azure AD directory (from any Microsoft cloud), - users in another non-Azure AD directory that has been configured for direct federation, or - users in another non-Azure AD directory, whose email addresses all have the same domain name in common. So the answer should be C because of the first option of the three from the article https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-organization
upvoted 3 times
...
imjoel
1 year, 5 months ago
Selected Answer: C
C is correct
upvoted 1 times
...
zellck
1 year, 9 months ago
Same as Question 38. https://www.examtopics.com/discussions/microsoft/view/93994-exam-az-305-topic-1-question-38-discussion
upvoted 1 times
...
zellck
1 year, 9 months ago
Selected Answer: C
C is the answer. C is the answer. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-overview#what-can-i-do-with-entitlement-management Here are some of capabilities of entitlement management: - Select connected organizations whose users can request access. When a user who isn't yet in your directory requests access, and is approved, they're automatically invited into your directory and assigned access. When their access expires, if they have no other access package assignments, their B2B account in your directory can be automatically removed.
upvoted 3 times
C_M_M
1 year, 7 months ago
You are describing Access package right? In Access package you grant access to specific individuals to particular resources for a limited time. And you do it manually. This question seems to be referring to blanket access to users on the other tenant. Seems more like what user provisioning can do. user provisioning can provision users from external SaaS application, I don't see why it cannot do that for another tenant in Azure AD.
upvoted 1 times
...
...
cp2323
1 year, 9 months ago
Selected Answer: C
CORRECT ANSWER
upvoted 1 times
...
OPT_001122
1 year, 10 months ago
Selected Answer: C
C. Use Azure AD entitlement management to govern external users.
upvoted 1 times
...
janvandermerwer
1 year, 10 months ago
Selected Answer: C
Correct. B2B functionality between the Two azure ad tenants. i.e user logs authenticates to their tenant, which is then provided access to the application tenant. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users
upvoted 1 times
...
askumar17
1 year, 11 months ago
Option C - Entitlement Management is the right answer. Refer the Recommendation section on below link for more details. " For projects with one or more business partners, Create and use access packages to onboard and provision those partner’s users access to resources." https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/6-secure-access-entitlement-managment Option A - Access provision looks suitable option, but its not right answer to the scenarios. Access provision suitable for apps that maintains its own password store. Refer App provisioning section in below link for the clarity https://learn.microsoft.com/en-us/azure/active-directory/governance/what-is-provisioning
upvoted 1 times
...
Guest
1 year, 11 months ago
The answer C is no longer valid. Had this one on my exam today and it had different options Don't recall what the correct answer was
upvoted 1 times
...
Snownoodles
2 years, 3 months ago
Selected Answer: C
"App1 uses Azure AD for single-tenant user authentication" - SINGLE-TENANT So A is incorrect. C is the correct answer: https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users
upvoted 7 times
Snownoodles
2 years, 3 months ago
Please read this link for "single-tenant" and "multi-tenant": https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps
upvoted 1 times
...
C_M_M
1 year, 7 months ago
Single tenant simply means that only users in the present tenant can use it by default. it doesn't mean users in other tenants cannot be provisioned into the app via User provisioning. It also doesn't mean that the app cannot connect with single -sign on from other applications like google, facbook etc if configured to do so. My point being - A single tenant app doesn't mean any other means of connecting to external identities becomes impossible. it simply speaks to default.
upvoted 1 times
C_M_M
1 year, 7 months ago
Correct me if I am wrong, but I don't understand how Access Package (entitlement management is the solution to this question based on the fact that it is designed to give specific users temporal access to specific resources, and not a blanket solution to grant access to external tenants
upvoted 1 times
...
BShelat
12 months ago
fyi - Single tenant AND multi tenant terms in Azure are meant for application type NOT for user type.
upvoted 1 times
...
...
...
Amialijoonz
2 years, 3 months ago
isn't that supposed to be Azure AD provisioning service?
upvoted 5 times
Saffar
2 years, 3 months ago
I think the correct answer is A. https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/isv-automatic-provisioning-multi-tenant-apps C is wrong, Entitlement management is an identity governance capability that enables organizations to manage identity and access lifecycle at scale by automating access request workflows, access assignments, reviews, and expiration.
upvoted 5 times
Babonamaki
2 years, 3 months ago
This one is tricky. The question says the app is single tenant. Thoughts?
upvoted 1 times
...
Snownoodles
2 years, 3 months ago
C is correct: "Azure AD entitlement management uses Azure AD business-to-business (B2B) to share access so you can collaborate with people outside your organization. With Azure AD B2B, external users authenticate to their home directory, but have a representation in your directory. The representation in your directory enables the user to be assigned access to your resources" The link you provided is for "multi-tenant-apps", not for "single-tenant"
upvoted 4 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...