- (Exam Topic 4)
You have an Azure Active Directory Premium P2 tenant. You create a Log Analytics workspace.
You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first?
Correct Answer:
C
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-lo
- (Exam Topic 4)
You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.)
You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.)
You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service
tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
No No No
a) When you assign a group to an application, only users in the group will have access. The assignment does not cascade to nested groups.
b) Tested in lab, existing owners will be replaced. Also direct assignment (resource owner) is path of least privilege. (replicated in test)
c) Application setting 'visible to users' is set to No, then no users see this application on their My Apps portal and O365 launcher.
Reference
a) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal
b) maybe
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-manage-groups
c) https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-properties#visible-to-users
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You need to support the planned changes and meet the technical requirements for MFA.
Which feature should you use, and how long before the users must complete the registration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have a Microsoft 36S tenant.
You create a named location named HighRiskCountries that contains a list of high-risk countries.
You need to limit the amount of time a user can stay authenticated when connecting from a high-risk country.
What should you configure in a conditional access policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-session
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 3)
You need to modify the settings of the User administrator role to meet the technical requirements. Which two actions should you perform for the role? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer:
AB
