HOTSPOT -
Your network contains an Active Directory domain named fabrikam.com. The domain contains the objects shown in the following table.
The groups have the members shown in the following table.
You are configuring synchronization between fabrikam.com and a Microsoft Azure Active Directory (Azure AD) tenant.
You configure the Domain/OU Filtering settings in Azure AD Connect as shown in the Domain/OU Filtering exhibit.
You configure the Filtering settings in Azure AD Connect as shown in the Filtering exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Box 1: No -
The filtering is configured to synchronize Group2 and OU2 only. The effect of this is that only members of Group2 who are in OU2 will be synchronized.
User2 is in Group2. However, the User2 account object is in OU1 so User2 will not synchronize to Azure AD.
Box 2: Yes -
Group2 is in OU2 so Group2 will synchronize to Azure AD. However, only members of the group who are in OU2 will synchronize. Members of Group2 who are in OU1 will not synchronize.
Box 3: Yes -
User3 is in Group2 and in OU2. Therefore, User3 will synchronize to Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#group-based-filtering
HOTSPOT -
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the users shown in the following table.
You create an Azure Active Directory (Azure AD) tenant named fabrikam.onmicrosoft.com.
You plan to sync the users in the forest to fabrikam.onmicrosoft.com by using Azure AD Connect.
Which username will be assigned to User1 and User2 in Azure AD after the synchronization? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
If you added the contoso.com and east.contoso.com domains as custom domains in Microsoft 365, then the users would be assigned their user principle names as Microsoft 365 usernames.
However, the question does not state that you have added the domains as custom domains. Therefore, both users will use the default
@fabrikam.onmicrosoft.com domain for their usernames.
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD).
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?
Answer:
A
The user accounts are synced from the on-premise Active Directory to the Microsoft Azure Active Directory (Azure AD). Therefore, the city attribute must be changed in the on-premise Active Directory.
You can modify certain attributes of multiple user accounts simultaneously by selecting them in Active Directory Administrative Center or Active Directory Users and Computers, right clicking then selecting Properties.
The other three options all suggest modifying the city attribute of the users in the Azure Active Directory which is incorrect.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
2. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.
Other incorrect answer options you may see on the exam include the following:
1. From the Azure portal, select all the Azure AD users, and then use the User settings blade.
2. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.
3. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.
Reference:
https://blogs.technet.microsoft.com/canitpro/2015/11/25/step-by-step-managing-multiple-user-accounts-via-active-directory-admin-center/
Your company has 10,000 users who access all applications from an on-premises data center.
You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully.
You discover that several user accounts fail to sync to Azure AD.
You need to resolve the issue as quickly as possible.
What should you do?
Answer:
D
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/prepare-directory-attributes-for-synch-with-idfix
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com.
Your company recently purchased a Microsoft 365 subscription.
You deploy a federated identity solution to the environment.
You use the following command to configure contoso.com for federation.
Convert-MsolDomaintoFederated `"DomainName contoso.com
In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name.
You need to configure the adatum.com Active Directory domain for federated authentication.
Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
AE
When the Convert-MsolDomaintoFederated ג€"DomainName contoso.com command was run, a relying party trust was created.
Adding a second domain (adatum.com in this case) will only work if the SupportMultipleDomain switch was used when the initial federation was configured by running the Convert-MsolDomaintoFederated ג€"DomainName contoso.com command.
Therefore, we need to start again by removing the relying party trust then running the Convert-MsolDomaintoFederated command again with the
SupportMultipleDomain switch.
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named
User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?
Answer:
D
Either one of the following three roles can review the list in Azure AD Identity Protection of users flagged for risk:
✑ Security Administrator
✑ Global Administrator
✑ Security Reader
Using the principle of least privilege, we should add User1 to the Security Administrator role.
Note:
There are several versions of this question in the exam. The question has three possible correct answers:
1. Security Reader
2. Security Administrator
Global Administrator -
Other incorrect answer options you may see on the exam include the following:
1. Service Administrator.
2. Reports Reader
3. User Administrator
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You need to modify Christie Cline to meet the following requirements:
✑ Christie Cline must be able to view the service dashboard and the Microsoft Office 365 Message center.
✑ Christie Cline must be able to create Microsoft support requests.
✑ The solution must use the principle of least privilege.
Answer:
See explanation below.
You need to assign Christie the 'Service Support Admin' role.
1. In the Microsoft 365 Admin Center, click 'Roles'.
2. Scroll down to the Service Support Admin role and click on the role name.
3. Click the 'Assigned Admins' link.
4. Click the 'Add' button.
5. Start typing the name Christie then select her account when it appears.
6. Click Save.
References:
https://docs.microsoft.com/en-US/azure/active-directory/users-groups-roles/directory-assign-admin-roles
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
Your organization has an office in Seattle.
You plan to create 100 users who will work in the Seattle office. The city attribute for all the users will be Seattle.
You need to create a group named Group1 that will automatically contain all the Seattle office users.
Answer:
See explanation below.
You need to create a Dynamic group. User accounts with the city attribute set to 'Seattle' will automatically be added to the group.
1. Go to the Azure Active Directory admin center.
2. Select Azure Active Directory then select Groups.
3. Click on the New Group link.
4. Give the group a name such as Seattle Users.
5. Select Users as the membership type.
6. Select 'Add dynamic query'.
7. Select 'City' in the Property drop-down box.
8. Select 'Equals' in the Operator drop-down box.
9. Enter Seattle as the Value. You should see the following text in the Expression box: user.city -eq "Seattle"
10. Click Save to create the group.
References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
A user named Johanna Lorenz recently left the company. A new employee named Ben Smith will handle the tasks of Johanna Lorenz.
You need to create a user named Ben Smith. Ben Smith must be able to sign in to http://myapps.microsoft.com and open Microsoft Word Online.
Answer:
See explanation below.
You need to create a user account and assign a license to the account. You then
To create the user account and mailbox:
1. In the Microsoft 365 admin center, go to User management, and select Add user.
2. Enter the name Ben Smith in the First Name and Last Name fields.
3. Enter Ben.Smith in the username field and click Next.
4. Assign a Microsoft 365 license to the account.
5. Click Next.
6. Click Next again.
7. Click 'Finish adding'.
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You hire a new Microsoft 365 administrator named Nestor Wilke. Nestor Wilke will begin working for your organization in several days.
You need to ensure that Nestor Wilke is prevented from using his account until he begins working.
Answer:
See explanation below.
You need to sign-in status for the account to 'Blocked'. Blocking doesn't stop the account from receiving email and it doesn't delete any data.
1. On the home page of the Microsoft 365 admin center, type the user's name into the Search box.
2. Select the Nestor Wilke account in the search results.
3. In the 'Sign-in status' section of the account properties, click the Edit link.
4. Select 'Block the user from signing in' and click the Save button.
