HOTSPOT -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Exam AZ-900 All QuestionsBrowse all questions from this exam
Question 305
Correct Answer:
Box 1: No -
Authorization to access Azure resources can be provided by other identity providers by using federation. A commonly used example of this is to federate your on- premises Active Directory environment with Azure AD and use this federation for authentication and authorization.
Box 2: Yes -
As described above, third-party cloud services and on-premises Active Directory can be used to access Azure resources. This is known as 'federation'.
Federation is a collection of domains that have established trust. The level of trust may vary, but typically includes authentication and almost always includes authorization. A typical federation might include a number of organizations that have established trust for shared access to a set of resources.
Box 3: Yes -
Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. This is the primary built-in authentication and authorization service to provide secure access to Azure resources.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios
Discussion
monsigs
Azure AD is responsible for AUTHENTICATION, and RBAC is for AUTHORIZATION..
kachraSeth
This is the best explaination and the simplest too.
TakumaK
Agreed. Simple and concise.
xmd_5a
hah great catch ;)
JustSignalingVirtues
#3 doesn't say Azure AD, it just says Azure has built-in authentication & authorization, so the answer is yes.
turtle666
some modification in option 1 in real exam changed to user at on-prem or azure AD can access Azure resource.
Violoncello
What was the full question you saw? (And what would be the answer to it?)
techgirl77
Took the exam 12/30/21. This was the only resource I used to study. Thank you examtopics and all of you guys for your comments. Make sure to go through all the questions twice and you will pass. Good luck everyone!
Gresch123123
yep past 3 exams done the same thing and passed, read through once to understand then go through again so its familiar and locked in (3 times if you worried)
zellck
NYY is the answer.
MS_Learner
Got Feb 10, 2022
panal
Given Answer is Correct
jpeg95
Option B: states that identities store in on-premises Active Directory can also be used to access Azure resources. Identities in On-premise Active Directories have to be brought into Azure AD via AD connect. As it has not specifically been said that AD connect is being used, we will mark this Option as wrong. https://k21academy.com/microsoft-azure/az-900/az-900-microsoft-azure-core-identity-services-azure-ad-mfa/ Options B should be False
Moondroid
NYY....
mikl
This is probably the most tricky question in the entire exam dump. Anyone who can clarify for me and all others?
Woodlandsu35
So after all the discussion so far: What is is the correct answer now, with respect to passing the test? Thx to all...
b274b54
It seems indeed like statements containing "only" are always no in these type of questions
siculoct
N Y Y Y
oysterbaby
#3 - Azure App Service provides built-in authentication and authorization capabilities (sometimes referred to as "Easy Auth") - https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
oysterbaby
Ahh, but statement is "...secure access to Azure resources." whereas Azure App Service is just for the App Service. But RBAC would provide authorization.
mikamozg
fist question: isn't all about the fact that you can assign not only to users but to groups as well
mikamozg
second question is yes : https://docs.microsoft.com/en-us/azure/active-directory/external-identities/compare-with-b2c
starseed
Azure Active Directory (Azure AD) is a centralized identity provider in the cloud. Delegating authentication and authorization to it enables scenarios such as: Conditional Access policies that require a user to be in a specific location. The use of multi-factor authentication, which is sometimes called two-factor authentication or 2FA. Enabling a user to sign in once and then be automatically signed in to all of the web apps that share the same centralized directory. This capability is called single sign-on (SSO). 3rd box - yes https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-vs-authorization
MrNY007
I recall from training the difference between authentication and authorization, just thinking of it i think is hould be No, No - does not mean you are authorized to access resources - and Yes. A week away from my test, any good soul that can help understanding this?
HardikPathak
It should be No, No, Yes