👉Get Full PDF
| Question.46 HOTSPOT – You have an Azure AD tenant that contains a management group named MG1. You have the Azure subscriptions shown in the following table.  The subscriptions contain the resource groups shown in the following table.  The subscription contains the Azure AD security groups shown in the following table.  The subscription contains the user accounts shown in the following table.  You perform the following actions: Assign User3 the Contributor role for Sub1. Assign Group1 the Virtual Machine Contributor role for MG1. Assign Group3 the Contributor role for the Tenant Root Group. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.  |
46. Click here to View Answer
Answer:
Explanation:
Since Group 1 is assigned VM contributor to MG1, it will be able to create a new VM in RG1.User 2 is not able to grant permission to Group 2 because it is just a member with contributor role.Since Group 3 has Contributor role for the Tenant Root Group, User3 can create storage account in RG2
| Question: 47 Your company has the divisions shown in the following table.  Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1. You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1. What should you recommend? (A) Configure Azure AD Identity Protection. (B) Configure assignments for the fabrikam.com users by using Azure AD Privileged Identity Management (PIM). (C) Configure Supported account types in the application registration and update the sign-in endpoint. (D) Configure a Conditional Access policy. |
47. Click here to View Answer
Answer: C
Explanation:
Configure Supported account types in the application registration and update the sign-in endpoint.
| Question.48 Your company has the divisions shown in the following table. Sub1 contains an Azure App Service web app named App1. App1 uses Azure AD for single-tenant user authentication. Users from contoso.com can authenticate to App1. You need to recommend a solution to enable users in the fabrikam.com tenant to authenticate to App1. What should you recommend? (A) Use Azure AD entitlement management to govern external users. (B) Enable Azure AD pass-through authentication and update the sign-in endpoint. (C) Configure a Conditional Access policy. (D) Configure assignments for the fabrikam.com users by using Azure AD Privileged Identity Management (PIM). |
48. Click here to View Answer
Answer: A
Explanation:
This has been repeated many times and has two answers based on the provided possibilities: Its either Use Azure AD entitlement management to govern external usersOrConfigure Supported account types in the application registration and update the sign-in endpointBoth answers will lead you to the same solution.
| Question.49 You have an Azure subscription that contains 1,000 resources. You need to generate compliance reports for the subscription. The solution must ensure that the resources can be grouped by department. What should you use to organize the resources? (A) application groups and quotas (B) Azure Policy and tags (C) administrative units and Azure Lighthouse (D) resource groups and role assignments |
49. Click here to View Answer
Answer: B
Explanation:
Azure Policy and tags
| Question.50 You need to recommend a solution to generate a monthly report of all the new Azure Resource Manager (ARM) resource deployments in your Azure subscription. What should you include in the recommendation? (A) Azure Arc (B) Azure Monitor metrics (C) Azure Advisor (D) Azure Log Analytics |
50. Click here to View Answer
Answer: D
Explanation:
Azure Log Analytics