Exam-Answer

Home / Microsoft / AZ-300 / Question 39

Prev Question
Next Question

Question 39

You plan to enable Azure Active Directory (AD) Identity Protection for your company. The configuration must include the following:

* A role that allows full access to Identity Protection but without resetting passwords for users

* A policy that will analyze user sign-in and learn typical user behavior

Which role and policy will meet these requirements? Choose all that apply:

Answers


Advertisement

Explanation (click to expand)

You should recommend the Security administrator role. This role provides full access to Identity Protection but cannot reset user passwords.

You should not recommend the Global administrator role. This role has a full access to Identity Protection but can reset user passwords.

You should not recommend the Security reader role. This role has read-only access to Identity Protection and cannot configure policies or reset passwords.

You should recommend a user risk policy. With this type of policy, Azure AD analyzes each user's sign-in so it can detect suspicious actions (risk events) related to the sign-in. After a particular learning period, the system can learn typical user behavior.

You should not recommend an MFA registration policy. This type of policy provides a second layer of security to user sign-ins and transactions, but it does not analyze user sign-ins and learn typical user behavior.

You should not recommend a sign-in policy. This type of policy is used to define a response for a specific sign-in risk level. It does not analyze user sign-in or learn typical user behavior.

References (click to expand)

Prev Question
Next Question

Load more