Question 1

A financial institution is designing a hybrid identity solution. They use on-premises Active Directory and want to synchronize identities to Microsoft Entra ID.

Security policies strictly prohibit any form of user password hashes from being synchronized to or stored in the cloud. However, users must be able to sign in to Microsoft 365 and Azure using their on-premises Active Directory credentials. The solution must provide high availability for authentication even if a single on-premises server fails.

Which authentication method should you recommend?

Accepted Answer

Identify the constraints: 'no password hashes in cloud' rules out PHS. 'High availability' requires multiple agents/servers. PTA is simpler than ADFS.

Question 2

What mistakes do candidates make on this AZ-305 question?

Accepted Answer

Choosing AD FS. While AD FS works, PTA is the modern, simpler recommendation unless specific complex federation requirements exist. Also, the AD FS option listed only has a single server, failing the HA requirement.

How to approach this question

Full Answer

Common mistakes

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 4

More questions from this exam