- (Topic 5)
You have an Azure Active Directory (Azure AD) tenant.
You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.
You need to create and upload a file for the bulk delete. Which user attributes should you include in the file?
Correct Answer:
B
To perform a bulk delete of users in Azure Active Directory, you need to create and upload a CSV file that contains the list of users to be deleted. The file should include the user principal name (UPN) of each user only. Therefore, the answer is B. The user principal name of each user only. When you use the bulk delete feature in the Azure Active Directory admin center, you need to specify the UPN for each user that you want to delete. The UPN is a unique identifier for each user in Azure AD and is the primary way that Azure AD identifies and manages user accounts. Including additional attributes like the display name or usage location is not required for the bulk delete operation, as the UPN is the only mandatory attribute for the user account. However, you may include additional attributes in the CSV file if you want to keep track of the metadata associated with each user account.
HOTSPOT - (Topic 5)
You manage two Azure subscriptions named Subscription 1 and Subscription2. Subscription! has following virtual networks:
The virtual networks contain the following subnets:
Subscnption2 contains the following virtual network:
- Name: VNETA
• Address space: 10.10.128.0/17
• Region: Canada Central
VNETA contains the following subnets:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Solution:
Does this meet the goal?
Correct Answer:
A
- (Topic 4)
You need to ensure that you can grant Group4 Azure RBAC read-only permissions to all the A2ure file shares. What should you do?
Correct Answer:
A
HOTSPOT - (Topic 5)
You have an Azure subscription that contains the users shown in the following table. The groups are configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Answer:
Solution:
https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept#how-are- role-assignable-groups-protected
"Group nesting isn't supported. A group can't be added as a member of a role-assignable group."
For the second question:
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/how-to-manage- groups#add-or-remove-a-group-from-another-group
"We currently don't support:
Adding Microsoft 365 groups to Security groups or other Microsoft 365 groups. "
For the third question, although it appears truncated in the screenshot (ending with "for...") there is a reference about Microsoft 365 groups support for roles assignment here: https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept#how-role- assignments-to-groups-work
"To assign a role to a group, you must create a new security or Microsoft 365 group with the is AssignableToRole property set to true. "
Does this meet the goal?
Correct Answer:
A
- (Topic 5)
Note: This question is part of a series of questions that present the same scenario. Eachquestion in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1
Correct Answer:
B
The Traffic Manager Contributor role is not related to Traffic Analytics. Traffic Manager is a service that provides DNS-based load balancing and traffic routing across different regions and endpoints. Traffic Manager Contributor is a role that allows you to create and manage Traffic Manager profiles, endpoints, and geographies1.
Traffic Analytics is a service that provides visibility into user and application activity in your cloud networks. Traffic Analytics analyzes Azure Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. With Traffic Analytics, you can visualize network activity, identify hot spots, secure your network, optimize your network deployment, and pinpoint network misconfigurations2.
To enable Traffic Analytics for an Azure subscription, you need to have a role that grants you the following permissions at the subscription level:
✑ Microsoft.Network/applicationGateways/read
✑ Microsoft.Network/connections/read
✑ Microsoft.Network/loadBalancers/read
✑ Microsoft.Network/localNetworkGateways/read
✑ Microsoft.Network/networkInterfaces/read
✑ Microsoft.Network/networkSecurityGroups/read
✑ Microsoft.Network/publicIPAddresses/read
✑ Microsoft.Network/routeTables/read
✑ Microsoft.Network/virtualNetworkGateways/read
✑ Microsoft.Network/virtualNetworks/read
✑ Microsoft.OperationalInsights/workspaces/*
Some of the built-in roles that have these permissions are Owner, Contributor, or Network Contributor3. However, these roles also grant other permissions that may not be necessary or desirable for enabling Traffic Analytics. Therefore, the best practice is to use the principle of least privilege and create a custom role that only has the required permissionsfor enabling Traffic Analytics4.
Therefore, to meet the goal of ensuring that an Azure AD user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription, you should create a custom role with the required permissions and assign it to Admin1 at the subscription level.
