Exam AZ-800 All QuestionsBrowse all questions from this exam
Go to Exam
Question 41

HOTSPOT

-

Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table.

Domain/OU filtering in Azure AD Connect is configured as shown in the Filtering exhibit. (Click the Filtering tab.)

You review the Azure AD Connect configurations as shown in the Configure exhibit. (Click the Configure tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
MR_Eliot

1. [YES] -> Password Write back is enabled. 2. [YES] -> Pass-Through authentication is in use, therefore AD is the Identity Provider. 3. [NO] -> "User2" is under "OU2" which is not syned to the Azure Tenant.

PXAbstraction

Correct. The amount of wrong answers provided on this test is pretty ridiculous.

NazerRazer

1. User1 can use self-service password reset (SSPR) to reset his password. -> [YES]. User1 can use self-service password reset (SSPR) because they are in the synchronized organizational unit (OU1), and "Enable Password writeback" is configured. 2. If User1 connects to Microsoft Exchange Online, an on-premises domain controller provides authentication. -> [Yes]. When User1 connects to Microsoft Exchange Online or any other Azure AD-integrated service, their authentication request is passed directly to an on-premises AD domain controller for validation because Pass-through Authentication (PTA) is used. 3. You can add User2 to Group1 as a member. -> [No]. User2 is in OU2, which is not selected for synchronization according to the provided configuration details. Since User2's OU is not included in the synchronization scope, you cannot directly add User2 to Group1 from the on-premises AD.

Payday123

"The TENANT contains a group named Group1 and the users shown in the following table." So the Group1 is AAD only and therefore User2 cannot be added as it doesn't exist in the tenant YYN

Jothar

Question #3 NEVER said that you were adding user2 to group1 on the aad. Sounds like you are doing this from AD and of course it will work. So yes for #3 as well.

SantaClaws

I disagree. Read the first line: Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table. It is explicitly stated that Group1 exists in the Tenant. You are TECHNICALLY correct that Group1 might ALSO exist in AD, but in the SPIRIT of the question, we should assume not. Otherwise they ought to have told us that explicitly. Therefore the answer ought to be NO, because OU2 is not synced in AAD and Group1 is an AAD group.

SIAMIANJI

Incorrect! It says: "The tenant contains a group named Group1". Group1 is not in AD it's in Azure Tenant.

nap61

"The tenant contains a group named Group1 and the users shown in the following table." User 2 is already member of Group1 as stated...

Joedn

Valid 05/28/2024

SIAMIANJI

Question3: No. If the organizational unit (OU2) to which User2 belongs is not selected for synchronization in Azure AD Connect, then User2 will not be synchronized to Azure Active Directory (Azure AD). As a result, User2 will not be visible in Azure AD, and you won't be able to directly add User2 to Group1 in Azure AD.