You have an Azure subscription named Subscription1 that is used by several departments at your company. Subscription1 contains the resources in the following table. Name Type Storage1 Storage Account RG1 Resource Group Container1 Blob Container Share1 File Share Another administrator deploys a virtual machine named VM1 and an Azure Storage account named Storage2 by using a single Azure Resource Manager template. You need to view the template used for the deployment. From which blade can you view the template that was used for the deployment? A. Container1 B. VM1 C. Storage2 D. RG1 Answer D: Choose 'Deployments' from the Resource Group blade You have two subscriptions named Subscription1 and Subscription2. Each subscription is associated to a different Azure AD tenant. Subscription1 contains a virtual network named VNet1. VNet1 contains an Azure virtual machine named VM1 and has an IP address space of 10.0.0.0/16. Subscription2 contains a virtual network named VNet2. Vnet2 contains an Azure virtual machine named VM2 and has an IP address space of 10.10.0.0/24. You need to connect VNet1 to VNet2. What should you do first? A. Modify the IP address space of VNet2. B. Move VM1 to Subscription2. C. Provision virtual network gateways. D. Move VNet1 to Subscription2. Answer: C As tubadc linked ... vnet peering or gateways ... gateway was the only option given. You have an Azure Active Directory (Azure AD) tenant. You have an existing Azure AD conditional access policy named Policy1. Policy1 enforces the use of Azure AD-joined devices when members of the Global Administrators group authenticate to Azure AD from untrusted locations. You need to ensure that members of the Global Administrators group will also be forced to use multifactor authentication when authenticating from untrusted locations. What should you do? A. From the Azure portal, modify session control of Policy1. B. From multi-factor authentication page, modify the user settings. C. From multi-factor authentication page, modify the service settings. D. From the Azure portal, modify grant control of Policy1. D is correct. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/controls You have an Azure subscription named Subscription1 that contains an Azure virtual machine named VM1. VM1 is in a resource group named RG1. VM1 runs services that will be used to deploy resources to RG1. You need to ensure that a service running on VM1 can manage the resources in RG1 by using the identity of VM1. What should you do first? A. From the Azure portal, modify the Access control (IAM) settings of RG1. B. From the Azure portal, modify the Policies settings of RG1. C. From the Azure portal, modify the Access control (IAM) settings of VM1. D. From the Azure portal, modify the value of the Managed Service Identity option for VM1. Its "D" Reason - "manage the resources in RG1 by using the identity of VM1" It never says that managed identity is enabled. Process is : 1. Enable Managed Identity on VM. 2. Modify IAM. 3. Enable Required Access You configure Azure AD Connect for Azure Active Directory Seamless Single Sign-On (Azure AD Seamless SSO) for an on-premises network. Users report that when they attempt to access myapps.microsoft.com, they are prompted multiple times to sign in and are forced to use an account name that ends with onmicrosoft.com. You discover that there is a UPN mismatch between Azure AD and the on-premises Active Directory. You need to ensure that the users can use single-sign on (SSO) to access Azure resources. What should you do first? A. From on-premises network, deploy Active Directory Federation Services (AD FS). B. From Azure AD, add and verify a custom domain name. C. From on-premises network, request a new certificate that contains the Active Directory domain name. D. From the server that runs Azure AD Connect, modify the filtering options. Answer is B https://docs.microsoft.com/bs-latn-ba/azure/active-directory/hybrid/tshoot-connect-objectsync#upnsuffix-is-not-verified-with-azure-ad-tenant You have an Active Directory forest named contoso.com. You install and configure AD Connect to use password hash synchronization as the single sign-on(SSO) method. Staging mode is enabled. You review the synchronization results and discover that the Synchronization Service Manager does not display any sync jobs. You need to ensure that the synchronization completes successfully. What should you do? A. From Azure PowerShell, run Start-AdSyncSycnCycle ""PolicyType Initial. B. Run Azure AD Connect and set the SSO method to Pass-through Authentication. C. From Synchronization Service Manager, run a full import. D. Run Azure AD Connect and disable staging mode. D You have an Azure Active Directory (Azure AD) tenant that has the initial domain name.You have a domain name of contoso.com registered at a third-party registrar.You need to ensure that you can create Azure AD users that have names containing a suffix of @contoso.com.Which three actions should you perform in sequence? To answer, move the appropriate cmdlets from the list of cmdlets to the answer area and arrange them in the correct order.Select and Place: There is no reference about what has to be moved but my guess is it is cmdlets. 1) New-AzureADDomain Creates a custom domain in Azure AD 2) Get-AzureADDomainVerificationDnsRecord Retrieve the domain verification DNS record from Azure for a custom domain < make> 3) Confirm-AzureADDomain Validate the ownership of a domain. You have an Azure subscription that contains 100 virtual machines. You regularly create and delete virtual machines.