AZ_104_MS_Dumps.pdf%20(1).pdf

Manage Azure identities and governance Question Set 1 QUESTION 1 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might ...

Manage Azure identities and governance Question Set 1 QUESTION 1 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User2 to create the user accounts. Does that meet the goal? A. Yes B. No Correct Answer: A Section: (none) Explanation Explanation/Reference: Explanation: Only a global administrator can add users to this tenant. Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad QUESTION 2 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: A1EF0DA36AF2AEB0893389B060FE620E User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User4 to create the user accounts. Does that meet the goal? A. Yes B. No Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: Only a global administrator can add users to this tenant. Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad QUESTION 3 Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have an Azure subscription that contains the following users in an Azure Active Directory tenant named contoso.onmicrosoft.com: User1 creates a new Azure Active Directory tenant named external.contoso.onmicrosoft.com. You need to create new user accounts in external.contoso.onmicrosoft.com. Solution: You instruct User3 to create the user accounts. A1EF0DA36AF2AEB0893389B060FE620E Does that meet the goal? A. Yes B. No Correct Answer: B Section: (none) Explanation Explanation/Reference: Explanation: Only a global administrator can add users to this tenant. Reference: https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/add-users-to-azure-ad QUESTION 4 HOTSPOT You have an Azure subscription named Subscription1 that contains a resource group named RG1. In RG1, you create an internal load balancer named LB1 and a public load balancer named LB2. You need to ensure that an administrator named Admin1 can manage LB1 and LB2. The solution must follow the principle of least privilege. Which role should you assign to Admin1 for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: A1EF0DA36AF2AEB0893389B060FE620E Section: (none) Explanation Explanation/Reference: Explanation: The Network Contributor role lets you manage networks, but not access them. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles QUESTION 5 You have an Azure subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com and an Azure Kubernetes Service (AKS) cluster named AKS1. An administrator reports that she is unable to grant access to AKS1 to the users in contoso.com. You need to ensure that access to AKS1 can be granted to the contoso.com users. What should you do first? A. From contoso.com, modify the Organization relationships settings. B. From contoso.com, create an OAuth 2.0 authorization endpoint. C. Recreate AKS1. D. From AKS1, create a namespace. Correct Answer: B Section: (none) Explanation Explanation/Reference: Reference: https://kubernetes.io/docs/reference/access-authn-authz/authentication/ QUESTION 6 You have a Microsoft 365 tenant and an Azure Active Directory (Azure AD) tenant named contoso.com. A1EF0DA36AF2AEB0893389B060FE620E You plan to grant three users named User1, User2, and User3 access to a temporary Microsoft SharePoint document library named Library1. You need to create groups for the users. The solution must ensure that the groups are deleted automatically after 180 days. Which two groups should you create? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. a Microsoft 365 group that uses the Assigned membership type B. a Security group that uses the Assigned membership type C. a Microsoft 365 group that uses the Dynamic User membership type D. a Security group that uses the Dynamic User membership type E. a Security group that uses the Dynamic Device memb