Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Describe the capabilities of Microsoft Entra practice sets

SC-900 Describe the capabilities of Microsoft Entra • Complete Question Bank

SC-900 Describe the capabilities of Microsoft Entra — All Questions With Answers

Complete SC-900 Describe the capabilities of Microsoft Entra question bank — all 0 questions with answers and detailed explanations.

373
Questions
Free
No signup
Certifications/SC-900/Practice Test/Describe the capabilities of Microsoft Entra/All Questions
Question 1mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to require multi-factor authentication (MFA) for all users accessing a financial application, but only when they sign in from outside the corporate network. Which Microsoft Entra ID feature should be used?

Question 2hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Entra ID Protection. A user's sign-in is flagged with a risk level of 'High' because of an anonymous IP address. The administrator wants to automatically block the sign-in while allowing the user to self-remediate. Which should be configured?

Question 3mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company manages Azure resources for multiple departments. The security team needs to grant IT administrators temporary, just-in-time access to high-privilege roles (e.g., Contributor, Owner) only when needed, with approval workflows. Which Microsoft Entra ID capability should they configure?

Question 4hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and needs to regularly review membership of a group that grants access to a sensitive HR application. The identity team wants to automate quarterly reviews and automatically remove users who fail to respond or are denied by the reviewer. Which Microsoft Entra ID feature should they use?

Question 5mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to enforce multi-factor authentication (MFA) only for external guest users, while allowing internal employees to sign in without MFA. Which Conditional Access setting should be configured?

Question 6mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to block all sign-ins using legacy authentication protocols because these protocols do not support multi-factor authentication (MFA). Which component of a Microsoft Entra ID Conditional Access policy should be configured to achieve this?

Question 7mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Intune to manage devices. They want to ensure that only devices marked as compliant can access corporate email in Exchange Online. Which Conditional Access component should they configure?

Question 8mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The IT department wants to automatically assign a Microsoft 365 E5 license to all users in the Sales department based on their department attribute. Which Microsoft Entra ID feature should they use?

Question 9hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

A security team is using Microsoft Entra ID Protection. They want to automatically block sign-ins from known malicious IP addresses, but if a user's account is compromised (e.g., leaked credentials), they want to force the user to change their password upon next sign-in. Which two risk policies should they configure? (Select all that apply.)

Question 10mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to allow external business partners to request access to a specific application through an approval process. The access should be time-limited and automatically expired. Which Microsoft Entra ID feature should be configured?

Question 11mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow its employees to reset forgotten passwords or unlock their accounts without contacting the help desk. The solution must verify the user's identity using a phone call or mobile app notification before allowing the action. Which Microsoft Entra ID feature should be enabled?

Question 12mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company runs a consumer-facing e-commerce website and wants to allow customers to sign in using their existing social media accounts such as Google, Facebook, or LinkedIn. Which Microsoft Entra ID solution should they implement?

Question 13mediummultiple choice
Read the full VPN explanation →

A company has several on-premises web-based applications that need to be securely accessed by remote employees without requiring a VPN. The IT team wants to provide single sign-on (SSO) using Microsoft Entra ID. Which Microsoft Entra ID feature should they implement?

Question 14mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow external business partners to access its internal applications using their own corporate credentials (e.g., their Microsoft Entra ID or Google account), without creating separate user accounts in the company's directory. Which Microsoft Entra ID feature should they use?

Question 15mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company needs to grant IT administrators temporary and time-limited access to privileged roles in Microsoft Entra ID (Azure AD). The access must require approval from a manager and be automatically revoked after the task is completed. Which Microsoft Entra ID feature should be used?

Question 16mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company requires that all users accessing a financial application from outside the corporate network must complete multi-factor authentication (MFA). The IT team is configuring a Microsoft Entra ID Conditional Access policy to enforce this requirement. Which component of the policy should be configured to apply the MFA requirement?

Question 17mediummultiple choice
Read the full VPN explanation →

A company uses Microsoft Entra ID. The IT team wants to provide remote employees with secure, single sign-on (SSO) access to a critical on-premises web application that uses password-based authentication, without requiring a VPN connection. Which Microsoft Entra ID feature should they use?

Question 18mediummultiple choice
Read the full NAT/PAT explanation →

A multinational corporation uses Microsoft Entra ID. The IT department wants to allow regional IT administrators in Europe to manage users and groups only for their own region, without granting them permissions to manage users in other regions. Which Microsoft Entra ID feature should they use?

Question 19mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to configure a policy so that when a user signs in from an unfamiliar location (not on the company's trusted IP ranges) or from an unfamiliar device, they are prompted for additional verification (e.g., MFA). However, if the sign-in is from a trusted location (e.g., office IP range) and a known device, no additional verification is required. Which Microsoft Entra ID feature should they configure?

Question 20mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A security administrator at an organization using Microsoft Entra ID needs to automatically detect user sign-ins that exhibit risky behavior, such as signing in from a suspicious IP address or using leaked credentials. The administrator also wants the system to automatically calculate a risk level for each user and take actions like requiring a password reset when risk is high. Which Microsoft Entra ID feature should the administrator use?

Question 21easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow employees to access corporate resources such as email and internal apps using their personal smartphones. The IT team does not want to fully manage or domain-join these devices but needs each device to have a simple identity that links the user's work account to the device. Which Microsoft Entra ID device identity option should they implement?

Question 22mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Entra ID. The security team wants to require multi-factor authentication (MFA) for users who sign in from sessions that Microsoft Entra ID Protection determines to have medium or high sign-in risk. Users signing in from low-risk sessions should not be prompted for MFA. Which feature should the security team configure?

Question 23mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft 365 and requires that users access corporate email and SharePoint from managed devices that meet security policy requirements, such as having encryption enabled and antivirus software running. The security team wants to enforce this access control within Microsoft Entra ID so that unmanaged devices are blocked. Which Microsoft Entra ID feature should they configure?

Question 24mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Entra ID to manage user access. The security policy requires that membership in the 'Finance - Sensitive Data' group must be reviewed every quarter by the group owner to confirm that each member still requires access. The group owner must approve or deny each membership, and any denied memberships should be automatically removed. Which Microsoft Entra ID feature should be configured to automate this process?

Question 25hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID (Azure AD). The security team wants to create a Conditional Access policy that meets the following requirements: - Require multi-factor authentication (MFA) when users access a sensitive financial application from an untrusted network. - Additionally, require that the device accessing the app is compliant with company policies (e.g., encryption enabled). Which two conditions should the team configure in the Conditional Access policy? (Choose two.)

Question 26mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID (Azure AD). They have a cloud-based HR system (e.g., Workday) that contains employee records. They want to automate the process of creating user accounts in Microsoft Entra ID for new hires and deactivating accounts for terminated employees based on information from the HR system. Which Microsoft Entra ID feature should they configure?

Question 27easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They have a financial application that should only be accessible from Windows devices. The security team wants to create a Conditional Access policy to block access from other operating systems such as macOS or Linux. Which assignment condition should they configure?

Question 28easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. A new IT support technician is hired and needs to be able to reset passwords for users but must not be allowed to delete user accounts or modify group memberships. Which built-in Microsoft Entra ID role should be assigned to this technician?

Question 29mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has an on-premises Active Directory domain and uses Microsoft Entra ID (Azure AD) for cloud applications. They purchase new Windows 10 laptops that are not yet joined to any domain. The IT admin wants users to be able to sign in with their existing on-premises credentials and automatically have the laptops joined to both the on-premises AD domain and Microsoft Entra ID. Which device identity option should the admin configure?

Question 30mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team needs to ensure that when users sign in to a critical financial application from an untrusted network, they must first complete multi-factor authentication (MFA). Additionally, the team wants to block the sign-in if the device is not marked as compliant by Microsoft Intune. Which conditional access grant control should they configure to meet both requirements?

Question 31mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID and Intune for device management. The security team wants to create a Conditional Access policy for a sensitive research application. They require that: 1) The user must use a device that is marked as compliant by Intune, and 2) The user must accept the company's terms of use before accessing the app. Which grant control combination should they configure in the policy?

Question 32mediummultiple choice
Read the full VPN explanation →

A company wants to automatically detect and alert the security team when a user sign-in appears to originate from a known compromised credential or from an anonymizing VPN service. The company wants to receive a risk score for each sign-in and be able to trigger automated remediation actions. Which Microsoft Entra ID feature should they enable?

Question 33mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to configure automated actions when user sign-ins are detected as high risk due to anonymized IP addresses or leaked credentials. They need to automatically block the sign-in or force a password change based on risk level. Which Microsoft Entra ID feature should they use?

Question 34mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID (Azure AD). The IT team has created a security group named 'SalesTeam' that contains all sales department users. They want to ensure that only members of this group can access the company's CRM application, which is registered as an enterprise application in Entra ID. What should the IT team configure?

Question 35mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to grant temporary, time-bound administrative access to the Microsoft 365 user management role for IT support staff. The access should require an approval from a senior administrator, and all actions should be audited. Which Microsoft Entra ID feature should they configure?

Question 36mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. Their sales team wants to use a third-party customer relationship management (CRM) application that requires the 'Sign in and read user profile' permission and also a high-risk permission to 'Read all users' full profiles'. The security team wants to allow users to request access to this application, but they want to require an administrator to review and approve the high-risk permission request before consent is granted. Which Microsoft Entra ID feature should they configure?

Question 37mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. A junior administrator needs to occasionally reset passwords for the IT department. The security team wants to grant this permission only for a limited time and require an approval from a senior administrator before the permission becomes active. All password reset actions must be audited. Which Microsoft Entra ID feature should they configure?

Question 38mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID. The IT department needs to ensure that membership in the 'Global Administrator' role is regularly reviewed. Every quarter, the designated reviewers (e.g., senior managers) receive an email asking them to confirm whether each user in the role should keep their assignment. After the review deadline, any member not approved is automatically removed. Which Microsoft Entra ID feature should they configure?

Question 39mediummultiple choice
Read the full VPN explanation →

A company has an on-premises web-based expense report application. The IT team wants to make this application accessible to remote employees over the internet without requiring a VPN. They need to use Microsoft Entra ID for authentication and apply Conditional Access policies such as requiring multi-factor authentication. Which Microsoft Entra ID feature should they implement?

Question 40mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They frequently collaborate with an external partner organization. The IT team wants to allow the partner's users to access the company's internal SharePoint site using their existing corporate credentials from their own Microsoft Entra tenant. The partner users should not have to create separate guest accounts or remember another password. Which Microsoft Entra feature should the IT team configure?

Question 41mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to enforce a policy that prevents users from choosing commonly used weak passwords like 'Winter2024!' or 'Password@123', and also blocks customized variants based on organizational context (e.g., company name). Users must create passwords that meet standard complexity requirements. Which Microsoft Entra ID feature should they enable?

Question 42mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to ensure that users who are traveling to a high-risk country, based on the sign-in IP address, are prompted for multi-factor authentication before accessing the company's CRM application. Which Microsoft Entra ID feature should they configure?

Question 43mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has discovered that many account compromise attacks are using legacy authentication protocols (e.g., IMAP, POP3, SMTP) which do not support multi-factor authentication. They want to block all sign-ins that use these protocols to reduce risk. Which Microsoft Entra ID feature should they use to enforce this block?

Question 44mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to require multi-factor authentication (MFA) for users who sign in from locations with a high risk score, as determined by Microsoft's analysis of the sign-in's IP address and other behavioral signals. Which Microsoft Entra ID feature should they configure?

Question 45mediummultiple choice
Read the full NAT/PAT explanation →

An organization decides to eliminate passwords for their employees. They deploy Windows Hello for Business on company-issued laptops, allowing users to sign in with a PIN or a biometric gesture (e.g., fingerprint). The IT team also enables Microsoft Authenticator and FIDO2 security keys as alternative sign-in methods. Which Microsoft Entra ID capability are they leveraging?

Question 46mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to enforce a policy that requires members of the 'Finance' group to use multi-factor authentication and sign in from a compliant device when accessing the financial reporting application. However, they want to exclude members of the 'Finance Admins' group from these requirements. Which Microsoft Entra ID feature should they configure?

Question 47mediummultiple choice
Read the full NAT/PAT explanation →

A company's security team discovers that several recent account compromises originated from attackers using legacy mail protocols (POP3, IMAP) which do not support multi-factor authentication. The team wants to immediately prevent any sign-in attempts using these protocols. Which Microsoft Entra ID feature should they configure to enforce this restriction?

Question 48mediummultiple choice
Read the full NAT/PAT explanation →

An organization needs to grant its IT administrators temporary access to the Global Administrator role. The access should require a separate approval from a designated manager before activation, and the permissions should automatically expire after 4 hours. Which Microsoft Entra ID feature should they configure?

Question 49mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to automatically respond to risky user behaviors, such as sign-ins from anonymous IP addresses or impossible travel between geographically distant locations within an unrealistic time frame. They need a solution that can automatically trigger actions like forcing a password reset or blocking sign-in for users identified as high risk. Which Microsoft Entra ID capability should they configure?

Question 50mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The compliance team requires that membership in highly privileged roles, such as Global Administrator, is reviewed quarterly. The review must be automated: role owners are sent an email notification with a list of current members to approve or deny. If a member does not respond within 30 days, their access should be automatically revoked. Which Microsoft Entra ID feature should the team use to set up this periodic review and automatic removal?

Question 51mediummultiple choice
Read the full VPN explanation →

A company has several custom-developed web applications hosted on-premises. The company wants to provide employees with secure remote access to these applications without deploying a traditional VPN. Employees should be able to sign in using their existing Microsoft Entra ID credentials, and the solution should pass through multi-factor authentication policies. Which Microsoft Entra ID feature should they implement?

Question 52mediummultiple choice
Read the full NAT/PAT explanation →

A company wants to reduce help desk calls by allowing users to reset their own passwords. The security team requires that users verify their identity using a registered mobile phone or alternative email before resetting. Additionally, the company policy states that passwords cannot be reused until at least five new passwords have been used. Which Microsoft Entra ID features should they configure to meet these requirements?

Question 53hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and Intune for mobile device management. They want to enforce different access requirements for their finance application: when users access from an unmanaged personal device, they must perform multi-factor authentication (MFA). When they access from a corporate-managed device that is marked as compliant (e.g., joined to Azure AD, antivirus up-to-date, encryption enabled), MFA should not be required. Device compliance is reported by Intune. Which Microsoft Entra ID feature should they use to define these rules?

Question 54mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to configure a Conditional Access policy that requires multi-factor authentication (MFA) when a sign-in is assessed as medium or high risk by Microsoft's identity protection signals. For sign-ins with no detected risk, MFA should not be required. Which feature or service provides the risk assessment signals that can be consumed by Conditional Access policies?

Question 55mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company's security team discovers that most recent account compromises resulted from attackers exploiting legacy authentication protocols (POP3, IMAP, SMTP Auth) that do not support multi-factor authentication. The team wants to immediately block all sign-in attempts using these legacy protocols while still allowing modern authentication methods (e.g., OAuth 2.0). Which Microsoft Entra ID feature should they configure?

Question 56mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to improve password security across its Microsoft Entra ID tenant. The security team wants to prevent users from setting passwords that appear on Microsoft's global banned password list, which includes commonly compromised passwords. Additionally, they need to add a custom banned password containing the company name so that users cannot use variations of it. Which Microsoft Entra ID feature should they configure to enforce these password policies?

Question 57mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to provide external business partners with access to a specific internal application. The partners already use Microsoft Entra ID in their own organization. The company wants the partners to use their existing corporate credentials to sign in, without creating new user accounts in the company's tenant. The company also wants to manage the access lifecycle, including automatically removing access after a project ends. Which Microsoft Entra ID feature should they use?

Question 58mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A university wants to provide its students with a verifiable digital transcript that the students can share with potential employers. The university uses Microsoft Entra Verified ID to issue credentials. When an employer wants to verify a student's transcript, they scan a QR code or receive a link. Which Microsoft Entra ID feature allows the university to issue these tamper-proof credentials and allows employers to verify them without contacting the university directly?

Question 59mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID to manage identities. They want to enforce access policies based on user location, device compliance, and application sensitivity. Which Microsoft Entra ID capability should they use?

Question 60hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

A security administrator uses Microsoft Entra ID Protection to identify and respond to identity-based risks. Which two types of risk detections can be reviewed in Microsoft Entra ID Protection? (Choose two.)

Question 61hardmultiple choice
Read the full NAT/PAT explanation →

A healthcare organization uses Microsoft Entra ID and needs to enforce that only users from the United States and Canada can access patient records. Access attempts from all other locations must be blocked. Which Microsoft Entra ID Conditional Access condition should be configured to meet this requirement?

Question 62mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID (Microsoft Entra ID) and wants to configure self-service password reset (SSPR) for all users. The security team requires that users must verify their identity with at least two methods before resetting a password. Which SSPR setting should be configured?

Question 63mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Entra ID and wants to require users to re-authenticate every 4 hours when accessing a critical financial application, even if the user already has an active sign-in session. Which Conditional Access control should be configured?

Question 64hardmultiple choice
Study the full multicast explanation →

A company uses Microsoft Entra ID Privileged Identity Management (PIM) to manage elevated access to Microsoft Entra ID roles. They want to ensure that a user who activates a privileged role must provide a justification and receive approval from their manager before activation is complete. Which PIM configuration should be used?

Question 65mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID (Microsoft Entra ID) to manage access to internal applications for employees and guest users. The compliance team requires that all guest users' access to a sensitive application must be reviewed every 90 days by the application owner. If the owner does not respond to the review request, the guest's access must be automatically revoked. Which Microsoft Entra ID feature should the company use?

Question 66easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID (Microsoft Entra ID) to manage user access to cloud applications. The security team wants to enforce that users must provide a second form of authentication, such as a phone call or mobile app notification, in addition to their password. Which Microsoft Entra capability should they enable?

Question 67hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow external customers to sign in to their custom web application using their own social identities, such as Google or Facebook. They also need to support self-service registration and custom branding for the sign-in pages. Which Microsoft Entra External ID solution should they use?

Question 68mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to prevent users from setting weak passwords that are commonly found in leaked databases. They use Microsoft Entra ID (Microsoft Entra ID). Which feature should they enable?

Question 69easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID (Microsoft Entra ID) for identity management. They want to automatically block sign-ins from users whose credentials have been compromised and require them to change their password before access is granted. Which Microsoft Entra ID capability should they use?

Question 70mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to ensure that guest users who are inactive for 90 days have their access to internal resources automatically revoked. Additionally, a manager must review all guest accounts annually. Which Microsoft Entra feature should be used to implement these requirements?

Question 71mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID (Microsoft Entra ID) and wants to allow users to sign in using biometrics (fingerprint or face) on their mobile devices instead of passwords. They want this to work for both iOS and Android devices. Which Microsoft Entra ID feature should they enable?

Question 72mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and Intune for device management. They want to ensure that only devices marked as compliant (e.g., updated, encrypted) can access the corporate HR portal. Which Conditional Access assignment condition should the administrator configure?

Question 73mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has an on-premises Active Directory and wants to synchronize user accounts to Microsoft Entra ID. They also need to enable password hash synchronization so users can sign in to cloud resources with the same password. Which Microsoft tool should they use?

Question 74mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID and wants to automatically detect potential security risks such as leaked credentials and suspicious sign-in patterns. They also need the ability to investigate these risks and configure automated responses based on risk levels. Which Microsoft Entra capability should they use?

Question 75mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to reduce the risk of privileged account misuse. They need to provide temporary, time-bound access to administrative roles in Microsoft Entra ID (Microsoft Entra ID) and require approval from a manager before granting the access. Which Microsoft Entra capability should they use?

Question 76mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has a Microsoft Entra ID tenant and an on-premises Active Directory Domain Services (AD DS) forest. They need to synchronize user accounts, groups, and passwords from AD DS to Microsoft Entra ID. Due to network restrictions, they prefer a lightweight agent that can be deployed on-premises and supports staging mode for testing. Which identity synchronization tool should they use?

Question 77hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company needs to provide a developer with temporary, time-bound administrative access to Azure resources to debug a production issue. The access must require approval from the manager and automatically expire after 4 hours. Which Microsoft Entra capability should they use?

Question 78mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to offer a secure sign-in experience for external customers who may use personal accounts from Facebook, Google, or any OpenID Connect provider. They also need to customize the sign-in pages with their company logo and colors. Which Microsoft Entra capability should they use?

Question 79mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and Intune for mobile device management. They want to grant access to a confidential project management site only from devices that are encrypted and have the latest anti-malware updates. Which Conditional Access assignment should they configure to enforce this requirement?

Question 80easymultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID. The security manager wants to provide temporary, time-bound elevated access to the Global Administrator role only when needed, and require approval from a designated approver. Which Microsoft Entra ID capability should they use?

Question 81easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company needs to allow external business partners to securely access internal SharePoint Online sites and Teams channels. The partners use various identity providers, including Microsoft Entra ID and Google. The company wants to manage these external users in their directory and assign access policies. Which Microsoft Entra ID capability should they use?

Question 82hardmultiple choice
Read the full NAT/PAT explanation →

A multinational organization uses Microsoft Entra ID for identity management. External contractors need temporary elevated access to Azure resources for a critical project. The access must be time-bound (expires after 8 hours), require manager approval, and enforce multifactor authentication (MFA) when contractors activate the role. Which Microsoft Entra capability should they configure?

Question 83mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to automatically detect and remediate over-privileged roles in their Azure subscriptions and AWS accounts. They need to get a unified view of permissions across multiple clouds. Which Microsoft Entra capability should they use?

Question 84mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to securely grant external business partners access to internal SharePoint sites and Teams channels. The partners use various identity providers, including Google and Microsoft personal accounts. The company needs to manage these external identities in their Microsoft Entra ID directory and enforce access policies. Which Microsoft Entra capability should they use?

Question 85mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to prevent users from using common passwords like 'Password123' and custom banned passwords such as 'Contoso2024' during sign-up or password change. They also need to apply a common list of banned passwords across tenant-wide. Which Microsoft Entra feature should they configure?

Question 86hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and a third-party SaaS application. They want to prevent users from downloading sensitive documents from the SaaS app when accessing from unmanaged personal devices, while still allowing read-only access. Which Conditional Access control should they apply to achieve this?

Question 87mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to ensure that when users access the HR portal from an unmanaged personal device, they are prompted to sign a terms of use agreement and also required to perform multifactor authentication (MFA). Which Conditional Access control should they configure to enforce both requirements?

Question 88hardmultiple choice
Read the full NAT/PAT explanation →

A multinational organization uses Microsoft Entra ID and wants to allow employees to sign in to a custom customer-facing application using their existing social identities (e.g., LinkedIn, Google). They also need to enforce a specific terms of use agreement and be able to revoke a user's access if their social account is compromised. Which Microsoft Entra capability should they configure?

Question 89easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. Employees often forget their passwords and contact the IT helpdesk to reset them. The company wants to reduce helpdesk costs by allowing users to reset their own passwords using a verified mobile phone number or email address. Which Microsoft Entra ID feature should the administrator enable?

Question 90mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow employees to securely access internal applications from their personal devices. The security policy requires that access is only granted if the device is compliant with company security policies (e.g., encryption enabled, password required, up-to-date operating system). Which Microsoft Entra ID capability should they use?

Question 91mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to automate the lifecycle of guest users. When a contractor's project ends, the guest account should be automatically blocked and then removed after 30 days. Which Microsoft Entra capability should they configure to manage this process?

Question 92mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID and Intune to manage devices. They want to enforce a policy that allows access to financial data from SharePoint Online only when the user's device is compliant (e.g., encrypted, patched) AND the user authenticates from a trusted IP address range. Additionally, if the sign-in risk is assessed as medium or high by Identity Protection, the user must also perform multifactor authentication (MFA). Which Conditional Access components should the administrator configure?

Question 93mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has many guest users in Microsoft Entra ID who collaborate on a project in a specific SharePoint site. The compliance team needs to periodically verify that these guest users still require access to the site. If a reviewer does not respond within 30 days, the guest's access should be automatically removed. Additionally, the company wants to ensure that once access is removed, the guest user object is eventually deleted from the directory after 90 days. Which Microsoft Entra Identity Governance features should they use together?

Question 94easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to provide secure external access to a partner application without creating user accounts manually. They need to allow partners to authenticate using their existing corporate identities (e.g., from other organizations) and configure policies for access. Which Microsoft Entra feature should they use?

Question 95mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They need to implement a Conditional Access policy for the finance application that requires multifactor authentication (MFA) when a user accesses the app from an unmanaged device. Additionally, they want to block access if the sign-in risk level is high. Which two grant controls should they configure in the policy? (Select two.)

Question 96mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company with Microsoft 365 wants employees to access corporate applications from their personal Android and iOS devices. The security team requires that these devices be enrolled in mobile device management (MDM) for compliance policies, and that company data can be selectively wiped from the device without affecting personal data. Which Microsoft Entra device identity type should they configure for these personal devices?

Question 97easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to allow employees to access the expense reporting application only from managed devices that are compliant with security policies and from trusted IP ranges. Additionally, if the user's sign-in risk is high, access must be blocked. Which of the following conditions should the administrator configure in a Conditional Access policy to enforce these requirements?

Question 98mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID. The security team wants to automatically detect user behaviors that indicate possible compromise, such as leaked credentials, impossible travel, or anomalous login patterns. When a user is determined to be at high risk, the system should automatically require the user to reset their password the next time they sign in. Which Microsoft Entra capability should they use?

Question 99mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team needs to grant temporary elevated access to the Global Administrator role for a specific task, such as configuring a new security policy. They want the user to request activation, which is then approved by a manager, and the privileges automatically expire after 4 hours. Which Microsoft Entra feature should they use?

Question 100easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to enable employees to reset their own passwords without needing to contact the help desk. They want to enforce multifactor authentication when the employee performs the reset. Which Microsoft Entra feature should they enable?

Question 101mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants employees to be able to access corporate applications from their personal mobile devices, but only if those devices are enrolled in mobile device management (MDM) and have a PIN code set. Which Microsoft Entra capability should the administrator use to enforce these requirements?

Question 102mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to enforce that users accessing the payroll application from outside the corporate network must use multifactor authentication and must access the app only from devices that are marked as compliant by Intune. Which Conditional Access component should they use to combine these requirements?

Question 103mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow external business partners to access a specific SharePoint Online site using their own corporate identities (such as Google or Facebook accounts). The company also needs to enforce multi-factor authentication (MFA) for these external users. Which Microsoft Entra capability should the administrator configure?

Question 104hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to implement just-in-time (JIT) privileged access management for their Global Administrators in Microsoft Entra ID. They require that a user must request activation of the Global Administrator role, the request must be approved by a separate administrator, and the role will automatically expire after 4 hours. Additionally, they need an audit trail of all activations. Which Microsoft Entra feature should they use?

Question 105mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to enforce that users accessing the finance app from outside the corporate network must use multifactor authentication (MFA) and access from a device marked as compliant. Additionally, if the user's sign-in risk is medium or higher, access must be blocked. Which component of a Conditional Access policy should the administrator configure to specify the 'Block access' action for high-risk sign-ins?

Question 106mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to ensure only current employees have access to a sensitive HR application. They implement a process where group membership for the HR app is reviewed quarterly by the HR manager, and any unnecessary access is automatically removed. Which Microsoft Entra feature should they use?

Question 107mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The IT department has three teams: Helpdesk, Global Administrators, and Security Administrators. The company wants to allow the Helpdesk team to manage password resets and group memberships, but only for users who belong to the 'Sales' organizational unit. Which Microsoft Entra feature should the administrator use to define this delegated administrative scope?

Question 108mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to require all users accessing the external vendor portal to accept a terms of use document before they are granted access. The acceptance must be revoked after 30 days, requiring the user to accept again. Which Conditional Access component should the administrator configure?

Question 109mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID and wants to enforce multifactor authentication (MFA) for all users accessing a sensitive customer relationship management (CRM) application, but only when the access request originates from outside the corporate network. Which component of a Conditional Access policy should the administrator configure to specify this location-based requirement?

Question 110mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to require users to perform multifactor authentication (MFA) every 90 days on trusted devices, but force MFA for every sign-in on untrusted devices. Which Conditional Access session control must they configure to meet this requirement?

Question 111mediummultiple choice
Read the full NAT/PAT explanation →

A multinational organization uses Microsoft Entra ID. The IT help desk team is responsible for password resets and group management, but only for users located in the European region. The organization has created a group containing all European user accounts. Which Microsoft Entra feature should an administrator use to delegate these administrative tasks specifically to the help desk team, limited to the European user scope?

Question 112mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to require users to perform multifactor authentication (MFA) every 30 days on devices that are marked as compliant, but require MFA for every sign-in attempt on non-compliant devices. Which Conditional Access control should they configure to meet this requirement?

Question 113mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to ensure that only users with a specific role can reset passwords for other users in their organization. Which feature should they use?

Question 114mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to enforce multifactor authentication (MFA) for all access to a sensitive HR application. However, they only want to require MFA when the sign-in risk is assessed as medium or high, and block access if the risk is high. Which Conditional Access components must the administrator configure to meet these requirements? (Choose the best answer)

Question 115mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Entra ID. They want to automatically detect when a user's sign-in shows a high risk of compromise (e.g., impossible travel, anonymous IP address) and immediately require the user to reset their password. Which Microsoft Entra capability should they use?

Question 116mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and wants to allow users to reset their own passwords without help desk intervention. However, they want to ensure that only users who have already registered for multifactor authentication (MFA) can use self-service password reset (SSPR). Which Microsoft Entra feature should the administrator configure to enforce this requirement?

Question 117easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow external customers to sign in to a custom web application using their existing Google or Facebook accounts. Which Microsoft Entra ID feature should they use?

Question 118easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has a hybrid identity environment with Active Directory synchronizing to Microsoft Entra ID. They want users to be able to reset their own on-premises passwords via the cloud SSPR portal. What is the minimum license required for this capability?

Question 119mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The IT department wants to ensure that users are prompted to change their password only when there is a high likelihood that their credentials have been compromised, rather than forcing periodic password changes. They also want to block users from using common passwords from a custom list of banned passwords. Which Microsoft Entra features should they use?

Question 120mediummultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID. The security team needs to block all sign-in attempts from a list of known malicious IP addresses. They also want to block sign-ins that originate from anonymous proxy services. Which Microsoft Entra capability should they configure to meet these requirements?

Question 121mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The IT help desk team needs to be able to reset passwords and manage user account properties, but only for users located in the United Kingdom. The organization has created a dynamic group that contains all UK users. Which Microsoft Entra feature should an administrator use to delegate these administrative permissions specifically to the help desk team, limited to the UK user scope?

Question 122hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They have a critical application that requires additional security. The security team wants to enforce multifactor authentication (MFA) for every access to the application, but they also want users to reauthenticate with MFA if a session lasts longer than 60 minutes, regardless of device compliance. Which Conditional Access control should the administrator configure?

Question 123mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to grant temporary, time-limited administrative access to Azure subscriptions only when needed, with an approval workflow. Which Microsoft Entra capability should they use?

Question 124mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to provide just-in-time (JIT) administrative access to Azure resources. They require that administrators must request approval before gaining elevated privileges, and that the elevated access automatically expires after the task is completed. Which Microsoft Entra capability should they use?

Question 125mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. The security team wants to enforce multifactor authentication (MFA) only when users sign in from devices that are not compliant with company security policies. They also want to block sign-ins from unknown geographic locations. Which Microsoft Entra feature should they configure?

Question 126hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID. They want to implement two security baseline requirements: (1) Users must register for multifactor authentication (MFA) before they can use self-service password reset (SSPR). (2) Administrators must have just-in-time (JIT) access to Azure resources with approval required. Which two Microsoft Entra features should they use? (Choose two.)

Question 127mediumdrag order
Read the full Describe the capabilities of Microsoft Entra explanation →

Order the steps to create a conditional access policy in Azure AD.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 128mediumdrag order
Read the full Describe the capabilities of Microsoft Entra explanation →

Sequence the steps to set up Microsoft Sentinel for a new workspace.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 129mediumdrag order
Read the full Describe the capabilities of Microsoft Entra explanation →

Arrange the steps to investigate a user compromise using Azure AD Identity Protection.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 130mediummatching
Read the full Describe the capabilities of Microsoft Entra explanation →

Match each compliance term to its correct definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Where data is stored geographically

Data subject to laws of the country where it is stored

Process of identifying and delivering electronic information for legal cases

Preserve data for litigation purposes

Categorizing data based on sensitivity

Question 131mediummatching
Read the full Describe the capabilities of Microsoft Entra explanation →

Match each Microsoft Defender product to its focus area.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Protect on-premises Active Directory

Secure email and collaboration tools

Protect cloud workloads and resources

Secure Internet of Things devices

SaaS application security

Question 132mediummatching
Read the full Describe the capabilities of Microsoft Entra explanation →

Match each identity term to its correct meaning.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

An entity that can be authenticated

Proving you are who you claim to be

Determining what an authenticated user can do

Trust relationship between identity providers

Creating and managing user accounts and access

Question 133mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company is implementing a new application that requires users to authenticate using Microsoft Entra ID. The security team wants to enforce multifactor authentication (MFA) for all users accessing this application, but only when they are connecting from an untrusted network. Which conditional access policy should you configure?

Question 134mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are a consultant helping a client migrate from on-premises Active Directory to Microsoft Entra ID. The client has a large number of user accounts and wants to synchronize identities while allowing users to use their existing on-premises passwords. Which tool should you recommend?

Question 135easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports that they are unable to sign in to a SaaS application that is configured for single sign-on (SSO) with Microsoft Entra ID. The user can sign in to other applications. What should you check first?

Question 136mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID for identity management. You need to allow external partners to access a specific SharePoint Online site without requiring them to have a Microsoft Entra ID account in your tenant. Which feature should you use?

Question 137easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization wants to ensure that users cannot install applications from the Microsoft Store on their company-managed Windows devices. Which Microsoft Entra ID feature should you combine with Microsoft Intune to enforce this?

Question 138mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company is using Microsoft Entra ID to manage identities. You want to allow users to reset their own passwords without help desk intervention, but only if they have registered for self-service password reset (SSPR). What should you configure?

Question 139mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are capabilities of Microsoft Entra ID? (Select two.)

Question 140mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE of the following are features of Microsoft Entra ID Governance? (Select three.)

Question 141hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are supported identity types for Microsoft Entra External ID? (Select two.)

Question 142hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE of the following are capabilities provided by Microsoft Entra ID Protection? (Select three.)

Question 143easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are types of identities that can be managed in Microsoft Entra ID? (Select two.)

Question 144easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID to allow users to access cloud applications. You need to ensure that any sign-in from a known malicious IP address is blocked. Which feature should you configure?

Question 145easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization wants to enable single sign-on (SSO) for users accessing Microsoft 365 apps from unmanaged devices while enforcing multifactor authentication (MFA). Which Microsoft Entra feature should you configure?

Question 146mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company is migrating from on-premises Active Directory to Microsoft Entra ID. You need to synchronize user passwords and enable password writeback for self-service password reset. Which tool should you use?

Question 147hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are deploying Microsoft Entra Verified ID to issue verifiable credentials for employee onboarding. Which component is required to issue credentials?

Question 148easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID Governance. You need to ensure that guest users' access to internal applications is automatically removed after 90 days. What should you configure?

Question 149mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID with P2 licenses. You want to require approval for users to activate the Global Administrator role. Which feature should you configure?

Question 150hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization is using Microsoft Entra Permissions Management (CIEM). You need to identify overprivileged identities in AWS. Which capability should you use?

Question 151easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization wants to use Microsoft Entra ID to authenticate users from a partner company that uses its own identity provider. Which federation standard should you use?

Question 152mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID. You need to enforce that all users register for MFA within 14 days of account creation. Which feature should you use?

Question 153hardmultiple choice
Review the full routing breakdown →

Your organization is implementing Microsoft Entra Internet Access (formerly Microsoft Entra Internet Access). You need to secure access to public internet apps by enforcing traffic routing through Microsoft's network. Which feature should you enable?

Question 154easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO Microsoft Entra features can be used to enforce multifactor authentication (MFA)?

Question 155mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE components are part of Microsoft Entra Permissions Management (CIEM)?

Question 156hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO authentication methods in Microsoft Entra ID support passwordless sign-in?

Question 157easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. The JSON shows a Conditional Access policy. What is the primary purpose of this policy?

Exhibit

Refer to the exhibit. {
  "displayName": "Block Legacy Auth",
  "state": "enabled",
  "conditions": {
    "clientAppTypes": ["exchangeActiveSync", "otherClients"],
    "applications": {
      "includeApplications": ["All"]
    }
  },
  "grantControls": {
    "builtInControls": ["block"],
    "operator": "OR"
  }
}
Question 158mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. A user reports being unable to access Exchange Online from their personal laptop. The sign-in log shows failure due to device non-compliance. What should you configure to allow access while maintaining security?

Exhibit

Refer to the exhibit. Sign-in logs from Microsoft Entra ID: User: jsmith@contoso.com, App: Office 365 Exchange Online, Status: Failure, Error: 53003 - Device is not compliant. Risk level: Medium.
Question 159hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. User2 attempts to activate the Global Administrator role. What must happen before User2 gains the role?

Exhibit

Refer to the exhibit. Microsoft Entra ID roles: User1: Global Administrator (active), User2: Global Administrator (eligible), User3: Security Reader (active). PIM settings: User2 requires approval for activation. User2 attempts to activate Global Administrator.
Question 160mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow its partners to access a specific SharePoint Online site using their own corporate credentials. The company does not want to manage partner accounts. Which Microsoft Entra feature should they use?

Question 161hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization has deployed Microsoft Entra ID Governance and wants to automate the process of revoking access to a critical application when an employee leaves the company. Which feature should they configure?

Question 162easymultiple choice
Read the full wireless explanation →

A user reports that they cannot access Microsoft 365 apps from a public Wi-Fi network. The admin sees a Conditional Access policy requiring a compliant device and a trusted location. Which component enforces this policy?

Question 163mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization wants to allow users to reset their own passwords without help desk intervention. They also need to enforce multifactor authentication during the reset process. Which Microsoft Entra feature should they configure?

Question 164hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID with a custom line-of-business application that only supports SAML 2.0. They want to enable single sign-on for users. What should they configure in Microsoft Entra ID?

Question 165easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization wants to protect against password spray attacks by automatically blocking sign-ins from suspicious IP addresses. Which Microsoft Entra feature should they use?

Question 166mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to provide external consultants with access to a specific application using their LinkedIn or Google accounts. Which Microsoft Entra feature allows this?

Question 167hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization is migrating from on-premises Active Directory to Microsoft Entra ID. They need to synchronize user passwords so that users can use the same password for both on-premises and cloud resources. Which authentication method should they choose?

Question 168easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user is unable to access a cloud app and receives a message that their sign-in was blocked by a Conditional Access policy. The admin wants to allow the user to self-remediate by meeting policy requirements. What should the admin enable?

Question 169mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO features are part of Microsoft Entra ID Governance? (Choose two.)

Question 170hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE are benefits of using Microsoft Entra ID as an identity provider? (Choose three.)

Question 171easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO capabilities are provided by Microsoft Entra External ID? (Choose two.)

Question 172hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

The exhibit shows a Conditional Access policy named 'Block Legacy Auth'. The admin notices that the policy is not blocking legacy authentication as intended. Based on the output, what is the most likely reason?

Exhibit

Refer to the exhibit. The exhibit shows a PowerShell command and its output:

```powershell
Get-MgPolicyConditionalAccessPolicy -Filter "DisplayName eq 'Block Legacy Auth'" | Format-List Id, DisplayName, Conditions

Id            : 12345678-1234-1234-1234-123456789abc
DisplayName   : Block Legacy Auth
Conditions    : @{ClientAppTypes=System.Object[]; Applications=; Users=; Locations=; Platforms=; SignInRiskLevels=; UserRiskLevels=;}
```
Question 173mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

The exhibit shows a sign-in failure for John Doe. The admin wants to allow the sign-in while still enforcing MFA. What should the admin do?

Exhibit

Refer to the exhibit. The exhibit shows a Microsoft Entra ID sign-in log entry:

```json
{
  "id": "abc123",
  "createdDateTime": "2025-12-01T10:00:00Z",
  "userDisplayName": "John Doe",
  "appDisplayName": "Microsoft Azure PowerShell",
  "status": {
    "errorCode": 53003,
    "failureReason": "Blocked by Conditional Access"
  },
  "conditionalAccessStatus": "failure",
  "authenticationRequirement": "multiFactorAuthentication",
  "clientAppUsed": "Azure PowerShell"
}
```
Question 174easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

The exhibit shows that a user was added to the Global Administrator role. Which Microsoft Entra feature should be used to provide just-in-time access to this role?

Exhibit

Refer to the exhibit. The exhibit shows a Microsoft Entra ID audit log entry:

```json
{
  "activityDisplayName": "Add member to role",
  "activityDateTime": "2025-12-01T09:00:00Z",
  "targetResources": [{
    "id": "abc",
    "displayName": "Global Administrator",
    "modifiedProperties": [{
      "displayName": "Role.DisplayName",
      "newValue": "\"Global Administrator\""
    }]
  }]
}
```
Question 175easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to ensure that only users with specific IP addresses can access its critical applications. Which Microsoft Entra feature should they configure?

Question 176mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports that they cannot access a cloud app even though they are in the correct location and have a valid license. The administrator suspects a Conditional Access policy might be blocking access. Which tool should the admin use to diagnose the issue?

Question 177mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Entra ID for identity management and wants to allow external partners to access their resources using their own corporate credentials. Which feature should they enable?

Question 178hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company needs to enforce multi-factor authentication for all users but exclude a break-glass emergency account. Which approach should they take in Microsoft Entra ID?

Question 179easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization wants to automatically revoke access to cloud apps when an employee leaves the company. Which Microsoft Entra feature should they use?

Question 180hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company is planning to migrate from on-premises Active Directory to Microsoft Entra ID. They have a custom line-of-business application that uses Windows Integrated Authentication and requires Kerberos. Which approach should they use to enable hybrid identity?

Question 181mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An administrator notices that some users are being prompted for MFA even though they are inside the corporate network. The Conditional Access policy includes a condition for 'All locations' except trusted IPs. What is the most likely cause?

Question 182easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to grant temporary, time-limited access to a critical Azure resource for an external consultant. Which Microsoft Entra feature should they use?

Question 183hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has a Microsoft Entra ID tenant with thousands of users. They need to ensure that only users with a 'Manager' attribute populated can access a sensitive app. Which approach should they use?

Question 184mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO Microsoft Entra features can be used together to enforce risk-based conditional access?

Question 185hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE are valid authentication methods in Microsoft Entra ID?

Question 186easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO capabilities are part of Microsoft Entra ID Governance?

Question 187mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are reviewing a Conditional Access policy JSON. What is the result of this policy?

Exhibit

Refer to the exhibit.

```json
{
  "conditions": {
    "applications": { "includeApplications": ["Office365"] },
    "users": { "includeUsers": ["All"] },
    "locations": {
      "includeLocations": ["All"],
      "excludeLocations": ["AllTrusted"]
    }
  },
  "grantControls": {
    "operator": "OR",
    "builtInControls": ["mfa", "compliantDevice"]
  }
}
```
Question 188hardmultiple choice
Study the full multicast explanation →

You are analyzing a PIM activation request. The roleDefinitionId corresponds to the Global Administrator role. What is the duration of the activation?

Exhibit

Refer to the exhibit.

```json
{
  "roleEligibilityScheduleRequests": [
    {
      "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
      "principalId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
      "scheduleInfo": {
        "startDateTime": "2026-04-01T00:00:00Z",
        "expiration": {
          "type": "AfterDuration",
          "duration": "PT8H"
        }
      },
      "ticketInfo": {
        "ticketNumber": "INC-12345"
      }
    }
  ]
}
Question 189easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are viewing an application registration in Microsoft Entra ID. What can you conclude about this app?

Exhibit

Refer to the exhibit.

```
DisplayName        : Contoso HR App
ObjectId           : 12345678-1234-1234-1234-123456789012
Enabled            : True
SignInAudience     : AzureADMyOrg
IdentifierUris     : {https://api.contoso.com}
AppRoles           : {}
```
Question 190mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID. You need to enable users to sign in to third-party SaaS applications using their corporate credentials without storing passwords in those apps. Which Microsoft Entra feature should you configure?

Question 191easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports they cannot access the company portal from their personal device. The device is not enrolled in Microsoft Intune. The admin wants to ensure only compliant devices can access corporate resources. What should the admin configure?

Question 192hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. The Conditional Access policy shown is applied to all users accessing Office 365. A user with a compliant device but no MFA registered attempts to access Exchange Online. What will happen?

Exhibit

Refer to the exhibit.
```json
{
  "conditions": {
    "applications": {
      "includeApplications": ["Office365"]
    },
    "users": {
      "includeUsers": ["All"]
    },
    "locations": {
      "includeLocations": ["All"]
    }
  },
  "grantControls": {
    "builtInControls": ["mfa", "compliantDevice"],
    "operator": "AND"
  }
}
```
Question 193mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID with P2 licenses. You need to review and approve role activations for the Global Administrator role on a weekly basis. Which feature should you use?

Question 194easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow employees to sign in using their Microsoft credentials (e.g., personal Outlook.com) to access internal applications. Which Microsoft Entra feature should be configured?

Question 195hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. A user accesses a web app from a device that is Microsoft Entra joined but not Intune compliant. Which condition will be satisfied?

Exhibit

Refer to the exhibit.
```json
{
  "conditions": {
    "users": {
      "includeUsers": ["All"]
    },
    "clientAppTypes": ["browser"]
  },
  "grantControls": {
    "builtInControls": ["compliantDevice", "domainJoined"],
    "operator": "OR"
  }
}
```
Question 196mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization has Microsoft Sentinel and Microsoft Defender XDR. They want to automatically block a user's sign-in if a high-risk alert is triggered. Which Microsoft Entra feature integrates with these products to enforce access controls?

Question 197easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. You want to provide external partners with access to a SharePoint site using their own identity providers (e.g., Google, Facebook). Which feature should you use?

Question 198hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. The Conditional Access policy is configured to block access for high-risk users. A user with a medium risk level attempts to sign in. What will happen?

Exhibit

Refer to the exhibit.
```json
{
  "conditions": {
    "users": {
      "includeUsers": ["All"]
    },
    "riskLevel": ["high"]
  },
  "grantControls": {
    "builtInControls": ["block"]
  }
}
```
Question 199mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO features are part of Microsoft Entra ID P2 licensing? (Choose two.)

Question 200easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO scenarios are supported by Microsoft Entra B2B collaboration? (Choose two.)

Question 201hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE components are part of Microsoft Entra ID's identity governance? (Choose three.)

Question 202mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO conditions can be used in a Microsoft Entra Conditional Access policy? (Choose two.)

Question 203easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE features are included in Microsoft Entra ID Free? (Choose three.)

Question 204hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE capabilities are provided by Microsoft Entra Identity Protection? (Choose three.)

Question 205easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company is implementing Microsoft Entra ID and wants to ensure that users can sign in using their existing social media accounts. Which feature should you configure?

Question 206mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports that they cannot access the company's HR application, which requires Microsoft Entra ID authentication. The user can access other apps that also use Entra ID. What is the most likely cause?

Question 207hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID Governance. You need to ensure that when a user leaves the company, all their access to critical applications is automatically removed. Which feature should you use?

Question 208easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company wants to provide a single sign-on experience for all cloud applications. Which Microsoft Entra ID feature should you implement?

Question 209mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports frequent password reset requests. You suspect password spray attacks. Which Microsoft Entra ID feature should you use to investigate?

Question 210hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID with P2 licenses. You need to delegate the ability to manage role assignments in Entra ID without granting global admin rights. Which feature should you use?

Question 211easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company wants to allow partners to use their own corporate credentials to access a specific SharePoint site. Which Microsoft Entra ID feature supports this?

Question 212mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user is locked out of their account after multiple failed sign-in attempts. You need to reduce false lockouts while maintaining security. What should you do?

Question 213hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization has multiple on-premises directories and wants to synchronize them to Microsoft Entra ID. However, you must avoid duplicate user objects. Which feature should you configure?

Question 214mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are capabilities of Microsoft Entra ID? (Choose two.)

Question 215easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE are features of Microsoft Entra ID? (Choose three.)

Question 216hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO are capabilities of Microsoft Entra ID Governance? (Choose two.)

Question 217mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. The JSON snippet shows an app registration in Microsoft Entra ID. The password credential endDateTime is set to 2025-12-31. What will happen when that date is reached?

Exhibit

Refer to the exhibit.
{
  "appId": "00001111-aaaa-2222-bbbb-3333cccc4444",
  "displayName": "HRApp",
  "passwordCredentials": [
    {
      "hint": "abc",
      "endDateTime": "2025-12-31T23:59:00Z"
    }
  ],
  "api": {
    "knownClientApplications": [],
    "requestedAccessTokenVersion": 2
  }
}
Question 218hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. A Microsoft Graph PowerShell script is shown. What is the purpose of this script?

Exhibit

Refer to the exhibit.
$users = Get-MgUser -Filter "startsWith(userPrincipalName, 'john') and userType eq 'Member'"
foreach ($user in $users) {
    New-MgUserAuthenticationMethod -UserId $user.Id -PhoneAuthenticationMethod -PhoneNumber "+1234567890" -PhoneType "mobile"
}
Question 219mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. The JSON shows a conditional access policy. What is the effect of this policy?

Exhibit

Refer to the exhibit.
{
  "conditions": {
    "applications": {
      "includeApplications": ["Office365"]
    },
    "users": {
      "includeUsers": ["All"]
    },
    "locations": {
      "includeLocations": ["AllTrusted"]
    }
  },
  "grantControls": {
    "builtInControls": ["mfa"]
  }
}
Question 220easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID to manage user identities. You need to ensure that users can sign in using their existing social media accounts. Which Microsoft Entra feature should you configure?

Question 221mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports that they cannot access the corporate portal after a password reset. The user can access other cloud apps. You verify that the user account is enabled and not locked. What should you check next?

Question 222hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization plans to migrate from on-premises Active Directory to Microsoft Entra ID. You need to design the identity synchronization strategy to support password hash synchronization and password writeback. Which tool should you use?

Question 223easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You need to provide external partners with access to your organization's SharePoint site. The partners must use their own credentials. Which Microsoft Entra feature should you use?

Question 224mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports that they are repeatedly prompted for multifactor authentication when accessing Microsoft 365 apps from the same trusted device. What should you do to reduce the number of prompts?

Question 225hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID P2 licenses. You need to implement a process to automatically remove users from a group if they have not signed in for 90 days. Which feature should you use?

Question 226easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You need to allow users to reset their own passwords without contacting the help desk. Which Microsoft Entra feature should you enable?

Question 227mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization requires that all external guest users must sign in using Microsoft Authenticator for MFA. What should you configure?

Question 228hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You need to implement a solution that allows users to access cloud applications without entering a password, using Windows Hello for Business. Which Microsoft Entra feature integrates with Windows Hello for Business?

Question 229easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO capabilities are provided by Microsoft Entra ID?

Question 230mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE features are part of Microsoft Entra Identity Governance?

Question 231hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO Microsoft Entra features can help protect against credential attacks?

Question 232mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are reviewing a Conditional Access policy in JSON format. What is the effect of this policy?

Exhibit

Refer to the exhibit.

```json
{
  "conditions": {
    "users": { "include": ["All"] },
    "applications": { "include": ["All"] },
    "locations": { "include": ["AllTrusted"] }
  },
  "grantControls": {
    "builtInControls": ["mfa"],
    "termsOfUse": ["terms-of-use-id"]
  }
}
```
Question 233hardmultiple choice
Study the full multicast explanation →

Refer to the exhibit. You are reviewing a Privileged Identity Management (PIM) configuration for a role in Microsoft Entra ID. The roleDefinitionId corresponds to a specific role. What is the effect of this configuration?

Exhibit

Refer to the exhibit.

```json
{
  "roleSettings": [
    {
      "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
      "approvalRequired": true,
      "activationMaximumDuration": "PT1H",
      "eligibleAssignment": {
        "assignmentType": "eligible",
        "endDateTime": null
      }
    }
  ]
}
```
Question 234mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization has a Microsoft Entra ID tenant with 5,000 users. You need to implement a solution to allow external partners to access a specific SharePoint Online site. The partners must use their own email addresses to sign in. You want to enforce multifactor authentication for all external users. Additionally, you need to ensure that external users are automatically removed from the site after 90 days. You have the following requirements:

1. Use built-in Microsoft Entra features. 2. Minimize administrative effort. 3. The solution must support automatic expiration of access.

What should you do?

Question 235easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID for identity management. They want to allow employees to sign in using their existing Facebook credentials. Which feature should they configure?

Question 236mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports that they cannot access a critical application, receiving an error that their session has expired. The sign-in logs show the user was prompted for multifactor authentication (MFA) multiple times during the same session. What should an administrator review to reduce these interruptions?

Question 237hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company is planning to migrate from on-premises Active Directory to Microsoft Entra ID. They have multiple on-premises applications that use LDAP for authentication. They want to enable single sign-on (SSO) to these applications from the cloud without modifying the applications. Which approach should they use?

Question 238easymultiple choice
Read the full NAT/PAT explanation →

A company uses Microsoft Entra ID. The security team wants to automatically block sign-ins from IP addresses that exhibit brute-force attack patterns. Which capability should they enable?

Question 239mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An administrator needs to grant a vendor temporary access to an Azure subscription for exactly 48 hours. After that time, access must be automatically revoked. Which Microsoft Entra feature should be used?

Question 240hardmultiple choice
Read the full NAT/PAT explanation →

A multinational company uses Microsoft Entra ID. They want to ensure that users from a specific country only access a sensitive application from compliant devices. Additionally, they want to block access if the sign-in risk is medium or high. Which combination of policies should they create?

Question 241easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to allow employees to use their corporate Microsoft Entra ID credentials to sign in to third-party SaaS applications like Salesforce and ServiceNow. Which feature provides this capability?

Question 242mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company is using Microsoft Entra ID to manage identities for a multi-tenant SaaS application. They want to allow users from partner organizations to access the application using their own corporate credentials, without needing to manage separate accounts. Which solution should they implement?

Question 243mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO capabilities are provided by Microsoft Entra Identity Protection?

Question 244hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE components are part of the Microsoft Entra External Identities suite?

Question 245easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO features are included in Microsoft Entra ID P2 licensing?

Question 246hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are the identity administrator for a large enterprise using Microsoft Entra ID. The company has 50,000 users and recently acquired a smaller company with 2,000 users that uses a third-party identity provider (IdP) based on SAML 2.0. The acquisition must be fully integrated within 30 days. The CISO mandates that all users must use MFA for any access to cloud applications. The acquired company's users currently do not use MFA. You need to choose an approach that minimizes changes to the acquired company's current authentication infrastructure while meeting the MFA requirement. The solution must also allow the acquired company's users to access resources in the parent tenant using their existing credentials. What should you do?

Question 247mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are an identity consultant for a mid-sized company with 5,000 employees. They use Microsoft Entra ID P1 and Microsoft Intune for device management. The company wants to implement passwordless authentication for all employees to improve security and user experience. Currently, users sign in with username and password plus MFA via the Microsoft Authenticator app. The company has a mix of Windows 10/11 devices (both domain-joined and Microsoft Entra joined) and iOS/Android mobile devices. They want to support passwordless sign-in on all platforms. The CTO is concerned about cost and wants to minimize additional licensing. Which passwordless method should you recommend?

Question 248easymultiple choice
Read the full NAT/PAT explanation →

You are a security administrator for a company using Microsoft Entra ID P2. The company has a critical application that should only be accessible by a specific group of users (the 'Finance' group). You need to ensure that any access to this application is automatically logged and that an administrator is notified when a user outside the Finance group attempts to access it. Additionally, the CEO wants a quarterly review of all users who have access to this application. Which combination of features should you use?

Question 249mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are the identity architect for a global organization with 100,000 users across 50 countries. The company uses Microsoft Entra ID P2 and Microsoft Defender for Cloud Apps. Recently, the security team identified that several compromised user accounts were used to exfiltrate data from a cloud storage app. The CISO wants to implement a solution that detects anomalous behavior (e.g., impossible travel, mass download) and automatically blocks the user session when such behavior is detected. The solution must also provide the ability to investigate and remediate after the fact. Which Microsoft Entra feature should you use in conjunction with Defender for Cloud Apps to meet these requirements?

Question 250mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization is planning to implement Microsoft Entra ID for identity and access management. Which TWO capabilities are provided by Microsoft Entra ID?

Question 251hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

You are a security architect for a large enterprise using Microsoft Entra ID. You need to implement a solution that enforces least-privilege access and reduces lateral movement. Which THREE Microsoft Entra capabilities should you include in your design?

Question 252easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company, Contoso, uses Microsoft Entra ID for employee identity management. You need to ensure that when an employee leaves the company, their access to all SaaS applications is automatically revoked within 24 hours. The HR department updates the employee status in a cloud HR system (Workday). What should you do?

Question 253mediummultiple choice
Read the full NAT/PAT explanation →

Your organization is using Microsoft Entra ID with P2 licenses. You need to enforce a policy that requires administrators to request approval before activating their privileged roles, and approvals must expire after 8 hours. Additionally, you need to ensure that all privileged role activations are logged for auditing. Which combination of Microsoft Entra capabilities should you use?

Question 254mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company has a hybrid identity environment with Microsoft Entra ID and on-premises Active Directory. You need to ensure that users can use the same password on-premises and in the cloud without having to sync password hashes. Additionally, you want to prevent accounts from being locked out after a few bad password attempts in the cloud. Which Microsoft Entra feature should you implement?

Question 255hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and has deployed Microsoft Entra ID Governance for entitlement management. You need to allow external partners to request access to a specific application, but only if they have a valid email address from an approved domain. Once approved, their access should automatically expire after 30 days. You also need to ensure that the partner's access is reviewed quarterly by the application owner. What should you configure?

Question 256hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization is using Microsoft Entra ID and has deployed Microsoft Intune for mobile device management. You need to ensure that only devices that are compliant with Intune policies can access corporate email via Microsoft Outlook for iOS and Android. Additionally, you need to prevent users from copying corporate data to personal apps on the same device. Which two Microsoft Entra features should you combine?

Question 257mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID and wants to implement a passwordless authentication strategy for all users. You have a mix of Windows 10 devices, iOS devices, and Android devices. You need a solution that works across all platforms and does not require users to remember passwords. What should you implement?

Question 258easymultiple choice
Read the full NAT/PAT explanation →

Your organization wants to allow employees to use their personal mobile devices to access corporate resources, but you need to ensure that corporate data is protected if the device is lost or stolen. You also need to enforce a PIN policy on the device. Which combination of Microsoft Entra and Microsoft Intune features should you use?

Question 259hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization has a Microsoft Entra ID tenant with 5,000 users. You need to implement a solution that automatically detects and remediates users with leaked credentials. Additionally, you need to require users to change their password when a high risk is detected. Which Microsoft Entra features should you configure?

Question 260easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization is deploying Microsoft Entra ID. You need to ensure that users can sign in using their existing on-premises Active Directory credentials without creating new cloud passwords. Which feature should you configure?

Question 261hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company has Microsoft Entra ID with Conditional Access policies. Users report being prompted for MFA every time they access the company's CRM app from their corporate laptops. However, the policy is configured to require MFA only for untrusted locations. What is the most likely cause?

Question 262mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. You need to grant external partners limited access to a SharePoint site for 30 days. After 30 days, access should automatically expire. Which Microsoft Entra feature should you use?

Question 263easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are designing an identity solution for a new company that will use Microsoft Entra ID. The company wants employees to use biometrics (fingerprint) on their mobile devices to sign in without typing a password. Which Microsoft Entra feature should you implement?

Question 264hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are reviewing Microsoft Entra sign-in logs. Which statement is true?

Exhibit

{
  "signInLogs": [
    {
      "userId": "jdoe@contoso.com",
      "appDisplayName": "Azure Portal",
      "signInEventType": "interactiveUser",
      "conditionalAccessStatus": "success",
      "mfaRequired": true,
      "riskLevelDuringSignIn": "medium",
      "riskLevelAggregated": "high"
    },
    {
      "userId": "asmith@contoso.com",
      "appDisplayName": "Office 365 Exchange Online",
      "signInEventType": "nonInteractiveUser",
      "conditionalAccessStatus": "failure",
      "mfaRequired": false,
      "riskLevelDuringSignIn": "low",
      "riskLevelAggregated": "low"
    }
  ]
}
Question 265mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID. You need to enforce that all users accessing the HR application must have a device that is compliant with company security policies. The device compliance is managed by Microsoft Intune. Which feature should you use to enforce this requirement?

Question 266hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization has a hybrid identity environment with Microsoft Entra ID and on-premises Active Directory. You need to ensure that when a user's on-premises account is disabled, their cloud account is automatically disabled within 5 minutes. Which configuration should you use?

Question 267easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are configuring Microsoft Entra ID for a new user. The user will need to access resources in multiple Microsoft cloud services (Office 365, Azure, Dynamics 365). Which Microsoft Entra edition is minimally required to provide single sign-on (SSO) across these services?

Question 268mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID. Security policy requires that all external guest users must be reviewed and their access approved by their sponsor every 90 days. If not approved, access should be automatically removed. Which feature should you use?

Question 269mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which two capabilities are provided by Microsoft Entra ID? (Choose two.)

Question 270hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which three features are available in Microsoft Entra ID P2 but not in P1? (Choose three.)

Question 271easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which two scenarios are examples of using Microsoft Entra business-to-business (B2B) collaboration? (Choose two.)

Question 272hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You run the cmdlet and get a list of risk detections. What does this cmdlet retrieve?

Exhibit

Get-AzureADMSIdentityProtectionRiskDetection -Filter "riskEventType eq 'unfamiliarSignInProperties'"
Question 273easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You run this PowerShell cmdlet. What is the outcome?

Exhibit

New-AzureADMSInvitation -InvitedUserEmailAddress "external@partner.com" -InvitedUserDisplayName "Partner User" -InviteRedirectUrl "https://myapps.microsoft.com" -SendInvitationMessage $true
Question 274mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID. You need to ensure that when a user's account is compromised and used to send spam, the account is automatically blocked from signing in. Which feature should you configure?

Question 275mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID for identity management. You need to enable users to sign in using a QR code from the Microsoft Authenticator app. Which Microsoft Entra feature should you configure?

Question 276easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are configuring Microsoft Entra ID Governance. You need to ensure that when a user leaves the organization, their access to all SaaS applications is automatically revoked. Which Microsoft Entra feature should you use?

Question 277hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID with P2 licenses. You need to implement a policy that requires users to perform multifactor authentication (MFA) when accessing the finance application from an untrusted network, but not when accessing it from the corporate network. Which Microsoft Entra feature should you configure?

Question 278mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and Microsoft Intune. You need to ensure that only devices that are enrolled in Intune and compliant with your organization's security policies can access corporate email. Which Microsoft Entra feature should you use?

Question 279easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization wants to use Microsoft Entra Verified ID to issue digital credentials to employees. Which Microsoft Entra service provides the ability to issue and verify verifiable credentials?

Question 280hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and Microsoft Sentinel. You need to analyze sign-in logs to detect risky sign-ins that are not blocked by Conditional Access policies. Which Microsoft Entra feature provides risk detection and can feed into Sentinel?

Question 281mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID with P1 licenses. You need to provide a temporary access pass for a new employee to set up their account without a password. Which Microsoft Entra feature should you use?

Question 282easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and needs to allow external partners to sign in using their own identity providers (e.g., Google or Facebook). Which Microsoft Entra feature should you configure?

Question 283hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization is using Microsoft Entra ID with P2 licenses. You need to ensure that all guest users are reviewed for access quarterly, and if not approved, access is automatically removed. Which Microsoft Entra feature should you configure?

Question 284mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are capabilities of Microsoft Entra ID Governance?

Question 285hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE of the following are features of Microsoft Entra ID Protection?

Question 286easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are methods for implementing passwordless authentication in Microsoft Entra ID?

Question 287hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are evaluating a Conditional Access policy in JSON format. The policy is assigned to a test user group. A user in that group tries to access Outlook Web App (OWA) from a browser. What is the effect of this policy?

Exhibit

Refer to the exhibit.

```json
{
  "policy": {
    "displayName": "Block legacy authentication",
    "conditions": {
      "clientAppTypes": ["exchangeActiveSync", "other"],
      "applications": {
        "includeApplications": ["Office365"]
      }
    },
    "grantControls": {
      "builtInControls": ["block"]
    }
  }
}
```
Question 288mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are reviewing a risk detection in Microsoft Entra Identity Protection. The risk event indicates 'unfamiliarFeatures' with medium risk level for user John Doe from IP 203.0.113.5. What is the most likely cause of this risk detection?

Exhibit

Refer to the exhibit.

```json
{
  "riskDetections": [
    {
      "riskEventType": "unfamiliarFeatures",
      "riskLevel": "medium",
      "userDisplayName": "John Doe",
      "signInDateTime": "2026-03-15T10:30:00Z",
      "ipAddress": "203.0.113.5"
    }
  ]
}
```
Question 289easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are configuring an access package in Microsoft Entra Entitlement Management. Based on the policy, which users can request access to the HR App?

Exhibit

Refer to the exhibit.

```json
{
  "properties": {
    "displayName": "HR App",
    "description": "Access package for HR application",
    "catalogId": "catalog1",
    "policyType": "userManaged",
    "approvalRequired": true,
    "approvalStages": [
      {
        "approvalTimeout": 14,
        "approvalRequiredFor": "guest",
        "primaryApprover": {
          "id": "manager"
        }
      }
    ]
  }
}
```
Question 290easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID to manage user identities. A new employee named John joins the company and needs access to Microsoft 365 apps. You want to ensure John's identity is verified using a phone call. Which authentication method should you configure?

Question 291mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company is implementing a hybrid identity solution with Microsoft Entra ID. You need to ensure that password changes on-premises are synchronized to the cloud within minutes. Which feature should you enable?

Question 292hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID Governance. You need to ensure that access to a critical application is reviewed every 90 days by the application owner. If the review is not completed, access should be revoked automatically. Which feature should you configure?

Question 293mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID and wants to allow external partners to sign in using their own Google or Facebook accounts. Which feature should you enable?

Question 294easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and wants to enforce multi-factor authentication (MFA) for all users. Which policy should you create?

Question 295mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and needs to block sign-ins from legacy authentication protocols to reduce risk. Which feature should you use?

Question 296hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. You need to ensure that when a user's account is disabled on-premises, their access to cloud apps is blocked within 5 minutes. Which hybrid identity configuration should you use?

Question 297easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. A user reports that they are unable to access any Microsoft 365 services because they forgot their password. Which self-service tool should they use?

Question 298hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID and wants to automatically assign licenses to new employees based on their department. Which feature should you use?

Question 299mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. Which TWO capabilities are provided by Microsoft Entra ID Governance?

Question 300hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. Which THREE authentication methods can be used for passwordless sign-in?

Question 301mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. Which TWO features help protect against identity-based attacks by detecting and responding to risks?

Question 302mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are reviewing a Conditional Access policy in Microsoft Entra ID. The policy includes locations condition "AllTrusted". What is the effect of this policy?

Exhibit

Refer to the exhibit.

```json
{
  "conditions": {
    "users": { "include": ["All"] },
    "applications": { "include": ["All"] },
    "clientAppTypes": ["browser", "mobileAppsAndDesktopClients"],
    "locations": { "include": ["AllTrusted"] }
  },
  "grantControls": {
    "builtInControls": ["mfa"],
    "operator": "OR"
  }
}
```
Question 303hardmultiple choice
Study the full multicast explanation →

Refer to the exhibit. You are reviewing a Microsoft Entra PIM activation request. The roleDefinitionId corresponds to the Global Administrator role. The request is for an 8-hour activation with a start time. What is the maximum allowed activation duration for Global Administrator in PIM?

Exhibit

Refer to the exhibit.

```json
{
  "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
  "principalId": "a7b8c9d0-e1f2-3a4b-5c6d-7e8f9a0b1c2d",
  "directoryScopeId": "/",
  "schedule": {
    "startDateTime": "2025-01-01T00:00:00Z",
    "expiration": {
      "type": "afterDuration",
      "duration": "PT8H"
    }
  }
}
Question 304mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are reviewing a risk detection report in Microsoft Entra Identity Protection. The report shows a user with high risk level and two risk events. What does the status 'remediated' indicate?

Exhibit

Refer to the exhibit.

```json
{
  "identity": {
    "userPrincipalName": "user1@contoso.com",
    "riskLevel": "high",
    "riskEventTypes": ["leakedCredentials", "impossibleTravel"]
  },
  "status": "remediated"
}
Question 305mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company is implementing a hybrid identity solution with Microsoft Entra ID. Users report that they can sign in to Microsoft 365 but cannot access on-premises applications that are configured for integrated Windows authentication. You need to ensure seamless single sign-on (SSO) for both cloud and on-premises resources. What should you implement?

Question 306hardmultiple choice
Read the full NAT/PAT explanation →

A multinational organization uses Microsoft Entra ID for identity management. The security team wants to implement a Conditional Access policy that blocks access from untrusted locations unless the user's device is marked as compliant by Microsoft Intune. However, users traveling to trusted partner locations should be allowed access even if their device is non-compliant. Which two conditions should be configured in the policy?

Question 307mediummultiple choice
Read the full NAT/PAT explanation →

You are configuring Microsoft Entra ID Governance for your organization. You need to ensure that when a user's employment status changes to 'Terminated' in the HR system, their access to critical applications is automatically revoked within 24 hours. Additionally, managers must be able to request temporary access for a terminated user if needed. What should you implement?

Question 308easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. You need to ensure that users can reset their own passwords without help desk intervention, while maintaining security by requiring multi-factor authentication (MFA) during the reset process. Which feature should you enable?

Question 309hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are reviewing Microsoft Entra sign-in logs for a user. The user successfully signed in from a mobile device running iOS, located in the US, with medium risk level. The sign-in did not require MFA. You have a Conditional Access policy that requires MFA for all users when sign-in risk is medium or higher. Why was MFA not triggered?

Exhibit

{
  "signInEvents": [
    {
      "userPrincipalName": "jdoe@contoso.com",
      "appDisplayName": "Microsoft 365 Exchange Online",
      "clientAppUsed": "Mobile Apps and Desktop clients",
      "deviceDetail": {
        "deviceId": "",
        "displayName": "",
        "operatingSystem": "iOS",
        "browser": ""
      },
      "location": "US",
      "riskLevelDuringSignIn": "medium",
      "riskLevelAggregated": "medium",
      "riskEventTypes": ["unfamiliarFeatures"],
      "mfaRequired": false,
      "status": {
        "errorCode": 0,
        "failureReason": ""
      }
    }
  ]
}
Question 310easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID to manage identities for employees and external partners. You need to ensure that external partners can access only specific applications and that their access expires automatically after 60 days. Which Microsoft Entra feature should you use?

Question 311mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are reviewing Microsoft Entra role assignments for a user. The first assignment has a roleDefinitionId of '62e90394-69f5-4237-9190-012177145e10' at scope '/'. The second assignment has a roleDefinitionId of '194ae4cb-b126-40b2-bd5b-6091b380977d' at a subscription scope. What can you infer?

Exhibit

{
  "roleAssignments": [
    {
      "principalId": "user1@contoso.com",
      "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10",
      "scope": "/"
    },
    {
      "principalId": "user1@contoso.com",
      "roleDefinitionId": "194ae4cb-b126-40b2-bd5b-6091b380977d",
      "scope": "/subscriptions/sub1/resourceGroups/rg1"
    }
  ]
}
Question 312easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company wants to allow employees to use their corporate Microsoft Entra ID credentials to sign in to third-party SaaS applications like Salesforce and ServiceNow. Which Microsoft Entra feature should you configure?

Question 313hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A large enterprise uses Microsoft Entra ID with P2 licenses. The security team wants to implement just-in-time (JIT) access for privileged roles and require approval for role activation. Additionally, they want to receive alerts when a role is activated outside business hours. Which feature should they use?

Question 314mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are capabilities of Microsoft Entra ID? (Select TWO.)

Question 315hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE of the following are valid components of Microsoft Entra Conditional Access? (Select THREE.)

Question 316easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are authentication methods supported by Microsoft Entra ID? (Select TWO.)

Question 317hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. You are configuring a Conditional Access policy that requires compliant device for access to Microsoft 365. The device shown in the exhibit is Azure AD joined, compliant, and managed. However, a user signing in from this device is still blocked. What is the most likely cause?

Exhibit

{
  "device": {
    "deviceId": "device123",
    "operatingSystem": "Windows 10",
    "trustType": "Azure AD joined",
    "isCompliant": true,
    "isManaged": true,
    "profileType": "Workplace"
  }
}
Question 318easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization wants to enforce MFA for all users accessing the Azure portal. However, users accessing from the corporate office network should not be prompted for MFA. Which Conditional Access assignment should you configure?

Question 319mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID with P1 licenses. You need to implement a policy that blocks access to Microsoft 365 from countries that are not authorized, except for users who are members of a specific security group. Which Microsoft Entra feature should you use?

Question 320easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to provide employees with single sign-on access to both Microsoft 365 and a third-party SaaS application. Which feature of Microsoft Entra ID should they use?

Question 321mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization uses Microsoft Entra ID. The security team wants to require multi-factor authentication (MFA) for all users accessing sensitive data from outside the corporate network. Which Microsoft Entra capability should they configure?

Question 322hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. A Conditional Access policy is defined as shown. Which client applications will be blocked?

Exhibit

Refer to the exhibit.

```json
{
  "name": "Block legacy authentication",
  "conditions": {
    "clientAppTypes": ["exchangeActiveSync", "otherClients"]
  },
  "grantControls": {
    "builtInControls": ["block"]
  }
}
```
Question 323easymultiple choice
Read the full VPN explanation →

A company wants to enable employees to securely access on-premises applications without needing a VPN. Which Microsoft Entra feature should they implement?

Question 324mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID to manage identities. You need to ensure that users receive a notification when their password is about to expire. Which feature should you configure?

Question 325hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. An administrator runs the PowerShell cmdlet shown. What is the purpose of this command?

Exhibit

Refer to the exhibit.

```powershell
Get-AzureADGroupMember -ObjectId "Sales_Group_ObjectID" | Select-Object DisplayName, UserPrincipalName
```
Question 326easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company wants to automatically remove a user's access to all applications when the user leaves the organization. Which Microsoft Entra feature can help achieve this?

Question 327mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. You need to ensure that guest users can access resources without requiring invitation redemption. Which feature should you enable?

Question 328hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. A security analyst runs the KQL query in Microsoft Sentinel. The query returns sign-in logs with error code 50076. What does this error indicate?

Exhibit

Refer to the exhibit.

```kusto
SigninLogs
| where UserPrincipalName == "user@contoso.com"
| where Status.errorCode == 50076
```
Question 329easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are capabilities of Microsoft Entra ID?

Question 330mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE of the following are features of Microsoft Entra ID Protection?

Question 331hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are benefits of using Microsoft Entra ID Governance?

Question 332easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

An organization wants to allow users to reset their own passwords without help desk intervention. Which Microsoft Entra feature should they enable?

Question 333mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company needs to ensure that only approved devices can access corporate resources. Which Microsoft Entra feature should they combine with Microsoft Intune?

Question 334hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. An administrator runs the Azure CLI commands shown. What is the purpose of these commands?

Network Topology
service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRETaz logintenant $ARM_TENANT_IDRefer to the exhibit.```azurecliecho $ARM_CLIENT_IDecho $ARM_TENANT_ID```
Question 335mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID for identity management. You need to ensure that users can sign in using their existing Facebook accounts without creating a separate Microsoft Entra ID account. What should you configure?

Question 336hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company is implementing a Microsoft Entra ID tenant for a new subsidiary. They require that all users authenticate using passwordless methods, specifically the Microsoft Authenticator app. What is the minimum configuration required to enforce this?

Question 337easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization is implementing a Zero Trust security model. Which Microsoft Entra ID capability helps verify the identity of users before granting access to resources?

Question 338mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A company uses Microsoft Entra ID and requires that all guest users from a partner organization must sign in using Microsoft Authenticator for MFA. The partner organization manages their own identities. What should you configure?

Question 339hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and Microsoft Intune. You need to ensure that only managed compliant devices can access corporate email via Outlook mobile app. What is the most efficient approach?

Question 340easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user reports that they cannot sign in to Microsoft Entra ID because they forgot their password. Which Microsoft Entra ID feature allows them to reset their password without contacting IT support?

Question 341mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company wants to use Microsoft Entra ID to provide single sign-on (SSO) to a SaaS application that supports SAML 2.0. What should you configure in Microsoft Entra ID?

Question 342hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization implements a Microsoft Entra ID tenant with a custom domain (contoso.com). You need to ensure that all users are assigned a unique user principal name (UPN) based on their email address. What should you do?

Question 343easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

A user is locked out of their account due to multiple failed sign-in attempts. Which Microsoft Entra ID feature can automatically block suspicious sign-in attempts based on risk?

Question 344mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO Microsoft Entra ID features can be used to protect against credential theft? (Choose two.)

Question 345hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE capabilities are part of Microsoft Entra ID Governance? (Choose three.)

Question 346easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO scenarios are addressed by Microsoft Entra ID Protection? (Choose two.)

Question 347hardmultiple choice
Read the full NAT/PAT explanation →

You are the identity administrator for a multinational company using Microsoft Entra ID. The company has a Microsoft 365 E5 subscription. The security team wants to enforce the following requirements:

1. All users must use multi-factor authentication (MFA) when accessing sensitive applications (e.g., finance app). 2. Users from the IT department must use passwordless authentication methods (e.g., Windows Hello for Business) when accessing any resource. 3. All access to sensitive applications must be logged and monitored for anomalous activity. 4. Guest users from partner organizations must be automatically reviewed quarterly to ensure they still need access. 5. The company wants to minimize administrative overhead by automating as much as possible.

You need to design a solution that meets these requirements using Microsoft Entra ID capabilities. Which combination of actions should you take?

Question 348mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID for identity management. You need to ensure that users can sign in using their existing social media accounts, such as Google or Facebook, while maintaining security and compliance with conditional access policies. What should you configure?

Question 349easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company is implementing a passwordless authentication strategy. You want users to be able to sign in using the Microsoft Authenticator app on their mobile devices. Which Microsoft Entra feature should you enable?

Question 350hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Refer to the exhibit. The JSON shows a conditional access policy in Microsoft Entra ID. A user signs in from a trusted location using a browser. Which controls will be enforced?

Exhibit

{
  "policy": {
    "conditions": {
      "users": { "includeUsers": ["All"] },
      "locations": {
        "includeLocations": ["AllTrusted"]
      },
      "clientAppTypes": ["browser", "mobileAppsAndDesktopClients"]
    },
    "grantControls": {
      "builtInControls": ["mfa"],
      "termsOfUse": ["terms-of-use-id"]
    },
    "sessionControls": {
      "signInFrequency": {
        "value": 1,
        "type": "hours"
      },
      "applicationEnforcedRestrictions": null,
      "cloudAppSecurity": {
        "cloudAppSecurityType": "monitorOnly",
        "isEnabled": true
      }
    }
  }
}
Question 351mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID. You need to ensure that only users from the finance department can access a sensitive application, and they must be granted access dynamically based on their department attribute. What should you configure?

Question 352easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization is using Microsoft Entra ID. You want to provide a single sign-on (SSO) experience for users accessing multiple SaaS applications. Which feature should you implement?

Question 353hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization has implemented Microsoft Entra ID Governance. You need to review and attest to the access rights of users in a specific group every quarter. The group contains both direct members and members from nested groups. Which Microsoft Entra feature should you use to automate this review?

Question 354mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company uses Microsoft Entra ID. You need to monitor and detect suspicious sign-in activities, such as sign-ins from anonymous IP addresses or unfamiliar locations. Which Microsoft Entra feature provides this capability?

Question 355hardmultiple choice
Read the full NAT/PAT explanation →

Your organization uses Microsoft Entra ID. You need to ensure that when a user is terminated, all access to SaaS applications is automatically revoked. What should you configure?

Question 356mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and Microsoft Defender for Cloud Apps. You want to monitor and control the use of cloud apps by enforcing session policies, such as preventing downloads from unmanaged devices. Which integration should you use?

Question 357easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO of the following are authentication methods supported by Microsoft Entra ID?

Question 358mediummulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE of the following are capabilities of Microsoft Entra ID Governance?

Question 359hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE of the following are identity protection features in Microsoft Entra ID Protection?

Question 360hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization, Contoso, uses Microsoft Entra ID for identity management. The security team has recently identified that several users have had their credentials compromised. You need to implement a solution that automatically enforces a password change for high-risk users and blocks sign-ins from risky locations. Additionally, you want to allow users to self-remediate by changing their password when they are at medium risk. You have the following requirements: - Users detected as high risk must be blocked from signing in until an administrator resets their password. - Users detected as medium risk must be prompted to change their password via self-service password reset before they can access resources. - All risk detections must be logged and reported to the security team. - The solution must use built-in Microsoft Entra capabilities without third-party tools.

Which of the following actions should you take to meet the requirements?

Question 361mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization, Fabrikam, has recently merged with another company. You need to provide seamless access to resources for users from both companies while maintaining separate identity directories. The users from the acquired company have their own Microsoft Entra ID tenant. You need to enable them to access applications in your tenant using their existing corporate credentials, without creating new accounts. Additionally, you want to enforce conditional access policies from your tenant for these users. Which approach should you use?

Question 362mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID and Microsoft Intune. You need to implement a solution that ensures only compliant devices can access corporate applications. Devices must be enrolled in Intune and meet compliance policies (e.g., disk encryption enabled, antivirus running). Additionally, you require that users must authenticate with multi-factor authentication (MFA) when accessing sensitive applications from non-compliant devices, even if the user is compliant. The solution must use a single policy where possible. What should you configure?

Question 363mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID P2 and wants to reduce the risk of identity compromise by requiring multifactor authentication (MFA) for all users, but excluding users when they are on the corporate network. Which policy type should you configure?

Question 364easymulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which TWO capabilities are part of Microsoft Entra ID? (Choose two.)

Question 365hardmulti select
Read the full Describe the capabilities of Microsoft Entra explanation →

Which THREE are features of Microsoft Entra ID Governance? (Choose three.)

Question 366mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are evaluating the Conditional Access policy JSON exhibit. The policy includes MFA for Exchange Online but excludes trusted locations. A user reports that they are prompted for MFA when accessing webmail from a trusted IP address. Which is the most likely cause?

Exhibit

Refer to the exhibit.
{
  "conditions": {
    "users": {
      "includeUsers": ["All"]
    },
    "applications": {
      "includeApplications": ["Office 365 Exchange Online"]
    },
    "locations": {
      "includeLocations": ["AllTrusted"]
    }
  },
  "grantControls": {
    "builtInControls": ["mfa"]
  }
}
Question 367hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

You are the identity administrator for Contoso Ltd., a global company with over 10,000 employees. The company uses Microsoft Entra ID P2 and Microsoft Intune. Employees use both company-owned and personal devices. The security team requires that all access to corporate applications be protected with multifactor authentication (MFA). However, to minimize user friction, they want to exempt MFA for users who are on the corporate network and using compliant devices. Additionally, for users with privileged roles (e.g., Global Administrator), MFA must always be required regardless of location or device. You need to configure a Conditional Access policy to meet these requirements. Which of the following approaches should you take?

Question 368hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization, Fabrikam Inc., is migrating from on-premises Active Directory to Microsoft Entra ID. You have a custom line-of-business (LOB) application that uses Windows Integrated Authentication (WIA) and requires Kerberos delegation. The application will be hosted on Azure VMs. You need to enable users to sign in to the LOB application using their Microsoft Entra ID credentials without exposing the application to the internet. Which approach should you use?

Question 369mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company, Wingtip Toys, uses Microsoft Entra ID with a free license. You have a third-party SaaS application that supports Security Assertion Markup Language (SAML) 2.0. You need to enable single sign-on (SSO) for users to access this application. However, the app requires attributes like department and employee ID in the SAML token. You also need to ensure that only users from a specific security group can access the app. What should you do?

Question 370easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID P1. You need to implement a solution that allows users to reset their own passwords without administrator intervention. The solution must also enforce a policy that requires users to verify their identity with two methods before resetting. What should you configure?

Question 371mediummultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your company, Proseware, uses Microsoft Entra ID P2. You have a custom application that integrates with Microsoft Graph API to read user profiles. The application uses client credentials flow (application permissions). You need to ensure that the application can only read user profiles and not perform any other operations. Additionally, you want to review and approve the permissions periodically. What should you do?

Question 372easymultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization uses Microsoft Entra ID free tier. You need to synchronize user accounts from your on-premises Active Directory to the cloud. You also need to synchronize password hashes so that users can use the same password for cloud and on-premises resources. Which tool should you use?

Question 373hardmultiple choice
Read the full Describe the capabilities of Microsoft Entra explanation →

Your organization, Contoso, uses Microsoft Entra ID P2. You have a Microsoft Entra tenant with several privileged roles including Global Administrator, Exchange Administrator, and SharePoint Administrator. The security team wants to enforce just-in-time (JIT) access for these roles, requiring users to request activation and get approval before they can use the role. Additionally, all activations must be logged and reviewed monthly. What should you configure?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

SC-900 Practice Test 1 — 10 Questions→SC-900 Practice Test 2 — 10 Questions→SC-900 Practice Test 3 — 10 Questions→SC-900 Practice Test 4 — 10 Questions→SC-900 Practice Test 5 — 10 Questions→SC-900 Practice Exam 1 — 20 Questions→SC-900 Practice Exam 2 — 20 Questions→SC-900 Practice Exam 3 — 20 Questions→SC-900 Practice Exam 4 — 20 Questions→Free SC-900 Practice Test 1 — 30 Questions→Free SC-900 Practice Test 2 — 30 Questions→Free SC-900 Practice Test 3 — 30 Questions→SC-900 Practice Questions 1 — 50 Questions→SC-900 Practice Questions 2 — 50 Questions→SC-900 Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Describe the capabilities of Microsoft EntraDescribe the capabilities of Microsoft security solutionsDescribe the capabilities of Microsoft compliance solutionsDescribe the concepts of security, compliance, and identity

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Describe the capabilities of Microsoft Entra setsAll Describe the capabilities of Microsoft Entra questionsSC-900 Practice Hub