Free SC-900 Exam Braindumps (page: 18)

Page 17 of 56

Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group?

  1. access reviews
  2. managed identities
  3. conditional access policies
  4. Azure AD Identity Protection

Answer(s): A

Explanation:

Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments.


Reference:

https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview



HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
Microsoft’s identity solutions span on-premises and cloud-based capabilities. These solutions create a common user identity for authentication and authorization to all resources, regardless of location. We call this hybrid identity.

With hybrid identity to Azure AD and hybrid identity management these scenarios become possible.

To achieve hybrid identity with Azure AD, one of three authentication methods can be used, depending on your scenarios. The three methods are:

Password hash synchronization (PHS)
Pass-through authentication (PTA)
Federation (AD FS)

Note: Password hash synchronization is one of the sign-in methods used to accomplish hybrid identity. Azure AD Connect synchronizes a hash of a user's password from an on-premises Active Directory instance to a cloud-based Azure AD instance.

Box 2: No
Need to configure password synchronization.
The user accounts created on-premises would then be synchronized to the cloud.

Box 3: Yes
Federated authentication
Federated authentication is primarily for large enterprise organizations with more complex authentication requirements. AD DS identities are synchronized with Microsoft 365 and users accounts are managed on-premises. With federated authentication, users have the same password on-premises and in the cloud and they do not have to sign in again to use Microsoft 365.

For third-party authentication and identity providers, on-premises directory objects may be synchronized to Microsoft 365 and cloud resource access that are primarily managed by a third-party identity provider (IdP). If your organization uses a third-party federation solution, you can configure sign-on with that solution for Microsoft 365 provided that the third-party federation solution is compatible with Azure AD.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-hybrid-identity
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-phs
https://learn.microsoft.com/en-us/microsoft-365/enterprise/deploy-identity-solution-identity-model?



Which three authentication methods can Azure AD users use to reset their password? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

  1. mobile app notification
  2. text message to a phone
  3. security questions
  4. certificate
  5. picture password

Answer(s): A,B,C

Explanation:

Azure Active Directory (Azure AD) self-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If a user's account is locked or they forget their password, they can follow prompts to unblock themselves and get back to work. This ability reduces help desk calls and loss of productivity when a user can't sign in to their device or an application.

Authentication methods
When a user is enabled for SSPR, they must register at least one authentication method. We highly recommend that you choose two or more authentication methods so that your users have more flexibility in case they're unable to access one method when they need it. For more information, see What are authentication methods?.

The following authentication methods are available for SSPR:

Mobile app notification
Mobile app code
Email
Mobile phone
Office phone (available only for tenants with paid subscriptions)
Security questions
Users can only reset their password if they have registered an authentication method that the administrator has enabled.

Note: Select authentication methods and registration options
When users need to unlock their account or reset their password, they're prompted for another confirmation method. This extra authentication factor makes sure that Azure AD finished only approved SSPR events. You can choose which authentication methods to allow, based on the registration information the user provides.

1. From the menu on the left side of the Authentication methods page, set the Number of methods required to reset to 2.

To improve security, you can increase the number of authentication methods required for SSPR.

2. Choose the Methods available to users that your organization wants to allow. For this tutorial, check the boxes to enable the following methods:

Mobile app notification
Mobile app code
Email
Mobile phone
You can enable other authentication methods, like Office phone or Security questions, as needed to fit your business requirements.

3. To apply the authentication methods, select Save.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr



HOTSPOT (Drag and Drop is not supported)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

  1. See Explanation section for answer.

Answer(s): A

Explanation:




Box 1: Yes
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.

Box 2: No
Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose. It allows businesses to build customer facing applications, and then allow anyone to sign up into those applications with no restrictions on user account.

Box 3: Yes
Custom-branded identity solution
Azure AD B2C is a white-label authentication solution. You can customize the entire user experience with your brand so that it blends seamlessly with your web and mobile applications.

Customize every page displayed by Azure AD B2C when your users sign up, sign in, and modify their profile information. Customize the HTML, CSS, and JavaScript in your user journeys so that the Azure AD B2C experience looks and feels like it's a native part of your application.


Reference:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/overview






Post your Comments and Discuss Microsoft SC-900 exam with other Community members:

SC-900 Discussions & Posts