Question 6 of 241
You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1.
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?
VM1 runs services that will be used to deploy resources to RG1.
You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1.
What should you do first?
Correct Answer: D
To allow a service running on VM1 to manage resources in RG1 using the identity of VM1, the first step is to enable the Managed Service Identity (MSI) for VM1. This will create a service principal in Azure AD that represents VM1's identity and allows it to access Azure resources securely. Without enabling MSI, you cannot assign permissions or roles to VM1 for resource management.
Question 7 of 241
HOTSPOT -
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table:
Subscription1 contains the virtual machines in the following table:
The firewalls on all the virtual machines are configured to allow all ICMP traffic.
You add the peerings in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
You have an Azure subscription named Subscription1. Subscription1 contains the virtual networks in the following table:
Subscription1 contains the virtual machines in the following table:
The firewalls on all the virtual machines are configured to allow all ICMP traffic.
You add the peerings in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
References:
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal
Question 8 of 241
HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings to the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
You have an Azure Active Directory (Azure AD) tenant.
You need to create a conditional access policy that requires all users to use multi-factor authentication when they access the Azure portal.
Which three settings should you configure? To answer, select the appropriate settings to the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/app-based-mfa
Question 9 of 241
You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network.
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.
You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?
Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com.
You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory.
You need to ensure that the users can use single-sign on (SSO) to access Azure resources.
What should you do first?
Correct Answer: B
To ensure users can use single sign-on (SSO) to access Azure resources, you should first add and verify the custom domain name in Azure AD. This action resolves the UPN (User Principal Name) mismatch between Azure AD and the on-premises Active Directory, which is causing the issue of users being prompted multiple times to sign in and using an onmicrosoft.com account name.
Question 10 of 241
You have an Active Directory forest named contoso.com.
You install and configure AD Connect to use password hash synchronization as the single sign-on(SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
You install and configure AD Connect to use password hash synchronization as the single sign-on(SSO) method. Staging mode is enabled.
You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs.
You need to ensure that the synchronization completes successfully.
What should you do?
Correct Answer: D
Staging mode in Azure AD Connect is designed for testing purposes. When staging mode is enabled, the server does not run export operations, including password sync and password writeback. As a result, synchronization jobs will not be completed. To ensure that synchronization completes successfully, staging mode must be disabled. Disabling staging mode allows the server to resume normal synchronization operations, including exports and password synchronization.