* What is your favorite food?
You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain.
The domain contains the users shown in the following table.
You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:
* Number of methods required to reset: 2
* Methods available to users: Mobile phone, Security questions
* Number of questions required to register: 3
* Number of questions required to reset: 3
* What is your favorite food?
* In what city was your first job?
* What was the name of your first pet?
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: No
Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:
On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password reset (SSPR). They can only change their password in their on-premises environment.
Thus, we recommend not syncing on-prem AD admin accounts to Azure AD.
An administrator cannot use secret Questions & Answers as a method to reset password. Box 2: Yes
Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.
Box 3: Yes
References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment
Latest AZ-104 Dumps Valid Version with 416 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Actually, the given answer is only partially correct. The Security Admin AND Billing Admins will not be able to answer the security questions. For these (and other admin accounts) security questions are not allowed.
So the correct answer here is N, N, Y.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-password-policy-differences