MS 101 - Topic 3 113Q
Enrollment restrictions - Windows Enrollment
HOTSPOT - You have a Microsoft 365 subscription. All users are assigned Microsoft Azure Active Directory Premium licenses. From the Device Management admin center, you set Microsoft Intune as the MDM authority. You need to ensure that when the members of a group named Marketing join a device to Azure Active Directory (Azure AD), the device is enrolled automatically in Intune. The Marketing group members must be limited to five devices enrolled in Intune. Which two options should you use to perform the configurations? To answer, select the appropriate blades in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Security Reader - Security Admin
HOTSPOT - You have a Microsoft 365 subscription. You are configuring permissions for Security & Compliance. You need to ensure that the users can perform the tasks shown in the following table.
MAM user scope - App protection policy
HOTSPOT - You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. Your company implements Windows Information Protection (WIP). You need to modify which users and applications are affected by WIP. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
No, Yes, Yes
HOTSPOT -A user named User1 has files in Microsoft OneDrive as shown in the following table.
Set-RetentionCompliancePolicy - Identity "Polivy1" -RestrictiveRetention $true
HOTSPOT -From the Microsoft 365 compliance center, you create a retention policy named Policy1.You need to prevent all users from disabling the policy or reducing the retention period.How should you configure the Azure PowerShell command? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Set-RetentionComplaincePolicy-Identity "Policy1 -RestrictiveRetention $true
HOTSPOT -From the Security & Compliance admin center, you create a retention policy named Policy1.You need to prevent all users from disabling the policy or reducing the retention period.How should you configure the Azure PowerShell command? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Exchange email - either a credit care number or the 1 year label applied
HOTSPOT -You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.
1. The message is NOT delivered - Mailbox intelligence
HOTSPOT -You configure an anti-phishing policy as shown in the following exhibit.
Set-AdminAuditLogConfig - -UnifiedAuditLogingestionEnabled
HOTSPOT -You create a Microsoft 365 subscription.Your companyג€™s privacy policy states that user activities must NOT be audited.You need to disable audit logging in Microsoft 365.How should you complete the command? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
User 2, 3, 4 - for both
HOTSPOT -You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
90 Days - 365 Days
HOTSPOT -You have a Microsoft 365 E5 subscription that contains two users named Admin1 and Admin2.All users are assigned a Microsoft 365 Enterprise E5 license and auditing is turned on.You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)
Modify the defender settings: Microsoft Defender Antimalware Microsoft Defender Antimalware security intelligence up-to-date Real-time protection
HOTSPOT -You have a Microsoft 365 E5 tenant that contains 500 Windows 10 devices and a Windows 10 compliance policy.You deploy a third-party antivirus solution to the devices.You need to ensure that the devices are marked as compliant.Which three settings should you modify in the compliance policy? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
No, No, Yes
HOTSPOT -You have a Microsoft 365 E5 tenant that contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.
Marked as compliant - prevented from accessing company resources
HOTSPOT -You have a Microsoft 365 E5 tenant.You configure a device compliance policy as shown in the following exhibit.
1. Yes, No, No
HOTSPOT -You have a Microsoft 365 E5 tenant.You have a sensitivity label configured as shown in the Sensitivity label exhibit. (Click the Sensitivity label tab.)
5 -2
HOTSPOT -You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 has the files shown in the following table.
No, Yes, No
HOTSPOT -You have a Microsoft 365 subscription that contains all the user data.You plan to create the retention policy shown in the Choose Locations exhibit. (Click the Choose Locations tab.)
Yes, No, Yes
HOTSPOT -You have a Microsoft 365 subscription that contains the users shown in the following table.
Blocked - Message blocked
DRAG DROP -You have a Microsoft 365 subscription.In the Exchange admin center, you have a data loss prevention (DLP) policy named Policy1 that has the following configurations:✑ Block emails that contain financial data.✑ Display the following policy tip text: Message blocked.From the Microsoft 365 compliance center, you create a DLP policy named Policy2 that has the following configurations:✑ Use the following location: Exchange email.✑ Display the following policy tip text: Message contains sensitive data.✑ When a user sends an email, notify the user if the email contains health records.What is the result of the DLP policies when the user sends an email? To answer, drag the appropriate results to the correct scenarios. Each result may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.NOTE: Each correct selection is worth one point.Select and Place:
Install the MS Rights Management connector or Server2 - Authorize Server 1 - Run GetConnectorConfig.ps1 on Server1
DRAG DROP -Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD). The domain contains the servers shown in the following table.
No, Yes, No
HOTSPOT -You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.
No, No, No
HOTSPOT -You have a Microsoft 365 subscription that uses a default domain named contoso.com.Three files were created on February 1, 2019, as shown in the following table.
Communication compliance policy (supervision policy is depreciated) - Outlook Web app
HOTSPOT -You have a Microsoft 365 subscription.You have a group named Support. Users in the Support group frequently send email messages to external users.The manager of the Support group wants to randomly review messages that contain attachments.You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Show results for all activities - Details
HOTSPOT -You have a Microsoft 365 subscription.Your network uses an IP address space of 51.40.15.0/24.An Exchange Online administrator recently created a role named Role1 from a computer on the network.You need to identify the name of the administrator by using an audit log search.For which activities should you search and by which field should you filter in the audit log search? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Yes, No, No
HOTSPOT -You have a Microsoft 365 tenant named contoso.com. The tenant contains the users shown in the following table.
Yes, Yes, No
HOTSPOT -You have a Microsoft 365 tenant that contains the compliance policies shown in the following table.
Group 1,2,3 - Group 3,4
HOTSPOT -You have a Microsoft 365 tenant that contains the groups shown in the following table.
No, No, Yes
HOTSPOT -You have a Microsoft 365 tenant that has Enable Security defaults set to No in Azure Active Directory (Azure AD).The tenant has two Compliance Manager assessments as shown in the following table.
No, Yes, No
HOTSPOT -You have a Microsoft 365 tenant.You create a retention label as shown in the Retention Label exhibit. (Click the Retention Label tab.)
Excel - XLSX
HOTSPOT -You have a Microsoft 365 tenant.You need to create a custom Compliance Manager assessment template.Which application should you use to create the template, and in which file format should the template be saved? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Deleted 7 years after created - some data may be deleted immediately
HOTSPOT -You have a Microsoft 365 tenant.You plan to create a retention policy as shown in the following exhibit.
No, Yes, No
HOTSPOT -You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.A user named User1 has files on a Windows 10 device as shown in the following table.
1. App 1, 2, 3 - App 3 Only
HOTSPOT -You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.You have three applications named App1, App2, and App3. The apps use files that have the same file extensions.Your company uses Windows Information Protection (WIP). WIP has the following configurations:✑ Windows Information Protection mode: Silent✑ Protected apps: App1✑ Exempt apps: App2From App1, you create a file named File1.What is the effect of the configurations? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Yes, No, Yes
HOTSPOT -You have a Microsoft Azure Active Directory (Azure AD) tenant named sk180818.onmicrosoft.com. The tenant contains the users shown in the following table.
eDiscovery Manager - eDiscovery
HOTSPOT -You have a Microsoft Office 365 subscription.You need to delegate eDiscovery tasks as shown in the following table.
Change the AND to OR
HOTSPOT -You have a data loss prevention (DLP) policy.You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM).The solution must minimize the number of false positives.Which two settings should you modify? To answer, select the appropriate settings in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
30 Days - 30 Days
HOTSPOT -You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit.
Oct 10 - Oct 10
HOTSPOT -You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2.On September 5, 2019, you create and enforce a terms of use (ToU) in the tenant. The ToU has the following settings:✑ Name: Terms1✑ Display name: Terms1 name✑ Require users to expand the terms of use: Off✑ Require users to consent on every device: Off✑ Expire consents: On✑ Expire starting on: October 10, 2019✑ Frequency: MonthlyUser1 accepts Terms1 on September 5, 2019. User2 accepts Terms1 on October 5, 2019.When will Terms1 expire for the first time for each user? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.Hot Area:
Yes, Yes, No
HOTSPOT -You have retention policies in Microsoft 365 as shown in the following table.
Yes, No, Yes
HOTSPOT -Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
Yes, No, Yes
HOTSPOT -Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.The company stores 2 TBs of data in SharePoint Online document libraries.The tenant has the labels shown in the following table.
Allowed- Blocked but user can override
HOTSPOT -Your company is based in the United Kingdom (UK).Users frequently handle data that contains Personally Identifiable Information (PII).You create a data loss prevention (DLP) policy that applies to users inside and outside the company. The policy is configured as shown in the following exhibit.
Yes, Yes, No
HOTSPOT -Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in the following table.
an exception
In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.)
the locations of the DLP policy
You are testing a data loss prevention (DLP) policy to protect the sharing of credit card information with external users.During testing, you discover that a user can share credit card information with external users by using email. However, the user is prevented from sharing files that contain credit card information by using Microsoft SharePoint Online.You need to prevent the user from sharing the credit card information by using email and SharePoint.What should you configure?
-An administrator creates a new Microsoft SharePoint site collection. - An administrator creates a new mail flow rule. -A user shares a Microsoft SharePoint folder with an external user.
You create a new Microsoft 365 subscription and assign Microsoft 365 E3 licenses to 100 users.From the Security & Compliance admin center, you enable auditing.You are planning the auditing strategy.Which three activities will be audited by default? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
You deploy Microsoft Azure Information Protection.You need to ensure that a security administrator named SecAdmin1 can always read and inspect data protected by Azure Rights Management (Azure RMS).What should you do?
You deploy Microsoft Azure Information Protection.You need to ensure that a security administrator named SecAdmin1 can always read and inspect data protected by Azure Rights Management (Azure RMS).What should you do?
Admin1 and Admin3 only
You enable the Azure AD Identity Protection weekly digest email.You create the users shown in the following table.
Device1, Device2, Device3, and Device6
You have a Microsoft 365 E5 subscription.Users have the devices shown in the following table.
Exchange emails only
You have a Microsoft 365 E5 subscription.You run an eDiscovery search that returns the following Azure Rights Management (Azure RMS) ג€" encrypted content:✑ Microsoft Exchange emails✑ Microsoft OneDrive documents✑ Microsoft SharePoint documentsWhich content can be decrypted when you export the eDiscovery search results?
Insider Risk Management Investigators
You have a Microsoft 365 E5 tenant that contains a user named User1. You plan to implement insider risk management. You need to ensure that User1 can perform the following tasks: ✑ Review alerts. ✑ Manage cases .✑ Create notice templates. ✑ Review user emails by using Content explorer. The solution must use the principle of least privilege. To which role group should you add User1?
Account1, Site1, and Channel1 only
You have a Microsoft 365 E5 tenant that contains the resources shown in the following table
2
You have a Microsoft 365 E5 tenant. Users store data in the following locations: Microsoft Teams - ✑ Microsoft OneDrive ✑ Microsoft Exchange Online ✑ Microsoft SharePoint Online You need to retain Microsoft 365 data for two years. What is the minimum number of retention policies that you should create?
Create a new label policy
You have a Microsoft 365 E5 tenant.You create a retention label named Retention1 as shown in the following exhibit.
Run the policy in simulation mode
You have a Microsoft 365 E5 tenant.You create an auto-labeling policy to encrypt emails that contain a sensitive info type. You specify the locations where the policy will be applied.You need to deploy the policy.What should you do first?
a data loss prevention (DLP) policy & a communication compliance policy
You have a Microsoft 365 E5 tenant.You need to be notified when emails with attachments that contain sensitive personal data are sent to external recipients.Which two policies can you use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.
an auto-labeling policy
You have a Microsoft 365 E5 tenant.You need to ensure that when a document containing a credit card number is added to the tenant, the document is encrypted.Which policy should you use?
Create an assessment based on the EU GDPR assessment template
You have a Microsoft 365 E5 tenant.You need to evaluate compliance with European Union privacy regulations for customer data.What should you do in the Microsoft 365 compliance center?
XLSX
You have a Microsoft 365 E5 tenant.You plan to create a custom Compliance Manager assessment template based on the ISO 27001:2013 template.You need to export the existing template.Which file format should you use for the exported template?
Compliance Administrator
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.In the tenant, you create a user named User1.You need to ensure that User1 can publish retention labels from the Microsoft 365 compliance center. The solution must use the principle of least privilege.To which role group should you add User1?
View-Only Audit Logs in the Exchange admin center
You have a Microsoft 365 subscription that contains a user named User1.You need to ensure that User1 can search the Microsoft 365 audit logs from the Security & Compliance admin center.Which role should you assign to User1?
User2 and User3 only
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
Add locations to the policy & Extend the duration of the policy
You have a Microsoft 365 subscription that uses Microsoft 365 compliance center retention policies.You implement a preservation lock on a retention policy that is assigned to all executive users.Which two actions can you perform on the retention policy? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point?
eDiscovery Manager
You have a Microsoft 365 subscription that uses a default domain named contoso.com.You have two users named User1 and User2.From the Microsoft 365 compliance center, you add User1 to the eDiscovery Manager role group.From the Microsoft 365 compliance center, User1 creates a case named Case1.You need to ensure that User1 can add User2 as a case member. The solution must use the principle of least privilege.To which role group should you add User2?
From the Security & Compliance admin center, create a label and a label policy.
You have a Microsoft 365 subscription. All users have their email stored in Microsoft Exchange Online. In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX. What should you do?
the eDiscovery Manager role from the Microsoft 365 compliance center
You have a Microsoft 365 subscription. You have a user named User1.You need to ensure that User1 can place a litigation hold on all mailbox content.What permission should you assign to User1?
Run the Set-AadrmOnboardingControlPolicy cmdlet.
You have a Microsoft 365 subscription. You plan to enable Microsoft Azure Information Protection. You need to ensure that only the members of a group named PilotUsers can protect content. What should you do?
90 days
You have a Microsoft 365 subscription.All users are assigned a Microsoft 365 E3 license.You enable auditing for your organization.What is the maximum amount of time data will be retained in the Microsoft 365 audit log?
From the Security & Compliance admin center, create an eDiscovery case.
You have a Microsoft 365 subscription.All users have their email stored in Microsoft Exchange Online.In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX.What should you do?
Export results
You have a Microsoft 365 subscription.From the Microsoft 365 compliance center, you create a content search of a mailbox.You need to view the content of the mail messages found by the search as quickly as possible.What should you select from the Content search settings?
an export key
You have a Microsoft 365 subscription.From the Microsoft 365 compliance center, you create a content search of all the mailboxes that contain the word ProjectX.You need to export the results of the content search.What do you need to download the report?
An app protection policy
You have a Microsoft 365 subscription.Some users have iPads that are managed by your company.You plan to prevent the iPad users from copying corporate data in Microsoft Word and pasting the data into other applications.What should you create?
user overrides
You have a Microsoft 365 subscription.You configure a data loss prevention (DLP) policy.You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.You need to prevent the users from bypassing the DLP policy.What should you configure?
Exchange email
You have a Microsoft 365 subscription.You need to create a data loss prevention (DLP) policy that is configured to use the Set headers action.To which location can the policy be applied?
Add User1 to the Security Reader role group.
You have a Microsoft 365 subscription.You need to grant a user named User1 access to download compliance reports from the Security & Compliance admin center. The solution must use the principle of least privilege.What should you do?
Perform an audit log search
You have a Microsoft 365 subscription.You need to identify which administrative users performed eDiscovery searches during the past week.What should you do from the Security & Compliance admin center?
Security & Compliance
You have a Microsoft 365 subscription.You need to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity during the past month. The solution must minimize administrative effort.Which admin center should you use?
From the Microsoft 365 compliance center, perform an audit log search.
You have a Microsoft 365 subscription.You need to view the IP address from which a user synced a Microsoft SharePoint Online library.What should you do?
Set-GroupMailbox
You have a Microsoft 365 subscription.You plan to connect to Microsoft Exchange Online PowerShell and run the following cmdlets:✑ Search-MailboxAuditLog✑ Test-ClientAccessRule✑ Set-GroupMailboxGet-Mailbox -Which cmdlet will generate an entry in the Microsoft Office 365 audit log?
a sensitive information type
You have a Microsoft 365 subscription.Your company has a customer ID associated to each customer. The customer IDs contain 10 numbers followed by 10 characters. The following is a sample customer ID: 12-456-7890-abc-de-fghij.You plan to create a data loss prevention (DLP) policy that will detect messages containing customer IDs.What should you create to ensure that the DLP policy can detect the customer IDs?
a Microsoft 365 mailbox
You have a Microsoft 365 tenant and a LinkedIn company page.You plan to archive data from the LinkedIn page to Microsoft 365 by using the LinkedIn connector.Where can you store data from the LinkedIn connector?
a compliance policy
You have a Microsoft 365 tenant that contains 1,000 Windows 10 devices. The devices are enrolled in Microsoft Intune.Company policy requires that the devices have the following configurations:✑ Require complex passwords.✑ Require the encryption of removable data storage devices.✑ Have Microsoft Defender Antivirus real-time protection enabled.You need to configure the devices to meet the requirements.What should you use?
UnifiedAuditLogIngestionEnabled
You have a Microsoft 365 tenant. You discover that administrative tasks are unavailable in the Microsoft 365 audit logs of the tenant. You run the Get-AdminAuditLogConfig cmdlet and receive the following output:
1. Compliance Policy - Conditional Access Policy
You have a Microsoft 365 tenant.Company policy requires that all Windows 10 devices meet the following minimum requirements ✑ Require complex passwords. ✑ Require the encryption of data storage devices. ✑ Have Microsoft Defender Antivirus real-time protection enabled. You need to prevent devices that do not meet the requirements from accessing resources in the tenant.Which two components should you create? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
Label1, Label3, Label4, and Label6 only
You have the sensitivity labels shown in the following exhibit.
From the Security & Compliance admin center, create an alert policy.
You need to notify the manager of the human resources department when a user in the department shares a file or folder from the departmentגTM€s Microsoft SharePoint Online site. What should you do?
Copy the PST files by using AzCopy. - From the Exchange admin center, assign admin roles. - Create a mapping file that uses the CSV file format
You plan to use the Security & Compliance admin center to import several PST files into Microsoft 365 mailboxes.Which three actions should you perform before you import the data? Each correct answer presents part of the solution.NOTE: Each correct selection is worth one point.
From the SharePoint admin center, create a managed property.
Your company uses on-premises Windows Server File Classification Infrastructure (FCI). Some documents on the on-premises file servers are classified asConfidential.You migrate the files from the on-premises file servers to Microsoft SharePoint Online.You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification.What should you do first?
Create a sensitivity label - publish the label - create an auto-labeling policy
DRAG DROP -You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.You need to automatically label the documents on Site1 that contain credit card numbers.Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.Select and Place:
a 12-MB BMP file
From the Microsoft 365 compliance center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)
a 5-MB MP3 file
From the Microsoft 365 compliance center, you create a content export as shown in the exhibit. (Click the Exhibit tab.) What will be excluded from the export?
Yes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a new Microsoft 365 subscription. You need to prevent users from sending email messages that contain Personally Identifiable Information (PII). Solution: From the Microsoft 365 compliance center, you create a data loss prevention (DLP) policy. Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.From the Microsoft 365 security center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters.Does this meet the goal?
Yes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.From the Microsoft 365 security center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.Solution: From Windows PowerShell, you run the New-ComplianceSecurityFilter cmdlet with the appropriate parameters.Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.From the Microsoft 365 security center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.Solution: From the Azure Active Directory admin center, you create a conditional access policy.Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft 365 subscription.From the Microsoft 365 security center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.Solution: From the Security & Compliance admin center, you modify the roles of the US eDiscovery Managers role group.Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.You create a Microsoft Defender for Identity instance named Contoso.The tenant contains the users shown in the following table.
Yes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.You create a Microsoft Defender for Identity instance named Contoso.The tenant contains the users shown in the following table.
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a new Microsoft 365 subscription.You need to prevent users from sending email messages that contain Personally Identifiable Information (PII).Solution: From the Azure portal, you create a Microsoft Azure Information Protection label and an Azure Information Protection policy.Does this meet the goal?
No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a new Microsoft 365 subscription.You need to prevent users from sending email messages that contain Personally Identifiable Information (PII).Solution: From the Cloud App Security admin center, you create an access policy.Does this meet the goal?
Yes
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.You have a new Microsoft 365 subscription.You need to prevent users from sending email messages that contain Personally Identifiable Information (PII).Solution: From the Exchange admin center, you create a data loss prevention (DLP) policy.Does this meet the goal?
User1 and User2 only
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.You sign up for Microsoft Store for Business.The tenant contains the users shown in the following table.
From the Azure Active Directory admin center, add User1to the Compliance administrator role.
Your company has a Microsoft 365 E5 tenant that contains a user named User1.You review the companyג€™s compliance score.You need to assign the following improvement action to User1:Enable self-service password reset.What should you do first?
Compliance Manager
Your company has a Microsoft 365 E5 tenant.The company must meet the requirements of the ISO/IEC 27001:2013 standard.You need to assess the companyג€™s current state of compliance.What should you use?
Azure AD group administration activities ג€" Updated group
Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.A user named User1 is a member of a dynamic group named Group1.User1 reports that he cannot access documents shared to Group1.You discover that User1 is no longer a member of Group1.You suspect that an administrator made a change that caused User1 to be removed from Group1.You need to identify which administrator made the change.Which audit log activity should you search in the Security & Compliance admin center?
a mail flow rule from the Exchange admin center
Your company has a Microsoft 365 subscription.You implement Microsoft Azure Information Protection.You need to automatically protect email messages that contain the word Confidential in the subject line.What should you create?
Microsoft 365 compliance audit log search
Your company has a Microsoft 365 subscription.You need to identify which users performed the following privileged administration tasks:✑ Deleted a folder from the second-stage Recycle Bin of Microsoft SharePoint✑ Opened a mailbox of which the user was not the owner✑ Reset a user password What should you use?
a Microsoft 365 compliance center data loss prevention (DLP) policy
Your company has a Microsoft 365 tenant. The company sells products online and processes credit card information. You need to be notified if a file stored in Microsoft SharePoint Online contains credit card information. The file must be removed automatically from its current location until an administrator can review its contents. What should you use?
User1 and User2 only
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.You sign for Microsoft Store for Business.The tenant contains the users shown in the following table.
