Reference:-mfasettings#trusted-ipsQUESTION 187You have the following Azure Active Directory (Azure AD) tenants:- Contoso.onmicrosoft.com: Linked to a Microsoft Office 365 tenant and syncs to an ActiveDirectory forest named contoso.com by using password hash synchronization- Contosoazure.onmicrosoft.com: Linked to an Azure subscription named Subscription1You need to ensure that you can assign the users in contoso.com access to the resources inSubscription1.What should you do?A.Configure contoso.onmicrosoft.com to use pass-through authentication.B.Create guest accounts for all the contoso.com users in contosoazure.onmicrosoft.com.C.Deploy a second Azure AD Connect server and sync contoso.com tocontosoazure.onmicrosoft.com.D.Configure Active Directory Federation Services (AD FS) federation betweencontosoazure.onmicrosoft.com and contoso.com.Answer:CExplanation:Azure AD Connect allows you to quickly onboard to Azure AD and Office 365.Note: The most common topology is a single on-premises forest, with one or multiple domains,and a single Azure AD tenant. For Azure AD authentication, password hash synchronization isused. The express installation of Azure AD Connect supports only this topology.Reference:QUESTION 188You have several Azure web apps that use access keys to access databases.You plan to migrate the access keys to Azure Key Vault. Each app must authenticate by usingAzure Active Directory (Azure AD) to gain access to the access keys.What should you create in Azure to ensure that the apps can access the access keys?A.managed identitiesB.managed applications199
C.Azure policiesD.an App Service planAnswer:AExplanation:Azure Key Vault provides a way to securely store credentials and other secrets, but your codeneeds to authenticate to Key Vault to retrieve them. Managed identities for Azure resourcesoverview helps to solve this problem by giving Azure services an automatically managed identityin Azure AD. You can use this identity to authenticate to any service that supports Azure ADauthentication, including Key Vault, without having to display credentials in your code.Reference:QUESTION 189You have an Azure key vault named KV1.You need to implement a process that will digitally sign the blobs stored in Azure Storage.What is required in KV1 to sign the blobs?A.a keyB.a secretC.a certificateAnswer:BExplanation:Use an Azure key vault secret to key of your blob storage account container.Reference:QUESTION 190You set the multi-factor authentication status for a user named [email protected] to Enabled.
Want to read all 228 pages?
Previewing 201 of 228 pages Upload your study docs or become a member.
Want to read all 228 pages?
Previewing 201 of 228 pages Upload your study docs or become a member.
End of preview
Want to read all 228 pages? Upload your study docs or become a member.