You have an Azure subscription.
From Entitlement management, you plan to create a catalog named Catalog1 that will contain a custom extension.
What should you create first and what should you use to distribute Catalog1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains three groups named Groups1, Group2, and Group3, and the users shown in the following table.
You create a Conditional Access policy named CAT that has the following settings:
• Users
° Include
■Users and groups: Group1
o Exclude
■Users and groups: Group2
■Directory roles: Global Administrator
o Target resources
■Include: All cloud apps
o Access controls
■Grant: Require multifactor authentication
You create a Conditional Access policy named CA2 that has the following settings:
• Users
° Include
■Users and groups: Group2
o Exclude
■Users and groups: Group3
o Target resources
■Include: All cloud apps
o Access controls
■Grant: Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure AD tenant named contoso.com that contains a group named All Company and has the following Identity Governance settings:
• Block external users from signing in to this directory: Yes
• Remove external user Yes
• Number of days before removing external user from this directory: 30
On March 1, 2022, you create an access package named Package1 that has the following settings:
• Resource roles
o Name: All Company
o Type: Group and Team
o Role: Member
• Lifecycle
o Access package assignment expire: On date
o Assignment expiration date: April 1, 2022
On March 1, 2022, you assign Package1 to the guest users shown in the following table.
On March 2, 2022, you assign the Reports reader role to Guest1.
On April 1(2022, you invite a guest user named Guest3 to contoso.com.
On April 4, 2022, you add Guest3 to the All Company group.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps and Conditional Access policies. You need to block access to cloud apps when a user is assessed as high risk.
Which type of policy should you create in the Microsoft Defender for Cloud Apps?
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate.
Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA).
Does this meet the goal?
You have a Microsoft 365 tenant.
Sometimes, users use external, third-party applications that require limited access to the Microsoft 365 data of the respective user. The users register the applications in Azure Active Directory (Azure AD).
You need to receive an alert if a registered application gains read and write access to the users’ email.
What should you do? To answer, select the appropriate options in the answer area.
NOTE:Each correct selection is worth one point.
You have an Azure subscription named Sub1.
You purchase a Microsoft Entra Permissions Management license.
You need to onboard Permissions Management.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE; Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
User1 is the owner of Group1.
You create an access review that has the following settings:
Users to review: Members of a group
Scope: Everyone
Group: Group1
Reviewers: Members (self)
Which users can perform access reviews for User3?
You have an Azure subscription named Sub1 that contains two resource groups named RG1 and RG2. Sub1 contains the users shown in the following table.
Sub1 contains the resources shown in the following table.
You create the role-based access control (RBAC) role assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Active Directory forest that syncs to a Microsoft Entra tenant.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Microsoft Entra for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Microsoft Entra.
Solution: You configure Microsoft Entra Password Protection.
Does this meet the goal?
