Crucial Exams

Microsoft Azure Solutions Architect Expert AZ-305 Practice Question

Contoso's Azure AD tenant already enforces Conditional Access with MFA. A legacy HR web app runs on-premises and uses Windows Integrated (Kerberos) authentication. Contoso must let remote employees use the app over the Internet without installing VPN clients or opening inbound firewall ports. The app must keep authenticating against on-prem Active Directory, and existing Conditional Access rules must apply. Which solution should you recommend?

  • Create a point-to-site VPN gateway in Azure that enforces Conditional Access and require users to connect before accessing the HR application.

  • Configure Azure AD Connect pass-through authentication with seamless single sign-on and expose the HR web server through a reverse-proxy firewall rule.

  • Deploy Azure AD Domain Services in Azure, synchronize on-premises identities, and establish a site-to-site VPN so remote users can reach the HR application.

  • Deploy an Azure AD Application Proxy connector on-premises and publish the HR application with Kerberos constrained delegation enabled.

Microsoft Azure Solutions Architect Expert AZ-305
Design identity, governance, and monitoring solutions
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot