- (Exam Topic 4)
You have an Azure AD tenant that contains the users shown in The following table.

You enable self-service password reset (SSPR) for all the users and configure SSPR to require security questions as the only authentication method.
Which users must use security questions when resetting their password?

1. A. User4 only
2. B. User3and User4only
3. C. User1 and User4only
4. D. User1, User3, and User4 only
5. E. User1, User2, User3. and User4

Correct Answer: B

- (Exam Topic 4)
You have an Azure AD tenant that contains two users named User1 and User2. You plan to perform the following actions:
• Create a group named Group 1.
• Add User1 and User 2 to Group1.
• Assign Azure AD roles to Group1. You need to create Group1.
Which two settings can you use? Each correct answer presents a complete solution NOTE: Each correct selection is worth one point

1. A. Group type: Microsoft 365 Membership type: Dynamic User
2. B. Group type: Security Membership type: Dynamic Device
3. C. Group type Security Membership type: Dynamic User
4. D. Group type Security Membership type: Assigned
5. E. Group type: Microsoft 365 Membership type: Assigned

Correct Answer: DE

- (Exam Topic 4)
Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO). You need to configure the computers for Azure AD Seamless SSO.
What should you do?

1. A. Enable Enterprise State Roaming.
2. B. Configure Sign-in options.
3. C. Install the Azure AD Connect Authentication Agent.
4. D. Modify the Intranet Zone settings.

Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start

- (Exam Topic 4)
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
Yon receive more than 100 email alerts each day for tailed Azure Al) user sign-in attempts. You need to ensure that a new security administrator receives the alerts instead of you. Solution: From Azure AD, you create an assignment for the Insights at administrator role. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: B

- (Exam Topic 4)
You have an Azure subscription that contains a user named User1. You need to meet the following requirements:
• Prevent User1 from being added as an owner of newly registered apps.
• Ensure that User1 can manage the application proxy settings.
• Ensure that User2 can register apps.
• Use the principle of least privilege. Which role should you assign to User1?

1. A. Application developer
2. B. Cloud application administrator
3. C. Service support administrator
4. D. Application administrator

Correct Answer: D