1.) What is a benefit of Role Basic Access Control (RBAC) in Microsoft Azure?

granular management permissions assignment -(correct)

broad permissions assignments group/role management service/subscription management
2.) You are deciding between using an on-prem Multi-factor Authentication (MFA)
service, and a cloud-based service hosted in Azure. Which of the following features
are available only in the on-prem MFA service?

Fraud alerts -maybe Two-way SMS

Securing SaaS apps in the app gallery Trusted IPs -(correct)
3.) What feature of Privileged Identity Management allows you to define extended
permissions for a user over a limited period?

Assignment -(correct) Restriction Discovery

Time-limited Activation

4.) To manage the Azure Ad, the required privilege is . Enterprise administrator
Service administrator

AD administrator -(correct)
Global administrator
5.) Your company has one Azure subscription. You create 5 Resource Groups within
the subscription: RG1, RG2, RG3, RG4, and RG5. You want to give a partner named
John the right to manage all of the resources within RG3 fully. John’s Live ID is
john@outlook.com. John should not be able to manage the resources in any other
resource group. What should you do? .

None of the options abc123.azure.microsoft.com abc123.domain.onmicrosoft.com

abc123.onmicrosoft.com -(correct)

6.) You are the administrator of your company’s Azure subscription, and Azure
Active Directory (Azure AD) tenant. Your company has an on-prem Active Directory.
Your boss asks you to research, allowing the company users to access the Line-of-
business (LOB) Software as a Service (SaaS) applications using Conditional Access
rules. You need to make sure your tenant meets the pre-requisites for Conditional
Access to SaaS apps. What is the lowest Azure subscription level required to enable
Conditional Access to SaaS apps?

Azure Premium subscription Paid O365 licenses -try2 Azure Free subscription -try
Azure Basic subscription
7.) Contoso.com is your verified custom domain, then the UPN of the user1 will be
. user1@contoso.onmicrosoft.com user1@contoso.microsoft.com user1@contoso.com
-(correct) user1@contoso.azure.com
8.) Azure AD is not available in Azure Free Edition.
False -(correct)
True

9.) How long does password writeback take to work?

5 Seconds -(correct)

15 Seconds

10 Seconds Immediately
10.) You are the administrator of your company’s Azure subscription and Azure
Active Directory (Azure AD) tenant. Many Software as a Service (SaaS) apps have
been published and are available to the users. Users use these apps only when
connected to the corporate network. A vendor who comes in with his laptop and air
card need access to the application. You create a user account for the vendor in
the Azure AD tenant, assign access to the app for the vendor, and give the vendor a
link to the application. The vendor is unable to access the application. You need
to ensure the vendor can access the application. What should you do?

Have the user connect his laptop to the organization’s network -(correct)
Create a federation between your organization and the vendor’s company Create an
account for the vendor in the Azure subscription
Change the SaaS app to a multi-tenant app
11.) Your company is using O365. The tenant administrator signs up for a free Azure
membership and creates an Azure Active Directory (Azure AD) tenant. He then
associates the Azure AD tenant with the Azure subscription. Multi-factor
authentication (MFA) is not enabled. You wish to enable the self-service password
reset feature for your cloud users. Which of the statements below is true regarding
your tenant and the self-service password reset feature?

You cannot enable this feature until you upgrade to a Basic Azure subscription. You
cannot enable this feature until you upgrade to a Premium Azure subscription.
The self-service password reset feature is available, as it is part of your paid
O365 license . -(correct)

You cannot enable this feature until you configure MFA.

12.) A domain name is an important part of the identifier for . App ID URI for
an application
Address for a group

User name or email address All the options -(correcct)

13.) If you create a user in Azure AD, It is called as Identity Federated
Domain -(correct) Synchronized Cloud
14.) Your company uses Windows Azure and has published several applications. Your
network team has informed you that there is much traffic coming from a specific
subnet. You believe one of the most commonly used apps may be to blamed. You need
to check which apps are being used the most, and where the traffic is originating.
From which blade in the Azure portal should you start your search?

Users and Groups

Azure Active Directory

Enterprise Applications -(correct)

App Services

15.) You plan to implement self-service group management in Microsoft Azure. Who is
responsible for approving requests from users to join a group?

A group Owner -(correct)

A co-administrator
A service administrator
A Domain Administrator

16.) Azure AD provides . Basic Authentication

All the options -(correct) Federated Authentication Synced Authentication
17.) What type of SaaS gallery applications support Microsoft Azure Active
Directory automatic provisioning?
Featured apps -(correct)
Windows apps
Integrated apps Published apps
18.) What types of accounts does password writeback work for? Cloud IDs
All the options Domain IDs
Synced IDs -(correct)
19.) You are the administrator for your company’s Azure Active Directory (Azure AD)
tenant, and on-prem Active Directory domain. A partner published a multi-tenant
Software as a Service (SaaS) application, and gave your company access to the SaaS
app. You configure access to several HR users in your company.

Later, a team member in HR moves to a new department and no longer needs access to
the partner’s app. You need to remove access to the app for this user, without
affecting access for other users. The user must still be able to access other Line-
of-Business (LOB) SaaS apps. What should you do?

Delete the team member from the on-prem Active Directory domain Delete the team
member from the Azure AD tenant
Delete the partner’s webapp from the “Apps my company uses” section of the Azure
portal

Delete the team member’s assignment to the app in the Azure portal -(correct)

20.) Your company has one Azure subscription. You create 5 Resource Groups within
the subscription: RG1, RG2, RG3, RG4, and RG5. You want to give a partner named
John the right to manage all of the resources within RG3 fully. John’s Live ID is
john@outlook.com. John should not be able to manage the resources in any other
resource group. What should you do?

Add John to your Azure Active Directory. Click the Subscription and Add John’s
Azure login as an Owner.

Log in to the Azure portal, browse to RG3 and add John’s Live ID as an Owner. -
(correct)

Add John to your Azure Active Directory. Browse to RG3 and add John’s Azure login
as an Owner.

Log in to the Azure portal, click the Subscription and Add John’s Live ID as an
Owner.

21.) Managing Groups includes . Adding Users to the group

Assigning group owner

All the options -(correct)

Creating Group
22.) RBAC can be used . Only for administration -(correct)
For controlling application access permission
None of the options
For controlling application access permission and administration

23.) You are the Global Administrator for your company’s Windows Azure tenant. You
assign two of your coworkers as Global Administrators. You click the Azure AD
Privileged Identity Management link and walk through the security wizard. You add
one of the coworkers to the role of Privileged Role Administrator Later, the
coworker attempts to access the Azure AD Privileged Identity Management service and
cannot access it. You need to ensure that your coworker has access to this service.
What should you do?

Add your coworker as a Service Administrator

Add your coworker to the role of Security Administrator Instruct the user to
activate the role -(correct)