=XAMTOPICS Expert Verified, Online, Free. tom View Settings Topic 1 - Question Set 1 Note: This question is part of series of questions that present the same scenario. Each question inthe series contains a unique solution that ‘might meet the stated goals. Some question sets might have more than one cortect solution, while others might not havea correct solution, ‘ter you answer a question in his section, you will NT be able to return fit, As a result these questions will not appear inthe eview seen, You have a Microsoft 265 E5 subscription that is associated to a Miorosoft Azure Active Diectory (Azure AD) tenant named contaso.com, You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory andthe tenant. Azute AD Connect nas the following settings! ® Source Anchor: object6UID -» Password Hash Synchronization: Disabled “> Password writeback: Disabled -» Directory extension attribute syne: Disabled ‘Azure AD app and atbute fering: Disables ~s Exchange hybrid deployment: Disabled <> User writeback: Disabled You need to ensure that you can use letked credentials detection in Azute AD Kdenily Protection Solution: You masify the Azure AD app and attribute fitering settings. Does that meet the goal? Aves B.No Correct Answer: 8Note: This question is pat of series of questions that present the same scenalo. Each question inthe setles contans a unique solution that ‘ight meet the stated goals. Some question sets might have more than one comect solution, while others might not havea correct solution ‘Mfter you answer a question inthis section, you will NOT be able to return fit, As a result these questions will not appear inthe review screen, You have a Microsoft 266 E5 subscription that is assoclated toa Microsoft Azure Active Directory (Azure AD) tenant named contaso.com, You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory andthe tenant. Azute AD Connect nas the following settings: «© Source Anchor: objectGUID -» Password Hash Synchronization: Disabled om Password writeback: Disabled “> Directory extension attribute syne: Disabled -» Azute AD app and attribute tering: Disabled "= Exchange hybrid deployment: Disabled "> User witeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD dentiy Protection Solution: You modify the Password Hash Synchronization settings Does that meet the goal? Aves B.No Correct Answer: A References hitpsifdocs microsoft. com/enus/azure/secury/azure-ad-securesteps Note: This question is part of series of questions that present the same scenario. Each question inthe series contains a unique solution that ‘might meet the stated goals. Some question sets might have more than ane cortect soliton, while others might not havea cortet solution, ‘After you answer a question inthis section, you will NOT be able to return ft. As aresul, these questions will ot appear inthe review screen, You have a Microsoft 365 E5 subscription thatis associated toa Microsoft Azure Active Directory (Azure AD} tenant named contoso.com, You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory andthe tenant. Azure AD Connect has the following settings: Source Anchor objectGUID ‘> Password Hash Synehronizetion: isabled -» Password wrteback: Disabled “Directory extension attribute syne: Disabled "> Azure AD app and atabute fering: Disabled -» Exchange hybrid deployment: Disabled = User witeback: Disabled You need to ensure that you can use leaked credentials detection in Azute AD Kenly Protection Solution: You modify the Source Anchor settings. Does that met the goal? Aves B.No Comeet Answer: 8HoTspoT You have a Microsoft 366 subscription that uses a default domain name of contoso.com, ‘The multHactor authentication (MFA) service settings are configured as shown inthe exhibit. (Click the Exhibit tab) app passwords (cam more) (@ Allow users to create app passwords to sign into non-browser apps (© Do not alow users to create app passwords to signin to non-browser apps (ear more) Ci Skip muli-fctor authentication for requests ftom federated users on my intranet ‘Ship multifactor authentication for requests from following range of IP address subnets verification options (eam more) “Methods avalible to Users: 1 Calo phone Mi Text message to phone Notifieaon throush mobi opp I Vesiicaton code om mobile app or hardware token remember multi-factor authentication (cam more) [C7 Allow users to remember mult-factor autheaticaon on devices they tust Days before a device must re-authenticate (1-60) 4) In contoso.com, you create the users shown inthe following table Display name | Username MFA satus User ser] @ieontasa comm Enabled User? ser cicontaco com Enabled User ‘Uset3 Gconioeo.com Disabled What isthe effect of the configuration? To answer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point Hot Ae: Answer Area Userl: Can sign in to the My Apps portal without using MFA. Vv Completed the MFA registration ‘Must complete t istration at the next User2: (Can sign in to the My Apps portal without using MFA. v ‘Must use app passwords for legacy apps ‘Must use an app password to sign in to the MyAnswer Area Userl: (Can sign in to the My Apps portal without using MFA Vv ‘Completed the MFA registration conceee (eee | User2: ‘Can sign in to the My Apps portal without using MFA v use an app password to sign in to the My Apps References: tpsfdocs.mierosoft.com/en-us/azure/activeirectory/authentiction/howto-mfa-userstatesHoTspoT You configure Microsoft Azure Active Directory (Azure AD) Connect as shown inthe following exhibit Synchronized Direct ‘Adcom Aden comrhBQE_ 97 1e7E9 ‘Synchronization Settings SOURCE ANCHOR USER PRINCIPAL NAME SSDSComison Gad erPrincpal anes FILTER OBIECTS TO SYNCHRONIZE BY GROU ANGREAD APP AND ATTRIBUTE FILTER DAMM Diebled Dace DIRECTORY EXTENSION ATTRIBUTE SYNC Eble sous peo ovMENT (GROUP WRITEBACK PASSWORD HASH SYNCHRONZATION Dieabled Enabled PASSWORD WRITEBACK. USER WRITEBACK ed Disbled AUTOUPGRADE EXCHANGE MAIL PUBLIC FOLDERS Suspended Disabled SL SERVER ‘SQL SERVICE INSTANCE NAME PADShae Use the drop-down menus to select the answer choice that completes each statement based on the information presented inthe graphic. NOTE: Each correct selection is worth one point Hot ares Answer Area Ifyou reset a password in Azure AD, the password will answer choice], ‘be overwritten v bbe synced to Active Directory bbe subject to the Active Diectory password policy Ifyou join a computer to Azure AD, answer choice], ‘an object will be provisioned in the Computers container ‘an object will be provisioned in the RegisteredDevices container the device object in Azure will be deleted during synchronizationAnswer Area Ifyou reset a password in Azure AD, the password will answer choice] , [be overwritten v ‘be synced to Active Directory Comect Answer: | Be Subject to the Active Directory password policy Ifyou join a computer to Azure AD answer choice], ‘an object will be provisioned in the Computers container the device object in Azure will be deleted during synchronization You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft intune You need to create a Microsoft Azure Active Directory (Azure AD} conditional access policy that wil allow only Windows 10 computers marked as compliant to establish a VPN connection tothe on premises network. What should you do first? ‘A. From the Azure Active Directory admin center, create anew certificate 8. Enable Application Proxy in Azure AD .Ftom Active Directory Administrative Center, create @ Dynamic Access Contrl policy From the Azure Active Directory admin center, configure authentication methods Correct Answer: A Reference: tpsffdoes.mlerosoft.com/en-us/windows-servr/remote/remoteaccess/vpn/ad-ca~ypr-connectivii- windows} You have a Microsoft 365 subscription From the Microsoft 265 admin center, you create anew user You plan to assign the Reports reader role tothe user. You need to see the permissions ofthe Reports reader oe Which admin center should you use? A. Azure Active Directory 8. Cloud App Security . Security & Compliance D. Microsoft 365 Correct Answer: AYou have a Micrsoft 266 subscription You need to ensure that allusers who are assigned the Exchange administrator ole have multifactor authentication (MFA) enabled by default, What should you use to achieve the goal? A. Seourity & Compliance permissions B. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management ©. Microsoft Azure AD group management . Microsoft Ofce 365 user management Correct Anewer: 8 Question #9, Topic 1 Your company hes a Microsoft 35 subscription. The company forbids users to enrol personal devices in mobile device management (MOM), Users inthe sales department have personal 0S devices. You need to ensure that the sales department uses can use the Microsoft Power Bl app from iOS devices to access the Power Bl data in your tenant. ‘The users must be prevented from backing up the apps data to iCloud What should you create? ‘a contitional access policy in Microsoft Azure Active Directory (Azure AO) that has a device state condition 8. an app protection policy in Microsoft Intune 6. conditional ocess policy in Microsoft Azure Active Directory (Azure AD) that has a client apps condition .adevice compliance poy n Microsoft Intune Correct Answer: 8HorspoT You have a Microsoft 366 E5 subscription, Users and device objects are added and removed daly, Users in the sales department frequently change ther device You need to crate thee following sroups: ‘Group Requirement All the devices of users where the Department attributes i sett Sales 2] Al the devices were the Deparimentatibuteis set to Sales 3) All he devices where dhe devieeOwnership atibure sett0 (Company ‘The solution must minimize administrative effor. What isthe minimum numberof groups you should creste for each type of membership? To answer, select the appropriate options inthe answer NOTE: Each corect selections worth one pont Hot res: ‘Answer Area Groups that have assigned membership: Vv) 0 1 2 3 Groups that have dynamic membership: WwW wensoCorrect Answer: ‘Answer Area Groups that have assigned membership: iW) 0 | 1 > Your company has a main office and a Microsoft 365 subscription You need to enforce Microsoft Azure Mult-Factor Authentication (MFA) by using conditional access fr allusers who are NOT physically present Inthe off. What should you include inthe configuration? A. a user risk paley 8. a sigmin isk policy ©. anamed location in Azure Active Directory (Azure AD) an Azute MFA Server Comeet Answer: C References bupsifdocs microsoft. com/enus/azure/activedirecory/conditionahaccess/locationconditionHoTspoT You have a Microsoft Azure Active Diectory (Azure AD) tenant named contoso.com that contain the users shown inthe following table. Name fember Userk ‘Group [Goer (Groupl, Group? ‘Muli factor authentication (MFA) status Disabled ‘Enabled You create and enforce an Azure AD Identity Protection user isk policy that has the following settings: "> Assignments: Include Group1, Exclude Group? c= Conditions: Sign ink of Low and above * Access: Allow access, Require password change You need to identify haw the policy affects Usert and User? What occurs when Usert and User2 sign in frm an unfamiliar location? To answer, elect the appropiate options inthe answer ate, [NOTE: Each correct selection is worth one point. Hot Area Answer Area Must change their password: lv Usert only User2 only Both Usert and User2 Neither User! nor User2 Prompted for MFA: iW] Usert only User2 only Both User! and User? Neither Usert nor User2 Answer Area Must change their password: lv Usert only User2 only Both User1 and User2 Neither User! nor User2 conect Answer: Prompted for MFA: iW] Usert only User2 only Both User! and User? Neither Usert nor User2HorsPoT You have a Microsoft Azure Active Diectory (Azure AD) tenant named contoso.com that contain the users shown inthe following table. Name Member of UserL [Group roe Use? G i Ld You create and enforoe an Azure AD Ientity Protection sign-in risk policy that has the folowing settings: * Assignments: Include GroupT, Exclude Group? <* Conditions: Signin sk of Low and above "> Access: Allow access, Require password multifactor authentication You need to identify aw the policy affects User’ and User? What occurs when each use signs in from an anonymous IP address? To answer, select the appropriate options inthe answer area, NOTE: Each correct selection I worth one pont, Hot Aa: Answer Area Usert: lw Blocked Can sign in without MEA Prompted for MFA User?: Vv) = Blocked Can sign in without MFA Prompted for MFA Correct Answer: Answer Area User1: lw) Blocked Can sign in without MFA Prompted for MFA User?: Vv) Blocked Can sign in without MFA Prompted for MFAQuestion #14 Note: This question is pat ofa seties of questions that present the same scenaro, Each question inthe series contains a unigue solution that right meet the stated goals. Some questions sets might have more than one correct solution, while otters might not have @corect solution ‘After you answer a question inthis section, you will NOT be able to return tit, As a result these questions will ot appear inthe review soreen. You have an on premises Active Directory domain named contoso.com, You install and run Azure AD Connect ona server names Server! that runs Windows Server, You need to view Azure AD Connect events You use the Security event log on Server Does that meet the goal? Aves B.No Correct Answer: B References hitpsi/supportpingidentity com/s/artcle/PingQne-How-to-roubleshoot-a-AD-Connectnstance Note: This question is part of a series of questions that present the same scenario, Each question inthe series contains a unique solution that ‘might meet the stated goals. Some questions sets might have more than one correct solution, while others might not have corect solution ‘After you answer a question inthis section, you will NOT be able to return fit. As aresul these questions will ot appear inthe review screen, You have an on premises Active Directory domain named contoso.com, You install and run Azure AD Connect ona server named Server that runs Windows Server, You need to view Azure AD Connect events You use the Directory Service event og on Server. Dees that met the goal? Aves Correct Answer: 5 References tps/support pingidentiy.com/s/artcle/PingQne-How-to-troubleshoot-an-AD-ConnectinstanceNote: This question is pat ofa series of questions that present the same scenaro, Each question Inthe series conta aunigue solution that ‘ight meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have corect solution. ‘After you answer a question inthis section, you will NOT be able to return fit, As a result these questions will not appear inthe eview seen, You have an on premises Active Directory domain named contoso.com, You install and run Azure AD Connect ona server names Server! that runs Windows Servet, You need to view Azure AD Connect events, You use the System event og on Servert Does that meet the goal? Ayes B.No Correct Anewer: 8 References bitpsf/supportpingidentiy comis/artcle/PingOne-How-o-roubleshoot-an-AD-ConnectInstance Note: This question is part of a series of questions that present the same scenario, Each question inthe series contains aunigue solution that ‘might meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have 2 corect solution. After you answer a question inthis section, you will NOT be able to return fit. As a result these questions will not appear inthe review screen, You have an on premises Active Directory domain named contoso.com, You install and un Azure AD Connect ona server named Serer! that runs Windows Servet You need to view Azure AD Connect events You use the Application event og on Servet Does that met the goal? Aves B.No Correct Answer: 4 References hitpsi/support pingidentity comysyartcle/PingQne-How-to-roubleshoot-a-AD-Connectnstanceduestion #18 op You have a Microsoft 365 £5 subscription without a Microsoft Azure subscription ‘Some users are required to use an authenticator app to access Microsoft SharePoint Online. You need to view which users have used an authenticator app to access SharePoint Online. The solution must minimize costs, What should you do? ‘A. From the Enterprise applications blade ofthe Azure Active Ditectory admin center, view the audit logs 8, From Azute Log Analytics, query the logs . From the Azute Active Directory admin center, view the audit logs From the Enterprise applications blade ofthe Azure Active Directory admin center, view the slgr-ins Correct Answer: DHovspoT You have a Microsoft 365 subscription hat contains the users shown inthe folowing table ‘Name Role Usert__| Global administrator User2_ | Privileged Role Administrator User? Security administrator ‘You implement Azure Active Directory (Azure AD) Privileged Identity Management (PIM). om PIM, you review the Apoliation Administator role and discover the uses shown in the following table Name | Assignment type UserA | Permanent UserB Eligible Userc Eligible ‘The Application Administrator roles configured to use the following settings in PIN “> Maximum activation uration: 1 hour -» Notifications: Disable “= Inident/Requesttcket: Disable “© Muli-Factor Authentication: Disable = Require approval: Enable “Selected approver: No results cach ofthe folowing statements, select Yes if the statements tue. Otherwise, select No. NOTE: Each correct selection is worth one pont Hot are: ‘Answer Area Statements, Yes If User® requests the Application Administrator role, Usert can approve the request of User. O. If User® requests the Application Administrator role, User2 can approve the request of User®. =O. I User requests the Application Administrator roe, User3 can approve the request of User. O. Correct Answer: ‘Answer Area Statements Yes ‘If User® requests the Application Administrator role, User! can approve the request of User’. [| 1 User requests the Applicaton Adminstrator rol, User? can approve the request of User. (6) I User requests the Application Administrator roe, User3 can approve the request of User. O. Topic 2 - Question Set 2 °You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription You need to allow a user named User to view ATP reports inthe Threat management dashboard Which role provides User with the equired role permissions? A. Security eader 8. Message center reader ©. Compliance administrator 0. Information Protection administrator E Service administrator F Exchange administrator Correct Answer: A Reference: hitpsifdoes.mierosoft.com/en.us/ffice’65/seculycompllance/view eport-foratpawhatpermissions-are-neededto-view-the-atpeports You have a Microsoft 365 Enterprise E5 subscription. You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to use Microsoft Office 365 Attack simulator What isa prerequisite for running Attack simulator? [A Enable mult-facor authentication (MER) 8. Configure Advanced Threat Protection (ATP) ©. Create Conditional Access App Contra pliy for accessing fice 365 D. Integrate Office 265 Threat ntligence and Windows Defender ATP Correct Answer: A Reference: htpsfdocs microsoft. com/en.us/ofice’6s/securlycompliance/attack simulatorYou have a Micrasoft 365 ES subscription and a hybrid Microsoft Exchange Serer organization, Each member ofa group named Executive has an on-premises mailbox. Only the Executive group members have mult-factor authentication (MEA) ‘enabled, Each member ofa group named Research has a mailbox in Exchange Online You need to use Microsoft Office 365 Attack simulator to model a spear phishing attack that targets the Research group members ‘The email address that you intend to spoof belongs to the Executive group members, What should you do fist? [A From Azure ATP admin center, configure the primary workspace setings 8. From the Microsoft Azure portal, configure the usr risk settings in Azure AD Identity Protection ©. Enable MFA forthe Research group members . Migrate the Executive group members to Exchenge Online Correct Answer: Reference: hitpsifdoes.mlerosoft.com/enus/ffice’6s/seculycomplance/atack simulator You have a Microsoft 365 ES subscription, You implement Advanced Threat Protection (ATP) safe attachments policies forall users, User report that emall messages containing attachments take longer than expected to be receved You need to reduce the amount of time it takes to receive emsil messages that contain attachments, The solution must ensure that all attachments ate scanned for malware. Attachments that have malwate must be Blocked, What should you do from ATP? A. Set the action to Block B. Add an exception dé a condition . Set the action to Dynamic Delivery Correct Answer: D Reference: btpsi/does.mierosoft.com/enus/office365/secutycomplance/dynami-deliveryand previewingHorspoT Your network contains an Active Directory domain named contoso.com. The domain contains a VPN server named VPNT that runs Windows ‘Server 2016 and has the Remote Access server role installed, You have a Microsoft Azure subscription, You ate deploying Azure Advanced Threat Protection (ATP) You install an Azure ATP standalone sensor ona server named Server! that runs Windows Serve 2016, You need to integrate the VPN and Azure ATP, What should you do? To answer, select the appropriate options inthe answer area, NOTE: Each correct selection i worth one pont, ot ea Answer Area (On VPN1: [Configure an authentication provider. V ‘Configure an accounting provider. Create a connection request policy. (Create a RADIUS chet (On Server!, enable the following inbound port: 493 ve 1723 1813 | soso 8531 Answer Area On VPNI: | Configure an authentication provider. | V Configure an accounting provider. Create a connection request policy Create a RADIUS client. Correct Answer: (On Server!, enable the folowing inbound port z | 443 1723 1813, 8080 8531 Reference upsfdocs microsoft. com/en-us/azute-advancedthreat protection/instalatp-stepSpnHorspoT You have a Microsoft 365 subscription that uses a default domain name of contoso.com, Microsoft Azure Active Directory (Azure AD} contains the users shown nthe following table ‘Name [Member of Userd ‘Geoupt User2 | Groupl, Group? Uses | Group Microsoft Intune has two devices enraled as shown inthe fellowing table Name | Platform Devicel | Andkoid Device? | Windows 10 Both devices have three apps named Appl, App2, and Apps installed You create an ap protection policy named ProtectionPoliy1 that has the following settings: Protected pps: Appt “= Exempl apps: App? <® Windows Information Protection mode: Black You apply ProtectionPolicy to Groupl and Group3. You exclude Group2 from ProtectionPoliy) For each of the following statements, select Yes if he statements tue. Otherwise, select No NOTE: Each correct selection is worth one point Hot res ‘Answer Area Yes No From Devicel, User] can copy data from App! to App3 °) |o From Device2, User] can copy data from App! to App? o 0° From Device? User] can copy data fiom App! to App3 ° 0 ‘Answer Area Yes No Conect Answer; From Devicel, User! can copy data from App! to App3 o| [Bl From Device2, User] can copy data from App! to App2. Bl lo From Device2, User] can copy data from Appl to App3 jo| oYou have a Mlcrasoft 265 tenant, You have 500 computers that un Windows 10. You plan to monitor the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP) after the computers are enolled in Microsoft Intune. You need to ensure that the computers connect to Windows Defender ATP How should you prepare Intune for Windows Defender ATP? ‘A. Configure an enrollment restition B, Create a device coniguration profile . Create a conditional access poley D. Greate a Windows Autopilot deployment profle Correct Answer: 5 Reference: >tpsffdacs.mierosoft.com/en-us/intune/advanced-threat protectionHoTsPor Your company has a Microsoft 365 subscription that contain the users shown nthe following table, Name | Member of Userl | Group Useed | Group? Usees | Groups The company implements Windows Defender Advanced Threat Protection (Windows Defender ATP), Windows Defender ATP includes the roles shown in the folowing table: Name ‘Permission ‘Assigned wser group Rotel “View data, Active Group! semteintion actions, Alers investigation Raid ‘View data Active Group? semedistion actions Wadows | View dara Alerts Croup Defender ATP | investigation. Active sdminstrstor | remediation ations (Geta) Manage poral system sertinas, Manage security Windows Defender ATP contains the machine groups shown in te following table: Rank | Machine group ‘Machine | User access Fist [ATPGroupt Devicel_| Group! ‘Last | Ungrouped machines Gefzul) | Device? | Group? For each of the following statements, select Yes the statements true, Otherwise, select No NOTE: Each correct selection is worth one pont Hot ares: Answer Area Statements Yes No User1 can run an antivirus scan on Device User2 can collect an investigation package from Device? User3 can isolate Devicel ooo O00 Answer Area Statements Yes No Correct Answer: ‘User can run an antivirus scan on Devicel. ‘User? can collect an investigation package from Device2. ‘User3 can isolate Devicel Io Oo O00Your company uses Microsoft Azure Advanced Threat Protection (ATP), You enable the delayed deployment of updates for an Azute ATP sensor named Sensor1 How long after the Azure ATP cloud service is updated willSensor1 be updated? AT days 8.2¢hows ©. how 48 hours E.12hours Correct Answer: Note: The delay period was 24 hous. In ATP release 2.62, the 24 hour delay period has been increased to 72 hours. RAG DROP. You have a Microsoft 365 subscription. All users use Microsoft Exchange Online. Microsoft 365 is configured to use the default policy settings without any custom rules. You manage message hylene Where are suspicious email messages placed by default? To answer, crag te appropiate locaton tothe correct message types. Each location ‘may be wsed once, more than once, or nt ata. You may need to drag the split bar between panes or scroll to view content Select and Pace: Correct Answer: Explanation Question #11 Top You have a Microsoft 265 subscription. You create an Advanced Threat Protection (ATP) safe attachments policy to quarantine malware. You need to configure the retention duration forthe attachments in quarantine Which ype of teat management policy should you create from the Secuiy&Compllance admin center? AAT ant'phishing 8. KIM (Antispam 1, Antimalware Correct Answer: DYour company has $00 computers You plan to protect the computers by using Windows Defender Advanced Theat Protection (Windows Defender ATP). Twenty ofthe computers belong to company executives. You need to recommend a remediation solution that meets the following tequitements: -* Windows Defender ATP administrators must manually approve all remediation for the executives «® Remediation must accur automatically fo all ther users {What should you recommend dong from Windows Defender Security Center? ‘A. Configure 20 system exclusions on automation allowed/block lists 8. Configure two alert notification rales ©. Download an offboarding package forthe computers of the 20 executives Create two machine groups Correct Answer: D Reference: tpsffdocs.mierosoft.com/en-us/windows/secury threat protection windows-defender-atp/machine-groups windows-defender advanced threat protection Question #13 Topic 2 You have a Microsoft 365 Enterprise ES subscription. You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You need to Integrate Microsoft Office 265 Threat Inteligence and Windows Defender ATP Where should you configure te integration? ‘A. From the Microsoft 365 admin center, select Settings and then select Services & adéns. 8. From the Security & Compliance admin center, select Threat management, and then select Explorer. (From the Microsoft 365 admin center, select Reports, and then select Secuity & Compliance. From the Secuty & Compliance admin centr select Threat management and then select Threat tracker Correct Answer: 8 References bttpsi/does.microsoft.com/en-us/ofice365/secutycomplance/ntegrate-office-366--ith-wdatpduestion #14 op Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled. ‘The security logs of the servers are collected by using a tie-paty SIEM solution You purchase a Microsoft 365 subscription and plan to deploy Azute Advanced Threat Protection (ATP) by using standalone sensors. You need to ensure that you can detect when sensitive groups are modified and when malicious services are created What should you do? ‘A. Configure auiting inthe Office $65 Securty & Compliance center 8. Tun off Delayed updates forthe Azure ATP sensors (©. Mocify the Domain synchronizer candidate's setings onthe Azure ATP sensor, D. Integrate SIEM and Azure ATP Correct Answer: References hitpsifdoes.mierosoft.com/enus/azure-advanced threat protection/nstalatp-stepSYou have a Microsoft 365 subscription that uses a default domainname of fabrkam. com You cteate a safe inks policy, a shown inthe following exhibit. Safe links policy for your orgarization Settings tat apply to content across fice 365 When users clk a blocked URL they're redirected toa webpage that explain why the URLs bocked. Bock he folowing URLS -.- Enter void URL + *phishing.** rmalware.*com *.contoso.com ‘Settings that apply to content except email These settings don't apply to email messages. If you want to apply them for email, create safe links policy for eral receipients. Use safe links in Moffice 356 ProPlus, Office for iOS and Android [Wotfice dnline of above applications For the locations selected above: Wo not track wien users click safe links [lo not let users click through safe inks to original URL: Which URL can a user safely access from Microsoft Word Online? ‘A. fabikam phishing fabrikam.com 8, malware faikam.com . fabikam.contoso.com ©, wnw.malware fabrkam,com Correct Answer: 0 References tpsfdocs.mierosoft.com/en-us/ofcea65/securtycomplance/set-up-a-custom-blocked-urlsistntnatpHoTsPor You have a Microsoft 366 subscription that uses a default name of Itwareinc.com, You configure the Sharing setings in Microsoft OneOrive as shown in the following exhib. Links (Choose the kind of ink that’s selected by default when users share items. ‘Default lnk type @© siete: Aone ite i CO tstenal Only poplin yourosizaton @iecs tyre pepe Extemal sharing Users cam share with: Gi? sharepoint Bonnie | Most permissive 9° Least permissive Anyone ‘Uses can reste shareable links that don't rege signin [New and existing external users Exteal wes mast gin Existing external users Only wets ead in your oe mizstons directory ‘Only people in your organization ‘No etna sharing lowed ‘You sharing seting far OneDrive can't be more pensive han your sting fc SharePoint A vanced settings for external sharing BJAttow or blek sharing with people on specific domains Allow ely these domains CContse.com, Adam com Aad Use te drop-down menus to select the answer choice that completes each statement based on the information presented inthe graphic. NOTE: Each correct selection is worth ane point, Hot Area: ‘Answer Area ‘Auser who has an email address of user! @fabrikam.com [answer choice] Ifa new guest user is created for user2@contoso.com [answer choice] cannot access OneDrive content ‘can access OneDrive content after a link is created ‘must be added to be a group before the can access shared files user IV the user cannot access OneDrive content the user can access OneDrive content after allink is created “must be added to a group before the user can access shared files‘Answer Area ‘Auser who has an email address of user] @tabrikem.com [answer choles} iW ‘cannot access OneDrive content Can access OneDrive contet ater aink is, created comect Answer must be added to be a group before the user can access shared files Ifa new guest user is created for user2@contoso.com [answer choice] Vv the user cannot access OneDrive content ‘the user can access OneDrive content after allinkis created } must be added to a group before th can access shared files References htpsfdoes microsoft. com/en-us/onedtive/manage-sharing Your network contains an on-premises Active Directory domain. The domain contains servers that run Windows Server and have advanced auditing enabled ‘The secutty lags ofthe servers are collected by using third-party SIEM solution. You purchase a Microsoft 365 subscription and plan to deploy Azure Advanced Theat Protection (ATP) by using standalone sensors, You need to ensure that you can detect when sensitive groups are modified and when malicious sevice ate crated What should you do? ‘A. Configure Event Forwarding onthe domain controlers B. Configure auditing inthe Office 265 Security & Compliance center. (Tum on Delayed updates forthe Azute ATP sensors. Enable the Audit account management Group Policy setting forthe servers, Correct Answer: A Reference: hitpsifdocs microsoft. com/en-us/szure-advanced threat protection/configue-event-orwardingAuestion #18 op Several users in your Microsoft 365 subscription report that they received an emeil message without attachment. You need to review the attachments that were removed fom the messages. Which two tools can you use? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one pont, A the Exchange admin center 8. the Azure ATP admin centr ©. Outlook onthe web . the Security & Compliance admin ceter E Microsoft Azure Security Center Correct Answer: AD References bitpsffdoes.microsot. com/enssofficed65/secuycompliance/manage-quarentined-messages-and-iles Question #19 You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices ae managed by using Microsoft Intune. You need to enable Windows Defender Exploit Guard (Windows Defender £6) onthe devices, Which ype of device configuration profile should you use? ‘A Endpoint protection 8. Device restrictions deni protection , Windows Defender ATP Correct Answer: A References tpsffdocs.mierosoft.com/en-s/ntune/endpoint protection windows-10,ORAG DROP. You have a Microsoft 366 E5 subscription, All computers run Windows 10 and are onboarded to Windows Defender Advanced Threat Protection (Windows Defender ATP) You create a Windows Defender machine group named MachineSraupt You need to enable delegation for he security settings ofthe computers in MachineGroup. Which thre actions should you perform in sequence? To answer, move the appropriate actions from the list of actions tothe answer area and arrange them inthe corect order. Select and Place: Actions From Windows Defender Security Center, configure the permissions for MachineGroup1 [remibe Awe ora cee nA From the Microsoft Azure porta create an Azure Active Directoy Azure AD) group. From Azure Cloud Shel run the 2dd-HsolRoletenber cmdlet Correct Answer: Actions From the Azure porta, create an RBAC role From Azure Coud Shell run the Add-tsolRoletenber ®@ © ©O ‘Answer Area From the Microsoft Azure portal create en Azure Active Directory (Azure AD) group From Windows Defender Security Cente, reat role From Windows Defender Security Center, configure the permissions for MachineGroupt ©O is) 9)Auestion #21 op You have a hybrid Microsoft Exchange Server organization. Allusers have Microsoft 265 E6 cences, You plan to implement an Advanced Tiveat Protection (ATP) ant-phishing policy. You need to enable mailbox intlgence forall users What should you do fist? ‘A. Configure atibutefiteringin Microsoft Azure Active Directory Connect (Azure AD Connect) 8, Purchase the ATP adé-on Select Directory extension atribute syne in Microsoft Azur Active Directory Connect (Azure AD Connect) Migrate the on-premises mailboxes to Exchange Online Correct Answer: D References tpsfdocs.mierosoft.com/en-us/oficed65/securlycompliance/set-up-ant phishing policiesHoTsPor You have a Microsoft Azure Active Diectory (Azure AD) tenant named contoso.com, Four Windows 10 devices are joined te the tenant as shown in the following table. Bitlocker Drive | BitLocker Drive Encryption Encryption Name | Has TPM ; pete) Send natfiations to user if they attempt to send attachments that contain EU social secur -» Prevent any email messages that contain creditcard numbers from being sent ouside your organization «© Block the external sharing of Microsoft OneDrive content thet contains EU passport numbers » Send administrators email alerts i any rule matches occu. What isthe minimum number of DLP policies and rules you must create to meet the requirements? To answer, select the appropriate options in numbers the answer area NOTE: Each correct selection I worth one pont Hot res Answer Area Policies: [Ty 2 (3 Rules: Answer Area Policies: [Ty Cores Answer: 2 3 Rules: 7 Vv 2 3 4You have a Microsoft 265 subscription. So You need to prevent the users from downloading, printing, and syncing files What should you do? sers access Microsoft SharePoint Online from unmanaged devi ‘A. Run the Set SPODataConnectionSetting emalet and specify the AssignmentCollection parameter 8. From the SharePoint admin centr, configure the Ace 38 contol settings .Ftom the Microsoft Azure porta, create an Azure Active Diectory (Azure AD} Kenty Protection signin risk polley 1. From the Microsoft Azure portal ate an Azute Active Dtectry(Azute AD) conditional access policy Correct Answer: 8 You create a data loss prevention (OLP) policy as shown in the following shown: What do you want to do ifwe detect sensitive info? What is the eff 3 he policy when a user attempts to send an emall messages that contains sensitive information? [A The user receles a notification and can send the emall message 8. The user receives a notification and cannot send the email message (. The email message is sent without anotifeation . The email message blocked silently Correct Answer: A Reference epsfdoes.mie osoft.com/ens/ofce365/secuttycomplance/date-loss-preventionpoiiesYou have a Microsoft 365 subscription. You need to create data oss prevention (OLP) queries in Microsoft SharePoint Online tofnd sensitive data stored in sts. Which typeof ste colection should you crete fist? ‘A. Records Genter 8B. Compliance Policy Center 6. eDiscovery Center D. Enterprise Search Centr Document Center Correct Answer: © Reference: hitps suppor. office. comyen-us/artcle/overview-ot ate oss prevention n-sharepointserver-2016-80/907S6-b944-4484-b83d-Sfecdaboc2Ae You have a Micrsoft 366 subscription that includes a user named User! You have a conditional access policy that apaies to Microsoft Exchange Online. The conditional access policy is configured to use Conditional Access App contra. You need to create a Microsoft Cloud App Secuty policy that blocks Usert from printing from Exchange Online Which typeof loud App Security policy should you crete? ‘Aan app permission policy 8. an activity policy (©. 2 Cloud Discovery anomaly detection policy D.a session palicy Correct Answer: D References: hitpsildoes microsoft com/enus/oloudapp-secutty/session-polioy 23d HOTSPOT You have a Microsoft 365 €5 subscription From Microsoft Azute Active Ditectry (Azure AD, you create seculy group named Group. You add 10 users to Group You need to apply app enforced restictions tothe members of Group1 when they connect to Microsoft Exchange Online ftom non-compliant devices, regardless of thelr location What should you do? To answer, select the aporoprate options inthe answer area NOTE: Each correct selection i worth one point, Hot Are: Correct Anewer: Explanation Reference: hitpsifdoes microsoft. com/en.us/azure/active lel * Concitons: Label, Detect content thats shared with people outside my organization "> Aetlons: Restrict access tothe content fr external users ~ User notifications: Notify the user who last modified the content «> User overrides: On “Pratt: 0 > Ruled = Conditions: Label! or Label2 ® Actions: Restrict access tothe content -» Pritt 1 = Ruled “© Condition: Label2, Detect content that's shared wit people outside my organization "> Actions: Restrict access tothe content for external users User natifications: Notify the user who last modified the content “> User overrides: On > Potty: 2 For each ofthe following statements, select Yes the statement i rue. Otherwise, select No. NOTE: Each correct selection is worth one point Hot ae Statements Yes No Extemal users can access File1 Oo Oo The users in contoso.com can access File?) O External users can access File3 O Oo Statements Yes No External users can access File oO Oo Correct Answer : : The users in contoso.com can access File2 () ° | Extemal users can access File3 oO loAuestion #14 You have a Microsoft 365 subscription for a company named Gontoso, Ltd, All datas in Microsoft 365. CContoso works with a partner company named Litware, Inc. Litware has a Microsoft 365 subscription. You need to allow users at Contoso to share files from Microsoft OneDrive to specific users at Litwar. Which two actions should you perform from the OneDrive admin center? Each corect answer presents part ofthe solution NOTE: Each correct selection is worth one pont ‘A Increase the permission level or Onebrive External sharing 8. Modify the Links stings €. Change the permissions for Onebrive External shaing tothe east permissive level , Decrease the permission level for OneDrve External sharing Modiy the Device access settings F Modify the Syne settings Correct Answer: 6D References tpsfdocs.mlerosoft.com/en-us/sharepoin/tum-externaksharing-on-oroff Topic 4 - Question Set 4 You have a Microsoft 266 subscription. The Global administrator role is assigned to your user account. You have auser named Admini You create an eDiscovery case named Case You need to ensure that Admint can view the results of Caset What should you do fist? |A.From the Azute Active Directory admin center, assign a role group to Admin} 8. From the Microsoft 65 admin center assign a role to Admint . From Securit & Compliance admin center, assign a role group to Admint Correct Answer: © Reference: bttpsl/does.mierosoft.com/en-us/office365/secuttycomplance/assign-discovery-petmissionsHoTspoT You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create the retention policies shown nthe folowing table Name Location Policy | OneDaive accounts Polciy? | Exchange email, SharePoint sites, OneDrive accounts, Office 365 groups Policy if configured as showing in the following exhib. Decide if you want to retain content, delete it, or both. Do you want to retain contomt? D) @ Yes, Lwantto retainit For tisioog V+ [pens ONo, ust delete coment hat’ er than ‘Delete the content based on lo [Need more options? © tse atvanced stein eings > Back Coed ] Policy? configured as shown inthe following exhibit. Decide if you ‘want to retain contet, delete it, or both Do you want to retain content? (2) @ Yes. Lwintto sent For tisioog V3 [seas] Retain the content based onfvhen was reared V] (1) Do you want sto delet fir this tine? Ove @ No (Ne jst dlate content tha’ older than (D> Cipess ‘Need more options? (Use advance retention stings ©) Caneel For each of the following statements, select Yes if he statements true. Otherwise, select No. Hot ares Correct Answer: Explanation Reference: bntpsi/does.microsoft.com/enus/offce365/secuycomplance/retention policies rediectSourcePath=%252Fen usk252fartoles252/Overview of retention. polices-5e377752-7004.4870-9b6d-12b(c1242423¢the principles o-etention-o-what takes: precedenceYou have a Microsoft 365 subscription You need to enable aching fr all Microsoft Exchange Online users What should you do? [A From the Exchange admin center, create a journal ule B. Rua the SetMaiboxDatabase emdlet . Run the Set Mailbox emdlet 1. From the Exchange admin center, create a mall flow message trace rule. Correct Answer: C Reference: btpsfdocs.mierosoft.com/en-us/ofice365/secutycompiance/enable-mailbox auditingHorspoT You view Compliance Manager as shown inthe f following exhibit Compliance Manager Assessment Action item Default Goup Compan Sexe Office 365 - GPR 306 setone hes uimeroie = ay2ei2 ousemer Mamgsdacions 70863 = MeroastMaragednetors S08 Es show archived — Addassessment —Flter Defaut Geoup compare Se office 265, NIST 800-53, = . pose sfearos aja cutonor Mangedactins co! 215 Mera MaragedAcions S52 852 DefauktGioup Compan Sere ‘Ofice 365 15027001 2013 794 aetone Asis, xs cstomor MaugedAcions oof Merah MenagedAdiore 26226282 Use the drop-down menus to select the answer choice that completes each statement based on the information presented inthe graphic. NOTE: Each correct selection is worth one point Hot area Answer Area To increase the GDPR Compliance Score for Microsoft Office 365, you must [answer choice]. assign action items review actions perform an assessment ‘create a service request with Microsoft v ‘The current GDPR Compliance Score [answer choice]. proves that the organization is non-compliant proves that the organization is compliant shows that actions are required to evaluate compliance ‘|Correct Answer: Answer Area To increase the GDPR Compliance Score for Microsoft Office 365, you must [answer choice]. You have a Microsoft 365 subscription All computers run Windows 10 Enterprise and are managed by using MirosoftIntune. You plan to view only secutyrlated Windows telemetry data You need to ensure that only Windows security ta is sent to Mcrosot What should you create from te Intune admin center? ‘Aa device configuration profile that has device restitions configured 8. a device configuration profile that has the Endpoint Protection settings configured (a device configuration policy that has the System Security settings conigured adevice compliance palicy that has the Device Heath settings configured Correct Answer: A Reference: aps/docs.mierosoft.com/enus/intune/device restrictions windows-1O&reporting-andtelemetry You create label that encrypts email data, Users report that hey cannot use the label in Outlook onthe Web t protect the email messages they send, You need to ensure that the users can use the new label to protect their emall What should you do? [A Modify the priority order of label policies B, Walt sixhouts and ask the users tory agaln . Create a label policy D. Greate a new sensitive information type Correct Answer: 5Question # role 4 You have a Microsoft 366 subscription that includes a user named Admin. You need to ensure that Admint can preserve al the mailbox content of users, including thelr deleted items. ‘The solution must use the principe of leat prvlege, What should you do? |A.From the Microsoft 365 admin center assign the xchange administrator role to Admin. 8. From the Exchange admin center, assign the Discovery Management admin role to Admin’. From the Azure Active Directory admin center, assign the Service administrator oe to Admin} From the Exchange admin center, assign the Recipient Management admin role to Admin’ Correct Answer: 5 Question #8, Topic 4 You have a hybrid Microsoft 265 environment All computers run Windows 10 Enterprise and have Microsoft Office 365 ProPlus installed, Al the computers are joined to Active Directory. You have a server named Server that runs Windows Server 2016, Servert hosts the telemetry database, You need to prevent private details nthe telemetry data from being transmitted to Microsoft What should you do? |A.On Servert,runreadnessreportereator.e%e B. Configure a registry on Servert (©. Configure a registry onthe computers . onthe computers, un adm exe Correct Answer: © Yur company hs a Microsoft 365 subscription that includes @ user named User! You suspect that User1 sent email messages to competitor detailing company secrets. You need to recommend a solution to ensure that you can review any email messages sent by User1 tothe competitor including sent items that were deleted {What should you include inthe recommendation? [A Enable Place Archiving forthe mailbox of User! 8. From the Secuiy & Compliance, perform a content seach ofthe mailbox of User . Place a Litigation Hold onthe mailbox of User? Configure message delivery restrictions forthe mallbox of User! Correct Answer: Copie 4 You have a Mlersoft 266 subscription. Yesterday, you ceated retention labels and published the labels to Microsoft Exchange Online mailboxes. You need to ensure thatthe labels willbe avalable for manual asignment as soon as possible. What should you do? [A From the Secutty & Compliance admin center, create label poley £8, From Exchange Online PowerShell, cun tart-RetetionAutoTagLearning . From Exchange Online PowerShell run tat ManagedFolderAssistant From the Secuty & Compliance admin centr, create a data lss prevention (DLP) plicy Correct Answer: C DRAG DROP. You have a Microsoft 365 subscription You have a site collection named SiteCollectiont that contains a site named Site Site? contains a dacument library named Customers. ‘customers contains a document named Litware.docx, You need to remove Ltware.docx permanently Which thre actions should you perform in sequence? To answer, move the appropriate actions from the list of ations tothe answer area and arrange them inthe corect order Select and Place: Correct Answer: Explanation auestion #12 Topic 4 Note: This question is part of a series of questions that present the same scenario, Each question inthe series contains a unique solution that ‘might meet the stated goal. Some questions sets might have more than one correct solution, while others might not have cortect solution, ‘After you answer a question inthis section, you will NOT be able to rturn tit. As a result, these questions will nt appear inthe eview seen, You have a Microsoft 365 subscription. You have a user named User. Several users have full access tothe mailbox of User. ‘Some email messages sent to Useri appear to have been read and deleted before the user viewed them. When you search the audit login Security & Compliance to identify who signed in othe mailbox of User, the results are blank. You need to ensure that you can vew future signs tothe mailbox of Use. You run the Set-Maibox Identity ‘Usert*-AudtEnabled Strve command. Does that met the goal? Aves B.No Correct Answer: A References tpsfdocs.mlerosoft.com/en-us/powershellmodule/exchange/mallooxes/setmallbox?veNote: This question is pat ofa series of questions that present the same scenaro, Each question Inthe series contains a unique solution that ‘might meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have a corect solution ‘After you answer a question inthis section, you will NOT be able to return tit, As a result these questions will not appear inthe review soreen, You have a Microsoft 265 subscription. You have a user named User. Several users have full access tothe mailbox of User. Some email messages sent to User! appear to have been read and deleted before the user viewed them. When you search the audit agin Security & Compliance to identify who signed in tothe mallbox of User the results ae blank You need to ensure that you can view future signin tothe mailbox of User. You run the Set-AuditConfig Workload Exchange command, Does that meet the goal? AYes B.No Correct Answer: 8 References tpsfdoes. microsoft. com/en-us/powershell/module/exchange/polcyand-compliance-audi/setauditconfig?view-exchange-ps Question #14 Note: This question is part of aseties of questions that present the same scenario, Each question in the series contains 2 unique solution that ‘might meet the stated goals. Some questions sets might have more than one correct solution, while oets might not have cortect solution ‘AMteryou answer a question in this section, you will NO be able to ceturn tit. As a result these questions will not appear inthe eview sreen, You have a Microsoft 365 subscription. You have a user named User, Several users have full access tothe mailbox of Usert ‘Some email messages sen to User? appear to have ben read and deleted before the user viewed them. When you search the adit lag in Security & Compliance to identify who signed in tothe mailbox of Usert, the results are blank. You need to ensure that you can vew future signin tothe mailbox of User. You run the Set-AdminAuditogConfig ~AdminAueitLogEnabled Strue command, ‘AdminAuditLogCmdlets*Matlbox* Does that meet the goal? Aves B.No Correct Answer: 5 References upsifdacs.mierosoft.com/en-us/powershellmodule/exchange/polcy-and-compliance-audt/set-adminaudiogcontighvieopie 4 You have a Microsoft 266 subscription. You have a Microsoft SharePoint Online site named Site. The files in Site are protected by using Microsoft Azure Information Protection. From the Security & Compliance admin center, you create a label that designates personal data, You need to auto-apply the new label to ll the content in itt What should you do fist? {A From PowerShell run Set ManagedContentettings. 8. From PowerShel, run Set-ComplianceTag, .From the Secuty & Complance admin center, create a Data Subject Request (DSR. 1, Remove Azure Information Protection from the Site files. Correct Answer: D References bttpst/does.mierosoft.com/en-usoffice365/secuycompliance/epplyebelsto-personaldatesn-office 365 You have a Microsoft 365 subscription. You need tobe notified by email whenever an administrator starts an eDiscovery search, \What should you do from the Security & Compliance admin centr? [A From Search & investigation, create a guided search 8. From Events, ceateanevert. ©. From Alerts, create an alert pote. 1. From Search & investigation, create an eDiscovery case Correct Answer: C References upsffdocs.mierosoft.com/en-us/ofice365/securtycomplance/alertpoliies You have a Micrasoft 365 subscription. [A security manager receives an emall message every tie a data loss prevention (DLP) policy match occurs. You need to limit alert notifications to actionable DLP evens, What should you do? ‘A. From the Secutiy & Compliance admin center, madly the Policy Tips ofa DLP policy, 8. From the Cloud App Security admin center, apply iter to the alerts ©. From the Security & Compliance admin center, mally the User overrides settings ofa DLP policy From the Security & Compliance admin centr, modify the matched activities threshold ofan alert policy Correct Answer: D References upsfdocs.mierosoft.com/en-us/ofce365/seculyeomplance/alert policiesHoTspoT You have a Microsoft 365 subscription. Auditing is enabled ‘Auser named User is member ofa dynamic security group named Group! You discover that Usert is no longer a member of Group You need to search the audit log to identity why Usert was removed from Group Which two actions should you use inthe search? To answer, selec the appropiate activities inthe answer area, NOTE: Each correct selection i worth one pont Hot ares: ‘Answer Area Search Results car Activities babe iodiees Use city tm Show results oral actives [teat o show esate for al ate | search ber amintroton ates aed we Decoder Set icone renee eet nr pat ort ‘ano ueroanovord changed wericrse Ey Se rer rcs sre 0 gp adsense ay oo etd weep fanmaeen enoredmenbertom 9a] lion isin ees Adend serve pica [Ramer sence incl] Selden ety nore rede Fon [aie scoton ett [ied wade toa vrice cal ‘eres neoCorrect Answer: none ee Search a Results Actives coy ain a som tm Sow en fr aac [icra sone oa asied sew ‘aioe Dar Sars woe te pn Sapa er ped corp race ee ate ae sae 0 snr see rast Dace maa ocean feito Aneto nine amen ane : At rc fasta Sento ey isan a na an References aps/docs.mierosoft.com/envus/ofice365/secutycompliance/searc:-the-audlog-in-securty-and-compliance You have a Microsoft 365 subscription Yu create and un a content search frm the Secu & Compliance admin center You need to download the results ofthe content search, What should you obtain first? Aan export key 8B. a password C.acertficate D.apin Correct Answer: A References htpsifdoes microsoft. com/en.us/office’65/securlycomplance/exportsearchesultsHoTsPor You have a Microsoft 365 subscription that include three users named User, User2, and Use ‘file named File. doce is stored in Microsoft OneDrive, An automated process update Fle. docx every minute You create an alert policy named Policy! a shown in the following exhibit. stats Oo eserton Paley description eat severity © tow Category Test management Candtons Aetityis Copied le and Fle faa bs ao I. docs Aggregation ‘Aggregated eat Threshold toactvtes Window ominutes scope Aluses Erallredpients _prvlsk180820.onmicrsoftcom Dally notifications init Do not send email notifications Use the drop-down menus to select the answer choice tht completes ezch statement based on the information presented inthe graphic NOTE: Each correct selection is worth one pont Hot area: Answer Area If User1 runs a scheduled task that copies Filet docx w| toa local folder every five minutes. [answer choice]. Policy? will not be triggered Policy? will be triggered after 45 minutes Policy’ will be triggered after 60 minutes If Usert, User2, and User3 each run a scheduled task that copies File1 docx to a local folder every 10 Vv ‘minutes. [answer choice]. Policy1 will not be triggered Policy? will be triggered within 20 minutes Policy? willbe triggered within 45 minutes Policy’ willbe triggered after 60 minutesCorrect Answer: Answer Area IF User1 runs a scheduled task that copies File1 docx to. local folder every five minutes, [answer choice]. If Usert, User2, and User3 each run @ scheduled task that copies File1 docx to a local folder every 10 ‘minutes. [answer choice]. References Policy! will not be triggered Policy? will be triggered after 45 minutes Policy1 will be triggered after 60 minutes Vv) Policy! will not be triggered Policyt wll be triggered within 20 minutes Policyt willbe triggered within 45 minutes Policy! willbe triggered after 60 minutes — | hitpsffdocs microsoft. com/en-us/oficed65/securiycomplance/alert-policies You have a Microsoft 265 subscription. llusers ate assigned a Microsoft 365 ES license. How long will auditing data be retained?” 30 days 8.50 days 6.365 days .Syears Correct Anewer: B References hitpsifdoes.mierosoft.com/enus/office’6s/seculycompllance/search-the-audtlog-nsecurty-and-complianceHoTsPor You have a Microsoft 365 subscription. You create a retention label named Label! as shown in the following exhibit Review your settings @ vere your wbet Esta = ee besrpions for acne est © Rete your smn Description for users. Edit Retention eat You publish Label to SharePoint sites Us Je dropdown menus to select the answer cholce that mpletes each statement based onthe information presented inthe graphic. NOTE: Each correct selection is worth one point, Hot area: Answer Area Ifyou create a file in a Microsoft SharePoint library on January 1, 2019, you can [answer choice. Vv never delete the file, delete the file before January 1, 2021 delete the file after January 1, 2021 | If you create a file in a Microsoft SharePoint iw] library on March 15, 2019, the ile will answer choice) always remain inthe library. rermain in the library until you delete the file. be deleted automatically on March 15, 2021 LdCorrect Answer: Answer Area Ifyou create a file in a Microsoft SharePoint library on January 1, 2019, you can [answer choice) Vv never del FT delete the file before January 1, 2021 delete the file after January 1, 2021. Ifyou create a file in @ Microsoft SharePoint library on March 15, 2019, the file will answer choice] v always remain in th library. remain in the library until you delete the file. be deleted automatically on March 15, 2021 References htpsfdoes.mierosoft.com/en-us/ofce36s/securlycompllancelabels You have a Microsoft 365 subscription. You create a retention golicy and aply the poic to Exchange Online mailboxes, You need to ensure that theretetion policy tags can be assigned to mailbox items as soon as possible. What should you do? {A From Exchange Online PowerShell run Start-RetentionAutoTagLeaning 8. From Exchange Online PowerShell run Stark ManagedFolerAssistant ©. From the Security & Compliance admin center, create a data loss prevention (DLP) policy From the Security & Compliance admin centr, create a label policy Correct Anewer: D References hitpsifdoes microsoft. com/enus/offices6s/seculycompliance/abels(Question #24 ple 4 You have a Microsoft 265 subscription. You need to ensure that users can manually designate wich content willbe subject to data loss prevention (DLP) policies. What should you create ist? {A Atetention label in Microsoft Offce 365, 8. Acustom sensitive information type (©. AData Subject Request (05R) .A safe attachments policy in Microsoft fice 365, Correct Answer: C References upsfdocs.mierosoft.com/en-us/ofice365/seculycompllance/manage-gdpr-data-subjectrequests~wit-thedst-case-tool¥mor information aboutusing-thedsr- caseool You have a Microsoft 266 subscription. [Auser reports that changes were made to several les in Microsoft OneDrive You need to identify which files were modified by which users in the user's OneDrive What should you do? [A From the Azute Active Directory admin center, open the audit log . From the OneDrive admin centey, select Device access (.From Security & Compliance, perform an eDiscovery search From Microsoft Cloud App Security open the activity log Correct Answer: D Reference: tpsfdocs.mierosoft.com/enus/cloudapp-securty/actvty-ftersHoTsPor You have a Microsoft 366 subscription. You are creating a retention policy named Retentiont as shown inthe following exit Decide if you want to retain conte, delete it, ot both Do you want 1 retain content?) @ es Iwasttoseninit Fortistoos¥][ 2 [sews ¥] ‘Retain the content based onfwhen twas last modiied v]() Do you want us to delete it after this time?) @ve ON No. just delete content that's ier than ess] ‘Need more options? ‘Qse advance retention stings 1) Back Cancel You apply Retention’ to SharePoint sites and OneDrive accounts, Use the drop-down menus to selec the answer choice that completes each statement based on the information presented inthe graphic. NOTE: Each correct selection i worth one pont Hot ares: Answer Area fa ser creates a file in a Microsoft SharePoint library on Fanuaty 1, 2019, and rodifis the fle every six months, the file will be [answer choice] retained deleted on January 1, 2021 deleted on July 1, 2021 Ifa user creates a file in a Microsoft OneDrive on January 1, 2019, modifies the file ‘on March 1, 2019, and deletes the file on May 1, 2019, the user [answer choice]. ‘cannot recover the file until the Recycle Bin retention period expires |” can recover the file until January 1, 2021 ‘can recover the file until March 1, 2021 ccan recover the file until May 1, 2021Answer Area Ifa user creates a file in a Microsoft SharePoint library on January 1, 2019, and modifies the file every six months, the file will be [answer choice]. retained ia deleted on January 1, 2021 Correct Answer: Ifa user creates a file in a Microsoft OneDrive on January 1, 2019, modifies the ‘on March 1, 2019, and deletes the file on May 1, 2019, the user [answer choice}. ‘cannot recover the file until the Recycle Bin retention pesiod expires can recover the file until January 1, 2021 zr eeeae Uc A GRIME LO ‘can recover the file until May 1, 2021 DRAG DROP. You have a Microsoft 365 subscription ‘customer requests that you provide her with all documents that reference herby name. You need to provide the customer with a copy ofthe content Which four actions should you perform in sequence? To answer, move the appropriate actions from thelist of actions tothe answer area and arrange them inthe corect order. Select and Pace: Correct Answer: Explanation Reference: hnepsffdoes microsoft. com/en-us/microsoft-265/complance/gdprdsr-ofced65opie 4 Auestion #28 You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in thelr Microsoft, ‘SharePoint libraries. Which two actions should you perform? Each corect answer presents part ofthe solution, NOTE: Each correct selection I worth one pont, {A From the Cloud App Secuiy admin cent create aie policy 8. Fom the SharePoint admin center, modiy the Site Settings C. Fom the SharePont & Compliance admin cent ceat a abel ©. From the SharePoint admin center, modify the records management settings E. From the Security & Compliance admin center, publish a label Correct Answer: CE Reference: ntpsffdoes.mlerasoft.com/en-us/afice265/seculycompllance/protect sharepolnt-online‘les-nith-ofice 365 labele-and lp You recently created and published several labels policies n a Microsoft 365 subscription. You need to view which labels were applied by users manually and which labels were applied automatically, What should you do from the Security & Compliance admin centr? ‘A. From Search & investigation, select Content search B. From Data governance, select Events ©. From Search & investigation, select eDiscovery From Reports, select Dashboard Correct Answer:opie 4 Note: This question is pat ofa series of questions that present the same scenaro, Each question Inthe series contains a unigue solution that ‘ight meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have corect solution ‘After you answer a question in his section, you will NOT be able to return tit, As a result these questions will not appear inthe review seen, You have a Microsoft 266 subscription. You have a user named User. Several users have full access tothe mailbox of User. ‘Some email messages sent to User! appear to have been read and deleted before the user viewed them. When you search the audit agin Security & Compliance to identify who signed in tothe mallbox of User, the results ae bank You need to ensure that you can view future signin to the mailbox of User. You run the Set-MailboxFolderPermission Identity ‘Usert* command. User User! @contoso.com “AccessRights Owner Does that meet the goal? Aves B.No Correct Answer: 5 References btps/dovs.mierosoft.com/en-us/powershellmodule/exchange/mallooxes/set-mallbox?vie Question #31 Note: This question is part of a series of questions that present the same scenario, Each question inthe series contains a unique solution that ‘might meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have a corect solution ‘After you answer a question inthis section, you will NOT be able toretun toi, As a result, these questions will nt appear inthe eview screen, You have a Micrasoft 365 subscription that contains the users shown inthe following table Name Role Userl | Compliance Manager Contibator seed | Compliance Manager Assessor User3__| Compliance Manager Administ ator Userd | Portal Admin You discover that all the users inthe subscription can access Compliance Manager reports. ‘The Compliance Manager Reader roles not assigned to any users You need to recommend a solution to prevent a user named UserS from accessing the Compliance Manager reports Solution: You recommene assigning the Compliance Manager Reader role to Use. Does that meet the goal? Aves B.No Correct Answer: A References hitpsldocs.microsoft.com/enus/ffice’6s/securtycompliance/working-with-compliance managerNote: This question is pat ofa series of questions that present the same ecenaro, Each question Inthe series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have @comect solution ‘After you answer a question inthis section, you will NOT be able to return tit, As a result these questions will not appear inthe eview seen, You have a Microsoft 365 subscription that contains the users shown inthe following table Name Role Userl | Compliance Manager Contibator seed | Compliance Manager Assessor User3__| Compliance Manager Administ ator Userd | Portal Admin You discover that all the users inthe subscription can access Compliance Manager reports. ‘The Compliance Manager Reader oles not assigned to any users You need to recommend a solution to prevent a user named Users from accessing the Compliance Manager reports. Solution: You recommend modifying the licenses assigned to Users. Does that meet the goal? Ayes B.No Comeet Answer: 5 References tpsfdocs.mlerosoft.com/en.us/ofce365/seculycompllance/working-with-compliance manager Note: This question is part of a series of questions that present the same scenario, Each question inthe series contains a unique solution that ‘ight meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have comect solution. After you answer a question in his section, you will NOT be able to return tit, As a result these questions will not appear inthe review seen, You have a Microsoft 365 subscription that contains the users shown inthe following table, Name Role Userl | Compliance Manager Contibator seed | Compliance Manager Assessor User3__| Compliance Manager Administ ator Userd | Portal Admin You discover that all the users inthe subscription can access Compliance Manager reports. ‘The Compliance Manager Reader oles not assigned to any users, You need to recommend a solution to prevent a user named Users from accessing the Compliance Manager reports. Solution: You recommend assigning the Compliance Manager Reade role to User Does that met the goal? Ayes B.No Comeet Answer: 5 References hntpsffdoes. microsoft. com/en-us/aficed65/seculycomplance/working-with-compliance-managerYou have a Microsoft 266 subscription. You enable auditing forthe subscription. You plan to provide @ user named Aueitor with the ability to review audit logs, You add Autor tothe Global admin stator role group. Several day later, you discover that Auditor disabled auditing You remove Auditor fram the Global administrator role group and enable austing You need to modify Auditor to meet the fllowing requirements =» Be prevented from disabling auling Use the principle of least privilege “> Be able to review the audit log To which ole group should you ad Autor? A. Security reader 8. Compliance administrator ©. Seouty operator . Securty administrator Correct Answer: © References hitpsffdoes microsoft. com/en-us/ofices65/securycomplance/permissions-i-the-securty-and-compliancecenter You have a Microsoft 266 subscription. You have a team named Team! in Microsoft Teams. You plan to pace all the content in Teamt on hold You need to identify which mailbox and which Microsoft SharePoint site collection are associated to Team Which omelet shoul you use? A. Get UnifiedGroup B. Get MailUser ©. GetTeamMessagingSetings . GetTeamchanne Correct Answer: ANote: This question is pat ofa series of questions that present the same scenaro, Each question Inthe series contains a unique solution that right meet the stated goals. Some questions sets might have more than one correct solution, while oters might not have corect solution ‘After you answer a question inthis section, you will NOT be able to return tit, As a result these questions will not appear inthe review seen, You have a Microsoft 365 subscription that contains th users shown inthe following table Name Role Userl | Compliance Manager Contibator seed | Compliance Manager Assessor User3__| Compliance Manager Administ ator Userd | Portal Admin You discover that all the users inthe subscription can access Compliance Manager reports. ‘The Compliance Manager Reader oles not assigned to any users You need to recommend a solution to prevent a user named Users from accessing the Compliance Manager reports. Solution: You recommend removing Use ftom the Compliance Manager Contributor cle Does that met the goal? Aes B.No Comeet Answer: 5 References tpsifdoes.mlerosoft.com/en.us/ofce365/seculycompllance/working-with-compliance manager Topic 5 - Teste 1Introductory info This is a case study. Case studies are not timed separately. You can use as much exam time as you would lke to complete each case. However, there may be addtional case studies and sections on ths exem. You must manage your time to ensure that you are able to complete all questions Included on this exam inthe time provided, To answer the questions included ina case study, you will need to reference information tat is provide inthe case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described inthe case study. Each question is Independent ofthe other questions inthis case stud [Atte end ofthis case study a review screen wll appear. This screen allows you to review your answers and to make changes before you move to the next section ofthe exam, fer you begin anew section, you cannot return to this section, To startthe case study To display the fist question in his case study, click the Next button. Use the buttons in the lft pane to explore the content of the case study before you answer the questions. Clicking these button displays information such as business requements exiting envconment, and problem statements. I the case study hasan Al Information tb, note thatthe information displayed is identical to the information displayed onthe ‘subsequent tabs. When you are ready to answer a question, click the Question button to return tothe question, overview - Fabrikam Inc. is manufacturing company that sell products through partner etal stores. Fabrikam has 500 employees located in ofces throughout Europe Existing Environment Network infrastructure The network contains an Active Ditectry forest named fabrkam.com. Fabikam has a hybrid Mierosoft Azure Active Diectry (Azure AD) environment The company maintains some on-premises servers fr specific applications, but most enduser applications are provided by a Micrasoft 265 £5 subscription. Problem Statements Fabrikam identifies the following issues: Since lst Friday, the IT team has been receiving automated email messages that contain “Unhealthy Identity Synchronization Notification inthe subject line Several uses recently opened email attachments that contained malware. The process to remove the malware was time consuming Requirements ~ Planned Changes Fabrikam plans 1 implement te following changes: Fabrikam plan to monitor and investigate suspicious sigrins to Active Directory rikam plans to provide partners with access to some ofthe data stored in Microsoft 365 ‘Application Administration - Fabrikam identifies the following application requirements for managing workload applications: User administrators will work from sifferent counties User administrators willuse the Azure Active Directory admin center Two new administrators named Admin! and Admin2 wil be responsible for managing Microsoft Exchange Online only Security Requirements ~ Fabrikam identifies the following security requitements: ‘Access tothe Azure Active Directory admin center by the user administrators must be reviewed every seven days an administrator falls to respond to an access request within the days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hous ta time. Global Aacminitrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named Usert must be able tosend invitations ‘Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use mul-actor authentication (MFA) when signing in from an anonymous or an unfamiliar location ‘The location ofthe user administrators must be audited wien the administrators authenticate to Azure AD mail messages that include attachments containing malware must be delvered without the attachment The principle of least prvlege must be used whenever possible Question [An administrator configures Azure AD Privileged Identity Menagement as shown in the following exhibit Exhange Administrator - Members +Add member _X Remove member = Access eviews dh Expo’ QO Refiesh Assigument ype | Search, Q Search by members name Member Email ASSIGNMENT TYPE, EXPIRATION Admint Admini @M36Sx901434.onmictosoft.com Permanent - ‘Admin Admin2@M3653901434.ommicrosof.com Eligible : What should you do to meet the secur requirements? ‘A. Change the Assignment Type for Admin2 to Permanent 8B. From the Azure Active Directory admin center, assign the Exchange administrator role to Admin2 (From the Azute Active Directory admin center, remove the Exchange administrator role to Admint Change the Assignment Type for Admint to Eligible Correct Answer: DIntroductory info This is a case study. Case stuies are not timed separately. You can use as much exam time as you would lke to complete each case. However, there may be addtional case studies and section on ths exem. You must manage your time to ensure that you are able to complete all questions Included on this exam inthe time provided, To answer the questions included ina case study, you will need to reference information tat is provided inthe case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described inthe case study. Each question is Independent ofthe other questions inthis case stud [Ate end ofthis case study, a review screen wll appear. This screen allows you to review your answers and to make changes before you move to thenext section ofthe exam, After you begin anew section, you cannot return to this section, To start the case study To display the fist question in his case study, click the Next button. Use the buttons in the lft pane o explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements exiting envconment, and problem statements, I the case study hasan Al Information tb, note thatthe information displayed is identical to the information displayed onthe ‘subsequent tabs. When you ae ready to answer a question, click the Question button to return tothe question, overview - Fabrikam Inc. s manufacturing company that sell products through partner etal stores. Fabrikam has 500 employees located in ofces throughout Europe Existing Environment Network infrastructure ‘The network contains an Active Ditectry forest named fabrkam.com. Fabikam has a hybrid Mierosoft Azure Active Diectry (Azure AD) environment The company maintains some on-premises servers fr specific applications, but most end-user applications are provided by a Micasoft 265 £5 subscription. Problem Statements Fabrikam identifies the following issues: Since lst Friday, the I team has been receiving automated email messages that contain “Unhealthy Identity Synchronization Notification’ inthe subject line Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming. Requirements ~ Planned Changes Fabrikam plas 1 implement te following changes: Fabrikam plans to monitor and investigate suspicious sigrins to Active Directory ikam plans to provide partners with access to some ofthe data stored in Microsoft 365 ‘plication Administration - Fabrikam identifies the following application requirements for managing workload applications: User administrators will work from sifferent counties User administrators willuse the Azure Active Directory admin center Two new administrators named Admin! and Admin? wil be responsible for managing Microsoft Exchange Online only Security Requirements ~ Fabrikam identifies the following security requitements: ‘Access tothe Azure Active Directory admin center by the user administrators must be reviewed every seven days an administrator falls to respond to an access request within thre days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hous ta time. Global Aacminitrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators anda user named Usert must be able tosend invitations ‘Azure Advanced Threat Protection (ATP) must capture secuty group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use mul-actor authentication (MFA) when signing in from an anonymous r an unfamiliar location ‘The location ofthe user administrators must be audited when the administrators authenticate to Azure AD Email messages that include attachments containing malware must be delivered without the attachment The principle of least prvlege must be used whenever possible Question You need to recommend a solution forthe user administrator that meets the secur requirements for auditing, Which lade should you recommend using from the Azure Active Directory admin center? A Signins B. Azure AD Identity Protection . Authentication methods 1, Access review Correct Answer: A References apsffdacs.mierosoft. com en-us/azure/active-retory/teports monitring/concept-sighinsIntroductory info This is a case study. Case stuies are not timed separately. You can use as much exam time as you would lke to complete each case. However, there may be addtional case studies and sections on ths exem. You must manage your time to ensure that you are able to complete all questions Included on this exam inthe time provided, To answer the questions included ina case study, you will need to reference information that is provided inthe case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described inthe case study. Each question is Independent ofthe other questions inthis case stud [tthe end ofthis case study a review screen wll appear. This screen allows you to review yout answers and to make changes before you move to the next section ofthe exam, After you begin anew section, you cannot return to this section, To start the case study To display the fist question in his case study, click the Next button. Use the buttons in the lft pane o explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements exiting envconment, and problem statements. I the case study hasan All Information tb, note that the information displayed is identical to the information displayed onthe ‘subsequent tabs. When you ae ready to answer a question, click the Question button to return tothe question, overview - Fabrikam, Ine. Is manufacturing company that sells products through partner real stores. Fabrikam has 5,000 employees located in offices throughout Europe Existing Environment Network infrastructure ‘The network contains an Active Ditectry forest named fabrikam. com. Fabikam has a hybrid Mierosoft Azure Active Diectry (Azure AD) environment The company maintains some on-premises servers fr specific applications, but most end-user applications ae provided by a Micasoft 265 £5 subscription. Problem Statements Fabrikam identifies the following issues: Since lst Friday, the I team has been receiving automated email messages that contain “Unhealthy Identity Synchronization Notification inthe subject line Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming. Requirements ~ Planned Changes Fabrikam plans to implement the folowing changes: Fabrikam plans to monitor and investigate suspicious sigr-ins to Active Directory Fabrikam plans to provide partners with access to some of the data sted in Microsoft 365 ‘aplication Administration - Fabrikam identifies the following application requirements for managing workload applications: User administrators will wrk from sifferent counties User administrators willuse the Azure Active Directory admin center Two new administrators named Admin! and Admin2 wil be responsible for managing Microsoft Exchange Online only Security Requirements ~ Fabrikam identifies the following security requitements: [Access tothe Azure Active Directory admin center by the user administrators must be reviewed every seven days an administrator falls to respond to an access request within the days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hous ta time. Global ‘acminitrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named Usert must be able tosend invitations ‘Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use mul-actor authentication (MFA) when signing in from an anonymous or an unfamiliar location ‘The location ofthe user administrators must be audited when the aministrators authenticate to Azure AD mail messages that include attachments containing malware must be delivered without the attachment The principle of least prvlege must be used whenever possible Question HoTsPoT You plan to configure an access review to meet the secu requirements forthe workload administrators. You create an access review policy and specify the scope anda group. Which other setings should you configure? To answer, select the appropriate options inthe answer area, NOTE: Each correct selection is worth one pont. Hot ares Set the frequency to: Vv To ensure that access is removed if an administrator fails to respond, configure the: ‘Upon completion settings | v Advanced settings Programs Reviewers ‘Weekly ‘Monthly Correct ANSWEE: ro ensure that access és removed if an administrator fails to respond, configure the: VvIntroductory info This is a case study. Case stuies are not timed separately. You can use as much exam time as you would lke to complete each case. However, there may be addtional case studies and sections on ths exem. You must manage youtime to ensure that you are able to complete all questions Included on this exam inthe time provided, To answer the questions included ina case study, you will need to reference information that i provide inthe case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described inthe case study. Each question is Independent ofthe other questions inthis case stud [Atte end ofthis case study, a review screen wll appear. This screen allows you to review yout answers and to make changes before you move to the next section ofthe exam, After you begin anew section, you cannot return to this section, To start the case study To display the fist question in his case study, click the Next button. Use the buttons in the lft pane o explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements exiting envconment, and problem statements. I the case study hasan All Information tb, note thatthe information displayed is identical to the information displayed onthe ‘subsequent tabs. When you ae ready to answer a question, click the Question button to return tothe question. overview - Fabikam Inc. s manufacturing company that sell products through partner etal stores. Fabrikam has 5000 employees located in ofces throughout Europe Existing Environment Network infrastructure ‘The network contains an Active Ditectry forest named fabrikam. com. Fabrikam has a hybrid Mirosoft Azure Active Diectry (Azure AD) environment The company maintains some on-premises servers fr specific applications, but most end-user applications are provided by a Microsoft 265 £5 subscription. Problem Statements Fabrikam identifies the following issues: Since lst Friday, the I team has been receiving automated email messages that contain “Unhealthy Identity Synchronization Notification inthe subject line Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming. Requirements ~ Planned Changes Fabrikam plas 1 implement te following changes: Fabrikam plan 10 monitor and investigate suspicious sigrins to Active Directory rikam plans to provide partners with access to some ofthe data stored in Microsoft 365 ‘aplication Administration ~ Fabrikam identifies the following application requirements for managing workload applications: User administrators will wrk from sifferent counties User administrators willuse the Azure Active Directory admin center Two new administrators named Admin! and Admin2 will be responsible for managing Microsoft Exchange Online only. Security Requirements ~ Fabrikam identifies the following security requtements: ‘Access tothe Azure Active Directory admin center by the user administrators must be reviewed every seven days fan administrator falls to respond to an access request within the days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hous at a time. Global ‘acminitrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named User! must be able tosend invitations ‘Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use mul-actor authentication (MFA) when signing in from an anonymous o an unfamiliar location ‘The location ofthe user administrators must be audited when the administrators authenticate to Azure AD ail messages that include attachments containing malware must be delivered without the attachment The principle of least prvlege must be used whenever possible Question You need to recommend a solution to protect the signs of Admin? and Amin. What should you include inthe recommendation? ‘A.a device compliance policy Ban access review . user sk paley a signin risk policy rect Answer: C References apsfdocs.microsoft.com/en-us/azute/activeirectory/identiyprotecion/howtowservisk policyIntroductory info This is a case study. Case studies are not timed separately. You can use as much exam time as you would lke to complete each case. However, there may be addtional case studies and sections on ths exem. You must manage your time to ensure that you are able to complete all questions Included on this exam inthe time provided, To answer the question included ina case study, you will need to reference information tat is provide in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described inthe case study. Each question is Independent ofthe other questions inthis case stud [tthe end ofthis case study a review screen wll appear. This screen allows you to review yout answers and to make changes before you move to the next section ofthe exam, After you begin anew section, you cannot return to this section, To startthe case study To display the fist question in his case study, click the Next button. Use the buttons in the lft pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements exiting envconment, and problem statements, I the case study hasan Al Information tb, note that the information displayed is identical to the information displayed onthe ‘subsequent tabs. When you ae ready to answer a question, click the Question button to return tothe question, overview - Fabrikam Inc. s manufacturing company that sell products through partner etal stores. Fabrikam has 5000 employees located in ofces throughout Europe Existing Environment: Network infrastructure The network contains an Active Ditectry forest named fabrikam. com. Fabrikam has a hybrid Mierosoft Azure Active Diectry (Azure AD) environment. The company maintains some on-premises servers fr specific applications, but most end-user applications are provided by a Micasoft 265 £5 subscription. Problem Statements Fabrikam identifies the following issues: Since lst Friday, the I team has been receiving automated email messages that contain “Unhealthy Identity Synchronization Notification inthe subject line Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming Requirements ~ Planned Changes Fabrikam plans 1 implement te following changes: Fabrikam plan to monitor and investigate suspicious sigrins to Active Directory ikam plans to provide partners with access to some ofthe data stored in Microsoft 365 ‘aplication Administration - Fabrikam identifies the following application requirements for managing workload applications: User administrators will wrk from sifferent counties User administrators willuse the Azure Active Ditectory admin center Two new administrators named Admin! and Admin? wil be responsible for managing Microsoft Exchange Online only Security Requirements ~ Fabrikam identifies the following security requitements: [Access tothe Azure Active Directory admin center by the user administrators must be reviewed every seven days an administrator falls to respond to an access request within the days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hous at a time. Global ‘agminitrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named Usert must be able tosend invitations ‘Azure Advanced Threat Protection (ATP) must capture seculy group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use multifactor authentication (MFA) when signing in from an anonymous r an unfamiliar location ‘The location ofthe user administrators must be audited wen the administrators authenticate to Azure AD Email messages that include attachments containing malware must be delivered without the attachment The principle of least prvlege must be used whenever possible Question You need to resolve the issue that targets the automated emall messages tothe IT team, Which tool should you un fst? ‘A Synchronization Service Manager B. Azure AD Connect ward . Synchronization Rules Edtor 0. Fic Correct Answer: 5 References tpsf/dacs.mierosoft.com/en-s/ofice265/enterpris/fix problems-with-irectory- synchronization Topic 6 - Testlet 2Introductory info overview - itware Inc. isa fnancil company that has 1,000 uses in its main ofice in Chicago and 100 users ina branch ofice in San Francisco, Existing Environment Internal Network Infrastructure The network contains a single domain forest. The forest functional levels Windows Server 2016. Users are subject to sign-in hur restrictions as defined in Active Directory The network has theIP address range shown in the following table. ‘Location address range ‘cheago fice ternal network 192.1660.0/20 ‘Chicago ofce perimeter network a7216.0.0/28 ‘Chicago ofice external network 331.10783.0/38 San Francisco fie internal netwerk | 192.168.16.0/20 ‘SanFrancscoofce perimeter network —[172.16.16.0/28 ‘San Farctcoofce external network | 131.107.6218)50 The ofces connect by using Multiprotocol Label Switching (MPLS). The fllowing operating systems are used onthe network Windows Server 2016 Windows 10 Enterprise Windows 8.1 Enterprise The internal network contains the systems shown inthe following table. ‘fice Name Configuration [hago ‘ch Domain controler hago bez Domain controler ‘hieago seve SeNeserver Litware uses a third-party email system. Cloud Infrastructure Litware recently purchased Mirosoft 365 subscription lcenses for all users. Microsoft Azure Active Directory (Azure AD} Connecti installed and uses the default authentication settings, User accounts are nt yet synced to ‘awe AD. You have the Microsoft 365 users and groups shown in the following table ‘name [abjecttype[ bescrption ‘Group'i | secur group | group fr testing Azure and ierosof 35 funcionay seri | Veer ‘lest sor who isa member of Group User | User ‘Rost usr who sa membor of Group Users | User ‘Atast usar who is membar of Groups sera | User [an admintrtor Guest | cues urar ‘guest ser Planned Changes Litware plans to implement the following changes: Migrate the eal system to Microsoft Exchange Online Implement Azure AD Privileged Identity Management Security Requtements~ Litware identities the following security requirements: Create & group named Group? that wil include ll the Azure AD ser accounts, Group? willbe used to provide imited access to Windows, Analytics Create & group named Group3 that willbe used to apply Azure Information Protection polices to pilot users. Group3 must only contain user accounts Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest Prevent users locked out of Actve Directory from signing nto Azure AD and Active Directory Implement a permanent eligible assignment ofthe Complance administrator role for UserT Integrate Windows Defender and Windows Defender ATP on domainjoined serversPrevent access to Azure resources forthe guest user accounts by default, Ensure that all domain-joined computers ae registered to Azure AD Multbfactor authentication (MFA) Requirements Security features of Microsoft office 365 and Azur wl be tested by using pilot Azure user accounts. You identity the folowing requirements for testing MFA. Pilot users must use MFA unless they are signing in from the internal network ofthe Chicago office. ‘must NOT be used onthe Chicago office internal network If an authentication attempt is suspicious, MFA must be used, regardless ofthe user location ‘Any disruption of legitimate authentication attempts must be minimized General Requirements - Litware wants to minimize the deployment of addtional servers and services inthe Activ Directory forest Question You need to create Group. What ae two possible ways to create the group? ‘A. an Ofce 365 group nthe Microsoft 265 admin center 8. a malhenabled secuty group inthe Microsoft 365 admin center C. a security group inthe Microsoft 365 admin center 0. a distbuton st in the Microsoft 365 admin center Ea secutty group the Azure AD admin center Comeet Answer: CEIntroductory info overview - itware Inc. isa fnancil company that has 1,000 users in its main ofc in Chicago and 100 users ina branch ofice in San Francisco, Existing Environment Internal Network Infrastructure The network contains a single domain forest. The forest functional levels Windows Server 2016. Users ae subject to sign-in hur restrictions as defined in Active Directory The network has theIP address range shown in the following table. ‘Location address range ‘cheago fice ternal network 192.1660.0/20 ‘Chicago ofce perimeter network a7216.0.0/28 ‘Chicago ofice external network 331.10783.0/38 San Francisco fie internal netwerk | 192.168.16.0/20 ‘SanFrancscoofce perimeter network —[172.16.16.0/28 ‘San Farctcoofce external network | 131.107.6218)50 The ofces connect by using Multiprtocol Label Switching (MPLS). The fllowing operating systems are used onthe network Windows Server 2016 Windows 10 Enterprise Windows 8.1 Enterprise The internal network contains the systems shown inthe following table. ‘fice Name Configuration [hago ‘ch Domain controler hago bez Domain controler ‘hieago seve SeNeserver Litware uses a third-party email system. Cloud Infastructure Litware recently purchased Miosoft 365 subscription lcenses for all users. Microsoft Azure Activ Directory (Azure AD) Connecti installed and uses the default authentication settings, User accounts are nat yet synced to ‘aur AD. You have the Microsoft 365 users and groups shown in the following table ‘name [abjecttype[ bescrption ‘Group'i | secur group | group fr testing Azure and ierosof 35 funcionay seri | Veer ‘lest sor who isa member of Group User | User ‘Rost usr who sa membor of Group Users | User ‘Atast usar who is membar of Groups sera | User [an admintrtor Guest | cues urar ‘guest ser Planned Changes Latware plans to implement the following changes: Migrate the eal system to Microsoft Exchange Online Implement Azure AD Privileged Identity Management Secunty Requirements Litware identities the following security requirements: Create & group named Group? that wil include all the Azure AD user accounts, Group? willbe used to provie limited access to Windows. Analytios Create & group named Group3 that willbe used to apply Azure Information Protection polices to pilot users. Group3 must only contain user accounts Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest Prevent users locked out of Actve Directory from signing nto Azure AD and Active Directory Implement a permanent eligible assignment ofthe Complance administrator role for UserT Integrate Windows Defender and Windows Defender ATP on domainjoined serversPrevent access to Azure resources forthe guest user accounts by default, Ensure that all domaijoined computers ae registered to Azure AD Multefactor authentication (MFA) Requirements Security features of Microsoft Office 365 and Azure wl be tested by using pilot Azure user accounts. You identity the following requirements for testing MFA. Pilot users must use MFA unless they are signing in fromthe internal network ofthe Chicago office. must NOT be used onthe Chicago office internal network If an authentication attempt is suspicious, MFA must be used, regardless ofthe user location ‘Any disruption of legitimate authentication attempts must be minimized General Requirements - Litware wants to minimize the deployment of addtional servers and services inthe Active Directory forest Question Which IP address space should you include inthe MFA configuration? A. 131.107.830728 8. 192:168.16.0720 c.1m160.0726 0. 192168.0.0/20 Correct Answer:Introductory info overview - Litware In. isa fnancial company tat has 1000 users in is main office in Chicago and 100 users ina branch ofice in San Francisco. Existing Environment Internal Network Infrastructure The network contains 2 single domain forest. The forest functional levels Windows Server 2016. Users are subject to sign-in hur restrictions as defined in Active Directory The network has theIP address range shown in the following table. ‘Location address range ‘cheago fice ternal network 192.1660.0/20 ‘Chicago ofce perimeter network a7216.0.0/28 ‘Chicago ofice external network 331.10783.0/38 San Francisco fie internal netwerk | 192.168.16.0/20 ‘SanFrancscoofce perimeter network —[172.16.16.0/28 ‘San Fanetcoofce external network | 131.107.6218/52 The offices connect by using Multiprtocol Label Switching (MPLS). The following operating systems are used onthe network Windows Server 2016 Windows 10 Enterprise Windows 8.1 Enterprise The intemal network contains the systems shown inthe following table. ‘fice Name Configuration [hago ‘ch Domain controler hago bez Domain controler ‘hieago seve SeNeserver Litware ses a third-party email system. Cloud Infastructure Litware recently purchased Miosoft 365 subscription lcenses for all users. Microsoft Azure Active Directory (Azure AD) Connecti installed and uses the default authentication settings, User accounts are nat yet synced to ‘aure AD. You have the Microsoft 365 users and groups shown in the following table ‘name [abjecttype[ bescrption ‘Group'i | secur group | group fr testing Azure and ierosof 35 funcionay seri | Veer ‘lest sor who isa member of Group User | User ‘Rost usr who sa membor of Group Users | User ‘Atast usar who is membar of Groups sera | User [an admintrtor Guest | cues urar ‘guest ser Planned Changes Latware plans to implement the following changes: Migrate the eal system to Microsoft Exchange Online Implement Azure AD Privileged ldentty Management Secunty Requtements~ Litware identities the following security requirements: Create & group named Group? that will include ll the Azure AD user accounts, Group? willbe used to provide limited access to Windows. Analytos Create & group named Group3 that willbe used to apply Azure Information Protection polices to pilot users. Group3 must only contain user accounts Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest Prevent users locked out of Actve Directory from signing nto Azure AD and Active Directory Implement a permanent eligible assignment ofthe Complance administrator role for User? Integrate Windows Defender and Windows Defender ATP on domainjoined serversPrevent access to Azure resources forthe guest user accounts by default, Ensure that all domajoined computers ae registered to Azure AD Multbfactor authentication (MFA) Requirements Security features of Microsoft Office 365 and Azure wl be tested by using pilot Azure user accounts. You identity the following requirements for testing MFA. Pilot users must use MFA unless they are signing in from the internal network ofthe Chicago ofce. MFA must NOT be used on the Chicago ofce internal network If an authentication attempt is suspicious, MFA must be used, regardless ofthe user location Any disruption of legitimate authentication attempts must be minimized General Requirements - Litware wants to minimize the deployment of addtional servers and services inthe Activ Directory forest Question HOTSPOT How should you configure Group2? To anwer, select the appropriate options in the answer area NOTE: Each correct selection is worth one point Hot res Answer Area ‘Group typé [An Office 365 group in the Microsoft 365 admin center A security group in Active Directory Users and Computers. |A security group in the Azure Active Directory admin center Group membership criteria: Ww |A dynamic distribution list dynamic membership rule with an Advanced rule set to Allusers |A dynamic membership rule with a Simple rule set to userType Equals User Answer Area Group type: v [An Oice 363 group in the Microsoft 365 adnin center [A security group in Active Dectory Users and Computers Correct Answer: [A security group in the Azure Active Directory admin center Group membership criteria: Vv [A dynamic distribution Ist [A dynamic membership rule with an Advanced reset to All users |A dynamic membership rae with a Simple re set to userType Equals UserIntroductory info overview - itware Inc. isa fnancil company that has 1,000 uses in its main ofice in Chicago and 100 users ina branch ofice in San Francisco, Existing Environment Internal Network Infrastructure The network contains 2 single domain forest. The forest functional levels Windows Server 2016. Users ae subject to sign-in hur restrictions as defined in Active Directory The network has theIP address range shown in the following table. ‘Location address range ‘cheago fice ternal network 192.1660.0/20 ‘Chicago ofce perimeter network a7216.0.0/28 ‘Chicago ofice external network 331.10783.0/38 San Francisco fie internal netwerk | 192.168.16.0/20 ‘SanFrancscoofce perimeter network —[172.16.16.0/28 ‘San Farctcoofce external network | 131.107.6218)52 The offices connect by using Multiprotocol Label Switching (MPLS). The fllowing operating systems are used onthe network Windows Server 2016 Windows 10 Enterprise Windows 8.1 Enterprise The intemal network contains the systems shown inthe following table ‘fice Name Configuration [hago ‘ch Domain controler hago bez Domain controler ‘hieago seve SeNeserver Litware uses a third-party email system. Cloud Infastructuce Litware recently purchased Mirosoft 365 subscription lcenses for all users. Microsoft Azure Activ Directory (Azure AD} Connecti installed and uses the default authentication settings, User accounts are nat yet synced to ‘aur AD. You have the Microsoft 365 users and groups shown in the following table ‘name [abjecttype[ bescrption ‘Group'i | secur group | group fr testing Azure and ierosof 35 funcionay seri | Veer ‘lest sor who isa member of Group User | User ‘Rost usr who sa membor of Group Users | User ‘Atast usar who is membar of Groups sera | User [an admintrtor Guest | cues urar ‘guest ser Planned Changes Latware plans to implement the following changes: Migrate the ema system to Microsoft Exchange Online Implement Azure AD Privileged Identity Management Securty Requtements~ Litware identities the following security requirements: Create & group named Group? that wil include ll the Azure AD user accounts, Group? willbe used to provide imited access to Windows. Analytios Create & group named Group3 that willbe used to apply Azure Information Protection polices to pllt users. Group3 must only contain user accounts Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest Prevent users locked out of Actve Directory from signing nto Azure AD and Active Directory Implement a permanent eligible assignment ofthe Complance administrator role for User? Integrate Windows Defender and Windows Defender ATP on domainjoined serversPrevent access to Azure resources forthe guest user accounts by default, Ensure that all domai-joined computers ae registered to Azure AD Multbfactor authentication (MFA) Requirements Security features of Microsoft Office 365 and Azur wl be tested by using pilot Azure user accounts. You identity the following requirements for testing MFA. Pilot users must use MFA unless they are signing in from the internal network ofthe Chicago ofce. MFA must NOT be used on the Chicago ofice internal network if an authentication attempt is suspicious, MFA must be used, regardless ofthe user location Any disruption of legitimate authentication attempts must be minimized General Requirements - Litware wants to minimize the deployment of addtional servers and services inthe Active Directory forest Question HoTsPoT How should you configure Azure AD Connect? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point Hot re: Answer Area User sign-in settings: vy |Password Synchronization with single-sien on [Pate Guongh authentication wih singlétiga'om, |Federation with Active Director Federation Services (AD FS) Device options: iv | Hybrid Azure AD Join |Enable Device writeback Disable Device wteback Answer Area ‘User sign-in settings: |Password Synchronization with single-sign on authentication wit single siga-on Correct Answer: [Federation with Active Director Federation Services (AD FS) Device options: Topic 7-7Introductory info overview - ‘Contos, Ltd. is & consulting company that has a main office in Montreal and thre branch offices in Seattle, and New York ‘The company has the offices shown inthe following table Tecation ‘Employees | Laptops Desktops ‘Mobile devices ‘compaters ‘Montreal 7300 700) 300 310 ‘Seat 1000) 1100) 200) 1,300 New Yor 300 30 30 200. CContoso has 17, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365, Existing Environment Infestrcture The network contains an Active Directory domain named contoso.com thats synced toa Microsoft Azure Active Diectory (Azure AD) tenant Password witeback is enabled ‘The doman contains servers that un Windows Server 2016. The domain contains laptops and desktop computer that run Windows 10 Enterprise. ch client computer has a single volume. Each ofce connects tothe Interne by using a NAT device. The ofices have the IP addresses shown inthe following table. Location TP address space | Public NAT segment ‘Montreal 10.100.0116 190.15.1.0/24 Seattle 172.16.0.0/16 194.252.0724 ‘New York 192.168.0018 | 198 353.0004 famed locations are defined in Azure AD as shown in the following table TP address range | Trusted 10.10.0,076 Yes 192.168.0016 | No From the Mult-Factor Authentication page, an adoress space of 198.35.3.0/24 is defined in the trusted IPs ist ‘Azure Mul-Factor Authentication (MEA) is enabled forthe users in the finance department, ‘The tenant contains the users shown inte following able Name] User type | City Role ‘User! | Member | Seattle | None ‘User? | Member | Sea Paseword administrator Users | Member | SEATILE [None Users | Guest SEA ‘None Users | Member | Londoa | None. Users | Member | Londoa | Customer LookBox Acces Approver oer! | Member | Sydney | Reports reader ‘User8 | Member | Sydney | User administrator User) | Member | Montreal | None he tenant contains the groups showin the following table. ‘Name Group type __[Dynamicmembership rule ‘ADGroupi Security user.city- contains “SEA” ADGroup2 Office 365 [user.city-match “Sea*” ustomer Lockbox is enabled in Microsoft 365. Microsoft Intune Configuration ‘The devices envlled in Inune are configured as shown in the following table ‘Name | Platform Encryption | Member of Device! | Android Disabled GroupA, Groupe Devieed | Windows 10 | Enabled ‘GroupB, Groupe ‘Device! | Android Disabled ‘Group, Groupe ‘Device | Windows 10 | Disabled Groupe Devices [108 ‘Not applicable | GroupA Devices | Windows 10 | Enabled NoweThe device compliance policies in Intune are configured as shown inthe following table Name Platform Eacnpiion Aesgned DevieePalicyd Android Net configured Yee DevicePolicy? Windows 10 ‘Requred Yee DeviesPoliey3 Android Required Yes ‘The device compliance policies have the assignments shown inthe following table Name. Tnctade Fxcade DevicePalies] GrovgC None DevicePolicy2 ‘GrovgB Grow DevieeDalien3 GroupA ‘None The Mark devices with no compliance policy assigned as setting i set to Compliant, Requirements ~ Technical Requirements CContoso identifies the following techrical requirements: Use the principle of least privilege rable User! to assign the Reports reader role to users Ensure that User6 approves Customer Lockbox requests as quickly as possible Ensure that User9 can implement Azure AD Privileged Identity Management Question HOTSPOT Which users are members of ADGroup! and ADGroup2? To answer, select the appropriate options inthe answer area, NOTE: Each correct selection I worth one pont Hot res Answer Area ADGroupl: % User} and User? only |User2 and User4 only [User3 and Usert only lUserl, User2, User3, and Users ADGroup2: [Gor > [Usert and User? only |User2 and User4 only |User3 and User4 only lUser!, User2, User3, and Users Answer Area am Pl None 7) User! and User2 only ser? and Userd only |User3 and User4 only Ceorect Answer: |User1, User2, User3, and Userd ADGrowp2: [Sone q jUsert and User2 only |User2 and Userd only lUser3 and Users only jUser), User2, User3, and Usert Reference: htpsifdocs microsoft. com/en-us/azure/activeirecory/users-groups-oles/groups-dynamic membershiptsupported-valuesIntroductory info overview - ‘Contos, Ltd. is & consulting company that has a main office in Montreal and thre branch offices in Seattle, and New York ‘The company has the offices shown inthe following table Tecation ‘Employees | Laptops Desktops ‘Mobile devices ‘compaters ‘Montreal 7300 700) 300 310 ‘Seat 1000) 1100) 200) 1,300 New Yor 300 30 30 200. CContoso has, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365, Existing Environment Infestrcture The network contains an Active Directory domain named contoso.com thats synced toa Microsoft Azure Active Diectory (Azure AD) tenant Password wrteback is enabled ‘The domaln contains servers that un Windows Server 2016. The domain contains laptops and desktop computer that run Windows 10 Enterprise. ch lent computer has a single volume. Each ofce connects othe Interne by using a NAT device. The ofices have the IP addresses shown inthe following table Location TP address space | Public NAT segment ‘Montreal 10.100.0116 190.15.1.0/24 Seattle 172.16.0.0/16 194.252.0724 ‘New York 192.168.0018 | 198 353.0004 famed locations are defined in Azure AD as shown inthe following table TP address range | Trusted 10.10.0,076 Yes 192.168.0016 | No From the Mult-Factor Authentication page, an aderess space of 198.35.3.0/24 i defined in the trusted IPs list ‘Azure Mult-Factor Authentication (MEA) is enabled forthe uses in the finance department, ‘The tenant contains the users shown inte follwing table Name] User type | City Role ‘User! | Member | Seattle | None ‘User? | Member | Sea Paseword administrator Users | Member | SEATILE [None Users | Guest SEA ‘None Users | Member | Londoa | None. Users | Member | Londoa | Customer LookBox Acces Approver oer! | Member | Sydney | Reports reader ‘User8 | Member | Sydney | User administrator User) | Member | Montreal | None he tenant contains the groups shown inthe following abl, ‘Name Group type __[Dynamicmembership rule ‘ADGroupi Security user.city- contains “SEA” ADGroup2 Office 365 [user.city-match “Sea*” Customer Lockbox is enabled in Microsoft 365. Microsoft Intune Configuration ‘The devices enrolled in Inune are configured as shown in the following table ‘Name | Platform Encryption | Member of Device! | Android Disabled GroupA, Groupe Devieed | Windows 10 | Enabled ‘GroupB, Groupe ‘Device! | Android Disabled ‘Group, Groupe ‘Device | Windows 10 | Disabled Groupe Devices [108 ‘Not applicable | GroupA Devices | Windows 10 | Enabled NoweName Platform Encryption Assigned DevieePalcyd Andesid ‘Not configured Yee DeviesPolicy? Windows 10 Requed Yes DevieePolicy3 ‘Android ‘Required, Yes ‘The device compliance policies have the assignments shown inthe following tale Name Tatas Feclad DeviePaley! Groupe None DevieePoliey? Grou Grout DesieePolievs ‘Group. ‘None The Mark devices with no compliance policy assigned as setting is set to Compliant. Requirement Technical Requirements CContoso identifies the following technical requirements: Use the principle of least privilege Enable Usert to assign the Reports reader role to users Ensure that User6 approves Customer Lockbox requests as quickly as possible Ensure that User9 can implement Azuce AD Privileged Ident Management Question HoTsPoT You ate evaluating which nance department users will be prompted for Azure MEA credentials, For each ofthe following statements, select Yes if the statements true. Otherwise, select No NOTE: Each correct selection is worth one pont, Hot Area: Answer Area Statements A finance department user who has an IP address from the Montreal ofice wil be prompted for Azure MFA credentials |A finance department user who works from home and who has aa IP address of 193.77.140.140 wil ‘be prompted for Anure MFA credentials, A finance department user who has an IP adéress from the New York ofice willbe prompted for Azure MFA credentials Correct Answer: Answer Area Statements ‘A inance department user who has an IP address from the Montreal office willbe prompted for Azure MFA credentials ‘A finance departnent user who works ftom home and who has an IP address of 193.77.140.140 wal bbe prompted for Ane MFA credentials. ‘A finance department user who has an TP address from the New York office wil be prompted for Azure (MFA credential,Introductory info overview - ‘Contos, Ltd. is & consulting company that has a main office in Montreal and thre branch offices in Seattle, and New York ‘The company has the offices shown inthe following table Tecation ‘Employees | Laptops Desktops ‘Mobile devices ‘compaters ‘Montreal 7300 700) 300 310 ‘Seat 1000) 1100) 200) 1,300 New Yor 300 30 30 200. CContoso has 1, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365, Existing Environment Infestrcture The network contains an Active Directory domain named contoso.com thats synced toa Microsoft Azure Active Diectory (Azure AD) tenant. Password wrteback is enabled ‘The domain contains servers that un Windows Server 2016. The domain contains laptops and desktop computer that run Windows 10 Enterprise. ch client computer has a single volume. Each ofce connects tothe Interne by using a NAT device. The ofices have the IP addresses shown inthe following table. Location TP address space | Public NAT segment ‘Montreal 10.100.0116 190.15.1.0/24 Seattle 172.16.0.0/16 194.252.0724 ‘New York 192.168.0018 | 198 353.0004 ‘aed locations are defined in Azure AD as shown inthe following table, TP address range | Trusted 10.10.0,076 Yes 192.168.0016 | No From the MultiFactor Authentication page, an aderess space of 198.35.3.0/24 i defined in the trusted IPs list ‘Azure Mult-Factor Authentication (MEA) is enabled forthe uses in the finance department, The tenant contains the users shown inte following table Name] User type | City Role ‘User! | Member | Seattle | None ‘User? | Member | Sea Paseword administrator Users | Member | SEATILE [None Users | Guest SEA ‘None Users | Member | Londoa | None. Users | Member | Londoa | Customer LookBox Acces Approver oer! | Member | Sydney | Reports reader ‘User8 | Member | Sydney | User administrator User) | Member | Montreal | None he tenant contains the groups shown inthe following abl. ‘Name Group type __[Dynamicmembership rule ‘ADGroupi Security user.city- contains “SEA” ADGroup2 Office 365 [user.city-match “Sea*” customer Lockbox is enabled in Microsoft 365 Microsoft Intune Coniguation ‘The devices envlled in Inune are configured as shown in the following table ‘Name | Platform Encryption | Member of Device! | Android Disabled GroupA, Groupe Devieed | Windows 10 | Enabled ‘GroupB, Groupe ‘Device! | Android Disabled ‘Group, Groupe ‘Device | Windows 10 | Disabled Groupe Devices [108 ‘Not applicable | GroupA Devices | Windows 10 | Enabled NoweThe device compliance policies in Intune are configured as shown inthe following table Name Platform Eacnpiion Aesgned DevieePalicyt Android Net configured Yes DevicePolicy? Windows 10 ‘Requred Yee DeviesPoliey3 Android Required Yes ‘The device compliance policies have the assignments shown inthe following table Name. Tnctade Fxcade DevicePalies] GrovgC None DevicePolicy2 GrovpB, Grow DevieeDalien3 GroupA ‘None The Mark devices with no compliance policy assigned as setting Is set to Compliant, Requirements ~ Technical Requirements CContoso identifies the following techrical requirements: Use the principle of leas privilege rable User! to assign the Reports reader role to users Ensure that User6 approves Customer Lockbox requests as quickly as possible Ensure that User9 can implement Azure AD Privileged Identity Management Question Which user passwords will User2 be prevented from resetting? A. User and User? 8. User and Users ©. User oly . User and Usera User only Correct Answer: ©Introductory info overview - ‘Contes, Ltd. is & consulting company that has a main office in Montreal and thre branch offices in Satie, and New York ‘The company has the offices shown inthe following table Tecation ‘Employees | Laptops Desktops ‘Mobile devices ‘compaters ‘Montreal 7300 700) 300 310 ‘Seat 1000) 1100) 200) 1,300 New Yor 300 30 30 200. CContoso has 1, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365, Existing Environment Infestrcture The network contains an Active Directory domain named contoso.com thats synced toa Microsoft Azure Active Diectory (Azure AD) tenant Password witeback is enabled ‘The doman contains servers that un Windows Server 2016. The domain contains laptops and desktop computer that run Windows 10 Enterprise. ch client computer has a single volume. Each ofce connec tothe Interne by using a NAT device. Th ofices have the IP addresses shown inthe fllowing table Location TP address space | Public NAT segment ‘Montreal 10.100.0116 190.15.1.0/24 Seattle 172.16.0.0/16 194.252.0724 ‘New York 192.168.0018 | 198 353.0004 famed locations are defined in Azure AD as shown inthe fllowing table TP address range | Trusted 10.10.0,076 Yes 192.168.0016 | No From the MultiFactor Authentication page, an adcress space of 198.35.3.0/24 i defined in the trusted IPs list ‘Azure Mult-Factor Authentication (MEA) is enabled forthe uses in the finance department, The tenant contains the users shown inte following table Name] User type | City Role ‘User! | Member | Seattle | None ‘User? | Member | Sea Paseword administrator Users | Member | SEATILE [None Users | Guest SEA ‘None Users | Member | Londoa | None. Users | Member | Londoa | Customer LookBox Acces Approver oer! | Member | Sydney | Reports reader ‘User8 | Member | Sydney | User administrator User) | Member | Montreal | None he tenant contains the groups shown inthe following abl. ‘Name Group type __[Dynamicmembership rule ‘ADGroupi Security user.city- contains “SEA” ADGroup2 Office 365 [user.city-match “Sea*” ‘customer Lockbox is enabled in Microsoft 365. Microsoft Intune Configuration ‘The devices enrolled in Inune are configured as shown in the following table ‘Name | Platform Encryption | Member of Device! | Android Disabled GroupA, Groupe Devieed | Windows 10 | Enabled ‘GroupB, Groupe ‘Device! | Android Disabled ‘Group, Groupe ‘Device | Windows 10 | Disabled Groupe Devices [108 ‘Not applicable | GroupA Devices | Windows 10 | Enabled NoweThe device compliance policies in Intune are configured as shown nthe following table Name Platform Eacnpiion Aesgned DevieePalicyh Android Net configured Yee DevicePolicy? Windows 10 ‘Requred Yee DeviesPoliey3 Android Required Yes ‘The device compliance policies have the assignments shown inthe following table Name. Tact Fxcade DevicePalies] GrovgC None DevicePolicy2 ‘GrovgB Grow DevieeDalien3 GroupA ‘None The Mark devices with no compliance policy assigned as setting Is set to Compliant, Requirements ~ Technical Requirements Contos identifies the following techrical requirements: Use the principle of least privilege Enable User to assign the Reports reeder ole to users sure that User6 approves Customer Lockbox requests as quickly as possible sure that User9 can implement Azure AD Privileged Identity Management Question You need to meet the tecrical requirements for User What should you do? {A Assign the Privileged administrator role to User9and configure a mobile hone number fr User9 B. Assign the Compliance administrator role to User9 and configure a mobile phone number for User9 (. Assign the Security administrator role to Users D. Assign the Global administrator ole to UserS Correct Answer: DIntroductory info overview - ‘Contos, Ltd. is & consulting company that has a main office in Montreal and thre branch offices in Seattle, and New York ‘The company has the offices shown inthe following table Tecation ‘Employees | Laptops Desktops ‘Mobile devices ‘compaters ‘Montreal 7300 700) 300 310 ‘Seat 1000) 1100) 200) 1,300 New Yor 300 30 30 200. CContoso has 17, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365, Existing Environment Infestrcture The network contains an Active Ditectory domain named contoso.com thats synced toa Microsft Azure Active Diectory (Azure AD) tenant Password wrteback is enabled ‘The domaln contains servers that un Windows Server 2016. The domain contains laptops and desktop computer that run Windows 10 Enterprise. ch client computer has a single volume. Each ofce connec othe Interne by using a NAT device. The ofices have the IP addresses shown inthe following table Location TP address space | Public NAT segment ‘Montreal 10.100.0116 190.15.1.0/24 Seattle 172.16.0.0/16 194.252.0724 ‘New York 192.168.0018 | 198.353.0004 ‘aed locations are defined in Azure AD as shown in the following table TP address range | Trusted 10.10.0,076 Yes 192.168.0016 | No From the MultiFactor Authentication page, an aderess space of 198.35.3.0/24 is defined in the trusted IPs list ‘Azure Mul-Factor Authentication (MEA) is enabled forthe uses in the finance department, The tenant contains the uses shown inte following table Name] User type | City Role ‘User! | Member | Seattle | None ‘User? | Member | Sea Paseword administrator Users | Member | SEATILE [None Users | Guest SEA ‘None Users | Member | Londoa | None. Users | Member | Londoa | Customer LookBox Acces Approver oer! | Member | Sydney | Reports reader ‘User8 | Member | Sydney | User administrator User) | Member | Montreal | None he tenant contains the groups shown inthe following abl. ‘Name Group type __[Dynamicmembership rule ‘ADGroupi Security user.city- contains “SEA” ADGroup2 Office 365 [user.city-match “Sea*” customer Lockbox is enabled in Microsoft 365 Microsoft Intune Configuration ‘The devices enrlled in Inune are configured as shown in the following table ‘Name | Platform Encryption | Member of Device! | Android Disabled GroupA, Groupe Devieed | Windows 10 | Enabled ‘GroupB, Groupe ‘Device! | Android Disabled ‘Group, Groupe ‘Device | Windows 10 | Disabled Groupe Devices [108 ‘Not applicable | GroupA Devices | Windows 10 | Enabled NoweThe device compliance policies in Intune are configured as shown inthe following table Name Platform Eacnpiion Aesgned DevieePalicyt Android Net configured Yes DevicePolicy? Windows 10 ‘Requred Yee DeviesPoliey3 Android Required Yes ‘The device compliance policies have the assignments shown nthe following table Name. Tnctade Fxcade DevicePalies] GrovgC None DevicePolicy2 GrovpB, Grow DevieeDalien3 GroupA ‘None The Mark devices with no compliance policy assigned as setting Is set to Compliant, Requirements ~ Technical Requirements Contos identifies the following techrical requirements: Use the principle of least privilege rable User’ to assign the Reports reader role to users Ensure that User6 approves Customer Lockbox requests as quickly as possible Eneure that User9 can implement Azure AD Privileged Identity Management Question Which ole should you assign to Usert? ‘A. Global administrator B. User administrator ©. Privileged role administrator . Securty administrator Correct Answer: © Topic 8 - Testlet 4Introductory info overview - Fabrikam, ne. is manufacturing company that sell products through partner etal stores, Fbrikam has 500 employees located in offices throughout Europe Existing Environment Network infrastructure The network contains an Active Director forest named fabrikam.com.,Fabrikam has a hybrid Mlerosoft Azure Active Directory (Azure AD) envionment The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 subscription. Problem Statements Fabikam dents the following issues: ‘Since lst Friday, the IT team has been receiving automated email messages tat contain “Unhealthy Identity Synchronization Notification inthe subject line ‘Several uses recently opened email attachments that contaned malware. The process to remove the malwate was time consuming Requirements ~ Planned Changes brikam plans to implement the following changes: Fabrikam plans to monitor and investigate suspicious sigr-ins to Active Directory Fabrikam plans to provide partners with access to some ofthe data stored in Microsoft 365, Application Administration ~ Fabrikam identifies the following application requirements for managing workload applications: User administrators will work tom different counties User administrators willuse the Azure Active Directory admin cemter ‘Two new administrators named Admin! and Admin2 will be responsible for managing Microsoft Exchange Online ony Security Requirements ~ Fabrikam identifies the folowing securty requirements: ‘Acoess tothe Azure Active Directory admin center bythe user administrators must be reviewed every seven days fan administrator falls to respond to an access request within thre days, aocess must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for upto three hous at a time, Global administrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named User! must beable to send + invitations ‘Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use mult-actor authentication (MFA) when signing in from an anonymous or an unfamiliar location ‘The location ofthe user administrators must be audited when the administrators authenticate to Azure AD all messages that include attachments contaning malware must be delivered without the attachment The principle of least privlege must be used whenever possible Question sOTSPOT You need to recommend an email malware solution that meets the secuiy requirements, What should you include nthe recommendation? To answer, select the aporoprat options inthe answer areaNOTE: Each correct selection is worth one point, ot Area Answer Area Policy to create: ATP safe attachments ¥ ATP Safe Links Exchange Online Anti-spam Exchange Online Anti-emalware Option to configure: Block v Replace Dynamic Delivery Monitor Quarantine message Answer Area Policy to create: ATP safe attachments ATP Safe Links Exchange Online Anti-spam Comact Answer: Exchange Online Anti-emalware Option to configure: Block Replace Dynamic Delivery Monitor Quarantine messageIntroductory info overview - Fabrikam, ne. is manufacturing company that sell products through partner etal stores, Fbrikam has 500 employees located in ofces throughout Europe Existing Environment Network infrastructure The network contains an Active Director frest named fabrikam.com,Fabrikam has a hybrid Mlerosoft Azure Active Directory (Azure AD) environment The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 subscription. Problem Statements Fabuikam dents the following issues: ‘Since lst Friday, the IT team has been receiving automated email messages tat contain “Unhealthy Identity Synchronization Notification inthe subject line Several users recently opened email attachments that contained malware. The process to remove the malware was time consuming Requirements ~ Planned Changes brikam plans to implement the following changes: Fabrkam plan to monitor and investigate suspicious sigr-ins to Active Directory Fabrikam plans to provide partners with access to some ofthe data stored in Microsoft 365, Application Administration ~ Fabrikam identifies the following application requirements for managing workload applications: User admiisteatrs will work tom different counties User administrators willuse the Aaue Active Directory admin cemter Two new administrators named Admin! and Admin? will be responsible for managing Microsoft Exchange Online only Security Requirements ~ Fabrikam identifies the folowing securty requirements: ‘Acoess tothe Azute Active Directory admin center by the user administrators must be reviewed every even days fan administrator falls to respond to an access request within three days, aocess must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time, Global administrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named User! must beable to send + invitations ‘Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use mult-actor authentication (MFA) when signing in from an anonymous or an unfamiliar location ‘The location ofthe user administrators must be audited when the administrators authenticate to Azure AD ‘all messages that include attachments contaning malware must be delivered without the attachment The principle of least privlege must be used whenever possible Question sOTSPOT You install Azure ATP sensors on domain controllers You adda member tothe Domain Admins group, You view the timeline in Azuce ATP and discover that information garding the membership change is missing You need to meet the security requirements for Azure ATP reporting, \What should you configure? To answer, select the appropriate options inthe answer area,NOTE: Each correct selection i worth one pont, Hot Area ‘Answer Area Policy to edit: ‘Audit setting to configure: ‘Answer Area Iv !Default Domain Controllers Policy [Default Domain Policy [A local policy on one domain controller iv ‘Audit User Account Management ‘Audit Computer Account Management ‘Audit Other Account Management Events ‘Audit Security Group Management Policy to edit iv Correct Answer: ‘Audit setting to configure: References [Defauit Domain Controllers Policy [Default Domain Policy [A local policy on one domain controler ‘Audit User Account Management ‘Audit Computer Account Management ‘Audit Other Account Management Events Audit Security Group Management hitpsifdoes.mierosoft.com/ensus/azureadvancedthreat-protecton/atp-advanced-audit policy Topic 9- Testlet 5Introductory Info ‘overview - Litware In. isa financial company tat has 1000 users in is main office in Chicago and 100 users ina branch office in San Francisco. Existing Environment Internal Network Infrastructure ‘The network contains a single éomain forest. The forest functional levels Windows Server 2016 Users are subject to sign-in hur restrictions as defined in Active Directory ‘The network has theIP addtess range shown in the following table ‘Location address range ‘cheago fice ternal network 192.1660.0/20 ‘Chicago ofce perimeter network a7216.0.0/28 ‘Chicago ofice external network 331.10783.0/38 San Francisco fie internal netwerk | 192.168.16.0/20 ‘SanFrancscoofce perimeter network —[172.16.16.0/28 ‘San Faretcoofce external network | 131.107.6218)50 The ofces connect by using Mltiprotocol Label Switching (MPLS). ‘The following operating systems are used onthe network Windows Server 2016 Windows 10 Enterprise Windows 8.1 Enterprise The interal network contains the systems shown inthe following table ‘fice Name Configuration [hago ‘ch Domain controler hago bez Domain controler ‘hieago seve SeNeserver Litware uses a third-party emall system. Cloud Infrastructure Litwace recently purchased Miorosoft 265 subscription lcenses for all users. Microsoft Azure Active Directory (Azure AD} Connects installed and uses the default authentication settings. User accounts are nat yet synced to ‘aue AD. You have the Microsoft 365 users and groups shown nthe fllowing table ‘name [abjecttype[ bescrption ‘Group'i | secur group | group fr testing Azure and ierosof 35 funcionay seri | Veer ‘lest sor who isa member of Group User | User ‘Rost usr who sa membor of Group Users | User ‘Atast usar who is membar of Groups sera | User [an admintrtor Guest | cues urar ‘guest ser Planned changes Litware plans to implement the folowing changes: Migeat the email system to Microsoft Exchange Online Implement Azure AD Privileged identity Management Security Requirements - Litware identities the following security requirements: Create & group named Group? that will include all the Azure AD user accounts. Group2 willbe used to provide limited access to Windows Analytics Create a group named Group2 that willbe used to apply Azure Information Protection polices to pllt users. Group must only contain user accounts Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest Prevent users locked out of Actve Director ftom signing into Azure AD and Active Directory Implement a permanent eligible essignment ofthe Compliance administrator role for User?Integrate Windows Defender and Windows Defender ATP on domainjoined servers Prevent access to Azure resources for the quest user accounts by default sure that all domeinoined computers are registered to Azure AD Mulbfactor authentication (MEA) Requirements Security features of Microsoft Office 265 and Azute wl be tested by using pilot Azure user accounts. You identity the folowing requirements for testing MFA, Pilot users must use MFA unless they are signing in from the internal network ofthe Chicago ofce. MFA must NOT be used on the Chicago office Internal network If an authentication attempt is suspicious, MFA must be used, regardless ofthe use location Any disruption of legitimate authentication attempts must be minimized ‘General Requirements - Litwace wants to minimize the deployment of addtional servers and services in the Active Ditectry forest Question ORAG DROP. You need to confgute threat detection for Active Directoy. The solution must meet the secuttyrequiements Which thre actions should you perform in sequence? To answer, move the appropriate actions from the list of actions tothe answer area and arrange them inthe corect order. Select and Pace: Correct Answer: ExplanationIntroductory info overview - itwate Inc. is financial company that has 1,000 uses in its main ofice in Chicago and 100 users ina branch ofice in San Francisco, Existing Environment Internal Network Infrastructure The network contains a single domain forest. The forest functional levels Windows Server 2016. Users are subject to sign-in hur restrictions as defined in Active Directory The network has theIP address range shown in the following table. ‘ocation address range ‘cheago fice ternal network 192.1660.0/20 ‘Chicago ofce perimeter network a7216.0.0/28 ‘Chicago ofice external network 331.10783.0/38 San Francisco fie internal netwerk | 192.168.16.0/20 ‘SanFrancscoofce perimeter network —[172.16.16.0/28 ‘San Faretcoofce external network | 131.107.6218)52 The offices connect by using Multiprtocol Label Switching (MPLS). The fllowing operating systems are used onthe network Windows Server 2016 Windows 10 Enterprise Windows 8.1 Enterprise The intemal network contains the systems shown inthe following table. ‘fice Name Configuration [hago ‘ch Domain controler hago bez Domain controler ‘hieago seve SeNeserver Litware uses a third-party email system. Cloud Infrastructure Litware recently purchased Mioosoft 365 subscription lcenses for all users. Microsoft Azure Active Directory (Azure AD) Connecti installed and uses the default authentication settings, User accounts are not yet synced to ‘aue AD. You have the Microsoft 365 users and groups shown in the following table ‘name [abjecttype[ bescrption ‘Group'i | secur group | group fr testing Azure and ierosof 35 funcionay seri | Veer ‘lest sor who isa member of Group User | User ‘Rost usr who sa membor of Group Users | User ‘Atast usar who is membar of Groups sera | User [an admintrtor Guest | cues urar ‘guest ser Planned Changes Latware plans to implement the following changes: Migrate the ema system to Microsoft Exchange Online Implement Azure AD Privileged Identity Management Security Requirements ~ Litware identities the following security requirements: Create & group named Group? that will include ll the Azure AD user accounts, Group? willbe used to provide imited access to Windows. Analytios Create & group named Group3 that willbe used to apply Azure Informatio Protection polices to pilot users. Group3 must only contain user accounts Use Azure Advanced Threat Protection (ATP) to detect any security threats that target the forest Prevent users locked out of Actve Directory from signing nto Azure AD and Active Directory Implement a permanent eligible assignment ofthe Complance administrator role for User? Integrate Windows Defender and Windows Defender ATP on domainjoined serversPrevent access to Azure resources forthe guest user accounts by default, Ensure that all domaijoined computers are registered to Azure AD Multbfactor authentication (MFA) Requirements Security features of Microsoft Office 365 and Azur wl be tested by using pilot Azure user accounts. You identity the folowing requirements for testing MFA. Pilot users must use MFA unless they are signing in fom the internal network ofthe Chicago office. ‘must NOT be used onthe Chicago office internal network If an authentication attempt is suspicious, MFA must be used, regardless ofthe user location Any disruption of legitimate authentication attempts must be minimized General Requirements - Litwace wants to minimize the deployment of addtional servers and services inthe Activ Directory forest Question You need to implement Windows Defender ATP to meet the security requirements, What should you do? ‘A. Configure port miroring 8. Create the ForceDefenderPassiveModeregisty setting ©. Download and install he Microsoft Monitoring Agent Run WindowsDefenderATPOnboardingScript.cmd Correct Anewer: © Topic 10 - Testlet 6Introductory info overview - ‘Contos, Ltd. is & consulting company that has a main office in Montreal and thre branch offices in Seattle, and New York ‘The company has the offices shown inthe following table Tecation ‘Employees | Laptops Desktops ‘Mobile devices ‘compaters ‘Montreal 7300 700) 300 310 ‘Seat 1000) 1100) 200) 1,300 New Yor 300 30 30 200. CContoso has 17, human resources (HR), legal, marketing, and finance departments. Contoso uses Microsoft 365, Existing Environment Infestrcture The network contains an Active Directory domain named contoso.com thats synced toa Microsoft Azure Active Diectory (Azure AD) tenant Password witeback is enabled ‘The damn contains servers that run Windows Server 2016. The domain contains laptops and desktop computer that run Windows 10 Enterprise. ch client computer has a single volume. Each ofce connects tothe Interne by using a NAT device. Th ofices have the IP addresses shown inthe fllowing table. Location TP address space | Public NAT segment ‘Montreal 10.100.0116 190.15.1.0/24 Seattle 172.16.0.0/16 194.252.0724 ‘New York 192.168.0018 | 198.353.0004 famed locations are defined in Azure AD as shown inthe following table TP address range | Trusted 10.10.0,076 Yes 192.168.0016 | No From the MultiFactor Authentication page, an aderess space of 198.35.3.0/24 i defined in the trusted IPs list ‘Azure Mult-Factor Authentication (MEA) is enabled forthe users in the finance department, The tenant contains the uses shown inte following table Name] User type | City Role ‘User! | Member | Seattle | None ‘User? | Member | Sea Paseword administrator Users | Member | SEATILE [None Users | Guest SEA ‘None Users | Member | Londoa | None. Users | Member | Londoa | Customer LookBox Acces Approver oer! | Member | Sydney | Reports reader ‘User8 | Member | Sydney | User administrator User) | Member | Montreal | None he tenant contains the groups shown inthe following abl. ‘Name Group type __[Dynamicmembership rule ‘ADGroupi Security user.city- contains “SEA” ADGroup2 Office 365 [user.city-match “Sea*” ‘customer Lockbox is enabled in Microsoft 365. Microsoft Intune Configuration ‘The devices envlled in Inune are configured as shown in the following table ‘Name | Platform Encryption | Member of Device! | Android Disabled GroupA, Groupe Devieed | Windows 10 | Enabled ‘GroupB, Groupe ‘Device! | Android Disabled ‘Group, Groupe ‘Device | Windows 10 | Disabled Groupe Devices [108 ‘Not applicable | GroupA Devices | Windows 10 | Enabled NoweThe device compliance policies in Intune are configured as shown inthe following table Name Platform Eacnpiion Aesgned DevieePalicyh Android Net configured Yee DevicePolicy? Windows 10 ‘Requred Yee DeviesPoliey3 Android Required Yes ‘The device compliance policies have the assignments shown inthe following table Name. Tnctade Fxcade DevicePalies] GrovgC None DevicePolicy2 ‘GrovgB Grow DevieeDalien3 GroupA ‘None The Mark devices with no compliance policy assigned as setting Is set to Compliant, Requirements ~ Technical Requirements CContosa identifies the following techrical requirements: Use the principle of least privilege Enable User to assign the Reports reader role to users Ensure that User6 approves Customer Lockbox requests as quickly as possible Ensure that User9 can implement Azure AD Privileged Identity Management Question HoTsPoT You ate evaluating which devices are compliant in Intune For each of the following statements, select Yes f he statements true. Otherwise, select No NOTE: Each correct selection is worth one point Hot re: Answer Area Statements Yes No Device? is compliant. ° ° Devices is compliant. 3 O° Device6 is compliant Oo O° Answer Area Statements Yes No Gamect ANNE: Device? is compliant @ [o DeviceS is compliant. oO 6] Devices is compliant. d) O°Introductory info overview - ‘Contos, Ltd. is & consulting company that has a main office in Montreal and thre branch offices in Seattle, and New York ‘The company has the offices shown inthe following table, Teocation ‘Employees | Laptops Desktops ‘Mobile devices ‘compaters ‘Montreal 7300 700) 300 310 ‘Seat 1000) 1100) 200) 1,300 New Yor 300 30 30 200. CContoso has 17, human resources (HR), legal marketing, and finance departments. Contoso uses Microsoft 365, Existing Environment Infestrcture The network contains an Active Directory domain named contoso.com thats synced toa Microsoft Azure Active Diectory (Azure AD) tenant Password witeback is enabled ‘The domain contains servers that un Windows Server 2016. The domain contains laptops and desktop computer that run Windows 10 Enterprise. ch client computer has a single volume. Each ofce connects tothe Interne by using a NAT device. The ofices have the IP addresses shown inthe fllowing table. Location TP address space | Public NAT segment ‘Montreal 10.100.0116 190.15.1.0/24 Seattle 172.16.0.0/16 194.252.0724 ‘New York 192.168.0018 | 198.353.0004 famed locations are defined in Azure AD as shown inthe following table. TP address range | Trusted 10.10.0,076 Yes 192.168.0016 | No From the MultiFactor Authentication page, an adoress space of 198.35.3.0/24 is defined in the trusted IPs ist, ‘Azure Mult-Factor Authentication (MEA) is enabled forthe users in the finance department, ‘The tenant contains the users shown inte following able Name] User type | City Role ‘User! | Member | Seattle | None ‘User? | Member | Sea Paseword administrator Users | Member | SEATILE [None Users | Guest SEA ‘None Users | Member | Londoa | None. Users | Member | Londoa | Customer LookBox Acces Approver oer! | Member | Sydney | Reports reader ‘User8 | Member | Sydney | User administrator User) | Member | Montreal | None he tenant contains the groups shown inthe following abl. ‘Name Group type __[Dynamicmembership rule ‘ADGroupi Security user.city- contains “SEA” ADGroup2 Office 365 [user.city-match “Sea*” ustomer Lockbox is enabled in Microsoft 365. Microsoft Intune Coniguation ‘The devices envlled in Inune are configured as shown in the following table ‘Name | Platform Encryption | Member of Device! | Android Disabled GroupA, Groupe Devieed | Windows 10 | Enabled ‘GroupB, Groupe ‘Device! | Android Disabled ‘Group, Groupe ‘Device | Windows 10 | Disabled Groupe Devices [108 ‘Not applicable | GroupA Devices | Windows 10 | Enabled NoweThe device compliance policies in Intune are configured as shown inthe following table Name Platform Eacnpiion Aesgned DevieePalicyt Android Net configured Yes DevicePolicy? Windows 10 ‘Requred Yee DeviesPoliey3 Android Required Yes ‘The device compliance policies have the assignments shown inthe following table Name. Tnctade Fxcade DevicePalies] GrovgC None DevicePolicy2 GrovpB, Grow DevieeDalien3 GroupA ‘None The Mark devices with no compliance policy assigned as setting i Set to Compliant, Requirements ~ Technical Requirements CContoso identifies the following techrical requirements: Use the principle of leas privilege Enable User to assign the Reports reader role to users Ensure that User6 approves Customer Lockbox requests as quickly as possible Ensure that User9 can implement Azure AD Privileged Identity Management Question HOTSPOT Which policies apply to which devices? To answer, select the appropriate options inthe answer area NOTE: Each correct selection is worth one pont Hot ares: ‘Answer Area DevicePolicy!: [None loeicesony —SSCSC~*Y Devic? and Device only Devicet and Device} ony Device, Devie2, and DevceS DevicePolicy2: [None Deviced only [Device2 and Devices only Device2, Device3, and Device 4 only DevicePolicy!: [None loeceiony ~—SOSCSC~CS*~‘“‘=~=~<“ Phishing email messages must be quarantined ifthe messages are sent from a spoofed domain. ‘> As many phishing emall messages as possible mus be ldentiied ‘The solution must apply tothe current SMTP domain names and any domain names added later. To complete this task, sign into the Microsoft 365 admin center, Correct Answer: See explanation below. 1. After signing in tothe Microsoft 365 admin center, select Secutty, Threat Managemen, Policy, then ATP Antphishing 2 Select Default Policy to refine it 3. Inthe Impersonation section, select Edt 4. Goto Add domains to protect and select the toggle to automatically include the domains you own, 5. Go to Actions, open the dropdown If emails sent by an impersonated user, and choose the Quarantine message action, ‘Open the érop-dowa If emails sent by an impersonated domain and choose the Quarantine message action. 6. Select Tum on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters, Select Save, 7. Select Malls inteligence and very that its tured on. This allows your emallto be more efclent by learning usage patterns 8. Choose Add trusted senders and domains. Here you can add email adresses or domains that should’ be classified as en impersonation. 9. Choose Review your settings, make sure everthing is correct, select Save, then Close Reference: bitpst/supportoffce.comyer-us/article/protect-against-phishing-attempis.i-microsof-366-86c475e1-1686-4302-9151 {71 76cce42c8IDOEAABAAATry it hitpsifdocs microsoft com/enus/microsoft365/security/ofie-365-securty/setup-ant phishing policies iew=0365-worldwidesexample- antrphishingpolieyo- protect a~user-and-a-domain ‘An aéminitator plans to deploy several Azure Advanced Threat Protection (ATP) sensors You need to provide the administrator with the Azure information required to deploy the sensors. What information should you provide? ‘Aan Azure Active Ditectoy Authentication Library (ADAL) token 8 the public key the access key the URL ofthe Azure ATP admin center Correct Answer: D Reference: hitpsifdoes.mlerosoft.com/en.us/azureadvanced threat protection/workspaceportalSIMULATION You need to implement a solution to manage when users select Inks in documents or emall messages from Microsoft Office 365 ProPlus applications or Android devices, The solution must meet the following requirements > Black aecess to domain name fabrkam.com -» tore information when the users select links to fabrikam.com To complete this task, sign into the Microsoft 365 portal Correct Answer: See explanation below. ‘You need to configute a Safe Links policy 1.60 tothe Office 365 Security & Compliance admin center. 2. Navigate to Threat Management » Policy > Safe Links 3. Inthe Policies that apply tothe entre organization section, select Defeul, and then cick the Et con 4. nthe Block the following URLs section, type in *fabrkam. com. This meets the first requirement nthe question 5 Inthe Settings that apply to content except eral section, untick the checkbox labelled Do not track when users click safe inks. This meets the second requirement nthe question. 6, Click Save to save the changes, Reference: btpsfdoes.microsoft.com/en-us/microsof-365/security/offie-365-securiy/setup-lp-safelinks-policiesview=0365-worldwide SIMULATION You need to configure your organization to automatically quarantine all phishing emall messages, To complet this task, sign into the Microsoft 365 portal Correct Answer: See explanation below. You need to edit the Ant: Phishing policy. Go to the Offce 365 Secuty & Compliance admin centr. Navigate to Threat Management > Policy > ATP Ant+Phishing Click on Default Policy. Inthe Impersonation section, click Et Go tothe Actions section In theif emails sent by an impersonated user: bo, select Quarantine the message from the drop-down list Inthe i emails sent by an impersonated domain box, select Quarantine the message from the crop-dow ist, Glick Save to save the changes, Click Close to close the antiphishing pole window,Question #11 opie SIMULATION You need to ensure that auser named Allan Deyoung can perform searches and place holds on mallboxes, SharePoint Online sits, and OneDrive for Business locations, The solution must use the principle of least privilege. To complete this task, sign into the Microsoft 365 admin center Correct Answer: See explanation below. 1. Ate signing int the Microsoft 365 admin center, navigate to the Security & Compliance Center 2. Inthe eft pane ofthe security and compliance center, select Permissions, and then select the checkbox next to eDiscovery Manager. 3. On the eDiscovery Manager flyout page, do one of the following based on the eDiscovery permissions that you want to assign. ‘To make a user an eDiscovery Manager Next to eDiscovery Manager, select Edin the Choose eDiscovery Manager section, select the Choose eDiscovery Manager hyperlink and then select + Add Select the user (r users) you want to add as an eDiscovery manager, and then select ‘Ads, When you'r fished adding users, select Done. Then onthe Eting Choose eDiscovery Manager yout page, select Save to save the changes tothe eDiscovery Manager membership. Reference: btpslfdoes.microsoft.com/en-us/microsof-365/compliance/assigr-ediscoveryprmissions?view=o36S-wotldwide SIMULATION You need to ensure that @user named Allan Deyoung receives incident ports when ems messages that contain data covered by the UK. Data Protection Act are sent outside of your organization. To complete this task, sgn into the Microsoft 365 admin center Correct Answer: See explanation below. 1. Inthe Secutty& Compliance Center > left navigation > Data lose prevention > Poley>+ Create a policy 2. Choose the U.K. Data Protection Act template > Nex. 3. Name the policy > Nex. 4, Chaose ll locations in fice 265 >Next. 5. Atte fist Policy Settings step ust accept the defauts, 6. After clicking Nex, youll be presented with an addtional Policy Settings page Deselect the Show policy tips 1 users and send them an email notification option Select the Detect when content thats being shared contains option and configure the number instances to be 10. ‘Select the Send incident reports in email option, Select the Choose what to include in the report and who receves it ink o add Allan Deyoung as a reciplent, 7.> Next £. Select the option te tun onthe pale ight away > Nex. 4. Clik Create to finish creating the policy. Reference: htps:ifdocs.mierosoft.com/en-us/microsoft-365/compliance/create-test‘une-dppoleyview=0365-worldwide tps:/docs.microsofl.comyen- us/microsoft365/complince/éata-oss-preventionpoicies?view=0965-worldwide hitps//docs microsoft. com/en-us/microsott- 365/compliance/what-the-p-polcytemplates-include?view=0365-worldwideSIMULATION You need to ensure that a global administrators notified when a document that contains U.S, Health Insurance Portability and Accountabliy Act (HIPAA) dat is identified in your Microsoft 365 tenant To complete this task, sgn into the Microsoft Office 365 admin center Correct Answer: See explanation below. 1. Inthe Security & Compliance Center» left navigation » Data loss prevention» Policy >+ Create a policy. 2. Choose the U.S, Health Insurance Portability and Accountability Act (HIPAA) template > Next. 8. Name the policy > Nex. 4, Choose All locations in Office 365 >Next. 5. Atthe first Policy Settings step ust accept the defauts, 6. After licking Nex, youll be presented with an additional Policy Setings page = Deselect the Show poliy tips to users and send them an emall notification option. “Select the Detect when content that’s being shared contain option, and decrease the number of instances to 1 © Select the Send incident reports in email option 7.3 Next £. Select the option totum onthe policy ight away > Nex. 9. lick Create to fish creating the policy. References apsfdocs.mierosoft.com/en-us/microsoft-365/compiance/createesttune-lppolcyie us/microsoft365/compliance/éata-oss-preventionpoicies?view=0865-worldwide hips1/docs microsoft. comven-us/microsott- 365/compliance/what-the-p-palcy-templates-include?view=0265-worldwide 6S-worldwide tps:/docs.microsoft.comyen- Auestion #14 SIMULATION You discover that Microsoft SharePoint contents shared with users from muttipe domsins. You need to allow sharing invitations tobe sent ony to users in an email domain named contoso.com, To complet this task, sign into the Microsoft 365 portal Correct Answer: See explanation below. You need to configure the Sharing options inthe SharePoint admin center. Go tothe SharePoint admin Center Navigate to Policies > Sharing Inthe External Sharing section, click on More external sharing settings, Tick the Limit external sharing by domain checkbox. Glick the Add domains button, Select the Allow ony specific comains option and type in the domain contoso.com, Click Save to save the changes. Manage governance and compliance features in Microsoft 365SIMULATION You need to ensure that all the email messages inthe mailox of a user named Allan Deyoung are retained fora period of 90 days, even the messages are deleted. To complete this task, sign into the Microsoft 365 admin center Correct Answer: See explanation below. 1. Navigate tothe Exchange Admin Center 2 Navigate to Compliance management > Retention tag, and then elik Add + 2. Select the Applied automaticaly to entre mailbox (default) option. 4, The New retention tag page tle and options wil vary depending onthe type of tag you selected, Complete the following feds Name: Enter a name fr the retention tag Retention action: Select Delete and Allow Recovery option. Retention period: Select When the item reaches the following age (in days) option ‘Comment: User this optional field to enter any administrative notes or comments. The feld isn't displayed to users. 5. Navigate to Compliance management > Retention policies, and then click Add + 6. InNew Retention Policy, complete the following fields: Name: Enter a name forthe retention policy Retention tags: Click Add +to select the tags you want to add to this retention policy. ‘Alter you create a retention policy, you must apey it 1. Navigate to Recipients > Mailboxes. 2. Inthe list view, select the mailbox to which you want to apply he retention policy, and then click Edt. 3. InUser Malibox, click Mallbox features. 4. Inthe Retention policy lst, select the policy you want to apply to the mailbox, and then cick Save Reference: upsfdocs.mierosoft.com/enus/exchange/securty-and-compliance/messaging records management/ceate-avetemtion polcy#step-apply- etention-polioyo- malbox-usershtip:/docs. microsoft.com/en-us/exchange/securty-and-compliance/messaging records: management/applyretention policySIMULATION You need to create a retention policy that contains a data label. The policy must delete all Microsoft Ofce 365 content that is oder than six months To complete this task, sign into the Microsoft 365 admin center Correct Answer: See explanation below. Creating fice 356 labels is & two-step process. The fist step i to create the actual label which includes the name, description, retention palicy, and classifying the content as a record, Once this ls completed, the second step requites the deployment ofa label using 2 labeling policy which specifies the specific location to publish and applying the label automatically To create an Office 365 label, following these steps: 1. Open Security and Compliance Centre; 2. Glick on Classifications; 3-Click on Labels; 4. The label will requice configuration inclucing: name your label (Name), adda description forthe admins (Description for Admins), add a description forthe users (Description for Users); 5. Olick Next once the configuration is completed, 6. lick Label Settings onthe lt-hand side menu 7. The Label Settings will need to be configured. On this sreen, you can tagle the Retention switch to elther “enor “oft. W you choose “on, then you can answer the question "When ths label is applied to content” with oe of two options. The first option isto Retain the Content. From the pick boxes, you can choose the length of retention and upon the end ofthe retention, the action that wl take place. The tree actions are to delete the data, trigger an approval low for review, or nothing can be actioned. The second option is to not retain the data ater a specified amount of ime or based on the age ofthe data; and 8. The label has now been created To create a label policy, follow these steps: 1. Open Security and Compliance Centre; 2. lick on Date Governance, Retention 4. Choose Label Policies box at the top ofthe screen; and 4. There are now two options. The first sto Publish Labels. If your organization wants its end users to apply the abel manually, then this s the option you would choose. Note that this is laation based. The second option i to Auto-apply Labels, With Auto-appy, you Would have the ability to automatically apply a label when it meets the specified criteria References hups:www.naadaran.com/offcea65-cassifcatlon and-etentionabels/ You have a Microsoft 266 subscription. You create a supenision policy named Policy, and you designate a user named User asthe reviewer. What should Usert use to view supervised communications? ‘A.ateam in Microsoft Teams 8 the Security & Compliance admin center ©. Outlook onthe web D. the Exchange admin center Comeet Answer: 5 Reference: htpsifdoes.mierosoft.com/en.us/microsoft366/compliance/supervisior-palicies?view=0365-worldwideduestion #18 You have a Mlerasoft 266 subscription. Your company uses Jamf Proto manage mac0S devices. You plan to create device compliance policies forthe macOS devices based onthe Jamf Pro data, You need to connect Microsoft Endpoint Manager to Jam Pro, What should you do fist? ‘A From the Azute Active Directory admin center, add a Mobility (MDM and MAM) apolcation. 8B. From the Endpoint Management admin center, add the Mobile Threat Defense connector .From the Endpoint Management admin center, configure Partner device management 1. From the Azure Active Directory admin center, register an application. Correct Answer: D Reference: btpstfdoes.mierosoft.com/en-us/mem/intune/prtect/condtionakaccess-integratejamt Question #19 opie 13 SIMULATION You need to ensure that administrators can publish a label that adds a footer to emall messages and documents To complete this task, sign into the Microsoft Office 266 portal. Correct Answer: See explanation below. You need to configure a Sensitivity abe. Goto the Secuity & Compliance Admin Center. Navigate to Classification > Sensitivity labels. Click on + Create a label to create anew label Give the label a name and description then click Next. Leave the Encryption option as None and click Next. ‘On the Content Marking page, tick the checkbox Add a footer, Click the Customize Text link and add the footer tort an click Save (for the question, it doesnt matter what text you ad} Glick Next 9. Leave the Autolabeling for Office apps off and click Next. 10-Click the Submit button to save your changes. 11.The label is now ready tobe published, Click the Done button to ext the page and create the labelSIMULATION You plan to publish label that wll retain documents in Microsoft OneDrive for two year, and then automatically delete the documents You need to create the label To complete this task, sgn into the Microsoft Office 365 porta. Correct Answer: See explanation below. ‘You need to create a retention label Go tothe Secutty & Compliance Admin Centr. Navigate to Classification > Retention labels Glick on Create a label to create anew label Give the abel a name and click Next On the File plan descriptors, leave all options empty. The options inthis page are sed for auo-appying the retention label. Click Next. ‘Tum the Retention switch to On Under Retain the content, set the peiod to 2 years. Under What do you want todo after this time? select the Delete the content automaticaly option, Click Next 0.Clik the Create this label button to create the label. The label is now ready tobe published to Microsoft Onebrve. Question #21 SIMULATION You plen to adda fle named ConfidentalHR.docx o @ Microsoft SharePoint library. You need to ensure that ¢ user named Megan Bowen is notified when another user accesses Confidential lex. To complet this task, sign into the Microsoft 365 portal Correct Answer: See explanation below. You need to configure an alert policy, 1. Goto the Security & Compliance Admin Center 2. Navigate to Alerts » Alert Policies, 3. lick on + Nev alert policy to create anew policy 4. ive the policy a name and select a severity level. For example: Medium, 5. Inthe Category section, select information Governance and click Next 6. Inthe Select an activity section, select Any file or folder activity. 7.Click Add 2 condition and select Fle name. 8. Typein the filename ConfidentialHR xlsx and click Next, 8. Inthe email recipients section, add Megan Bowen and click Nex 10.Glioe Finish to create the alert policy.SIMULATION You need to create a policy that identifies conten in Microsoft OneDrve that contains credit card numbers To complete this task, sign into the Microsoft 365 portal Correct Answer: See explanation below. ‘You need to configure autolabeling in simulation’ mode. Inthe policy, you can select te “Credit Card’ sensitiv info type. 1. Inthe Microsoft 365 compliance center, navigate to sensitivity labels Solutions >Infrmation protection 2 Select the Autodabeling (preview) tab 3. Select + Create policy 4.For the page Choose info you want ths label appli to: Select one ofthe templates, such as Financial or Privacy. You can caine your search by using the Show options for dropdown. Or, select Custom policy the templates don't meet your requirements. Select Nest 5. For the page Name your aute-labeling policy: Provide a unique name, and optionally @ description to help identity the automatically applied label, locations, and coeitions that identify the content to label 6. For the page Choose locations where you want to apply the label: Select OneDrive. Then select Next. 7. For the Define policy settings page: Keep the default of Find content that contains to define rules that identify content to label across all our selected locations. The ules use conditions that include sense information types and sharing options. For sensitive information types, you can select both bultin and custom sensitive information types, 8. Then select Next 4. For the Setup rules to define what contents labeled page: Select + Create ule and then select Next 10.0n the Create rule page, name and define your ul, using sensitive information types and then select Save T1.liek Nox. 12Forthe Choose a abel to auto-apply page: Select + Choose a label, select a abel fom the Choose a sensitvty label pan, and then select Next 18.For the Decide if you want to run policy simulation now o later page: Select Run policy in simulation mode i youre ready to run the auto- labeling policy now in simulation mode. Otherwise select Leave policy tuned of. Select Net. 114For the Summary page: Review the configuration of your autodabeling policy and make any changes thal needed, and complete the wizard Reference: hitpsifdoes microsoft. com/en-us/microsot-#65/compliance/applysensitivit abel automaticaly view=0365-workiwideSIMULATION Your company plans to merge wit another company. ‘Auser named Debra Berger is an executive at your company You need to provide Debra Berger with all the emall content of a user named Alex Wilber that contain the word merger. To complete this task, sign into the Microsoft 365 portal Correct Answer: See explanation below. You need toruna content search then export the results ofthe search, Go to the Microsoft 365 Compliance admin center Navigate to Content Search under the Solutions section in the left navigation pane Click on + New Search to create a new search Inthe Keywords box type in “merger Inthe Locations section, select Specific locations then click the Modify lnk Click onthe Choose users, groups or teams link ‘Type Alex Wilber inthe search field the select his account from the search results. 8. Click the Choose button toad the user then click Done, 9. Clik Save to cose the locations pane 10.Glick Save & run to run the search 11.The next step isto export the results, Select the search then under Export results to a computer, click Start export 12.0n the Expor the search results page, under Output option, select Al tems. 18.Under Export Exchange content as, select One PST file fr each mailbox. 14.Clickon Start export, When the export has finished, there willbe an option to download the exported PST fe, Reference: hitpsifdoes microsoft. com/enus/microsoft365/complance/content-searchview=0365.worldwide Mtips:/dacs microsoft com/en- us/microsoft365/compliance/export-search-esults?view=036S-wordwide Question #24 You have an Azute Sentinel workspace You need to manage incidents based on alerts generated by Microsoft Cloud App Secu. What should you do first? |A.From the Cloud App Security admin center, configure security extensions. 8. From the Cloud App Security admin center, configute app connectors . From the Cloud App Security admin center, configure log collectors, From the Microsoft 265 compliance center, add and configure a data connector. Correct Answer: A Reference: btpsfdocs.mlerosoft.com/en-us/cloudapp-secutty/siemsentinelYou have an Azure Sentinel workspace that has an Azure Active Directory (Azure AD) connector and a Microsoft Office 365 connector. You need to assign builtin ole-based access contol (RBAC) roles to achieve the following tasks: ‘= Create and run playbook. ‘Manage incidents ‘The solution must use the principe of least privilege. Which two roles should you assign? Each correct answer presents pat ofthe solution NOTE: Each correct selection i worth one pont |. Automation Operator 8. A2ue Setine responder €. Automation Runbook Operator 0, Azure Sentinel contributor E. Logie App contributor Correct Answer: DE Reference: tpsffdoes.mierosoft.com/en-us/azure/sentineioles Implement end manage information protection You have a Microsoft 366 subscription You have a Data Subject Request (0SR) case named Caset You need to ensure that Case1 includes al the emal posted by the data subject tothe Microsoft Exchange Online public folders Which aditional property shoul you include inthe Content Search query? A.kindextemaldata 8. itemclassipm.exteraldata .temelassipm.post .kind:emall Correct Answer: C Reference: hntpsifdoes.mierosoft.com/en-us/microsoft-365/compliance/manage-gdpr-datasubjectequests-with-he-ds-casetoolview=0365-worlwide