Time limited admin roles, protecting passwords, and Managing users through groups

Question 1

You've been tasked with configuring groups so they expire unless the group owners renew the group. Where do you go to configure group expiration?

Accepted Answer

Go to the Azure Active Directory admin center. Click Azure Active Directory. Click Groups. Click Expiration.

Question 2

You have a Microsoft 365 tenant with Microsoft E5 licenses. Users and devices are added/removed daily. Users in the sales department change their devices frequently. You've been asked to create three groups with the following requirements. 📷 The solution must minimize administrative effort. How many assigned groups and how many dynamic groups should be created?

Accepted Answer

1. 2.

Question 3

You need to configure Microsoft 365 so that all users are required to change their passwords every 100 days. What steps should you take to complete the task?

Accepted Answer

Open the Microsoft 365 Admin Center . Click Org Settings then click Security and Privacy. Click Password Expiration policy.

Question 4

Your organization has a Microsoft 365 tenant. User accounts are synced from your organization's human resources system to Azure AD. Your organization has five departments that each have their own Microsoft SharePoint Online site. Every user must be granted access to their own department's site. No users should be able to access a site that is not their own respective department's site. Your manager has asked you to configure the security of the SharePoint sites. He's given you the following requirements: Users should be automatically added to the security group corresponding to their department. All group owners must verify their group membership only contains their department's users once a month. How do you configure Microsoft 365 to meet the security requirements?

Accepted Answer

Dynamic groups. Access reviews.

Question 5

You have an Azure AD tenant named GitBit.org that contains the following users. 📷 You add configure the following group naming policies: The word internal is added to the list of blocked words. You set GitBit- as a prefix. Check the box next to each true statement below.

Accepted Answer

Yes. Yes. Yes.

Question 6

Your organization has a Microsoft 365 tenant with the following users. 📷 The Microsoft 365 tenant contains the following dynamic groups. 📷 Which users are members of ADGroup1 and ADGroup2?

Accepted Answer

User1, User2, User3, and User4. User1, User2, User3, and User4.

Question 7

Your organization has a Microsoft 365 tenant. The security requirements have changed and any admins who manage Microsoft 365 must be limited in their administrative actions for three hours at a time. Global administrators must be exempt from this requirement Your organization's current configuration of Azure AD Privileged Identity Management is shown below. What changes do you need to make to meet the new security requirements?

Accepted Answer

Set Admin1's Assignment Type to Eligible.

Time limited admin roles, protecting passwords, and Managing users through groups

Questions for this test