Q145. You have an Azure AD tenant that contains a user named User1
User1 needs to manage license assignments and reset user passwords.
Which role should you assign to User1?

Q146. You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.
From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.
You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.
What should you use?

Q147. Your network contains an on-premises Active Directory domain that sync to an Azure Active Directory (Azure AD) tenant. The tenant contains the shown in the following table.

All the users work remotely.
Azure AD Connect is configured in Azure as shown in the following exhibit.

Connectivity from the on-premises domain to the internet is lost.
Which user can sign in to Azure AD?

Q148. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click the Exhibit tab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You add each manager as a fallback reviewer.
Does this meet the goal?

Q149. You have an Azure AD tenant contains the users shown in the following table.

In Azure AD Privileged Identity Management (PIM), you configure the Global Administrator role as shown in the following exhibit.

User 1 is eligible for the Global Administrator role.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q150. You need to implement password restrictions to meet the authentication requirements.
You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q151. You need to implement on-premises application and SharePoint Online restrictions to meet the authentication requirements and the access requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q152. You have an Azure subscription that contains the following virtual machine Name: VM1 Azure region: East US System-assigned managed identity: Disabled You create the managed identities shown in the following table.

You perform the following actions:
* Assign Managed1 to VM1.
* Create a resource group named RG1 in the West US region.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q153. Your company has a Microsoft 365 tenant.
All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant.
The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery.
You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q154. You need to identify which roles to use for managing role assignments. The solution must meet the delegation requirements.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q155. Your on-premises network contains an Active Directory domain that uses Azure AD Connect to sync with an Azure AD tenant. You need to configure Azure AD Connect to meet the following requirements:
* User sign-ins to Azure AD must be authenticated by an Active Directory domain controller.
* Active Directory domain users must be able to use Azure AD self-service password reset (SSPR).
What should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q156. You need to implement password restrictions to meet the authentication requirements.
You install the Azure AD password Protection DC agent on DC1.
What should you do next? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q157. Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.

You install Azure AD Connect. You configure the Domain and OU filtering settings as shown in the Domain and OU Filtering exhibit. (Click the Domain and OU Filtering tab.)

You configure the Filter users and devices settings as shown in the Filter Users and Devices exhibit. (Click the Filter Users and Devices tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Q158. You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of nonadministrative users. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?

Q159. You have an Azure AD tenant that contains the users shown in The following table.

You enable self-service password reset (SSPR) for all the users and configure SSPR to require security questions as the only authentication method.
Which users must use security questions when resetting their password?

Q160. You have an Azure Active Directory (Azure AD) tenant that contains a user named User1 and the groups shown in the following table.

In the tenant, you create the groups shown in the following table.

Which members can you add to GroupA and GroupB? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q161. You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled.
The account lockout settings are configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Q162. You have a Microsoft 365 tenant that contains a group named Group1 as shown in the Group1 exhibit. (Click the Group1 tab.)

You create an enterprise application named App1 as shown in the App1 Properties exhibit. (Click the App1 Properties tab.)

You configure self-service for App1 as shown in the App1 Self-service exhibit. (Click the App1 Self-service tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Q163. You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)

A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table.

Which users will be emailed a passcode?

Q164. You have an Azure Active Directory (Azure AD) tenant that has multi-factor authentication (MFA) enabled.
The account lockout settings are configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Q165. You have an Azure Active Directory (Azure AD) tenant that contains the following objects:
A device named Device1
Users named User1, User2, User3, User4, and User5
Groups named Group1, Group2, Group3, Group4, and Group5
The groups are configured as shown in the following table.

To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

Q166. You have a new Microsoft 365 tenant that uses a domain name of contoso.onmicrosoft.com.
You register the name contoso.com with a domain registrar.
You need to use contoso.com as the default domain name for new Microsoft 365 users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Q167. You have an Azure AD tenant and an Azure web app named App1.
You need to provide guest users with self-service sign-up for App1. The solution must meet the following requirements:
* Guest users must be able to sign up by using a one-time password.
* The users must provide their first name, last name, city, and email address during the sign-up process.
What should you configure in the Azure Active Directory admin center for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Q168. Task 2
You need to implement a process to review guest users who have access to the Salesforce app. The review must meet the following requirements:
* The reviews must occur monthly.
* The manager of each guest user must review the access.
* If the reviews are NOT completed within five days, access must be removed.
* If the guest user does not have a manager, Megan Bowen must review the access.

Q169. You have an on-premises datacenter that contains the hosts shown in the following table.

You have an Azure Active Directory (Azure AD) tenant that syncs to the Active Directory forest. Multi-factor authentication (MFA) is enforced for Azure AD.
You need to ensure that you can publish App1 to Azure AD users.
What should you configure on Server and Firewall1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.