nerdexam
ExamsSC-300Questions#332
MicrosoftMicrosoft

SC-300 · Question #332

SC-300 Question #332: Real Exam Question with Answer & Explanation

The correct answer is A: the Microsoft Authenticator app. Explanation Microsoft Authenticator (A) and FIDO2 security keys (B) are correct because both are passwordless, phishing-resistant authentication methods that integrate with Microsoft Entra ID and satisfy all three requirements: they support Entra credentials, enforce multi-factor

Submitted by daniela_cl· Mar 6, 2026Implement authentication and access management solution

Question

You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Linux. You need to configure enhanced security for VM1. The solution must meet the following requirements: - Ensure that users can sign in to VM1 by using their Microsoft Entra credentials. - Ensure that users authenticate by using multi-factor out-of-band. - Prevent users from signing in to VM1 by using passwords. Which two authentication methods can you include in the solution? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Options

  • Athe Microsoft Authenticator app
  • BFIDO2 security keys
  • CTemporary Access Pass
  • DSMS
  • EWindows Hello for Business

Explanation

Explanation

Microsoft Authenticator (A) and FIDO2 security keys (B) are correct because both are passwordless, phishing-resistant authentication methods that integrate with Microsoft Entra ID and satisfy all three requirements: they support Entra credentials, enforce multi-factor authentication (MFA is built into the authentication flow), and eliminate password use entirely when signing into Linux VMs via the AADSSHLoginForLinux extension.

Why the distractors are wrong:

  • Temporary Access Pass (C) is a time-limited password used to bootstrap other authentication methods - it is inherently a password-based method, violating the "no passwords" requirement.
  • SMS (D) is considered a weaker MFA method and, critically, still relies on a password as the primary factor - it does not meet the passwordless requirement.
  • Windows Hello for Business (E) is a Windows-specific biometric/PIN solution tied to Windows devices and cannot be used to authenticate into a Linux virtual machine.

🧠 Memory Tip: Think "passwordless = Authenticator + FIDO2" - these are Microsoft's two flagship passwordless methods that work across platforms, including Linux VMs in Azure. If the answer involves eliminating passwords entirely, always look for these two first.

Topics

#Microsoft Entra authentication#Passwordless sign-in#Multi-factor authentication (MFA)#Linux VM integration

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SC-300 PracticeBrowse All SC-300 Questions