Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MS-500 M365 Security Administrator Associate > Implement and Manage Identity and Access - Questions > Flashcards

Implement and Manage Identity and Access - Questions Flashcards

1
Q

Which authentication method must be enabled to utilize Premium AD features like Identity Protection?

  • > Password Hash Synchronization (PHS)
  • > Pass-through authentication (PTA)
  • > Federation (AD FS)
A

Password Hash Synchronization (PHS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Azure AD Connect Sync was installed using Express settings, or the default authentication settings. Password hash synchronization will be disabled by default

  • > True
  • > False
A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You received an unhealthy Identity Synchronization error notification via email. which of the following is a potential cause?

  • > Demo/trial license for Azure AD expired
  • > Duplicate users found in sync
  • > Password has synchronization not enabled
  • > Password write back not enabled
A

Demo/trial license for Azure AD expired

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Self-service password reset can be configured for one or multiple security groups?

  • > True
  • > False
A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

To create an Accounting group that has automatic membership in Azure AD, you must select ____ for membership type, then set Property to _______ and value to equals _________.

A
  • > Dynamic User
  • > Dept
  • > Accounting
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The owner of the Pride Month committee group is the current chair of the committee. They’re about to welcome the incoming chair and would like that incoming chair to review the membership of their Azure AD group during their first month. What solution would be appropriate to configure?

A

Assign the incoming chair a new one-time access review beginning their first day.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

You need to make sure users connecting to the companies O365 environment while outside the main office are required to use MFA. What will you create to ensure this?

  • > A compliance policy
  • > A user risk policy
  • > A sign-in risk policy
  • > A conditional access policy
A

A Conditional Access Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Your office has four branches. Their IP addresses and ranges are as follows:
NY: 192.0.2.0 /24
San Fran: 192.168.0.0 /16
Miami: 198.51.100.0 /24
Kansas City: 203.0.113.0 /24
How would you go about creating an MFA policy that doesn’t require Kansas City to use MFA when connecting from IP addresses in their range but requires everyone else to do so?

A

Add 203.0.113.0 /24 as a trusted IP and exclude it in the policy requiring MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In order to prevent access to users signing in from non-compliant devices, you must first have configured what?

A

A Compliance Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What should you create in order to restrict users from accessing company resources when they’re not connecting from the main office network? select all that could work

  • > A trusted IP & compliance policy
  • > A named location and a conditional access policy
  • > A trusted IP and a conditional access policy
  • > A named location and a compliance policy
A

A named location and a conditional policy
&
a trusted IP and a conditional access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Before users’ access to company data via VPN can be restricted, what must first be done?

  • > Add VPN server as a cloud app in your conditional access policy
  • > Deploy a certificate to your VPN server
  • > Download a certificate from Azure AD
  • > Create a certificate in Azure AD
A

Create a certificate in Azure AD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which of the following is not an RBAC security principal?

  • > User
  • > Group
  • > Managed Identity
  • > Subscription
A

Subscription

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A user has both an allow and deny assignment in RBAC. Which one overrides the other if they conflict on a particular allowance?

  • > The allow assignment overrides
  • > The deny assignment overrides
A

The deny assignments overrides

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q 
Which PowerShell command is used to make new RBAC role assignments for a user?
-> New-AZRoleAssignment
-> Assign-AzRoleAssignment
-> New-RBACRoleAssignment
Apply-RBACRoleAssignment
A

New-AzRoleAssignment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Your CIO requests that anybody given the Exchange Admin role has a maximum assignment to that role of 30 days before they must request an extension or the role expires until requested for activation again. Which solution can you use here (assuming an EMS E5 license)?

  • > Azure AD Identity Protection
  • > Azure AD Privilege Identity Mgmt
  • > Azure AD Audit logs
  • > Azure AD Role Administration Center
A

Azure AD Privilege Identity Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You need to make it easy for people to get temporary access to admin capabilities without assigning them a permanent active role. What should you do to accomplish this?

  • > Make the user active for a role for a specific time period.
  • > Make the user eligible for a role
  • > Review your activation requests
  • > Initiate a round of access reviews
A

Make the user eligible for a role

17
Q

Which node of PIM allows you to extend role assignments for users?

  • > Access reviews
  • > My roles
  • > Approve requests
  • > Assignments
A

Assignments

18
Q

A manager asks to be included on Identity Protection email alerts that go out for high-risk events. What do you need to do first?

  • > Make sure the manager is licensed to access Azure AD Identity Protection
  • > Add the manager’s email address as an additional recipient for high-risk alerts
A

Make sure the manager is licensed to access Azure AD Identity Protection

19
Q

Which Azure AD Identity Protection policy allows for requiring a user to change his or her password once identified as a risky user?

  • > User Risk Policy
  • > Sign-In Risk Policy
  • > Conditional Access Policy
  • > Compliance Policy
A

User Risk Policy

20
Q

Which of the following is not one of the identity methods available with Azure AD?

  • > Pass-through authentication
  • > Federation
  • > MFA
  • > Password hash sync
A

Multi-Factor Authentication

MFA is a secure authentication method as opposed to an identity method.

21
Q

Which of the following tools could you use to assess your organization’s readiness to synchronize their Active Directory to Azure AD?

  • > The Remote Connectivity Analyzer tool
  • > The IdFix tool
  • > The OffCAT tool
  • > Synchronization Service Manager
A

the IdFix tool
IdFix is a tool that scans AD and identifies any objects with attributes that are incompatible with O365 or that would result in a conflict or duplicate object

22
Q

With password hash sync, users will always authenticate to on-premise AD when logging onto Azure AD

  • > True
  • > False
A

False

Password Hash Sync (PHS) provides the same sign-on experience, where users are authenticated directly to O365/Azure AD

23
Q

Which of the following M365 licenses allow users to use SSPR(choose two)?

  • > Azure AD Premium P2
  • > Intune
  • > Azure Information Protection P1
  • > Azure AD Premium P1
A

Azure AD Premium P1
Azure AD Premium P1 is the minimum subscription requirement for Self-Service Password Reset (SSPR). It is also available with Azure AD P2.

24
Q

Which of the following PowerShell commands could you use to run a full Azure AD Connect sync manually?

  • > Start-ADSynchSyncCycle -Policy Type Initial
  • > Start-ADSyncSyncCycle - PolicyType Delta
  • > STart-ADSyncSyncCycle -PolicyType Full
  • > Start-ADSyncSyncCycle - PolicyType Immediate
A

Start-ADSyncSyncCycle - PolicyType Initial

Start-ADSyncSyncCycle - Policytype Delta
-> command will run a delta/incremental sync

25
Q

Conditional Access is a feature of Azure AD premium designed to give M365 Admins control over user and device access requests to services and applications within Azure AD and to apply actions based on certain conditions

  • > True
  • > False
A

True

26
Q

What is the maximum number of authentication agents that can be configured in Azure AD for pass-through authentication?

  • > 5
  • > 10
  • > 30
  • > 40
A

40

27
Q

How frequently does Azure ADConnect automatically sync on-prem AD changes to Azure AD?

  • > Every 20 minutes
  • > ONce an hour
  • > Every 30 minutes
  • > Every 15 minutes
A

Every 30 minutes

28
Q

Which of the following, methods can be used to authenticate users to Azure AD with MFA?

  • > Code with the Microsoft Authenticator App
  • > SMS messages to mobile device
  • > Security questions
  • > Email Address
A
  • > code with the Microsoft Authenticator App

- >SMS message to mobile device

29
Q

When deploying federation with AD FS what is the minimum number of web application proxy servers you should configure on your perimeter network?

  • > 5
  • > 2
  • > 3
  • > 7
A

2

Two Web Application Proxy servers are the minimum recommended requirement as per Microsoft best practice guidelines.

MS-500 M365 Security Administrator Associate (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions