You have an Azure subscription named Subscription1 that contains a resource group named RG1.
In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2.
You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege.
Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area. Contributor on LB1 Network Contributor on LB1 Network Contributor on RG1 Owner on LB1 Contributor on LB2 Network Contributor on LB2 Network Contributor on RG1 Owner on LB2.
You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service
(AKS) cluster named AKS1.
An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com.
You need to ensure that access to AKS1 can be granted to the contoso.com users.
What should you do first? From contoso.com, modify the Organization relationships settings. From contoso.com, create an OAuth 2.0 authorization endpoint. Recreate AKS1. From AKS1, create a namespace.
You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com.
You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1.
You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days.
Which two groups should you create? Each correct answer presents a complete solution. a Microsoft 365 group that uses the Assigned membership type a Security group that uses the Assigned membership type a Microsoft 365 group that uses the Dynamic User membership type a Security group that uses the Dynamic User membership type a Security group that uses the Dynamic Device membership type.
HOTSPOT Yes No Yes No Yes No.
Hotspot Yes No Yes No Yes No.
What is the effect of the policy? You are prevented from creating Azure SQL servers anywhere in Subscription 1. You can create Azure SQL servers in ContosoRG1 only. You are prevented from creating Azure SQL Servers in ContosoRG1 only. You can create Azure SQL servers in any resource group within Subscription 1.
Hotspot None Department: D1 only Department: D1, and RGroup: RG6 only Department: D1, and Label: Value1 only Department: D1, RGroup, and Label: Value1 ----------------------------------------------------------------------------- None RGroup: RG6 only Label: Value1 only RGroup: RG6, and Label: Value1.
Which resources should you identify? VM1, storage1, VNET1, and VM1Managed only VM1 and VM1Managed only VM1, storage1, VNET1, VM1Managed, and RVAULT1 RVAULT1 only.
What should you do? From Azure PowerShell, run the Set-AzApiManagementSubscription cmdlet From the Azure portal, register the Microsoft.Marketplace resource provider From Azure PowerShell, run the Set-AzMarketplaceTerms cmdlet From the Azure portal, assign the Billing administrator role to Admin1.
You have an Azure Active Directory (Azure AD) tenant that contains 5,000 user accounts.
You create a new user account named AdminUser1.
You need to assign the User administrator administrative role to AdminUser1.
What should you do from the user account properties? From the Licenses blade, assign a new license From the Directory role blade, modify the directory role From the Groups blade, invite the user account to a new group.
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains 100 user accounts.
You purchase 10 Azure AD Premium P2 licenses for the tenant.
You need to ensure that 10 users can use all the Azure AD Premium features.
What should you do? From the Licenses blade of Azure AD, assign a license From the Groups blade of each user, invite the users to a group From the Azure AD domain, add an enterprise application From the Directory role blade of each user, modify the directory role.
You have an Azure subscription named Subscription1 and an on-premises deployment of Microsoft System Center Service Manager.
Subscription1 contains a virtual machine named VM1.
You need to ensure that an alert is set in Service Manager when the amount of available memory on VM1 is below 10 percent.
What should you do first? Create an automation runbook Deploy a function app Deploy the IT Service Management Connector (ITSM) Create a notification.
You sign up for Azure Active Directory (Azure AD) Premium P2.
You need to add a user named admin1@contoso.com as an administrator on all the computers that will be joined to the Azure AD domain.
What should you configure in Azure AD? Device settings from the Devices blade Providers from the MFA Server blade User settings from the Users blade General settings from the Groups blade.
Hotspot Yes No Yes No Yes No.
What should you do first? Delete VM1 Stop VM1 Stop the backup of SQLDB01 Delete sa001.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
✑ Reader
✑ Security Admin
✑ Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the User Access Administrator role for VNet1. Assign User1 the Network Contributor role for VNet1. Assign User1 the Network Contributor role for RG1.
You have an Azure Active Directory (Azure AD) tenant named contosocloud.onmicrosoft.com.
Your company has a public DNS zone for contoso.com.
You add contoso.com as a custom domain name to Azure AD.
You need to ensure that Azure can verify the domain name.
Which type of DNS record should you create? MX NSEC PTR RRSIG.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the DevTest Labs User role to the Developers group.
Does this meet the goal? Yes No.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Subscription1, you assign the Logic App Operator role to the Developers group.
Does this meet the goal? Yes No.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Contributor role to the Developers group.
Does this meet the goal? Yes No.
DRAG DROP - Assign a tag to each resource group Assign a tag to each resource Download the usage report From the Cost analysis blade filter the view by tag Open the Resource cost blade of each resource group.
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1? Get-Event Event | where {$_.EventType == "error"} search in (Event) "error" select * from Event where EventType == "error" search in (Event) * | where EventType -eq "error".
HOTSPOT - Yes No Yes No Yes No.
What is the effect of the move? The App Service plan for WebApp1 remains in West Europe. Policy2 applies to WebApp1. The App Service plan for WebApp1 moves to North Europe. Policy2 applies to WebApp1. The App Service plan for WebApp1 remains in West Europe. Policy1 applies to WebApp1. The App Service plan for WebApp1 moves to North Europe. Policy1 applies to WebApp1.
HOTSPOT - 1 2 3 -------------------------------------------------------- 1 2 3.
You have an Azure subscription.
Users access the resources in the subscription from either home or from customer sites. From home, users must establish a point-to-site VPN to
access the Azure resources. The users on the customer sites access the Azure resources by using site-to-site VPNs.
You have a line-of-business-app named App1 that runs on several Azure virtual machine. The virtual machines run Windows Server 2016.
You need to ensure that the connections to App1 are spread across all the virtual machines.
What are two possible Azure services that you can use? Each correct answer presents a complete solution. an internal load balancer a public load balancer an Azure Content Delivery Network (CDN) Traffic Manager an Azure Application Gateway.
You have an Azure subscription.
You have 100 Azure virtual machines.
You need to quickly identify underutilized virtual machines that can have their service tier changed to a less expensive offering.
Which blade should you use? Monitor Advisor Metrics Customer insights.
HOTSPOT - Users and groups Cloud apps Conditions --------------------------------------------------- Grant Session.
You have an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
The User administrator role is assigned to a user named Admin1.
An external partner has a Microsoft account that uses the user1@outlook.com sign in.
Admin1 attempts to invite the external partner to sign in to the Azure AD tenant and receives the following error message: `Unable to invite user
user1@outlook.com `" Generic authorization exception.`
You need to ensure that Admin1 can invite the external partner to sign in to the Azure AD tenant.
What should you do? From the Users settings blade, modify the External collaboration settings. From the Custom domain names blade, add a custom domain. From the Organizational relationships blade, add an identity provider. From the Roles and administrators blade, assign the Security administrator role to Admin1.
You have an Azure subscription linked to an Azure Active Directory tenant. The tenant includes a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do? Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources. Create a new management group and delegate User1 as the owner of the new management group.
.
HOTSPOT - Group 1 only Group 2 only Group 3 only Group 1 and Group2 only -------------------------------------------- Group 1 only Group 2 only Group 3 only Group 1 and Group2 only.
HOTSPOT - User 1 only User1 and User2 only User1 and User3 only User1, User2, and User3 ----------------------------------------- User 1 only User1 and User2 only User1 and User3 only User1, User2, and User3.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an
Azure subscription.
Solution: You assign the Network Contributor role at the subscription level to Admin1.
Does this meet the goal? Yes No.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an
Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1.
Does this meet the goal? Yes No.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an
Azure subscription.
Solution: You assign the Reader role at the subscription level to Admin1.
Does this meet the goal? Yes No.
You have an Azure subscription that contains a user named User1.
You need to ensure that User1 can deploy virtual machines and manage virtual networks. The solution must use the principle of least privilege.
Which role-based access control (RBAC) role should you assign to User1? Owner Virtual Machine Contributor Contributor Virtual Machine Administrator Login.
HOTSPOT - Yes No Yes No Yes No.
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first? From the Azure portal, modify the Managed Identity settings of VM1 From the Azure portal, modify the Access control (IAM) settings of RG1 From the Azure portal, modify the Access control (IAM) settings of VM1 From the Azure portal, modify the Policies settings of RG1.
What should you do first? Modify the backup configurations of VM1 and modify the resource lock type of VNET1 Remove the resource lock from VNET1 and delete all data in Vault1 Turn off VM1 and remove the resource lock from VNET1 Turn off VM1 and delete all data in Vault1.
You have an Azure DNS zone named adatum.com.
You need to delegate a subdomain named research.adatum.com to a different DNS server in Azure.
What should you do? Create an NS record named research in the adatum.com zone. Create a PTR record named research in the adatum.com zone. Modify the SOA record of adatum.com. Create an A record named *.research in the adatum.com zone.
DRAG DROP - Add a record to the public contoso.com DNS zone Add an Azure AD tenant Configure company branding Create an Azure DNS zone Add a custom name Verify the domain.
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1? Get-Event Event | where {$_.EventType == "error"} Event | search "error" select * from Event where EventType == "error" search in (Event) * | where EventType ג€"eq ג€errorג€.
You have a registered DNS domain named contoso.com.
You create a public Azure DNS zone named contoso.com.
You need to ensure that records created in the contoso.com zone are resolvable from the internet.
What should you do? Create NS records in contoso.com. Modify the SOA record in the DNS domain registrar. Create the SOA record in contoso.com. Modify the NS records in the DNS domain registrar.
HOTSPOT - Yes No Yes No Yes No.
HOTSPOT - User1 only User3 only User1 and User3 only User2 and User3 only ------------------------------------------------------------------ User1 only User3 only User1 and User3 only User2 and User3 only.
HOTSPOT - RG1 and VM1 only Sub1 and RG1 only Sub1, RG1, and VM1 only MG1, Sub1, RG1, and VM1 only Tenant Root Group, MG1, Sub1, RG1, and VM1 RG1 and VM1 only Sub1 and RG1 only Sub1, RG1, and VM1 only MG1, Sub1, RG1, and VM1 only Tenant Root Group, MG1, Sub1, RG1, and VM1.
You have an Azure Active Directory (Azure AD) tenant.
You plan to delete multiple users by using Bulk delete in the Azure Active Directory admin center.
You need to create and upload a file for the bulk delete.
Which user attributes should you include in the file? The user principal name and usage location of each user only The user principal name of each user only The display name of each user only The display name and usage location of each user only The display name and user principal name of each user only.
HOTSPOT - Yes No Yes No Yes No.
You need to ensure that an Azure Active Directory (Azure AD) user named Admin1 is assigned the required role to enable Traffic Analytics for an
Azure subscription.
Solution: You assign the Traffic Manager Contributor role at the subscription level to Admin1.
Does this meet the goal? Yes No.
You have three offices and an Azure subscription that contains an Azure Active Directory (Azure AD) tenant.
You need to grant user management permissions to a local administrator in each office.
What should you use? Azure AD roles administrative units access packages in Azure AD entitlement management Azure roles.
You have an Azure Directory (Azure AD) tenant named Adatum and an Azure Subscription named Subscription1. Adatum contains a group named
Developers.
Subscription1 contains a resource group named Dev.
You need to provide the Developers group with the ability to create Azure logic apps in the Dev resource group.
Solution: On Dev, you assign the Logic App Contributor role to the Developers group.
Does this meet the goal? Yes No.
HOTSPOT - delete create a NAT rule for assign access to other users for delete a virtual machine from modify the load balancing rules in deploy an Azure Kubernetes Service (AKS) cluster to.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
✑ Reader
✑ Security Admin
✑ Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Assign User1 the Contributor role for VNet1. Assign User1 the Network Contributor role for VNet1.
HOTSPOT - actions roletype notActions dataActions actions roletype notActions dataActions notDataActions assignableScopes.
You have an Azure subscription that contains a storage account named storage1. The storage1 account contains a file share named share1.
The subscription is linked to a hybrid Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You need to grant Group1 the Storage File Data SMB Share Elevated Contributor role for share1.
What should you do first? Enable Active Directory Domain Service (AD DS) authentication for storage1. Grant share-level permissions by using File Explorer. Mount share1 by using File Explorer. Create a private endpoint.
You have 15 Azure subscriptions.
You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1.
You plan to purchase additional Azure subscription.
You need to ensure that Group1 can manage role assignments for the existing subscriptions and the planned subscriptions. The solution must
meet the following requirements:
✑ Use the principle of least privilege.
✑ Minimize administrative effort.
What should you do? Assign Group1 the Owner role for the root management group. Assign Group1 the User Access Administrator role for the root management group. Create a new management group and assign Group1 the User Access Administrator role for the group. Create a new management group and assign Group1 the Owner role for the group.
HOTSPOT - Subscription1 and RG1 only ManagementGroup and Sbuscription1 only Tenant Root Group, ManagementGroup1, and Subscription1 only Tenant Root Group, ManagementGroup1, Subscription1, and RG1 only Tenant Root Group, ManagementGroup1, Subscription1, RG1, and VM1 VM1 only RG1 and VM1 only Subscription1, RG1, and VM1 only ManagementGroup1, Subscription1, RG1, and VM1 only Tenant Root Group, ManagementGroup1, Subscription1, RG1, and VM1.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User2 to create the user accounts.
Does that meet the goal? Yes No.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User4 to create the user accounts.
Does that meet the goal? Yes No.
You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com:
User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com.
You need to create new user accounts in external.contoso.onmicrosoft.com.
Solution: You instruct User3 to create the user accounts.
Does that meet the goal? Yes No.
You have two Azure subscriptions named Sub1 and Sub2.
An administrator creates a custom role that has an assignable scope to a resource group named RG1 in Sub1.
You need to ensure that you can apply the custom role to any resource group in Sub1 and Sub2. The solution must minimize administrative effort.
What should you do? Select the custom role and add Sub1 and Sub2 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub1. Create a new custom role for Sub2. Remove the role from RG1. Create a new custom role for Sub1 and add Sub2 to the assignable scopes. Remove the role from RG1. Select the custom role and add Sub1 to the assignable scopes. Remove RG1 from the assignable scopes. Create a new custom role for Sub2.
You have an Azure Subscription that contains a storage account named storageacct1234 and two users named User1 and User2.
You assign User1 the roles shown in the following exhibit.
Which two actions can User1 perform? Each correct answer presents a complete solution. Assign roles to User2 for storageacct1234. Upload blob data to storageacct1234. Modify the firewall of storageacct1234. View blob data in storageacct1234. View file shares in storageacct1234.
You have an Azure subscription named Subscription1 that contains an Azure Log Analytics workspace named Workspace1.
You need to view the error events from a table named Event.
Which query should you run in Workspace1? select * from Event where EventType == "error" Event | search "error" Event | where EventType is "error" Get-Event Event | where {$_.EventType == "error"}.
You have an Azure App Services web app named App1.
You plan to deploy App1 by using Web Deploy.
You need to ensure that the developers of App1 can use their Azure AD credentials to deploy content to App1. The solution must use the principle
of least privilege.
What should you do? Assign the Owner role to the developers Configure app-level credentials for FTPS Assign the Website Contributor role to the developers Configure user-level credentials for FTPS.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: From Azure AD in the Azure portal, you use the Bulk invite users operation.
Does this meet the goal? Yes No.
HOTSPOT Role1 only Built-in Azure subscription roles only Role1 and built-in Azure subscription roles only Built-in Azure subscription roles and built-in Azure AD roles only Role1, Role2, built-in Azure subscription roles, and built-in Azure AD roles Role2 only Built-in Azure AD roles only Role2 and built-in Azure AD roles only Built-in Azure roles and built-in Azure subscription roles only Role1, Role2, built-in Azure AD, and built-in Azure subscription roles.
DRAG DROP Owner Contributor Reader and Data Access Storage Account Contributor.
You have an Azure subscription that contains 10 virtual machines, a key vault named Vault1, and a network security group (NSG) named NSG1. All
the resources are deployed to the East US Azure region.
The virtual machines are protected by using NSG1. NSG1 is configured to block all outbound traffic to the internet.
You need to ensure that the virtual machines can access Vault1. The solution must use the principle of least privilege and minimize administrative
effort
What should you configure as the destination of the outbound security rule for NSG1? an application security group a service tag an IP address range.
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.
Adatum.com contains the users shown in the following table.
You assign the Azure Active Directory Premium Plan 2 license to Group1 and User4.
Which users are assigned the Azure Active Directory Premium Plan 2 license? User4 only User1 and User4 only User1, User2, and User4 only User1, User2, User3, and User4.
HOTSPOT Yes No Yes No Yes No.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Assign User1 the Network Contributor role for VNet1. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Assign User1 the Network Contributor role for RG1.
HOTSPOT Yes No Yes No Yes No.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscript on 1. Assign User1 the Contributor role for RG1. Assign User1 the Owner role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription 1. Assign User1 the Contributor role for VNet1.
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network.
What should you configure? Azure Application Gateway private endpoints a network security group (NSG) Azure Virtual WAN.
HOTSPOT Yes No Yes No Yes No.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. Assign User1 the Network Contributor role for RG1.
HOTSPOT Yes No Yes No Yes No.
You have an Azure subscription that contains the resources shown in the following table.
You need to assign User1 the Storage File Data SMB Share Contributor role for share1.
What should you do first? Enable identity-based data access for the file shares in storage1. Modify the security profile for the file shares in storage1. Select Default to Azure Active Directory authorization in the Azure portal for storage1. Configure Access control (IAM) for share1.
You have an Azure subscription named Subscription1 that contains a virtual network named VNet1. VNet1 is in a resource group named RG1.
Subscription1 has a user named User1. User1 has the following roles:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the User Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for VNet1.
HOTSPOT
Group2 is NOT directly assigned a license.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. Yes No Yes No Yes No.
HOTSPOT User1 only User1 and User2 only User1 and User3 only User1, User2 and User3 only User1 only User1 and User2 only User1 and User3 only User1, User2 and User3 only.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgUser cmdlet for each external user.
Does this meet the goal? Yes No.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgInvitation cmdlet for each external user.
Does this meet the goal? Yes No.
You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.
A user named User1 has the following roles for Subscription1:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Assign User1 the Contributor role for VNet1. Assign User1 the Network Contributor role for VNet1. Assign User1 the User Access Administrator role for VNet1. Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1.
You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.
User named User1 has the following roles for Subscription1:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. Remove User1 from the Security Reader role for Subscription1. Assign User1 the Contributor role for RG1. Assign User1 the Network Contributor role for VNet1. Assign User1 the User Access Administrator role for VNet1.
HOTSPOT Azure AD only Shared access signature (SAS) only Azure AD and shared signatures (SAS) Azure AD only Shared access signature (SAS) only Azure AD and shared signatures (SAS).
HOTSPOT
You have an Azure AD tenant that contains a user named External User.
External User authenticates to the tenant by using external195@gmail.com.
You need to ensure that External User authenticates to the tenant by using contractor@gmail.com.
Which two settings should you configure from the Overview blade? To answer, select the appropriate settings in the answer area.
NOTE: Each correct answer is worth one point. Identities B2B Collaboration.
You have an Azure subscription that contains the resources shown in the following table.
You need to assign Workspace1 a role to allow read, write, and delete operations for the data stored in the containers of storage1.
Which role should you assign? Storage Account Contributor Contributor Storage Blob Data Contributor Reader and Data Access.
You have an Azure subscription named Subscription1 that contains virtual network named VNet1. VNet1 is in a resource group named RG1.
A user named User1 has the following roles for Subscription1:
• Reader
• Security Admin
• Security Reader
You need to ensure that User1 can assign the Reader role for VNet1 to other users.
What should you do? Remove User1 from the Security Reader and Reader roles for Subscription1. Assign User1 the Contributor role for Subscription1. Assign User1 the Contributor role for VNet1. Assign User1 the Owner role for VNet1. Assign User1 the Network Contributor role for RG1.
You have an Azure AD tenant that contains the groups shown in the following table.
You purchase Azure Active Directory Premium P2 licenses.
To which groups can you assign a license? Group1 only Group1 and Group3 only Group3 and Group4 only Group1, Group2, and Group3 only Group1, Group2, Group3, and Group4.
HOTSPOT device.managementType device.organizationUnit user.department user.usageLocation and or typeof -and -eq -in.
HOTSPOT Users can register applications Restrict access to Azure AD administrator portal.
HOTSPOT Yes No Yes No Yes No.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You have a CSV file that contains the names and email addresses of 500 external users.
You need to create a guest user account in contoso.com for each of the 500 external users.
Solution: You create a PowerShell script that runs the New-MgUser cmdlet for each user.
Does this meet the goal? Yes No.
HOTSPOT Yes No Yes No Yes No.
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network.
What should you configure? Azure AD Application Proxy private endpoints a network security group (NSG) Azure Peering Service.
Your on-premises network contains a VPN gateway.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that all the traffic from VM1 to storage1 travels across the Microsoft backbone network.
What should you configure? Azure AD Application Proxy service endpoints a network security group (NSG) Azure Firewall.
You have an Azure subscription named Sub1 that contains the resources shown in the following table.
You create a user named Admin1.
To what can you add Admin1 as a co-administrator? RG1 MG1 Sub1 VM1.
HOTSPOT User4 only User1 and User4 only User2 and User4 only User1, User2, User3, and User4 Group2 only Group2 and Group3 only Group2 and Group4 only Group1, Group2, Group3, and Group4.
You have an Azure subscription that contains the resources shown in the following table.
You need to ensure that data transfers between storage1 and VM1 do NOT traverse the internet
What should you configure for storage1? data protection a private endpoint Public network access in the Firewalls and virtual networks settings a shared access signature (SAS).
|
