AZ-500 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-500 Exam - Question 80

HOTSPOT -

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that has the following settings:

✑ Assignments:

- Include: Group1

- Exclude: Group2

✑ Controls: Require Azure MFA registration

✑ Enforce Policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

Show Answer
Correct Answer:

Discussion

17 comments
Sign in to comment
Jhonsteve83
Mar 13, 2021

Answer is correct : Yes-No-Yes

teehex
May 11, 2021

the only exception here is User2 because it belongs to Group2 which is excluded in the Policy. Yes - No - Yes

heatfan900
Aug 24, 2023

Y = USER 1 IS ONLY ASSIGNED TO GROUP 1 WHICH ENFORCES MFA REGISTRATION. N = USER 2 BELONGS TO, BOTH, GROUP 1 AND 2 WHICH IS EXCLUDED. WHEN THERE IS A CONFLICT THE EXCLUSION WINS OUT. Y = USER 3 BELONGS SOLELY TO GROUP 1 AS DOES USER 1 AND WILL NEED TO REGISTER WITH MFA DO TO THE ENFORECMENT.

cfsxtuv33
Feb 6, 2022

Hey look at that...they got it right!

macka2005
Dec 8, 2022

For a change...

siobhan1
Mar 12, 2022

## On today's exam 03/12/2022 ##

certmonk
May 21, 2022

The magic statement is "Require mfa REGISTRATION"

goalkiller
Apr 26, 2024

in exam today 53 q 5 casestudy -- no lab -- (in test center)

wydad
Apr 27, 2024

there is any news questions, not listed in this dump ?

Cessyd
Jan 6, 2022

On today's exam 06/01/22

majstor86
Mar 2, 2023

YES NO YES

rohitmedi
Nov 28, 2021

correct answer

samimshaikh
Jan 30, 2023

f a user (User B) is a member of two groups in Azure AD (Group 1 and Group 2), and an MFA policy is enforced only for Group 1, while Group 2 is excluded, the following will occur when User B logs on: If User B attempts to access a resource that is protected by the MFA policy and they are accessing the resource as a member of Group 1, they will be prompted to perform MFA. If User B attempts to access a resource that is not protected by the MFA policy, or if they are accessing the resource as a member of Group 2, they will not be prompted to perform MFA. In other words, the MFA policy will only apply to User B when they access resources as a member of Group 1. When accessing resources as a member of Group 2, the user will not be required to perform MFA. In this case, Group 2 user is accessing resources which excluded for MFA... I am satisfied with answer Yes, No, Yes

zellck
May 7, 2023

YNY is the answer. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy#policy-configuration Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.

ESAJRR
Jul 13, 2023

YES NO YES

timHAG
Aug 6, 2023

isn't user three bieng in differeing onprem active directory? hence AAD MFA would not apply to him? hence third option is NO

CJ32
Jan 28, 2022

YES - NO - YES Exclusion takes precedence over inclusion

Eltooth
Mar 21, 2022

Yes - No _ Yes is correct answer.

Weerayuth
Dec 30, 2023

I am not sure about "MFA registration" and "during the user's next Azure AD authentication". For the next Azure AD authentication one should not conduct "MFA registration" again since he/she shoul already did the MFA registration.

xRiot007
Jul 16, 2024

Not if the user has legacy login without MFA, prior to this.