HOTSPOT -
Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).
You have users in contoso.com as shown in the following table.
The users have the passwords shown in the following table.
You implement password protection as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Â
Suggested Answer:
Box 1: No -
User1's password contains the banned password 'Contoso'. However, User1 will not be required to change his password at next sign in. When the password expires or when User1 (or an administrator) changes the password, the password will be evaluated and will have to meet the password requirements.
Box 2: Yes -
Password evaluation goes through several steps including normalization and Substring matching which is used on the normalized password to check for the user's first and last name as well as the tenant name. Normalization is the process of converting common letter substitutes into letters. For example, 0 converts to o. $ converts to s. etc.
The next step is to identify all instances of banned passwords in the user's normalized new password. Then:
1. Each banned password that is found in a user's password is given one point.
2. Each remaining unique character is given one point.
3. A password must be at least five (5) points for it to be accepted.
'C0nt0s0' becomes 'contoso' after normalization. Therefore, C0nt0s0_C0mplex123 contains one instance of the banned password (contoso) so that equals 1 point. After 'contoso', there are 11 unique characters. Therefore, the score for 'C0nt0s0_C0mplex123' is 12. This is more than the required 5 points so the password is acceptable.
Box 3:
The 'Password protection for Windows Server Active Directory' is in 'Audit' mode. This means that the password protection rules are not applied. Audit mode is for logging policy violations before putting the password protection 'live' by changing the mode to 'enforced'.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
This question is in MS-100 Exam
For getting Microsoft 365 Administrator Expert Certificate
Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Microsoft.
The website does not contain actual questions and answers from Microsoft's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to Microsoft.
