* What is your favorite food?

You have an Azure subscription that contains an Azure Directory (Azure AD) tenant named contoso.com. The tenant is synced to the on-premises Active Directory domain.

The domain contains the users shown in the following table.

You enable self-service password reset (SSPR) for all users and configure SSPR to have the following authentication methods:

* Number of methods required to reset: 2

* Methods available to users: Mobile phone, Security questions

* Number of questions required to register: 3

* Number of questions required to reset: 3

* What is your favorite food?

* In what city was your first job?

* What was the name of your first pet?

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Box 1: No

Administrator accounts are special accounts with elevated permissions. To secure them, the following restrictions apply to changing passwords of administrators:

On-premises enterprise administrators or domain administrators cannot reset their password through Self-service password reset (SSPR). They can only change their password in their on-premises environment.

Thus, we recommend not syncing on-prem AD admin accounts to Azure AD.

An administrator cannot use secret Questions & Answers as a method to reset password. Box 2: Yes

Self-service password reset (SSPR) is an Azure Active Directory feature that enables employees to reset their passwords without needing to contact IT staff.

Box 3: Yes

References: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-deployment