Azure identity managment | Fresco Play

Question 1: When creating a new user in Microsoft Azure, how is the initial password determined?

Answer: A password is randomly generated.

Question 2: You need to implement multi-factor authentication (MFA). What is the minimum version of Microsoft Azure Active Directory (AD) that you must deploy?

Answer: Microsoft Azure AD Premium 1

Question 3: A domain name is an important part of the identifier for ___________.

Answer: All the options

Question 4: Azure AD provides __________________

Answer: all

Question 5: Azure AD provides _________________________________.

Answer: All the options

Question 6: Consider a scenario where Azure AD Connect is installed, and Active Directory Federation Services (AD FS) is configured, and Password-writeback is enabled. You need to monitor synchronization events generated by Azure AD Connect. What should you do first?

Answer: Install Azure AD connect Health from Azure Marketplace within the Azure Portal.

Question 7: Contoso.com is your verified custom domain, then the UPN of the user1 will be _______________

Answer: user1@contoso.com

Question 8: How long does password writeback take to work?

Answer: Immediately

Question 9: If you create a user in Azure AD, It is called as __________________ Identity

Answer: Cloud

Question 10: Managing Groups includes __________________.

Answer: All the options

Question 11: The basic domain of Azure AD is in the form of

Answer: abc123.onmicrosoft.com

Question 12: The basic domain name is primarily intended to be used as a bootstrapping mechanism until a custom domain name is verified`

Answer: True

Question 13: What are the three types of Role Basic Access (RBAC) controls in Microsoft Azure?

Answer: all

Question 14: What feature of Privileged Identity Management allows you to define extended permissions for a user over a limited period?

Answer: Time-limited Activation, Discovery

Question 15: What type of SaaS gallery applications support Microsoft Azure Active Directory automatic provisioning

Answer: Windows apps

Question 16: What types of accounts does password writeback work for?

Answer: Synced IDs

Question 17: When planning for Microsoft Azure Active Directory Connect, what is the minimum Forest Functional Level of the on-premises Active Directory?

Answer: Windows Server 2003

Question 18: Which actions can you perform with Microsoft Azure Active Directory Connect but not with Microsoft Azure Active Directory Sync?

Answer: All the option

Question 19: Which components are included with Microsoft Azure Active Directory Connect?

Answer: all

Question 20: Which feature is provided only with Microsoft Azure Active Directory Premium P2?

Answer: Identity protection

Question 21: Which Microsoft Azure Active Directory (AD) PowerShell command must you run before you can manage a Microsoft Azure AD tenant from PowerShell?

Answer: Connect-MsolService correct

Question 22: Which services are offered in Active Directory Domain Services but not in Microsoft Azure Active Directory?

Answer: All the options

Question 23: You are creating a user in the Microsoft Azure portal. Which are the default roles can you assign to the user?

Answer: All the options

Question 24: You are deciding between using an on-prem Multi-factor Authentication (MFA) service, and a cloud-based service hosted in Azure. Which of the following features are available only in the on-prem MFA service?

Answer: Two-way SMS

Question 25: You are the administrator for contoso.com and the Global Administrator for contoso.onmicrosoft.com. You create users for all the domain users in contoso.onmicrosoft.com, and add the Department attribute (Sales, Marketing, Accounting). You want to create a group containing all users in Sales or Marketing. The group membership should always be up to date as new Sales and/or Marketing users are added to contoso.onmicrosoft.com. You wish to achieve this goal with as little administrative overhead as possible. What should you do?

Answer: Create a new Group with the Membership Type “Dynamic User”. Construct the query: (user.department -eq "Sales") -or (user.department -eq "Marketing")

Question 26: You are the administrator for contoso.com. Contoso has an Office 365 (O365) subscription for its users. Your work email address is joe@contoso.com. The administrator account in the O365 tenant is admin@contoso.onmicrosoft.com. You decide to create an Azure subscription. You need to ensure that the same users in your O365 subscription appear in the Azure subscription. What should you do?

Answer: Log in to azure.microsoft.com, click Start for Free, and sign in with admin@contoso.onmicrosoft.com. Follow the steps on the screen.

Question 27: You are the administrator for contoso.com. You create an Azure tenant named contoso.onmicrosoft.com. Later, you decide that Anne, a user on your team, should oversee contoso.onmicrosoft.com. You log in to contoso.onmicrosoft.com and create a user account for Anne. You make Anne a Global Administrator. Which of the following is true, now that Anne is a Global Administrator? Select one of the options.

Answer: Both you and Anne are Global Administrators.

Question 28: You have a corporate website with Anonymous access enabled. Later you configure Azure Multi-factor Authentication (MFA) and configure it to Enable IIS authentication. A user logs into the web page and is immediately presented the webpage, with no authentication requests or prompts. You need to ensure that users are prompted for MFA when accessing the webpage. What should you do?

Answer: In the IIS console, on the web page properties, enable Basic authentication and disable Anonymous authentication

Question 29: You need to assign a user to a role in Microsoft Azure Active Directory. Which Microsoft Azure PowerShell command should you run?

Answer: Add-MsolRoleMember

Question 30: Your company is planning on using Windows Azure and is investigating whether a Basic subscription will suffice. Which of the features below is not available in the Basic subscription?

Answer: Self-service gp management

Question 31: Your company uses Windows Azure and has published several applications. Your network team has informed you that there is much traffic coming from a specific subnet. You believe one of the most commonly used apps may be to blamed. You need to check which apps are being used the most, and where the traffic is originating. From which blade in the Azure portal should you start your search?

Answer: Enterprise Applications

Question 32: Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com and an Azure Active Directory (Azure AD) domain named contoso.onmicrosoft.com. You are using Role-Based Access Control (RBAC) policies to control who has rights within the Azure subscription. You are a Global Administrator and have the “owner” built-in role. A member of your team named Mary should be allowed to create and manage all objects in the subscription, but should not be able to add or remove role assignments. You need to give Mary only the rights that she needs. This must be accomplished with the least amount of administrative effort. What should you do?

Answer: Add Mary to the Contributor role

Question 33: You are the administrator of your company’s Azure subscription and Azure Active Directory (Azure AD) tenant. Many Software as a Service (SaaS) apps have been published and are available to the users. Users use these apps only when connected to the corporate network. A vendor who comes in with his laptop and air card need access to the application. You create a user account for the vendor in the Azure AD tenant, assign access to the app for the vendor, and give the vendor a link to the application. The vendor is unable to access the application. You need to ensure the vendor can access the application. What should you do

Answer: Have the user connect his laptop to the organization’s network

Question 34: What is the significant user benefit achieved by implementing SaaS application integration

Answer: Single sign-on to SaaS applications

Question 35: you are the administrator for your company’s Azure Active Directory (Azure AD) tenant, and on-prem Active Directory domain. A partner published a multi-tenant Software as a Service (SaaS) application, and gave your company access to the SaaS app. You configure access to several HR users in your company. Later, a team member in HR moves to a new department and no longer needs access to the partner’s app. You need to remove access to the app for this user, without affecting access for other users. The user must still be able to access other Line-of-Business (LOB) SaaS apps. What should you do?

Answer: Delete the partner’s webapp from the “Apps my company uses” section of the Azure portal

Question 36: Your company is using O365. The tenant administrator signs up for a free Azure membership and creates an Azure Active Directory (Azure AD) tenant. He then associates the Azure AD tenant with the Azure subscription. Multi-factor authentication (MFA) is not enabled. You wish to enable the self-service password reset feature for your cloud users. Which of the statements below is true regarding your tenant and the self-service password reset feature

Answer: The self-service password reset feature is available, as it is part of your paid O365 license .

Question 37: You plan to implement self-service group management in Microsoft Azure. Who is responsible for approving requests from users to join a group

Answer: A group Owner

Question 38: If my on-premises account is disabled, then how long can I access my cloud account

Answer: 300 minutes

Question 39: Azure AD is not available in Azure Free Edition

Answer: False

Question 40: You are the Global Administrator for your company’s Windows Azure tenant. You assign two of your coworkers as Global Administrators. You click the Azure AD Privileged Identity Management link and walk through the security wizard. You add one of the coworkers to the role of Privileged Role Administrator Later, the coworker attempts to access the Azure AD Privileged Identity Management service and cannot access it. You need to ensure that your coworker has access to this service. What should you do?

Answer: Instruct the user to activate the role

Question 41: RBAC can be used

Answer: only for Administration

Question 42: You are the administrator for your company’s Azure Active Directory (Azure AD) tenant, and on-prem Active Directory domain. A partner published a multi-tenant Software as a Service (SaaS) application, and gave your company access to the SaaS app. You configure access to several HR users in your company. Later, a team member in HR moves to a new department and no longer needs access to the partner’s app. You need to remove access to the app for this user, without affecting access for other users. The user must still be able to access other Line-of-Business (LOB) SaaS apps. What should you do?

Answer: Delete the team member from the Azure AD tenant

Question 43: You are the administrator of your company’s Azure subscription, and Azure Active Directory (Azure AD) tenant. Your company has an on-prem Active Directory. Your boss asks you to research, allowing the company users to access the Line-of-business (LOB) Software as a Service (SaaS) applications using Conditional Access rules. You need to make sure your tenant meets the pre-requisites for Conditional Access to SaaS apps. What is the lowest Azure subscription level required to enable Conditional Access to SaaS apps?

Answer: Azure Premium subscription

Question 44: When your creating a user in the Azure AD ,which is a

Answer: Cloud Identity

Question 45: Your network contains an Active Directory Domain Services (AD DS) domain named contoso.com and an Azure Active Directory (Azure AD) domain named contoso.onmicrosoft.com. You are using Role-Based Access Control (RBAC) policies to control who has rights within the Azure subscription. You are a Global Administrator, and have the “owner” built-in role. A member of your team named Mary should be allowed to create and manage all objects in the subscription, but should not be able to add or remove role assignments. You need to give Mary only the rights that she needs. This must be accomplished with the least amount of administrative effort. What should you do?

Answer: Contributor

Question 46: If you create a user in Azure AD, It is called as __________________ Identity.

Answer: Cloud