ExpertMinds LogoExpertMinds
Hard1 markMultiple Choice
Domain 1.2: Authentication and AuthorizationDomain 1Hybrid IdentityMicrosoft Entra IDAuthentication

AZ-305 · Question 05 · Domain 1.2: Authentication and Authorization

A defense contractor is migrating to Microsoft 365 and Azure. They have a strict security policy stating that no user password hashes, even in synchronized or encrypted form, can ever be stored in the cloud.

They require Single Sign-On (SSO) for their 10,000 employees. The on-premises Active Directory must be the sole authority for authentication. If the on-premises internet connection fails, users should NOT be able to authenticate to cloud services.

Which hybrid identity authentication method should you recommend?

Answer options:

A.

Password Hash Synchronization (PHS) with Seamless SSO

B.

Pass-through Authentication (PTA) with Seamless SSO

C.

Active Directory Federation Services (AD FS)

D.

Azure AD Domain Services (Azure AD DS)

How to approach this question

Identify the authentication method that validates against on-premises AD in real-time without syncing hashes.

Full Answer

B.Pass-through Authentication (PTA) with Seamless SSO✓ Correct
Pass-through Authentication (PTA) allows users to sign in to both on-premises and cloud-based applications using the same passwords. It validates users' passwords directly against the on-premises Active Directory. Because it does not require password hashes to be synchronized to Azure AD (Microsoft Entra ID), it meets the strict security policy. Furthermore, it relies on on-premises agents, meaning if the connection drops, cloud authentication fails, as requested.

Common mistakes

Choosing AD FS. While AD FS also meets the security requirement, Microsoft recommends PTA over AD FS for its simplicity, unless there are specific legacy federation requirements.
04All questions06

Practice the full Azure Solutions Architect Expert AZ-305 Practice Exam 2

55 questions · hints · full answers · grading

Sign up freeTake the exam

More questions from this exam

Q01Fabrikam Inc. is a global financial services company with 200 Azure subscriptions managed via a c...HardQ02A healthcare organization has 500 on-premises Windows Server VMs and 300 Azure VMs. They are impl...HardQ03You are designing a security monitoring solution using Microsoft Sentinel. The compliance depar...EasyQ04Your company has a microservices application deployed across multiple Azure App Service instances...MediumQ06You are designing an identity governance solution for a large enterprise using Microsoft Entra ID...Medium
View all 55 questions →