exam questions

Exam AZ-305 All Questions

View all questions & answers for the AZ-305 exam

Exam AZ-305 topic 1 question 32 discussion

Actual exam question from Microsoft's AZ-305
Question #: 32
Topic #: 1
[All AZ-305 Questions]

Your company has the divisions shown in the following table.

Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1.
You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1.
What should you recommend?

  • A. Configure the Azure AD provisioning service.
  • B. Enable Azure AD pass-through authentication and update the sign-in endpoint.
  • C. Use Azure AD entitlement management to govern external users.
  • D. Configure Azure AD join.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Gowind
Highly Voted 2 years, 3 months ago
Selected Answer: C
Answer is C The app is single tenant authentication so users must be present in contoso directory. https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps With Azure AD B2B, external users authenticate to their home directory, but have a representation in your directory. https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users A is wrong because its to automate provisioning to third party SaaS app. https://docs.microsoft.com/en-us/azure/active-directory/app-provisioning/how-provisioning-works?source=recommendations B. is wrong because the application would need to switch to multi tenant.. https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant
upvoted 67 times
jj22222
1 year, 9 months ago
c is right, i agree
upvoted 4 times
...
...
Snownoodles
Highly Voted 2 years, 3 months ago
Selected Answer: C
C is correct https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users IF App1 is multi-tenant application, A might be correct since you can provision users from other tenant to App1 and configure App1 to SSO with other tenants.
upvoted 14 times
...
SeMo0o0o0o
Most Recent 3 weeks, 2 days ago
Selected Answer: C
C is correct
upvoted 1 times
SeMo0o0o0o
2 weeks, 5 days ago
Use Azure AD entitlement management to govern external users. or Configure Supported account types in the application registration and update the sign-in endpoint.
upvoted 1 times
...
...
23169fd
5 months, 2 weeks ago
Selected Answer: C
C. Use Azure AD entitlement management to govern external users. Explanation: Azure AD Entitlement Management: Facilitates collaboration with external users by automating the request and approval process for access to resources. Allows you to manage access packages that include the required permissions for external users, ensuring they can access App1. External users can use their existing credentials to sign in and access resources in the Contoso Azure AD tenant.
upvoted 1 times
23169fd
5 months, 2 weeks ago
Why Not Other Options: A. Configure the Azure AD provisioning service: More relevant for user lifecycle management and not specifically for cross-tenant access. B. Enable Azure AD pass-through authentication and update the sign-in endpoint: Pass-through authentication is designed for on-premises authentication and doesn't directly facilitate cross-tenant SSO. D. Configure Azure AD join: This is typically used for joining devices to Azure AD, not for enabling cross-tenant user access.
upvoted 2 times
...
...
Lazylinux
7 months, 1 week ago
Selected Answer: C
I would vote for C as per below Entitlement management uses Microsoft Entra business-to-business (B2B) to share access so you can collaborate with people outside your organization. With Microsoft Entra B2B, external users authenticate to their home directory, but have a representation in your directory. The representation in your directory enables the user to be assigned access to your resources. https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-external-users
upvoted 2 times
...
arunmariappan
8 months, 3 weeks ago
Selected Answer: C
c is correct
upvoted 1 times
...
BShelat
11 months, 4 weeks ago
ChatGPT response summary: ----------------------------------------------- Enabling users from the fabrikam.com Azure AD tenant to access App1, currently limited to contoso.com users, requires configuring Azure AD authentication to accommodate both tenants. While Option C, "Azure AD entitlement management," focuses on access governance and user lifecycle management, it doesn't directly address cross-tenant authentication needs. Instead, Option A, utilizing the Azure AD provisioning service, is recommended as it synchronizes users across Azure AD tenants, facilitating access to applications hosted in different tenants, making it a more suitable choice in this scenario.
upvoted 1 times
...
Tplenty
1 year ago
The answer is Use Azure AD entitlement management to govern external users, Exam topic need to make a correction
upvoted 2 times
...
EdServ
1 year, 2 months ago
Duplicated question. Same of question #35 and this has the correct answer "C"
upvoted 2 times
...
Arun_U
1 year, 3 months ago
Selected Answer: C
The correct answer is C. Use Azure AD entitlement management to govern external users. Azure AD entitlement management is a feature that allows you to manage the access of external users to your organization's resources. You can use entitlement management to create access packages that define the resources that external users can access, the permissions they have to those resources, and the duration of their access.
upvoted 3 times
...
Citizen
1 year, 3 months ago
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users
upvoted 1 times
...
GolfGti
1 year, 3 months ago
Selected Answer: C
C is the correct answer
upvoted 1 times
...
eh_36
1 year, 4 months ago
Selected Answer: C
Other answers do not allow the users to access the app.
upvoted 1 times
...
m1dp
1 year, 4 months ago
Selected Answer: C
Answer is C.
upvoted 1 times
...
Nyahyong
1 year, 4 months ago
This question needs to be reviewed considering that it is the same question in Q. 35 with (C) as right answer. So I vote C as the right answer.
upvoted 2 times
...
obllew
1 year, 4 months ago
This is one company with two divisions; why would they need to use entitlement management and make them request access packages etc as though they were an external org? Why not just make App1 registration multi-tenant and make the app trust the 2 issuers (I know that's not an option)
upvoted 3 times
...
sw1000
1 year, 6 months ago
Selected Answer: C
C is the correct answer. I don't understand why A was proposed and upvoted. We are talking about a single-tenant app and therefore we need to establish B2B collaboration and use entitlements for external users as described here: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b#customize-the-onboarding-experience-for-b2b-guest-users
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...