Suggested Answer:
Box 1: A synced user account - Need to use a synched user account. Incorrect: * Not A user account in the fabrikam.onmicrosoft.com tenant The Contoso developers must use their existing contoso.onmicrosoft.com credentials to access the resources in Sub1. * Guest accounts would not meet the requirements. Note: Developers at Contoso will connect to the resources of Fabrikam to test or update applications. The developers will be added to a security group named ContosoDevelopers in fabrikam.onmicrosoft.com that will be assigned to roles in Sub1. The ContosoDevelopers group is assigned the db_owner role for the ClaimsDB database.
Contoso Developers Requirements - Fabrikam identifies the following requirements for the Contoso developers: Every month, the membership of the ContosoDevelopers group must be verified. The Contoso developers must use their existing contoso.onmicrosoft.com credentials to access the resources in Sub1. The Contoso developers must be prevented from viewing the data in a column named MedicalHistory in the ClaimDetails table.
Box 2: An access review - Scenario: Every month, the membership of the ContosoDevelopers group must be verified. Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access. Access review is part of Azure AD Identity governance. Reference: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/synchronization https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
“The Contoso devlopers must use their existing contoso.onmicrosoft.com credentials…”, so I believe the Account type for developers has to be A guest account in the fabrikham.onmicrosoft.com tenant.
This is a B2B question
Collaborate with any partner using their identities
With Microsoft Entra B2B, the partner uses their own identity management solution, so there's no external administrative overhead for your organization. Guest users sign in to your apps and services with their own work, school, or social identities.
The partner uses their own identities and credentials, whether or not they have a Microsoft Entra account.
You don't need to manage external accounts or passwords.
You don't need to sync accounts or manage account lifecycles.
No doubt this is B2B related but we need to pick an answer with the given choices. It can be synced accts since there's no AD connect mentioned and these are two separate organizations, so it has to be a guest acct in the Fabrikham AAD Tenanat. Sounds alright?
Box1: A guest account in the fabrikham.onmicrosoft.com tenant
Requirements. Contoso Developers Requirements
Fabrikam identifies the following requirements for the Contoso developers:
The Contoso developers must use their existing contoso.onmicrosoft.com credentials to
access the resources in Sub1.
Box2: An access review
Requirements. Contoso Developers Requirements
Fabrikam identifies the following requirements for the Contoso developers:
Every month, the membership of the ContosoDevelopers group must be verified.
"The developers will be added to a security group named
ContosoDevelopers in fabrikam.onmicrosoft.com that will be assigned to roles in Sub1." Q: why would Contoso developers need guest accounts on fabrikam.onmicrosoft.com tenant if they are already members of ContosoDevelopers on that tenant? I am a bit confused - does it mean that the developers will have the guest accounts added to the ContosoDevelopers in fabrikam.onmicrosoft.com?
1. Guest account in fabrikam.onmicrosoft.com tenant
2. Access review
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b
Azure Active Directory (Azure AD) B2B collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with external users, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Azure AD or an IT department.
https://learn.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
Access reviews in Azure Active Directory (Azure AD), part of Microsoft Entra, enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed regularly to make sure only the right people have continued access.
Identity Governance components include:
A connected organization (option A)
An access package (option B)
An Azure AD role (option D)
An Azure resource role (option E)
Therefore, option A or B would be a more appropriate answer for the second question.
Access reviews are part on Identity Governance (identity lifecycle management)
Hence answer for second question is Access Review as per requirement
https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview
A guest account in the fabrikam.com Tenant -> https://learn.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal
The only answers that make sense, are "a guest account in the fabrikam.onmicrosoft.com" tenant and "an access reviews" from what I understand in order to meet all requirements.
Contoso has their own AAD Tenant, thus their developers already in the Contoso tenant. An identity can't be homed in 2 different tenants, so how come to Sync developer accounts into Fabrikam? The first box should definitely be B2B Guest.
This section is not available anymore. Please use the main Exam Page.SC-100 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SkippyTheMagnificent
Highly Voted 2 years, 3 months agoDomza
5 months agoJakeCallham
2 years, 1 month agoIT_Nerd31
Highly Voted 2 years, 1 month agoMurtuza
Most Recent 11 months agoRamye
10 months, 3 weeks agoRamye
10 months, 3 weeks agoslobav
1 year, 2 months agoslobav
1 year, 2 months agoMaciekMT
1 year, 4 months agoConanBarb
1 year, 2 months agozellck
1 year, 6 months agozellck
1 year, 6 months agoFal991l
1 year, 8 months agoNian
6 months, 3 weeks agodrod
2 years, 1 month agoCurious76
2 years, 2 months agoJCkD4Ni3L
2 years, 2 months agosavas_soc
2 years, 3 months agoPlumpyTumbler
2 years, 3 months ago