Microsoft Cybersecurity Architect — Question 14

You have a Microsoft 365 subscription.

You are designing a user access solution that follows the Zero Trust principles of the Microsoft Cybersecurity Reference Architectures (MCRA).

You need to recommend a solution that automatically restricts access to Microsoft Exchange Online, SharePoint Online, and Teams in near-real-time (NRT) in response to the following Azure AD events:

• A user account is disabled or deleted.
• The password of a user is changed or reset.
• All the refresh tokens for a user are revoked.
• Multi-factor authentication (MFA) is enabled for a user.

Which two features should you include in the recommendation? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answer options

• A. continuous access evaluation
• B. Azure AD Application Proxy
• C. a sign-in risk policy
• D. Azure AD Privileged Identity Management (PIM)
• E. Conditional Access

Correct answer: A, E

Explanation

The correct answers are A and E because continuous access evaluation allows for real-time access control adjustments based on user events, while Conditional Access can enforce policies based on those events. The other options, while useful in different contexts, do not directly provide the near-real-time restrictions needed for the specified scenarios.