Question 6 of 505
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for users that have leaked credentials?
    Correct Answer: D

    The risk level for users with leaked credentials should be configured as High. When a user's credentials are compromised, those credentials are potentially in the hands of an attacker, putting the user's account and the accessible resources at significant risk. Setting the risk level to High ensures that appropriate and stringent access controls and security measures, such as multifactor authentication or blocking access, are applied to protect the user's account and associated resources.

Question 7 of 505
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for sign ins that originate from IP addresses with dubious activity?
    Correct Answer: C

    When configuring conditional access policies for Azure Active Directory, the risk level for sign-ins originating from IP addresses with dubious activity should be set to Medium. This is because such activity indicates a potential but not immediate threat, requiring a balanced approach between security and user accessibility. Setting it to Medium ensures that adequate measures are in place to mitigate risk without overly restricting access to legitimate users.

Question 8 of 505
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.
You start by creating an access review program and an access review control.
You now need to configure the Reviewers.
Which of the following should you set Reviewers to?
    Correct Answer: C

    When configuring an access review that needs to be reviewed by resource owners, the most suitable choice is to set the Reviewers to Group Owners. This is because Group Owners are typically responsible for managing the resources within their groups, ensuring that they have the requisite permissions and insights to accurately assess the access. Thus, selecting Group Owners as Reviewers would align with the goal of having resource owners conduct the reviews.

Question 9 of 505
Your company recently created an Azure subscription. You have, subsequently, been tasked with making sure that you are able to secure Azure AD roles by making use of Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Which of the following actions should you take FIRST?
    Correct Answer: C

    To secure Azure AD roles using Azure Active Directory (Azure AD) Privileged Identity Management (PIM), the first action to take is to discover privileged roles. This involves identifying the roles that have elevated permissions and could pose security risks if not properly managed. Understanding which roles are privileged is essential before any further actions such as configuring settings or activating PIM can be taken. This initial step ensures that you have a clear view of the roles that need to be managed and secured using PIM.

Question 10 of 505
You need to consider the underlined segment to establish whether it is accurate.
You have been tasked with creating a different subscription for each of your company's divisions. However, the subscriptions will be linked to a single Azure Active
Directory (Azure AD) tenant.
You want to make sure that each subscription has identical role assignments.
You make use of Azure AD Privileged Identity Management (PIM).
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
    Correct Answer: B

    To ensure that each subscription has identical role assignments, Azure Blueprints is the most appropriate choice. Azure Blueprints allows the creation and management of templates that can include role assignments, policy assignments, and other configurations. This helps in maintaining consistency across multiple subscriptions by applying the same blueprint to each subscription. Although Azure AD Privileged Identity Management (PIM) can assign roles within a subscription, it does not provide the capabilities to ensure identical role assignments across multiple subscriptions like Azure Blueprints does.