Azure AD and Microsoft 365 Quiz

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. Users sign in to computers that run Windows 10 and are joined to the domain. You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO). You need to configure the Windows 10 computers to support Azure AD Seamless SSO. What should you do?

Configure Sign-in options from the Settings app.

Enable Enterprise State Roaming.

Modify the Intranet Zone settings. (correct)

Install the Azure AD Connect Authentication Agent.

You have an Azure Active Directory (Azure AD) tenant that contains the following objects:

A device named Device1

Users named User1, User2, User3, User4, and User5

Groups named Group1, Group2, Group3, Group4, and Group5 The groups are configured as shown in the following table. To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

Group1, Group2, Group3, Group4, and Group5

Group1, Group2, Group4, and Group5 only

Group1 and Group4 only

Group1 and Group2 only (correct)

Group1 only

You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com. Several users use their contoso.com email address for self-service sign-up to Azure Active Directory (Azure AD). You gain global administrator privileges to the Azure AD tenant that contains the self-signed users. You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services. Which PowerShell cmdlet should you run?

Set-MsolDomain

Set-MsolCompanySettings (correct)

Set-MsolDomainFederationSettings

Update-MsolfederatedDomain

You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.) A user named [email protected] shares a Microsoft SharePoint Online document library to the users shown in the following table. Which users will be emailed a passcode?

User2 only Signup and view all the answers

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users. From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users. You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort. What should you use?

the Licenses blade in the Azure Active Directory admin center Signup and view all the answers

You have an Azure Active Directory (Azure AD) tenant named contoso.com. You plan to bulk invite Azure AD business-to-business (B2B) collaboration users. Which two parameters must you include when you create the bulk invite? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

redirection URL Signup and view all the answers

You have an Azure Active Directory (Azure AD) tenant that contains the objects shown in the following table. Which objects can you add as members to Group3?

User2 only Signup and view all the answers

You have an on-premises Microsoft Exchange organization that uses an SMTP address space of contoso.com. You discover that users use their email address for self-service sign-up to Microsoft 365 services. You need to gain global administrator privileges to the Azure Active Directory (Azure AD) tenant that contains the self-signed users. Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Sign in to the Microsoft 365 admin center. = Create a self-signed user account in the Azure AD tenant. Create a TXT record in the contoso.com DNS zone. = Respond to the Become the admin message. From the Microsoft 365 admin center, add the domain name. = From the Microsoft 365 admin center, remove the domain name. Signup and view all the answers

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1 and the groups shown in the following table. In the tenant, you create the groups shown in the following table. Which members can you add to GroupA and GroupB? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

GroupA = User1 only User1 and Group1 only User1, Group1, and Group2 only User1, Group1, Group2, and Group3 only User1, Group1, Group2, Group3, and Group4 GroupB = User1 only User1 and Group4 only User1, Group1, and Group4 only User1, Group1, Group2, and Group4 only User1, Group1, Group2, Group3, and Group4 Signup and view all the answers

Signup and view all the answers

Study Notes

Question Set 1

Question 1: To configure Windows 10 computers to support Azure AD Seamless Single Sign-On (SSO), modify the Intranet Zone settings.
Question 2: Microsoft Office 365 Enterprise E5 licenses can be directly assigned to Group1 and Group2.
Question 3: Use the Set-MsolCompanySettings PowerShell cmdlet to prevent users from creating accounts in contoso.com Azure AD for self-service sign-up to Microsoft 365 services.
Question 4: Only users [email protected] will be sent a passcode since they are guests on the fabrikam.com network.
Question 5: Use the Licenses blade in the Azure Active Directory admin center to remove Office 365 Enterprise E3 licenses from users with the least administrative effort.
Question 6: User1 cannot access the enterprise application, User2 can access the enterprise application, and User3 can access the SharePoint site.
Question 7: When creating a bulk invite for Azure AD B2B collaboration users, include email addresses and redirection URLs.
Question 8: User2 and Group2 can be added as members in Group3.
Question 9: To take over global administrator privileges, first sign into the Microsoft 365 admin center, create a self-signed user account, add the domain name, respond to the Become the admin message, and then create a TXT record in the contoso.com DNS zone.
Question 10:
GroupA: User1 only
GroupB: User1 and Group1 only

Question Set 2

Question 1:
To enable MFA when accessing cloud apps, configure the Conditions settings.
To enable authentication every eight hours, configure the Sessions settings in your Azure AD conditional access policy.
Question 2:
Use Microsoft Cloud App Security to receive an alert if a registered application gains read and write access to user email.
Question 3:
Configure a conditional access policy that has session controls enabled to manage access to Microsoft 365 resources.
Question 4:
Users can use a verification code from the Microsoft Authenticator app (or a voice call) when working remotely without a Wi-Fi or mobile phone connection.
Question 5:
Enable Security Defaults first to control access to Microsoft 365 resources through conditional access policies.
Question 6:
Use FIDO2 tokens to require MFA for call center users accessing Microsoft 365 services.
Question 7:
Use a Client apps condition in an Azure AD conditional access policy to prevent legacy authentications.
Question 8:
Leaked credentials is a user risk detection type.
Question 9:
Create an Azure AD conditional access policy with session controls to prevent users from downloading or syncing SharePoint files on their user-owned computers.
Question 10:
Implement Azure AD Application Proxy on a separate server if domain controllers are internet-restricted to achieve high availability of pass-through authentication.
Question 11:
To ensure users can connect to Service1 without being prompted for authentication from Azure AD-joined computers, publish App1 to Azure AD.

Question Set 3

Question 1:
1. Configure the authentication methods to use a mobile app notification and security questions for self-service password resets.
2. Ensure that password hash synchronization is enabled in Azure AD Connect, to ensure passwords are synced between the Azure AD tenant and the on-premises domain, regardless of where the password was reset.
Question 2:
Implement Microsoft Cloud App Security and use an app discovery policy to receive alerts when registered apps gain elevated (read/write email) access.
Question 3:
Use Cloud App Discovery in Microsoft Cloud App Security to achieve this.

Question Set 4

Question 1:
Configure terms of use to ensure only users who accept the terms can use resources.
Question 2:
Group1, Group2, Group4, and Group5 support access reviews; device groups do not
Question 3:
Only User1 can perform access reviews for User3 in Azure AD.
Question 4:
Multi-Factor Authentication (MFA): A user must perform MFA every 8 hours to access the User administrator role.
Approval for Activation: A global administrator or a privileged role administrator must approve the activation before a user who isn't already in the role can perform a task.
Question 5:
November 20, 2020: User1 can accept terms on Device1.
December 11, 2020: User1 can't accept terms on Device2.
December 7, 2020: User1 can't accept terms on Device3.
Question 6:
Implement Assignment type to "Eligible" for the Security administrator role in PIM.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Test your knowledge on configuring Azure AD and managing Microsoft 365 licenses with this quiz. Cover key aspects such as Azure AD Seamless SSO, PowerShell cmdlets, and user permissions. Perfect for IT professionals looking to enhance their skills in cloud identity management.