You have an Azure AD tenant that contains a user named Admin1.
Admin1 uses the Require password change for high-risk user’s policy template to create a new Conditional Access policy.
Who is included and excluded by default in the policy assignment? To answer, drag the appropriate options to the correct target. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

You configure Azure Active Directory (Azure AD) Password Protection as shown in the exhibit. (Click the Exhibit tab.)

A. Pr0jectlitw@re and T@ilw1nd only

B. C0nt0s0 only

C. C0nt0s0, Pr0jectlitw@re, and T@ilw1nd

D. C0nt0s0 and T@ilw1nd only

E. C0nt0s0 and Pr0jectlitw@re only

You have 2,500 users who are assigned Microsoft Office 365 Enterprise E3 licenses. The licenses are assigned to individual users.
From the Groups blade in the Azure Active Directory admin center, you assign Microsoft 365 Enterprise E5 licenses to the users.
You need to remove the Office 365 Enterprise E3 licenses from the users by using the least amount of administrative effort.
What should you use?

A. the Set -KindohsProductKcy cmdlct

B. the Update-MgGroup cmdlet

C. the Set-HgUserLicense cmdlet

D. the Update-MgUser cmdlet

You have an Azure subscription that contains a user named User! and two resource groups named RG1 and RG2.
You need to ensure that User1 can perform the following tasks:

• View all resources.
• Restart virtual machines.
• Create virtual machines in RG1 only.
• Create storage accounts in RG1 only.

What is the minimum number of role-based access control (RBAC) role assignment* required?

A. 1

B. 2

C. 3

D. 4

Your network contains an Active Directory forest named contoso.com that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure AD Connect.
Attire AD Connect is installed on a server named Server 1.
You deploy a new server named Server? that runs Windows Server 2019.
You need to implement a failover server for Azure AD Connect. The solution must minimize how long it takes to fail over if Server1 fails.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure AD tenant that has multi-factor authentication (MFA) enforced and selfservice password reset (SSPR) enabled.
You enable combined registration in interrupt mode.
You create a new user named User1.
Which two authentication methods can User1 use to complete the combined registration process? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. a FID02 security key

B. a hardware token

C. a one-time passcode email

D. Windows Hello for Business

E. the Microsoft Authenticator app

You have a Microsoft Entra tenant that contains the users shown in the following table.

You have an Azure AD tenant contains the users shown in the following table.

You have an Azure subscription named Sub1 that uses Microsoft Entra Permissions Management. Sub1 contains a user named User1. User1 is granted multiple permissions across Sub1.
You need to replace all the permissions granted to User1 with read-only permissions. The solution must minimize administrative effort.
What should you do on the Remediation tab in Permissions Management?

A. From the Roles/Policies subtab. create a role.

B. From the My Requests subtab, create a new request

C. From the Permissions subtab, use a quick action

D. From the Role/Policy Template subtab. create a template

You have three Azure subscriptions that are linked to a single Microsoft Entra tenant.
You need to evaluate and remediate the risks associated with highly privileged accounts.
The solution must minimize administrative effort.
What should you use?

A. Microsoft Entra Verified ID

B. Privileged Identify Management (PIM)

C. Global Secure Access

D. Microsoft Entra Permissions Management