MS-102 Question #37: Real Exam Question with Answer & Explanation

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table. The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.) User2 fails to authenticate to Azure AD when signing in as [email protected]. You need to ensure that User2 can access the resources in Azure AD. Solution: From the Microsoft Entra admin center, you assign User2 the Security Reader role. You instruct User2 to sign in as [email protected]. Does this meet the goal?

Options

• AYes
• BNo

Explanation

In this scenario, User2's UPN uses the fabrikam.com domain, but the Azure AD tenant is contoso.com. For User2 to authenticate using a fabrikam.com UPN, two things must be true: (1) fabrikam.com must be added as a verified custom domain in the Azure AD tenant, and (2) User2's UPN must be updated to match. The solution presented in this question (likely adding only the UPN suffix in on-premises AD without verifying fabrikam.com in Azure AD, or only partially addressing one requirement) is insufficient. Because both steps are not completed by the proposed solution, authentication still fails - hence the answer is No.

No community discussion yet for this question.