Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 80

HOTSPOT -

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that has the following settings:

✑ Assignments:

- Include: Group1

- Exclude: Group2

✑ Controls: Require Azure MFA registration

✑ Enforce Policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

Discussion
Jhonsteve83

Answer is correct : Yes-No-Yes

teehex

the only exception here is User2 because it belongs to Group2 which is excluded in the Policy. Yes - No - Yes

heatfan900

Y = USER 1 IS ONLY ASSIGNED TO GROUP 1 WHICH ENFORCES MFA REGISTRATION. N = USER 2 BELONGS TO, BOTH, GROUP 1 AND 2 WHICH IS EXCLUDED. WHEN THERE IS A CONFLICT THE EXCLUSION WINS OUT. Y = USER 3 BELONGS SOLELY TO GROUP 1 AS DOES USER 1 AND WILL NEED TO REGISTER WITH MFA DO TO THE ENFORECMENT.

cfsxtuv33

Hey look at that...they got it right!

macka2005

For a change...

goalkiller

in exam today 53 q 5 casestudy -- no lab -- (in test center)

wydad

there is any news questions, not listed in this dump ?

certmonk

The magic statement is "Require mfa REGISTRATION"

siobhan1

## On today's exam 03/12/2022 ##

majstor86

YES NO YES

Cessyd

On today's exam 06/01/22

timHAG

isn't user three bieng in differeing onprem active directory? hence AAD MFA would not apply to him? hence third option is NO

ESAJRR

YES NO YES

zellck

YNY is the answer. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy#policy-configuration Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.

samimshaikh

f a user (User B) is a member of two groups in Azure AD (Group 1 and Group 2), and an MFA policy is enforced only for Group 1, while Group 2 is excluded, the following will occur when User B logs on: If User B attempts to access a resource that is protected by the MFA policy and they are accessing the resource as a member of Group 1, they will be prompted to perform MFA. If User B attempts to access a resource that is not protected by the MFA policy, or if they are accessing the resource as a member of Group 2, they will not be prompted to perform MFA. In other words, the MFA policy will only apply to User B when they access resources as a member of Group 1. When accessing resources as a member of Group 2, the user will not be required to perform MFA. In this case, Group 2 user is accessing resources which excluded for MFA... I am satisfied with answer Yes, No, Yes

rohitmedi

correct answer

Weerayuth

I am not sure about "MFA registration" and "during the user's next Azure AD authentication". For the next Azure AD authentication one should not conduct "MFA registration" again since he/she shoul already did the MFA registration.

xRiot007

Not if the user has legacy login without MFA, prior to this.

Eltooth

Yes - No _ Yes is correct answer.

CJ32

YES - NO - YES Exclusion takes precedence over inclusion