Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 76

HOTSPOT -

You work at a company named Contoso, Ltd. that has the offices shown in the following table.

Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled. The tenant contains the users shown in the following table.

The multi-factor authentication settings for contoso.com are configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Hot Area:

    Correct Answer:

Discussion
RameshSesetti

Answer is : No-No-Yes.

Narragr

Why the option trusted ip is not checked

xaccan

Check box is not for trusted ip, it is for federated users

Jimmy500

There i can not see federated users

Sethoo

Agree with your answer. The user from Boston (guestion 2)will not be asked for MFA because at present , the IP address from Boston is excluded from MFA requirements

DarkCyberGhost

But the Checkbox is blank so that function has not been enabled. therefore they will be asked for MFA as the Ip Range is not being excluded.

khengoolman

Please read the function, it has nothing to do with the IP whitelist. N N Y is correct

LJack

Agree should be no, no, yes

rockyykrish

No-Yes-Yes. The second answer will be yes. Skip multifactor authentication for trusted locations is not enabled.

rawrkadia

That checkbox is to skip MFA for federated intranet locations, simply having IPs or Ranges in the text box for trusted IPs turns it on.

Vikku30

Then why do they have the check box, I guess we need to check the check-box, is it not the case?

domtopics

Check box is for when users hit the internal interface of AD FS and receive a token, regardless of public IP address they go to Azure with. IP list is for public IP address they go to Azure with, regardless of how they authenticate.

Pinto

Box1: No. because user1 had already signed in from device1 and had selected the 14 day period hence, won't be asked for MFA. Box2: No because Boston IP range is trusted. Box3: Yes because new device and Seattle IP is not trusted.

Gesbie

In Exam April 11, 2023

wardy1983

Box1: No. because user1 had already signed in from device1 and had selected the 14 day period hence, won't be asked for MFA. Box2: No because Boston IP range is trusted. Box3: Yes because new device and Seattle IP is not trusted.

Kiano

This is exactly what Pinto said. Why comment when you have no additional information?

heatfan900

N = USER 1 CHECKED THE 'DON NOT ASK ME FOR 14 DAYS' CHECKBOX N = USER 2 IS SIGNING IN FROM A TRUSTED LOCATION WHICH BYPASSES MFA Y = USER 1 SIGNING IN AFTER THE 14 DAYS FROM A UNTRUSTED LOCATION.

xRiot007

Wrong. It's Yes because user is signing in using a new device, not from an untrusted location.

xRiot007

Ignore first reply. Unstrusted location seems to be medium.

ArchitectX

No-No-Yes

fonte

Hi all, Passed my exam (13JAN2023) with 918. 50 questions (45 + 5 of a case study). Around 95% of the questions are here. I've compiled the questions and my answers in a ppt, feel free to check it out and hope it helps. https://www.dropbox.com/s/ay00xp2fnloq1ex/AZ%20500%20-%20Exam%20Topics.pptx?dl=0 Use pass az500prep to open the file. Thanks to all the people that comment on questions, I wouldn't have passed without them :)

Tweety1972

Doesn't work

Obama_boy

in exam 08/12/23

TheProfessor

NNY is the answer. Boston's IPs are trusted.

pekay

the answer is no no yes

majstor86

NO NO YES

josh_josh

The trusted IPs feature of Azure AD Multi-Factor Authentication bypasses multi-factor authentication prompts for users who sign in from a defined IP address range. You can set trusted IP ranges for your on-premises environments. When users are in one of these locations, there's no Azure AD Multi-Factor Authentication prompt.

ESAJRR

No-Yes-Yes. The second answer will be yes. Skip multifactor authentication for trusted locations is not enabled.

zellck

NNY is the answer. https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips The trusted IPs feature of Azure AD Multi-Factor Authentication bypasses multi-factor authentication prompts for users who sign in from a defined IP address range. You can set trusted IP ranges for your on-premises environments. When users are in one of these locations, there's no Azure AD Multi-Factor Authentication prompt. The trusted IPs feature requires Azure AD Premium P1 edition.

zellck

https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#remember-multi-factor-authentication The remember multi-factor authentication feature lets users bypass subsequent verifications for a specified number of days, after they've successfully signed in to a device by using MFA. To enhance usability and minimize the number of times a user has to perform MFA on a given device, select a duration of 90 days or more.

Jimmy500

Check box is not picked for second one

r_git

No = User1 on Device1 selected Don't ask again for 14 days on June 1. No = User2 on Device2 signs in from the Boston office IP address subnet 180.15.10.0/24 which is added in trusted ips textbox https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips Yes = User1 signs in to a new device which triggers MFA since it is a new sign in from a new device. The previous 14 days selection was tied to session on Device1

gschneck

On test 12/16/2022

F117A_Stealth

Box1: No. because user1 had already signed in from device1 and had selected the 14 day period hence, won't be asked for MFA. Box2: No because Boston IP range is trusted. Box3: Yes because new device and Seattle IP is not trusted.