FREE Microsoft AZ-500 Questions and Answers

Question 1

Recently, your business started an Azure subscription.
You are responsible for ensuring that a particular user may utilize Azure AD Privileged Identity Management (PIM).
Which of the following roles should you provide the user?

Accepted Answer

The Global administrator role.

Answer

To manage Azure AD Privileged Identity Management (PIM), a user requires the highest level of administrative permissions. The Global Administrator role is the most powerful role in Azure AD, granting comprehensive control over all administrative features, including the ability to configure and administer PIM. Other roles listed do not possess the necessary broad permissions for full PIM management.

Question 2

Your business has an Active Directory forest with just the weylandindustries.com domain. Additionally, they have a tenant with the same name in Azure Active Directory (Azure AD).
The integration of Active Directory with the Azure AD tenancy is your responsibility. You want to introduce Azure AD Connect.
Your integration approach must ensure that user accounts that are synchronized to the Azure AD tenant are affected by password rules and user login limitations, and that the number of required servers is kept to a minimum.
You suggest using seamless SSO with password hash synchronization and pass-through authentication. Is the aim being met by the solution?

Accepted Answer

No

Answer

The proposed solution combines Password Hash Synchronization (PHS) with Pass-through Authentication (PTA), which are mutually exclusive authentication methods in Azure AD Connect. You cannot use both simultaneously for the same users. This technical incompatibility means the solution is unfeasible and therefore fails to meet the stated integration aim.

Question 3

Your business has an Active Directory forest with just the weylandindustries.com domain. Additionally, they have a tenant with the same name in Azure Active Directory (Azure AD).
The integration of Active Directory with the Azure AD tenancy is your responsibility. You want to introduce Azure AD Connect.
Your integration approach must ensure that user accounts that are synchronized to the Azure AD tenant are affected by password rules and user login limitations, and that the number of required servers is kept to a minimum.
You suggest using Active Directory Federation Services (AD FS) for federation as a solution.
Is the aim being met by the solution?

Accepted Answer

No

Answer

While Active Directory Federation Services (AD FS) can ensure on-premises password rules and login limitations apply, it requires a substantial infrastructure of multiple servers (AD FS servers and Web Application Proxy servers). This directly contradicts the requirement to keep the number of required servers to a minimum. Thus, AD FS does not meet all the specified aims.

Question 4

Your business has an Active Directory forest with just the weylandindustries.com domain. Additionally, they have a tenant with the same name in Azure Active Directory (Azure AD).
The integration of Active Directory with the Azure AD tenancy is your responsibility. You want to introduce Azure AD Connect.
Your integration approach must ensure that user accounts that are synchronized to the Azure AD tenant are affected by password rules and user login limitations, and that the number of required servers is kept to a minimum.
You suggest using seamless SSO and password hash synchronization as a fix.
Is the aim being met by the solution?

Accepted Answer

Yes

Answer

Password Hash Synchronization (PHS) ensures that on-premises password rules and login limitations are enforced for synchronized user accounts, as their password hashes are synced from on-premises AD. Combined with seamless SSO, this solution provides a good user experience and minimizes server count, as it primarily relies on Azure AD Connect without additional infrastructure like AD FS. This combination effectively meets all the specified requirements.

Question 5

Your business has an Active Directory forest with just the weylandindustries.com domain. Additionally, they have a tenant with the same name in Azure Active Directory (Azure AD).
You are informed that users with a givenName attribute commencing with LAB should not be permitted to sync to Azure AD once all on-premises identities have been synced to it.
Cloud AD.
Which of the subsequent actions ought you to perform?

Accepted Answer

You should make use of the Synchronization Rules Editor to create an attribute-based filtering rule.

Answer

To prevent specific users from synchronizing to Azure AD based on an attribute like 'givenName', you must configure filtering within Azure AD Connect. The Synchronization Rules Editor is the dedicated tool used to create or modify inbound and outbound synchronization rules, allowing you to define attribute-based filtering criteria to control which objects are synchronized. Firewall rules or Active Directory Users and Computers are not designed for this purpose.

Microsoft Azure Security Engineer Certification Practice Test

Microsoft Azure Security Engineer Certification Practice Test

FREE Microsoft AZ-500 Questions and Answers