Lockbox, risk policies, access review, and JIT

Question 1

Your organization has a Microsoft 365 tenant. Your manager has asked you to re-configure the Microsoft 365 tenant to meet the following security requirements: Admins need to be informed when the Security administrator role is activated. Users assigned the Security Administrator role need to be automatically removed if they don't log in for 30 days. Which Azure AD PIM setting should you re-configure to meet the security requirements.

Question 2

your organization has a Microsoft 365 tenant with the following users. 📷 Your organization has implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). From PIM, you see the Application Administrator role has the following users. 📷 PIM is configured to use the following settings for users with the Application Administrator role assigned. Require approval to activate: Yes Approvers: None Check the box next to each true statement.

Question 3

Your organization uses Microsoft 365. Your organization has recently purchased and applied Microsoft 365 E5 licenses for every user. Your manager has been tasked with securing the Microsoft 365 tenant. He has configured Customer Lockbox to require Microsoft 365 engineers to request your permission to access data in your tenant. Your manager has asked you to teach everyone how to approve Customer Lockbox requests. Where can you go to approve Customer Lockbox requests?

Question 4

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. 📷 You create and enforce an Azure AD Identity Protection user risk policy that has the following settings: Assignments: Include Group1, Exclude Group2 Conditions: Sign-in risk of Low and above Access: Allow access, Require password change You need to identify how the policy affects User1 and User2. What occurs when User1 and User2 sign in from an unfamiliar location?

Question 5

Access to the Azure AD admin center by any user administrators must be reviewed monthly. The user must lose access if they don't respond within 7 days of the access request. You create an access review policy and specify the scope and group. What other settings do you need to configure?

Question 6

You have a Microsoft 365 tenant with Microsoft 365 E5 licenses. A user named John Gruber is configured to receive alerts from Azure AD Identity Protection as shown below. Your tenant contains the following users. 📷 The user sign-in log is shown below 📷 Select Yes if the statement is true. If the statement is not true select No.

Question 7

Your manager has asked you to configure the following in Microsoft 365. Set guest access to be reviewed every 30 days. Grant John Gruber the ability to invite guests to the Microsoft 365 tenant. Your organization adheres to the principle of least privilege. What should you do?

Question 8

your organization has a Microsoft 365 tenant that contains the following users. 📷 You configure an Azure AD Identity Protection sign-in risk policy with the following settings: Assigned to Group1 and excludes Group2. Only apply if the user risk level is medium or above. If the user risk level is medium or above allow access but require a password change. The risk level for each user is shown below. 📷 Which users will be required to change their password?

Question 9

You have a Microsoft 365 E5 subscription that contains the users shown in the following table. 📷 Your organization has Customer Lockbox enabled. Which admins will receive a notification when a Microsoft engineer requests access to your organization?

GitBit

Lockbox, risk policies, access review, and JIT

Questions for this test