NEW QUESTION 1

You create the Azure Active Directory (Azure AD) users shown in the following table.

On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.

The users authentication to Azure AD on their devices as shown in the following table.

On February 26, 2021, what will the multi-factor auth status be for each user?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 2

Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?

• A. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
• B. Configure Azure AD Application Proxy in the Contoso West tenant.
• C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync theContoso East Active Directory forest to the Contoso West tenant.
• D. Create guest accounts for all the Contoso East users in the West tenant.

Answer: D

NEW QUESTION 3

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.

Which objects can you add as eligible in Azure Privileged identity Management (PIM) for an Azure AD role?

• A. User1 only
• B. User1 and Identity1 only
• C. User1. Guest1, and Identity
• D. User1 and Guest1 only

Answer: A

NEW QUESTION 4

You configure a new Microsoft 36S tenant to use a default domain name of contosso.com.
You need to ensure that you can control access to Microsoft 365 resource-, by using conditional access policy. What should you do first?

• A. Disable the User consent settings.
• B. Disable Security defaults.
• C. Configure a multi-factor authentication (Ml A) registration policy1.
• D. Configure password protection for Windows Server Active Directory.

Answer: B

NEW QUESTION 5

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group
Scope: Everyone
Group: Group1
Reviewers: Members (self)
Which users can perform access reviews for User3?

• A. User1, User2, and User3
• B. User3 only
• C. User1 only
• D. User1 and User2 only

Answer: B

NEW QUESTION 6

You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:
• Require users to register when signing in: Yes
• Number of methods required to reset: 1
What is a valid authentication method available to users?

• A. home prions
• B. mobile app notification
• C. a mobile app code
• D. an email to an address in your organization

Answer: A

NEW QUESTION 7

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to bulk invite Azure AD business-to-business (B2B) collaboration users.
Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution
NOTE:Each correct selection is worth one point.

• A. email address
• B. redirection URL
• C. username
• D. shared key
• E. password

Answer: AB

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite

NEW QUESTION 8

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.
From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.
You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.
What should you use?

• A. the Identity Governance blade in the Azure Active Directory admin center
• B. theSet-AzureAdUsercmdlet
• C. the Licenses blade in the Azure Active Directory admin center
• D. theSet-WindowsProductKeycmdlet

Answer: C

NEW QUESTION 9

You need to implement password restrictions to meet the authentication requirements. You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 10

You have an Azure Active Directory (Azure AD) tenant that contains three users named User1, User1, and User3,
You create a group named Group1. You add User2 and User3 to Group1.
You configure a role in Azure AD Privileged identity Management (PIM) as shown in the application administrator exhibit. (Click the application Administrator tab.)

Group1 is configured as the approver for the application administrator role. You configure User2to be eligible for the application administrator role.
For User1, you add an assignment to the Application administrator role as shown in the Assignment exhibit. (Click Assignment tab)

For each of the following statement, select Yes if the statement is true, Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 11

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1 and the groups shown in the following table.

In the tenant, you create the groups shown in the following table.

Which members can you add to GroupA and GroupB? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://bitsizedbytes.wordpress.com/2018/12/10/distribution-security-and-office-365-groups-nesting/

NEW QUESTION 12

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company is developing a web service named App1.
You need to ensure that App1 can use Microsoft Graph to read directory data in contoso.com.
Which three actions should yon perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them In the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 13

You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com. You discover that users use their email address for self-service sign-up to Microsoft 365 services.
You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/domains-admin-takeover

NEW QUESTION 14

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure password writeback. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

NEW QUESTION 15

You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

NEW QUESTION 16

You have a Microsoft 36S tenant.
You create a named location named HighRiskCountries that contains a list of high-risk countries.
You need to limit the amount of time a user can stay authenticated when connecting from a high-risk country. What should you configure in a conditional access policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 17

You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 18

You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative
users. The solution must use the principle of least privilege. Which role should you assign to SecAdmin1?

• A. Authentication administrator
• B. Helpdesk administrator
• C. Privileged authentication administrator
• D. Security operator

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

NEW QUESTION 19

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU). What should you configure?

• A. an access review
• B. the terms or use
• C. a linked subscription
• D. a user flow

Answer: D

NEW QUESTION 20

Your company requires that users request access before they can access corporate applications.
You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1.
Which settings should you configure next for MyApp1?

• A. Self-service
• B. Provisioning
• C. Roles and administrators
• D. Application proxy

Answer: C

NEW QUESTION 21

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

• A. Expire eligible assignments afterfrom the Role settings details
• B. Expire active assignments afterfrom the Role settings details
• C. Assignment type toActive
• D. Assignment type toEligible

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 22

You configure Azure Active Directory (Azure AD) Password Protection as shown in the exhibit. (Click theExhibittab.)

You are evaluating the following passwords:
Pr0jectlitw@re
T@ilw1nd
C0nt0s0
Which passwords will be blocked?

• A. Pr0jectlitw@re and T@ilw1nd only
• B. C0nt0s0 only
• C. C0nt0s0, Pr0jectlitw@re, and T@ilw1nd
• D. C0nt0s0 and T@ilw1nd only
• E. C0nt0s0 and Pr0jectlitw@re only

Answer: C

Explanation:
Reference:
https://blog.enablingtechcorp.com/azure-ad-password-protection-password-evaluation

NEW QUESTION 23
......