- 4 views
Exam
Answer confirmed
Question
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table.
Domain/OU filtering in Azure AD Connect is configured as shown in the Filtering exhibit. (Click the Filtering tab.)
You review the Azure AD Connect configurations as shown in the Configure exhibit. (Click the Configure tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Proposed answer
Suggested answer
Correct answer
The suggested answer is incorrect
| Question | Suggested answer | Correct answer | Comment |
|---|---|---|---|
| User1 can use SSPR | Y | Y | Enable Password writeback |
| On-premises DC provides auth | Y | Y | Enable Pass-through authentication |
| You can add User2 to Group1 | Y | N | User 2 placed in OU2, which is not synced to Azure |
MR_Eliot
Highly Voted 1 year, 2 months ago
1. [YES] -> Password Write back is enabled. 2. [YES] -> Pass-Through authentication is in use, therefore AD is the Identity Provider. 3. [NO] -> "User2" is under "OU2" which is not syned to the Azure Tenant.
upvoted 23 times
PXAbstraction
1 year, 1 month ago
Correct. The amount of wrong answers provided on this test is pretty ridiculous.
upvoted 7 times
NazerRazer
Highly Voted 1 year, 1 month ago
1. User1 can use self-service password reset (SSPR) to reset his password. -> [YES]. User1 can use self-service password reset (SSPR) because they are in the synchronized organizational unit (OU1), and "Enable Password writeback" is configured. 2. If User1 connects to Microsoft Exchange Online, an on-premises domain controller provides authentication. -> [Yes]. When User1 connects to Microsoft Exchange Online or any other Azure AD-integrated service, their authentication request is passed directly to an on-premises AD domain controller for validation because Pass-through Authentication (PTA) is used. 3. You can add User2 to Group1 as a member. -> [No]. User2 is in OU2, which is not selected for synchronization according to the provided configuration details. Since User2's OU is not included in the synchronization scope, you cannot directly add User2 to Group1 from the on-premises AD.
upvoted 5 times
nap61
Most Recent 4 months, 1 week ago
"The tenant contains a group named Group1 and the users shown in the following table." User 2 is already member of Group1 as stated...
upvoted 1 times
Joedn
5 months, 3 weeks ago
Valid 05/28/2024
upvoted 2 times
MaryMargh
2 months, 2 weeks ago
Is there a simulation in exam?
upvoted 1 times
SIAMIANJI
6 months, 3 weeks ago
Question3: No. If the organizational unit (OU2) to which User2 belongs is not selected for synchronization in Azure AD Connect, then User2 will not be synchronized to Azure Active Directory (Azure AD). As a result, User2 will not be visible in Azure AD, and you won't be able to directly add User2 to Group1 in Azure AD.
upvoted 1 times
Payday123
1 year ago
"The TENANT contains a group named Group1 and the users shown in the following table." So the Group1 is AAD only and therefore User2 cannot be added as it doesn't exist in the tenant YYN
upvoted 2 times
Jothar
1 year ago
Question #3 NEVER said that you were adding user2 to group1 on the aad. Sounds like you are doing this from AD and of course it will work. So yes for #3 as well.
upvoted 2 times
SIAMIANJI
6 months, 3 weeks ago
Incorrect! It says: "The tenant contains a group named Group1". Group1 is not in AD it's in Azure Tenant.
upvoted 1 times
SantaClaws
1 year ago
I disagree. Read the first line: Your network contains an on-premises Active Directory Domain Services (AD DS) domain named contoso.com that syncs with an Azure AD tenant. The tenant contains a group named Group1 and the users shown in the following table. It is explicitly stated that Group1 exists in the Tenant. You are TECHNICALLY correct that Group1 might ALSO exist in AD, but in the SPIRIT of the question, we should assume not. Otherwise they ought to have told us that explicitly. Therefore the answer ought to be NO, because OU2 is not synced in AAD and Group1 is an AAD group.
upvoted 4 times