| Question.66 You need to ensure that when Azure Active Directory (Azure AD) users connect to Azure AD from the Internet by using an anonymous IP address, the users are prompted automatically to change their password. Which Azure service should you use? (A) Azure AD Connect Health (B) Azure AD Privileged Identity Management (C) Azure Advanced Threat Protection (ATP) (D) Azure AD Identity Protection |
66. Click here to View Answer
Answer is (D) Azure AD Identity Protection
| Question.67 Your network contains an Active Directory forest. The forest contains 5,000 user accounts. Your company plans to migrate all network resources to Azure and to decommission the on-premises data center. You need to recommend a solution to minimize the impact on users after the planned migration. What should you recommend? (A) Implement Azure Multi-Factor Authentication (MFA) (B) Sync all the Active Directory user accounts to Azure Active Directory (Azure AD) (C) Instruct all users to change their password (D) Create a guest user account in Azure Active Directory (Azure AD) for each user |
67. Click here to View Answer
Answer is (B) Sync all the Active Directory user accounts to Azure Active Directory (Azure AD)
| Question.68 Which of the following could grant or deny access based on the originating IP address? (A) Azure Active Directory (B) Azure Firewall (C) VPN Gateway |
68. Click here to View Answer
Answer is (B) Azure Firewall. The Azure Firewall grants server access based on the originating IP address of each request. You create firewall rules that specify ranges of IP addresses. Only clients from these granted IP addresses will be allowed to access the server. Firewall rules also include specific network protocol and port information.
| Question.69 Which of the following could require both a password and a security question for full authentication? (A) Azure Firewall (B) Application Gateway (C) Multi-Factor Authentication |
69. Click here to View Answer
Answer is (C) Multi-Factor Authentication (MFA). MFA can require two or more elements for full authentication.
| Question.70 Which of the following services would you use to filter internet traffic in your Azure virtual network? (A) Azure Firewall (B) Network Security Group (C) VPN Gateway |
70. Click here to View Answer
Answer is (B) Network Security Group (NSG). NSGs allow you to filter network traffic to and from Azure resources in an Azure virtual network. An NSG can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.