Question 251
Open question ↗You have an Azure AD tenant.
You plan to implement Azure AD Privileged Identity Management (PIM).
Which roles can you manage by using PIM?
Question 252
Open question ↗You have a Microsoft 365 E5 subscription that contains a user named User1. User1 is eligible for the Application Administrator role.
User1 needs to configure a new connector group for an application proxy.
What should you use to activate the role for User1?
Question 253
Open question ↗Your on-premises network contains an Active Directory Domain Services (AD DS) domain and a certification authority (CA) named CA1.
You have an Azure AD tenant.
You need to implement certificate-based authentication in Azure AD. The solution must ensure that users can sign in by using certificates issued by CA1. What should you do first?
Question 254
Open question ↗You have accounts for the following cloud platforms:
• Azure
• Alibaba Cloud
• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
You configure an Azure subscription to use Microsoft Entra Permissions Management to manage the permissions in Azure only.
Which additional cloud platforms can be managed by using Permissions Management?
Question 255
Open question ↗You have three Azure subscriptions that are linked to a single Microsoft Entra tenant.
You need to evaluate and remediate the risks associated with highly privileged accounts. The solution must minimize administrative effort.
What should you use?
Question 256
Open question ↗You have an Azure subscription that contains the resources shown in the following table.
The subscription uses Privileged Identity Management (PIM).
You need to configure the following access controls by using PIM:
• Ensure that User1 can read and update Secret1.
• Ensure that User2 can read the contents of the secrets stored in Vault2.
The solution must follow the principle of least privilege.
Which authorization method should you use for each user? To answer, drag the appropriate authorization methods to the correct users. Each authorization method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Question 257
Open question ↗You have an Azure subscription.
You need to use Microsoft Entra Permissions Management to automatically monitor permissions and create and implement right-size roles. The solution must follow the principle of least privilege.
Which role should you assign to the service principal of Permissions Management?
Question 258
Open question ↗You have an Azure subscription named Sub1.
You plan to onboard Microsoft Entra Permissions Management.
You need to ensure that Permissions Management users can manage role assignments for Sub1. The solution must follow the principle of least privilege.
Which role should you assign and to which identity should you assign the role? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Question 259
Open question ↗You have an Azure subscription, a Google Cloud Platform (GCP) account, and an Amazon Web Services (AWS) account.
You need to recommend a solution to assess the risks associated with privilege assignments across all the platforms. The solution must minimize administrative effort.
What should you include in the recommendation?
Question 260
Open question ↗You have a Microsoft Entra tenant.
You need to configure continuous access evaluation for app sign-ins and assign the configuration to users that are assigned the Application Administrator role.
What should you configure?