option
Questions
ayuda
daypo
CREATE TEST
search.php

ERASED TEST, YOU MAY BE INTERESTED ON Topic 3

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
Topic 3

Description:
Topic 3 --

Author:
Account
Other tests from this author

Creation Date: 01/04/2025

Category: Art

Number of questions: 46
Share the Test:
New CommentNuevo Comentario
No comments about this test.
Content:
HOTSPOT - You have a Microsoft 365 tenant and an Active Directory domain named adatum.com. You deploy Azure AD Connect by using the Express Settings. You need to configure self-service password reset (SSPR) to meet the following requirements: ✑ When users reset their password, they must be prompted to respond to a mobile app notification or answer three predefined security questions. ✑ Passwords must be synced between the tenant and the domain regardless of where the password was reset. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Authentication methods Notifications Properties Regristration Federation with Active Directory Dederation Services (AD FS) Pass-through authentication Password hash synchronization Password writeback.
You have an Azure subscription that contains an Azure Automation account named Automation1 and an Azure key vault named Vault1. Vault1 contains a secret named Secret1. You enable a system-assigned managed identity for Automation1. You need to ensure that Automation1 can read the contents of Secret1. The solution must meet the following requirements: • Prevent Automation1 from accessing other secrets stored in Vault1. • Follow the principle of least privilege. What should you do? From Vault1, configure the Access control (IAM) settings From Automation1, configure the Identity settings From Automation1, configure the Run as accounts settings From Secret1, configure the Access control (IAM) settings.
You have a Microsoft 365 tenant. The Azure Active Directory (Azure AD) tenant syncs to an on-premises Active Directory domain. Users connect to the internet by using a hardware firewall at your company. The users authenticate to the firewall by using their Active Directory credentials. You plan to manage access to external applications by using Azure AD. You need to use the firewall logs to create a list of unmanaged external applications and the users who access them. What should you use to gather the information? Application Insights in Azure Monitor access reviews in Azure AD Cloud App Discovery in Microsoft Cloud App Security enterprise applications in Azure AD.
HOTSPOT - You have an on-premises datacenter that contains the hosts shown in the following table. The Active Directory forest syncs to an Azure Active Directory (Azure AD) tenant. Multi-factor authentication (MFA) is enforced for Azure AD. You need to ensure that you can publish App1 to Azure AD users. What should you configure on Server4 and Firewall1? Azure AD Application Proxy The Azure AD Password Protection DC agent The Azure AD Password Protection proxy service Web Application Proxy in Windows Server Allow incoming HTTPS connections from Azure AD to Server4 Allow incoming IPsec connections from Azure AD to Server4 Allow outbound HTTPS connections from Server4 to Azure AD Allow outbound IPsec connections from Server4 to Azure AD.
HOTSPOT - You have an Azure Active Directory (Azure AD) tenant that has the default App registrations settings. The tenant contains the users shown in the following table. You purchase two cloud apps named App1 and App2. The global administrator registers App1 in Azure AD. You need to identify who can assign users to App1, and who can register App2 in Azure AD. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Admin1 only Admin3 only Admin1 and Admin3 only Admin1, Admin2, and Admin3 only Admin1, Admin2, Admin3, and User1 Admin1 only Admin3 only Admin1 and Admin3 only Admin1, Admin2, and Admin3 only Admin1, Admin2, Admin3, and User1.
HOTSPOT - You have a custom cloud app named App1 that is registered in Azure Active Directory (Azure AD). App1 is configured as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Hot Area: All users No one Only users listed on the Owners blade Only users listed on the Users and groups blade All users No one Only users listed on the Owners blade Only users listed on the Users and groups blade.
You have an Azure Active Directory (Azure AD) tenant. For the tenant, Users can register applications is set to No. A user named Admin1 must deploy a new cloud app named App1. You need to ensure that Admin1 can register App1 in Azure AD. The solution must use the principle of least privilege. Which role should you assign to Admin1? Managed Application Contributor for Subscription1 Application developer in Azure AD Cloud application administrator in Azure AD App Configuration Data Owner for Subscription1.
HOTSPOT - You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.) You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.) You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Yes No Yes No Yes No.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection enabled. You need to implement a sign-in risk remediation policy without blocking user access. What should you do first? Configure access reviews in Azure AD Enforce Azure AD Password Protection Configure self-service password reset (SSPR) for all users Implement multi-factor authentication (MFA) for all users.
HOTSPOT - Your company has a Microsoft 365 tenant. All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant. The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery. You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort. What should you recommend for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: An app registration in Azure AD Azure AD Application Proxy An enterprise application in Azure AD A managed identity in Azure AD Azure AD Application Proxy A compliance policy A conditional access policy An OAuth policy.
Your company requires that users request access before they can access corporate applications. You register a new enterprise application named MyApp1 in Azure Active Directory (Azure AD) and configure single sign-on (SSO) for MyApp1. Which settings should you configure next for MyApp1? Self-service Provisioning Application proxy Roles and administrators.
DRAG DROP - Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company is developing a web service named App1. You need to ensure that App1 can use Microsoft Graph to read directory data in contoso.com. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange then in the correct order. Select and Place: Add a group claim Create an app registration Grant admin consent Add delegated permissions Add app permissions.
You have an Azure Active Directory (Azure AD) tenant that contains cloud-based enterprise apps. You need to group related apps into categories in the My Apps portal. What should you create? tags collections naming policies dynamic groups.
The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table. In Azure AD, you add a new enterprise application named App1. Which groups can you assign to App1? Group1 only Group2 only Group3 only Group1 and Group4 Group1 and Group3.
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in, the following table. The User settings for enterprise applications have the following configurations: ✑ Users can consent to apps accessing company data on their behalf: No ✑ Users can consent to apps accessing company data for the groups they own: No ✑ Users can request admin consent to apps they are unable to consent to: Yes Who can review admin consent requests: Admin2, User2 User1 attempts, to add an app that requires consent to access company data. Which user can provide consent? User1 User2 Admin1 Admin2.
You have a Microsoft 365 subscription. The subscription contains users that use Microsoft Outlook 2016 and Outlook 2013 clients. You need to implement tenant restrictions. The solution must minimize administrative effort. What should you do first? Configure the Outlook 2013 clients to use modern authentication Upgrade the Outlook 2013 clients to Outlook 2016 From the Exchange admin center, configure Organization Sharing Upgrade all the Outlook clients to Outlook 2019.
You have a Microsoft 365 E5 subscription. You need to create a Microsoft Defender for Cloud Apps session policy. What should you do first? From the Microsoft Defender for Cloud Apps portal, select User monitoring From the Microsoft Defender for Cloud Apps portal, select App onboarding/maintenance From the Azure Active Directory admin center, create a Conditional Access policy From the Microsoft Defender for Cloud Apps portal, create a continuous report.
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table. You add an enterprise application named App1 to Azure AD and set User1 as the owner of App1. App1 requires admin consent to access Azure AD before the app can be used. You configure the Admin consent requests settings as shown in the following exhibit. Admin1, Admin2, Admin3, and User’ are added as reviewers. Which users can review and approve the admin consent requests? Admin1 only Admin1, Admin2 and Admin3 only Admin1, Admin2, and User1 only Admin1 and Admin2 only Admin1, Admin2, Admin3, and User1.
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. You need to be notified if a user downloads more than 50 files in one minute from Site1. Which type of policy should you create in the Microsoft Defender for Cloud Apps portal? session policy activity policy file policy anomaly detection policy.
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 hosts PDF files. You need to prevent users from printing the files directly from Site1. Which type of policy should you create in the Microsoft Defender for Cloud Apps portal? activity policy access policy file policy session policy.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk. Which type of policy should you create in the Microsoft Defender for Cloud Apps portal? access policy OAuth app policy anomaly detection policy activity policy.
You have a Microsoft 365 E5 subscription. Users authorize third-party cloud apps to access their data. You need to configure an alert that will be triggered when an app requires high permissions and is authorized by more than 20 users. Which type of policy should you create in the Microsoft Defender for Cloud Apps portal? anomaly detection policy OAuth app policy access policy activity policy.
Your company has an Azure AD tenant that contains the users shown in the following table. You have the app registrations shown in the following table. A company policy prevents changes to user permissions. Which user can create appointments in the calendar of each user at the company? User1 User2 User3 User4.
You have an Azure AD tenant that contains a user named User1 and a registered app named App1. User1 deletes the app registration of App1. You need to restore the app registration. What is the maximum number of days you have to restore the app registration from when it was deleted? 14 30 60 180.
HOTSPOT- You have a Microsoft 365 tenant. Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure AD. You need to receive an alert if a registered application gains read and write access to the users’ email. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Azure AD Identity Protection Identity Governance Microsoft Defender for Cloud Apps Microsoft Endpoint Manager App discovery App protection Conditional access OAuth app Sign-in risk User risk.
Case Study - ADatum identifies the following technical requirements: • Users assigned the User administrator role must be able to request permission to use the role when needed for up to one year. • Users must be prompted to register for MFA and provided with an option to bypass the registration for a grace period. • Users must provide one authentication method to reset their password by using SSPR. Available methods must include: - Email - Phone - Security questions - The Microsoft Authenticator app • Trust relationships must NOT be established between the adatum.com and litware.com AD DS domains. • The principle of least privilege must be used. You need implement the planned changes for application access to organizational data. What should you configure? authentication methods the User consent settings access packages an application proxy.
You have an Azure AD tenant. You configure User consent settings to allow users to provide consent to apps from verified publishers. You need to ensure that the users can only provide consent to apps that require low impact permissions. What should you do? Create an enterprise application collection Create an access review Create an access package Configure permission classifications.
HOTSPOT- You have a Microsoft 365 E5 subscription that contains a user named User1. You configure app governance integration. User1 needs to view the App governance dashboard. The solution must use the principle of the least privilege. Which role should you assign to User1, and which portal should User1 use to view the dashboard? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Application Administrator Application Developer Cloud Application Administrator The Microsoft 365 admin center The Microsoft 365 Defender portal The Microsoft Defender for Cloud Apps portal The Microsoft Purview compliance portal.
You have an Azure subscription. You are evaluating enterprise software as a service (SaaS) apps. You need to ensure that the apps support automatic provisioning of Azure AD users. Which specification should the apps support? OAuth 2.0 WS-Fed SCIM 2.0 LDAP 3.
You have an Azure AD tenant. You discover that a large number of new apps were added to the tenant. You need to implement an approval process for new enterprise applications. What should you do? From the Microsoft Defender for Cloud Apps portal, create a Cloud Discovery anomaly detection policy From the Microsoft Entra admin center, configure the Admin consent settings From the Microsoft Defender for Cloud Apps portal, configure an app connector From the Microsoft Entra admin center, configure an access review.
You have a Microsoft 365 E5 subscription. You purchase the app governance add-on license. You need to enable app governance integration. Which portal should you use? the Microsoft Defender for Cloud Apps portal the Microsoft 365 admin center Microsoft 365 Defender the Azure Active Directory admin center the Microsoft Purview compliance portal.
Your company purchases a new Microsoft 365 E5 subscription and an app named App1. You need to create a Microsoft Defender for Cloud Apps access policy for App1. What should you do you first? Configure a Conditional Access policy to use app-enforced restrictions Configure a Token configuration for App1 Add an API permission for App1 Configure a Conditional Access policy to use Conditional Access App Control.
Case Study -Contoso identifies the following technical requirements: • All users must be synced from AD DS to the contoso.com Azure AD tenant. • App1 must have a redirect URI pointed to https://contoso.com/auth-response. • License allocation for new users must be assigned automatically based on the location of the user. • Fabrikam users must have access to the marketing department’s SharePoint site for a maximum of 90 days. • Administrative actions performed in Azure AD must be audited. Audit logs must be retained for one year. • The helpdesk administrators must be able to manage licenses for only the users in their respective office. • Users must be forced to change their password if there is a probability that the users’ identity was compromised. You need to meet the planned changes and technical requirements for App1. What should you implement? a policy set in Microsoft Intune Azure AD Application Proxy an app configuration policy in Microsoft Intune an app registration in Azure AD.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Google Workspace app connector. Does this meet the goal? Yes No.
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Amazon Web Services app connector. Does this meet the goal? Yes No.
Your company purchases a Microsoft 365 E5 subscription. A user named User1 is assigned the Security Administrator role. You need to ensure that User1 can create Microsoft Defender for Cloud Apps session policies. What should you do first? Create a Conditional Access policy and select Require app protection policy Create a Conditional Access policy and select Use Conditional Access App Control Assign the Cloud Application Administrator role to User1 Assign the Cloud App Security Administrator role to User1.
HOTSPOT- You have an Azure subscription that contains the resources shown in the following table. The subscription contains the virtual machines shown in the following table. Which identities can be assigned the Owner role for RG1, and to which virtual machines can you assign Managed2? Managed1 only Managed1, VM1, and VM3 only Managed1, Managed2, and VM1 only Managed1, Managed2, VM1, and VM2 only Managed1, Managed2, VM1, VM2, and VM3 only VM4 only VM2 and VM4 only VM1, VM2, and VM4 only VM1, VM2, VM3, and VM4 .
HOTSPOT- You have a Microsoft Entra tenant that contains multiple storage accounts. You plan to deploy multiple Azure App Service apps that will require access to the storage accounts. You need to recommend an identity solution to provide the apps with access to the storage accounts. The solution must minimize administrative effort. Which type of identity should you recommend, and what should you recommend using to control access to the storage accounts? To answer, select the appropriate options in the answer area. Microsoft Entra user Service principal System-assigned managed identity User-assigned managed identity Microsoft Entra Domain Services Role-based access control (RBAC) Shared access signature (SAS) tokens X.509 certificates.
You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity. You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity. What should you configure for storage1 in the Azure portal? data protection a shared access signature (SAS) the Access control (IAM) settings the File share settings access keys.
You have a Microsoft 365 subscription. You plan to deploy an app named App1 that will have the following configurations: • Will be registered in Microsoft Entra • Will access the signed-in user's Microsoft Outlook calendar by using the Microsoft Graph API You need to ensure that App1 can access Microsoft Graph. What should you use? application permissions delegated permissions a custom role-based access control (RBAC) role a built-in role-based access control (RBAC) role.
You have an Azure Active Directory (Azure AD) tenant. You create an enterprise application collection named HR Apps that has the following settings: ✑ Applications: App1, App2, App3 ✑ Owners: Admin1 ✑ Users and groups: HRUsers All three apps have the following Properties settings: ✑ Enabled for users to sign in: Yes ✑ User assignment required: Yes Visible to users: Yes - Users report that when they go to the My Apps portal, they only see App1 and App2. You need to ensure that the users can also see App3. What should you do from App3? A. From Users and groups, add HRUsers. B. From Single sign-on, configure a sign-on method. C. From Properties, change User assignment required to No. D. From Permissions, review the User consent permissions.
You have an Azure AD tenant and a .NET web app named App1. You need to register App1 for Azure AD authentication. What should you configure for App1? A. the executable name B. the bundle ID C. the package name D. the redirect URI .
You have an Amazon Web Services (AWS) account, a Google Workspace subscription, and a GitHub account. You deploy an Azure subscription and enable Microsoft 365 Defender. You need to ensure that you can monitor OAuth authentication requests by using Microsoft Defender for Cloud Apps. Solution: From the Microsoft 365 Defender portal, you add the Microsoft Azure app connector. Does this meet the goal? Yes No.
User1 builds an ASP.NET web app named App1. You need to ensure that User1 can register App1. The solution must use the principle of least privilege. Which role should you assign to User1? A. Application Developer B. Cloud App Security Administrato C. Cloud Application Administrator D. Application Administrator.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps. You plan to increase app security for the subscription. You need to identify which apps do NOT require user authentication. What should you do in the Microsoft 365 Defender porta A. Review the cloud app catalog. B. Create an OAuth policy and review alerts. C. Create a snapshot Cloud Discovery report. D. Create a discovered app query.
You have an Azure subscription named Sub1 that contains a resource group named RG1. RG1 contains an Azure Cosmos DB database named DB1 and an Azure Kubernetes Service (AKS) cluster named AKS1. AKS1 uses a managed identity. You need to ensure that AKS1 can access DB1. The solution must meet the following requirements: • Ensure that AKS1 uses the managed identity to access DB1. • Follow the principle of least privilege. Which role should you assign to the managed identity of AKS1? A. For Sub1, assign the Owner role B. For DB1, assign the Azure Cosmos DB Account Reader Role role. C. For RG1, assign the Azure Cosmos DB Data Reader Role role. D. For RG1, assign the Reader role. .
Report abuse