nerdexam
ExamsAZ-500Questions#77
MicrosoftMicrosoft

AZ-500 · Question #77

AZ-500 Question #77: Real Exam Question with Answer & Explanation

The correct answer is B: No. Option B (No) is correct because Azure AD Application Proxy is designed to provide secure remote access to on-premises web applications, not to enable on-premises Active Directory credential authentication for Azure HDInsight clusters. It acts as a reverse proxy for publishing in

Submitted by kavita_s· Mar 6, 2026Secure identity and access

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You deploy an Azure AD Application Proxy. Does this meet the goal?

Options

  • AYes
  • BNo

Explanation

Option B (No) is correct because Azure AD Application Proxy is designed to provide secure remote access to on-premises web applications, not to enable on-premises Active Directory credential authentication for Azure HDInsight clusters. It acts as a reverse proxy for publishing internal apps externally, which does not address the requirement of integrating on-premises AD credentials with HDInsight.

Why Option A (Yes) is wrong: Azure AD Application Proxy simply does not have the functionality to federate on-premises Active Directory identities with HDInsight for Kerberos-based or domain-joined authentication - it serves a completely different purpose.

The correct solution for this scenario is to deploy Azure AD Domain Services (AAD DS) and configure HDInsight to use Enterprise Security Package (ESP), which allows domain-joining the cluster and authenticating users with their on-premises AD credentials synced via Azure AD Connect.

Memory Tip: Think of Azure AD Application Proxy as a "front door for on-premises web apps" - it lets external users reach internal websites, not the other way around. For HDInsight AD authentication, remember ESP + AAD DS = domain-joined cluster security. If a solution doesn't involve domain services or ESP, it likely won't meet HDInsight authentication goals.

Topics

#Azure AD Application Proxy#HDInsight authentication#Hybrid identity#On-premises AD integration

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full AZ-500 PracticeBrowse All AZ-500 Questions