You have an Azure subscription that contains a user named User1 and an Azure Key Vault named Vault1.
You need to ensure that User1 can read the metadata of certificates, keys, and secrets stored in Vault1. The solution must follow the principle of least privilege.
Which role should you assign to User1?

A. Key Vault Crypto User

B. Key Vault Crypto Officer

C. Key Vault Reader

D. Key Vault Secrets User

You have a Microsoft 365 subscription.
You need to ensure that users can grant enterprise applications access to their profile. The solution must ensure that the users can consent only to the User. Read and profile delegated permissions.
What should you configure first?

A. Security defaults

B. Admin consent settings

C. Permission classifications

D. Identity Protection settings

You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com.
Several users use their contoso.com email address for self-service sign-up to 1 Microsoft Entra.
You gain global administrator privileges to the Microsoft Entra tenant that contains the selfsigned users.
You need to prevent the users from creating user accounts in the contoso.com 2 Microsoft Entra tenant for self-service sign-up to Microsoft 365 services.
Which PowerShell cmdlet should you run?

A. Update-MgDomain

B. Update-MgPolicyAuthorizationPolicy

C. Update-MgPolicyPermissionGrantPolicyExclude

D. Update-MgDomainFederationConfiguration

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 tenant.
You have 100 IT administrators who are organized into 10 departments.
You create the access review shown in the exhibit. (Click theExhibittab.)

You discover that all access review requests are received by Megan Bowen.
You need to ensure that the manager of each department receives the access reviews of their respective department.
Solution: You modify the properties of the IT administrator user accounts.
Does this meet the goal?

A. Yes

B. No

You have an Azure subscription that contains two resource groups named RG1 and RG2, a storage account named storage1.
You assign roles for the subscription as shown in the following table.

You assign roles for RG1 as shown in the following table.

You assign roles for storage1 as shown in the following exhibit.

Roles are NOT assigned for other Azure resources.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

You have an Azure subscription.
You need to create two custom roles named Role1 and Role2. The solution must meet the following requirements:
• Users that are assigned Role1 can create or delete instances of Azure Container Apps.
• Users that are assigned Role2 can enforce adaptive network hardening rules.
Which resource provider permissions are required for each role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.

You plan to manage the lifecycles of the groups. Which groups can be set to expire, and what is the shortest group lifetime you can set? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You have an Azure subscription. The subscription contains a virtual machine named VM1 that runs Linux. You need to configure enhanced security for VM1. The solution must meet the following requirements:
• Ensure that users can sign in to VM1 by using their Microsoft Entra credentials
• Ensure That users authenticate by using multi-factor out-of-band
• Prevent users from signing in to VM1 by using passwords.
Which two authentication methods can you include in the solution? Each correct answer presents a complete solution. NOTE: Each correct selection Is worth one point.

A. the Microsoft Authenticator app

B. Windows Hello for Business

C. Passkey(FID02)

D. Temporary Access Pass

E. SMS

You have a Microsoft 365 E5 subscription.
You create an access review named Review1. Review1 requires that every six months, Microsoft 365 group owners review guest user access to their groups.
You need to ensure that if the group owners fail to review the membership of Review1, guest users ate removed automatically.
Which settings should you configure for Review1?

A. Reviewers

B. Advanced settings

C. General

D. Upon completion settings

You need to sync the ADatum users. The solution must meet the technical requirements. What should you do?

A. From the Microsoft Azure Active Directory Connect wizard, select Customize synchronization options.

B. From PowerShell, run Set-ADSyncScheduler.

C. From PowerShell, run Start-ADSyncSyncCycle.

D. From the Microsoft Azure Active Directory Connect wizard, select Change user sign-in.