This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 1%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named Ben Smith.
You configure a Password protection for contoso.com that includes the following Custom banned passwords settings:
Enforce custom list: Yes
Custom banned password list: Contoso
Which password can be used by Ben Smith?
Select only one answer.
FgRs01
C0nt0s0123
CONTOSO123
Conto123so
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 87%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJA%3C/text%3E%3C/svg%3E)
Add strings to the Custom banned password list, one string per line. The following considerations and limitations apply to the custom banned password list:
The custom banned password list can contain up to 1000 terms.
The custom banned password list is case-insensitive.
The custom banned password list considers common character substitution, such as "o" and "0", or "a" and "@".
The minimum string length is four characters, and the maximum is 16 characters.
So you need to choice the "Conto123so" password.
Kind Rgards,
José Araujo Neto
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 7.000000000000001%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
why not FgRs01
Hello, I understand what Conto123so's answer would be because the password protection configuration asks you to have at least 8 characters and FgRs01 only has 6 characters.
The answer is either FgRs01 or Conto123so, as C0nt0s0123 & CONTOSO123 contain the word Contoso (with number substitutions) which is what the password list is there to prevent (variations of the word). Also FgRs01 is six characters, this satisfies the minimum length which is four, also this uses upper and lowercase with numeric characters, and is not linked to Contoso, so is harder to guess by brute force attacks.
Try with Conto123so :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 84%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EY%3C/text%3E%3C/svg%3E)