Overview

The question does ask which tool should you run FIRST. The scenario is "Unhealthy Identity Synchronization Notification"

The error "Unhealthy Identity synchronization" means the server running the DirSync tool (Azure AD Connect), either the credentials have become invalid or the server is offline and can't establish the connection between AD (On-premise) and Azure AD. Since you have already uninstalled various components from on premise server, you don't have to worry.

There are two tools to run first to do delta sync 1 - Azure AD Connect wizard 2 - Start-ADSyncSyncCycle cmdlet

Correct enforcing MFA for e.g. unfamiliar locations is done with sign-in risk policies. in User risk, you can only force password change, which is useless if the account is already hacked.

1. User risk represents the probability that a given identity or account is compromised.
2. Sign-in risk represents the probability that a given authentication request isn’t authorized by the identity owner.

For both risk types, you can set up policies to let users remediate the risk. Users with a risky sign-in can self-remediate by satisfying the MFA challenge. Users that trigger the user risk policy, can be blocked or forced to reset their password.

References:

Close the gap. Azure AD Identity Protection & Conditional Access.

References:

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies

Upon completion settings is the correct answer To specify what happens after a review completes, expand the Upon completion settings section

The question states "Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days" so frequency is set to weekly.

The question is about auditing and this can be met by checking Sign-ins. There are other security requirements where you could use other tools/blades, but the question is only about auditing. "The location of the user administrators must be audited when the administrators authenticate to Azure AD"

The Sign-ins view includes all user sign-ins, as well as the Application Usage report. You also can view application usage information in the Manage section of the Enterprise applications overview.

Incorrect answer. The question states "Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Admin1 is not a  Global Administrators hence as per policy permanent assignment should be changed to eligible.

Eligible assignments require the member of the role to perform an action to use the role. Actions might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.

With Azure Active Directory (Azure AD), a Global administrator can make permanent Azure AD admin role assignments which in our scenario should only be applicable with global administrator.