- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You implement entitlement management to provide resource access to users at a company named Fabrikam, Inc. Fabrikam uses a domain named fabrikam.com.
Fabrikam users must be removed automatically from the tenant when access is no longer required. You need to configure the following settings:
Block external user from signing in to this directory: No
Remove external user: Yes
Number of days before removing external user from this directory: 90 What should you configure on the Identity Governance blade?

1. A. Access packages
2. B. Settings
3. C. Terms of use
4. D. Access reviews

Correct Answer: B
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users

- (Exam Topic 4)
You have a Microsoft 365 tenant.
All users must use the Microsoft Authenticator app for multi-factor authentication (MFA) when accessing Microsoft 365 services.
Some users report that they received an MFA prompt on their Microsoft Authenticator app without initiating a sign-in request.
You need to block the users automatically when they report an MFA request that they did not Initiate. Solution: From the Azure portal, you configure the Fraud alert settings for multi-factor authentication (MFA). Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A
The fraud alert feature lets users report fraudulent attempts to access their resources. When an unknown and suspicious MFA prompt is received, users can report the fraud attempt using the Microsoft Authenticator app or through their phone.
The following fraud alert configuration options are available:
Automatically block users who report fraud.
Code to report fraud during initial greeting. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

- (Exam Topic 4)
Your company has two divisions named Contoso East and Contoso West. The Microsoft 365 identity architecture tor both divisions is shown in the following exhibit.

You need to assign users from the Contoso East division access to Microsoft SharePoint Online sites in the Contoso West tenant. The solution must not require additional Microsoft 3G5 licenses.
What should you do?

1. A. Configure The exiting Azure AD Connect server in Contoso Cast to sync the Contoso East ActiveDirectory forest to the Contoso West tenant.
2. B. Configure Azure AD Application Proxy in the Contoso West tenant.
3. C. Deploy a second Azure AD Connect server to Contoso East and configure the server to sync the Contoso East Active Directory forest to the Contoso West tenant.
4. D. Create guest accounts for all the Contoso East users in the West tenant.

Correct Answer: D

- (Exam Topic 2)
You need to sync the ADatum users. The solution must meet the technical requirements. What should you do?

1. A. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.
2. B. From PowerShell, run Set-ADSyncScheduler.
3. C. From PowerShell, run Start-ADSyncSyncCycle.
4. D. From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.

Correct Answer: A
You need to select Customize synchronization options to configure Azure AD Connect to sync the Adatum organizational unit (OU).

- (Exam Topic 4)
You have a Microsoft 365 tenant that has 5,000 users. One hundred of the users are executives. The executives have a dedicated support team.
You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege.
Which object type and Azure Active Directory (Azure AD) role should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A