M365 Enterprise Admin Expert: MS- 100 Identity and Services

¡Supera tus tareas y exámenes ahora con Quizwiz!

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionWhich migration solution should you recommend for Project1? A. From Exchange Online PowerShell, run the New-MailboxImportRequest cmdlet. B. From Exchange Online PowerShell, run the New-MailboxExportRequest cmdlet. C. From Exchange admin center, start the migration and select Remote move migration. D. From the Exchange admin center, start the migration and select Cutover migration.

C. From Exchange admin center, start the migration and select Remote move migration.

https://gyazo.com/95f9ec2c95086e466a4eb0296e508432

B. No

https://gyazo.com/a0bad0a941a9d0f6b1f4e8def25dc570

B. No

https://gyazo.com/f718b02b5745dce69da1c080c10d71af

B. No

https://gyazo.com/f51cf9b52d1647d42a9b2e8be6d9de6d

A. 1

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionWhich migration solution should you recommend for Project1? A. From the Microsoft 365 admin center, start a data migration and click Exchange as the data service. B. From the Exchange admin center, start a migration and select Cutover migration. C. From the Exchange admin center, start a migration and select Staged migration. D. From the Microsoft 365 admin center, start a data migration and click Upload PST as the data service.

A. From the Microsoft 365 admin center, start a data migration and click Exchange as the data service.

https://gyazo.com/20c620ee66e1fb633e14828d99d34afa

A. Group1, User1, and User2

https://gyazo.com/f1fb90d8b1951c2cf976dba4d49fb83c

A. User1

https://gyazo.com/d5751d7d9be31cd20b0b377a77313e59

A. Yes

https://gyazo.com/bd03468a815c244805d1d9cd4d119e5d

C. Modify the External collaboration settings.

You have a Microsoft 365 subscription that contains a user named User1.You need to ensure that User1 receives Microsoft 365 feature and service updates before the updates are released to all users.What should you do in the Microsoft 365 admin center? A. Modify the privileged access management settings. B. Modify Office software download settings. C. Modify the Release preferences settings. D. Submit a new service request.

C. Modify the Release preferences settings.

Your network contains an Active Directory forest named contoso.local.You purchase a Microsoft 365 subscription.You plan to move to Microsoft 365 and to implement a hybrid deployment solution for the next 12 months.You need to prepare for the planned move to Microsoft 365.What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer. A. Purchase a third-party X.509 certificate. B. Rename the Active Directory forest. C. Purchase a custom domain name. D. Create an external forest trust.

C. Purchase a custom domain name.

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionWhich role should you assign to User1? A. Security Administrator B. Records Management C. Security Reader D. Hygiene Management

C. Security Reader

You have recently created a Microsoft 365 subscription.You have prepared an XML file for the upcoming Microsoft Office 365 ProPlus deployment.The Channel attribute for the OfficeClientEdition attribute is set to Broad, while the Channel attribute for the Updates element is set to Targeted.Which of the following the following is the frequency with which the installation of Office 365 ProPlus feature updates will occur? A. Weekly. B. Monthly C. Six monthly D. Annually

C. Six monthly

https://gyazo.com/c325d80adff7c54e13195d7b4a0309d2

B. Deploy one Application Proxy connector.

https://gyazo.com/aebe95d5b4ade889ec796f9b79f30d5d

B. Server3

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -General Overview -Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.Litware collaborates with a third-party company named ADatum Corporation.Environment -On-Premises Environment -The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins,Montreal Users, and Seattle Users and the users shown in the following table. https://gyazo.com/425fff92abdbcc6f2121efc9df73add5 Cloud environment -Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.The subscription contains a verified DNS domain named litware.com.Azure AD Connect is installed and has the following configurations:Password hash synchronization is enabled.Synchronization is enabled for the LitwareAdmins OU only.Users are assigned the roles shown in the following table. https://gyazo.com/a2a25079631079702c42f8487d8d2756 Requirements -Planned Changes -Litware identifies the following issues:Admin1 cannot create conditional access policies.Admin4 receives an error when attempting to use SSPR.Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.Technical Requirements -Litware plans to implement the following changes:Implement Microsoft Intune.Implement Microsoft Teams.Implement Microsoft Defender for Office 365.Ensure that users can install Office 365 apps on their device.Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.QuestionYou need to configure just in time access to meet the technical requirements.What should you use? A. access reviews B. entitlement management C. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) D. Azure Active Directory (Azure AD) Identity Protection

C. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

You have a Microsoft 365 Enterprise E5 subscription.You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.What should you do? A. Create an activity policy. B. Create a new app registration. C. Create a conditional access policy. D. Create a session policy.

C. Create a conditional access policy.

https://gyazo.com/ea39edd244c26300b8da377dedb71614

C. Global administrator

https://gyazo.com/c49eda7ca4a66b5564ec23bdb64e25fe

C. only Contoso1919.onmicrosoft.com, Sub1.Contoso1919.onmicrosoft.com, and Sub2.Contoso1919.onmicrosoft.com

https://gyazo.com/b99b881425d6bb1865e0dd6d1ea23356

Correct Answer: See explanation below.You need to configure the Password Expiration Policy.1. Sign in to the Microsoft 365 Admin Center.2. In the left navigation pane, expand the Settings section then select the Settings option.3. Click on Security and Privacy.4. Select the Password Expiration Policy.5. Ensure that the checkbox labelled ג€Set user passwords to expire after a number of daysג€ is ticked.6. Enter 180 in the ג€Days before passwords expireג€ field.7. Click the ג€˜Save changesג€™ button.

https://gyazo.com/b7dfbd9359813ae6bd516f7ef6c0e3b0

Correct Answer: See explanation below.You need to create a SharePoint site and configure the sharing settings.1. Go to the SharePoint Admin Center.2. In the left navigation pane, expand Sites then select ג€˜Active Sitesג€™.3. Click on the ג€˜+ Createג€™ link to add a new site.4. Select ג€˜Other Optionsג€™ then ג€˜Team Siteג€™ for the template.5. Give the site the name ג€˜Project1ג€™.6. In the ג€˜Primary Administratorג€™ field, start typing ג€˜adminג€™ then select the [email protected] account when it appears.7. Click Finish to create the site.8. In the Active Sites list, select the Project1 site.9. Click the Sharing link at the top of the sites list.10. Under ג€˜External Sharingג€™, select ג€˜Anyoneג€™.11. Click Save to save the changes.

https://gyazo.com/4c7d0e241331e028a225f0b1d003e0c8

Correct Answer: See explanation below.You need to enable Multi-Factor Authentication for Lynne Robbins.1. Sign in to the Microsoft 365 Admin Center.2. In the left navigation pane, expand the Users section and select Active Users.3. Click the ג€˜Multi-factor authenticationג€™ link.4. Select Lynne Robbins.5. In the right navigation pane, select the ג€˜Enableג€™ link to enable MFA for the account.6. Confirm the setting by clicking the ג€˜Enable multi-factor authenticationג€™ button.7. Click the Close button to close the confirmation window.

https://gyazo.com/7e28181d81287690dab08380e656421e

D. Admins and users in the guest inviter role can invite.

You have a Microsoft 365 subscription.Your company purchases a new financial application named App1.From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that many applications have a low score because they are missing information about domain registration and consumer popularity.You need to prevent the missing information from affecting the score.What should you configure from the Cloud Discover settings? A. App tags B. Score metrics C. Organization details D. Default behavior

B. Score metrics

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/343719e3e54e820cd315dda94705bb5d Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/4279e580225208a153c786a78c9c88d6 Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionYou need to meet the security requirement for Group1.What should you do? A. Configure all users to sign in by using multi-factor authentication. B. Modify the properties of Group1. C. Assign Group1 a management role. D. Modify the Password reset properties of the Azure AD tenant.

D. Modify the Password reset properties of the Azure AD tenant.

https://gyazo.com/ded9bf225a3186491c9178f46051aa18

D. Service administrator

https://gyazo.com/590d76ce2623e604be55bba64e95df41

D. User4

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -General Overview -Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.Litware collaborates with a third-party company named ADatum Corporation.Environment -On-Premises Environment -The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins,Montreal Users, and Seattle Users and the users shown in the following table. https://gyazo.com/0cb0fe5468407ee3d800755815608604 Cloud environment -Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.The subscription contains a verified DNS domain named litware.com.Azure AD Connect is installed and has the following configurations:Password hash synchronization is enabled.Synchronization is enabled for the LitwareAdmins OU only.Users are assigned the roles shown in the following table. https://gyazo.com/c54a18f4b082c1afe1bfe15052d4b408 Requirements -Planned Changes -Litware identifies the following issues:Admin1 cannot create conditional access policies.Admin4 receives an error when attempting to use SSPR.Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.Technical Requirements -Litware plans to implement the following changes:Implement Microsoft Intune.Implement Microsoft Teams.Implement Microsoft Defender for Office 365.Ensure that users can install Office 365 apps on their device.Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.QuestionHOTSPOT -You are evaluating the use of multi-factor authentication (MFA).For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/b33c61ae4ccdf71ee623f6792c49142f

https://gyazo.com/9478a74dcf4dc266135da385914aa8ac

Your company has three main offices and one branch office. The branch office is used for research.The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication.You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office.What should you include in the recommendation? A. Microsoft Azure Active Directory (Azure AD) conditional access. B. Microsoft Azure Active Directory (Azure AD) password protection. C. A Microsoft Endpoint Manager device compliance policy. D. A Microsoft Endpoint Manager device configuration profile.

A. Microsoft Azure Active Directory (Azure AD) conditional access.

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/6c54cc15dafb89ddbc8f15acb82d4f0b Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/0f008224e953af916189b95ddf44b76c Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionNote: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to assign User2 the required roles to meet the security requirements.Solution: From the Office 365 admin center, you assign User2 the Security Reader role. From the Exchange admin center, you assign User2 the ComplianceManagement role.Does this meet the goal? A. Yes B. No

A. Yes

https://gyazo.com/7ee65529643690ba412bc427a7108934

B. one text (TXT) record

https://gyazo.com/6d0dbbb50f67d68b718ffb63595e2b84

B. Message Center reader

https://gyazo.com/32fb665c1a2891de3639188613e76d8d

B. Modify the TXT record.

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionYou are evaluating the required processes for Project1.You need to recommend which DNS record must be created before adding a domain name for the project.Which DNS record should you recommend? A. alias (CNAME) B. text (TXT) C. host (AAAA) D. pointer (PTR)

B. text (TXT)

You have Microsoft 365 tenant that contains a Microsoft Power Platform environment named Environment1 (default). Environment1 contains a MicrosoftDataverse database.In the tenant, you create a user named User1. You assign a Microsoft Power Apps license to User1.Which security role for Environment1 is assigned automatically to User1? A. Environment maker B. System customizer C. Delegate D. Environment admin

A. Environment maker

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/57a4cc31957c949ca53e591c7ce68136 Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/775d12ece9b43a899730789c26022de1 Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionYou need to meet the security requirement for the vendors.What should you do? A. From Azure Cloud Shell, run the Set-MsolUserPrincipalName and specify the ג€"tenantID parameter. B. From Azure Cloud Shell, run the Set-AzureADUserExtension cmdlet. C. Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the ג€"UserPrincipalName parameter. D. From Azure Cloud Shell, run the New-AzureADMSInvitation cmdlet and specify the ג€"InvitedUserEmailAddress parameter.

D. From Azure Cloud Shell, run the New-AzureADMSInvitation cmdlet and specify the ג€"InvitedUserEmailAddress parameter.

https://gyazo.com/98bd08f831cd26eacaec7af63b7f7059

D. From the Microsoft 365 admin center, modify the Services & add-ins settings.

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/e30bd698c76b5b3b293811a2a7ac4edb Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/3865140f31fb543d61b07263bb501f31 Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionYou need to meet the security requirement for the vendors.What should you do? A. From the Azure portal, add an identity provider. B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the ג€"UserPrincipalName parameter. C. From Azure Cloud Shell, run the Set-AzureADUserExtension cmdlet. D. From the Azure portal, create guest accounts.

D. From the Azure portal, create guest accounts.

Your company has 20 employees. Each employee has a mailbox hosted in Outlook.com.The company purchases a Microsoft 365 subscription.You plan to migrate all the mailboxes to Microsoft 365.You need to recommend which type of migration to use for the mailboxes.What should you recommend? A. staged migration B. cutover migration C. minimal hybrid migration D. IMAP migration

D. IMAP migration

https://gyazo.com/ec17a2fce0f182cb6e63fe95d8ef7c63

https://gyazo.com/4b778cae6bd6f7987195da890684621f

https://gyazo.com/822c7959b68aa21cad7c41d6ca1b7943

https://gyazo.com/4cc27dde7ebd8f0b07ba37f01d37c28b

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/66d8198ef4b513cda43d67ed6c195707 Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/26aa682f4a8e92cdd9ede8a8c794224d Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionHOTSPOT -You need to meet the security requirements for User3. The solution must meet the technical requirements.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/2305da2c0fa854856348d8cdbb69f400

https://gyazo.com/c566b74cd8aefb1a39ec384862b3a2ed

https://gyazo.com/0b5c2c98782df985b9f5f33eaf64ea56

A. A. user1, User2, User3, User4, and User5

You have a Microsoft 365 Enterprise subscription.You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device.You need to view which users authenticated by using multi-factor authentication.What should you do? A. From the Microsoft 365 admin center, view the Security & Compliance reports. B. From the Azure Active Directory admin center, view the user sign-ins. C. From the Microsoft 365 admin center, view the Usage reports. D. From the Azure Active Directory admin center, view the audit logs.

B. From the Azure Active Directory admin center, view the user sign-ins.

You have a Microsoft 365 subscription.You plan to enable Microsoft Azure Information Protection.You need to ensure that only the members of a group named PilotUsers can protect content.What should you do? A. Run the Add-AadrmRoleBaseAdministrator cmdlet. B. Create an Azure Information Protection policy. C. Configure the protection activation status for Azure Information Protection. D. Run the Set-AadrmOnboardingControlPolicy cmdlet.

D. Run the Set-AadrmOnboardingControlPolicy cmdlet.

Your network contains two Active Directory forests. Each forest contains two domains.You plan to configure Hybrid Azure AD join for the computers.You create a Microsoft Azure Active Directory (Azure AD) tenant.You need to ensure that the computers can discover the Azure AD tenant.What should you create? A. a new computer account for each computer B. a new service connection point (SCP) for each domain C. a new trust relationship for each forest D. a new service connection point (SCP) for each forest

D. a new service connection point (SCP) for each forest

https://gyazo.com/31257f990534913d1d49d42d240826ea

https://gyazo.com/23dbe9344f7267b568932f41911b469f

https://gyazo.com/4d1cd2a7e41a6ea02deb4f0ace11114a

https://gyazo.com/6e5cb2c499370539df2aa229e9e7ad56

https://gyazo.com/221ef94752c1cafd71bcd00ee26ae57d

B. No

You have recently created a Microsoft 365 subscription.You have prepared an XML file for the upcoming Microsoft Office 365 ProPlus deployment.The Channel attribute for the OfficeClientEdition attribute is set to Broad, while the Channel attribute for the Updates element is set to Targeted.Which of the following the following are the months of the year that security updates will be installed? A. January and July. B. March and September C. June and December D. April and October

B. March and September

Your company has configured all user email to be stored in Microsoft Exchange Online.You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.Solution: You start by creating a spam filter policy via the Security & Compliance admin center.Does the solution meet the goal? A. Yes B. No

B. No

https://gyazo.com/6ad727b1a84cd3caf7b2fdfde6b58142

B. No

https://gyazo.com/74c87aaec20f496d1ff0ae2042e5cd6d

B. No

A user receives the following message when attempting to sign in to https://myapps.microsoft.com:"Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin."Which configuration prevents the users from signing in? A. Security & Compliance supervision policies B. Security & Compliance data loss prevention (DLP) policies C. Microsoft Azure Active Directory (Azure AD) conditional access policies D. Microsoft Azure Active Directory (Azure AD) Identity Protection policies

C. Microsoft Azure Active Directory (Azure AD) conditional access policies

Your company's network contains two Active Directory forests, with two domains configured per forest. All workstations are domain-joined and have Windows 10 installed.You have created a Microsoft Azure Active Directory (Azure AD) tenant in preparation for configuring Hybrid Azure AD join for the workstations.You want to make sure that the tenant can be discovered by the workstations.Which of the following should you create in each forest? A. A migration endpoint. B. A new conditional access policy. C. A new trust relationship. D. A new service connection point (SCP).

D. A new service connection point (SCP).

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -You plan to migrate data from an on-premises email system to your Microsoft 365 tenant.You need to ensure that Debra Berger can import a PST file.

Correct Answer: See explanation below.Debra will need the Mailbox Import Export and Mail Recipients roles to be able to import PST files. These roles cannot be assigned directly to a user account. The way to assign just those two roles to a user is to create a new role group, assign the roles to the role group and add the user as a member.1. Go to the Exchange admin center.2. Select Permissions.3. In the Admin roles section, click the plus (+) sign to create a new role.4. Give the role group a name such as PST Import.5. In the roles section, click the plus (+) sign.6. Select the Mailbox Import Export and Mail Recipients roles and click Add to add the roles.7. In the Members section, click the plus (+) sign.8. Select Debra Berger then click Add then Ok to add Debra as a member of the new role group.9. Click the Save button to save the new role group.

https://gyazo.com/2aa86c9dd93e5183a691323258e85144

Correct Answer: See explanation below.You need to create a group named Managers and add Adele Vance to the group. To ensure that you can grant permissions to the Managers group, the group needs to be a Security Group.1. Sign in to the Microsoft 365 Admin Center.2. In the left navigation pane, expand the Groups section then select Groups.3. Click the ג€˜Add a groupג€™ link.4. For the group type, select Security and click Next.5. Enter ג€˜Managersג€™ in the Name field and click Next.6. Click the ג€˜Create Groupג€™ button to create the Managers group.7. In the list of groups, select the Managers group.8. Click the Members link.9. Click the ג€˜View all and manage members linkג€™.10. Click the ג€˜Add Membersג€™ button.11. Select Adele Vance and click the Save button.12. Click the Close button to close the group page.

Your company has a Microsoft 365 subscription.You need to identify which users performed the following privileged administration tasks:✑ Deleted a folder from the second-stage Recycle Bin if Microsoft SharePoint✑ Opened a mailbox of which the user was not the ownerReset a user password -What should you use? A. Microsoft Azure Active Directory (Azure AD) audit logs B. Microsoft Azure Active Directory (Azure AD) sign-ins C. Security & Compliance content search D. Security & Compliance audit log search

D. Security & Compliance audit log search

https://gyazo.com/5e8ee2abda5369c960915e634712ef8d

https://gyazo.com/87f32b37f8c76f36f79ea7fbfd09127a

https://gyazo.com/7826acface508e05110d7e068c13407f

https://gyazo.com/8ae908c78f0a175f0574b45cd792a643

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/0033a2e04479940afc7e8cd537ba6e73 Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/34e459d801b1774a2a1b69c294c22580 Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionHOTSPOT -You need to meet the technical requirements for the user licenses.Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area.NOTE: Each correct selection is worth one point.Hot Area:

https://gyazo.com/e39529c9a61b95fef24c173e6e3c7b1f

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionYou need to meet the application requirement for App1.Which three actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. From the Azure Active Directory admin center, configure the application URL settings. B. From the Azure Active Directory admin center, add an enterprise application. C. On an on-premises server, download and install the Microsoft AAD Application Proxy connector. D. On an on-premises server, install the Hybrid Configuration wizard. E. From the Microsoft 365 admin center, configure the Software download settings.

A. From the Azure Active Directory admin center, configure the application URL settings. B. From the Azure Active Directory admin center, add an enterprise application. C. On an on-premises server, download and install the Microsoft AAD Application Proxy connector.

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.You add an app named App1 to the enterprise applications in contoso.com.You need to configure self-service app access for App1.What should you do first? A. Assign App1 to users and groups. B. Add an owner to App1. C. Configure the provisioning mode for App1. D. Configure an SSO method for App1.

D. Configure an SSO method for App1.

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user namedUser1.You enable Azure AD Identity Protection.You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.To which role should you add User1? A. Compliance administrator B. Global administrator C. Owner D. Security administrator

D. Security administrator

https://gyazo.com/0b847bd8829f5d098ebca87ac1164217

https://gyazo.com/01b3aa01b02220b88670d2f34e052b70

https://gyazo.com/7cc3f7eee1a87561166f70b98c08fe0e

https://gyazo.com/08915367ea04b154b4b5875dd4630ffd

https://gyazo.com/c77150de671baea586c6a25167e71b0d

https://gyazo.com/2a0a6fbd99647d3feaef86721acaf0de

https://gyazo.com/ac8bd326054c6a0f3aeafb9419f2c9fc

https://gyazo.com/47e88526f36b63beb10e9835aabf812a

https://gyazo.com/7661cde9192ec7d28140f2eb27cff4b8

https://gyazo.com/c4bf84d6025e787d3e29ea73fba2bdfd

Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants.You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users.You need to recommend a solution for the planned directory synchronization.What should you include in the recommendation? A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering. B. Deploy one server that runs Azure AD Connect, and then specify two sync groups. C. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering. D. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using domain-based filtering.

A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.

You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.A temporary employee at your company uses an email address of [email protected] need to ensure that the temporary employee can sign in to contoso.com by using the [email protected] account.What should you do? A. From the Azure Active Directory admin center, create a new user. B. From the Microsoft 365 admin center, create a new contact. C. From the Azure Active Directory admin center, create a new guest user. D. From the Microsoft 365 admin center, create a new user.

C. From the Azure Active Directory admin center, create a new guest user.

Your company has a Microsoft Azure Active Directory (Azure AD) directory tenant named contoso.onmicrosoft.com.All users have client computers that run Windows 10 Pro and are joined to Azure AD.The company purchases a Microsoft 365 E3 subscription.You need to upgrade all the computers to Windows 10 Enterprise. The solution must minimize administrative effort.You assign licenses from the Microsoft 365 admin center.What should you do next? A. Add a custom domain name to the subscription. B. Deploy Windows 10 Enterprise by using Windows Autopilot. C. Create a provisioning package, and then deploy the package to all the computers. D. Instruct all the users to log off of their computer, and then to log in again.

D. Instruct all the users to log off of their computer, and then to log in again.

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionDRAG DROP -You need to prepare the environment for Project1.You create the Microsoft 365 tenant.Which three actions should you perform in sequence next? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place: https://gyazo.com/fe924cd3bd28bda22793fe968c12dfd8

https://gyazo.com/1ebb59a1ac59ce93c94be7d432ab5184

https://gyazo.com/36a62ed4709f6eaa02eb029e3ff842c4

https://gyazo.com/9f2ab0472ffb9e27537ad7d18b67c4d9

https://gyazo.com/f48730d0e3396eda5c8d653528f91436

https://gyazo.com/9f8396437371326d8414237bd9e52be1

https://gyazo.com/e35228a031e0194b50bd5dfb9ce69bb5

https://gyazo.com/a3712bb95747c194fd3f5b353bc06eca

https://gyazo.com/cf5bc27cc44e790177eb6910ab1055c8

https://gyazo.com/a3988424d2c1063b9bc01ea2e53e9f76

https://gyazo.com/80d9862eea7bf0d996abdd8c3f867292

https://gyazo.com/ae8ce4e7a6ef7629b89a986a0ba82d13

https://gyazo.com/a087dbe2bd71f03f54edf4af07a2948e

https://gyazo.com/b2d7f2ec959f097b8a4636690e562c39

https://gyazo.com/4a5dd0ea646b66f18c86b2f5c742271d

https://gyazo.com/c102270c817f9e7c2ce27f3e660da712

https://gyazo.com/28ef0a649098dc2a53e26bf74bf59d82

https://gyazo.com/c2cdba1c502014bf7c5694fd1d64360e

https://gyazo.com/e5670ecd50748e736ac8e64ca15872e3

https://gyazo.com/d27079bf30f4c2f1ac561230356cfbd5

https://gyazo.com/ccdf1c22442a61c2e5ba0fe48e10a2e2

https://gyazo.com/d43506301f650ce9af937383b55c5a53

https://gyazo.com/36b77e1a4adc5bb109a24fcc94d42389

https://gyazo.com/d52a71d629a18bd59d15600cd7b182ea

Your company has a Microsoft Azure Active Directory (Azure AD) tenant with multi-factor authentication enabled.You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON.A tenant user has submitted a fraud alert for his account. After receiving an alert call, the user needs to enter a special code followed by #.Which of the following is default special code? A. 0 B. 9 C. 0000 D. 1234

A. 0

You have a Microsoft 365 Enterprise E5 subscription.You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.What should you do? A. Create a sign-in risk policy. B. Create a new app registration. C. Assign an Enterprise Mobility + Security E5 license to the finance department users. D. Configure the sign-in status for the user accounts of the finance department users.

A. Create a sign-in risk policy.

Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.Solution: You configure the use of pass-through authentication only.Does the solution meet the goal? A. Yes B. No

A. Yes

You have a Microsoft 365 subscription.From the Security & Compliance admin center, you create a content search of all the mailboxes that contain the word ProjectX.You need to export the results of the content search.What do you need to download the report? A. an export key B. a password C. a user certificate D. a certification authority (CA) certificate

A. an export key

Your network contains an Active Directory domain named contoso.com. The domain contains five domain controllers.You purchase Microsoft 365 and plan to implement several Microsoft 365 services.You need to identify an authentication strategy for the planned Microsoft 365 deployment. The solution must meet the following requirements:✑ Ensure that users can access Microsoft 365 by using their on-premises credentials.✑ Use the existing server infrastructure only.✑ Store all user passwords on-premises only.✑ Be highly available.Which authentication strategy should you identify? A. pass-through authentication and seamless SSO B. pass-through authentication and seamless SSO with password hash synchronization C. password hash synchronization and seamless SSO D. federation

A. pass-through authentication and seamless SSO

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionYou need to ensure that all the sales department users can authenticate successfully during Project1 and Project2.Which authentication strategy should you implement for the pilot projects? A. password hash synchronization and seamless SSO B. pass-through authentication C. password hash synchronization D. pass-through authentication and seamless SSO

A. password hash synchronization and seamless SSO

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/1921ac666c7ba3f3ac203ae4caa4385f Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/cba933eef4b3f085dba0d58faeb5b145 Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionTo which Azure AD role should you add User4 to meet the security requirement? A. Password administrator B. Global administrator C. Security administrator D. Privileged role administrator

B. Global administrator

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain.You deploy a Microsoft Azure Active Directory (Azure AD) tenant.Another administrator configures the domain to synchronize to Azure AD.You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.You need to ensure that the 10 user accounts are synchronized to Azure AD.Solution: From Azure AD Connect, you modify the Azure AD credentials.Does this meet the goal? A. Yes B. No

B. No

You have a Microsoft Power Platform production environment that contains a custom model-driven Microsoft Power Apps app.How many days will system backups be retained for the environment? A. 7 B. 14 C. 28 D. 90

C. 28

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.In the tenant, you create a user named User1.You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege.To which role group should you add User1? A. Security Administrator B. Records Management C. Compliance Administrator D. eDiscovery Manager

C. Compliance Administrator

You have a Microsoft 365 E5 subscription.You need to ensure that users are prompted for multi-factor authentication (MFA) when they attempt to access Microsoft SharePoint Online resources. Users must NOT be prompted for MFA when they attempt to access other Microsoft 365 services.What should you do? A. From the Microsoft Endpoint Manager admin center, create an app protection policy. B. From the multi-factor authentication page, configure the users settings. C. From the Azure Active Directory admin center, create a conditional access policy. D. From the Cloud App Security admin center, create an app access policy.

C. From the Azure Active Directory admin center, create a conditional access policy.

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -Your organization plans to open an office in New York, and then to add 100 users to the office. The city attribute for all new users will be New York.You need to ensure that all the new users in the New York office are licensed for Microsoft Office 365 automatically.

Correct Answer: See explanation below.You need create a dynamic group based on the city attribute. You then need to assign a license to the group. User accounts with the city attribute set to ג€˜NewYork will automatically be added to the group. Anyone who is added to the group will automatically be assigned the license that is assigned to the group.1. Go to the Azure Active Directory admin center.2. Select Azure Active Directory then select Groups.3. Click on the New Group link.4. Give the group a name such as New York Users.5. Select Users as the membership type.6. Select ג€˜Add dynamic queryג€™.7. Select ג€˜Cityג€™ in the Property drop-down box.8. Select ג€˜Equalsג€™ in the Operator drop-down box.9. Enter ג€˜New Yorkג€™ as the Value. You should see the following text in the Expression box: user.city -eq "New York"10. Click Save to create the group.11. In the Groups list, select the new group to open the properties page for the group.12. Select ג€˜Licensesג€™.13. Select the ג€˜+ Assignmentsג€™ link.14. Tick the box to select the license.15. Click the Save button to save the changes.References:https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You hire a new global administrator named Irvin Sayers to manage your Microsoft 365 tenant.You need to modify Irvin Sayers to meet the following requirements:✑ Uses at least two methods of user authentication✑ Has the highest Microsoft Office 365 administrative privileges

Correct Answer: See explanation below.You need to assign the Global Admin role to Irvin Sayers. You then need to configure the account to require Multi-Factor Authentication (MFA).1. In the Microsoft 365 admin center, select Users then select Active Users.2. Select the Irvin Sayers account to open the account properties blade.3. In the Roles section, click on the ג€˜Manage rolesג€™ link.4. Select the ג€˜Admin center accessג€™ option.5. Select Global Administrator then click the ג€˜Save changesג€™ button.The next step is to enable the account for Multi-Factor Authentication (MFA).1. If the Irvin Sayers account is selected in the user accounts list, deselect it (click on the tick icon next to the account name). Selecting a user account changes the menu options at the top of the page; deselecting the accounts changes the menu options back.2. Click on the ג€˜Multi-factor authenticationג€™ link at the top of the page.3. In the ג€˜Multi-factor authenticationג€™ page, select the Irvin Sayers account.4. Click the ג€˜Enableג€™ link on the right side of the page.5. In the pop-up window, click the ג€˜enable multi-factor authג€™ button.

https://gyazo.com/3c61fd569ca3def7e73c36a413d9480e

Correct Answer: See explanation below.You need to configure the Password Expiration Policy.1. Sign in to the Microsoft 365 Admin Center.2. In the left navigation pane, expand the Settings section then select the Settings option.3. Click on Security and Privacy.4. Select the Password Expiration Policy.5. Ensure that the checkbox labelled ג€Set user passwords to expire after a number of daysג€ is ticked.6. Enter 60 in the ג€Days before passwords expireג€ field.7. Enter 10 in the ג€Days before a user is notified about expirationג€ field.8. Click the ג€˜Save changesג€™ button.

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionYou are evaluating the required processes for Project1.You need to recommend which DNS record must be created before adding a domain name for the project.Which DNS record should you recommend? A. alias (CNAME) B. host information (HINFO) C. host (A) D. mail exchanger (MX)

D. mail exchanger (MX)

https://gyazo.com/679f4ddefe9c265606e0806973151cc0

https://gyazo.com/093136b8770b7b051a8b5c80419bb8a1

https://gyazo.com/807e7cde81c034163923e8c15b3446a4

https://gyazo.com/0ad979bf1cc5c6f4871c2126c775f3be

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -General Overview -Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.Litware collaborates with a third-party company named ADatum Corporation.Environment -On-Premises Environment -The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins,Montreal Users, and Seattle Users and the users shown in the following table. https://gyazo.com/b3c6c414b78f748ae7991bd9615268b2 Cloud environment -Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure Active Directory Premium Plan 2 licenses.The subscription contains a verified DNS domain named litware.com.Azure AD Connect is installed and has the following configurations:Password hash synchronization is enabled.Synchronization is enabled for the LitwareAdmins OU only.Users are assigned the roles shown in the following table. https://gyazo.com/409f64ed7ea8b84fa811380804341533 Requirements -Planned Changes -Litware identifies the following issues:Admin1 cannot create conditional access policies.Admin4 receives an error when attempting to use SSPR.Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.Technical Requirements -Litware plans to implement the following changes:Implement Microsoft Intune.Implement Microsoft Teams.Implement Microsoft Defender for Office 365.Ensure that users can install Office 365 apps on their device.Convert all the Windows 10 Pro devices to Windows 10 Enterprise E5.Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.QuestionHOTSPOT -You need to ensure that Admin4 can use SSPR.Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area: https://gyazo.com/d94e290a7eb36f2991f117b40bcd39f0

https://gyazo.com/43c7e9595b5b7b41013ad8a0ac4b8c28

https://gyazo.com/d45682a882b82be22aac581f215c4fed

https://gyazo.com/6949fea3a3d3d67a2125c378ed7305a8

https://gyazo.com/1d2fe116b09a2f8cb49c6a199b008e5a

https://gyazo.com/e78b8f6ce2ddaf709e3a25080b199bbb

https://gyazo.com/686c728a7bc04166504e1d9cafff3c28

https://gyazo.com/f0341bc09bbab573cd866af7f7e1fe9c

https://gyazo.com/027489c56b23e9b754ddfd169effce07

https://gyazo.com/f0b30e41b39906b84d9933fdd70c911a

https://gyazo.com/81f0e7e4fc0688c645fafba8da49b3e0

https://gyazo.com/f5bbbd3f569a841088058f63110f96ba

https://gyazo.com/3989dda1abe0729ae72f33a1b12a226e

https://gyazo.com/f7770d11047777a8c3ec003734fcf5d2

https://gyazo.com/0a3465dfbcd627743f1f4225e5af4d24

https://gyazo.com/f8f9f66d850f809755da8a733a0a9488

https://gyazo.com/e8926848ff23d78b32be2e5982e0524a

A. Delete User2 and User4 only. B. Reset the password of User2 and User4 only.

Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD).The domain contains 100 user accounts.The city attribute for all the users is set to the city where the user resides.You need to modify the value of the city attribute to the three-letter airport code of each city.What should you do? A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings. B. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option. C. From Azure Cloud Shell, run the Get-MsolUser and Set-MSOluser cmdlets. D. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.

A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.

You have a Microsoft 365 tenant.You have a line-of-business application named App1 that users access by using the My Apps portal.After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.What should you do? A. From Microsoft Cloud App Security, modify the impossible travel alert policy. B. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy. C. From the Azure Active Directory admin center, modify the conditional access policy. D. From Microsoft Cloud App Security, create an app discovery policy.

A. From Microsoft Cloud App Security, modify the impossible travel alert policy.

Your network contains an on-premises Active Directory domain.You have a Microsoft 365 subscription.You implement a directory synchronization solution that uses pass-through authentication.You configure Microsoft Azure Active Directory (Azure AD) smart lockout as shown in the following exhibit.You discover that Active Directory users can use the passwords in the custom banned passwords list.You need to ensure that banned passwords are effective for all users.Which three actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. From a domain controller, install the Azure AD Password Protection Proxy. B. From a domain controller, install the Microsoft AAD Application Proxy connector. C. From Custom banned passwords, modify the Enforce custom list setting. D. From Password protection for Windows Server Active Directory, modify the Mode setting. E. From all the domain controllers, install the Azure AD Password Protection DC Agent. F. From Active Directory, modify the Default Domain Policy. Reveal Solution Discussion 12

A. From a domain controller, install the Azure AD Password Protection Proxy. D. From Password protection for Windows Server Active Directory, modify the Mode setting. E. From all the domain controllers, install the Azure AD Password Protection DC Agent.

You have a Microsoft 365 subscription.Your company deploys an Active Directory Federation Services (AD FS) solution.You need to configure the environment to audit AD FS user authentication.Which two actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. From all the AD FS servers, run auditpol.exe. B. From all the domain controllers, run the Set-AdminAuditLogConfig cmdlet and specify the ג€"LogLevel parameter. C. On a domain controller, install Azure AD Connect Health for AD DS. D. From the Azure AD Connect server, run the Register-AzureADConnectHealthSyncAgent cmdlet. E. On an AD FS server, install Azure AD Connect Health for AD FS.

A. From all the AD FS servers, run auditpol.exe. E. On an AD FS server, install Azure AD Connect Health for AD FS.

You have an on-premises web application that is published by using a URL of https://app.contoso.local.You purchase a Microsoft 365 subscription.Several external users must be able to connect to the web application.You need to recommend a solution for external access to the application. The solution must support multi-factor authentication.Which two actions should you recommend? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. From an on-premises server, install a connector, and then publish the app. B. From the Azure Active Directory admin center, enable an Application Proxy. C. From the Azure Active Directory admin center, create a conditional access policy. D. From an on-premises server, install an Authentication Agent. E. Republish the web application by using https://app.contoso.com.

A. From an on-premises server, install a connector, and then publish the app. B. From the Azure Active Directory admin center, enable an Application Proxy.

You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.Corporate policy states that user passwords must not include the word Contoso.What should you do to implement the corporate policy? A. From the Azure Active Directory admin center, configure the Password protection settings. B. From the Microsoft 365 admin center, configure the Password policy settings. C. From Azure AD Identity Protection, configure a sign-in risk policy. D. From the Azure Active Directory admin center, create a conditional access policy.

A. From the Azure Active Directory admin center, configure the Password protection settings.

You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.You purchase 100 Microsoft 365 Business Voice add-on licenses.You need to ensure that the members of a group named Voice are assigned a Microsoft 365 Business Voice add-on license automatically.What should you do? A. From the Azure Active Directory admin center, modify the settings of the Voice group. B. From the Microsoft 365 admin center, modify the settings of the Voice group. C. From the Licenses page of the Microsoft 365 admin center, assign the licenses.

A. From the Azure Active Directory admin center, modify the settings of the Voice group.

You have a Microsoft 365 subscription.You add a domain named contoso.com.When you attempt to verify the domain, you are prompted to send a verification email to [email protected] need to change the email address used to verify the domain.What should you do? A. From the domain registrar, modify the contact information of the domain B. Add a TXT record to the DNS zone of the domain C. Modify the NS records for the domain D. From the Microsoft 365 admin center, change the global administrator of the Microsoft 365 subscription

A. From the domain registrar, modify the contact information of the domain

You create a Microsoft 365 Enterprise subscription.You assign licenses for all products to all users.You need to prepare the environment to ensure that all Microsoft 365 Apps for enterprise installations occur from a network share. The solution must prevent the users from installing Microsoft 365 Apps for enterprise from the Internet.You download the Office Deployment Tool (ODT).Which three actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. From your computer, run setup.exe /download downloadconfig.xml. B. Create an XML download file. C. From the Microsoft 365 admin center, deactivate the Office 365 licenses for all the users. D. From each client computer, run setup.exe /configure installconfig.xml. E. From the Microsoft 365 admin center, configure the Software download settings.

A. From your computer, run setup.exe /download downloadconfig.xml. B. Create an XML download file. E. From the Microsoft 365 admin center, configure the Software download settings.

You have an on-premises Microsoft Exchange Server organization that contains 500 mailboxes and a third-party email archive solution.You have a Microsoft 365 tenant that contains a user named User1.You plan to use the User1 account to perform a PST import of the archive mailboxes to the tenant.Which two roles does User1 require to perform the import? The solution must use the principle of least privilege. Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Mail Recipients B. Exchange admin C. Records Management D. Mailbox Import Export E. eDiscovery Manager

A. Mail Recipients D. Mailbox Import Export

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1.You suspect that an imposter is signing in to Azure AD by using the credentials of User1.You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past 24 hours.To which three roles should you add Admin1? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Security administrator B. Password administrator C. User administrator D. Compliance administrator E. Reports reader F. Security reader

A. Security administrator E. Reports reader F. Security reader

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user namedUser1.You enable Azure AD Identity Protection.You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.To which role should you add User1? A. Security reader B. User administrator C. Owner D. Global administrator

A. Security reader

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes four users. Three of the users are each configured with the Password administrator,Security administrator, and the User administrator roles respectively. The fourth user has no role configured.Which of the following are the users that are able to reset the password of the fourth user? A. The users with the Password administrator and the User administrator roles. B. The users with the Security administrator and the User administrator roles. C. The users with the Password administrator and the Security administrator roles. D. The user with the Password administrator role only. Hide Solution Discussion 5

A. The users with the Password administrator and the User administrator roles.

https://gyazo.com/25db8a45c89711ba68618892e9db3c0e

A. User1 only

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has 3,000 users. All the users are assigned Microsoft 365 E3 licenses.Some users are assigned licenses for all Microsoft 365 services. Other users are assigned licenses for only certain Microsoft 365 services.You need to determine whether a user named User1 is licensed for Exchange Online only.Solution: You launch the Azure portal, and then review the Licenses blade.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has 3,000 users. All the users are assigned Microsoft 365 E3 licenses.Some users are assigned licenses for all Microsoft 365 services. Other users are assigned licenses for only certain Microsoft 365 services.You need to determine whether a user named User1 is licensed for Exchange Online only.Solution: You run the Get-MsolUser cmdlet.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use Message center in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speedInternet connection. All the branch offices connect to the Internet by using the main office connection.Users use Microsoft Outlook 2016 to connect to a Microsoft Exchange Server mailbox hosted in the main office.The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.You create a Microsoft 365 subscription, and then migrate all the user data to Microsoft 365.You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.Solution: In each branch office, you add a direct connection to the Internet.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company plans to deploy several Microsoft Office 365 services.You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:✑ Users must be able to authenticate during business hours only.✑ Authentication requests must be processed successfully if a single server fails.✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.Solution: You design an authentication strategy that contains a pass-through authentication model. You install an Authentication Agent on three servers and configure seamless SSO.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).You configure a pilot for co-management.You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the collection.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain.You deploy a Microsoft Azure Active Directory (Azure AD) tenant.Another administrator configures the domain to synchronize to Azure AD.You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.You need to ensure that the 10 user accounts are synchronized to Azure AD.Solution: From Azure AD Connect, you modify the filtering settings.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory forest.You deploy Microsoft 365.You plan to implement directory synchronization.You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.✑ User passwords must be 10 characters or more.Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.Does this meet the goal? A. Yes B. No

A. Yes

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:✑ Contoso.com✑ East.contoso.comAn Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.You deploy a new domain named west.contoso.com to the forest.You need to ensure that west.contoso.com syncs to the Azure AD tenant.Solution: From the Azure AD Connect server in contoso.com, you return the setup wizard and include the west.contoso.com domain.Does this meet the goal? A. Yes B. No

A. Yes

You have been tasked with detecting all users in your company's Microsoft 365 subscription who has a Microsoft Office 365 license as a result of belonging to a group.You need to make sure that the group used to assign the license is included in your results.Which of the following actions should you take? A. You should access the Azure portal, and navigate to the Licenses blade. B. You should access the Microsoft 365 admin center, and navigate to the Products blade. C. You should access the Azure portal, and navigate to the Monitor blade. D. You should access the Microsoft 365 admin center, and navigate to the Users blade.

A. You should access the Azure portal, and navigate to the Licenses blade.

Your company has 10 offices.The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.You discover that one of the offices has the following:✑ Computers that have several preinstalled applications✑ Computers that use nonstandard computer names✑ Computers that have Windows 10 preinstalled✑ Computers that are in a workgroupYou must configure the computers to meet the following corporate requirements:✑ All the computers must be joined to the domain.✑ All the computers must have computer names that use a prefix of CONTOSO.✑ All the computers must only have approved corporate applications installed.You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time. A. a provisioning package B. wipe and load refresh C. Windows Autopilot D. an in-place upgrade

A. a provisioning package

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a Microsoft Exchange Server 2019 organization.You plan to sync the domain to Azure Active Directory (Azure AD) and to enable device writeback and group writeback.You need to identify which group types will sync from Azure AD.Which two group types should you identify? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. an Office 365 group that uses the Assigned membership type B. a security group that uses the Dynamic Device membership type C. an Office 365 group that uses the Dynamic User membership type D. a security group that uses the Assigned membership type E. a security group that uses the Dynamic User membership type

A. an Office 365 group that uses the Assigned membership type C. an Office 365 group that uses the Dynamic User membership type

Your company has an on-premises Microsoft Exchange Server 2013 organization.The company has 100 users.The company purchases Microsoft 365 and plans to move its entire infrastructure to the cloud.The company does NOT plan to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD).You need to recommend which type of migration to use to move all email messages, contacts, and calendar items to Exchange Online.What should you recommend? A. cutover migration B. IMAP migration C. remote move migration D. staged migration

A. cutover migration

You have a Microsoft 365 subscription. All users have client computers that run Windows 10 and have Microsoft 365 Apps for enterprise installed.Some users in the research department work for extended periods of time without an Internet connection.How many days can the research department users remain offline before they are prevented from editing Office documents? A. 10 B. 30 C. 90 D. 120

B. 30

You have a Microsoft 365 subscription.You recently configured a Microsoft SharePoint Online tenant in the subscription.You plan to create an alert policy.You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes.What should you do first? A. Enable Microsoft Office 365 Cloud App Security. B. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP). C. Enable Microsoft Office 365 Analytics.

B. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).

Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users.Users that connect to Microsoft 365 services report that they are prompted for multi-factor authentication multiple times a day.You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices. Your solution must ensure that users are still prompted for MFA.What should you do? A. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device. B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device. C. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD). D. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.

Your network contains an Active Directory forest named contoso.local.You have a Microsoft 365 subscription.You plan to implement a directory synchronization solution that will use password hash synchronization.From the Microsoft 365 admin center, you verify the contoso.com domain name.You need to prepare the environment for the planned directory synchronization solution.What should you do first? A. From the public DNS zone of contoso.com, add a new mail exchanger (MX) record. B. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix. C. From the Microsoft 365 admin center, verify the contoso.local domain name. D. From Active Directory Users and Computers, modify the UPN suffix for all users.

B. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.

Your company has a hybrid deployment of Microsoft 365.Users authenticate by using pass-through authentication. Several Microsoft Azure AD Connect Authentication Agents are deployed.You need to verify whether all the Authentication Agents are used for authentication.What should you do? A. From the Azure portal, use the Troubleshoot option on the Pass-through authentication page. B. From Performance Monitor, use the #PTA authentications counter. C. From the Azure portal, use the Diagnostics settings on the Monitor blade. D. From Performance Monitor, use the Kerberos authentications counter.

B. From Performance Monitor, use the #PTA authentications counter.

Your company has a Microsoft 365 subscription.You plan to move several archived PST files to Microsoft Exchange Online mailboxes.You need to create an import job for the PST files.Which three actions should you perform before you create the import job? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Create a Microsoft Azure Storage account. B. From Security & Compliance, retrieve the SAS key. C. Run azcopy.exe to copy the PST files to Microsoft Azure Storage D. From Exchange admin center, run a new migration batch. E. Create a PST import mapping file.

B. From Security & Compliance, retrieve the SAS key. C. Run azcopy.exe to copy the PST files to Microsoft Azure Storage E. Create a PST import mapping file.

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You plan to install Azure AD connect on a member server and implement pass-through authentication.You need to prepare the environment for the planned implementation of pass-through authentication.Which three actions should you perform? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. Modify the email address attribute for each user account. B. From the Azure portal, add a custom domain name. C. From Active Directory Domains and Trusts, add a UPN suffix. D. Modify the User logon name for each user account. E. From the Azure portal, configure an authentication method. F. From a domain controller, install an Authentication Agent.

B. From the Azure portal, add a custom domain name. C. From Active Directory Domains and Trusts, add a UPN suffix. D. Modify the User logon name for each user account.

https://gyazo.com/cad5d2255797ebdee7e6df7b8576fa25

B. From the Conditional access blade in the Azure Active Directory admin center, create named locations.

After acquiring a Microsoft 365 subscription, you configure the use of Microsoft Azure Multi-Factor Authentication (MFA) for all users in the Azure Active Directory(Azure AD) tenant.You want to produce a report that includes all the users who finished the Azure MFA registration process. You want to make use of an Azure Cloud Shell cmdlet.Which of the following is the cmdlet you should use? A. Get-AzureADUser B. Get-MsolUser C. New-AzureADMSInvitation D. Set-MsolUserPrincipalName

B. Get-MsolUser

After your company acquires a Microsoft 365 subscription, they instruct you to move all email data from their corporate Gmail to Microsoft Exchange Online.The migration will be done via the Exchange admin center.Which of the following is the migration method you should use? A. Exchange Hybrid B. IMAP migration C. Cutover D. Express migration

B. IMAP migration

Your network contains an Active Directory domain. The domain contains a server named Server1 that runs Windows Server 2016. Server1 has a share namedShare1.You have a hybrid deployment of Microsoft 365.You need to migrate the content in Share1 to Microsoft OneDrive.What should you use? A. Windows Server Migration Tools B. Microsoft SharePoint Migration Tool C. Storage Migration Service

B. Microsoft SharePoint Migration Tool

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/15cb2e9caa29590a8c5f1ed4337c2dd5 Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/1b82e0e2d8fe2d0478feb2f6cd8ab00a Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionNote: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to assign User2 the required roles to meet the security requirements.Solution: From the Office 365 admin center, you assign User2 the Records Management role. From the Exchange admin center, you assign User2 the Help Desk role.Does this meet the goal? A. Yes B. No

B. No

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/5212ec094d8c3d501109d8222029c211 Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/2019919607d4d98cf266235f019ca331 Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionNote: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to assign User2 the required roles to meet the security requirements.Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-OnlyOrganization Management role.Does this meet the goal? A. Yes B. No

B. No

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/65dc716aaa8003b636cd39bbb04317f3 Existing Environment -The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You recently configured the forest to sync to the Azure AD tenant.You add and then verify adatum.com as an additional domain name.All servers run Windows Server 2016.All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.Contoso has the users shown in the following table. https://gyazo.com/e4ac69263f1e5c9efc376218e9cae43e Requirements -Planned Changes -Contoso plans to provide email addresses for all the users in the following domains:East.adatum.comContoso.adatum.comHumongousinsurance.comTechnical Requirements -Contoso identifies the following technical requirements:All new users must be assigned Office 365 licenses automatically.The principle of least privilege must be used whenever possible.Security Requirements -Contoso identifies the following security requirements:Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.User2 must be able to view reports and schedule the email delivery of security and compliance reports.The members of Group1 must be required to answer a security question before changing their password.User3 must be able to manage Office 365 connectors.User4 must be able to reset User3 password.QuestionNote: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You need to assign User2 the required roles to meet the security requirements.Solution: From the Office 365 admin center, you assign User2 the Security Reader role. From the Exchange admin center, you assign User2 the Help Desk role.Does this meet the goal? A. Yes B. No

B. No

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.After acquiring a Microsoft 365 Enterprise subscription, you are tasked with migrating your company's Microsoft Exchange Server 2016 mailboxes and groups toExchange Online.You have started a new migration batch. You, subsequently, receive complaints from on-premises Exchange Server users about slow performance.Your analysis shows that the issue has resulted from the migration. You want to make sure that the effect the mailbox migration has on users is decreased.Solution: You create a label policy.Does the solution meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.You need to be notified if the SharePoint policy is modified in the future.Solution: From the Security & Compliance admin center, you create a threat management policy.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.You need to be notified if the SharePoint policy is modified in the future.Solution: From the SharePoint admin center, you modify the sharing settings.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.Solution: From the Device Management admin center, you a trusted location and compliance policy.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.Solution: From the Microsoft 365 admin center, you configure the Organization profile settings.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has 3,000 users. All the users are assigned Microsoft 365 E3 licenses.Some users are assigned licenses for all Microsoft 365 services. Other users are assigned licenses for only certain Microsoft 365 services.You need to determine whether a user named User1 is licensed for Exchange Online only.Solution: You run the Get-MsolAccountSku cmdlet.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You review the Security & Compliance report in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You review the Windows release health in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use the Service health option in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use the View service requests option in the Microsoft 365 admin center.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speedInternet connection. All the branch offices connect to the Internet by using the main office connection.Users use Microsoft Outlook 2016 to connect to a Microsoft Exchange Server mailbox hosted in the main office.The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.You create a Microsoft 365 subscription, and then migrate all the user data to Microsoft 365.You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.Solution: For each device, you configure an additional Outlook profile that uses IMAP.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speedInternet connection. All the branch offices connect to the Internet by using the main office connection.Users use Microsoft Outlook 2016 to connect to a Microsoft Exchange Server mailbox hosted in the main office.The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.You create a Microsoft 365 subscription, and then migrate all the user data to Microsoft 365.You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.Solution: You deploy a site-to-site VPN from each branch office to Microsoft Azure.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speedInternet connection. All the branch offices connect to the Internet by using the main office connection.Users use Microsoft Outlook 2016 to connect to a Microsoft Exchange Server mailbox hosted in the main office.The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.You create a Microsoft 365 subscription, and then migrate all the user data to Microsoft 365.You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.Solution: You enable Cached Exchange Mode for all the Outlook profiles.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company plans to deploy several Microsoft Office 365 services.You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:✑ Users must be able to authenticate during business hours only.✑ Authentication requests must be processed successfully if a single server fails.✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.Solution: You design an authentication strategy that contains a pass-through authentication model. The solution contains two servers that have an AuthenticationAgent installed and password hash synchronization configured.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company plans to deploy several Microsoft Office 365 services.You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:✑ Users must be able to authenticate during business hours only.✑ Authentication requests must be processed successfully if a single server fails.✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company plans to deploy several Microsoft Office 365 services.You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:✑ Users must be able to authenticate during business hours only.✑ Authentication requests must be processed successfully if a single server fails.✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.Solution: You design an authentication strategy that uses password hash synchronization and seamless SSO. The solution contains two servers that have anAuthentication Agent installed.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain.You deploy a Microsoft Azure Active Directory (Azure AD) tenant.Another administrator configures the domain to synchronize to Azure AD.You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.You need to ensure that the 10 user accounts are synchronized to Azure AD.Solution: From the Synchronization Rules Editor, you create a new outbound synchronization rule.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain.You deploy a Microsoft Azure Active Directory (Azure AD) tenant.Another administrator configures the domain to synchronize to Azure AD.You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.You need to ensure that the 10 user accounts are synchronized to Azure AD.Solution: You run idfix.exe and export the 10 user accounts.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory forest.You deploy Microsoft 365.You plan to implement directory synchronization.You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.User passwords must be 10 characters or more.Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory forest.You deploy Microsoft 365.You plan to implement directory synchronization.You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.✑ User passwords must be 10 characters or more.Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory forest.You deploy Microsoft 365.You plan to implement directory synchronization.You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.✑ User passwords must be 10 characters or more.Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:✑ Contoso.com✑ East.contoso.comAn Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.You deploy a new domain named west.contoso.com to the forest.You need to ensure that west.contoso.com syncs to the Azure AD tenant.Solution: You create an Azure DNS zone for west.contoso.com. On the on-premises DNS servers, you create a conditional forwarder for west.contoso.com.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:✑ Contoso.com✑ East.contoso.comAn Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.You deploy a new domain named west.contoso.com to the forest.You need to ensure that west.contoso.com syncs to the Azure AD tenant.Solution: You install a new Azure AD Connect server in west.contoso.com and set AD Connect to active mode.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:✑ Contoso.com✑ East.contoso.comAn Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.You deploy a new domain named west.contoso.com to the forest.You need to ensure that west.contoso.com syncs to the Azure AD tenant.Solution: You install a new Azure AD Connect server in west.contoso.com and set AD Connect to staging mode.Does this meet the goal? A. Yes B. No

B. No

Your company has configured all user email to be stored in Microsoft Exchange Online.You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.Solution: You start by initiating a message trace via the Security & Compliance admin center.Does the solution meet the goal? A. Yes B. No

B. No

You have an on-premises Microsoft SharePoint Server 2016 environment.You create a Microsoft 365 tenant.You need to migrate some of the SharePoint sites to SharePoint Online. The solution must meet the following requirements:✑ Microsoft OneDrive sites must redirect users to online content.✑ Users must be able to follow both on-premises and cloud-based sites.✑ Users must have a single SharePoint profile for both on-premises and on the cloud.✑ When users search for a document by using keywords, the results must include online and on-premises results.From the SharePoint Hybrid Configuration Wizard, you select the following features:✑ Hybrid business to business (B2B) sites✑ Hybrid OneDrive✑ Hybrid SearchWhich two requirements are met by using the SharePoint Hybrid Configuration Wizard features? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Users must have a single SharePoint profile for both on-premises and on the cloud. B. OneDrive sites must redirect users to online content. C. Users must be able to follow both on-premises and cloud-based sites. D. When users search for a document by using keywords, the results must include online and on-premises results. Reveal Solution Discussion 8

B. OneDrive sites must redirect users to online content. D. When users search for a document by using keywords, the results must include online and on-premises results. Reveal Solution Discussion 8

Your company has a Microsoft 365 subscription.You upload several archive PST files to Microsoft 365 by using the Security & Compliance admin center.A month later, you attempt to run an import job for the PST files.You discover that the PST files were deleted from Microsoft 365.What is the most likely cause of the files being deleted? More than one answer choice may achieve the goal. Select the BEST answer. A. The PST files were corrupted and deleted by Microsoft 365 security features. B. PST files are deleted automatically from Microsoft 365 after 30 days. C. The size of the PST files exceeded a storage quota and caused the files to be deleted. D. Another administrator deleted the PST files.

B. PST files are deleted automatically from Microsoft 365 after 30 days.

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes four users that are configured with the Privileged role administrator, the User administrator, the Security administrator, and the Billing administrator roles respectively.A security group has been included in the tenant for the purpose of managing administrative accounts.Which of the four roles can be used to add a user with the Security administrator role to the security group? A. The Privileged role administrator role. B. The User administrator role. C. The Security administrator role. D. The Billing administrator role.

B. The User administrator role.

You have Windows 10 devices that are managed by using Microsoft Endpoint Manager. All the devices have Microsoft Office 365 apps installed.You need to configure the proofing tool settings for the Office 365 apps.From the Microsoft Endpoint Manager admin center, what should you create? A. a device compliance policy B. an app configuration policy C. an app D. a device configuration profile

B. an app configuration policy

Your network contains an on-premises Active Directory forest.You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy.You need to recommend an authentication strategy that meets the following requirements:✑ Allows users to sign in by using smart card-based certificates✑ Allows users to connect to on-premises and Microsoft 365 services by using SSOWhich authentication strategy should you recommend? A. password hash synchronization and seamless SSO B. federation with Active Directory Federation Services (AD FS) C. pass-through authentication and seamless SSO

B. federation with Active Directory Federation Services (AD FS)

Your network contains three Active Directory forests.You create a Microsoft Azure Active Directory (Azure AD) tenant.You plan to sync the on-premises Active Directory to Azure AD.You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails.What should you include in the recommendation? A. three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode B. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode C. three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode D. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode

B. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode

Your network contains an Active Directory domain named contoso.com.All users authenticate by using a third-party authentication solution.You purchase Microsoft 365 and plan to implement several Microsoft 365 services.You need to recommend an identity strategy that meets the following requirements:✑ Provides seamless SSO✑ Minimizes the number of additional servers required to support the solution✑ Stores the passwords of all the users in Microsoft Azure Active Directory (Azure AD)✑ Ensures that all the users authenticate to Microsoft 365 by using their on-premises user accountYou are evaluating the implementation of federation.Which two requirements are met by using federation? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. minimizes the number of additional servers required to support the solution B. provides seamless SSO C. stores the passwords of all the users in Azure AD D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account

B. provides seamless SSO D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account

You have a Microsoft 365 subscription. You have a user named User1.You need to ensure that User1 can place a hold on all mailbox content.What permission should you assign to User1? A. the User management administrator role from the Microsoft 365 admin center B. the eDiscovery Manager role from the Security & Compliance admin center C. the Information Protection administrator role from the Azure Active Directory admin center D. the Compliance Management role from the Exchange admin center

B. the eDiscovery Manager role from the Security & Compliance admin center

You need to consider the underlined segment to establish whether it is accurate.You have recently configured a conditional access policy to force mobile device users to use multi-factor authentication when accessing Microsoft SharePoint.To check who used multi-factor authentication to authenticate, you view the Usage reports from Azure Active Directory admin center.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. A. No adjustment required B. user sign-ins C. event logs D. audit logs Hide Solution

B. user sign-ins

You manage multiple devices by using Microsoft Endpoint Manager. The devices run on the following operating systems:✑ Android 8.0, Android 8.1.0, and Android 9✑ iOS 12 and iOS 13✑ MacOS 10.14✑ Windows 10You need to deploy Microsoft 365 apps to the devices.From the Microsoft Endpoint Manager admin center, what is the minimum number of apps you should create? A. 1 B. 3 C. 4 D. 7

C. 4

You have a Microsoft 365 tenant that contains a Microsoft Power Platform environment.You need to ensure that only specific users can create new environments.What should you do in the Power Platform admin center? A. From Data policies, create a new data policy. B. From Data integration, create a new connection set. C. From Power Platform settings, modify the Governance settings for the environment. D. From Environments, modify the behaviour settings for the default environment.

C. From Power Platform settings, modify the Governance settings for the environment.

Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD).The domain contains 100 user accounts.The city attribute for all the users is set to the city where the user resides.You need to modify the value of the city attribute to the three-letter airport code of each city.What should you do? A. From Azure Cloud Shell, run the Get-AzureADUser and Set-AzureADUser cmdlets. B. From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets. C. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets. D. From Azure Cloud Shell, run the Get-MsolUser and Set-MSOluser cmdlets.

C. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.

Your company recently purchased a Microsoft 365 subscription.You enable Microsoft Azure Multi-Factor Authentication (MFA) for all 500 users in the Azure Active Directory (Azure AD) tenant.You need to generate a report that lists all the users who completed the Azure MFA registration process.What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. From Azure Cloud Shell, run the Get-AzureADUser cmdlet. B. From Azure Cloud Shell, run the Get-MsolUser cmdlet. C. From the Azure Active Directory admin center, use the Usage & insights blade. D. From the Azure Active Directory admin center, use the Risky sign-ins blade.

C. From the Azure Active Directory admin center, use the Usage & insights blade.

Your company has a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.An external vendor has a Microsoft account that has a username of [email protected] plan to provide [email protected] with access to several resources in the subscription.You need to add the external user account to contoso.onmicrosoft.com. The solution must ensure that the external vendor can authenticate by using [email protected] should you do? A. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify ג€"UserPrincipalName [email protected]. B. From the Microsoft 365 admin center, add a contact, and then specify [email protected] as the email address. C. From the Azure portal, add a new guest user, and then specify [email protected] as the email address. D. From the Azure portal, add a custom domain name, and then create a new Azure AD user and use [email protected] as the username.

C. From the Azure portal, add a new guest user, and then specify [email protected] as the email address.

You have a Microsoft 365 subscription.All users have their email stored in Microsoft Exchange OnlineIn the mailbox of a user named User, you need to preserve a copy of all the email messages that contain the word ProjectX.What should you do first? A. From the Exchange admin center, start a mail flow message trace. B. From the Security & Compliance admin center, start a message trace. C. From the Security & Compliance admin center, create a label and label policy. D. From the Exchange admin center, create a mail flow rule.

C. From the Security & Compliance admin center, create a label and label policy.

You have a Microsoft 365 subscription.You need to prevent phishing email messages from being delivered to your organization.What should you do? A. From the Exchange admin center, create an anti-malware policy. B. From the Security & Compliance admin center, create a DLP policy. C. From the Security & Compliance admin center, create a new threat management policy. D. From the Exchange admin center, create a spam filter policy.

C. From the Security & Compliance admin center, create a new threat management policy.

Your company has an Active Directory domain as well as a Microsoft Azure Active Directory (Azure AD) tenant.After configuring directory synchronization for all users in the organization, you configure a number of new user accounts to be created automatically.You want to run a command to make sure that the new user accounts synchronize to Azure AD in the shortest time required.Which of the following is the command that you should use? A. New-ADSyncRule B. Set-ADSyncSchedulerConnectorOverride C. Start-ADSyncSyncCycle D. Set-ADSyncSchema

C. Start-ADSyncSyncCycle

You are responsible for your company's Microsoft 365 subscription.The company introduces a security policy that requires DLP incident reports to be automatically sent to legal department users.You are required to configure the reports to be delivered via email as often you can.Which of the following is the option you should use? A. Annually B. Monthly C. Weekly D. Quarterly

C. Weekly

You publish an enterprise application named App1 that processes financial data.You need to ensure that access to App1 is revoked for users who no longer require viewing the processed financial data.What should you configure? A. an owner B. an app protection policy C. an access review D. a conditional access policy

C. an access review

Your network contains an Active Directory domain named contoso.com.You have a Microsoft 365 subscription.You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.You implement directory synchronization.The developers at your company plan to build an app named App1. App1 will connect to the Microsoft Graph API to provide access to several Microsoft Office 365 services.You need to provide the URI for the authorization endpoint that App1 must use.What should you provide? A. https://login.microsoftonline.com/ B. https://contoso.com/contoso.onmicrosoft.com/app1 C. https://login.microsoftonline.com/contoso.onmicrosoft.com/ D. https://myapps.microsoft.com

C. https://login.microsoftonline.com/contoso.onmicrosoft.com/

Your company has an on-premises Microsoft Exchange Server 2016 organization. The organization is in the company's main office in Melbourne. The main office has a low-bandwidth connection to the Internet.The organization contains 250 mailboxes.You purchase a Microsoft 365 subscription and plan to migrate to Exchange Online next month.In 12 months, you plan to increase the bandwidth available for the Internet connection.You need to recommend the best migration strategy for the organization. The solution must minimize administrative effort.What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. network upload B. cutover migration C. hybrid migration D. staged migration

C. hybrid migration

You have a Microsoft 365 subscription.A new corporate security policy states that you must automatically send DLP incident reports to the users in the legal department.You need to schedule the email delivery of the reports. The solution must ensure that the reports are sent as frequently as possible.How frequently can you schedule the delivery of the reports? A. hourly B. monthly C. weekly D. daily

C. weekly

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -You plan to invite several guest users to access the resources in your organization.You need to ensure that only guests who have an email address that uses the @contoso.com suffix can connect to the resources in your Microsoft 365 tenant.

Correct Answer: See explanation below.You need to add contoso.com as an allowed domain in the ג€˜External collaboration settingsג€™.1. Go to the Azure Active Directory admin center.2. Select Users then select ג€˜User settingsג€™.3. Under External Users, select the ג€˜Manage external collaboration settingsג€™.4. Under ג€˜Collaboration restrictionsג€™, select the ג€˜Allow invitations only to the specified domains (most restrictive)ג€™ option.5. Under, Target Domains, type in the domain name ג€˜contoso.comג€™6. Click the Save button at the top of the screen to save your changes.References:https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-list

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You plan to allow the users in your organization to invite external users as guest users to your Microsoft 365 tenant.You need to prevent the organization's users from inviting guests who have an email address that uses a suffix of @gmail.com.

Correct Answer: See explanation below.You need to add gmail.com as a denied domain in the ג€˜External collaboration settingsג€™.1. Go to the Azure Active Directory admin center.2. Select Users then select ג€˜User settingsג€™.3. Under External Users, select the ג€˜Manage external collaboration settingsג€™.4. Under ג€˜Collaboration restrictionsג€™, select the ג€˜Deny invitations to the specified domainsג€™ option.5. Under, Target Domains, type in the domain name ג€˜gmail.comג€™6. Click the Save button at the top of the screen to save your changes.References:https://docs.microsoft.com/en-us/azure/active-directory/b2b/allow-deny-list

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You need to modify Christie Cline to meet the following requirements:✑ Christie Cline must be able to view the service dashboard and the Microsoft Office 365 Message center.✑ Christie Cline must be able to create Microsoft support requests.The solution must use the principle of least privilege.

Correct Answer: See explanation below.You need to assign Christie the ג€˜Service Support Adminג€™ role.1. In the Microsoft 365 Admin Center, click ג€˜Rolesג€™.2. Scroll down to the Service Support Admin role and click on the role name.3. Click the ג€˜Assigned Adminsג€™ link.4. Click the ג€˜Addג€™ button.5. Start typing the name Christie then select her account when it appears.6. Click Save.References:https://docs.microsoft.com/en-US/azure/active-directory/users-groups-roles/directory-assign-admin-roles

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You have a user named Grady Archie. The solution must meet the following requirements:✑ Grady Archie must be able to add payment methods to your Microsoft Office 365 tenant.✑ The solution must minimize the number of licenses assigned to users.✑ The solution must use the principle of least privilege.

Correct Answer: See explanation below.You need to assign the ג€˜Billing Administratorג€™ role to Grady Archie.1. Go to the Azure Active Directory admin center.2. Select Users.3. Select the Grady Archie account to open the account properties page.4. Select ג€˜Assigned rolesג€™.5. Click the ג€˜Add Assignmentsג€™ button.6. Select Billing Administrator then click the Add button.Reference:https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -Alex Wilber must be able to reset the password of each user in your organization. The solution must prevent Alex Wilber from modifying the password of global administrators.

Correct Answer: See explanation below.You need to assign the ג€˜Password Administratorג€™ role to Alex Wilber. A user assigned the Password Administrator role can reset passwords for non-administrators and Password administrators.1. Go to the Azure Active Directory admin center.2. Select Users.3. Select the Alex Wilber account to open the account properties page.4. Select ג€˜Assigned rolesג€™.5. Click the ג€˜Add Assignmentsג€™ button.6. Select Password Administrator then click the Add button.References:https://docs.microsoft.com/en-us/office365/admin/add-users/about-admin-roles?view=o365-worldwide

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -You need to prevent non-administrators in your organization from registering applications.

Correct Answer: See explanation below.You need to configure the App Registrations setting in Azure Active Directory.1. Go to the Azure Active Directory admin center.2. Select Azure Active Directory.3. Select ג€˜User settingsג€™4. In the ג€˜App registrationsג€™ section, toggle the ג€˜Users can register applicationsג€™ setting to No.5. Click Save to save the changes.

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -You need to prevent the users in your organization from establishing voice calls from Microsoft Skype for Business to external Skype users.

Correct Answer: See explanation below.You need to configure the External Communications settings in the Skype for Business admin center.1. You need to go to the Skype for Business admin center. If you see a Skype for Business admin center in the admin center list in the Microsoft portal, open it and skip to step 4.2. If you donג€™t see a Skype for Business admin center in the admin center list in the Microsoft portal, open the Teams admin center.3. In the Teams admin center, choose Skype > Legacy Portal.4. In the Skype for Business admin center, select Organization.5. Select External communications.6. Untick the ג€˜Let people use Skype for Business to communicate with Skype users outside your organizationג€™ checkbox.7. Click Save to save the changes.

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -Your organization recently implemented a new data retention policy. The policy requires that all files stored in an employee's Microsoft OneDrive folders be retained for 60 days after the employee is terminated from the organization.The human resources (HR) department of the organization deletes the user accounts of all terminated employees.You need to ensure that the organization meets the requirements of the data retention policy.

Correct Answer: See explanation below.You need to configure the OneDrive retention period for deleted users.1. Go to the OneDrive admin center.2. Select Storage.3. Set the ג€Days to retain files in OneDrive after a user account is marked for deletionג€ option to 60.4. Click Save to save the changes.References:https://docs.microsoft.com/bs-latn-ba/onedrive/set-retention

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -You plan to provide several users in your organization with the ability to join their Windows 10 device to Microsoft Azure Active Directory (Azure AD).You need to ensure that all the users who join a device use multi-factor authentication. Reveal Solution Discussion 3

Correct Answer: See explanation below.You need to configure the device settings in Azure Active Directory.1. Go to the Azure Active Directory admin center.2. Select Azure Active Directory.3. Select Devices.4. Select Device Settings.5. Toggle the ג€˜Require Multi-Factor Auth to join devicesג€™ setting to Yes.6. Click Save to save the changes.References:https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -Your organization has an office in Seattle.You plan to create 100 users who will work in the Seattle office. The city attribute for all the users will be Seattle.You need to create a group named Group1 that will automatically contain all the Seattle office users.

Correct Answer: See explanation below.You need to create a Dynamic group. User accounts with the city attribute set to ג€˜Seattleג€™ will automatically be added to the group.1. Go to the Azure Active Directory admin center.2. Select Azure Active Directory then select Groups.3. Click on the New Group link.4. Give the group a name such as Seattle Users.5. Select Users as the membership type.6. Select ג€˜Add dynamic queryג€™.7. Select ג€˜Cityג€™ in the Property drop-down box.8. Select ג€˜Equalsג€™ in the Operator drop-down box.9. Enter Seattle as the Value. You should see the following text in the Expression box: user.city -eq "Seattle"10. Click Save to create the group.References:https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership

https://gyazo.com/fa040ac872f86bcd37db0b503d05edd3

Correct Answer: See explanation below.You need to create a guest account for the external user and assign the Application Developer role. As the userג€™s domain is an external domain, you will need toג€˜inviteג€™ the user. The external user will need to accept the invitation to create the account.1. Go to the Azure Active Directory Admin Center.2. In the left navigation pane, select Users.3. Click on the ג€˜+ New Guest Userג€™ link.4. Ensure that the ג€˜Invite userג€™ option is selected.5. Enter [email protected] in the email address field.6. In the Roles section, ג€˜userג€™ will be selected by default. Click on ג€˜userג€™ to open a list of roles.7. Select Application Developer in the list and click the ג€˜Selectג€™ button to assign the role.8. Click the ג€˜Inviteג€™ button to send the invitation.

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You plan to provide an external user named [email protected] with access to several resources in your Microsoft 365 tenant.You need to ensure that the external user can be added to Office 365 groups.

Correct Answer: See explanation below.You need to create a guest account for the external user.1. Go to the Azure Active Directory admin center.2. Select Users.3. Click the ג€˜New guest userג€™ link.4. Select the ג€˜Invite userג€™ option.5. Give the account a name and enter [email protected] in the email address field.6. Click the ג€˜Inviteג€™ button.References:https://docs.microsoft.com/en-us/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: *yfLo7Ir2&y-If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10811525 -Your organization recently partnered with another organization named Fabrikam, Inc.You plan to provide a Microsoft 365 license to an external user named [email protected], and then to share documents with the user.You need to invite [email protected] to access your organization.

Correct Answer: See explanation below.You need to create a guest account for user1.1. Go to the Azure Active Directory admin center.2. Select Users.3. Click the ג€˜New guest userג€™ link.4. Select the ג€˜Invite userג€™ option.5. Give the account a name (User1) and enter [email protected] in the email address field.6. Click the ג€˜Inviteג€™ button.References:https://docs.microsoft.com/en-us/azure/active-directory/b2b/b2b-quickstart-add-guest-users-portal

https://gyazo.com/7e1c2779b22673d1f7e24dc6e5a2d626

Correct Answer: See explanation below.You need to create a resource mailbox in Exchange.1. Go to the Exchange Admin Center.2. In the left navigation pane, select Recipients.3. Click the Resources link.4. Click the plus (+) icon and select ג€˜Equipment Mailboxג€™.5. Give the mailbox a name such as ג€˜Projector1ג€™.6. Enter the name projector1 in the email address field.7. Click the Save button to create the equipment mailbox.8. In the resource mailbox list, select the new mailbox and click the Edit icon (pencil icon).9. Select ג€˜Booking Delegatesג€™ in the menu list.10. Select the option, ג€Select delegates who can accept or decline booking requestsג€.11. Click the plus (+) icon and add Lee Gu as a delegate.12. Click the Save button to save the changes.

https://gyazo.com/974a965e1f18b8938ab3565121e876ff

Correct Answer: See explanation below.You need to create a team. You can create a team in the Microsoft Teams Admin Center or in the Microsoft Teams app. However, to be able to specify the team owner when creating the team, you need to use the Teams Admin Center.1. Go to the Microsoft Teams Admin Center.2. In the left navigation pane, expand the Teams section and select ג€˜Manage Teamsג€™.3. Click the ג€˜+ Addג€™ link to add a new team.4. Give the team the name Project1.5. In the Team Owner field, remove your name which is there by default and add Lee Gu.6. Click the ג€˜Create a teamג€™ button to create the team.7. In the teams list, select the Project1 team.8. Click on ג€˜Channelsג€™.9. Click the ג€˜+ Addג€™ link to add a new channel.10. Give the channel the name Channel1.11. Click the Apply button to create the channel.

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -A user named Johanna Lorenz recently left the company. A new employee named Ben Smith will handle the tasks of Johanna Lorenz.You need to create a user named Ben Smith. Ben Smith must be able to sign in to http://myapps.microsoft.com and open Microsoft Word Online.

Correct Answer: See explanation below.You need to create a user account and assign a license to the account. You thenTo create the user account and mailbox:1. In the Microsoft 365 admin center, go to User management, and select Add user.2. Enter the name Ben Smith in the First Name and Last Name fields.3. Enter Ben.Smith in the username field and click Next.4. Assign a Microsoft 365 license to the account.5. Click Next.6. Click Next again.7. Click ג€˜Finish addingג€™.

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You need to create a group named Group2. Users who are added to Group2 must be licensed automatically for Microsoft Offline 365.

Correct Answer: See explanation below.You need to create the group and assign a license to the group. Anyone who is added to the group will automatically be assigned the license that is assigned to the group.1. Go to the Azure Active Directory admin center.2. Select the Azure Active Directory link then select Groups.3. Click the New Group link.4. Select ג€˜Securityג€™ as the group type and enter ג€˜Group2ג€™ for the group name.5. Click the Create button to create the group.6. Back in the Groups list, select Group2 to open the properties page for the group.7. Select ג€˜Licensesג€™.8. Select the ג€˜+ Assignmentsג€™ link.9. Tick the box to select the license.10. Click the Save button to save the changes.References:https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You need to ensure that all mobile devices that connect to Microsoft Exchange Online meet the following requirements:✑ A password must be used to access the devices.✑ Data on the devices must be encrypted.

Correct Answer: See explanation below.You need to modify the default mobile device mailbox policy.1. Go to the Exchange Admin Center.2. Select ג€˜mobileג€™ then select ג€˜mobile device mailbox policiesג€™.3. Click the ג€˜Create a policyג€™ button.4. Select the Default policy and click the edit icon (pencil icon).5. Select the ג€˜Securityג€™ link to open the security settings.6. Tick the ג€˜Require a passwordג€™ checkbox.7. Tick the ג€˜Require encryption on deviceג€™ checkbox.8. Click the Save button to save the changes.References:https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/exchange-activesync/mobile-device-mailbox-policies

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -Your company has a web application named App1.The company plans to publish App1 by using a URL of https://app1.contoso.com.You need to register App1 to your Microsoft Office 365 tenant.

Correct Answer: See explanation below.You need to register App1 in Azure Active Directory.1. Go to the Azure Active Directory admin center.2. Select Azure Active Directory.3. Select ג€˜App registrationsג€™.4. Click the ג€˜New registrationג€™ link.5. Enter the name App1.6. Click the Register button.7. To add the URL to App1, select App1 in the list of registered apps.8. In the properties page of App1, select Branding.9. Enter the URL https://app1.contoso.com in the ג€˜Home page URLג€™ box.10. Click Save to save the changes.References:https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You hire a new Microsoft 365 administrator named Nestor Wilke. Nestor Wilke will begin working for your organization in several days.You need to ensure that Nestor Wilke is prevented from using his account until he begins working.

Correct Answer: See explanation below.You need to sign-in status for the account to ג€˜Blockedג€™. Blocking doesn't stop the account from receiving email and it doesn't delete any data.1. On the home page of the Microsoft 365 admin center, type the userג€™s name into the Search box.2. Select the Nestor Wilke account in the search results.3. In the ג€˜Sign-in statusג€™ section of the account properties, click the Edit link.4. Select ג€˜Block the user from signing inג€™ and click the Save button.

Your company has a Microsoft 365 E5 subscription.Users in the research department work with sensitive data.You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted.What should you do from the Security & Compliance admin center? A. Create a data loss prevention (DLP) policy that has a Content contains condition. B. Create a data loss prevention (DLP) policy that has a Content is shared condition. C. Modify the default safe links policy. D. Create a new safe links policy.

D. Create a new safe links policy.

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com.Your company recently purchased a Microsoft 365 subscription.You deploy a federated identity solution to the environment.You use the following command to configure contoso.com for federation.Convert-MsolDomaintoFederated `"DomainName contoso.comIn the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name.You need to configure the adatum.com Active Directory domain for federated authentication.Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point. A. From Windows PowerShell, run the Convert-MsolDomaintoFederated ג€"DomainName contoso.com ג€"SupportMultipleDomain command. B. From Windows PowerShell, run the New-MsolFederatedDomain ג€"SupportMultipleDomain -DomainName contoso.com command. C. From Windows PowerShell, run the New-MsolFederatedDomain -DomainName adatum.com command. D. From Windows PowerShell, run the Update-MSOLFederatedDomain ג€"DomainName contoso.com ג€"SupportMultipleDomain command. E. From the federation server, remove the Microsoft Office 365 relying party trust.

D. From Windows PowerShell, run the Update-MSOLFederatedDomain ג€"DomainName contoso.com ג€"SupportMultipleDomain command. E. From the federation server, remove the Microsoft Office 365 relying party trust.

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains 10,000 users.The company has a Microsoft 365 subscription.You enable Azure Multi-Factor Authentication (MFA) for all the users in contoso.com.You run the following query.search "SigninLogs" | where ResultDescription == "User did not pass the MFA challenge."The query returns blank results.You need to ensure that the query returns the expected results.What should you do? A. From the Azure Active Directory admin center, configure the diagnostics settings to archive logs to an Azure Storage account. B. From the Security & Compliance admin center, turn on auditing. C. From the Security & Compliance admin center, enable Office 365 Analytics. D. From the Azure Active Directory admin center, configure the diagnostics settings to send logs to an Azure Log Analytics workspace.

D. From the Azure Active Directory admin center, configure the diagnostics settings to send logs to an Azure Log Analytics workspace.

You have a Microsoft 365 subscription.You register two applications named App1 and App2 to Azure Active Directory (Azure AD).You need to ensure that users who connect to App1 require multi-factor authentication (MFA). MFA is required only for App1.What should you do? A. From the Microsoft 365 admin center, configure the Modern authentication settings. B. From Multi-Factor Authentication, configure the service settings. C. From the Enterprise applications blade of the Azure Active Directory admin center, configure the Users settings. D. From the Azure Active Directory admin center, create a conditional access policy.

D. From the Azure Active Directory admin center, create a conditional access policy.

You have a Microsoft 365 subscription that contains several Microsoft SharePoint Online sites.You discover that users from your company can invite external users to access files on the SharePoint sites.You need to ensure that the company users can invite only authenticated guest users to the sites.What should you do? A. From the Microsoft 365 admin center, configure a partner relationship. B. From SharePoint Online Management Shell, run the Set-SPOSite cmdlet. C. From the Azure Active Directory admin center, configure a conditional access policy. D. From the SharePoint admin center, configure the sharing settings. Reveal Solution Discussion 7

D. From the SharePoint admin center, configure the sharing settings. Reveal Solution Discussion 7

Your network contains an on-premises Active Directory domain. The domain contains 2,000 computers that run Windows 10.You purchase a Microsoft 365 subscription.You implement password hash synchronization and Azure Active Directory (Azure AD) Seamless Single Sign-On (Seamless SSO).You need to ensure that users can use Seamless SSO from the Windows 10 computers.What should you do? A. Create a conditional access policy in Azure AD. B. Deploy an Azure AD Connect staging server. C. Join the computers to Azure AD. D. Modify the Intranet zone settings by using Group Policy

D. Modify the Intranet zone settings by using Group Policy

Your company has 10,000 users who access all applications from an on-premises data center.You plan to create a Microsoft 365 subscription and to migrate data to the cloud.You plan to implement directory synchronization.User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully.You discover that several user accounts fail to sync to Azure AD.You need to resolve the issue as quickly as possible.What should you do? A. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts. B. Run idfix.exe, and then click Complete. C. From Windows PowerShell, run the Start-AdSyncCycle ג€"PolicyType Delta command. D. Run idfix.exe, and then click Edit.

D. Run idfix.exe, and then click Edit.

Your on-premises network contains five file servers. The file servers host shares that contain user data.You plan to migrate the user data to a Microsoft 365 subscription.You need to recommend a solution to import the user data into Microsoft OneDrive.What should you include in the recommendation? A. Configure the settings of the OneDrive client on your Windows 10 device. B. Configure the Sync settings in the OneDrive admin center. C. Run the SharePoint Hybrid Configuration Wizard. D. Run the SharePoint Migration Tool.

D. Run the SharePoint Migration Tool.

You work for a company manages all their identities in the cloud.After acquiring a new domain name, you are tasked with making sure that the primary email address of all new mailboxes uses the new domain.Which of the following is the Microsoft Exchange Online PowerShell cmdlet that you should run? A. Update-EmailAddressPolicy B. Update-OfflineAddressBook C. Set-AddressBookPolicy D. Set-EmailAddressPolicy

D. Set-EmailAddressPolicy

You have an on-premises Microsoft Exchange Server organization that contains 100 mailboxes.You have a hybrid Microsoft 365 tenant.You run the Hybrid Configuration wizard and migrate the mailboxes to the tenant.You need to ensure that Microsoft 365 spam filtering is applied to incoming email.What should you do? A. Run the Hybrid Configuration wizard again. B. Update the Sender Policy Framework (SPF) TXT record to point to the on-premises Exchange IP address. C. Run the Azure Active Directory Connect wizard again. D. Update the MX record to point to Exchange Online.

D. Update the MX record to point to Exchange Online.

Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.The network uses a firewall that contains a list of allowed outbound domains.You begin to implement directory synchronization.You discover that the firewall configuration contains only the following domain names in the list of allowed domains:✑ *.microsoft.com*.office.comDirectory synchronization fails.You need to ensure that directory synchronization completes successfully.What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. From the firewall, allow the IP address range of the Azure data center for outbound communication. B. From Azure AD Connect, modify the Customize synchronization options task. C. Deploy an Azure AD Connect sync server in staging mode. D. From the firewall, create a list of allowed inbound domains. E. From the firewall, modify the list of allowed outbound domains.

E. From the firewall, modify the list of allowed outbound domains.

https://gyazo.com/5332af336d539a335002cf2cdf10f36b

https://gyazo.com/10e9fce758f7e519c27cf5028cbc4b52

https://gyazo.com/794a45662a14249b9d7b1b57769770c8

https://gyazo.com/111aeb32a6c3ee4d51d5f17766e81bd6

https://gyazo.com/d06136daf0bd083d5a7138f5bcf4fe93

https://gyazo.com/1338099ab3dbc33d14d58e242fe9a426

https://gyazo.com/04ebd8eefe1f2c8af7767744e4f229aa

https://gyazo.com/15f083b62a550248ec49c7b73a165fe8

https://gyazo.com/1d24b03887d03061a4625b42fb17f248

https://gyazo.com/16ca947b41826cbbe830db84bc13bd2b

Introductory InfoThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing Environment -Active Directory Environment -The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected] does NOT plan to implement identity federation.Network Infrastructure -Each office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as a DNS server.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.Requirements -Planned Changes -Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.Technical Requirements -Fabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application Requirements -Fabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security Requirements -Fabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.QuestionHOTSPOT -You create the Microsoft 365 tenant.You implement Azure AD Connect as shown in the following exhibit. https://gyazo.com/7a80f40826e804fd0b4b63258045a293

https://gyazo.com/194542818e4dc72c741bc1b182f3c2ad

https://gyazo.com/ded6a79a5c9ad6faa13cce2a14ef279d

https://gyazo.com/1e09884ff95fa223d3b5b5c70bcc1fce

https://gyazo.com/88c11370317e1674d8592808ce5a424a

https://gyazo.com/1fc182e51996e85ce1ef8d506c3a9587

https://gyazo.com/d5fb90633e7f2efa5e0b2dbb1a09e94f

https://gyazo.com/2600aa0c2594feb4bac1a90a0c61b786

https://gyazo.com/aca77e03bfd16f8c6212c51a9050b5dd

https://gyazo.com/27df7217569cb86b7afcfa1c70d26922

https://gyazo.com/8e76437ec44806431e95563535589328

https://gyazo.com/2bb50122c31e76aefbf8d2a701967718

https://gyazo.com/5845447d28e32b95ee0ecacf2dd91c33

https://gyazo.com/2e76ae7f590472da4a6f762baf7e3466

https://gyazo.com/0a61474d92067bd8ae031e933263e66c

https://gyazo.com/3327d336e771f1c981a240f603737c95

https://gyazo.com/96705cefd8209c4587ef07a77fd46065

https://gyazo.com/3f4efe191eff9ff9f12919117aef3748

https://gyazo.com/41ac9fec1e44e930706d4ad8e30cf2ee

https://gyazo.com/42a66b16914035d605e457b660540a97

https://gyazo.com/f61380d702760612fd1818408c22dfda

https://gyazo.com/476800f338ce044715047bf533c470ba

https://gyazo.com/921879564a3062392d67b9971f315fe0

https://gyazo.com/4a74ec49b5ac31a23b3257668013834e

https://gyazo.com/be27790fe282ce9293a4d30805113434

https://gyazo.com/52171f3723ec67ef8188aadd2ec46ecc

https://gyazo.com/14703fc9c9d84f12b01125b93428fdd8

https://gyazo.com/53440bb1bad7810f3a4678e6ab0f8baa

https://gyazo.com/daf80f0a02162c778da8b67abb9188e3

https://gyazo.com/53eec85fc50584efa314b661e9571be4

https://gyazo.com/cc55a6a211a62fc129a66f64186cfc40

https://gyazo.com/58680d4cfa3cf91f84b43350030c7bf9

https://gyazo.com/30218aec76179c11170e4af15d488e2e

https://gyazo.com/5f783196a859502efe7015dc3d7ca41e

https://gyazo.com/455167c398fcd88c8305f20f098b50c5

https://gyazo.com/62524d74cb4838714fb8c12c960e7249

Introductory InfoCase study -This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case study -To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.Overview -Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.The offices have the users and devices shown in the following table. https://gyazo.com/02a27069f97ca224b37ed8c1401c8101

https://gyazo.com/6aa65602f3fa4471f71409999e9e4395

https://gyazo.com/b654df73a0d8f1d4cffe1d05f396e8ea

https://gyazo.com/7f42384c08ce6fa9e39272153c7d6209

https://gyazo.com/5010e891a9978938e96d90967f60fb84

https://gyazo.com/813b8636c1c2576c25ec164a1a735a55

https://gyazo.com/5815cce01108811121038358ef94537b

https://gyazo.com/856fdaeebb56e2403d25d44d85cf50d6

https://gyazo.com/7e296452f0d937d0947dfcdf1aa9fdab

https://gyazo.com/8e9e724ab6fcc4ff4ccbd7a82dfff9c0

https://gyazo.com/09cc9b0a248fdb5bc9a55d669521c517

https://gyazo.com/8efe3c49badc7478322c2478bd5fcd3f

https://gyazo.com/2bf0e48d5c1aadd0323f122886448574

https://gyazo.com/9022bb3de249427878eee07ef203bf1e

https://gyazo.com/7a2ae462c10974eb40ac606117520992

https://gyazo.com/906e1f5255e63c317bf2355e1a0c83f3

https://gyazo.com/75c33e8e68bcbd374677d8191f3fb765

https://gyazo.com/93e0611d88bfdb0f049b5c3f92d91724

https://gyazo.com/ff28cc78d6fd3a2f288ed7bab3452ed6

https://gyazo.com/94524417be10719065044928f68d7677

https://gyazo.com/798b7206895f6fa12b3ef69b8ee5aa39

https://gyazo.com/974fe8fee47b7e490e0de3da9a398872

https://gyazo.com/6ce72e062fea81d7af2d827cadedd93f

https://gyazo.com/97b995e50725206312eb3d3982daa5fc

https://gyazo.com/ecc6ffb2806224c7a3abb806de0a4afa

https://gyazo.com/9bc3942c8571c755a36ca550218a91e4

https://gyazo.com/81e3083bce7d0469673662008ddba415

https://gyazo.com/9c66f0f0c6adf0b534dbbd80e87abdba

https://gyazo.com/1e133c8923dea958b85281315de0034f

https://gyazo.com/9ce34994963936f3c172bdd8dc238ecd

https://gyazo.com/f7cd90ea4f505df0eedfe87ee990e943

https://gyazo.com/9dd6ec7d44170519c2d79c47a7799c09

https://gyazo.com/0eb25e9e4df28976d03d45ffae2eceb5

https://gyazo.com/a48f8973cf10bf9129a6d3f51ee1c49d

https://gyazo.com/a273f915d02c7c9fdbaf9f3d50406c1a

https://gyazo.com/b7366c34fce475207f7b0950fa81be92

https://gyazo.com/8d976910dada9ff755025093f0f05a49

https://gyazo.com/bd212dc89ef993417c067110bac602e3

https://gyazo.com/5233af4f5ccb2652b65cfad263d892f6

https://gyazo.com/c827779754a3be206c1d840b7e1b57a9

https://gyazo.com/a711e89fa7b1ec04da3e339a7e699439

https://gyazo.com/cb03ba0dfc63df4cf993df8fcfaf1da0

https://gyazo.com/bfaf0b17c4480c8a59f2575266d21153

https://gyazo.com/cb9e386598275f94a04ab5f23bb513b5

https://gyazo.com/a26bdc30867b9cdd78338226853ed361

https://gyazo.com/def742f8979b6979cd7a0b8a9876e764

https://gyazo.com/e4554b05b632c73b2eb31a6303e66bae

https://gyazo.com/e56d340c0e1cb001eecba5199131cc71

Your network contains an Active Directory domain that spans a number of cities and a multitude of users.After acquiring Microsoft 365, you intend to deploy quite a few Microsoft 365 services.You want to make sure that pass-through authentication and seamless SSO can be used in your environment. You also decide that Azure AD Connect won't be configured to be in staging mode.With regards to redundancy limits, which of the following is the maximum amount of servers that can run Azure AD Connect? A. 1 B. 3 C. 5 D. 7

A. 1

You need to consider the underlined segment to establish whether it is accurate.Your company has deployed a Microsoft 365 tenant and to implemented multi-factor authentication.They have four offices, of which one houses the R&D department. You have been asked to make sure that multi-factor authentication is compulsory only for users in the office houses the R&D department.You create a conditional access policy.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. A. No adjustment required B. password protection C. DLP D. label

A. No adjustment required

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes four users. Two of the users are configured with the Global administrator, Password administrator roles respectively. A third user has both the Security administrator and the Guest inviter roles configured. The fourth user has no roles configured.Which of the following is the user that has the necessary permissions to create guest users? (Choose all that apply.) A. The user with the Global administrator role. B. The user with the Password administrator role. C. The user with the Security administrator and Guest inviter roles. D. The user with no roles.

A. The user with the Global administrator role. C. The user with the Security administrator and Guest inviter roles.

Your network contains an Active Directory domain named contoso.com. The domain contains 1000 Windows 8.1 devices.You plan to deploy a custom Windows 10 Enterprise image to the Windows 8.1 devices.You need to recommend a Windows 10 deployment method.What should you recommend? A. Wipe and load refresh B. Windows Autopilot C. a provisioning package D. an in-place upgrade

A. Wipe and load refresh

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.After acquiring a Microsoft 365 Enterprise subscription, you are tasked with migrating your company's Microsoft Exchange Server 2016 mailboxes and groups toExchange Online.You have started a new migration batch. You, subsequently, receive complaints from on-premises Exchange Server users about slow performance.Your analysis shows that the issue has resulted from the migration. You want to make sure that the effect the mailbox migration has on users is decreased.Solution: You modify the migration endpoint settings.Does the solution meet the goal? A. Yes B. No

A. Yes

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company currently has an on-premises Active Directory forest.You have been tasked with assessing the application of Microsoft 365 and the utilization of an authentication strategy.You have been informed that the authentication strategy should permit sign in via smart card-based certificates, and also permitting the use of SSO to connect to on-premises and Microsoft 365 services.Solution: You recommend the use of federation with Active Directory Federation Services (AD FS) as the authentication strategy.Does the solution meet the goal? A. Yes B. No

A. Yes

You have previously accessed the Security & Compliance admin center to upload a number of archive PST files to Microsoft 365.When you try to run an import job for the PST files 45 days later, you find that they have been removed from Microsoft 365.Which of the following is the number of days that Microsoft 365 retains PST file before deleting them automatically? A. 1 day. B. 30 days. C. 15 days. D. 45 days.

B. 30 days.

Your company has a Microsoft Azure Active Directory (Azure AD) tenant with multi-factor authentication enabled.You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON.A tenant user has submitted a fraud alert for his account.Which of the following is the length of time that the user's account will automatically be blocked for? A. 24 hours B. 90 days C. 1 month D. 1 week

B. 90 days

You have recently created a Microsoft 365 Enterprise subscription and assigned all users licenses for all products.You want to configure all Microsoft Office 365 ProPlus installations to be done via a network share. You also want to make sure that users are prevented from using the Internet to install Office 365 ProPlus.Which of the following is the type of file that you should create?NOTE: Each correct selection is worth one point. A. An HTML download file. B. An XML download file. C. An HTTP download file. D. An EXE download file.

B. An XML download file.

Your company's Microsoft 365 tenant includes Microsoft Exchange Online.You have been tasked with enabling calendar sharing with a partner organization, who also has a Microsoft 365 tenant.You have to make sure that users in the partner organization has access to the calendar of every user instantly.Which of the following actions should you take? A. Configure a conditional access policy via Exchange admin center. B. Configure a new organization relationship via Exchange admin center. C. Configure the sharing settings via Exchange admin center. D. Run the Set-SPOSite cmdlet. Hide Solution Discussion 3

B. Configure a new organization relationship via Exchange admin center.

Your network contains an Active Directory forest named adatum.local. The forest contains 500 users and uses adatum.com as a UPN suffix.You deploy a Microsoft 365 tenant.You implement directory synchronization and sync only 50 support users.You discover that five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com.You need to ensure that all synchronized identities retain the UPN set in their on-premises user account.What should you do? A. From the Microsoft 365 admin center, add adatum.com as a custom domain name. B. From Windows PowerShell, run the Set-ADDomain ג€"AllowedDNSSuffixes adatum.com command. C. From Active Directory Users and Computers, modify the UPN suffix of the five user accounts. D. From the Microsoft 365 admin center, add adatum.local as a custom domain name.

C. From Active Directory Users and Computers, modify the UPN suffix of the five user accounts.

https://gyazo.com/84af9bba3ce1a0ad54179aad1763dbaa

E. 72 hours

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: 3&YWyjse-6-dIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:Lab Instance: 10887751 -You plan to create 1,000 users in your Microsoft 365 subscription.You need to ensure that all the users can use the @contoso.com suffix in their username.Another administrator will perform the required information to your DNS zone to complete the operation.

You need to add the contoso.com domain to Microsoft 365 then set the domain as the default.1. In the Admin Center, click Setup then click Domains.2. Click the ג€˜Add Domainג€™ button.3. Type in the domain name (contoso.com) and click the ג€˜Use this domainג€™ button.4. The question states that another administrator will perform the required information to your DNS zone. Therefore, you just need to click the ג€˜Verifyג€™ button to verify domain ownership.5. Click Finish.6. In the domains list, select the contoso.com domain.7. Select ג€˜Set as defaultג€™.References:https://docs.microsoft.com/en-us/office365/admin/setup/add-domain?view=o365-worldwide

https://gyazo.com/d308aa2c3a9098dc89645d9106a9f54f

https://gyazo.com/0b4a7d386f850d3a10b65f74f495befc

https://gyazo.com/f9883dcffc4e3668fd0bcde5bd5e24b6

https://gyazo.com/c3d487f504ac4796bc460a2d47cc9c1c

https://gyazo.com/1cc4665f8de153067e697f62330d60f7

https://gyazo.com/ddbdebd8da489166e64241eb88ff342d

Your company has a Microsoft 365 E3 subscription.All devices run Windows 10 Pro and are joined to Microsoft Azure Active Directory (Azure AD).You need to change the edition of Windows 10 to Enterprise the next time users sign in to their computer. The solution must minimize downtime for the users.What should you use? A. Subscription Activation B. Windows Update C. Windows Autopilot D. an in-place upgrade

A. Subscription Activation

Your network contains an on-premises Active Directory domain.Your company has a security policy that prevents additional software from being installed on domain controllers.You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).What should you do? More than once choice may achieve the goal. Select the BEST answer. A. Deploy an Azure ATP standalone sensor, and then configure port mirroring. B. Deploy an Azure ATP standalone sensor, and then configure detections. C. Deploy an Azure ATP sensor, and then configure detections. D. Deploy an Azure ATP sensor, and then configure port mirroring.

A. Deploy an Azure ATP standalone sensor, and then configure port mirroring.

You have a Microsoft 365 subscription.You suspect that several Microsoft Office 365 applications or services were recently updated.You need to identify which applications or services were recently updated.What are two possible ways to achieve the goal? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. From the Microsoft 365 admin center, review the Message center blade. B. From the Office 365 Admin mobile app, review the messages. C. From the Microsoft 365 admin center, review the Products blade. D. From the Microsoft 365 admin center, review the Service health blade.

A. From the Microsoft 365 admin center, review the Message center blade. B. From the Office 365 Admin mobile app, review the messages.

You need to consider the underlined segment to establish whether it is accurate.Your company has recently acquired a new sales application.You navigate to the Discovered apps page in Cloud Discovery via Microsoft Cloud App Security to check the application's score. You then notice that a number of the applications have a low score as a result of omitted domain registration and consumer popularity data.You want to make sure that the score is not affected by the omitted data.You have to configure app tags via the Cloud Discover settingsSelect `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.What should you configure from the? A. No adjustment required B. a label C. App Connector flow D. a custom key

A. No adjustment required

You need to consider the underlined segment to establish whether it is accurate.You have been tasked with deploying a Windows 10 Enterprise image to a large number of Windows 8.1 devices. These devices are joined to an Active Directory domain.You use the in-place upgrade Windows 10 deployment method for the task.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.What should you recommend? A. No adjustment required. B. Windows Autopilot C. Windows Update D. Azure AD Connect

A. No adjustment required.

Your company has configured all user email to be stored in Microsoft Exchange Online.You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.Solution: You start by creating a label and label policy via the Security & Compliance admin center.Does the solution meet the goal? A. Yes B. No

A. Yes

You have a Microsoft 365 tenant that contains Microsoft Exchange Online.You plan to enable calendar sharing with a partner organization named adatum.com. The partner organization also has a Microsoft 365 tenant.You need to ensure that the calendar of every user is available to the users in adatum.com immediately.What should you do? A. From the Exchange admin center, create a sharing policy. B. From the Exchange admin center, create a new organization relationship. C. From the Microsoft 365 admin center, modify the Organization profile settings. D. From the Microsoft 365 admin center, configure external site sharing. Reveal Solution Discussion 12

B. From the Exchange admin center, create a new organization relationship.

Your network contains an on-premises Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.The on-premises network contains a file server named Server1. Server1 has a share named Share1 that contains company documents.Your company purchases a Microsoft 365 subscription.You plan to migrate data from Share1 to Microsoft 365. Only data that was created or modified during the last three months will be migrated.You need to identify all the files in Share1 that were modified or created during the last 90 days.What should you use? A. Server Manager B. Microsoft SharePoint Migration Tool C. Resource Monitor D. Usage reports from the Microsoft 365 admin center

B. Microsoft SharePoint Migration Tool Oh baby

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company currently has an on-premises Active Directory forest.You have been tasked with assessing the application of Microsoft 365 and the utilization of an authentication strategy.You have been informed that the authentication strategy should permit sign in via smart card-based certificates, and also permitting the use of SSO to connect to on-premises and Microsoft 365 services.Solution: You recommend the use of pass-through authentication and seamless SSO with password hash synchronization as the authentication strategy.Does the solution meet the goal? Yes or no?

B. No

Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.Solution: You configure the use of pass-through authentication and seamless SSO.Does the solution meet the goal? A. Yes B. No

B. No

Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.Solution: You configure the use of password hash synchronization only.Does the solution meet the goal? A. Yes B. No

B. No

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes four users that are configured with the Privileged role administrator, the User administrator, the Security administrator, and the Billing administrator roles respectively.A security group has been included in the tenant for the purpose of managing administrative accounts.Which of the four roles can be used to create a guest user account? A. The Privileged role administrator role. B. The User administrator role. C. The Security administrator role. D. The Billing administrator role. Hide Solution

B. The User administrator role.

You have been tasked with migrating your company's on-premises Microsoft Exchange Server 2013 organization to Microsoft 365.You plan to make use of the cutover migration method.Which of the following is the maximum recommended number of mailboxes that you should migrate? A. 2000 B. 1000 C. 150 D. 75

C. 150

Your company has an on-premises Microsoft Exchange Server 2016 organization and a Microsoft 365 Enterprise subscription.You plan to migrate mailboxes and groups to Exchange Online.You start a new migration batch.Users report slow performance when they use the on-premises Exchange Server organization.You discover that the migration is causing the slow performance.You need to reduce the impact of the mailbox migration on the end-users.What should you do? A. Create a mail flow rule. B. Configure back pressure. C. Modify the migration endpoint settings. D. Create a throttling policy.

C. Modify the migration endpoint settings.

You recently migrated your on-premises email solution to Microsoft Exchange Online and are evaluating which licenses to purchase.You want the members of two groups named IT and Managers to be able to use the features shown in the following table.The IT group contains 50 users. The Managers group contains 200 users.You need to recommend which licenses must be purchased for the planned solution. The solution must minimize licensing costs.Which licenses should you recommend? A. 250 Microsoft 365 E3 only B. 50 Microsoft 365 E3 and 200 Microsoft 365 E5 C. 250 Microsoft 365 E5 only D. 200 Microsoft 365 E3 and 50 Microsoft 365 E5

D. 200 Microsoft 365 E3 and 50 Microsoft 365 E5

Your company has a Microsoft 365 subscription.You have previously created a group that includes users who send email messages to external users on a regular basis. The group's manager would like to group wants to examine messages that include attachments at random.You are required to make sure that the manager can achieve his goal, but only make ten out of a hundred messages accessible to him.You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.Which of the following should you create? A. A label policy. B. A conditional access policy. C. A DLP policy. D. A supervisor policy.

D. A supervisor policy.

Your company has a Microsoft 365 subscription.You have been tasked with configuring external collaboration settings for your company's Microsoft Azure Active Directory (Azure AD) tenant.You want to make sure that authorized users are able to create guest users in the tenant.Which of the following actions should you take?Which setting should you modify? A. You should make sure that the Guests can invite setting is set to NO. B. You should make sure that the Guest users permissions are limited setting is set to Yes. C. You should make sure that the Members can invite setting is set to NO. D. You should make sure that the Admins and users in the guest inviter role can invite setting is set to Yes.

D. You should make sure that the Admins and users in the guest inviter role can invite setting is set to Yes.

https://gyazo.com/704848624bb417a308643f55857a0180 You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.What should you configure? A. an action B. a group C. a condition D. an exception

D. an exception

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username:[email protected] 365 Password: oL9z0=?Nq@oxIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:

You need to edit the Data Loss Prevention Policy to disable the email notifications.1. Go to https://protection.office.com or navigate to the Security & Compliance admin center.2. In the left navigation pane, expand Data Loss Protection and select Policy.3. Select the Data Loss Prevention policy and click the Edit Policy button.4. Click Policy Settings in the left navigation pane of the policy.5. Select the policy rule and click the Edit Rule button.6. Scroll down to the ג€˜User notificationsג€™ section.7. Toggle the slider labelled ג€Use Notifications to inform usersג€¦.ג€ to Off.8. Click Save to save the changes to the policy rule.9. Click Save to save the changes to the policy.

Your company has a Microsoft 365 subscription.You need to identify all the users in the subscription who are licensed for Microsoft Office 365 through a group membership. The solution must include the name of the group used to assign the license.What should you use? A. the Licenses blade in the Azure portal B. Reports in the Microsoft 365 admin center C. Active users in the Microsoft 365 admin center D. Reports in Security & Compliance admin center

A. the Licenses blade in the Azure portal

Your company has on-premises servers and a Microsoft Azure Active Directory (Azure AD) tenant.Several months ago, the Azure AD Connect Health agent was installed on all the servers.You review the health status of all the servers regularly.Recently, you attempted to view the health status of a server named Server1 and discovered that the server is NOT listed on the Azure Active Directory ConnectServers list.You suspect that another administrator removed Server1 from the list.You need to ensure that you can view the health status of Server1.What are two possible ways to achieve the goal? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. From Windows PowerShell, run the Register-AzureADConnectHealthSyncAgent cmdlet. B. From Azure Cloud shell, run the Connect-AzureAD cmdlet. C. From Server1, change the Azure AD Connect Health services Startup type to Automatic (Delayed Start). D. From Server1, change the Azure AD Connect Health services Startup type to Automatic. E. From Server1, reinstall the Azure AD Connect Health agent.

A. From Windows PowerShell, run the Register-AzureADConnectHealthSyncAgent cmdlet. E. From Server1, reinstall the Azure AD Connect Health agent.

Your company uses on-premises Windows Server File Classification Infrastructure 9FCI). Some documents on the on-premises file servers are classifies asConfidential.You migrate the files from the on-premises file servers to Microsoft SharePoint Online.You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification.What should you do first? A. From the SharePoint admin center, create a managed property. B. From the SharePoint admin center, configure hybrid search. C. From the Security & Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet. D. From the Security & Compliance Center PowerShell, run the New-DataClassification cmdlet.

A. From the SharePoint admin center, create a managed property.

After your company migrates their on-premises email solution to Microsoft Exchange Online, you are tasked with assessing which licenses to acquire.You are informed that licenses acquired for the company's IT and Managers groups should allow for the following:✑ The IT group needs to have access to the Microsoft Azure Active Directory (Azure AD) Privileged Identity Management.✑ Both the IT and Managers groups should have access to Microsoft Azure Active Directory (Azure AD) conditional access.You need to make sure that the licensing costs are kept to a minimum.Which two of the following options should you recommend? (Choose two.) A. You should acquire Microsoft 365 E3 licenses for the Managers group members. B. You should acquire Microsoft 365 E5 licenses for the Managers group members. C. You should acquire Microsoft 365 E3 licenses for the IT group members. D. You should acquire Microsoft 365 E5 licenses for the Managers group members.

A. You should acquire Microsoft 365 E3 licenses for the Managers group members.

Your company has two offices. The offices are located in Seattle and New York.The company uses a third-party email system.You implement Microsoft 365.You move all the users in the Seattle office to Exchange Online. You configure Microsoft 365 to successfully receive all the email messages sent to the Seattle office users.All the users in the New York office continue to use the third-party email system.The users use the email domains shown in the following table.You need to ensure that all the email messages sent to the New York office users are delivered successfully. The solution must ensure that all the email messages for the users in both offices are routed through Microsoft 365.You create the required DNS records and Send connectors.What should you do next from Microsoft 365? A. From the Microsoft 365 admin center, set the default domain. From the Exchange admin center, create a transport rule for all the email messages sent to adatum.com. B. From the Microsoft 365 admin center, add the adatum.com domain. From the Exchange admin center, configure adatum.com as an internal relay domain. C. From the Microsoft 365 admin center, add the adatum.com domain. From the Exchange admin center, configure adatum.com as an authoritative domain. D. From the Microsoft 365 admin center, set the default domain. From the Exchange admin center, configure adatum.com as a remote domain.

B. From the Microsoft 365 admin center, add the adatum.com domain. From the Exchange admin center, configure adatum.com as an internal relay domain.

Note: The question is included in a number of questions that depicts the identical set-up. However, every question has a distinctive result. Establish if the solution satisfies the requirements.Your company currently has an on-premises Active Directory forest.You have been tasked with assessing the application of Microsoft 365 and the utilization of an authentication strategy.You have been informed that the authentication strategy should permit sign in via smart card-based certificates, and also permitting the use of SSO to connect to on-premises and Microsoft 365 services.Solution: You recommend the use of password hash synchronization and seamless SSO as the authentication strategy.Does the solution meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use Dashboard in Security & Compliance.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your company has a Microsoft Office 365 tenant.You suspect that several Office 365 features were recently updated.You need to view a list of the features that were recently updated in the tenant.Solution: You use Monitoring and reports from the Compliance admin center.Does this meet the goal? A. Yes B. No

B. No

Your company uses email, calendar, contact, and task services in Microsoft Outlook.com.You purchase a Microsoft 365 subscription and plan to migrate all users from Outlook.com to Microsoft 365.You need to identify which user data can be migrated to Microsoft 365.Which type of data should you identify? A. task B. email C. calendar D. contacts

B. email

our company has a Microsoft 365 subscription. All identities are managed in the cloud.The company purchases a new domain name.You need to ensure that all new mailboxes use the new domain as their primary email address.What are two possible ways to achieve the goal? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point. A. Run the Update-EmailAddressPolicy Windows PowerShell command B. From the Exchange admin center, select mail flow, and then configure the email address policies. C. From the Microsoft 365 admin center, select Setup, and then configure the domains. D. Run the Set-EmailAddressPolicy Windows PowerShell command. E. From the Azure Active Directory admin center, configure the custom domain names.

C. From the Microsoft 365 admin center, select Setup, and then configure the domains. E. From the Azure Active Directory admin center, configure the custom domain names.

You need to consider the underlined segment to establish whether it is accurate.You company has a Microsoft 365 subscription.To prevent your company from receiving phishing email messages, create a new mail flow rule.Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option. A. No adjustment required B. Label policy. C. Threat management policy. D. Spam filter policy.

C. Threat management policy.

You use Microsoft System Center Configuration manager (Current Branch) to manage devices.Your company uses the following types of devices:✑ Windows 10✑ Windows 8.1✑ Android✑ iOSWhich devices can be managed by using co-management? A. Windows 10 and Windows 8.1 only B. Windows 10, Android, and iOS only C. Windows 10 only D. Windows 10, Windows 8.1, Android, and iOS

C. Windows 10 only

Your company has an Enterprise E5 subscription of Microsoft 365.You have been tasked with making sure that sales department users are compelled to make use of multi-factor authentication for all cloud-based applications.Which of the following actions should you take? A. You should create an DLP. B. You should create a new app registration. C. You should create a session policy. D. You should create a sign-in risk policy.

D. You should create a sign-in risk policy.

Your company has a Microsoft Office 365 subscription with a number of Microsoft SharePoint Online sites.Currently, users are able to invite external users to access files on the SharePoint sites. You are tasked with making sure that users are only able to authenticated guest users to the SharePoint sites.Which of the following actions should you take? A. You should create a threat management policy via the Security & Compliance admin center. B. You should run the Set-SPOSite cmdlet. C. You should run the Add-SPOUser cmdlet. D. You should modify the sharing settings via the SharePoint admin center.

D. You should modify the sharing settings via the SharePoint admin center.

You have a Microsoft 365 subscription.You configure a data loss prevention (DLP) policy.You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.You need to prevent the users from bypassing the DLP policy.What should you configure? A. actions B. exceptions C. incident reports D. user overrides

D. user overrides

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes four users. Two of the users are configured with the Global administrator, Password administrator roles respectively. A third user has both the Security administrator and the Guest inviter roles configured. The fourth user has no roles configured.Which of the following is the user that has the necessary permissions to alter the password protection policy? (Choose all that apply.) A. The user with the Global administrator role. B. The user with the Password administrator role. C. The user with the Security administrator and Guest inviter roles. D. The user with no roles.

A. The user with the Global administrator role. C. The user with the Security administrator and Guest inviter roles.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).You configure a pilot for co-management.You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.Solution: You add Device1 to an Active Directory group.Does this meet the goal? A. Yes B. No

B. No

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).You configure a pilot for co-management.You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.Solution: You create a device configuration profile from the Intune admin center.Does this meet the goal? A. Yes B. No

B. No

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States.You plan to onboard all the devices to Windows Defender ATP data in Europe.What should you do first? A. Create a workspace B. Offboard the test devices C. Delete the workspace D. Onboard a new device

B. Offboard the test devices

After your company acquires a Microsoft 365 subscription, they instruct you to move all email data from their corporate Gmail to Microsoft Exchange Online.The migration will be done via the Exchange admin center.Which of the following is TRUE with regards to the data included in the migration? A. All data will be migrated. B. Only email data will be migrated. C. Email and task data will be migrated. D. Email and contact data will be migrated.

B. Only email data will be migrated.

Your company has a Microsoft 365 subscription.After implementing Active Directory Federation Services (AD FS), you are instructed to configure AD FS user authentication auditing.You are preparing to run the Register-AzureADConnectHealthSyncAgent cmdlet.Which of the following is the server that the cmdlet should be run from?NOTE: Each correct selection is worth one point. A. A member server. B. A domain controller. C. An Azure AD Connect server. D. An AD FS server.

C. An Azure AD Connect server.

SIMULATION -Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.You may now click next to proceed to the lab.Lab information -Use the following login credentials as needed:To enter your username, place your cursor in the Sign in box and click on the username below.To enter your password, place your cursor in the Enter password box and click on the password below.Microsoft 365 Username: [email protected] 365 Password: m3t^We$Z7&xyIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.The following information is for technical support purposes only:

Correct Answer: See explanation below.You need to modify the default remote domain. When you add a remote domain, you specify the domain name and the settings apply to that domain. The default remote domain applies to all other domains. Therefore, we need to disable Out of Office replies for external users in the settings of the default remote domain.1. Go to the Exchange Admin Center.2. Click Mail Flow in the left navigation pane.3. Click on Remote Domains.4. Select the default remote domain and click the Edit icon (pencil icon).5. In the ג€˜Out of Office automatic reply typesג€™ section, select ג€˜Noneג€™.6. Click Save to save to changes to the default remote domain.

Your network contains an Active Directory domain that spans a number of cities and a multitude of users.After acquiring Microsoft 365, you intend to deploy quite a few Microsoft 365 services.You want to make sure that pass-through authentication and seamless SSO can be used in your environment. You also decide that Azure AD Connect won't be configured to be in staging mode.With regards to redundancy limits, which of the following is the most amount of servers that can run standalone Authentication Agents? A. 7 B. 9 C. 11 D. 13

D. 13

Your company has a main office and 20 branch offices in North America and Europe. Each branch connects to the main office by using a WAN link. All the offices connect to the Internet and resolve external host names by using the main office connections.You plan to deploy Microsoft 365 and to implement a direct Internet connection in each office.You need to recommend a change to the infrastructure to provide the quickest possible access to Microsoft 365 services.What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer. A. For all the client computers in the branch offices, modify the MTU setting by using a Group Policy object (GPO). B. In each branch office, deploy a proxy server that has user authentication enabled. C. In each branch office, deploy a firewall that has packet inspection enabled. D. In the branch offices, configure name resolution so that all queries for external host names are redirected to public DNS servers directly.

D. In the branch offices, configure name resolution so that all queries for external host names are redirected to public DNS servers directly.

You have been tasked with enable Microsoft Azure Information Protection for your company's Microsoft 365 subscription.You are informed that only the members of a group, named Group1, are able to protect content. To achieve your goal, you plan to run a PowerShell cmdlet.Which of the following is the cmdlet you should run? A. The Add-AadrmRoleBaseAdministrator cmdlet. B. The Set-AadrmDoNotTrackUserGroup cmdlet. C. The Clear-AadrmSuperUserGroup cmdlet. D. The Set-AadrmOnboardingControlPolicy cmdlet. Hide Solution Discussion 1

D. The Set-AadrmOnboardingControlPolicy cmdlet. Hide Solution Discussion 1


Conjuntos de estudio relacionados

Prep U- Chapter: 29- Medications

View Set

Chapters 4, 10, 14, Driver's Education

View Set

Leadership and Management Test #3

View Set

Chapter 1: The Criminal Justice System

View Set