You have an Azure subscription that contains a storage account named storage1 and a web app named WebApp1. WebApp1 uses a system-assigned managed identity. You need to ensure that WebApp1 can read and write files to storage1 by using the system-assigned managed identity. What should you configure for storage1 in the Azure portal?

A. the File share settings

B. the Access control (1AM) settings

C. a shared access signature (SAS)

D. data protection

E. access keys

You have two Microsoft Entra tenants named contoso.com and fabhkam.com. Contoso.com contains the users shown in the following table.

You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region. The subscription contains the resources shown in the following table.

Which resources can use Managed 1 as their identity?

A. WebApp1 only

B. storage1 and WebApp1 only

C. VM1 and WebApp1 only

D. VM1, storage1, and WebApp1

You have an Azure Active Directory (Azure AD) tenant that contains the following objects:

• A device named Device1
• Users named User1, User2, User3, User4, and User5
• Groups named Group1, Group2, Group3, Group4, and Group5

To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?

A. Group1 and Group4 only

B. Group1, Group2, Group3, Group4, and Group5

C. Group1 and Group2 only

D. Group1 only

E. Group1, Group2, Group4, and Group5 only

Your company requires that users request access before they can access corporate applications. You register a new enterprise application named MyApp1 in Azure Active Dilatory (Azure AD) and configure single sign-on (SSO) for MyApp1. Which settings should you configure next for MyApp1?

A. Self-service

B. Provisioning

C. Roles and administrators

D. Application proxy

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that syncs to an Active Directory forest.
You discover that when a user account is disabled in Active Directory, the disabled user can still authenticate to Azure AD for up to 30 minutes.
You need to ensure that when a user account is disabled in Active Directory, the user account is immediately prevented from authenticating to Azure AD.
Solution: You configure conditional access policies.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.
You plan to increase app security for the subscription.
You need to identify which apps do NOT require user authentication.
What should you do in the Microsoft 365 Defender portal?

A. Create a discovered app query.

B. Create a snapshot Cloud Discovery report

C. Create an OAuth policy and review alerts

D. Review the cloud app catalog.

You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table.

For which groups can you create an access review?

A. Group1 only

B. Group1 and Group4 only

C. Group1 and Group2 only

D. Group1, Group2, Group4, and Group5 only

E. Group1, Group2, Group3, Group4 and Group5

You have an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to ensure that Azure AD External Identities pricing is based on monthly active users (MAU).
What should you configure?

A. an access review

B. the terms or use

C. a linked subscription

D. a user flow

Your company purchases 2 new Microsoft 365 ES subscription and an app named App.
You need to create a Microsoft Defender for Cloud Apps access policy for App1.
What should you do you first? (Choose Correct Answer based on Microsoft Identity and Access Administrator at microsoft.com)

A. Configure a Token configuration for App1.

B. Add an API permission for App1.

C. Configure a Conditional Access policy to use app-enforced restrictions.

D. Configure a Conditional Access policy to use Conditional Access App Control.

Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

A. Expire eligible assignments after from the Role settings details

B. Expire active assignments after from the Role settings details

C. Assignment type to Active

D. Assignment type to Eligible

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant-
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).
You need to configure the computers for Azure AD Seamless SSO.
What should you do?

A. Enable Enterprise State Roaming

B. Configure Sign-in options

C. Install the Azure AD Connect Authentication Agent.

D. Modify the Intranet Zone settings.