Configure and manage multi-factor authentication (MFA)

Question 1

Your organization has a Microsoft 365 tenant. Only some of your users must use MFA to access Microsoft SharePoint Online. You need to view which users have used MFA to access SharePoint Online. What do you do?

Accepted Answer

Go to the Enterprise applications blade of the Azure AD admin center and view the sign-in logs.

Question 2

Your company has a primary office and a Microsoft 365 subscription. You need to enforce Microsoft Azure Multi-Factor Authentication (MFA) by using conditional access for all users who are NOT physically present in the office. What should you include in the configuration?

Accepted Answer

A named location in Azure Active Directory (Azure AD).

Question 3

Your organization has the offices listed in the following chart. Each office has the following IP addresses. 📷 You've configured named locations in Azure AD as below. 📷 An address space of 198.35.3.0/24 is defined in the trusted IPs list on the Multi-Factor Authentication page. MFA is enabled for the users in the sales department. You are evaluating which sales department users will be prompted for MFA. Select Yes if a statement is true. Otherwise, select No.

Accepted Answer

Yes. No. Yes.

Question 4

Your organization has a Microsoft 365 tenant with the domain name gitbit.org. The MFA configuration is shown below. 📷 Your Microsoft 365 tenant has the following users. 📷 What will happen when User1 and User2 log in?

Accepted Answer

Will be required to use app passwords for any apps that don't support MFA. will be prompted to complete the MFA registration at the next sign-in.

Question 5

Your organization has a Microsoft 365 tenant but doesn't have the Azure AD premium licenses. Your manager has asked you to configure MFA on John's user account. You need to ensure John has to use MFA for all authentication requests. What should you do to complete the task? Put the tasks in the correct order in the list.

Accepted Answer

Open the Microsoft 365 admin center.Go to Users > Active Users > multi-factor authentication.Click the user.Click Enable / enforce.

Question 6

Your organization uses Microsoft 365. Your organization has multiple office locations with the IP address ranges shown below. 📷 Chicago internal network: 192.168.0.0/20 Chicago perimeter network: 172.16.0.0/24 Chicago external network: 131.107.83.0/28 San Francisco internal network: 192.168.16.0/20 San Francisco perimeter network: 172.16.16.0/24 San Francisco external network: 131.107.16.218/32 Your organization currently uses MFA. Your manager has received a number of complaints about how often they are receiving prompts. The organization's leadership team has decided to exclude the Chicago network. Your manager has asked you to exclude the Chicago network from being required to use MFA. Which IP addresses should you configure in the Trusted IP list for MFA?

Accepted Answer

131.107.83.0/28.

Question 7

Your organization has a Microsoft 365 tenant. You've been tasked with updating the security requirements of the tenant. If an authentication attempt is suspicious, your manager wants MFA to be required regardless of the user's location. What policy do you need to update to meet the security requirements?

Accepted Answer

A sign-in risk policy.

Question 8

You have a Microsoft 365 tenant named GitBit.org that has the following users: 📷 You create an Azure AD Identity Protection sign-in risk policy. You've assigned the policy to GroupA and excluded GroupB. You've set the sign-in risk condition to low and above. You've set the access control to Allow access, require MFA You need to understand how the policy will affect your users. What will happen when one of the user's signs in from an anonymous IP address?

Accepted Answer

blocked from signing in. able to sign in without MFA.

Question 9

You have a Microsoft 365 E5 subscription. You need to ensure that users who are assigned the Exchange administrator role have time-limited permissions and must use multi-factor authentication (MFA) to request the permissions. What should you use to achieve the goal?

Accepted Answer

Microsoft Azure Active Directory (Azure AD) Privileged Identity Management.

Question 10

Security Requirements: GitBit identifies the following security requirements: Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator does not respond to an access request within three days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location The location of the user administrators must be audited when the administrators authenticate to Azure AD Email messages that include attachments that have malware must be delivered without the attachment The principle of least privilege must be used whenever possible You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group. Which other settings should you configure? To answer, select the correct options in the answer area.

Accepted Answer

Upon completion settings. Weekly.

Configure and manage multi-factor authentication (MFA)

Questions for this test