You network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant. The tenant contains the users shown in the following table.

The tenant contains the groups shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that and the following settings:
* Assignments:
* Include: Group1
* Exclude Group2
* Controls: Require Azure MFA registration
* Enforce Policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You have an Azure Kubernetes Service (AKS) cluster that will connect to an Azure Container Registry.
You need to use automatically generated service principal for the AKS cluster to authenticate to the Azure Container Registry.
What should you create?

• A.a secret in Azure Key Vault
• B.a role assignment
• C.an Azure Active Directory (Azure AD) user
• D.an Azure Active Directory (Azure AD) group

Comment: *

Name: *

Email: *

Verification: *

You create a new Azure subscription that is associated to a new Azure Active Directory (Azure AD) tenant.
You create one active conditional access policy named Portal Policy. Portal Policy is used to provide access to the Microsoft Azure Management cloud app.
The Conditions settings for Portal Policy are configured as shown in the Conditions exhibit. (Click the Conditions tab.)

The Grant settings for Portal Policy are configured as shown in the Grant exhibit. (Click the Grant tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Box 1: No
The Contoso location is excluded
Box 2: Yes
Box 3: Yes
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

Comment: *

Name: *

Email: *

Verification: *

Your company has two offices in Seattle and New York. Each office connects to the Internet by using a NAT device. The offices use the IP addresses shown in the following table.

The company has an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

The MFA service settings are configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Box 2: No
Use of Microsoft Authenticator is not required.
Note: Microsoft Authenticator is a multifactor app for mobile devices that generates time-based codes used during the Two-Step Verification process.
Box 3: No
The New York IP address subnet is included in the "skip multi-factor authentication for request.
References:
https://www.cayosoft.com/difference-enabling-enforcing-mfa/

Comment: *

Name: *

Email: *

Verification: *

You need to enable Advanced Data Security for the SQLdb1 Azure SQL database. The solution must ensure that Azure Advanced Threat Protection (ATP) alerts are sent to [email protected].
To complete this task, sign in to the Azure portal and modify the Azure resources.
See the explanation below.

Comment: *

Name: *

Email: *

Verification: *