Question 1

Your network contains an on-premises Active Directory domain named contoso.com.

For all user accounts, the Logon Hours settings are configured to prevent sign-ins outside of business hours.

You plan to sync contoso.com to an Azure AD tenant.

You need to recommend a solution to ensure that the logon hour restrictions apply when synced users sign in

to Azure AD.

What should you include in the recommendation?

Options :

A : pass-through authentication

B : conditional access policies

C : password synchronization

D : Azure AD Identity Protection policies

Answer: A

Question 2

Your network contains three Active Directory forests. There are forests trust relationships between the forests.

You create a Microsoft Entra tenant

You plan to sync the on-premises Active Directory to the Microsoft Entra tenant.

You need to recommend a synchronization solution. The solution must ensure that the synchronization can

complete and as quickly as possible if a single server fails.

What should you include in the recommendation?

Options :

A : one Microsoft Entra Connect sync server and one Microsoft Entra Connect sync server in staging mode

B :

three Microsoft Entra Connect sync servers and one Microsoft Entra Connect sync server in staging mode

C :

six Microsoft Entra Connect sync servers and three Microsoft Entra Connect sync servers in staging mode

D :

three Microsoft Entra Connect sync servers and three Microsoft Entra Connect sync servers in staging mode

Answer: A

Question 3

Note: This question is part of a series of questions that present the same scenario. Each question in the

series contains a unique solution that might meet the stated goals. Some question sets might have more

than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection (ATP) settings and

policies for Microsoft Teams, SharePoint, and OneDrive.

Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Teams Service

Administrator role.

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B

Question 4

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1. You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk.

The solution must use the principle of least privilege.

To which role should you add User1?

Options :

A : Security Reader

B : Global Administrator

C : Owner

D : User Administrator

Answer: A

Question 5

You have a Microsoft 365 E5 subscription.

You plan to implement Microsoft 365 compliance policies to meet the following requirements:

Identify documents that are stored in Microsoft Teams and SharePoint Online that contain Personally

Identifiable Information (PII).

Report on shared documents that contain PII.

What should you create?

Options :

A : an alert policy

B : a data loss prevention (DLP) policy

C : a retention policy

D : a Microsoft Cloud App Security policy

Answer: B