You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for users that have leaked credentials?
Correct Answer: D
D
These six types of events are categorized in to 3 levels of risks ג€" High, Medium & Low:
Reference:
http://www.rebeladmin.com/2018/09/step-step-guide-configure-risk-based-azure-conditional-access-policies/
You have been tasked with applying conditional access policies for your company's current Azure Active Directory (Azure AD).
The process involves assessing the risk events and risk levels.
Which of the following is the risk level that should be configured for sign ins that originate from IP addresses with dubious activity?
Correct Answer: C
When configuring conditional access policies for Azure Active Directory, the risk level for sign-ins originating from IP addresses with dubious activity should be set to Medium. This is because such activity indicates a potential but not immediate threat, requiring a balanced approach between security and user accessibility. Setting it to Medium ensures that adequate measures are in place to mitigate risk without overly restricting access to legitimate users.
You have been tasked with configuring an access review, which you plan to assigned to a new collection of reviews. You also have to make sure that the reviews can be reviewed by resource owners.
You start by creating an access review program and an access review control.
You now need to configure the Reviewers.
Which of the following should you set Reviewers to?
Correct Answer: C
C
In the Reviewers section, select either one or more people to review all the users in scope. Or you can select to have the members review their own access. If the resource is a group, you can ask the group owners to review.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review https://docs.microsoft.com/en-us/azure/active-directory/governance/manage-programs-controls
Your company recently created an Azure subscription. You have, subsequently, been tasked with making sure that you are able to secure Azure AD roles by making use of Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
Which of the following actions should you take FIRST?
Correct Answer: C
To secure Azure AD roles using Azure Active Directory (Azure AD) Privileged Identity Management (PIM), the first action to take is to discover privileged roles. This involves identifying the roles that have elevated permissions and could pose security risks if not properly managed. Understanding which roles are privileged is essential before any further actions such as configuring settings or activating PIM can be taken. This initial step ensures that you have a clear view of the roles that need to be managed and secured using PIM.
You need to consider the underlined segment to establish whether it is accurate.
You have been tasked with creating a different subscription for each of your company's divisions. However, the subscriptions will be linked to a single Azure Active
Directory (Azure AD) tenant.
You want to make sure that each subscription has identical role assignments.
You make use of Azure AD Privileged Identity Management (PIM).
Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
Correct Answer: B
To ensure that each subscription has identical role assignments, Azure Blueprints is the most appropriate choice. Azure Blueprints allows the creation and management of templates that can include role assignments, policy assignments, and other configurations. This helps in maintaining consistency across multiple subscriptions by applying the same blueprint to each subscription. Although Azure AD Privileged Identity Management (PIM) can assign roles within a subscription, it does not provide the capabilities to ensure identical role assignments across multiple subscriptions like Azure Blueprints does.