Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.
Solution: You configure the user risk policy to block access when the user risk level is high.
Does this meet the goal?
Answer : B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.
Solution: You configure the sign-in risk policy to block access when the sign-in risk level is high.
Does this meet the goal?
Answer : B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1.
For User1, you select Confirm user compromised.
User1 can still sign in.
You need to prevent User1 from signing in. The solution must minimize the impact on users at a lower risk level.
Solution: From the Access settings, you select Block access for User1.
Does this meet the goal?
Answer : A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-investigate-risk
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
Answer : B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr
You have a Microsoft 365 tenant that is linked to a hybrid Azure Active Directory (Azure AD) tenant named contoso.com.
You need to enable Azure AD Seamless Single Sign-On (Azure AD SSO) for contoso.com.
What should you use?
Answer : A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
You have a Microsoft 365 subscription.
You need to recommend a passwordless authentication solution that uses biometric authentication.
What should you include in the recommendation?
Answer : A
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview
Your network contains an on-premises Active Directory domain and a Microsoft 365 subscription.
You plan to deploy a hybrid Azure Active Directory (Azure AD) tenant that has Azure AD Identity Protection risk policies enabled.
You need to configure Azure AD Connect to support the planned deployment.
Which Azure AD Connect authentication method should you select?
Answer : A
You have several Conditional Access policies that block noncompliant devices from connecting to services.
You need to identify which devices are blocked by which policies.
What should you use?
Answer : D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting
You have a Microsoft 365 subscription named contoso.com.
You need to configure Microsoft OneDrive for Business external sharing to meet the following requirements:
✑ Enable file sharing for users that have a Microsoft account.
✑ Block file sharing for anonymous users.
What should you do?
Answer : D
Reference:
https://www.sharepointdiary.com/2020/09/enable-external-sharing-in-onedrive-for-business.html
DRAG DROP -
You have a Microsoft 365 E5 tenant that contains three users named User1, User2, and User3.
You need to assign roles or role groups to the users as shown in the following table.
Answer :
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide
Your network contains an on-premises Active Directory domain named contoso.local that has a forest functional level of Windows Server 2008 R2.
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to install Azure AD Connect and enable single sign-on (SSO).
You need to prepare the domain to support SSO. The solution must minimize administrative effort.
What should you do?
Answer : B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization?view=o365-worldwide
HOTSPOT -
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
Answer :
Reference:
https://office365itpros.com/2020/01/22/using-groups-admin-role/ https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
Answer : D
You have a Microsoft 365 tenant.
You need to implement a policy to enforce the following requirements:
✑ If a user uses a Windows 10 device that is NOT hybrid Azure Active Directory (Azure AD) joined, the user must be allowed to connect to Microsoft SharePoint
Online only from a web browser. The user must be prevented from downloading files or syncing files from SharePoint Online.
✑ If a user uses a Windows 10 device that is hybrid Azure AD joined, the user must be able connect to SharePoint Online from any client application, download files, and sync files.
What should you create?
Answer : B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains two users named User1 and User2.
You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements:
✑ Use the principle of least privilege.
✑ Enable User1 to view sync errors by using Azure AD Connect Health.
✑ Enable User2 to configure Azure Active Directory Connect Health Settings.
Which two roles should you assign? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer : AE
Explanation:
A: The Monitoring Reader can read all monitoring data (metrics, logs, etc.).
Note: Assign the Monitoring reader role to the Azure Active Directory application on the subscription, resource group or resource you want to monitor.
E: Monitoring Contributor can read all monitoring data and edit monitoring settings.
Incorrect:
Not B: Security Reader can view permissions for Security Center. Can view recommendations, alerts, a security policy, and security states, but cannot make changes
Not D: Contributor grants full access to manage all resources, but does not allow you to assign roles in Azure RBAC, manage assignments in Azure Blueprints, or share image galleries.
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles