CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

[email protected]

Microsoft 365 Password: *yfLo7Ir2&y-

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 10811525

You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).

You need to ensure that all the users who join a device use multi-factor authentication.

Reveal Solution Hide Solution

CORRECT TEXT

Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.

When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.

Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.

Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.

Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.

You may now click next to proceed to the lab.

Lab information

Use the following login credentials as needed:

To enter your username, place your cursor in the Sign in box and click on the username below.

To enter your password, place your cursor in the Enter password box and click on the password below.

Microsoft 365 Username:

[email protected]

Microsoft 365 Password: *yfLo7Ir2&y-

If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.

The following information is for technical support purposes only:

Lab Instance: 10811525

You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).

You need to ensure that all the users who join a device use multi-factor authentication.

Reveal Solution Hide Solution

HOTSPOT

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes the users shown in the following table.

Group2 is a member of Group1.

You assign a Microsoft Office 365 Enterprise E3 license to User2 as shown in the following exhibit.

You assign Office 365 Enterprise E3 licenses to Group1 as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Group-based licensing currently does not support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied.

References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-group-advanced

HOTSPOT

You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.

All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).

You plan to create a user named Admin1 that will perform following tasks:

• View BitLocker recovery keys.

• Configure the usage location for the users in contoso.com.

You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege.

Which two roles should you assign? To answer, select the appropriate roles in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

HOTSPOT

Your network contains an on-premises Active Directory domain named Contoso.com.

Your company purchase a Microsoft 365 subscription and establishes a hybrid deployment of Azure Active Directory (Azure AD) by using password hash synchronization.

You need to identify where an administrator can reset the password of each new user.

What should you identify? To answer, select the appropriate option in the area. NOTE: Each correct selection is worth point.

Reveal Solution Hide Solution

Correct Answer:

HOTSPOT

You have an Active Directory domain named Adatum.com that is synchronized to Azure Active Directory as shown in the exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Group Writeback is enabled in the Azure AD Connect configuration so groups created in Azure Active Directory will be synchronized to the on-premise Active Directory. A security group created in Azure Active Directory will be synchronized to the on-premise Active Directory as a security group.

Device Writeback is enabled in the Azure AD Connect configuration so computers joined to the Azure Active Directory will be synchronized to the on-premise Active Directory. They will sync to the Registered Devices container in the on-premise Active Directory.

Your company has an Azure AD tenant named contoso.com and a Microsoft 365 subscription.

All users use Windows 10 devices to access Microsoft Office 365 apps.

All the devices are in a workgroup.

You plan to implement password less sign-in to contoso.com.

You need to recommend changes to the infrastructure for the planned implementation.

What should you include in the recommendation?

Reveal Solution Hide Solution

You have an on-premises Microsoft Exchange Server organization that contains 100 mailboxes.

You have a hybrid Microsoft 365 tenant.

You run the Hybrid Configuration wizard and migrate the mailboxes to the tenant.

You need to ensure that Microsoft 365 spam filtering is applied to incoming email.

What should you do?

Reveal Solution Hide Solution

HOTSPOT

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

User1 is the owner of Group1, User2 is the owner of Group2.

You create an access review that contains the following configurations:

* Users to review, Member of a group

* Scope Everyone

* Group: Group1 and Group2

* Review Group owners

For each of the following statements, select Yes if the statement is true. Otherwise select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Box 1: Yes

User1 is the owner of Group1. User2 is in Group1 and Group2. Group owners can review access. Therefore, User1 can review User2’s membership of Group1.

Box 2: Yes

User1 is the owner of Group1. User3 is in Group1 and Group2. Group owners can review access. Therefore, User1 can review User3’s membership of Group1.

Box 3: No

Only group owners can review access. User3 is not a group owner. Therefore, User3 cannot review membership of the groups.

References: https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

HOTSPOT

On March 5. 2022, you create an access package named Package1 that has the following settings:

• Resource roles

• Name: Group1

• Type: Group and Team

• Role: Member

• Lifecycle

o Access package assignments expire: On date f Assignment expiration date: March 20. 2022

On March 5, 2022. you assign Package1 to the guest users shown in the following table.

On March 6, 2022, you assign the Reports reader role to Guest3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer: