FREE Microsoft Identity and Access Administrator Certification Questions and Answers

Question 1

Your business recently adopted Privileged Identity Management for Azure Active Directory (Azure AD) (PIM).
You analyze the roles in PIM and find that all 15 employees in the company's IT division have permanent security administrator privileges.
The IT department users should only have access to the Security administrator job when necessary, you must make sure.
How should the Security administrator role assignment be configured?

Accepted Answer

Assignment type to Eligible

Answer

Expire active assignments after from the Role settings details

Answer

Expire eligible assignments after from the Role settings details

Answer

Assignment type to Active

Question 2

You have a tenant called contoso.com in Azure Active Directory (Azure AD). Policies governing conditional access are applied to all users that run applications that are registered in Azure AD. The users must not be allowed to use legacy authentication. What ought to be covered by the conditional access policies to weed out attempts at legacy authentication?

Accepted Answer

Client apps condition

Answer

A sign-in risk condition

Answer

Cloud apps or actions condition

Answer

User risk condition

Question 3

Your Azure Active Directory (Azure AD) tenancy already exists. To look into previous sign-ins, you must look via the Azure AD sign-ins log. How long are events kept in the sign-in log by Azure AD?

Accepted Answer

30 days

Answer

365 days

Answer

14 days

Answer

90 days

Question 4

You set up a new Microsoft 365 tenant to utilize the contoso.com domain name by default. By utilizing conditional access restrictions, you must make sure that you have control over who has access to Microsoft 365 resources. What should you do first?

Accepted Answer

Disable Security defaults

Answer

Disable the User consent settings

Answer

Configure password protection for Windows Server Active Directory

Answer

Configure a multi-factor authentication (MFA) registration policy

Question 5

An Azure Active Directory (Azure AD) tenant and your Active Directory domain are synced. A VPN server that authenticates to the on-premises Active Directory domain is part of the on-premises network. The Azure Multi-Factor Authentication feature is NOT supported by the VPN server (MFA). You must suggest a method for enabling Azure MFA for VPN connections. What should the recommendation contain?

Accepted Answer

Network Policy Server (NPS)

Answer

An Azure AD Password Protection proxy

Answer

Azure AD Application Proxy

Answer

A pass-through authentication proxy

Question 6

You have a tenant called contoso.com in Azure Active Directory (Azure AD). At Fabrikam, Inc., you use entitlement management to grant users access to resources. The website fabrikam.com is operated by Fabrikam. Once access is no longer necessary, Fabrikam users must be automatically deleted from the tenant. The following settings require configuration:

- Block external users from signing in to this directory: No
- Remove external user: Yes
- Number of days before removing the external user from this directory: 90

What should you configure on the Identity Governance blade?

Accepted Answer

Settings

Answer

Terms of use

Answer

Access reviews

Answer

Access packages

Question 7

You are a Premium P2 tenant of Azure Active Directory. You establish a workspace for Log Analytics. You must make sure that using Azure Monitor, you can access data from the Azure Active Directory (Azure AD) audit logs.
What should you do first?

Accepted Answer

Modify the Diagnostics settings for Azure A

Answer

Run the Get-AzureADAuditDirectoryLogs cmdlet

Answer

Create an Azure AD workbook

Answer

Run the Set-AzureADTenantDetail cmdlet