0
0
Azurecloud~20 mins

Conditional access policies in Azure - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Conditional Access Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
service_behavior
intermediate
2:00remaining
How does a Conditional Access policy affect user sign-in?

Consider a Conditional Access policy that requires multi-factor authentication (MFA) only when users sign in from outside the corporate network. What happens when a user signs in from inside the corporate network?

AThe user is prompted for MFA regardless of location.
BThe user signs in without MFA because they are inside the corporate network.
CThe user is blocked from signing in.
DThe user must reset their password before signing in.
Attempts:
2 left
💡 Hint

Think about how location conditions in Conditional Access policies work.

Architecture
intermediate
2:00remaining
Which Conditional Access policy setup best protects sensitive cloud apps?

You want to protect a sensitive cloud application so that only users on compliant devices can access it. Which Conditional Access policy configuration achieves this?

AAssign the policy to all users and require device compliance only for the sensitive app.
BAssign the policy to guest users and block access to the sensitive app.
CAssign the policy to all users and require MFA for all apps.
DAssign the policy to all users and block access from all devices.
Attempts:
2 left
💡 Hint

Focus on device compliance conditions and app targeting.

security
advanced
2:00remaining
What is the effect of enabling 'Block legacy authentication' in Conditional Access?

Legacy authentication protocols do not support modern security features. What happens when you enable a Conditional Access policy that blocks legacy authentication?

AUsers can sign in using any authentication method without restrictions.
BUsers must use legacy authentication methods only.
CAll users are blocked from signing in regardless of protocol.
DSign-ins using legacy protocols like POP3 or IMAP are blocked, improving security.
Attempts:
2 left
💡 Hint

Consider what legacy authentication means and its security implications.

Configuration
advanced
2:00remaining
Which JSON snippet correctly defines a Conditional Access policy requiring MFA for risky sign-ins?

Given the need to require MFA only when sign-in risk is medium or high, which JSON snippet correctly configures this condition?

A{ "conditions": { "signInRiskLevels": ["medium", "high"] }, "grantControls": { "operator": "OR", "builtInControls": ["mfa"] } }
B{ "conditions": { "signInRiskLevels": ["low"] }, "grantControls": { "operator": "AND", "builtInControls": ["mfa"] } }
C{ "conditions": { "signInRiskLevels": ["none"] }, "grantControls": { "operator": "OR", "builtInControls": ["mfa"] } }
D{ "conditions": { "signInRiskLevels": ["high"] }, "grantControls": { "operator": "AND", "builtInControls": ["block"] } }
Attempts:
2 left
💡 Hint

Check which risk levels trigger MFA and the correct grant control operator.

Best Practice
expert
2:00remaining
What is the recommended approach to test a new Conditional Access policy before full deployment?

You created a Conditional Access policy that blocks access from unmanaged devices. What is the safest way to test this policy without disrupting all users?

ADelete the policy after creation to avoid any risk.
BEnable the policy for all users immediately to see if any issues arise.
CUse the 'Report-only' mode to monitor the policy impact without enforcing it.
DApply the policy only to guest users and ignore internal users.
Attempts:
2 left
💡 Hint

Think about how to observe policy effects safely before enforcement.