Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.
You configure Azure AD Connect to sync contoso.com to Azure Active Directory.
Which objects will sync to Azure AD?
Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/concept-azure-ad-connect-sync-user-and-contacts
HOTSPOT -
Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following two exhibits.
You create a user named User1 in Active Directory as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
The Azure AD Attributes page shows which attributes will be synchronized based on the Office 365 services you are using (Exchange, SharePoint etc). We can see that ExtenstionAttribute10 and ExtensionAttribute11 have been deselected.
The Directory Extensions page shows which additional attributes will be synchronized (additional to the list in the Azure AD Attributes page).
ExtensionAttribute1:
Will be synchronized because it is ticked in the Azure AD Attributes page.
ExtensionAttribute10.
Will be synchronized because although it is unticked in the Azure AD Attributes page, it is added again in the Directory Extensions page.
ExtensionAttribute11.
Will not be synchronized because it is unticked in the Azure AD Attributes page and it is not added again in the Directory Extensions page.
ExtensionAttribute12:
Will be synchronized because it is ticked in the Azure AD Attributes page. It is also added again in the Directory Extensions page but this will have no effect as it is already ticked in the Azure AD Attributes page.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
HOTSPOT -
Your company has a Microsoft 365 subscription that contains the users shown in the following table.
External collaboration settings have default configuration.
You need to identify which users can perform the following administrative tasks:
✑ Modify the password protection policy.
✑ Create guest user accounts.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Only a Global Admin can modify the password protection policy.
A Global Admin or a user with the Guest Inviter role can create guest accounts.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations
Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants.
You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users.
You need to recommend a solution for the planned directory synchronization.
What should you include in the recommendation?
Answer:
A
There's a 1:1 relationship between an Azure AD Connect sync server and an Azure AD tenant. For each Azure AD tenant, you need one Azure AD Connect sync server installation.
Therefore, we need to deploy two servers that run Azure AD Connect for the two Azure AD tenants.
Each user account can only be synchronized to one Azure AD tenant. Therefore, we need a way of splitting the users between the two Azure AD tenants. Azure
AD Connect offers three ways to filter which users get synchronized to an Azure AD tenant. You can use domain-based filtering if you have multiple domains in a forest, attribute-based filtering or OU-based filtering.
Note:
Other incorrect answers for this question include:
1. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using attribute-based filtering.
2. Deploy one server that runs Azure AD Connect, and then specify two sync groups.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-ad-tenants https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering
HOTSPOT -
Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Microsoft Azure Active Directory (Azure AD).
Azure AD Connect is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
User1 cannot change her password from any Microsoft portals because Password Writeback is disabled in the Azure AD Connect configuration.
If the password for User1 is changed in Active Directory, the password hash will be synchronized to Azure AD because Password Synchronization is enabled in the Azure AD Connect configuration.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
HOTSPOT -
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
Password writeback is disabled in Azure AD Connect.
You enable self-service password reset (SSPR) for Group1.
You configure password protection for contoso.com as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
With the password policy, VeRYC0MplexPa55w.rd. is an acceptable password.
Box 1: Yes -
User1 is an Azure AD account so User1 can reset his password.
Box 2: No -
User2 is a Windows Server Active Directory Account. User2 could change the password for the Azure AD account. However, as Password Writeback is disabled, the password change will not be written back to the Windows Server Active Directory account.
Box 3: No -
The Azure AD Tenant is named contoso.com. User3 is a guest account from a different directory named outlook.com. You cannot use SSPR in one directory to change the password for an account in a different directory.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback
You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You purchase 100 Microsoft 365 Business Voice add-on licenses.
You need to ensure that the members of a group named Voice are assigned a Microsoft 365 Business Voice add-on license automatically.
What should you do?
Answer:
A
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1.
You suspect that an imposter is signing in to Azure AD by using the credentials of User1.
You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past 24 hours.
To which three roles should you add Admin1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Answer:
AEF
Users in the Security Administrator, Security Reader, Global Reader, and Report Reader roles can view the sign in details.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
You have Microsoft 365 tenant that contains a Microsoft Power Platform environment named Environment1 (default). Environment1 contains a Microsoft
Dataverse database.
In the tenant, you create a user named User1. You assign a Microsoft Power Apps license to User1.
Which security role for Environment1 is assigned automatically to User1?
Answer:
A
You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.
You plan to provide access to an on-premises app named App1 by using Azure AD Application Proxy. App1 will be managed by User4.
You need to identify which user can install the Application Proxy connector.
Which user should you identify?
Answer:
B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-application
