ERASED TEST, YOU MAY BE INTERESTED ON ac-1
COMMENTS |
STATISTICS |
RECORDS
|
|---|
TAKE THE TEST
|
Title of test:
ac-1 Description: ac-1 test Author: ac1 Other tests from this author Creation Date: 01/04/2025 Category: Others Number of questions: 66 |
Share the Test:
New Comment
No comments about this test.
Content:
|
You have an Azure Active Directory (Azure AD) tenant that contains the following objects:
✑ A device named Device1
✑ Users named User1, User2, User3, User4, and User5
✑ Groups named Group1, Group2, Group3, Group4, and Group5
The groups are configured as shown in the following table.
To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly? Group1 and Group4 only Group1, Group2, Group3, Group4, and Group5 Group1 and Group2 only Group1 only Group1, Group2, Group4, and Group5 only. You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com. Several users use their contoso.com email address for self-service sign-up to Azure Active Directory (Azure AD). You gain global administrator privileges to the Azure AD tenant that contains the self-signed users. You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services. Which PowerShell cmdlet should you run? Set-MsolCompanySettings Set-MsolDomainFederationSettings Update-MsolfederatedDomain Set-MsolDomain. You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.) A user named bsmith@fabrikam.com shares a Microsoft SharePoint Online document library to the users shown in the following table. Which users will be emailed a passcode? User2 only User1 only User1 and User2 only User1, User2, and User3 . You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use? the Identity Governance blade in the Azure Active Directory admin center the Set-AzureAdUser cmdlet the Licenses blade in the Azure Active Directory admin center the Set-WindowsProductKey cmdlet. HOTSPOT - You have a Microsoft 365 tenant named contoso.com. Guest user access is enabled. Users are invited to collaborate with contoso.com as shown in the following table. From the External collaboration settings in the Azure Active Directory admin center, you configure the Collaboration restrictions settings as shown in the following exhibit. From a Microsoft SharePoint Online site, a user invites user3@adatum.com to the site. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Yes No Yes No Yes No. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to bulk invite Azure AD business-to-business (B2B) collaboration users. Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point. email address redirection URL username shared key password. You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table. Which objects can you add as members to Group3? User2 and Group2 only User2, Group1, and Group2 only User1, User2, Group1 and Group2 User1 and User2 only User2 only. You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure password writeback. Does this meet the goal? Yes No. You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure pass-through authentication. Does this meet the goal? Yes No. You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure conditional access policies. Does this meet the goal? Yes No. You have an Azure Active Directory (Azure AD) tenant that contains the following objects. ✑ A device named Device1 ✑ Users named User1, User2, User3, User4, and User5 Five groups named Group1, Group2, Group3, Group4, and Group5 The groups are configured as shown in the following table. How many licenses are used if you assign the Microsoft 365 Enterprise E5 license to Group1? 0 2 3 4. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1. A contractor uses the credentials of user1@outlook.com. You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com. What should you do? Run the New-AzADUser cmdlet Configure the External collaboration settings Add a WS-Fed identity provider Create a guest user account in contoso.com. Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect. You need to prevent the synchronization of users who have the extensionAttribute15 attribute set to NoSync. What should you do in Azure AD Connect? Create an inbound synchronization rule for the Windows Azure Active Directory connector Configure a Full Import run profile Create an inbound synchronization rule for the Active Directory Domain Services connector Configure an Export run profile. Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table. All the users work remotely. Azure AD Connect is configured in Azure AD as shown in the following exhibit. Connectivity from the on-premises domain to the internet is lost. Which users can sign in to Azure AD? User1 and User3 only User1 only User1, User2, and User3 User1 and User2 only. You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes. You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD. Solution: You configure Azure AD Password Protection. Does this meet the goal? Yes No. HOTSPOT - Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table. You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.) You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Yes No Yes No Yes No. You have an Azure Active Directory (Azure AD) tenant named contoso.com. You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU). What should you configure? a user flow the terms of use a linked subscription an access review. DRAG DROP - You have a new Microsoft 365 tenant that uses a domain name of contoso.onmicrosoft.com. You register the name contoso.com with a domain registrar. You need to use contoso.com as the default domain name for new Microsoft 365 users. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order. Select and Place: Delete the contoso.ommicrosoft.com domain Add a custom domain name of contoso.com Set the domain to primary Create a new TXT record in DNS Successfully verify the domain name. HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium Plan 2 license. The tenant contains the users shown in the following table. You have the Device Settings shown in the following exhibit. User1 has the devices shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Yes No Yes No Yes No. DRAG DROP - You have a Microsoft 365 E5 subscription that contains three users named User1, User2, and User3. You need to configure the users as shown in the following table. Which portal should you use to configure each user? To answer, drag the appropriate portals to the correct users. Each portal may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place: Azure Active Directory admin center Exchange admin center Microsoft 365 compliance center Microsoft Endpoint Manager admin center SharePoint admin center. You have an Active Directory forest that syncs to an Azure Active Directory (Azure AD) tenant. The tenant uses pass-through authentication. A corporate security policy states the following: ✑ Domain controllers must never communicate directly to the internet. ✑ Only required software must be installed on servers. The Active Directory domain contains the on-premises servers shown in the following table. You need to ensure that users can authenticate to Azure AD if a server fails. On which server should you install an additional pass-through authentication agent? Server4 Server2 Server1 Server3. You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1. A contractor uses the credentials of user1@outlook.com. You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as user1@outlook.com. What should you do? Run the New-AzureADMSInvitation cmdlet Configure the External collaboration settings Add a WS-Fed identity provider Implement Azure AD Connect. HOTSPOT - You have an Azure Active Directory (Azure AD) tenant and an Azure web app named App1. You need to provide guest users with self-service sign-up for App1. The solution must meet the following requirements: ✑ Guest users must be able to sign up by using a one-time password. ✑ The users must provide their first name, last name, city, and email address during the sign-up process. What should you configure in the Azure Active Directory admin center for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: A linked subscription An identity provider Azure AD Privileged Identity Management (PIM) The External collaboration settings A user flow Access reviews An access package The tenant properties. You have an Azure Active Directory (Azure AD) Azure AD tenant. You need to bulk create 25 new user accounts by uploading a template file. Which properties are required in the template file? displayName, identityIssuer, usageLocation, and userType accountEnabled, givenName, surname, and userPrincipalName accountEnabled, displayName, userPrincipalName, and passwordProfile accountEnabled, passwordProfile, usageLocation, and userPrincipalName. You have an Azure Active Directory (Azure AD) tenant that: contains a user named User1. You need to ensure that User1 can create new catalogs and add1 resources to the catalogs they own. What should you do? From the Roles and administrators blade, modify the Groups administrator role From the Roles and administrators blade, modify the Service support administrator role From the Identity Governance blade, modify the Entitlement management settings From the Identity Governance blade, modify the roles and administrators for the General catalog. Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. Users sign in to computers that run Windows 10 and are joined to the domain. You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO). You need to configure the Windows 10 computers to support Azure AD Seamless SSO. What should you do? Configure Sign-in options from the Settings app Enable Enterprise State Roaming Modify the Local intranet Zone settings Install the Azure AD Connect Authentication Agent. HOTSPOT- You have an Azure subscription. You need to create two custom roles named Role1 and Role2. The solution must meet the following requirements: • Users that are assigned Role1 can create or delete instances of Azure Container Apps. • Users that are assigned Role2 can enforce adaptive network hardening rules. Which resource provider permissions are required for each role? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Microsoft.App Microsoft.Compute Microsoft.Management Microsoft.Security Microsoft.App Microsoft.Compute Microsoft.Network Microsoft.Security. You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. You have an administrative unit named Au1. Group1, User2, and User3 are members of Au1. User5 is assigned the User administrator role for Au1. For which users can User5 reset passwords? User1, User2, and User3 User1 and User2 only User3 and User4 only User2 and User3 only. You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. You create a dynamic user group and configure the following rule syntax. user.usageLocation -in ["US","AU"] -and (user.department -eq "Sales") -and -not (user.jobTitle -eq "Manager") –or (user. jobTitle -eq "SalesRep") Which users will be added to the group? User1 only User2 only User3 only User1 and User2 only User1 and User3 only User1, User2, and User3. You have an Azure AD tenant that contains a user named User1. User1 needs to manage license assignments and reset user passwords. Which role should you assign to User1? Helpdesk administrator Billing administrator License administrator User administrator. You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use? the Set-MsolUserLicense cmdlet the Set-AzureADGroup cmdlet the Set-WindowsProductKey cmdlet the Administrative units blade in the Azure Active Directory admin center. You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You needed to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use? the Groups blade in the Azure Active Directory admin center the Set-AzureADGroup cmdlet the Identity Governance blade in the Azure Active Directory admin center the Set-MsolUserLicense cmdlet. You have a Microsoft 365 E5 subscription. You create a user named User1. You need to ensure that User1 can update the status of Identity Secure Score improvement actions. Solution: You assign the Exchange Administrator role to User1. Does this meet the goal? Yes No. You have a Microsoft 365 E5 subscription. You create a user named User1. You need to ensure that User1 can update the status of Identity Secure Score improvement actions. Solution: You assign the User Administrator role to User1. Does this meet the goal? Yes No. Case Study - the Device settings the User settings the Access reviews settings Security defaults. Case Study - Change Membership type of IT_Group1 to Dynamic User Recreate the IT_Group1 group Change Membership type of IT Group1 to Dynamic Device Add an owner to IT_Group1. Case Study - Azure AD Connect cloud sync between the Azure AD tenant and litware.com Azure AD Connect to include the litware.com domain staging mode in Azure AD Connect for the litware.com domain. You have the Azure resources shown in the following table. To which identities can you assign the Contributor role for RG1? User1 only User1 and Group1 only User1 and VM1 only User1, VM1, and App1 only User1, Group1, VM1, and App1. HOTSPOT- You have an Azure AD tenant that contains a user named User1. User1 is assigned the User Administrator role. You need to configure External collaboration settings for the tenant to meet the following requirements: • Guest users must be prevented from querying staff email addresses. • Guest users must be able to access the tenant only if they are invited by User1. Which three settings should you configure? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point. Guest users have the same access as members (most inclusive) Guest users have limited access to properties and memberships of directory objects Guest user access is restricted to properties and memberships of their own directory objects (most restrictive) Anyone in the organization can invite guest users including guests and non-admins (most inclusive) Member users and users assigned to specific admin roles can invite guest users including guests with member Only users addigned to specific admin roles can invite guest users No one in the organization can invite quest users including admins (most restrictive) No Yes. You have a Microsoft 365 E5 subscription. You create a user named User1. You need to ensure that User1 can update the status of Identity Secure Score improvement actions. Solution: You assign the Security Operator role to User1. Does this meet the goal? Yes No. You have an Azure AD tenant that contains a user named Admin1. You need to ensure that Admin1 can perform only the following tasks: • From the Microsoft 365 admin center, create and manage service requests. • From the Microsoft 365 admin center, read and configure service health. • From the Azure portal, create and manage support tickets. The solution must minimize administrative effort. What should you do? Create an administrative unit and add Admin1 Enable Azure AD Privileged Identity Management (PIM) for Admin1 Assign Admin1 the Helpdesk Administrator role Create a custom role and assign the role to Admin1. HOTSPOT- Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant. You need to ensure that user authentication always occurs by validating passwords against the AD DS domain. What should you configure, and what should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Azure AD Password protection Cross-tenant synchronization Pass-through authentication Password hash synchronization Azure AD Connect Microsoft Identity Manager (MIM) The Microsoft Entra admin center The Microsoft Purview compliance portal. You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.) A user named bsmith@fabrikam.com shares a Microsoft SharePoint Online document library to the users shown in the following table. Which users will be emailed a passcode? User2 only User1 only User1 and User2 only User1, User2, and User3. HOTSPOT- Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD and contains the users shown in the following table. In Azure AD Connect, Domain/OU Filtering is configured as shown in the following exhibit. Azure AD Connect is configured as shown in the following exhibit. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Yes No Yes No Yes No. You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft Office 365 Enterprise E5 licenses to a group that includes all users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use? the Update-MgGroup cmdlet the Licenses blade in the Azure Active Directory admin center the Set-WindowsProductKey cmdlet the Administrative units blade in the Azure Active Directory admin center. You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com. Several users use their contoso.com email address for self-service sign-up to Azure AD. You gain global administrator privileges to the Azure AD tenant that contains the self-signed users. You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services. Which PowerShell cmdlet should you run? Update-MgOrganization Update-MgPolicyPermissionGrantPolicyExclude Update-MgDomain Update-MgDomainFederationConfiguration. You have an Azure AD tenant that contains the external user shown in the following exhibit. You update the email address of the user. You need to ensure that the user can authenticate by using the updated email address. What should you do for the user? Modify the Authentication methods settings Reset the password Revoke the active sessions Reset the redemption status. You have an Azure AD tenant. You need to ensure that only users from specific external domains can be invited as guests to the tenant. Which settings should you configure? External collaboration settings All identity providers Cross-tenant access settings Linked subscriptions. You have an Azure AD tenant that contains a user named User1 and a Microsoft 365 group named Group1. User1 is the owner of Group1. You need to ensure that User1 is notified every three months to validate the guest membership of Group1. What should you do? Configure the External collaboration settings Create an access review Configure an access package Create a group expiration policy. Which members can you add to GroupA and GroupB? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Group A Group B. You need to resolve the recent security incident issues. What should you configure for each incident? To answer, drag the appropriate policy types to the correct issues. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content An authentication method policy A Conditional Acess policy A sign in risk policy A user risk policy. For which users can you configure the Job title property and the Usage location property in Azure AD? To answer, select the appropriate options in the answer area. User2 only User 1 and User2 only User 2 and User 3 only User1,User2,User3 User2 only User 1 and User2 only User 2 and User 3 only User1,User2,User3. You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 365 licenses. What should you do? A. Configure Azure AD Application Proxy in the Contoso West tenant. B. Invite the Contoso East users as guests in the Contoso West tenant. C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant. D. Configure the existing Azure AD Connect server in Contoso East to sync the Contoso East Active Directory forest to the Contoso West tenant. . You have a Microsoft 365 E5 subscription that contains two users named User1 and User2. You need to ensure that User1 can create access reviews for groups, and that User2 can review the history report for all the completed access reviews. The solution must use the principle of least privilege Global administrator Global Reader Reports reader Security operator Security reader User administrator. You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege. Which object type and Azure Active Directory (Azure AD) role should you use? An administrative unit A custom administrator role A dynamic group A Microsoft 365 group Authentication administrator Groups administrator Helpdesk administrator Password administrator. Your on-premises network contains an Active Directory domain that uses Azure AD Connect to sync with an Azure AD tenant. You need to configure Azure AD Connect to meet the following requirements: • User sign-ins to Azure AD must be authenticated by an Active Directory domain controller. • Active Directory domain users must be able to use Azure AD self-service password reset (SSPR). Federation with Active Directory Federation Services(AD FS) Pass-through authentication Password hash synchronization Device writeback Group writeback Password hash synchronization Password writeback. Case Study: Contoso identifies the following technical requirements: What should you create first, and which tool should you use? To answer, select the appropriate options in the answer are An administrative unit A custom role A Dynamic User security group An OU Azure Active Directory admin center Active Directory Adminstrative center Active Directory module for Windows Powershell Microsoft Purview Compliance portal. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 E5 subscription. You create a user named User1. You need to ensure that User1 can update the status of Identity Secure Score improvement actions. Solution: You assign the SharePoint Administrator role to User1. Does this meet the goal? A.Yes B.No. Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD and contains the users shown in the following table. Yes No Yes No Yes No. You have an Azure AD tenant that contains the users shown in the following table. You need to compare the role permissions of each user. The solution must minimize administrative effort. What should you use? A. the Microsoft 365 Defender portal B. the Microsoft 365 admin center C. the Microsoft Entra admin center D. the Microsoft Purview compliance portal . You have an Azure AD tenant. You need to configure the following External Identities features: • B2B collaboration • Monthly active users (MAU)-based pricing Which two settings should you configure? To answer, select the settings in the answer area. NOTE: Each correct selection is worth one point External collaboration settings Linked subscriptions. For each of the following statements, select Yes if the statement is true. Otherwise, select No. Yes No Yes No Yes No. User1 has the devices shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise. select No. Yes No Yes No Yes No. You have an Azure subscription named Sub1 that contains a user named User1. You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege. Which role should you assign to User1? A. Global Administrator B. Billing Administrator C. Permissions Management Administrator D. User Access Administrator . You have an Azure subscription that contains a user named User1 and two resource groups named RG1 and RG2. You need to ensure that User1 can perform the following tasks: • View all resources. • Restart virtual machines. • Create virtual machines in RG1 only. • Create storage accounts in RG1 only. What is the minimum number of role-based access control (RBAC) role assignments required? A. 1 B. 2 C. 3 D. 4. You work for a company named Contoso, Ltd. that has a Microsoft Entra tenant named contoso.com. Contoso is working on a project with the following two partner companies: • A company named A. Datum Corporation that has a Microsoft Entra tenant named adatum.com. • A company named Fabrikam, Inc. that has a Microsoft Entra tenant named fabrikam.com. When you attempt to invite a new guest user from adatum.com to contoso.com, you receive an error message. You can successfully invite a new guest user from fabnkam.com to contoso.com. You need to be able to invite new guest users from adatum.com to contoso.com. What should you configure? A. Guest invite settings B. Verifiable credentials C. Named locations D. Collaboration restrictions. |
Report abuse