NEW QUESTION 1

You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com. You discover that users use their email address for self-service sign-up to Microsoft 365 services.
You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A.

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/domains-admin-takeover

NEW QUESTION 2

Your network contains an on-premises Active Directory domain that sync to an Azure Active Directory (Azure AD) tenant. The tenant contains the shown in the following table.

All the users work remotely.
Azure AD Connect is configured in Azure as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost. Which user can sign in to Azure AD?

• A. User1 only
• B. User1 and User 3 only
• C. User1, and User2 only
• D. User1, User2, and User3

Answer: A

NEW QUESTION 3

You have an Azure subscription that contains the resource shown in the following table.

For which resources can you create an access review?

• A. Group1, App1, Contributor, and Role1
• B. Hotel and Contributor only
• C. Group1, Role1, and Contributor only
• D. Group1 only

Answer: D

NEW QUESTION 4

You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 5

Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?

• A. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East Active Directory forest to the Contoso West tenant.
• B. Configure Azure AD Application Proxy in the Contoso West tenant.
• C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync theContoso East Active Directory forest to the Contoso West tenant.
• D. Create guest accounts for all the Contoso East users in the West tenant.

Answer: D

NEW QUESTION 6

You need to configure the assignment of Azure AD licenses to the Litware users. The solution must meet the licensing requirements.
What should you do? To answer, select the appropriate options in the answer area. NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Litware recently added a custom user attribute namedLWLicensesto the litware.com Active Directory forest. Litware wants to manage the assignment of Azure AD licenses by modifying the value of theLWLicensesattribute. Users who have the appropriate value forLWLicensesmust be added automatically to a Microsoft 365 group that has the appropriate licenses assigned.

NEW QUESTION 7

You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?

• A. Group1 only
• B. Group1 and Group4 only
• C. Group1 and Group2 only
• D. Group1, Group2, Group4, and Group5 only
• E. Group1, Group2, Group3, Group4 and Group5

Answer: D

Explanation:
You cannot create access reviews for device groups. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 8

You have an Azure Active Directory (Azure AD) tenant that has Security defaults disabled. You are creating a conditional access policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-all

NEW QUESTION 9

Your company has an Azure Active Directory (Azure AD) tenant named contosri.com. The company has the business partners shown in the following table.

users can request access by using package 1.
Users at Fabrikam and Litware use ail then respective domain names for email addresses.
You plan to create an access package named packaqel that will be accessible only to the Fabrikam and Litware users.
You need to configure connected organizations for Fabrikam and litware so that any of their users can request access by using package1.
What is the minimum of connected organization that you should create.

• A. 1
• B. 2
• C. 3
• D. 4

Answer: C

NEW QUESTION 10

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to bulk invite Azure AD business-to-business (B2B) collaboration users.
Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution
NOTE:Each correct selection is worth one point.

• A. email address
• B. redirection URL
• C. username
• D. shared key
• E. password

Answer: AB

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/external-identities/tutorial-bulk-invite

NEW QUESTION 11

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure password writeback. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn

NEW QUESTION 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click theExhibittab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You modify the properties of the IT administrator user accounts. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
Reference:
D18912E1457D5D1DDCBD40AB3BF70D5D
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

NEW QUESTION 13

You create the Azure Active Directory (Azure AD) users shown in the following table.

On February 1, 2021, you configure the multi-factor authentication (MFA) settings as shown in the following exhibit.

The users authentication to Azure AD on their devices as shown in the following table.

On February 26, 2021, what will the multi-factor auth status be for each user?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: B

NEW QUESTION 14

You have a Microsoft 365 tenant.
The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain.
Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials.
You plan to manage access to external applications by using Azure AD.
You need to use the firewall logs to create a list of unmanaged external applications and the users who access them.
What should you use to gather the information?

• A. Application Insights in Azure Monitor
• B. access reviews in Azure AD
• C. Cloud App Discovery in Microsoft Cloud App Security
• D. enterprise applications in Azure AD

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/create-snapshot-cloud-discovery-reports#using-traffic-logs

NEW QUESTION 15

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments. You create the access review shown in the exhibit. (Click theExhibittab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You set Reviewers to Member (self).
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 16

You need to create the LWGroup1 group to meet the management requirements.
How should you complete the dynamic membership rule? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You many need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 17

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

• A. Expire eligible assignments afterfrom the Role settings details
• B. Expire active assignments afterfrom the Role settings details
• C. Assignment type toActive
• D. Assignment type toEligible

Answer: D

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure

NEW QUESTION 18

You have a Microsoft 365 tenant.
The Sign-ins activity report shows that an external contractor signed in to the Exchange admin center. You need to review access to the Exchange admin center at the end of each month and block sign-ins if required.
What should you create?

• A. an access package that targets users outside your directory
• B. an access package that targets users in your directory
• C. a group-based access review that targets guest users
• D. an application-based access review that targets guest users

Answer: C

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

NEW QUESTION 19

You have an Azure Active Directory (Azure AD) tenant that contains three users named User1, User1, and User3,
You create a group named Group1. You add User2 and User3 to Group1.
You configure a role in Azure AD Privileged identity Management (PIM) as shown in the application administrator exhibit. (Click the application Administrator tab.)

Group1 is configured as the approver for the application administrator role. You configure User2to be eligible for the application administrator role.
For User1, you add an assignment to the Application administrator role as shown in the Assignment exhibit. (Click Assignment tab)

For each of the following statement, select Yes if the statement is true, Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 20

You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Account lockout settings for multi-factor authentication
(MFA).
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 21

You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA). Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 22

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active
Directory (Azure AD) tenant named contoso.com by using Azure AD Connect. Attire AD Connect is installed on a server named Server 1.
You deploy a new server named Server? that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 23

You have a Microsoft 365 tenant named contoso.com. Guest user access is enabled.
Users are invited to collaborate with contoso.com as shown in the following table.

From the External collaboration settings in the Azure Active Directory admin center, you configure the Collaboration restrictions settings as shown in the following exhibit.

From a Microsoft SharePoint Online site, a user invites user3@adatum.com to the site.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE:Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Box 1: Yes
Invitations can only be sent to outlook.com. Therefore, User1 can accept the invitation and access the application.
Box 2. Yes
Invitations can only be sent to outlook.com. However, User2 has already received and accepted an invitation so User2 can access the application.
Box 3. No
Invitations can only be sent to outlook.com. Therefore, User3 will not receive an invitation.

NEW QUESTION 24

You have a Microsoft 365 tenant.
You configure a conditional access policy as shown in the Conditional Access policy exhibit. (Click the Conditional Access policy tab.)

You view the User administrator role settings as shown in the Role setting details exhibit. (Click the Role setting details tab.)

You view the User administrator role assignments as shown in the Rote assignments exhibit. (Click the Role assignments lab.)

For each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 25

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

For which users can you configure the Job title property and the Usage location property in Azure AD? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 26
......