Question 1

A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy stating that no user password hashes, even in synchronized or encrypted form, can ever be stored in the cloud.

They require Single Sign-On (SSO) for their 10,000 employees. The on-premises Active Directory must be the sole authority for authentication. If the on-premises internet connection fails, users should NOT be able to authenticate to cloud services.

Which hybrid identity authentication method should you recommend?

Accepted Answer

Identify the authentication method that validates against on-premises AD in real-time without syncing hashes.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Choosing AD FS. While AD FS also meets the security requirement, Microsoft recommends PTA over AD FS for its simplicity, unless there are specific legacy federation requirements.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

More questions from this exam