Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure Monitor, you modify the action group.
Does this meet the goal?
B
You have a Microsoft 365 subscription that contains the following:
An Azure Active Directory (Azure AD) tenant that has an Azure Active Directory Premium P2 license
A Microsoft SharePoint Online site named Site1 A Microsoft Teams team named Team1
You need to create an entitlement management workflow to manage Site1 and Team1.
What should you do first?
C
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant contains the users shown in the following table.
In Azure AD Privileged Identity Management (PIM), you configure the Global administrator role as shown in the following
exhibit.
User1 is eligible for the Global administrator role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Box 1: Yes
MFA is required on activation
Box 2: No
The Privileged Authentication Administrator can set or reset any authentication method for any user, including Global
Administrators.
The Privileged Role Administrator can manage role assignments, including the Global Administrator role, in Azure Active
Directory, as well as within Azure AD Privileged Identity Management. In addition, this role allows management of all aspects
of Privileged Identity Management and administrative units.
Box 3: No
The Privileged Authentication Administrator can set or reset any authentication method for any user, including Global
Administrators.
The Privileged Role Administrator can manage role assignments, including the Global Administrator role, in Azure Active
Directory, as well as within Azure AD Privileged Identity Management. In addition, this role allows management of all aspects
of Privileged Identity Management and administrative units.
You have an Azure Active Directory Premium P2 tenant.
You create a Log Analytics workspace.
You need to ensure that you can view Azure Active Directory (Azure AD) audit log information by using Azure Monitor.
What should you do first?
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-with-log-analytics
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure Monitor, you create a data collection rule.
Does this meet the goal?
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure AD, you modify the Diagnostics settings.
Does this meet the goal?
A
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure AD, you create an assignment for the Insights administrator role.
Does this meet the goal?
B
You have an Azure Active Directory (Azure AD) tenant named contoso.com that has Azure AD Identity Protection policies
enforced.
You create an Azure Sentinel instance and configure the Azure Active Directory connector.
You need to ensure that Azure Sentinel can generate incidents based on the risk alerts raised by Azure AD Identity
Protection.
What should you do first?
A
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/sentinel/connect-azure-ad-identity-protection
HOTSPOT
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner
named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are
used for Fabrikam email addresses.
You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-
request-policy https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-
package-create
HOTSPOT
You have an Azure Active Directory (Azure AD) tenant that contains the following group:
Name: Group1
Members: User1, User2
Owner: User3
On January 15, 2021, you create an access review as shown in the exhibit. (Click the Exhibit tab.)
Users answer the Review1 question as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/review-your-access
You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table.
Which objects can you add as eligible in Azure AD Privileged Identity Management (PIM) for an Azure AD role?
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-deployment-plan
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click the Exhibit tab.)
You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You add each manager as a fallback reviewer.
Does this meet the goal?
B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
You have an Azure Active Directory (Azure AD) tenant that uses conditional access policies.
You plan to use third-party security information and event management (SIEM) to analyze conditional access usage.
You need to download the Azure AD log by using the administrative portal. The log file must contain changes to conditional
access policies.
What should you export from Azure AD?
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs
You have an Azure subscription that contains the resources shown in the following table.
For which resources can you create an access review?
C
Explanation:
Access reviews require an Azure AD Premium P2 license.
Access reviews for Group1 and App1 can be configured in Azure AD Access Reviews.
Access reviews for the Contributor role and Role1 would need to be configured in Privileged Identity Management (PIM).
PIM is included in Azure AD Premium P2.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-
review?toc=/azure/active-directory/governance/toc.json https://docs.microsoft.com/en-us/azure/active-
directory/governance/access-reviews-overview
You have an Azure Active Directory (Azure AD) P1 tenant.
You need to review the Azure AD sign-in logs to investigate sign-ins that occurred in the past.
For how long does Azure AD store events in the sign-in logs?
B
Explanation:
Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/reference-reports-data-retention#how-
long-does-azure-ad-store-the-data