01. Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required. What should you configure for the Security administrator role assignment?
a) Expire eligible assignments after from the Role settings details
b) Expire active assignments after from the Role settings details
c) Assignment type to Active
d) Assignment type to Eligible
You have an Azure Active Directory (Azure AD) tenant named contoso.com. All users who run applications registered in Azure AD are subject to conditional access policies.
You need to prevent the users from using legacy authentication. What should you include in the conditional access policies to filter out legacy authentication attempts?
a) a cloud apps or actions condition
b) a user risk condition
c) a client apps condition
d) a sign-in risk condition
03. You have an Azure Active Directory (Azure AD) tenant. You need to review the Azure AD sign-ins log to investigate sign ins that occurred in the past.
For how long does Azure AD store events in the sign-in log?
a) 30 days
b) 14 days
c) 90 days
d) 365 days
You configure a new Microsoft 365 tenant to use a default domain name of contoso.com. You need to ensure that you can control access to Microsoft 365 resources by using conditional access policies.
What should you do first?
a) Disable the User consent settings
b) Disable Security defaults
c) Configure a multi-factor authentication (MFA) registration policy
d) Configure password protection for Windows Server Active Directory
05. Reference Scenario: click here
You have an Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The on-premises network contains a VPN server that authenticates to the on-premises Active Directory domain.
The VPN server does NOT support Azure Multi-Factor Authentication (MFA). You need to recommend a solution to provide Azure MFA for VPN connections.
What should you include in the recommendation?
a) Azure AD Application Proxy
b) an Azure AD Password Protection proxy
c) Network Policy Server (NPS)
d) a pass-through authentication proxy
06. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com.
Fabrikam users must be removed automatically from the tenant when access is no longer required. You need to configure the following settings:
- Block external user from signing in to this directory: No
- Remove external user: Yes
- Number of days before removing external user from this directory: 90
What should you configure on the Identity Governance blade?
a) Access packages
d) Access reviews
07. You have an Azure Active Directory Premium P2 tenant. You create a Log Analytics workspace. You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first?
a) Modify the Diagnostics settings for Azure A
b) Run the Get-AzureADAuditDirectoryLogs cmdlet
c) Run the Set-AzureADTenantDetail cmdlet
d) Create an Azure AD workbook
08. You have an Azure Active Directory (Azure AD) tenant. You configure self-service password reset (SSPR) by using the following settings:
- Require users to register when signing in: Yes
- Number of methods required to reset: 1
What is a valid authentication method available to users?
a) a mobile app code
b) mobile app notification
c) an email to an address in your organization
d) home prison
09. Reference Scenario: click here
What should you configure?
a) an access policy in Microsoft Cloud App Security
b) Terms and conditions in Microsoft Endpoint Manager
c) a conditional access policy in Azure AD
d) a compliance policy in Microsoft Endpoint Manager
You have an Azure Active Directory (Azure AD) tenant. You open the risk detections report. Which risk detection type is classified as a user risk?
a) impossible travel
b) anonymous IP address
c) atypical travel
d) leaked credentials