AZ-305 Azure Identity and Access Management Design 2

Question 1

Which Azure AD feature would you use to automatically grant or revoke users' access to applications based on their job role attributes?

Accepted Answer

Entitlement Management access packages

Answer

Dynamic groups with automatic licensing

Answer

Azure AD Privileged Identity Management

Answer

Conditional Access policies

Question 2

A multi-tenant SaaS application needs to authenticate users from thousands of different Azure AD tenants. What is the recommended design?

Accepted Answer

Register the app as a multi-tenant application in Azure AD

Answer

Create guest accounts in a single tenant for all users

Answer

Deploy a separate Azure AD tenant per customer

Answer

Use Azure AD B2C for all tenants

Question 3

Your security team requires that stale guest accounts be automatically removed after 90 days of inactivity. Which feature enables this?

Accepted Answer

Azure AD Access Reviews

Answer

Azure AD Conditional Access

Answer

Azure Policy guest user restrictions

Answer

Azure AD Identity Protection

Question 4

Which Azure AD license tier is required to use both Privileged Identity Management and Identity Protection features?

Accepted Answer

Azure AD Premium P2

Answer

Azure AD Free

Answer

Azure AD Premium P1

Answer

Microsoft 365 E3

Question 5

A company wants to prevent users from enrolling personal devices in Azure AD and require only compliant corporate devices for cloud app access. Which two features should you combine?

Accepted Answer

Intune device compliance policies + Conditional Access

Answer

Azure AD Connect + Conditional Access

Answer

Azure Policy + Azure AD B2C

Answer

Azure AD Domain Services + Group Policy

Question 6

You need to design an identity solution for a consumer-facing mobile application where users can sign in with Google or Facebook. Which service is most appropriate?

Accepted Answer

Azure AD B2C

Answer

Azure AD B2B collaboration

Answer

Azure Active Directory Domain Services

Answer

Azure AD External Identities (workforce)