Administering Windows Server Hybrid Core Infrastructure — Question 23
Your on-premises network contains an Active Directory domain named contoso.com. You have an Azure AD tenant.
You plan to sync contoso.com with the Azure AD tenant by using Azure AD Connect cloud sync.
You need to create an account that will be used by Azure AD Connect cloud sync.
Which type of account should you create?
Answer options
- A. system-assigned managed identity
- B. group managed service account (gMSA)
- C. user
- D. InetOrgPerson
Correct answer: B
Explanation
The correct answer is B, as a group managed service account (gMSA) is designed to provide automatic password management and simplified service principal name (SPN) management for services running on multiple servers. While system-assigned managed identities and user accounts can be used in other contexts, they do not meet the specific needs for Azure AD Connect cloud sync, and InetOrgPerson is not applicable in this scenario.