AZ-500 -part1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Sub1. You have an Azure Storage account named sa1 in a resource group named RG1. Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies. You discover that unauthorized users accessed both the file service and the blob service. You need to revoke all access to sa1. Solution: You create a new stored access policy. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You deploy the On-premises data gateway to the on-premises network. Does this meet the goal?. Yes. No.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You create a site-to-site VPN between the virtual network and the on-premises network. Does this meet the goal?. Yes. No.

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to deploy Azure AD Connect and to integrate Active Directory and the Azure AD tenant. You need to recommend an integration solution that meets the following requirements: ✑ Ensures that password policies and user logon restrictions apply to user accounts that are synced to the tenant ✑ Minimizes the number of servers required for the solution. Which authentication method should you include in the recommendation?. federated identity with Active Directory Federation Services (AD FS). password hash synchronization with seamless single sign-on (SSO). pass-through authentication with seamless single sign-on (SSO).

Your network contains an on-premises Active Directory domain named corp.contoso.com. You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. You sync all on-premises identities to Azure AD. You need to prevent users who have a givenName attribute that starts with TEST from being synced to Azure AD. The solution must minimize administrative effort. What should you use?. Synchronization Rules Editor. Web Service Configuration Tool. the Azure AD Connect wizard. Active Directory Users and Computers.

DRAG DROP - You are implementing conditional access policies. You must evaluate the existing Azure Active Directory (Azure AD) risk events and risk levels to configure and implement the policies. You need to identify the risk level of the following risk events: ✑ Users with leaked credentials ✑ Impossible travel to atypical locations ✑ Sign-ins from IP addresses with suspicious activity Which level should you identify for each risk event? To answer, drag the appropriate levels to the correct risk events. Each level may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Imposible travel to atypcal locations. Users with leaked credentials. Sign-ins from IP address with suspicious activity.

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. You create and enforce an Azure AD Identity Protection user risk policy that has the following settings: ✑ Assignment: Include Group1, Exclude Group2 ✑ Conditions: Sign-in risk of Medium and above ✑ Access: Allow access, Require password change For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: If User1 signs in from an unfamiliar location, he must change his password. If user2 signs in from an anonymous IP address , she must change her password. If user3 signs in from a computer containing malware that is communicating with knowsn bot servers, he must change his password.

DRAG DROP - You need to configure an access review. The review will be assigned to a new collection of reviews and reviewed by resource owners. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Create an access review program. Create an access review control. Set Reviewers to Selected users. Set Reviewers to Group owners. Create an access review audit. Set Reviewers to Members.

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area: User 3 can perform review 1 for. If user2 Fails to complete review1 by june 20,2020.

You have an Azure subscription named Sub1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. An administrator named Admin1 has access to the following identities: ✑ An OpenID-enabled user account ✑ A Hotmail account ✑ An account in contoso.com ✑ An account in an Azure AD tenant named fabrikam.com You plan to use Azure Account Center to transfer the ownership of Sub1 to Admin1. To which accounts can you transfer the ownership of Sub1?. contoso.com only. contoso.com, fabrikam.com, and Hotmail only. contoso.com and fabrikam.com only. contoso.com, fabrikam.com, Hotmail, and OpenID-enabled user account.

Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table. If user1 signs in to azure from a device that uses an ip address of 134.18.14.10, user1 must be authenticate by using a phone. If user2 signs in to azure from a device in the seattle office, user 2 must be authenticated by using the microsoft authentication app. If user2 signs in to azure from a device in the New York office, User2 must be authenticated by using a phone.

Your company plans to create separate subscriptions for each department. Each subscription will be associated to the same Azure Active Directory (Azure AD) tenant. You need to configure each subscription to have the same role assignments. What should you use?. Azure Security Center. Azure Policy. Azure AD Privileged Identity Management (PIM). Azure Blueprints.

You have an Azure subscription. You create an Azure web app named Contoso1812 that uses an S1 App Service plan. You plan to - create a CNAME DNS record for www.contoso.com that points to Contoso1812. You need to ensure that users can access Contoso1812 by using the https://www.contoso.com URL. Which two actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. Turn on the system-assigned managed identity for Contoso1812. Add a hostname to Contoso1812. Scale out the App Service plan of Contoso1812. Add a deployment slot to Contoso1812. Scale up the App Service plan of Contoso1812. Upload a PFX file to Contoso1812.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named sub1. You have an Azure Storage account named sa1 in a resource group named RG1. Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies. You discover that unauthorized users accessed both the file service and the blob service. You need to revoke all access to sa1. Solution: You create a lock on sa1. Does this meet the goal?. yes. no.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You deploy Azure Active Directory Domain Services (Azure AD DS) to the Azure subscription. Does this meet the goal?. YES. NO.

Your network contains an Active Directory forest named contoso.com. You have an Azure Directory (Azure AD) tenant named contoso.com. You plan to configure synchronization by using the Express Settings installation option in Azure AD Connect. You need to identify which roles and groups are required to perform the planned configuration. The solution must use the principle of least privilege. Which two roles and groups should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. the Domain Admins group in Active Directory. the Security administrator role in Azure AD. the Global administrator role in Azure AD. the User administrator role in Azure AD. the Enterprise Admins group in Active Directory.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a hybrid configuration of Azure Active Directory (Azure AD). You have an Azure HDInsight cluster on a virtual network. You plan to allow users to authenticate to the cluster by using their on-premises Active Directory credentials. You need to configure the environment to support the planned authentication. Solution: You deploy an Azure AD Application Proxy. Does this meet the goal?. YES. NO.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Sub1. You have an Azure Storage account named sa1 in a resource group named RG1. Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies. You discover that unauthorized users accessed both the file service and the blob service. You need to revoke all access to sa1. Solution: You regenerate the Azure storage account access keys. Does this meet the goal?. YES. NO.

DRAG DROP - You create an Azure subscription with Azure AD Premium P2. You need to ensure that you can use Azure Active Directory (Azure AD) Privileged Identity Management (PIM) to secure Azure AD roles. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Drag and Drop. Discover privileged roles. sign up PIM for Azure AD roles. Consent to PIM. Discover resources. verify your identity by using multi factor authentication (MFA).

You have a hybrid configuration of Azure Active Directory (Azure AD) that has Single Sign-On (SSO) enabled. You have an Azure SQL Database instance that is configured to support Azure AD authentication. Database developers must connect to the database instance from the domain joined device and authenticate by using their on-premises Active Directory account. You need to ensure that developers can connect to the instance by using Microsoft SQL Server Management Studio. The solution must minimize authentication prompts. Which authentication method should you recommend?. Active Directory - Password. Active Directory - Universal with MFA support. SQL Server Authentication. Active Directory - Integrated.

You plan to use Azure Resource Manager templates to perform multiple deployments of identically configured Azure virtual machines. The password for the administrator account of each deployment is stored as a secret in different Azure key vaults. You need to identify a method to dynamically construct a resource ID that will designate the key vault containing the appropriate secret during each deployment. The name of the key vault and the name of the secret will be provided as inline parameters. What should you use to construct the resource ID?. a key vault access policy. a linked template. a parameters file. an automation account.

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. Azure AD Privileged Identity Management (PIM) is enabled for the tenant. In PIM, the Password Administrator role has the following settings: ✑ Maximum activation duration (hours): 2 ✑ Send email notifying admins of activation: Disable ✑ Require incident/request ticket number during activation: Disable ✑ Require Azure Multi-Factor Authentication for activation: Enable Require approval to activate this role: Enable ✑ Selected approver: Group1 You assign users the Password Administrator role as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: When User1 signs in, the user is assigned the password administrator rol automatically. User2 can request to activate the password administrator role. If User 3 wants to activate the password administrator role, the user can approve their own request.

You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant. You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app. The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.) The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.). Users from the contoso named location must use MFA to access azure portal. Users from the contoso named location must use MFA to access the web service hosted in azure subscription. Users external to the contoso named location most use MFA to access azure portal.

You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. The tenant contains the named locations shown in the following table. You create the conditional access policies for a cloud app named App1 as shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: User1 can access app1 from an ip address of 154.12.18.10. Users2 can access app1 from an a ip address of 193.77.10.15. Users2 can access app1 from an a ip address of 154..12.18.34.

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. From Azure AD Privileged Identity Management (PIM), you configure the settings for the Security Administrator role as shown in the following exhibit. From PIM, you assign the Security Administrator role to the following groups: ✑ Group1: Active assignment type, permanently assigned ✑ Group2: Eligible assignment type, permanently eligible For each of the following statements, select Yes if the statement is true. Otherwise, select No. USER1 - Group1 USER2 - Group2 USER3- GROUP1,GROUP2. NOTE: Each correct selection is worth one point. Hot Area: User1 can only activate the security administrator role in five hours. If user2 activates the security administrator role, the user will be assigned the role inmediately. User3 can activate the security administrator role.

You have an Azure subscription. You configure the subscription to use a different Azure Active Directory (Azure AD) tenant. What are two possible effects of the change? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. Role assignments at the subscription level are lost. Virtual machine managed identities are lost. Virtual machine disk snapshots are lost. Existing Azure resources are deleted.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription named Sub1. You have an Azure Storage account named sa1 in a resource group named RG1. Users and applications access the blob service and the file service in sa1 by using several shared access signatures (SASs) and stored access policies. You discover that unauthorized users accessed both the file service and the blob service. You need to revoke all access to sa1. Solution: You generate new SASs. Does this meet the goal?. Yes. No.

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. NAME-----------MFA status user1 Disabled user2 Disabled user3 Enforced In Azure AD Privileged Identity Management (PIM), the Role settings for the Contributor role are configured as shown in the exhibit. (Click the Exhibit tab.) You assign users the Contributor role on May 1, 2019 as shown in the following table. NAME --------ASSIGNMENT TYPE user1 Eligible user2 Active user3 Active For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: On May 15, 2019, User1 can activate the contributor role. On May 15, 2019, User2 can activate the contributor role. On June15, 2019, User3 can activate the contributor role.

HOTSPOT - You work at a company named Contoso, Ltd. that has the offices shown in the following table. NAME----IP ADDRESS SPACE Boston 180.15.10.0/24 Seattle 132.32.15.0/24 Contoso has an Azure Active Directory (Azure AD) tenant named contoso.com. All contoso.com users have Azure Multi-Factor Authentication (MFA) enabled. The tenant contains the users shown in the following table. NAME---------USR DEVICE----LAST SIGN IN-----------DON'T ASK AGAIN FOR 14 DAYS user1 Device1 June1 Yes user2 Device2 June3 No The multi-factor authentication settings for contoso.com are configured as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: When user1 signs into device1 from the seattle office on june10, the user will be promted for MFA. When user2 signs into device2 from the boston office on june5, the user will be promted for MFA. When user1 signs into a new device from the seattle office on june7, the user will be promted for MFA.

You have an Azure subscription that contains virtual machines. You enable just in time (JIT) VM access to all the virtual machines. You need to connect to a virtual machine by using Remote Desktop. What should you do first?. From Azure Directory (Azure AD) Privileged Identity Management (PIM), activate the Security administrator user role. From Azure Active Directory (Azure AD) Privileged Identity Management (PIM), activate the Owner role for the virtual machine. From the Azure portal, select the virtual machine, select Connect, and then select Request access. From the Azure portal, select the virtual machine and add the Network Watcher Agent virtual machine extension.

You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. The User administrator role is assigned to a user named Admin1. An external partner has a Microsoft account that uses the user1@outlook.com sign in. Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: ג€Unable to invite user user1@outlook.com Generic authorization exception.ג€ You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant. What should you do?. From the Roles and administrators blade, assign the Security administrator role to Admin1. From the Organizational relationships blade, add an identity provider. From the Custom domain names blade, add a custom domain. From the Users blade, modify the External collaboration settings.

You have an Azure Active Directory (Azure AD) tenant. You have the deleted objects shown in the following table. On May 4, 2020, you attempt to restore the deleted objects by using the Azure Active Directory admin center. Which two objects can you restore? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. Group1. Group2. User2. User1.

HOTSPOT - Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table. NAME--------------------SOURCE User1---------------------AzureAD User2---------------------AzureAD User3---------------------On premise AD The tenant contains the groups shown in the following table. Name----------------------Members Group1--------------------User1, User2, User3 Group2--------------------User2 You configure a multi-factor authentication (MFA) registration policy that has the following settings: ✑ Assignments: - Include: Group1 - Exclude Group2 ✑ Controls: Require Azure MFA registration ✑ Enforce Policy: On For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: User1 will be prompted to configure MFA registratiton during the next Azure AD authentication. User2 must configure MFA during the user's next Azure AD Authentication. User3 will be prompted to configure MFA registratiton during the next Azure AD authentication.

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a user named User1. You plan to publish several apps in the tenant. You need to ensure that User1 can grant admin consent for the published apps. Which two possible user roles can you assign to User1 to achieve this goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. Security administrator. Cloud application administrator. Application administrator. User administrator. Application developer.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant. When a developer attempts to register an app named App1 in the tenant, the developer receives the error message shown in the following exhibit. You need to ensure that the developer can register App1 in the tenant. What should you do for the tenant?. Modify the Directory properties. Set Enable Security defaults to Yes. Configure the Consent and permissions settings for enterprise applications. Modify the User settings.

HOTSPOT - You have an Azure subscription named Subscription1 that contains the resources shown in the following table. You create an Azure role by using the following JSON file. You assign Role1 to User1 for RG1. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: User1 can create a new virtual machine in RG1. User can modify the properties of storage1. User1 can attach the network interface of VM1 to VNET1.

You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant and a user named User1. The App registrations settings for the tenant are configured as shown in the following exhibit. You plan to deploy an app named App1. You need to ensure that User1 can register App1 in Azure AD. The solution must use the principle of least privilege. Which role should you assign to User1?. App Configuration Data Owner for the subscription. Managed Application Contributor for the subscription. Cloud application administrator in Azure AD. Application developer in Azure AD.

You have the Azure virtual machines shown in the following table. Each virtual machine has a single network interface. You add the network interface of VM1 to an application security group named ASG1. You need to identify the network interfaces of which virtual machines you can add to ASG1. What should you identify?. VM2 only. VM2 and VM3 only. VM2, VM3, VM4, and VM5. VM2, VM3, and VM5 only.

You have an Azure subscription named Subcription1 that contains an Azure Active Directory (Azure AD) tenant named contoso.com and a resource group named RG1. You create a custom role named Role1 for contoso.com. You need to identify where you can use Role1 for permission delegation. What should you identify?. contoso.com only. contoso.com and RG1 only. contoso.com and Subscription1 only. contoso.com, RG1, and Subcription1.

You have an Azure subscription. You enable Azure Active Directory (Azure AD) Privileged Identity Management (PIM). Your company's security policy for administrator accounts has the following conditions: ✑ The accounts must use multi-factor authentication (MFA). ✑ The accounts must use 20-character complex passwords. ✑ The passwords must be changed every 180 days. ✑ The accounts must be managed by using PIM. You receive multiple alerts about administrators who have not changed their password during the last 90 days. You need to minimize the number of generated alerts. Which PIM alert should you modify?. Roles are being assigned outside of Privileged Identity Management. Roles don't require multi-factor authentication for activation. Administrators aren't using their privileged roles. Potential stale accounts in a privileged role.

Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD). Azure AD Connect is installed on a domain member server named Server1. You need to ensure that a domain administrator for the adatum.com domain can modify the synchronization options. The solution must use the principle of least privilege. Which Azure AD role should you assign to the domain administrator?. Security administrator. Global administrator. User administrator.

You have an Azure subscription that contains the users shown in the following table. Which users can enable Azure AD Privileged Identity Management (PIM)?. User2 and User3 only. User1 and User2 only. User2 only. User1 only.

You have an Azure subscription. You plan to create a custom role-based access control (RBAC) role that will provide permission to read the Azure Storage account. Which property of the RBAC role definition should you configure?. NotActions []. DataActions []. AssignableScopes []. Actions [].

You have an Azure subscription linked to an Azure Active Directory Premium Plan 1 tenant. You plan to implement Azure Active Directory (Azure AD) Identity Protection. You need to ensure that you can configure a user risk policy and a sign-in risk policy. What should you do first?. Purchase Azure Active Directory Premium Plan 2 licenses for all users. Register all users for Azure Multi-Factor Authentication (MFA). Enable security defaults for Azure AD. Upgrade Azure Security Center to the standard tier.

You have an Azure subscription that is linked to an Azure Active Directory (Azure AD) tenant. From the Azure portal, you register an enterprise application. Which additional resource will be created in Azure AD?. a service principal. an X.509 certificate. a managed identity. a user account.

HOTSPOT - You have the hierarchy of Azure resources shown in the following exhibit. RG1, RG2, and RG3 are resource groups. RG2 contains a virtual machine named VM1. You assign role-based access control (RBAC) roles to the users shown in the following table. NAME------------------ROLE-------------------ADDED TO RESOURCE user1-------------------Contriubtor------------Tenant root group user2----------------VM contributor----------Subscription 2 user3----------------VM ADM login----------RG2 For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: User1 can deploy virtual machine to RG1. User2 can delete VM2. User3 can reset the password of the built-in administrator account of VM2.

You have an Azure Container Registry named Registry1. You add role assignments for Registry1 as shown in the following table. user-----role User1 acrPush User2 AcrPull User3 AcrImageSigner User4 Contributor Which users can upload images to Registry1 and download images from Registry1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Upload Images. Download Images.

Your company has an Azure subscription named Subscription1 that contains the users shown in the following table. NAME---ROLE user1----Global administrator user2----Billing administrator user3----Owner user4----Account Admin The company is sold to a new owner. The company needs to transfer ownership of Subscription1. Which user can transfer the ownership and which tool should the user use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: User. Tool.

HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. NAME---------------Member OF------------MFA user1 Group1, Group2 Enabled user2 Group1 Disabled user3 Group1 Disabled You create and enforce an Azure AD Identity Protection sign-in risk policy that has the following settings: ✑ Assignments: Include Group1, exclude Group2 ✑ Conditions: Sign-in risk level: Medium and above ✑ Access Allow access, Require multi-factor authentication You need to identify what occurs when the users sign in to Azure AD. What should you identify for each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: When User1 sign in from an anonymous IP address the user will. When User2 sign in from an unfamiliar location, the user will. When User3 sign in from an infected device, the user will.

You have an Azure subscription named Sub 1 that is associated to an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table. Each user is assigned an Azure AD Premium P2 license. You plan to onboard and configure Azure AD Identity Protection. Which users can onboard Azure AD Identity Protection, remediate users, and configure policies? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Users who can onboard Azure AD identity protection. Users who can remediate users and configure policies.

HOTSPOT - You plan to implement an Azure function named Function1 that will create new storage accounts for containerized application instances. You need to grant Function1 the minimum required privileges to create the storage accounts. The solution must minimize administrative effort. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Assign role to. Role assignment to create.