Here you have the best Microsoft AZ-500 practice exam questions
Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?
The Global administrator role is required to enable and manage Azure AD Privileged Identity Management (PIM). This role has the highest level of privilege in Azure AD and allows a user to configure, manage, and implement PIM settings and assignments. This role gives the necessary permissions to perform all administrative functions, including those related to PIM.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization.
Does the solution meet the goal?
The recommended use of pass-through authentication and seamless Single Sign-On (SSO) with password hash synchronization does meet the goal of ensuring that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant. Pass-through authentication ensures that user sign-ins are validated directly against the on-premises Active Directory, thereby enforcing on-premises password policies and account restrictions. Seamless SSO improves user experience by allowing users to automatically sign in when they are on their corporate devices connected to the corporate network. Password hash synchronization can provide redundancy and support for features like Azure AD Identity Protection without the need for additional infrastructure components, thereby reducing the number of necessary servers.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of federation with Active Directory Federation Services (AD FS).
Does the solution meet the goal?
Federation with Active Directory Federation Services (AD FS) requires multiple servers for setup and maintenance, including AD FS servers and Web Application Proxy (WAP) servers. This solution does not satisfy the requirement of reducing the number of necessary servers. Additionally, AD FS handles authentication externally, which may complicate enforcement of password policies and user logon limitations directly in Azure AD. Therefore, this solution does not meet the goal of integrating Active Directory and the Azure AD tenant while maintaining password policies, user logon limitations, and minimizing the number of servers required.
Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
You have been tasked with integrating Active Directory and the Azure AD tenant. You intend to deploy Azure AD Connect.
Your strategy for the integration must make sure that password policies and user logon limitations affect user accounts that are synced to the Azure AD tenant, and that the amount of necessary servers are reduced.
Solution: You recommend the use of password hash synchronization and seamless SSO.
Does the solution meet the goal?
The solution does not meet the goal because password hash synchronization and seamless Single Sign-On (SSO) do not fully enforce the password policies and user logon limitations from the on-premises Active Directory. Although password hash synchronization can enforce password complexity and expiration policies to some extent, it does not support specific logon limitations like time-based logons or other advanced restrictions. To ensure full enforcement of these policies, pass-through authentication (PTA) would be required, as it allows for real-time validation of users' passwords against the on-premises Active Directory. Therefore, recommending only password hash synchronization and seamless SSO is not sufficient for the stated requirements.
Your company has an Active Directory forest with a single domain, named weylandindustries.com. They also have an Azure Active Directory (Azure AD) tenant with the same name.
After syncing all on-premises identities to Azure AD, you are informed that users with a givenName attribute starting with LAB should not be allowed to sync to
Azure AD.
Which of the following actions should you take?
To prevent users with a givenName attribute starting with LAB from syncing to Azure AD, you should use the Synchronization Rules Editor to create an attribute-based filtering rule. This tool allows you to create custom synchronization criteria based on specific attributes of the users, which fits the requirement stated in the question.