NEW QUESTION 1

You create the Azure Active Directory (Azure AD) users shown in the following table.

On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.

The users authentication to Azure AD on their devices as shown in the following table.

On February 26, 2021, what will the multi-factor auth status be for each user?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 2

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company is developing a web service named App1.
You need to ensure that App1 can use Microsoft Graph to read directory data in contoso.com.
Which three actions should yon perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them In the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 3

You have a Microsoft 365 tenant.
The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center. You need to review access to the Exchange admin center at the end of each month and block sign-ins if required.
What should you create?

• A. an access package that targets users outside your directory
• B. an access package that targets users in your directory
• C. a group-based access review that targets guest users
• D. an application-based access review that targets guest users

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

NEW QUESTION 4

You have an Azure Active Directory (Azure AD) tenant named conto.so.com that has Azure AD Identity Protection enabled. You need to Implement a sign-in risk remediation policy without blocking access.
What should you do first?

• A. Configure access reviews in Azure AD.
• B. Enforce Azure AD Password Protection.
• C. implement multi-factor authentication (MFA) for all users.
• D. Configure self-service password reset (SSPR) for all users.

Answer: D

NEW QUESTION 5

You configure a new Microsoft 36S tenant to use a default domain name of contosso.com.
You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy. What should you do first?

• A. Disable the User consent settings.
• B. Disable Security defaults.
• C. Configure a multi-factor authentication (Ml A) registration policy1.
• D. Configure password protection for Windows Server Active Directory.

Answer: B

NEW QUESTION 6

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

For which users can you configure the Job title property and the Usage location property in Azure AD? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 7

You configure Azure Active Directory (Azure AD) Password Protection as shown in the exhibit. (Click theExhibittab.)

You are evaluating the following passwords:
Pr0jectlitw@re
T@ilw1nd
C0nt0s0
Which passwords will be blocked?

• A. Pr0jectlitw@re and T@ilw1nd only
• B. C0nt0s0 only
• C. C0nt0s0, Pr0jectlitw@re, and T@ilw1nd
• D. C0nt0s0 and T@ilw1nd only
• E. C0nt0s0 and Pr0jectlitw@re only

Answer: C

Explanation:
Reference:
https://blog.enablingtechcorp.com/azure-ad-password-protection-password-evaluation

NEW QUESTION 8

You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:
• Require users to register when signing in: Yes
• Number of methods required to reset: 1
What is a valid authentication method available to users?

• A. home prions
• B. mobile app notification
• C. a mobile app code
• D. an email to an address in your organization

Answer: A

NEW QUESTION 9

You have a Microsoft 365 tenant.
You need to ensure that you tan view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first?

• A. Run the Get-AzureADAuditDirectoryLogs cmdlet.
• B. Create an Azure AD workbook.
• C. Run the Set-AzureADTenantDetail cmdlet.
• D. Modify the Diagnostics settings for Azure AD.

Answer: A

NEW QUESTION 10

You need to configure the detection of multi staged attacks to meet the monitoring requirements. What should you do?

• A. Customize the Azure Sentinel rule logic.
• B. Create a workbook.
• C. Add an Azure Sentinel playbook.
• D. Add Azure Sentinel data connectors.

Answer: D

NEW QUESTION 11

You have a Microsoft 365 tenant.
In Azure Active Directory (Azure AD), you configure the terms of use.
You need to ensure that only users who accept the terms of use can access the resources in the tenant. Other users must be denied access.
What should you configure?

• A. an access policy in Microsoft Cloud App Security.
• B. Terms and conditions in Microsoft Endpoint Manager.
• C. a conditional access policy in Azure AD
• D. a compliance policy in Microsoft Endpoint Manager

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use

NEW QUESTION 12

You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table.

In Azure AD. you add a new enterprise application named Appl. Which groups can you assign to App1?

• A. Group1 and Group
• B. Group2 only
• C. Group3 only
• D. Group1 only
• E. Group1 and Group4

Answer: A

NEW QUESTION 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure password writeback. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

NEW QUESTION 14

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

• A. User1 only
• B. User1 and Identity1 only
• C. User1. Guest1, and Identity
• D. User1 and Guest1 only

Answer: A

NEW QUESTION 15

Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?

• A. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
• B. Configure Azure AD Application Proxy in the Contoso West tenant.
• C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync theContoso East Active Directory forest to the Contoso West tenant.
• D. Create guest accounts for all the Contoso East users in the West tenant.

Answer: D

NEW QUESTION 16

You need to implement password restrictions to meet the authentication requirements. You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 17

You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you create an assignment for the Insights at administrator role. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 18

You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. The tenant-uses through authentication.
A corporate security policy states the following:
Domain controllers must never communicate directly to the internet.
Only required software must be- installed on servers.
The Active Directory domain contains the on-premises servers shown in the following table.

You need to ensure that users can authenticate to Azure AD if a server fails.
On which server should you install an additional pass-through authentication agent?

• A. Server2
• B. Server4
• C. Server1
• D. Server3

Answer: C

NEW QUESTION 19

You have an Azure subscription that contains the resource shown in the following table.

For which resources can you create an access review?

• A. Group1, App1, Contributor, and Role1
• B. Hotel and Contributor only
• C. Group1, Role1, and Contributor only
• D. Group1 only

Answer: D

NEW QUESTION 20

You have an Azure Active Directory (Azure AD) tenant that has Security defaults disabled. You are creating a conditional access policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all

NEW QUESTION 21

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group
Scope: Everyone
Group: Group1
Reviewers: Members (self)
Which users can perform access reviews for User3?

• A. User1, User2, and User3
• B. User3 only
• C. User1 only
• D. User1 and User2 only

Answer: B

NEW QUESTION 22

You have a new Microsoft 365 tenant that uses a domain name of contoso.conmicrosoft.com. You register the name contoso.com with a domain registrar.
You need to use contoso.com as the default domain name for new Microsoft 365 users.
Which four actions should you perform in sequenced? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 23

Your network contains an on-premises Active Directory domain that sync to an Azure Active Directory (Azure AD) tenant. The tenant contains the shown in the following table.

All the users work remotely.
Azure AD Connect is configured in Azure as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost. Which user can sign in to Azure AD?

• A. User1 only
• B. User1 and User 3 only
• C. User1, and User2 only
• D. User1, User2, and User3

Answer: A

NEW QUESTION 24
......