Question 121
HOTSPOT
-
You have an Azure Active directory tenant that syncs with an Active Directory Domain Services (AD DS) domain.
You plan to create an Azure file share that will contain folders and files.
Which identity store can you use to assign permissions to the Azure file share and folders within the share? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 122
You have an Azure subscription.
You plan to deploy a new Conditional Access policy named CAPolicy1.
You need to use the What if tool to evaluate how CAPolicy1 wall affect users. The solution must minimize the impact of CAPolicy1 on the users.
To what should you set the Enable policy setting for CAPolicy1?
A. Off
B. On
C. Report only
Question 123
You have an Azure Active Directory (Azure AD) tenant that contains 500 users and an administrative unit named AU1.
From the Azure Active Directory admin center, you plan to add the users to AU1 by using Bulk add members.
You need to create and upload a file for the bulk add.
What should you include in the file?
A. only the display name of each user
B. only the user principal name (UPN) of each user
C. only the user principal name (UPN) and display name of each user
D. only the user principal name (UPN) and object identifier of each user
E. only the object identifier of each user
Question 124
HOTSPOT
-
You have the role assignments shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Question 125
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can create managed identities. The solution must use the principle of least privilege.
What should you do?
A. Create a management group and assign User1 the Hybrid Identity Administrator Azure Active Directory (Azure AD) role.
B. Create a management group and assign User1 the Managed Identity Operator role.
C. Create a resource group and assign User1 to the Managed Identity Contributor role.
D. Create an organizational unit (OU) and assign User1 the User administrator Azure Active Directory (Azure AD) role.
Question 126
HOTSPOT
-
You have an Azure subscription that contains a resource group named RG1. RG1 contains a virtual machine named VM1 that uses Azure Active Directory (Azure AD) authentication.
You have two custom Azure roles named Role1 and Role2 that are scoped to RG1.
The permissions for Role1 are shown in the following JSON code.
The permissions for Role2 are shown in the following JSON code.
You assign the roles to the users shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Question 127
DRAG DROP
-
You have an Azure subscription that contains the resources shown in the following table.
You plan to perform the following actions:
• Deploy a new app named App1 that will require access to Vault1.
• Configure a shared identity for VM1 and VM2 to access st1.
You need to configure identities for each requirement. The solution must minimize administrative effort.
Which type of identity should you configure for each requirement? To answer, drag the appropriate identity types to the correct requirements. Each identity type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Question 128
You have an Azure AD tenant. The tenant contains users that are assigned Azure AD Premium P2 licenses.
You have a partner company that has a domain named fabrikam.com. The fabrikam.com domain contains a user named User1. User1 has an email address of [email protected]
You need to provide User1 with access to the resources in the tenant. The solution must meet the following requirements:
• User1 must be able to sign in by using the [email protected] credentials.
• You must be able to grant User1 access to the resources in the tenant.
• Administrative effort must be minimized.
What should you do?
A. Create a user account for User1.
B. To the tenant, add fabrikam.com as a custom domain.
C. Create an invite for User1.
D. Set Enable guest self-service sign up via user flows to Yes for the tenant.
Question 129
You have an Azure AD tenant that contains the identities shown in the following table.
You plan to implement Azure AD Identity Protection.
What is the maximum number of user risk policies you can configure?
A. 1
B. 90
C. 200
D. 265
E. 1000
Question 130
You have an Azure subscription that contains a resource group named RG1 and the identities shown in the following table.
You assign Group4 the Contributor role for RG1.
Which identities can you add to Group4 as members?
A. User1 only
B. User1 and Group3 only
C. User1, Group1, and Group3 only
D. User1, Group2, and Group3 only
E. User1, Group1, Group2, and Group3
