HOTSPOT
-
Your network contains an on-premises Active Directory domain. The domain contains the users shown in the following table.
You have a Microsoft 365 subscription that is linked to an Azure AD tenant named contoso.com.
You configure Azure AD Connect to sync the on-premises domain to contoso.com as shown in the following exhibit.
You create a synchronization rule for the users. The scoping filters for the rule are configured as shown in the following exhibit.
Add scoping filters, or click next to skip this step.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
HOTSPOT
-
You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.
All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).
You plan to create a user named Admin1 that will perform following tasks:
• View BitLocker recovery keys.
• Configure the usage location for the users in contoso.com.
You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege.
Which two roles should you assign? To answer, select the appropriate roles in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
HOTSPOT
-
You have an Azure AD tenant named contoso.com that contains an enterprise app named App1 and two users named User1 and User2.
You need to ensure that each user can perform the following action:
• User1: Create entitlement management access packages to provide external users with access to App1.
• User2: Create an access review for Appl.
The solution must use the principle of least privilege.
Which role should you assign to each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You have an Azure AD tenant named contoso.com that contains the following users:
• Admin1
• Admin2
• User1
Contoso.com contains an administrative unit named AU1 that has no role assignments. User1 is a member of AU1.
You create an administrative unit named AU2 that does NOT have any members or role assignments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a Microsoft Exchange Server 2019 organization.
You plan to sync the domain to Azure Active Directory (Azure AD) and to enable device writeback and group writeback.
You need to identify which group types will sync from Azure AD.
Which two group types should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
AC
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?
Answer:
A
Your network contains an Active Directory domain named adatum.com that is synced to Azure AD.
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?
Answer:
B
Your company has a Microsoft 365 subscription.
You need to identify all the users in the subscription who are licensed for Office 365 through a group membership. The solution must include the name of the group used to assign the license.
What should you use?
Answer:
C
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.
All users use Windows 10 devices to access Microsoft Office 365 apps.
All the devices are in a workgroup.
You plan to implement passwordless sign-in to contoso.com.
You need to recommend changes to the infrastructure for the planned implementation.
What should you include in the recommendation?
Answer:
D
Reference:
https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/
You have a Microsoft 365 subscription and a hybrid Microsoft Exchange Online deployment.
You plan to deploy iOS devices that will use Outlook for iOS and Hybrid Modern Authentication (HMA).
You need to ensure that HMA is configured correctly.
What should you use?
Answer:
B
Reference:
https://testconnectivity.microsoft.com/tests/o365
