You need to resolve the issue of the guest user invitations. What should you do for the Azure AD tenant?
You need to implement the planned changes for Package1. Which users can create and manage the access review?
You need to resolve the issue of the sales department users. What should you configure for the Azure AD tenant?
You need implement the planned changes for application access to organizational data. What should you configure?
You need to resolve the recent security incident issues.
What should you configure for each incident? To answer, drag the appropriate policy types to the correct issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
You have an Azure subscription that contains the key vaults shown in the following table.
The subscription contains the users shown in the following table.
On June1, Admin4 performs the following actions:
• Deletes a certificate named Certificate! from Key Vault1
• Deletes a secret named Secret1 from KeyVault2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure AD tenant that contains the users shown in the following table.
User2 reports that he can only configure multi-factor authenticating (MFA) to use the Microsoft Authenticator app.
You need to ensure that User2 can configure alternate MFA methods.
Which configuration is required, and which user should perform the configuration? To answer, select the appropriate options in the answer area.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click the Exhibit tab.)
You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You add each manager as a fallback reviewer.
Does this meet the goal?
You have a Microsoft 365 ES subscription that contains a user named User1. User1 is eligible for the Application administrator role.
User1 needs to configure a new connector group for an application proxy.
What should you to activate the role for User1?
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD
enterprise application named App1.
A contractor uses the credentials of user1@outlook.com.
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to
authenticate as user1@outlook.com.
What should you do?
Your company requires that users request access before they can access corporate applications.
You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1.
Which settings should you configure next for MyApp1?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You need to identify which users access Facebook from their devices and browsers. The solution must minimize administrative effort.
What should you do first?
You have an Azure subscription.
Azure AD logs are sent to a Log Analytics workspace.
You need to query the logs and graphically display the number of sign-ins per user.
How should you complete the query? To answer, select the appropriate options in the answer area.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure monitor, you modify the action group.
Does this meet the goal?
You configure a new Microsoft 365 tenant to use a default domain name of contoso.com.
You need to ensure that you can control access to Microsoft 365 resources by using conditional access
policies.
What should you do first?
You have a Microsoft 365 E5 subscription and an Azure subscription. You need to meet the following requirements:
• Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
• Delegate the ability to create new virtual machines.
What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table.
users can request access by using package 1.
Users at Fabrikam and Litware use ail then respective domain names for email addresses.
You plan to create an access package named packaqe1 that will be accessible only to the Fabrikam and Litware users.
You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.
What is the minimum of connected organization that you should create.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com.
Fabrikam users must be removed automatically from the tenant when access is no longer required.
You need to configure the following settings:
What should you configure on the Identity Governance blade?
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk.
Which type of policy should you create in the Microsoft Defender for Cloud Apps?
You have an Azure subscription that contains a user named User1. The subscription is onboarded to Microsoft Entra Permissions Management. You need to provide User! with access to Permissions Management. The solution must meet the following requirements:
• Follow the principle of least privilege.
• Minimize administrative effort.
What should you do first?
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
All users who run applications registered in Azure AD are subject to conditional access policies.
You need to prevent the users from using legacy authentication.
What should you include in the conditional access policies to filter out legacy authentication attempts?
You have an Azure Active Directory (Azure AD) tenant.
You create an enterprise application collection named HR Apps that has the following settings:
• Applications: Appl. App?, App3
• Owners: Admin 1
• Users and groups: HRUsers
AH three apps have the following Properties settings:
• Enabled for users to sign in: Yes
• User assignment required: Yes
• Visible to users: Yes
Users report that when they go to the My Apps portal, they only sue App1 and App2-You need to ensure that the users can also see App3. What should you do from App3?
What should you do from App3?
Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory
(Azure AD) tenant named contoso.com by using Azure AD Connect.
You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to
NoSync.
What should you do in Azure AD Connect?
Your network contains an on-premises Active Directory domain that syncs to an Azure AD tenant.
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).
You need to configure the Windows 10 computers to support Azure AD Seamless SSO.
What should you do?
You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure the MFA settings for users who connect from the Boston office. The solution must meet the authentication requirements and the access requirements.
What should you configure?
You need to meet the authentication requirements for leaked credentials.
What should you do?
You need to track application access assignments by using Identity Governance. The solution must meet the delegation requirements.
What should you do first?
You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure the detection of multi staged attacks to meet the monitoring requirements.
What should you do?
You need to configure the detection of multi-staged attacks to meet the monitoring requirements.
What should you do?
You need to configure app registration in Azure AD to meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to implement password restrictions to meet the authentication requirements.
You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the planned changes for the User administrator role.
What should you do?
You need to implement the planned changes and technical requirements for the marketing department.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to locate licenses to the A. Datum users. The solution must need the technical requirements.
Which type of object should you create?
You need to meet the technical requirements for the probability that user identifies were compromised.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the planned changes and technical requirements for App1.
What should you implement?
You need to allocate licenses to the new users from A. Datum. The solution must meet the technical requirements.
Which type of object should you create?
You need to sync the ADatum users. The solution must meet the technical requirements.
What should you do?
You need to meet the technical requirements for license management by the helpdesk administrators.
What should you create first, and which tool should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to meet the technical requirements for the probability that user identities were compromised.
What should the users do first, and what should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You create a Log Analytics workspace.
You need to implement the technical requirements for auditing.
What should you configure in Azure AD?