MS-101: Microsoft 365 Mobility And Security

  • ISO/IEC 27001
  • NIST SP 800-53
Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Blaatlama
B
Blaatlama
Community Contributor
Quizzes Created: 1 | Total Attempts: 244
| Attempts: 244 | Questions: 128
Please wait...
Question 1 / 129
0 %
0/100
Score 0/100
1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. You have a Microsoft 365 subscription.  You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization. You need to be notified if the SharePoint sharing policy is modified in the future.  Solution: From the Security & Compliance admin center, you create a threat management policy. Does this meet the goal? 

Explanation

This should be covered with an alert policy.

 

Submit
Please wait...
About This Quiz
MS-101: Microsoft 365 Mobility And Security - Quiz

The actual exam questions based on the excellent "Examtopics" website: https://www. Examtopics. Com/exams/microsoft/ms-101/view/1

Tell us your name to personalize your report, certificate & get on the leaderboard!
2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. You are deploying Microsoft Intune. You successfully enroll Windows 10 devices in Intune. When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You add your user account as a device enrollment manager. Does this meet the goal?

Explanation

You need the Apple MDM push certificate.

Submit
3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are deploying Microsoft Intune. You successfully enroll Windows 10 devices in Intune. When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You configure the Mobility (MDM and MAM) settings. Does this meet the goal?

Explanation

Configuring the Mobility (MDM and MAM) settings alone will not resolve the issue of enrolling an iOS device in Intune. The error could be due to various reasons such as incorrect configuration, incompatible device, or network connectivity issues. Therefore, the given solution does not meet the goal of enrolling the iOS device in Intune.

Submit
4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You are deploying Microsoft Intune. You successfully enroll Windows 10 devices in Intune. When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You create the Mobility (MDM and MAM) settings. Does this meet the goal?

Explanation

You require an Apple MDM push certificate setup

https://www.inthecloud247.com/how-to-start-with-ios-user-enrollment-using-microsoft-intune/

Submit
5. Your company has 5,000 Windows 10 devices. All the devices are protected by using Windows Defender Advanced Threat Protection (ATP). You need to view which Windows Defender ATP alert events have a high severity and occurred during the last seven days. What should you use in Windows Defender ATP?

Explanation

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection



https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/automated-investigations
Submit
6. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD). You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure pilot co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1. You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: You create a device configuration profile from the Intune admin center. Does this meet the goal?

Explanation

The correct answer should be that the new device needs to be added into a pilot collection in configuration manager, since the question clearly states that this scenario is a pilot co-management scenario. Reference: https://docs.microsoft.com/en-us/configmgr/comanage/tutorial-co-manage-clients



Specifically, please have a look at the section called "enable co-management in configuration manager" in the article above.



Reference: https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable

 

Submit
7. You have a Microsoft 365 subscription. You have a user named User 1. You need to ensure that User 1 can place a hold on all mailbox content. Which role should you assign to User1?

Explanation

https://docs.microsoft.com/en-us/Exchange/permissions/feature-permissions/policy-and-compliance-permissions?view=exchserver-2019
Submit
8. From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.) You need to reduce the likelihood that the sign-ins are identified at risky. What should you do?

Explanation

References:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

Submit
9. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network. Solution: From the Microsoft 365 admin center, you configure the Organization profile settings. Does this meet the goal?

Explanation

Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.



References:

https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Online-and-OneDrive-for/ba-p/46678

Submit
10. You have a Microsoft 365 subscription. All users are assigned a Microsoft 365 E3 license. You enable auditing for your organization. What is the maximum amount of time data will be retained in the Microsoft 365 audit log?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance
Submit
11. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD). You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure pilot co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1. You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: You unjoin Device1 from the Active Directory domain.. Does this meet the goal?

Explanation

The correct answer should be that the new device needs to be added into a pilot collection in configuration manager, since the question clearly states that this scenario is a pilot co-management scenario. Reference: https://docs.microsoft.com/en-us/configmgr/comanage/tutorial-co-manage-clients



Specifically, please have a look at the section called "enable co-management in configuration manager" in the article above.



Reference: https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable

 

Submit
12. You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create a content search of all the mailboxes that contain the work ProjectX. You need to export the results of the content search. What do you need to download the report?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results
Submit
13. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You have three applications named App1, App2, and App3 that have the same file format. Your company uses Windows Information Protection (WIP). WIP has the following configurations: ✑ Windows Information Protection mode: Silent ✑ Protected apps: App1 ✑ Exempt apps: App2 From App1, you create a file named File1. What is the effect of the configurations? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

Explanation

The given configurations in Windows Information Protection (WIP) mode will have the following effects:
- App1, App2, and App3 will be protected by WIP.
- App3 will be the only app exempted from WIP protection.
Therefore, the correct answer is that App1, App2, and App3 will be affected by the configurations, and App3 will be the only app that is exempted from WIP protection.

Submit
14. You have Windows 10 Pro devices that are joined to an Active Directory domain.You plan to create a Microsoft 365 tenant and to upgrade the devices to Windows 10 Enterprise. You are evaluating whether to deploy Windows Hello for Business for SSO to Microsoft 365 services. What are two prerequisites of the deployment? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Explanation

References:

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs



https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base

Submit
15. Your company uses Microsoft Cloud App Security. You plan to integrate Cloud App Security and security information and event management (SIEM).You need to deploy a SIEM agent on a server that runs Windows Server 2016. What should you do? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/nl-nl/cloud-app-security/siem#step-2-download-the-jar-file-and-run-it-on-your-server
Submit
16. You plan to allow users from the engineering department to enroll their mobile device in mobile device management (MDM). The device type restrictions are configured as shown in the following table. The device limit restrictions are configured as shown in the following table. What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/intune/enrollment-restrictions-set



https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set#change-enrollment-restriction-priority
Submit
17. You have a Microsoft Azure Active Directory (Azure AD) tenant. The organization needs to sign up for Microsoft Store for Business. The solution must use the principle of least privilege. Which role should you assign to the user?​​​​​​

Explanation

https://docs.microsoft.com/en-us/microsoft-store/sign-up-microsoft-store-for-business
Submit
18. You have a Microsoft 365 subscription and an on-premises Active Directory domain named contoso.com. All client computers run Windows 10 Enterprise and are joined to the domain. You need to enable Windows Defender Credential Guard on all the computers. What should you do?

Explanation

https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage
Submit
19. Which of the following is a key feature of Microsoft 365 Mobility that helps ensure secure access to corporate resources from mobile devices?

Explanation

Conditional Access in Microsoft 365 is a security feature that helps organizations control how and when users access corporate resources. It allows administrators to enforce access policies based on conditions like user location, device compliance, and risk levels. This is particularly important in a mobile environment where employees access company data from various devices and locations, ensuring that only compliant and trusted devices can access sensitive information.

Submit
20. You have a Microsoft 365 subscription. Some users have iPads that are managed by your company. You plan to prevent the iPad users from copying corporate data in Microsoft Word and pasting the data into other applications. What should you create?​​​​​

Explanation

https://docs.microsoft.com/en-us/intune/app-protection-policy
Submit
21. Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes - Contoso plans to implement the following changes:
  • Implement Microsoft 365.
  • Manage devices by using Microsoft Intune.
  • Implement Azure Advanced Threat Protection (ATP).
  • Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.
Technical Requirements - Contoso identifies the following technical requirements:
  • When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically.
  • Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.
  • User1 must be able to enroll all the New York office mobile devices in Intune.
  • Azure ATP sensors must be installed and must NOT use port mirroring.
  • Whenever possible, the principle of least privilege must be used.
  • A Microsoft Store for Business must be created.
Compliance Requirements -
  • Contoso identifies the following compliance requirements:
  • Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.
  • Configure Windows Information Protection (WIP) for the Windows 10 devices.
Question: On which server should you install the Azure ATP sensor? ​​​​​

Explanation

The Azure ATP sensor is installed directly on a domain controller to monitor the network traffic.

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning

Submit
22. Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain. You update the Windows 10 devices by using Windows Update for Business. What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb
Submit
23. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. You have a Microsoft 365 subscription. You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization. You need to be notified if the SharePoint sharing policy is modified in the future.  Solution: From the SharePoint admin center, you modify the sharing settings. Does this meet the goal?

Explanation

This should be covered with an alert policy from the security & compliance center https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

Submit
24. From the Security & Compliance admin center, you create a retention policy named Policy1. You need to prevent all users from disabling the policy or reducing the retention period. Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

locking retention policy

https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies#locking-a-retention-policy

Submit
25. You use Microsoft System Center Configuration Manager (Current Branch) to manage devices. Your company uses the following types of devices: ✑ Windows 10 ✑ Windows 8.1 ✑ Android ✑ iOS Which devices can be managed by using co-management?

Explanation

https://docs.microsoft.com/en-us/configmgr/comanage/overview#prerequisites





 
Submit
26. Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch). You have Windows 10 and Windows 8.1 devices. You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

References:

https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-readiness-get-started

https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-get-started

Submit
27. You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.) The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.) Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office. You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege. What should you do?

Explanation

References:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

Submit
28. Your company has a Microsoft 365 E3 subscription. All devices run Windows 10 Pro and are joined to Microsoft Azure Active Directory (Azure AD). You need to change the edition of Windows 10 to Enterprise the next time users sign in to their computer. The solution must minimize downtime for the users. What should you use?

Explanation

References:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

Submit
29. You have computers that run Windows 10 Enterprise and are joined to the domain.You plan to delay the installation of new Windows builds so that the IT department can test application compatibility. You need to prevent Windows from being updated for the next 30 days. Which two Group Policy settings should you configure? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Explanation

New build (new feature) come in as a new Preview Build and/or Feature updates. Quality updates are not introducing "new" Windows features but improving existing features (bug fixes / security patches).



https://www.windowscentral.com/whats-difference-between-quality-updates-and-feature-updates-windows-10

Submit
30. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. You are deploying Microsoft Intune. You successfully enroll Windows 10 devices in Intune. When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You configure the Apple MDM Push certificate. Does this meet the goal?

Explanation

You need the Apple MDM push certificate.

Submit
31. You have a Microsoft 365 tenant. You have a line-of-business application named App1 that users access by using the My Apps portal. After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control. You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only. What should you do?

Explanation

References:

https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-anomaly-detection-policy

Submit
32. Your company has a Microsoft 365 subscription.You implement Microsoft Azure Information Protection. You need to automatically protect email messages that contain the word Confidential in the subject line. What should you create?

Explanation

https://docs.microsoft.com/en-us/azure/information-protection/configure-exo-rules
Submit
33. You have a Microsoft 365 subscription. You need to be notified if users receive email containing a file that has a virus. What should you do?

Explanation

https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/anti-spam-and-anti-malware-protection
Submit
34. Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes - Contoso plans to implement the following changes: Implement Microsoft 365. Manage devices by using Microsoft Intune. Implement Azure Advanced Threat Protection (ATP). Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only. Technical Requirements - Contoso identifies the following technical requirements: When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically. Dedicated support technicians must enroll all the Montreal office mobile devices in Intune. User1 must be able to enroll all the New York office mobile devices in Intune. Azure ATP sensors must be installed and must NOT use port mirroring. Whenever possible, the principle of least privilege must be used. A Microsoft Store for Business must be created. Compliance Requirements - Contoso identifies the following compliance requirements: Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy. Configure Windows Information Protection (WIP) for the Windows 10 devices.QuestionYou need to create the Microsoft Store for Business. Which user can create the store?

Explanation

https://docs.microsoft.com/en-us/microsoft-store/roles-and-permissions-microsoft-store-for-business
Submit
35. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a new Microsoft 365 subscription. You need to prevent users from sending email messages that contain Personally Identifiable Information (PII). Solution: From the Cloud App Security admin center, you create an access policy. Does this meet the goal?

Explanation

The solution mentioned in the scenario does not meet the goal of preventing users from sending email messages that contain Personally Identifiable Information (PII). The Cloud App Security admin center is not specifically designed to create an access policy for preventing PII in email messages. Other solutions, such as implementing data loss prevention (DLP) policies in Exchange Online or using Microsoft Information Protection (MIP) labels and sensitivity labels, would be more suitable for this purpose.

Submit
36. Your company uses Microsoft System Center Configuration Manager (Current Branch) and Microsoft Intune to co-manage devices. Which two actions can be performed only from Intune? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Explanation

References:

https://docs.microsoft.com/en-us/sccm/comanage/overview



https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/create-vpn-profiles

Submit
37. You have a Microsoft 365 tenant. You create a retention label as shown in the Retention Label exhibit. (Click the Retention Label tab.) You create a label policy as shown in the Label Policy Exhibit. (Click the Label Policy tab.) The label policy is configured as shown in the following table. For each of the following statements, select the statement if it is true. NOTE: Each correct selection is worth one point.

Explanation

The label policy shown in the exhibit indicates that any sent email message containing the word "ProjectX" will be retained for six months. This means that the statement "Any sent email message that contains the word ProjectX will be retained for six months" is true.

Submit
38. You have three devices enrolled in Microsoft Intune as shown in the following table. The device compliance policies in Intune are configured as shown in the following table. The device compliance policies have the assignments shown in the following table. For each of the following statements, check the box if the statement is true. Otherwise, leave deselected. NOTE: Each correct selection is worth one point.

Explanation

Device1 is marked as noncompliant after 10 Days: Yes, because Device 1 is member of group 1 and 2, only group 2 is assigned to a policy (policy 2), policy 2 requires Bitlocker, device does not have it so the device will be marked as non compliant after 10 days.



Device2 is marked as noncompliant after 10 Days: Yes, because Device 2 is member of group 2 and 3, only policy 2 requires Bitlocker, therefore Device is marked as non compliant after 10 days.



Device3 is marked as noncompliant after 10 Days: No, because Device 3 is only a member of group 3, group 3 is assigned to Policy 3, policy 3 does not require Bitlocker, so the device will not be marked as non compliant at all, also if it was required it will be after 15 days, not 10 days.

Submit
39. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege. Which role should you assign to the user?

Explanation

References:

https://docs.microsoft.com/en-us/microsoft-store/roles-and-permissions-microsoft-store-for-business



 

Submit
40. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD). You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure pilot co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1. You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: You add Device1 to an Active Directory group. Does this meet the goal?

Explanation

The correct answer should be that the new device needs to be added into a pilot collection in configuration manager rather than an AD Security group, since the question clearly states that this scenario is a pilot co-management scenario. Reference: https://docs.microsoft.com/en-us/configmgr/comanage/tutorial-co-manage-clients



Specifically, please have a look at the section called "enable co-management in configuration manager" in the article above.



Reference: https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable

 

Submit
41. You have a Microsoft 365 tenant. All users are assigned the Enterprise Mobility + Security license. You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Intune automatically. What should you configure?

Explanation

References:

https://docs.microsoft.com/en-us/intune/windows-enroll

Submit
42.
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes: Contoso plans to implement the following changes: Implement Microsoft 365. Manage devices by using Microsoft Intune. Implement Azure Advanced Threat Protection (ATP). Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only. Technical Requirements: Contoso identifies the following technical requirements: When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically. Dedicated support technicians must enroll all the Montreal office mobile devices in Intune. User1 must be able to enroll all the New York office mobile devices in Intune. Azure ATP sensors must be installed and must NOT use port mirroring. Whenever possible, the principle of least privilege must be used. A Microsoft Store for Business must be created. Compliance Requirements: Contoso identifies the following compliance requirements: Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy. Configure Windows Information Protection (WIP) for the Windows 10 devices. Question:- You need to meet the technical requirements and planned changes for Intune. What should you do? To answer, select the appropriate options is the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/intune/windows-enroll
Submit
43. From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Explanation

To require multi-factor authentication when signing into an unfamiliar location, you must create a sign-in risky policy. This policy would identify and flag sign-in attempts from unfamiliar locations as risky, triggering the requirement for multi-factor authentication to provide an additional layer of security.

To avoid generating alerts when signing in to the Montreal location, you would create a named location in Azure AD. By defining Montreal as a named location, sign-ins from this location would be recognized as legitimate and not trigger any alerts or risk events.

Submit
44. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. You have a Microsoft 365 subscription. You need to ensure that users can manage the configuration settings for all the Windows 10 devices in your organization. What should you configure?

Explanation

To ensure that users can manage the configuration settings for all the Windows 10 devices in the organization, you need to configure the mobile device management (MDM) authority. This allows users to manage and control the settings of their Windows 10 devices through the MDM solution. By setting the MDM authority to the Microsoft 365 subscription, users will have the necessary permissions and access to manage the configuration settings for all the Windows 10 devices in the organization.

Submit
45. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. You are deploying Microsoft Intune. You successfully enroll Windows 10 devices in Intune. When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You create an Apple Configurator enrollment profile. Does this meet the goal?

Explanation

You need the Apple MDM push certificate.

Submit
46. Your company has 10 offices. The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet. You discover that one of the offices has the following: ✑ Computers that have several preinstalled applications ✑ Computers that use nonstandard computer names ✑ Computers that have Windows 10 preinstalled ✑ Computers that are in a workgroup You must configure the computers to meet the following corporate requirements: ✑ All the computers must be joined to the domain. ✑ All the computers must have computer names that use a prefix of CONTOSO. ✑ All the computers must only have approved corporate applications installed. You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time. What should you recommend?

Explanation

By using a Provisioning, IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a device. Incorrect Answers: C: With Windows Autopilot the user can set up pre-configure devices without the need consult their IT administrator. D: Use the In-Place Upgrade option when you want to keep all (or at least most) existing applications.

References:

https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios  

https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

Submit
47. You have a Microsoft Office 365 subscription. You need to delegate eDiscovery tasks as shown in the following table. The solution must follow the principle of the least privilege. To which role group should you assign each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

RBAC Roles related to eDiscovery: 

https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-worldwide#rbac-roles-related-to-ediscovery

 












































































RoleCompliance AdministratoreDiscovery Manager & AdministratorOrganization ManagementReviewer
Case ManagementCheck markCheck markCheck mark 
Compliance SearchCheck markCheck markCheck mark 
Export Check mark  
HoldCheck markCheck markCheck mark 
Preview Check mark  
Review Check mark Check mark
RMS Decrypt Check mark  
Search And Purge  Check mark 
     

Submit
48. From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.) What will be excluded from the export?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/export-a-content-search-report
Submit
49. You have a Microsoft 365 subscription. You need to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity during the past month. The solution must minimize administrative effort. Which admin center should you use?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance



If it shouln't contain application info, the answer should be B
Submit
50. ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure -
  • ADatum recently purchased a Microsoft 365 subscription.
  • All user files are migrated to Microsoft 365.
  • All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
  • Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
  • ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements - ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals -
  • ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
  • ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements - ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance.
  • Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: Which report should the New York office auditors view?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
Submit
51. Overview - Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes - Contoso plans to implement the following changes: Implement Microsoft 365. Manage devices by using Microsoft Intune. Implement Azure Advanced Threat Protection (ATP). Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only. Technical Requirements - Contoso identifies the following technical requirements: When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically. Dedicated support technicians must enroll all the Montreal office mobile devices in Intune. User1 must be able to enroll all the New York office mobile devices in Intune. Azure ATP sensors must be installed and must NOT use port mirroring. Whenever possible, the principle of least privilege must be used. A Microsoft Store for Business must be created. Compliance Requirements - Contoso identifies the following compliance requirements: Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy. Configure Windows Information Protection (WIP) for the Windows 10 devices.QuestionHOTSPOT - You need to meet the Intune requirements for the Windows 10 devices. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:

Explanation

https://docs.microsoft.com/en-us/intune/windows-enroll
Submit
52. You have a Microsoft 365 subscription. Your company purchases a new financial application named App1. From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that many applications have a low score because they are missing information about domain registration and consumer popularity. You need to prevent the missing information from affecting the score. What should you configure from the Cloud Discover settings?

Explanation

https://docs.microsoft.com/en-us/cloud-app-security/risk-score#customizing-the-risk-score
Submit
53. You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create a content search of a mailbox. You need to view the content of the mail messages found by the search as quickly as possible. What should you select from the Content search settings?

Explanation

There is no "˜View Results" option. You can preview results but that will only show up to 100 emails. To guarantee you're getting all results, you'll need to export them to a PST file.



References:

https://docs.microsoft.com/en-us/microsoft-365/compliance/limits-for-content-search

Submit
54. You are testing a data loss prevention (DLP) policy to protect the sharing of credit card information with external users. During testing, you discover that a user can share credit card information with external users by using email. However, the user is prevented from sharing files that contain credit card information by using Microsoft SharePoint Online. You need to prevent the user from sharing the credit card information by using email and SharePoint. What should you configure?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
Submit
55. You have a Microsoft 365 subscription. You need to view the IP address from which a user synced a Microsoft SharePoint library. What should you do?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance
Submit
56. Your company has a Microsoft 365 E5 subscription. Users in the research department work with sensitive data. You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted. What should you do from the Security & Compliance admin center?

Explanation

References:

https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-atp-safe-links-policies#policies-that-apply-to-specific-email-recipients

Submit
57. The users at your company use Dropbox to store documents. The users access Dropbox by using the MyApps portal. You need to ensure that user access to Dropbox is authenticated by using a Microsoft 365 identity. The documents must be protected if the data is downloaded to an untrusted device. What should you do?

Explanation

not-available-via-ai

Submit
58. HOTSPOT - You configure an anti-phishing policy as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Explanation

If a message is identified as a domain impersonation: Answer> The message is moved to the deleted Items folder
To reduce the likelihood of the impersonation policy generating false positives, configure: Answer Mailbox Intelligence

Submit
59. Your company uses Microsoft Azure Advanced Threat Protection (ATP) and Windows Defender ATP. You need to integrate Windows Defender ATP and Azure ATP. What should you do?

Explanation

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/integrate-wd-atp
Submit
60. Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The company purchases a cloud app named App1 that supports Microsoft Cloud App Security monitoring. You configure App1 to be available from the My Apps portal. You need to ensure that you can monitor App1 from Cloud App Security. What should you do?

Explanation

https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-any-app
Submit
61. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network. Solution: From the Device Management admin center, you create a trusted location and a compliance policy Does this meet the goal?

Explanation

Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.



References:

https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Online-and-OneDrive-for/ba-p/46678

Submit
62. Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes - Contoso plans to implement the following changes:
  • Implement Microsoft 365.
  • Manage devices by using Microsoft Intune.
  • Implement Azure Advanced Threat Protection (ATP).
  • Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.
Technical Requirements - Contoso identifies the following technical requirements:
  • When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically.
  • Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.
  • User1 must be able to enroll all the New York office mobile devices in Intune.
  • Azure ATP sensors must be installed and must NOT use port mirroring.
  • Whenever possible, the principle of least privilege must be used.
  • A Microsoft Store for Business must be created.
Compliance Requirements - Contoso identifies the following compliance requirements:
  • Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.
  • Configure Windows Information Protection (WIP) for the Windows 10 devices.
Question: You need to meet the compliance requirements for the Windows 10 devices. What should you create from the Intune admin center?​​​​

Explanation

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure
Submit
63. You have a Microsoft 365 subscription. You configure a data loss prevention (DLP) policy. You discover that users are incorrectly marking content as false positive and bypassing the DLP policy. You need to prevent the users from bypassing the DLP policy. What should you configure?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
Submit
64. You have the Microsoft Azure Advanced Threat Protection (ATP) workspace shown in the Workspace exhibit. (Click the Workspace tab.) The sensors settings for the workspace are configured as shown in the Sensors exhibit. (Click the Sensors tab.) You need to ensure that Azure ATP stores data in Asia. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Explanation

Your instance is created automatically in the data center that is geographically closest to your Azure Active Directory (Azure AD). Once created, Azure ATP instances aren't movable.

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step1

Submit
65. You have a Microsoft 365 subscription.You need to be notified if users receive email containing a file that has a virus. What should you do?​​​​​​

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies
Submit
66. Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes - Contoso plans to implement the following changes: Implement Microsoft 365. Manage devices by using Microsoft Intune. Implement Azure Advanced Threat Protection (ATP). Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only. Technical Requirements - Contoso identifies the following technical requirements: When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically. Dedicated support technicians must enroll all the Montreal office mobile devices in Intune. User1 must be able to enroll all the New York office mobile devices in Intune. Azure ATP sensors must be installed and must NOT use port mirroring. Whenever possible, the principle of least privilege must be used. A Microsoft Store for Business must be created. Compliance Requirements - Contoso identifies the following compliance requirements: Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy. Configure Windows Information Protection (WIP) for the Windows 10 devices.QuestionHOTSPOT - You need to configure a conditional access policy to meet the compliance requirements. You add Exchange Online as a cloud app. Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

To meet the compliance requirements, the additional settings that should be configured in Policy1 are "Users and groups" and "Conditions". By selecting "Users and groups", you can specify which users should be subject to the conditional access policy. By selecting "Conditions", you can define the specific conditions that must be met for the policy to be applied, such as device platforms, locations, or client apps.

Submit
67. Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in the following table. A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1, App2, and App3 all open files that have the .abc file extension. You implement Windows Information Protection (WIP) by using the following configurations: ✑ Exempt apps: App2 ✑ Protected apps: App1 ✑ Windows Information Protection mode: Block ✑ Network boundary: IPv4 range of: 192.168.1.1-192.168-1.255 You need to identify the apps from which you can open File1.abc. For each of the following statements, select the statement if it is true. NOTE: Each correct selection is worth one point.

Explanation

https://allthingscloud.blog/windows-information-protection-with-enrollment/
Submit
68. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization. You need to be notified if the SharePoint sharing policy is modified in the future. Solution: From the Security & Compliance admin center, you create a threat management policy. Does this meet the goal?

Explanation

From the Security & Compliance admin center, Alerts, you create a new alert policy. https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies

Submit
69. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD). You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure pilot co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1. You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: You add Device1 to a Configuration Manager device collection. Does this meet the goal?

Explanation

To Pilot Co-Management, you must provide a Pilot Device Collection, so if this connection was clearly named in the question it would have been yes. 

Submit
70. A user receives the following message when attempting to sign in to https://myapps.microsoft.com: "Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin." Which configuration prevents the users from signing in?

Explanation

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
Submit
71. Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes - Contoso plans to implement the following changes: Implement Microsoft 365. Manage devices by using Microsoft Intune. Implement Azure Advanced Threat Protection (ATP). Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only. Technical Requirements - Contoso identifies the following technical requirements: When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically. Dedicated support technicians must enroll all the Montreal office mobile devices in Intune. User1 must be able to enroll all the New York office mobile devices in Intune. Azure ATP sensors must be installed and must NOT use port mirroring. Whenever possible, the principle of least privilege must be used. A Microsoft Store for Business must be created. Compliance Requirements - Contoso identifies the following compliance requirements: Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy. Configure Windows Information Protection (WIP) for the Windows 10 devices.QuestionYou need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices. What is the minimum of dedicated support technicians required?

Explanation

Device Enrollment Manager (DEM) can enroll up to 1,000 devices. Since 3,100 devices, we'll need 4 DEMs at a minimum.

https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment-manager-enroll

Submit
72. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a new Microsoft 365 subscription. You need to prevent users from sending email messages that contain Personally Identifiable Information (PII). Solution:  From the Exchange admin center, you create a data loss prevention (DLP) policy. Does this meet the goal?

Explanation

Yes, creating a data loss prevention (DLP) policy from the Exchange admin center can help prevent users from sending email messages that contain Personally Identifiable Information (PII). A DLP policy allows you to define rules and conditions to automatically detect and prevent the transmission of sensitive information, such as credit card numbers, social security numbers, or other PII. By implementing this policy, you can enforce data protection and compliance within your organization, ensuring that sensitive information is not shared via email.

Submit
73. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. You have a Microsoft 365 subscription. You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization. You need to be notified if the SharePoint sharing policy is modified in the future.  Solution: From the SharePoint site, you create an alert. Does this meet the goal? 

Explanation

This should be covered with an alert policy

Submit
74. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD). You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure pilot co-management.You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1. You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the collection. Does this meet the goal?

Explanation

Pilot - Only the Configuration Manager clients that are members of the Intune Auto Enrollment collection are automatically enrolled to Intune.



https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable
Submit
75. In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments. Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.) You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com. What should you configure?

Explanation

Editing Policy settings > +New Rule > Exceptions

We won't apply this rule to content that matches any of these exceptions. > +Add an exception > [Dropdownbox] Except if the recipient domain is.

Submit
76. Overview: ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure: ADatum recently purchased a Microsoft 365 subscription. All user files are migrated to Microsoft 365. All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected]. Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors. ADatum uses and processes Personally Identifiable Information (PII). Problem Statements: ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals: ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates. ADatum wants to minimize the cost of hardware and software whenever possible. Technical Requirements: ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: You need to recommend a solution for the security administrator. The solution must meet the technical requirements. What should you include in the recommendation?​​​​​

Explanation

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks
Submit
77. Overview - ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure - ADatum recently purchased a Microsoft 365 subscription. All user files are migrated to Microsoft 365. All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected]. Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors. ADatum uses and processes Personally Identifiable Information (PII). Problem Statements - ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals -
  • ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
  • ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements - ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: You need to meet the technical requirement for large-volume document retrieval. What should you create?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/activity-policies-and-alerts
Submit
78. ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure -
  • ADatum recently purchased a Microsoft 365 subscription.
  • All user files are migrated to Microsoft 365.
  • All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
  • Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
  • ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements - ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals -
  • ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
  • ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements - ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance.
  • Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: You need to protect the U.S. PII data to meet the technical requirements. What should you create?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies
Submit
79. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group. You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States. Solution: From the Security & Compliance admin center, you modify the roles of the US eDiscovery Managers role group. Does this meet the goal?​​​

Explanation

The given solution does not meet the goal. Modifying the roles of the US eDiscovery Managers role group does not specify that the users in the new role group can only perform content searches of mailbox content for users in the United States.

Submit
80. You have a Microsoft 365 subscription. All users have their email stored in Microsoft Exchange Online. In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX. What should you do?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/ediscovery-cases#step-2-create-a-new-case
Submit
81. You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table. Your company uses Microsoft Intune. Several devices are enrolled in Intune as shown in the following table. The device compliance policies in Intune are configured as shown in the following table. You create a conditional access policy that has the following settings: ✑ The Assignments settings are configured as follows:      1. Users and groups: Group1      2. Cloud apps: Microsoft Office 365 Exchange Online      3. Conditions: Include All device state, exclude Device marked as compliant ✑ Access controls is set to Block access. For each of the following statements, select if the statement is true. Otherwise leave deselected. NOTE: Each correct selection is worth one point.

Explanation

User2 is not targeted by conditional access policy.

User1 can access Microsoft Exchange Online from Device1. Yes
User1 can access Microsoft Exchange Online from Device2. No
User2 can access Microsoft Exchange Online from Device2. Yes

Submit
82. You plan to use the Security & Compliance admin center to import several PST files into Microsoft 365 mailboxes. Which three actions should you perform before you import the data? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

Explanation

You have to be assigned the Mailbox Import Export role in Exchange Online to import PST files to Office 365 mailboxes. By default, this role isn't assigned to any role group in Exchange Online. You can add the Mailbox Import Export role to the Organization Management role group. Or you can create a role group, assign the Mailbox Import Export role, and then add yourself as a member.



https://docs.microsoft.com/en-us/office365/securitycompliance/use-network-upload-to-import-pst-files

Submit
83. You need to notify the manager of the human resources department when a user in the department shares a file or folder from the department's Microsoft SharePoint site. What should you do?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/create-activity-alerts
Submit
84. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a new Microsoft 365 subscription. You need to prevent users from sending email messages that contain Personally Identifiable Information (PII). Solution: From the Azure portal, you create a Microsoft Azure Information Protection label and an Azure Information Protection policy. Does this meet the goal?​​​​​​

Explanation

Creating a Microsoft Azure Information Protection label and an Azure Information Protection policy in the Azure portal does not meet the goal of preventing users from sending email messages that contain Personally Identifiable Information (PII). While this solution helps in classifying and protecting sensitive information, it does not specifically prevent users from sending email messages containing PII. Additional measures such as Data Loss Prevention (DLP) policies in Exchange Online or Microsoft 365 Compliance Center would be required to achieve the goal.

Submit
85. Your company has a Microsoft 365 subscription. You need to identify which users performed the following privileged administration tasks: ✑ Deleted a folder from the second-stage Recycle Bin of Microsoft SharePoint ✑ Opened a mailbox of which the user was not the owner ✑ Reset a user password What should you use?​​​​

Explanation

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide
Submit
86. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network. Solution:  From the Azure Active Directory admin center, you create a trusted location and a conditional access policy. Does this meet the goal?

Explanation

The solution of creating a trusted location and a conditional access policy in the Azure Active Directory admin center can help meet the goal of preventing users from accessing Microsoft SharePoint Online sites unless they are connected to the on-premises network. By creating a trusted location, the system recognizes the on-premises network as a trusted source, allowing access only from that network. The conditional access policy further enforces this restriction by applying additional conditions or requirements for accessing the SharePoint Online sites. Therefore, this solution effectively restricts access to the sites based on the user's network connection.

Submit
87. Your company has a Microsoft 365 subscription. You need to identify which users performed the following privileged administration tasks:
  • Deleted a folder from the second-stage Recycle Bin of Microsoft SharePoint
  • Opened a mailbox of which the user was not the owner
  • Reset a user password
What should you use?

Explanation

https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-logs-overview
Submit
88. Your network contains an on-premises Active Directory domain. Your company has a security policy that prevents additional software from being installed on domain controllers. You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP). What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

Explanation

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-port-mirroring



https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5



 
Submit
89. You have several devices enrolled in Microsoft Intune. You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table. The device limit restrictions in Intune are configured as shown in the following table. You add User3 as a device enrollment manager in Intune. For each of the following statements, select the statement if it's true. Otherwise, leave it deselected. NOTE: Each correct selection is worth one point.

Explanation

User1 can enroll a maximum of 10 devices in Intune - No (User1 is in Group A : Policy1, can enroll 15 devices) User2 can enroll a maximum of 10 devices in Intune - Yes (User2 is in Group B: Policy2, can enroll 10 devices) User3 can enroll an unlimited number of devices in Intune - No (Device Enrolment Managers can enroll 1000 devices)

https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager

https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment-manager-enroll

Submit
90. You have a Microsoft 365 subscription. You recently configured a Microsoft SharePoint Online tenant in the subscription. You plan to create an alert policy. You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes. What should you do first

Explanation

https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
Submit
91. You have three devices enrolled in Microsoft Intune as shown in the following table. The device compliance policies in Intune are configured as shown in the following table. The device compliance policies have the assignments shown in the following table. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Explanation

Policy 2 also doesn't apply to Device 2 because that device is in Group 3, which is excluded from the policy. Exclusion takes precedence over inclusion in the following same group type scenarios:

Including user groups and excluding user groups Including device groups and excluding device group https://docs.microsoft.com/en-us/intune/configuration/device-profile-assign

Submit
92. You have a Microsoft 365 tenant. You plan to create a retention policy as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Explanation

not-available-via-ai

Submit
93. You have a Microsoft 365 subscription. You need to implement Windows Defender Advanced Threat Protection (ATP) for all the supported devices enrolled in mobile device management (MDM). What should you include in the device configuration profile? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

http://https://docs.microsoft.com/nl-nl/intune/protect/advanced-threat-protection#create-the-device-configuration-profile
Submit
94. Your company has five security information and event management (SIEM) appliances. The traffic logs from each appliance are saved to a file share named Logs. You need to analyze the traffic logs. What should you do from Microsoft Cloud App Security?

Explanation

https://docs.microsoft.com/en-us/cloud-app-security/create-snapshot-cloud-discovery-reports#log-format
Submit
95. Your company has a Microsoft 365 subscription. The subscription contains 500 devices that run Windows 10 and 100 devices that run iOS. You need to create Microsoft Intune device configuration profiles to meet the following requirements: ✑ Configure Wi-Fi connectivity to a secured network named ContosoNet. ✑ Require passwords of at least six characters to lock the devices. What is the minimum number of device configuration profiles that you should create?

Explanation

https://docs.microsoft.com/en-us/intune/configuration/wi-fi-settings-configure



Correct answer is 4. Configuration Profiles are not cross-platform, and W-Fi settings are contained within their own Profile.
Submit
96. You have a Microsoft 365 subscription. You plan to enable Microsoft Azure Information Protection. You need to ensure that only the members of a group named PilotUsers can protect content. What should you do?​​​​​

Explanation

If you don't want all users to be able to protect documents and emails immediately by using Azure Rights Management, you can configure user onboarding controls by using the Set-AadrmOnboardingControlPolicy

References:

https://docs.microsoft.com/en-us/powershell/module/aadrm/set-aadrmonboardingcontrolpolicy?view=azureipps

https://docs.microsoft.com/en-us/azure/information-protection/activate-service

Submit
97. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group. You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States. Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters. Does this meet the goal?​​​

Explanation

https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/new-azurermroleassignment?view=azurermps-6.13.0
Submit
98. Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices. You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States. You plan to onboard all the devices to Windows Defender ATP. You need to store the Windows Defender ATP data in Europe. What should you first?

Explanation

not-available-via-ai

Submit
99. ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure -
  • ADatum recently purchased a Microsoft 365 subscription.
  • All user files are migrated to Microsoft 365.
  • All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
  • Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
  • ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements - ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals -
  • ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
  • ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements - ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance.
  • Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: You need to meet the technical requirement for the EU PII data. What should you create?

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies
Submit
100. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group. You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States. Solution: From Windows PowerShell, you run the New-ComplianceSecurityFilter cmdlet with the appropriate parameters. Does this meet the goal?​​​​

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-filtering-for-content-search 



https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-content-search/new-compliancesecurityfilter?view=exchange-ps
Submit
101. You have a Microsoft 365 subscription. You need to be notified if users receive email containing a file that has a virus. What should you do?

Explanation

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-policies
Submit
102. You create a Microsoft 365 subscription. You need to create a deployment plan for Microsoft Azure Advanced Threat Protection (ATP). Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Explanation

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step1
Submit
103. You have a Microsoft 365 subscription. You are configuring permissions for Security & Compliance. You need to ensure that the users can perform the tasks shown in the following table. The solution must use the principle of least privilege. To which role should you assign each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/nl-nl/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center#mapping-of-role-groups-to-assigned-roles



https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/download-existing-reports
Submit
104. Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. A user named User1 is a member of a dynamic group named Group1. User1 reports that he cannot access documents shared to Group1. You discover that User1 is no longer a member of Group1. You suspect that an administrator made a change that caused User1 to be removed from Group1. You need to identify which administrator made the change. Which audit log activity should you search in the Security & Compliance admin center?​​​​​

Explanation

To identify which administrator made the change that caused User1 to be removed from Group1, you should search for the audit log activity "User administration activities - Updated user" in the Security & Compliance admin center. This activity log will provide information about any changes made to user accounts, including updates to group memberships. By reviewing this log, you can determine which administrator made the change that removed User1 from Group1.

Submit
105. You deploy Microsoft Azure Information Protection. You need to ensure that a security administrator named SecAdmin1 can always read and inspect data protected by Azure Rights Management (Azure RMS). What should you do?

Explanation

https://docs.microsoft.com/en-us/azure/information-protection/configure-super-users
Submit
106. Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes: Contoso plans to implement the following changes: Implement Microsoft 365. Manage devices by using Microsoft Intune. Implement Azure Advanced Threat Protection (ATP). Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only. Technical Requirements: Contoso identifies the following technical requirements: When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically. Dedicated support technicians must enroll all the Montreal office mobile devices in Intune. User1 must be able to enroll all the New York office mobile devices in Intune. Azure ATP sensors must be installed and must NOT use port mirroring. Whenever possible, the principle of least privilege must be used. A Microsoft Store for Business must be created. Compliance Requirements: Contoso identifies the following compliance requirements: Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy. Configure Windows Information Protection (WIP) for the Windows 10 devices. Question: You need to ensure that User1 can enroll the devices to meet the technical requirements. What should you do? ​​​​

Explanation

https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager
Submit
107. You have a Microsoft 365 subscription. You plan to enable Microsoft Azure Information Protection. You need to ensure that only the members of a group named PilotUsers can protect content. What should you do?

Explanation

Explanation: If you don't want all users to be able to protect documents and emails immediately by using Azure Rights Management, you can configure user onboarding controls by using the Set-AadrmOnboardingControlPolicy.

https://blogs.technet.microsoft.com/kemckinn/2018/05/17/creating-labels-for-azure-information-protection/

Submit
108. You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. In the tenant, you create a user named User1. You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege. To which role group should you add User1?

Explanation

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide
Submit
109. You create a new Microsoft 365 subscription and assign Microsoft 365 E3 licenses to 100 users. From the Security & Compliance admin center, you enable auditing. You are planning the auditing strategy. Which three activities will be audited by default? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance?redirectSourcePath=%252farticle%252f0d4d0f35- 390b-4518-800e-0c7ec95e946c
Submit
110. Your company uses on-premises Windows Server File Classification Infrastructure (FCI). Some documents on the on-premises file servers are classified as Confidential. You migrate the files from the on-premises file servers to Microsoft SharePoint Online. You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded file based on the Confidential classification. What should you do first?

Explanation

https://docs.microsoft.com/en-us/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties#before-you-create-the-dlp-policy
Submit
111. ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure -
  • ADatum recently purchased a Microsoft 365 subscription.
  • All user files are migrated to Microsoft 365.
  • All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
  • Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
  • ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements - ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals -
  • ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
  • ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements - ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance.
  • Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: You need to meet the requirement for the legal department. Which three actions should you perform in sequence from the Security & Compliance admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Explanation

https://www.sherweb.com/blog/ediscovery-office-365/
Submit
112. Your network contains an Active Directory domain named contoso.com. The domain contains 100 Windows 8.1 devices. You plan to deploy a custom Windows 10 Enterprise image to the Windows 8.1 devices. You need to recommend a Windows 10 deployment method. What should you recommend?

Explanation

The question specifies a custom image. In place upgrade cannot do custom images. Also, for provisioning packages Win 10 is a prerequisite. Hence, that cannot be the correct answer.

Submit
113. You implement Microsoft Azure Advanced Threat Protection (Azure ATP). You have an Azure ATP sensor configured as shown in the following exhibit. How long after the Azure ATP cloud service is updated will the sensor update?

Explanation

This has been extended to 72 hours 

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/sensor-update

Submit
114. HOTSPOT - Your company is based in the United Kingdom (UK). Users frequently handle data that contains Personally Identifiable Information (PII). You create a data loss prevention (DLP) policy that applies to users inside and outside the company. The policy is configured as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Explanation

If a user attempts to upload a document to a Microsoft SharePoint site, and the document contains one UK passport number, the document will be allowed. This is because the DLP policy is configured to only block documents that contain more than one UK passport number.

If a user attempts to email 100 UK passport numbers to a user in the same company, the email message will be blocked without warning. This is because the DLP policy is configured to block any email message that contains UK passport numbers, regardless of the quantity. However, the user has the ability to override the policy and send the email if needed.

Submit
115. You purchase a new Microsoft 365 subscription.You create 100 users who are assigned Microsoft 365 E3 licenses. From the Security & Compliance admin center, you enable auditing. Six months later, a manager sends you an email message asking the following questions: ✑ Question 1: Who created a team named Team 1 14 days ago? ✑ Question 2: Who signed in to the mailbox of User 1 30 days ago? ✑ Question 3: Who changed the site collection administrators of a site 60 days ago? For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide

 

Although mailbox audit logging on by default is enabled for all organizations, only users with E5 licenses will return mailbox audit log events in audit log searches in the Security & Compliance Center or via the Office 365 Management Activity API by default.



To retrieve mailbox audit log entries for users without E5 licenses, you can:





  • Use audit log searches in the Security & Compliance Center or via the Office 365 Management Activity API after you've manually enabled mailbox auditing on the individual mailboxes.




  • Use the following cmdlets in Exchange Online PowerShell:






Submit
116. You have a Microsoft 365 subscription that contains all the user data. You plan to create the retention policy shown in the Locations exhibit. (Click the Locations tab.) You configure the Advanced retention settings as shown in the Retention exhibit. (Click the Retention tab.) The locations specified in the policy include the groups shown in the following table. For each of the following statements, select the statement if it is true. NOTE: Each correct selection is worth one point.

Explanation

The first statement is false because it states that any file stored in Microsoft SharePoint group library by a user in the Legal365 group will be stored for five years and then deleted, but the retention policy only applies to email messages, not files.

The second statement is true because it aligns with the configured retention settings. Any email message that contains the word "takeover" and is sent by a user in the LegalTeam group will be deleted automatically after five years.

The third statement is also true because it states that if a new user is added to the Legal Team group next week and the user sends an email message containing the word "takeover," the message will be deleted automatically after five years, which is consistent with the retention policy.

Submit
117. Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York. The company has the employees and devices shown in the following table. Contoso recently purchased a Microsoft 365 E5 subscription. Existing Environment - The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table. All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain. The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS. The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table. The domain also includes a group named Group1. Requirements - Planned Changes - Contoso plans to implement the following changes: Implement Microsoft 365. Manage devices by using Microsoft Intune. Implement Azure Advanced Threat Protection (ATP). Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only. Technical Requirements - Contoso identifies the following technical requirements: When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically. Dedicated support technicians must enroll all the Montreal office mobile devices in Intune. User1 must be able to enroll all the New York office mobile devices in Intune. Azure ATP sensors must be installed and must NOT use port mirroring. Whenever possible, the principle of least privilege must be used. A Microsoft Store for Business must be created. Compliance Requirements: - Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy. - Configure Windows Information Protection (WIP) for the Windows 10 devices. Question- As of March, how long will the computers in each office remain supported by Microsoft?  NOTE: Each correct selection is worth one point.

Explanation

https://www.windowscentral.com/whats-difference-between-quality-updates-and-feature-updates-windows-10



https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet

March Feature Updates: Serviced for 18 months from release date September Feature Updates: Serviced for 30 months from release date
Submit
118. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. Your company implements Windows Information Protection (WIP). You need to modify which users and applications are affected by WIP. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure
Submit
119. Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP includes the machine groups shown in the following table. You onboard a computer named computer1 to Windows Defender ATP as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-groups#manage-machine-groups
Submit
120. Your company has a Microsoft 365 tenant. The company sells products online and processes credit card information. You need to be notified if a file stored in Microsoft SharePoint Online contains credit card information. The file must be removed automatically from its current location until an administrator can review its contents. What should you use?

Explanation

https://docs.microsoft.com/en-us/cloud-app-security/use-case-admin-quarantine#set-up-admin-quarantine
Submit
121. You have three devices enrolled in Microsoft Intune as shown in the following table. The device compliance policies in Intune are configured as shown in the following table. The device compliance policies have the assignments shown in the following table. For each of the following statements, select the statement if it is true. Otherwise don't select. NOTE: Each correct selection is worth one point.

Explanation

Based on the information provided in the tables, all three devices have a "Compliant" status in the device compliance policies. Therefore, the statement "Device 1 is compliant, Device 2 is compliant, Device 3 is compliant" is true.

Submit
122. You have a Microsoft 365 subscription. You have the devices shown in the following table. You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible. Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Select and Place:
Submit
123. You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

Explanation

When you copy the encrypted document to your local computer, you cannot open it because the encryption is tied to the Azure Information Protection service. However, when you email the document to a user outside your organization, they cannot open the document initially because they do not have access to the Azure Information Protection service. But, if they are granted access, they can open the document for up to 30 days.

Submit
124. You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table. Group3 is a member of Group1. Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP contains the roles shown in the following table. Windows Defender ATP contains the device groups shown in the following table. For each of the following statements, select the statement if it is true. Otherwise, don't select. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group
Submit
125. ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure -
  • ADatum recently purchased a Microsoft 365 subscription.
  • All user files are migrated to Microsoft 365.
  • All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
  • Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
  • ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements - ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals -
  • ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
  • ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements - ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance.
  • Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: You need to meet the technical requirement for the SharePoint administrator. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance#step-3-filter-the-search-results
Submit
126. You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table. Group3 is a member of Group1. Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP contains the roles shown in the following table. Windows Defender ATP contains the device groups shown in the following table. For each of the following statements, select the statement if it is true. NOTE: Each correct selection is worth one point.

Explanation

User1 can view Device1 in Windows Defender Security Center because User1 is a member of Group1, which has access to view Device1 in Windows Defender ATP. User2 can sign in to Windows Defender Security Center because User2 is a member of Group2, which has the necessary role to sign in to Windows Defender ATP. User3 can view Device1 in Windows Defender Security Center because User3 is a member of Group3, which is a member of Group1 and therefore has access to view Device1.

Submit
127. ADatum Corporation is an international financial services company that has 5,000 employees. ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy. All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet. Existing Environment - Current Infrastructure -
  • ADatum recently purchased a Microsoft 365 subscription.
  • All user files are migrated to Microsoft 365.
  • All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
  • Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
  • ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements - ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365. Requirements - Business Goals -
  • ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
  • ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements - ADatum identifies the following technical requirements:
  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance.
  • Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Question: You need to meet the technical requirement for log analysis. What is the minimum number of data sources and log collectors you should create from Microsoft Cloud App Security? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/cloud-app-security/discovery-docker
Submit
128. Of which groups are Computer1 and Computer2 members? To answer, select the appropriate options in the answer area.
Submit
129. You have a Microsoft 365 subscription.You have a group named Support. Users in the Support group frequently send email messages to external users. The manager of the Support group wants to randomly review messages that contain attachments. You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Explanation

https://docs.microsoft.com/en-us/office365/securitycompliance/supervision-policies
Submit
View My Results

Quiz Review Timeline (Updated): Aug 10, 2024 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Aug 10, 2024
    Quiz Edited by
    ProProfs Editorial Team
  • Feb 29, 2020
    Quiz Created by
    Blaatlama
Cancel
  • All
    All (129)
  • Unanswered
    Unanswered ()
  • Answered
    Answered ()
Note: This question is part of a series of questions that present the...
Note: This question is part of a series of questions that present the...
Note: This question is part of a series of questions that present the...
Note: This question is part of a series of questions that present the...
Your company has 5,000 Windows 10 devices. All the devices are...
Your network contains an Active Directory domain named contoso.com...
You have a Microsoft 365 subscription. You have a user named User 1....
From the Microsoft Azure Active Directory (Azure AD) Identity...
Note: This question is part of a series of questions that present the...
You have a Microsoft 365 subscription. All users are assigned a...
Your network contains an Active Directory domain named contoso.com...
You have a Microsoft 365 subscription. From the Security &...
You have a Microsoft Azure Active Directory (Azure AD) tenant named...
You have Windows 10 Pro devices that are joined to an Active Directory...
Your company uses Microsoft Cloud App Security. You plan to integrate...
You plan to allow users from the engineering department to enroll...
You have a Microsoft Azure Active Directory (Azure AD) tenant. The...
You have a Microsoft 365 subscription and an on-premises Active...
Which of the following is a key feature of Microsoft 365 Mobility that...
You have a Microsoft 365 subscription. Some users have iPads that are...
Contoso, Ltd. is a consulting company that has a main office in...
Your network contains an Active Directory domain named contoso.com....
Note: This question is part of a series of questions that present the...
From the Security & Compliance admin center, you create a...
You use Microsoft System Center Configuration Manager (Current Branch)...
Your network contains an Active Directory domain named contoso.com...
You configure a conditional access policy. The locations settings are...
Your company has a Microsoft 365 E3 subscription. All devices run...
You have computers that run Windows 10 Enterprise and are joined to...
Note: This question is part of a series of questions that present the...
You have a Microsoft 365 tenant. You have a line-of-business...
Your company has a Microsoft 365 subscription.You implement Microsoft...
You have a Microsoft 365 subscription. You need to be notified if...
Contoso, Ltd. is a consulting company that has a main office in...
Note: This question is part of a series of questions that present the...
Your company uses Microsoft System Center Configuration Manager...
You have a Microsoft 365 tenant. ...
You have three devices enrolled in Microsoft Intune as shown in the...
You have a Microsoft Azure Active Directory (Azure AD) tenant named...
Your network contains an Active Directory domain named contoso.com...
You have a Microsoft 365 tenant. All users are assigned the Enterprise...
Contoso, Ltd. is a consulting company that has a main office in...
From the Microsoft Azure Active Directory (Azure AD) Identity...
You have a Microsoft Azure Active Directory (Azure AD) tenant named...
Note: This question is part of a series of questions that present the...
Your company has 10 offices. ...
You have a Microsoft Office 365 subscription. You need to delegate...
From the Security & Compliance admin center, you create a content...
You have a Microsoft 365 subscription. You need to investigate user...
ADatum Corporation is an international financial services company that...
Overview - ...
You have a Microsoft 365 subscription. Your company purchases a new...
You have a Microsoft 365 subscription. From the Security &...
You are testing a data loss prevention (DLP) policy to protect the...
You have a Microsoft 365 subscription. You need to view the IP address...
Your company has a Microsoft 365 E5 subscription. Users in the...
The users at your company use Dropbox to store documents. The users...
HOTSPOT - ...
Your company uses Microsoft Azure Advanced Threat Protection (ATP) and...
Your company has a Microsoft 365 subscription that uses an Azure...
Note: This question is part of a series of questions that present the...
Contoso, Ltd. is a consulting company that has a main office in...
You have a Microsoft 365 subscription. You configure a data loss...
You have the Microsoft Azure Advanced Threat Protection (ATP)...
You have a Microsoft 365 subscription.You need to be notified if users...
Contoso, Ltd. is a consulting company that has a main office in...
Your network contains an Active Directory domain named contoso.com....
Note: This question is part of a series of questions that present the...
Note: This question is part of a series of questions that present the...
A user receives the following message when attempting to sign in to...
Contoso, Ltd. is a consulting company that has a main office in...
Note: This question is part of a series of questions that present the...
Note: This question is part of a series of questions that present the...
Note: This question is part of a series of questions that present the...
In Microsoft 365, you configure a data loss prevention (DLP) policy...
Overview: ...
Overview - ...
ADatum Corporation is an international financial services company that...
Note: This question is part of a series of questions that present the...
You have a Microsoft 365 subscription. All users have their email...
You have the Microsoft Azure Active Directory (Azure AD) users shown...
You plan to use the Security & Compliance admin center to import...
You need to notify the manager of the human resources department when...
Note: This question is part of a series of questions that present the...
Your company has a Microsoft 365 subscription. ...
Note: This question is part of a series of questions that present the...
Your company has a Microsoft 365 subscription. ...
Your network contains an on-premises Active Directory domain. Your...
You have several devices enrolled in Microsoft Intune. You have a...
You have a Microsoft 365 subscription. ...
You have three devices enrolled in Microsoft Intune as shown in the...
You have a Microsoft 365 tenant. You plan to create a retention policy...
You have a Microsoft 365 subscription. You need to implement Windows...
Your company has five security information and event management (SIEM)...
Your company has a Microsoft 365 subscription. The subscription...
You have a Microsoft 365 subscription. You plan to enable Microsoft...
Note: This question is part of a series of questions that present the...
Your network contains an on-premises Active Directory domain named...
ADatum Corporation is an international financial services company that...
Note: This question is part of a series of questions that present the...
You have a Microsoft 365 subscription. You need to be notified if...
You create a Microsoft 365 subscription. You need to create a...
You have a Microsoft 365 subscription. You are configuring permissions...
Your company has a Microsoft 365 subscription that uses an Azure...
You deploy Microsoft Azure Information Protection. You need to ensure...
Contoso, Ltd. is a consulting company that has a main office in...
You have a Microsoft 365 subscription. You plan to enable Microsoft...
You have a Microsoft 365 subscription that contains a Microsoft Azure...
You create a new Microsoft 365 subscription and assign Microsoft 365...
Your company uses on-premises Windows Server File Classification...
ADatum Corporation is an international financial services company that...
Your network contains an Active Directory domain named contoso.com....
You implement Microsoft Azure Advanced Threat Protection (Azure ATP). ...
HOTSPOT - ...
You purchase a new Microsoft 365 subscription.You create 100 users who...
You have a Microsoft 365 subscription that contains all the user...
Contoso, Ltd. is a consulting company that has a main office in...
You have a Microsoft Azure Active Directory (Azure AD) tenant named...
Your company uses Windows Defender Advanced Threat Protection (ATP)....
Your company has a Microsoft 365 tenant. The company sells products...
You have three devices enrolled in Microsoft Intune as shown in the...
You have a Microsoft 365 subscription. ...
You have a document in Microsoft OneDrive that is encrypted by using...
You have a Microsoft Azure Activity Directory (Azure AD) tenant...
ADatum Corporation is an international financial services company that...
You have a Microsoft Azure Activity Directory (Azure AD) tenant...
ADatum Corporation is an international financial services company that...
Of which groups are Computer1 and Computer2 members? To answer, select...
You have a Microsoft 365 subscription.You have a group named Support....
Alert!

Advertisement