What is the primary purpose of Azure AD Conditional Access?

  1. To enforce security policies based on risk signals and conditions before granting access ✓
  2. To encrypt data at rest in storage accounts
  3. To monitor all user login attempts in real-time
  4. To manage firewall rules for virtual networks

Correct answer: To enforce security policies based on risk signals and conditions before granting access

Option A is correct because Azure AD Conditional Access evaluates risk signals such as user location, device compliance, sign-in risk, and application sensitivity, then enforces policies like requiring multi-factor authentication or blocking access before a user is granted entry to a resource. Option B is wrong because encrypting data at rest in storage accounts is handled by Azure Storage Service Encryption and customer-managed keys, not Conditional Access. Option C is wrong because real-time monitoring of user login attempts is the domain of Azure AD Identity Protection and Azure Monitor, not Conditional Access, which enforces policy rather than provides observability. Option D is wrong because managing firewall rules for virtual networks is handled by Azure Firewall, Network Security Groups, and Azure Virtual Network features, which are separate from identity-based access policies.

Topic: · conditional access, azure ad, zero trust, identity security

Practice Microsoft Azure Security Engineer (AZ-500) Questions Free