ExpertMinds LogoExpertMinds
Medium1 markMultiple Choice
Domain 1.2: Authentication and AuthorizationDomain 1IdentityConditional AccessSecurity

AZ-305 · Question 06 · Domain 1.2: Authentication and Authorization

Your organization uses Microsoft Entra ID Premium P2. You are designing a Conditional Access strategy to protect access to the Azure Portal.

The security team requires that if a user's sign-in is evaluated as 'High Risk' by Microsoft Entra ID Protection, the user must not be blocked immediately. Instead, they must be forced to prove their identity securely and remediate the risk themselves without contacting the helpdesk.

Which control should you configure in the Conditional Access policy?

Answer options:

A.

Require multifactor authentication.

B.

Require multifactor authentication and require password change.

C.

Block access.

D.

Require device to be marked as compliant.

How to approach this question

Understand how Entra ID Protection handles risk remediation. To clear a risk state automatically, the user must perform a secure password reset.

Full Answer

B.Require multifactor authentication and require password change.✓ Correct
Require multifactor authentication and require password change.
In Microsoft Entra ID Protection, a high-risk sign-in often indicates compromised credentials. To allow self-remediation without helpdesk intervention, the Conditional Access policy should grant access but require both MFA (to prove the user has their second factor) and a password change (to secure the potentially compromised password). This combination automatically dismisses the user risk.

Common mistakes

Selecting only MFA. MFA alone does not reset the risk state for a compromised credential.
05All questions07

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 5

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Contoso Ltd has 50 subscriptions across 3 business units. Each business unit manages its own IT o...EasyQ02You are designing a monitoring solution for a hybrid environment. The environment consists of 200...MediumQ03Your company uses Microsoft Sentinel integrated with a Log Analytics workspace. The workspace ing...HardQ04You are designing an application monitoring strategy using Application Insights. The application ...MediumQ05A highly regulated financial institution is migrating to Microsoft 365 and Azure. They currently ...Hard
View all 55 questions →