HOTSPOT
You have a Microsoft 365 Enterprise subscription.
You create a password policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Explanation/Reference:
Explanation:
By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts. In this question, the lockout threshold if 5 failed attempts. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts.
Password evaluation goes through several steps including normalization and Substring matching which is used on the normalized password to check for the user’s first and last name as well as the tenant name.
The next step is to identify all instances of banned passwords in the user’s normalized new password. Then:
1. Each banned password that is found in a user’s password is given one point.
2. Each remaining unique character is given one point.
3. A password must be at least five (5) points for it to be accepted.
Conto$01Pa$$word contains two banned passwords and no remaining unique characters so is given a score of 2 points. This is less than the required 5 points so will be rejected.
Pa$$w0rd contains a banned password and no remaining unique characters so is given a score of 1 point. This is less than the required 5 points so will be rejected.
AzureAD!!111 contains a banned password (AzureAD!!) and has three remaining characters. However, the remaining characters are all the same (they’re all 1s) so that is only one unique character. So that password will be given a score of 2. One for the banned password and 1 for the unique character. This is less than the required 5 points so will be rejected.
Password11 does not contain a banned password. Password11 contains 10 characters. However, there are two ‘s’ and two ‘1’ so there are 8 unique characters. Therefore, the password will be given a score of 8 points. This is more than the required 5 points so the password will be accepted.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
Explanation/Reference:
Explanation:
By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts. In this question, the lockout threshold if 5 failed attempts. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts.
Password evaluation goes through several steps including normalization and Substring matching which is used on the normalized password to check for the user’s first and last name as well as the tenant name.
The next step is to identify all instances of banned passwords in the user’s normalized new password. Then:
1. Each banned password that is found in a user’s password is given one point.
2. Each remaining unique character is given one point.
3. A password must be at least five (5) points for it to be accepted.
Conto$01Pa$$word contains two banned passwords and no remaining unique characters so is given a score of 2 points. This is less than the required 5 points so will be rejected.
Pa$$w0rd contains a banned password and no remaining unique characters so is given a score of 1 point. This is less than the required 5 points so will be rejected.
AzureAD!!111 contains a banned password (AzureAD!!) and has three remaining characters. However, the remaining characters are all the same (they’re all 1s) so that is only one unique character. So that password will be given a score of 2. One for the banned password and 1 for the unique character. This is less than the required 5 points so will be rejected.
Password11 does not contain a banned password. Password11 contains 10 characters. However, there are two ‘s’ and two ‘1’ so there are 8 unique characters. Therefore, the password will be given a score of 8 points. This is more than the required 5 points so the password will be accepted.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout