Question 1

Note: This question is part of a series of questions that present the same scenario. Each question in the

series contains a unique solution that might meet the stated goals. Some question sets might have more

than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

Your network contains an Active Directory domain.

You deploy an Azure AD tenant.

Another administrator configures the domain to synchronize to Azure AD.

You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All

the other user accounts synchronized successfully.

You review Azure AD Connect Health and discover that all the user account synchronizations completed

successfully.

You need to ensure that the 10 user accounts are synchronized to Azure AD.

Solution: You run idfix.exe and export the 10 user accounts.

Does this meet the goal?

Options :

A : Yes

B : No

Answer: B

Question 2

Your company has on-premises servers and an Azure AD tenant.

Several months ago, the Azure AD Connect Hearth agent was installed on all the servers.

You review the health status of all the servers regularly.

Recently, you attempted to view the health status of a server named Server1 and discovered that the server is

NOT listed on the Azure AD Connect Servers list.

You suspect that another administrator removed Server1 from the list.

You need to ensure that you can view the health status of Server1.

What are two possible ways to achieve the goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Options :

A : From Azure Cloud shell, run the Connect-Azure AD cmdlet.

B : From Server1, change the Azure AD Connect Health Services Startup type to Automatic (Delayed Start)

C : From Server1, change the Azure AD Connect Health Services Startup type to Automatic

D : From Windows PowerShell, run the Rejister-ArureADConnectHealthsyncAgent cmdlet.

E : From Server1, reinstall the Azure AD Connect Health agent

Answer: D,E

Question 3

Your network contains an on-premises Active Directory domain named contoso.com.

For all user accounts, the Logon Hours settings are configured to prevent sign-ins outside of business hours.

You plan to sync contoso.com to an Azure AD tenant.

You need to recommend a solution to ensure that the logon hour restrictions apply when synced users sign in

to Azure AD.

What should you include in the recommendation?

Options :

A : pass-through authentication

B : conditional access policies

C : password synchronization

D : Azure AD Identity Protection policies

Answer: A

Question 4

You have a Microsoft 365 E5 tenant.

You create an auto-labeling policy to encrypt emails that contain a sensitive info type. You specify the

locations where the policy will be applied.

You need to deploy the policy.

What should you do first?

Options :

A : Review the sensitive information in Activity explorer

B : Turn on the policy

C : Run the policy in simulation mode

D : Configure Azure Information Protection analytics

Answer: C

Question 5

You have a Microsoft 365 E5 subscription.

You are creating a data loss prevention (DLP) policy applied to the locations as shown in the following

exhibit.

Which condition can you use in the DIP rules of the policy?

Options :

A : sensitive info types

B : sensitivity labels

C : content search queries

D : keywords

Answer: A