MS-500 Test, MS-500 - Module 4, MS-500 - Module 1, MS-500 - Module 3, MS-500 - Module 2, MS500
What is the maximum number of days you can allow your users to remember a multi-factor authentication session in an app? (A) 1 (B) 14 (C) 30 (D) 60
(D) 60
The Securities and Exchange Commission (SEC) Rule 17a-4 requires that after a retention policy is turned on, it cannot be turned off or made less restrictive. If your organization needs to comply with this rule, what Office 365 feature can you use to meet this requirement? (A) In-Place Archiving (B) eDiscovery Hold (C) In-Place Records Management (D) Preservation Lock (E) A Preservation Hold library
(D) Preservation Lock
Your organization uses Exchange Online Protection and Advanced Threat Protection. What should you implement to enhance your protection against phishing in your organization? (A) ZAP (B) Safe attachments (C) Reputation block (D) Safe links
(D) Safe links
Which device type can be automatically enrolled to MDM through the Device Enrollment Program? (A) Android (B) Android for Work (C) Windows 8.1 (D) iOS (E) Windows 10
(D) iOS
What are the three authentication categories for Microsoft 365?
- Cloud-only - Directory Synchronization with Pass-through authentication (PTA) - Single Sign-On (SSO) with ADFS
How long after the Azure ATP cloud service is updated will Sensor1 be updated?
24 hours
Your company uses Microsoft Azure Advanced Threat Protection (ATP). You enable the delayed deployment of updates for an Azure ATP sensor named Sensor1. How long after the Azure ATP cloud service is updated will Sensor1 be updated?
A. 7 days *B. 24 hours* C. 1 hour D. 48 hours E. 12 hours *Answer: B*
You need to implement Windows Defender ATP to meet the security requirements. What should you do?
A. Configure port mirroring B. Create the ForceDefenderPassiveMode registry setting C. *Download and install the Microsoft Monitoring Agent* D. Run WindowsDefenderATPOnboardingScript.cmd *Answer: C*
You have a Microsoft 365 subscription. You need to ensure that all users who are assigned the Exchange administrator role have multi-factor authentication (MFA) enabled by default. What should you use to achieve the goal?
A. Security & Compliance permissions *B. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management* C. Microsoft Azure AD group management D. Microsoft Office 365 user management *Answer: B*
What PowerShell cmdlet is used to assign a role to a user?
Add-MsolRoleMember eg: Add-MsolRoleMember -RoleName "Exchange Service Administrator" -RoleMemberEmailAddress "[email protected]"
What Azure AD level is required to use password write-back with federated and synchronized identities?
Azure AD Premium
What licensing is required to implement device compliance policies?
Azure AD premium P1 or P2 and Intune, or MS 365, or Enterprise Mobility + Security
"You have a server named Server1 that runs Windows Server 2016. Server1 hosts the telemetry database. You need to prevent private details in the telemetry data from being transmitted to Microsoft. "
Configure a registry entry ON THE COMPUTERS
How should you prepare Intune for Windows Defender ATP?
Create a device configuration profile
You need to enable and configure Microsoft Defender ATP to meet the security requirements. What should you do?
Download and install the Microsoft Monitoring Agent
What is the only Safe Attachment option other than "Off" that allows the recipient to receive and read the message body without a delay in the delivery?
Dynamic delivery
Finance
NYY
What PowerShell cmdlet is used to create a MS 365 group?
New-MsolGroup
What PowerShell cmdlet is used to delete MS 365 groups?
Remove-MsolGroup
" Password Hash Synchronization
Y
What should you obtain first?
an export key
Which type of site collection should you create first?
eDiscovery Center
" "If you reset... If you join..."
"...overwritten ...RegisteredDevices container
" "Groups..assigned Groups..dynamic"
"1 2
" What is the minimum number of DLP policies and rule
"3 3
" "You need to recommend an email malware solution Policy to Create: Option to configure:"
"ATP safe attachments Replace
" "Which Azure PIM Admins must be notified Users assigned the Security "
"Alerts Roles
" You need to recommend a solution that meets the technical and security requirements for sharing data with the partners.
"Assign the Guest inviter role to User1 Modify the External collaboration settings in the Azure Active Directory admin center
" "You need to assign built-in role-based access control (RBAC) roles to achieve the following tasks: • Create and run playbooks. • Manage incidents."
"Azure Sentinel contributor Logic App contributor
" "Must change they password... Prompted for MFA..."
"Both User1 and User2 User2 only
" "What occurs when each user signs in from an anonymous IP address? User1 User2"
"Can sign in without MFA Blocked
" "You need to integrate the VPN and Azure ATP. On VPN1: On Server1, enable the following inbound port:"
"Configure an accounting provider 1813
" You need to configure threat detection for Active Directory.
"Create Download ATP Configure ATP
" You need to provide the customer with a copy of the content.
"Create View Save Export
" You need to remove Litware.docx permanently.
"Delete from Customer Delete from Site2 Delete from SiteCollection1
" Which policies apply to which devices?
"Dev1 and Dev3 only Dev4 only
" "To which groups can you apply Policy1? On premises Active Directory groups: Azure AD groups:"
"Group1 and Group4 only Group13 and Group14 only
" You need to allow users at Contoso to share files from Microsoft OneDrive to specific users at Litware.
"Modify the Links settings Decrease the permission level for OneDrive External sharing
What is the effect of the configuration?
"Must Must/legacy
" "You create an alert policy named Policy1 as shown in the following exhibit. If User1 runs a scheduled task... If User1, User2 and User3 each run..."
"Policy1 will be triggered after 60 minutes Policy1 will be triggered after 60 minutes
" "Where are suspicious email messages placed by default? Messages that contain word-filtered content: Messages that are classified as phishing:"
"The junk email folder ATP quarantine
" Which two activities should you use in the search?
"Updated user Removed member from group
" "You need to apply app enforced restrictions to the members of Group1 when they connect to Microsoft Exchange Online from non-compliant devices, regardless of their location. From the Azure portal, create a conditional access policy... From Exchange Online Remote PowerShell session, run..."
"Users and groups, Cloud apps, and Conditions settings New-OwaMailbox Policy and Set-OwaMailboxPolicy
" "To increase GDRP Compliance Score for Officer 365, you must... The current GDRP Compliance Score..."
"assign actions items proves the organization is non-compliant
" "A user has an email of [email protected]: If a new guest user is created for [email protected]:"
"cannot access Onedrive content the user can access OneDrive content after link has been created
" " You publish Label1 to SharePoint sites. If you create a file in Microsoft SharePoint library Jan 1, 2019... If you create a file in Microsoft SharePoint library Mar 15 2019..."
"never delete the file always remain in the library
" "If a user creates a file in Microsoft SharePoint library on January 1 2019 If a user creates a file in a Microsoft OneDrive on January 1 and modifies on Mar 1..."
"retained can recover the file until Mar 1 2021
" You need to review the attachments that were removed from the messages.
"the Exchange admin center the Security & Compliance admin center
Which of the following is a prerequisite to use Windows Information Protection? (A) A Mobile Device Management or Mobile Application Management solution (B) Certificates issues by a public certification authority (C) Two servers running Windows Server 2016 Datacenter (D) Clients running minimum Windows 7
(A) A Mobile Device Management or Mobile Application Management solution
Which technology detects multiple types of suspicious activities, focusing on several phases of the cyber-attack kill chain? (A) ATA (B) ATP (C) EOP (D) GOP
(A) ATA
You are a security and compliance administrator for Contoso Ltd. Some users are reporting that items in their mailboxes are missing from time to time. What should you do to track items in user mailboxes? (A) Activate Auditing for the affected mailboxes in the Exchange Admin Center. (B) Activate Auditing for the affected mailboxes in the Microsoft 365 Admin Center. (C) Create a new Report in the Security & Compliance Center. (D) Create a DLP policy and assign it to the affected mailboxes.
(A) Activate Auditing for the affected mailboxes in the Exchange Admin Center.
You are the compliance administrator for Contoso Ltd., and you want to activate In-Place archiving for a greater number of users. What will happen to the mailbox objects in the user mailboxes as soon as you activate the archiving mailbox? (A) All elements older than 2 years will be moved to their archive mailbox. (B) All elements older than 7 years will be automatically deleted. (C) If the user mailbox contains more than 10,000 elements, all other elements are moved to the archive mailbox. (D) All elements older than 2 years will be copied to their archive mailbox.
(A) All elements older than 2 years will be moved to their archive mailbox
You are working as a security and compliance administrator for Contoso Ltd., and you need to provide tools for your users to classify and protect sensitive documents that are sent to recipients outside your company. Which tool do you recommend? (A) Azure Information Protection (B) Windows Information Protection (C) Office 365 Message Encryption (D) Fileserver Classification Infrastructure (FCI)
(A) Azure Information Protection
Which Exchange feature enables users to have an archive mailbox and move or copy messages between their primary mailbox and their archive mailbox? (A) In-Place Archiving (B) In-Place Records Management (C) Messaging Record Management (MRM) (D) Message Archiving
(A) In-Place Archiving
Why should you use Azure AD Connect for your Active Directory Federation Services (AD FS) installation and configuration? (A) It helps you to avoid AD FS configuration issues because installation and configuration is done automatically in the background. (B) It provides more features like MFA and smart card authentication as if you install and configure it manually with Windows Server 2016. (C) You can only use Azure AD Connect for installing and configuring AD FS for Microsoft 365. (D) With Azure AD Connect, you do not have to validate domain ownership in your domain name registrar.
(A) It helps you to avoid AD FS configuration issues because installation and configuration is done automatically in the background.
Which of the following is a security product that enables the ability to automatically upload data logs? (A) Microsoft Cloud App Security (B) Office 365 Cloud App Security (C) Windows Cloud App Security (D) Data Loss Prevention
(A) Microsoft Cloud App Security
What is the name of the solution you must add if you want to integrate Office 365 audit logs into the Azure Operations Management Suite? (A) Office 365 management solution (B) Azure Log Analytics (C) Azure AD Connect Health (D) Active Directory Health Check solution
(A) Office 365 management solution
Which of the following is an attack that uses a technique in which an attacker captures account logon credentials (specifically the NTLM hash) on one computer and then uses those captured credentials to authenticate from other computers in the network to access resources? (A) Pass-the-Hash (B) BruteForce (C) Pass-the-Ticket (D) Remote Execution
(A) Pass-the-Hash
Your organization implemented Active Directory Federation Services (AD FS) successfully. You want to change the AD FS sign-in page using Windows PowerShell. Which cmdlet must be used to change the company name? (A) Set-AdfsGlobalWebContent (B) Set-AdfsWebTheme (C) Set-AdfsWebConfig (D) New-AdfsWebTheme
(A) Set-AdfsGlobalWebContent
Which mechanism in the anti-malware pipeline is effective in catching up to 80% of commodity malware coming into the Office 365 network? (A) Signature-based anti-virus scanners (B) IP and sender reputation (C) Safe attachments (D) Reputation block
(A) Signature-based anti-virus scanners
You are working as a security and compliance administrator for Contoso Ltd., and you have just modified the Message Retention Management (MRM) in your company by adding custom retention policies for the default folders. However, several users have since complained that the new policies do not apply to their mailboxes. What is a common reason why a retention policy does not take effect on mailboxes? (A) The mailbox is smaller than 10 MB in size. (B) The Managed Folder Assistant service is in a Stopped state. (C) The affected users are using Outlook on the web. (D) The affected users are using Outlook 2013.
(A) The mailbox is smaller than 10 MB in size.
If multiple rules match to content that a DLP policy is investigating, which rule will be enforced? (A) The rule with the highest priority (B) The rule with the lowest priority (C) All rules that have matching conditions (D) No rules are enforced
(A) The rule with the highest priority
What is the first step you need to perform to start an audit log search in the Security & Compliance Center? (A) Turn on audit log search (B) Define the desired search filters (C) Configure the user scope to search for (D) Select the desired locations to search at
(A) Turn on audit log search
You are working as a security and compliance administrator for Contoso Ltd., and you need to perform several searches for keywords across all locations in your organization. In total you need to search 20,000 mailboxes and 1,000 SharePoint sites. How many Content Searches from the Security & Compliance Center do you need to create to finish your search across all locations? (A) 21 Content Searches (B) 1 Content Search (C) 2 Content Searches (D) 210 Content Searches
(B) 1 Content Search
What do you need to install if you are working with Word 2016 and you want to classify documents manually? (A) Rights Management Service viewer (B) Azure Information Protection client (C) Azure Information Protection scanner (D) Rights Management Connector
(B) Azure Information Protection client
How can you create a search permissions filter to allow an eDiscovery manager to search only a subset of mailboxes and sites in your Office 365 organization? (A) By using the Security & Compliance Center (B) By using the New-ComplianceSecurityFilter cmdlet in PowerShell (C) By using the New-ComplianceSearchAction cmdlet in PowerShell (D) By using the Azure Portal (E) By using the Microsoft 365 Admin Center
(B) By using the New-ComplianceSecurityFilter cmdlet in PowerShell
Which app can be used for enrolling Android, iOS, and Windows 10 devices to MDM? (A) Settings app (B) Company Portal app (C) Microsoft Launcher (D) Microsoft Authenticator app
(B) Company Portal app
Cloud App Security mitigates different risks in the cloud. Which risk is mitigated by Cloud App Security by cataloging and identifying of sensitive or regulated data? (A) Configuration Control (B) Compliance (C) Threat detection (D) Privileged accounts
(B) Compliance
What is required when publishing an on-premises application for remote access? (A) DNS TXT file (B) Connector Group (C) POST Authentication (D) Short Backend Application Timeout
(B) Connector Group
Preventing data exfiltration is most effective when a data classification scheme is used in combination with which of the following? (A) Least Privilege (B) Data Loss Prevention (C) Access Control Lists (D) External sharing Policies
(B) Data Loss Prevention
You are working as a security and compliance administrator for Contoso Ltd., which provides financial rating services and other investment services. Contoso's Rating and Investment departments have a history of communicating with each other, which has resulted in legal and regulatory issues. To prevent this from occurring in the future, what do you need to implement? (A) Policy Tips (B) Ethical wall (C) DLP Action (D) DLP policy Override
(B) Ethical wall
What user identity type is described as: a synchronized account authenticated by using AD FS? (A) Cloud identity (B) Federated identity (C) Synchronized identity (D) Group identity
(B) Federated identity
You are an security administrator at Contoso Ltd., and you have been asked to encrypt all documents of a compliance-related SharePoint site and restrict access to its document library to a single Azure AD security group. Which technology can you utilize to archive your goals? (A) Secure/Multipurpose Internet Mail Extensions (S/MIME) (B) Information Rights Management (IRM) (C) Office 365 Message Encryption (OME) (D) Active Directory Federation Services (AD FS)
(B) Information Rights Management (IRM)
Your organization wants additional Azure AD Connect server(s) for disaster recovery purposes. How can this be achieved? (A) Install multiple Azure AD Connect server connected to a single Azure AD or Office 365 tenant (B) Install additional Azure AD Connect server(s) in staging mode (C) Install the additional Active Directory Federation Services feature (D) Configure password writeback in Azure AD Connect
(B) Install additional Azure AD Connect server(s) in staging mode
What happens to an archive mailbox if a user's primary mailbox is deleted? (A) It is moved to the Records Center. (B) It is disconnected from the user and deleted after 30 days. (C) It is connected to an Exchange Administrators account. (D) It stays connected with the user, even if the user has no Exchange attributes anymore.
(B) It is disconnected from the user and deleted after 30 days.
You are a security and compliance administrator for Contoso Ltd., and you receive a report about message transport problems. A user reports that some of her emails do not arrive at the designated recipient, but she does not receive an NDR back. What can you do to find possible transport issues? (A) Check If the send connectors are configured correctly and activate verbose logging. (B) Perform a message trace, generate an extended report, and analyze the message routing. (C) Assign yourself full access permissions to the mailbox of the affected user and check all message headers. (D) Open a support case at Microsoft and request the message tracking reports for the affected user.
(B) Perform a message trace, generate an extended report, and analyze the message routing.
Which of the following best describes the function of policies within Cloud App Security? (A) Policies allow you to configure the level of threat protection within your system. (B) Policies allow you to define the way you want your users to behave in the cloud. (C) There is only one type of policy for Cloud App Security but you define it. (D) Policies allow you to protect your users from invalid logins.
(B) Policies allow you to define the way you want your users to behave in the cloud.
If you delete users in your on-premises Active Directory and the deletion is synchronized to Office 365, the user object is put in a deleted state and no longer appears in the user list. Which Windows PowerShell cmdlet can you use for restoring a user? (A) Recover-MsolUser (B) Restore-MsolUser (C) Set-MsolUser (D) Recycle-MsolUser
(B) Restore-MsolUser
A guest user has requested to use Multi-Factor Authentication in your environment, and his company has already set it up. What may need to occur before the guest can use this feature? (A) The guest may need an additional license. (B) The guest may need to perform the authentication once in his or her home Organization and then again in your environment. (C) The guest may need to get authorization from his company. (D) The customer will need to do nothing; everything has been provided.
(B) The guest may need to perform the authentication once in his or her home Organization and then again in your environment.
For a given message when is the time period specified by a message retention policy determined? (A) When the policy is assigned. (B) When the message is received. (C) When the message is sent. (D) When the message is modified (E) When the message is deleted.
(B) When the message is received.
You are a security and compliance administrator for Contoso Ltd., and you need to create a custom DLP policy that blocks access to content with sensitive information and informs the compliance team about greater DLP violations. What do you configure and where? (A) You need to edit the conditions of the high rule of a policy. (B) You need to edit the actions of the high rule of a policy. (C) You need to edit the actions of the low rule of a policy. (D) You need to edit the conditions of the low rule of a policy.
(B) You need to edit the actions of the high rule of a policy.
Which of the following is an email protection feature in the Exchange Online Protection service that detects messages with spam or malware that previously went undetected and were delivered to users' Inboxes? (A) DKIM (B) ZAP (C) DMARC (D) SPF
(B) ZAP
What is the term for malware with an unknown signature? (A) Unknown code sequence (B) Zero-day attack (C) Past due attack (D) Unshielded signature
(B) Zero-day attack
Fill in the blank. You can use DLP reports to view the ______________ submitted by users when they want to override a policy tip warning of a matching DLP policy. (A) data (B) justifications (C) examples (D) policies
(B) justifications
If you delete users in your on-premises Active Directory and the deletion is synchronized to Office 365, the user object is put in a deleted state and no longer appears in the user list. How long can the user object be recovered in Office 365? (A) 90 days (B) 120 days (C) 30 days (D) 60 days
(C) 30 days
A user has added a new application. The application's permissions have been updated, the application is running, and a user is about to use it for the first time. What does Azure AD need before the user can access the application? (A) User certificate (B) Security token (C) Authorization Code (D) Endpoint authorization
(C) Authorization Code
Your company is using Intune for device management. You need to identify devices that are jail-broken or don't use encryption to protect local data. What should you create in Intune? (A) Device enrollment restrictions (B) Device configuration profile (C) Device compliance policy (D) Conditional access policy
(C) Device compliance policy
You need to modify your safe attachments policy to protect certain users from repeated attacks using the same malware attachments. Which option should you select? (A) Monitor (B) Block (C) Dynamic delivery (D) Replace
(C) Dynamic delivery
Which Windows PowerShell cmdlet must be used to configure Web Application Proxy (WAP) for publishing Active Directory Federation Services (AD FS)? (A) Deploy-AdfsApplicationProxy (B) Install-AdfsProxy (C) Install-WebApplicationProxy (D) Configure-WebApplicationProxy (E) Set-AdfsWebProxy
(C) Install-WebApplicationProxy
After you have completed the installation of the ATA Center, what must you configure so that ATA can listen to RADIUS accounting events forwarded to the ATA Gateways? (A) Connect to your Active directory (B) Configure Event Collection (C) Integrate with your VPN solution (D) Create a HoneyToken user
(C) Integrate with your VPN solution
What Microsoft 365 security feature consumes billions of signals across the Microsoft 365 network, leverages artificial Intelligence along with machine learning capabilities, and integrates this data across different security products to address different attack scenarios? (A) Audit Logs (B) ATP (C) Microsoft intelligent Security Graph (D) EOP
(C) Microsoft intelligent Security Graph
Which statement about default password policy settings for Microsoft 365 users is correct? (A) Passwords expire after 90 days, and users receive notification expiration 7 days before it occurs. (B) Passwords expire after 120 days, and users receive notification expiration 14 days before it occurs. (C) Passwords expire after 90 days, and users receive notification expiration 14 days before it occurs. (D) Passwords expire after 120 days, and users receive notification expiration 7 days before it occurs.
(C) Passwords expire after 90 days, and users receive notification expiration 14 days before it occurs.
What is the Microsoft Security Response Center responsible for? (A) Encrypting Microsoft 365 tenants (B) Overseeing tenant updates (C) Publishing technical details about specific malware families (D) Providing customer support for organizations that have experienced security breaches
(C) Publishing technical details about specific malware families
You need to create a policy that will block malicious attachments while delivering the message body to the recipient regardless of a message delay. Which policy option should you choose? (A) Monitor (B) Block (C) Replace (D) Dynamic delivery
(C) Replace
Which of the following, from left to right, represents the correct order to deploy Cloud App Security? (A) Set governance actions, set up Cloud Discovery, control cloud apps with policies, personalize you experience. (B) Set up Cloud Discovery, set governance actions, personalize you experience, control cloud apps with policies. (C) Set up Cloud Discovery, set governance actions, control cloud apps with policies, personalize you experience. (D) Set governance actions, set up Cloud Discovery, personalize you experience, control cloud apps with policies.
(C) Set up Cloud Discovery, set governance actions, control cloud apps with policies, personalize you experience..
You are a security and compliance administrator for Contoso Ltd., and you need to implement a DLP policy that searches for a predefined classification property from your FCI. Where do you need to configure the managed property and map it to the crawled property from an already uploaded document? (A) Word 2016 (B) Exchange (C) SharePoint (D) Microsoft Outlook
(C) SharePoint
When planning Azure AD Connect directory synchronization deciding which object to use as the sourceAnchor attribute is important. Why will the sourceAnchor attribute be used? (A) The sourceAnchor attribute is required for single sign-on capabilities with Azure AD Connect and Active Directory Federation Services (AD FS). (B) The sourceAnchor attribute is required for migrating on-premises Exchange mailboxes to Exchange Online. (C) The sourceAnchor attribute is required for matching both the source and the target object; thereby linking both objects together. (D) The sourceAnchor attribute is required for changing the default Azure AD Connect installation path.
(C) The sourceAnchor attribute is required for matching both the source and the target object; thereby linking both objects together.
Membership in which role group is required to perform searches with content search and view the results? (A) Global Administrator (B) Compliance Administrator (C) eDiscovery Manager (D) Security Administrator
(C) eDiscovery Manager
Which device type requires that Intune have an APN certificate to be able to manage the devices? (A) Android (B) Android for Work (C) iOS (D) Windows 8.1 (E) Windows 10
(C) iOS
What should you configure if you want users to authenticate by using MFA if they want to access a specific company resource? (A)Device configuration profile (B)Device compliance policy (C)Conditional access policy (D)Azure AD integration with Intune
(C)Conditional access policy
Your company is using Intune for device management. You need to identify devices that are jail-broken or don't use encryption to protect local data. What should you create in Intune? (A)Device enrollment restrictions (B)Device configuration profile (C)Device compliance policy (D)Conditional access policy
(C)Device compliance policy
What is the first step that needs to be performed when configuring In-Place records management in SharePoint? (A) Activate in-place records management at the site level (B) Configure record declaration settings at the site collection level (C) Configure record declaration settings at the site level (D) Activate in-place records management at the site collection level
(D) Activate in-place records management at the site collection level
Which authentication solution should be used if you want to address an on-premises multi-factor authentication solution? (A) Azure AD Connect Password Synchronization (B) Azure AD Connect Pass-through authentication (C) Azure AD Connect Pass-through authentication with Azure AD Seamless SSO (D) Active Directory Federation Services (AD FS)
(D) Active Directory Federation Services (AD FS)
Which Cloud App Security policy type enables you to set alerts that notify you when new apps are detected within your organization? (A) Cloud Discovery anomaly detection policy (B) Access policy (C) Activity policy (D) App discovery policy
(D) App discovery policy
What is the back-end for Azure Information Protection to protect emails, documents, and files? (A) Azure Active Directory (B) Fileserver Classification Infrastructure (FCI) (C) Active Directory Federation Services (D) Azure Rights Management Services (Azure RMS)
(D) Azure Rights Management Services (Azure RMS)
Which DNS record type must you add to the DNS zone if you want to enable users to enroll their Windows 10 devices by using auto-discovery? (A) A (B) SVR (C) PTR (D) CNAME
(D) CNAME
You are working as the compliance administrator for Contoso Ltd., and you need to delegate permissions to your compliance management team to create retention policies. Which permissions do you need to assign to members of the team? (A) Global Administrator (B) eDiscovery Manager (C) Security Administrator (D) Compliance Administrator
(D) Compliance Administrator
Fill in the blank. Microsoft Service Trust Portal (STP) is a web site that provides a variety of tools, such as the __________________, as well as content and other resources about Microsoft security, privacy, and compliance practices. (A) Security & Compliance Center (B) Exchange Admin Center (C) Azure Portal (D) Compliance Manager
(D) Compliance Manager
You work for a company called Contoso. Contoso is using Intune for managing their Windows 10, Android, and iOS devices. You noticed that several users are accessing company resources from devices that they didn't enroll to Intune. You need to ensure that users can access company resources only from enrolled devices. What should you configure in Intune? (A) Device enrollment restrictions (B) Device configuration profile (C) Device compliance policy (D) Conditional access policy (E) Azure AD integration with Intune
(D) Conditional access policy
Which Microsoft 365 feature helps protect sensitive information from being shared in content stored in SharePoint Online document libraries while educating users about an organization's compliance requirements? (A) S/MIME (B) Active Directory Federation Services (AD FS) (C) Office 365 Message Encryption (OME) (D) Data loss prevention (DLP)
(D) Data loss prevention (DLP)
What is the first line of defense in the EOP/ATP anti-malware pipeline? (A) Reputation block (B) Heuristic clustering (C) Anti-malware filtering (D) IP and sender reputation
(D) IP and sender reputation
Fill in the blank. Before you can use a Windows Server FCI property in a DLP policy, you need to create a _____________. (A) Crawled property (B) Document fingerprint (C) Sensitive information type (D) Managed property
(D) Managed property
What group type in Microsoft 365 provides a shared workspace for email, conversations, files, and calendar events? (A) Security group (B) Distribution list (C) Mail-enabled security group (D) Office 365 group (E) Dynamic distribution group
(D) Office 365 group
The group writeback feature writes Office 365 Groups from Azure AD to on-premises Active Directory. This feature is included as an optional feature in Azure AD Connect. Which type of groups can be written back from Azure AD to your on-premises Active Directory? (A) Security groups (B) Mail-enabled security groups (C) Distribution groups (D) Office 365 groups
(D) Office 365 groups
Active Directory Federation Services (AD FS) 2016 supports the use of access control policy templates and includes several built-in access control policy templates. What policy template should you use if you want to grant access to everyone and require MFA for everyone? (A) Permit everyone and require MFA for specific group (B) Permit everyone and require MFA from extranet access (C) Permit specific group (D) Permit everyone and require MFA
(D) Permit everyone and require MFA
A user reports that the retention policy assigned to his mailbox doesn't appear to be working. During your investigation, you determine that the user is a new employee and that the size of his mailbox is 8 MB. What should you do to resolve the issue? (A) Upgrade his version of Outlook (B) Confirm that retention tags have been added to the retention policy (C) Create a new retention policy and assign it to Edward's mailbox (D) Run the Start-ManagedFolderAssistant cmdlet
(D) Run the Start-ManagedFolderAssistant cmdlet
What do you need to do first before you can analyze case data in advanced eDiscovery? (A) Create a Content Search in the Security & Compliance Center (B) Create an eDiscovery Hold with PowerShell (C) Export data from advanced eDiscovery to your local computer (D) Set up a case and users in the Security & Compliance Center
(D) Set up a case and users in the Security & Compliance Center
Which Windows PowerShell cmdlet triggers a manual full directory synchronization? (A) Start-AdSyncCycle (B) Start-AdSyncSyncCycle -PolicyType Delta (C) Start-AdSynchronization -Now (D) Start-AdSyncSyncCycle -PolicyType Initial
(D) Start-AdSyncSyncCycle -PolicyType Initial
Users can now change their passwords via the login page or user settings in Office 365 and have them written back to on-premises Active Directory. Which of the following is required to make that happen? (A) You need an Office 365 E5 license (B) Your domain controllers must be at least Windows Server 2003 (C) Your users need Office 2016 installed on their clients (D) You need an Azure Active Directory Premium license P1
(D) You need an Azure Active Directory Premium license P1
Fill in the blank. The Weekly Threat Detections is a widget that provides insight into the _________that have been detected in your tenant. (A) unauthorized access (B) spam (C) shared media (D) malware families
(D) malware families
You work for a company called Contoso. Contoso is using Intune to manage their Windows 10, Android, and iOS devices. You noticed that several users are accessing company resources from devices that are not enrolled to Intune. You need to ensure that users can access company resources only from enrolled devices. What should you configure in Intune? (A)Device enrollment restrictions (B)Device configuration profile (C)Device compliance policy (D)Conditional access policy (E)Azure AD integration with Intune
(D)Conditional access policy
Your company's users are using several types of devices that are running different operating systems. Since you have configured integration between Azure AD and Intune, you need to select a device that can be automatically enrolled to Intune when you join it to Azure AD. Which device should you choose? (A)Android (B)iOS (C)macOS (D)Windows 10
(D)Windows 10
Which calculator-like spreadsheet helps your organization to determine the optimal number of federation servers and required hardware for your environment? (A) Exchange Server Role Requirements Calculator (B) Microsoft Remote Connectivity Analyzer (C) Microsoft 365 Bandwidth Calculator (D) Lync 2010 and 2013 Bandwidth Calculator (E) AD FS Capacity Planning Spreadsheet (F) Microsoft 365 Network Analysis Tool
(E) AD FS Capacity Planning Spreadsheet
Which of the following group types can only be created in the Exchange admin center, but not in the Microsoft 365 admin center? (A) Security group (B) Distribution list (C) Mail-enabled security group (D) Office 365 group (E) Dynamic distribution group
(E) Dynamic distribution group
You have a Microsoft 365 subscription. From the Microsoft 365 admin center, you create a new user. You plan to assign the Reports reader role to the user. You need to see the permissions of the Reports reader role. Which admin center should you use?
*A. Azure Active Directory* B. Cloud App Security C. Security & Compliance D. Microsoft 365 *Answer: A*
You have a Microsoft 365 Enterprise E5 subscription. You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You plan to use Microsoft Office 365 Attack simulator. What is a prerequisite for running Attack simulator?
*A. Enable multi-factor authentication (MFA)* B. Configure Advanced Threat Protection (ATP) IT Certification Guaranteed, The Easy Way! 44 C. Create a Conditional Access App Control policy for accessing Office 365 D. Integrate Office 365 Threat Intelligence and Windows Defender ATP *Answer: A*
You have a hybrid Microsoft 365 environment. All computers run Windows 10 and are managed by using Microsoft Intune. You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the onpremises network. What should you do first?
*A. From the Azure Active Directory admin center, create a new certificate* B. Enable Application Proxy in Azure AD C. From Active Directory Administrative Center, create a Dynamic Access Control policy D. From the Azure Active Directory admin center, configure authentication methods *Answer: A*
You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription. You need to allow a user named User1 to view ATP reports in the Threat management dashboard. Which role provides User1with the required role permissions?
*A. Security reader* B. Message center reader C. Compliance administrator D. Information Protection administrator *Answer: A*
You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Password Hash Synchronization settings. Does that meet the goal?
*A. Yes* B. No *Answer: A*
You have a Microsoft 365 subscription. All computers run Windows 10 Enterprise and are managed by using Microsoft Intune. You plan to view only security-related Windows telemetry data. You need to ensure that only Windows security data is sent to Microsoft. What should you create from the Intune admin center?
*A. a device configuration profile that has device restrictions configured* B. a device configuration profile that has the Endpoint Protection settings configured C. a device configuration policy that has the System Security settings configured D. a device compliance policy that has the Device Health settings configured *Answer: A*
What are four methods for provisioning user accounts?
- Microsoft 365 admin center - Import multiple users - Windows PowerShell - Directory Synchronization
"You need to limit alert notifications to actionable DLP events. "
... modify the matched activities threshold of an alert policy.
You need to connect Microsoft Endpoint Manager to Jamf Pro.
... register an application.
You need to view which users have used an authenticator app to access SharePoint Online. The solution must minimize costs.
.....view the sign-ins.
You need to prevent the users from downloading, printing, and syncing files.
...configure the Access control settings
"You need to ensure that the retention policy tags can be assigned to mailbox items as soon as possible. "
...create a label policy
"You need to identify which files were modified by which users in the user's OneDrive. "
...open the activity log
"You need to view which labels were applied by users manually and which labels were applied automatically. What should you do from the Security & Compliance admin center?"
...select Events
" You need to enable delegation for the security settings of the computers in MachineGroup1.
1-create an Azure Active Directory (Azure AD) group 2-create A ROLE 3-configure the permissions
You need to ensure that access to App1 can be reviewed in REAL TIME
1-register App1 2-create a conditional access policy 3-create an access policy
What are 5 methods to prevent data exfiltration?
1. Access Control Lists 2. External Sharing Policies 3. Least Privilege 4. Data Classification Schemes 5. Data Loss Prevention (DLP)
What are the 5 levels of the Security Configuration Framework from most secure (1) to least secure (5)?
1. Administrator Workstation 2. DevOps Workstation 3. Enterprise VIP Security 4. Enterprise High Security 5. Enterprise Security
If an administrator forgets his password, how can he have it reset? (2 methods)
1. Ask another administrator to reset it (a global admin PW must be reset by another global admin). 2. Reset the PW himself with "Can't access your account?" on the sign-in page for Microsoft 365.
What are the 6 primary components of Windows Defender ATP?
1. Attack surface reduction 2. Next generation protection 3. Endpoint detection and response 4. Automated investigation and remediation 5. Secure score 6. Advanced hunting
What 7 security benefits does the Azure AD Application Proxy provide?
1. Authenticated access 2. Conditional access 3. Traffic termination 4. All access is outbound 5. Cloud-scale analytics 6. Remote access as a service 7. DDOS prevention
What are the three Microsoft 365 tenant / Azure AD requirements to deploy Azure AD Connect?
1. Azure AD subscription or Microsoft 365 tenant 2. Added and verified domains to be used in Azure AD. 3. Verify that the object quota is sufficient (unverified = 50k, verified = 300k, >300k requires a MS ticket)
What are four features of Windows Defender Exploit Guard?
1. Exploit protection 2. Attack surface reduction rules 3. Network protection 4. Controlled folder access
What are six benefits of directory synchronization?
1. Hybrid Identity (between on-prem and cloud) 2. AD Policies (on prem can drive cloud) 3. Leverage Identity (common identity through multiple apps) 4. Single-sign-on (SSO for cloud and on-prem managed on prem) 5. Multi-factor authentication (MFA can be used both on-prem and in cloud) 6. Common identity model
What three vulnerabilities are tracked by Azure Active Directory?
1. Multi-factor authentication (MFA) registration not configured 2. Unmanaged cloud apps 3. Security alerts from Privileged Identity Management (PIM)
What are the 6 options for setting up ATP Safe Attachments policy?
1. Off 2. Monitor 3. Block 4. Replace 5. Dynamic delivery 6. Enable redirect
Which two management role groups can create safe attachment policies?
1. Organization Management 2. Hygiene Management
What Exchange online protection (EOP) features does Microsoft 365 Advanced Threat Protection (ATP) provide?
1. Safe Attachments 2. Safe Links 3. Spoof intelligence 4. Quarantine 5. ATP anti-phishing
Name four common access concerns that conditional access can help you with?
1. Sign-in risk 2. Network location 3. Device management 4. Client application
What are the three parts of Azure AD Connect?
1. The synchronization services 2. The optional Active Directory Federation Services piece 3. The monitoring piece, which is done using Azure AD Connect Health
What six risk event types are tracked by Azure Active Directory?
1. Users with leaked credentials 2. Sign-ins from anonymous IP address 3. Impossible travel to atypical locations 4. Sign-in from unfamiliar locations 5. Sign-ins from infected devices 6.Sign-ins from IP addresses with suspicious activity
Which IP address space should you include in the Trusted IP MFA configuration?
192.168.16.0/20
For Active Directory risk events, what timeframe is considered "Offline"?
2 to 4 hours
For how long after deletion can an object be recovered in Microsoft 365?
30 days
For Active Directory risk events, what timeframe is considered "Real-Time"?
5 to 10 minutes
How long will auditing data be retained?
90 days
"You need to ensure that users can manually designate which content will be subject to data loss prevention (DLP) policies. What should you create first?"
A Data Subject Request (DSR)
By default in Microsoft 365, after how many days do users' passwords expire, and how long before expiration will a user receive a notification?
A password will expire after 90 days, and a user will receive notification 14 days prior to expiration.
For Active Directory risk events, what is considered a "High" risk?
A risk with both high confidence and high severity
For Active Directory risk events, what is considered a "Low" risk?
A risk with both low confidence and low severity
For Active Directory risk events, what is considered a "Medium" risk?
A risk with either high confidence or high severity, but not both
You have a Microsoft 365 subscription. You create an Advanced Threat Protection (ATP) safe attachments policy to quarantine malware. You need to configure the retention duration for the attachments in quarantine. Which type of threat management policy should you create from the Security&Compliance admin center?
A. ATP anti-phishing B. DKIM C. Anti-spam *D. Anti-malware Answer: D*
Your company has 500 computers. You plan to protect the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP). Twenty of the computers belong to company executives. You need to recommend a remediation solution that meets the following requirements: Windows Defender ATP administrators must manually approve all remediation for the executives Remediation must occur automatically for all other users What should you recommend doing from Windows Defender Security Center?
A. Configure 20 system exclusions on automation allowed/block lists B. Configure two alert notification rules C. Download an offboarding package for the computers of the 20 executives *D. Create two machine groups Answer: D*
You have a Microsoft 365 tenant. You have 500 computers that run Windows 10. You plan to monitor the computers by using Windows Defender Advanced Threat Protection (Windows Defender ATP) after the computers are enrolled in Microsoft Intune. You need to ensure that the computers connect to Windows Defender ATP. How should you prepare Intune for Windows Defender ATP?
A. Configure an enrollment restriction *B. Create a device configuration profile* C. Create a conditional access policy D. Create a Windows Autopilot deployment profile *Answer: B*
Your company has a Microsoft 365 subscription that includes a user named User1. You suspect that User1 sent email messages to a competitor detailing company secrets. You need to recommend a solution to ensure that you can review any email messages sent by User1 to the competitor, including sent items that were deleted. What should you include in the recommendation?
A. Enable In-Place Archiving for the mailbox of User1 B. From the Security & Compliance, perform a content search of the mailbox of User1 *C. Place a Litigation Hold on the mailbox of User1* D. Configure message delivery restrictions for the mailbox of User1 *Answer: C*
You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization. Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online. You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members. The email address that you intend to spoof belongs to the Executive group members. What should you do first?
A. From Azure ATP admin center, configure the primary workspace settings B. From the Microsoft Azure portal, configure the user risk settings in Azure AD Identity Protection *C. Enable MFA for the Research group members* D. Migrate the Executive group members to Exchange Online *Answer: C*
You recently created and published several labels policies in a Microsoft 365 subscription. You need to view which labels were applied by users manually and which labels were applied automatically. What should you do from the Security & Compliance admin center?
A. From Search & investigation, select Content search *B. From Data governance, select Events* C. From Search & investigation, select eDiscovery D. From Reports, select Dashboard *Answer: B*
You have a Microsoft 365 subscription. The Global administrator role is assigned to your user account. You have a user named Admin1. You create an eDiscovery case named Case1. You need to ensure that Admin1 can view the results of Case1. What should you do first?
A. From the Azure Active Directory admin center, assign a role group to Admin1. B. From the Microsoft 365 admin center, assign a role to Admin1. *C. From Security & Compliance admin center, assign a role group to Admin* *Answer: C*
You have a Microsoft 365 subscription. A user reports that changes were made to several files in Microsoft OneDrive. You need to identify which files were modified by which users in the user's OneDrive. What should you do?
A. From the Azure Active Directory admin center, open the audit log B. From the OneDrive admin center, select Device access C. From Security & Compliance, perform an eDiscovery search *D. From Microsoft Cloud App Security, open the activity log Answer: D*
You have a Microsoft 365 subscription. You need to ensure that users can apply retention labels to individual documents in their Microsoft SharePoint libraries. Which two actions should you perform? Each correct answer presents part of the solution.
A. From the Cloud App Security admin center, create a file policy. B. From the SharePoint admin center, modify the Site Settings. *C. From the SharePoint & Compliance admin center, create a label.* D. From the SharePoint admin center, modify the records management settings. *E. From the Security & Compliance admin center, publish a label.* *Answer: C E*
You have a Microsoft 365 subscription. You need to enable auditing for all Microsoft Exchange Online users. What should you do?
A. From the Exchange admin center, create a journal rule B. Run the Set-MailboxDatabase cmdlet *C. Run the Set-Mailbox cmdlet* D. From the Exchange admin center, create a mail flow message trace rule. *Answer: C*
You have a Microsoft 365 subscription that includes a user named Admin1. You need to ensure that Admin1 can preserve all the mailbox content of users, including their deleted items. The solution must use the principle of least privilege. What should you do?
A. From the Microsoft 365 admin center, assign the Exchange administrator role to Admin1. *B. From the Exchange admin center, assign the Discovery Management admin role to Admin1.* C. From the Azure Active Directory admin center, assign the Service administrator role to Admin1. D. From the Exchange admin center, assign the Recipient Management admin role to Admin1. *Answer: B*
You have a Microsoft 365 subscription. Some users access Microsoft SharePoint Online from unmanaged devices. You need to prevent the users from downloading, printing, and synching files. What should you do?
A. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy B. Run the Set-SPODataConnectionSetting cmdlet and specify the AssignmentCollection parameter IT Certification Guaranteed, The Easy Way! 18 *C. From the SharePoint admin center, configure the Access control settings* D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy *Answer: C*
You have a Microsoft 365 subscription. Yesterday, you created retention labels and published the labels to Microsoft Exchange Online mailboxes. You need to ensure that the labels will be available for manual assignment as soon as possible. What should you do?
A. From the Security & Compliance admin center, create a label policy B. From Exchange Online PowerShell, run Start-RetentionAutoTagLearning *C. From Exchange Online PowerShell, run Start-ManagedFolderAssistant* D. From the Security & Compliance admin center, create a data loss prevention (DLP) policy *Answer: C*
You create a label that encrypts email data. Users report that they cannot use the label in Outlook on the web to protect the email messages they send. You need to ensure that the users can use the new label to protect their email. What should you do?
A. Modify the priority order of label policies *B. Wait six hours and ask the users to try again* C. Create a label policy D. Create a new sensitive information type *Answer: B*
You have a hybrid Microsoft 365 environment. All computers run Windows 10 Enterprise and have Microsoft Office 365 ProPlus installed. All the computers are joined to Active Directory. You have a server named Server1 that runs Windows Server 2016. Server1 hosts the telemetry database. You need to prevent private details in the telemetry data from being transmitted to Microsoft. What should you do?
A. On Server1, run readinessreportcreator.exe B. Configure a registry on Server1 *C. Configure a registry on the computers* D. On the computers, run tdadm.exe *Answer: C*
You have a Microsoft 365 subscription. Some users access Microsoft SharePoint Online from unmanaged devices. You need to prevent the users from downloading, printing, and synching files. What should you do?
A. Run the Set-SPODataConnectionSetting cmdlet and specify the AssignmentCollection parameter *B. From the SharePoint admin center, configure the Access control settings* C. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) Identity Protection sign-in risk policy D. From the Microsoft Azure portal, create an Azure Active Directory (Azure AD) conditional access policy *Answer: B*
You have a Microsoft 365 E5 subscription. You implement Advanced Threat Protection (ATP) safe attachments policies for all users. User reports that email messages containing attachments take longer than expected to be received. You need to reduce the amount of time it takes to receive email messages that contain attachments. The solution must ensure that all attachments are scanned for malware. Attachments that have malware must be blocked. What should you do from ATP?
A. Set the action to Block B. Add an exception C. Add a condition *D. Set the action to Dynamic Delivery* Answer: D
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: * Source Anchor: objectGUID IT Certification Guaranteed, The Easy Way! 55 * Password Hash Synchronization: Disabled * Password writeback: Disabled * Directory extension attribute sync: Disabled * Azure AD app and attribute filtering: Disabled * Exchange hybrid deployment: Disabled * User writeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Source Anchor settings. Does that meet the goal?
A. Yes *B. No Answer: B*
You have a Microsoft 365 E5 subscription that is associated to a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You use Active Directory Federation Services (AD FS) to federate on-premises Active Directory and the tenant. Azure AD Connect has the following settings: * Source Anchor: objectGUID * Password Hash Synchronization: Disabled * Password writeback: Disabled * Directory extension attribute sync: Disabled * Azure AD app and attribute filtering: Disabled * Exchange hybrid deployment: Disabled * User writeback: Disabled You need to ensure that you can use leaked credentials detection in Azure AD Identity Protection. Solution: You modify the Azure AD app and attribute filtering settings. Does that meet the goal?
A. Yes *B. No Answer: B*
You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy. A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. Solution: You modify the encryption settings of the label. Does this meet the goal?
A. Yes *B. No Answer: B*
Your company has a Microsoft 365 subscription. The company forbids users to enroll personal devices in mobile device management (MDM). Users in the sales department have personal iOS devices. You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant. The users must be prevented from backing up the app's data to iCloud. What should you create?
A. a conditional access policy in Microsoft Azure Active Directory (Azure AD) that has a device state condition *B. an app protection policy in Microsoft Intune* C. a conditional access policy in Microsoft Azure Active Directory (Azure AD) that has a client apps condition D. a device compliance policy in Microsoft Intune *Answer: B*
You need to create Group2. What are two possible ways to create the group?
A. an Office 365 group in the Microsoft 365 admin center B. a mail-enabled security group in the Microsoft 365 admin center *C. a security group in the Microsoft 365 admin center* D. a distribution list in the Microsoft 365 admin center *E. a security group in the Azure AD admin center* *Answer: C&E*
What is multi-factor authentication (MFA)?
An authentication method that requests a username and password and then employs one of the following secondary authentication methods: - Call to phone - Text message to phone - Notification through mobile app - Verification code from mobile app
Which type of threat management policy should you create?
Anti-spam
You need to meet the technical requirements for User9. What should you do?
Assign the Global administrator role to User9
"You need to resolve the issue that generates the automated email messages to the IT team. Which tool should you run first?"
Azure AD Connect wizard
"You need to view the permissions of the Reports reader role. Which admin center should you use?"
Azure Active Directory
What is synchronized by default by Azure AD Connect?
By default, all users, contacts, groups, and Windows 10 computers are synchronized.
" "You need to meet the security requirements for Azure ATP reporting. Policy to edit: Audit setting to configure:"
Controllers Policy Group Management
"You need to recommend a remediation solution that meets the following requirements: -Microsoft Defender ATP administrators must manually approve all remediation for the executives -Remediation must occur automatically for all other users"
Create two machine groups
You have a Microsoft 365 tenant. You create a label named CompanyConfidential in Microsoft Azure Information Protection. You add CompanyConfidential to a global policy. A user protects an email message by using CompanyConfidential and sends the label to several external recipients. The external recipients report that they cannot open the email message. You need to ensure that the external recipients can open protected email messages sent to them. Solution: You create a new label in the global policy and instruct the user to resend the email message. Does this meet the goal?
Does this meet the goal? *A. Yes* B. No *Answer: A*
ou need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members.
Enable MFA for the Research group members
True or False: Self-service password reset (SSPR) is enabled by default?
FALSE
True or False: After the initial Azure AD Connect sync is completed, objects may be configured in the cloud or on-premises.
False. After the first synchronization cycle has completed, the source of authority is transferred from the cloud to the on-premises Active Directory. All subsequent changes to cloud objects (except for licensing) are mastered from the on-premises Active Directory tools. The corresponding cloud objects are read-only, and Microsoft 365 administrators cannot edit cloud objects if the source of authority is on-premises.
true/false: At least one domain controller must be running at least Windows Server 2008 R2 to use gMSA (Group Managed Service Account).
False. At least one domain controller must be running at least Windows Server 2012 to enable gMSA.
True / False: The Azure AD Connect server must be deployed in the perimeter network in order to accept incoming requests from the cloud to perform pass-through authentication.
False. Since all communication from the Azure AD Connect server is outbound only, it does not need to be in the perimeter network. It pulls requests for authentication from a queue, thus eliminating the need for incoming communications.
true/false: The ADFS farm should be located in the perimeter network.
False. The ADFS farm should be domain-joined to the internal network.
true/false: The Web Application Proxy (WAP) should be located in the internal network and be domain joined.
False. The WAP should be located in the perimeter network.
"You need to create a Microsoft Azure Active Directory (Azure AD) conditional access policy that will allow only Windows 10 computers marked as compliant to establish a VPN connection to the on-premises network. What should you do first?"
From the Azure Active Directory admin center, create a new certificate
You need to ensure that Admin1 can view the results of Case1.
From the SECURITY AND COMPLIANCE admin center, assign a ROLE GROUP to Admin1.
What PowerShell cmdlet is used to view MS 365 groups?
Get-MsolGroup
What PowerShell cmdlet is used to view available administrator roles?
Get-MsolRole
Which directory roles are supported by Azure Identity Protection?
Global Administrator Security Administrator Security Reader
What is the source anchor attribute?
In Azure AD Connect, the sourceAnchor attribute matches both the source and the target object, thereby linking both objects together.
What is pass-through authentication?
In pass-through authentication, the user authenticates in Azure AD and Azure AD passes the encrypted password to on-prem AD for authentication. The on-prem AD returns either "success", "failure", "password expired", or "user locked out".
Archiving in Exchange is called "In-Place Archiving". What is a similar concept in SharePoint?
In-Place Records Management
You need to ensure that users who are assigned the Exchange administrator role have time-limited permissions and must use multi-factor authentication (MFA) to request the permissions.
Microsoft Azure Active Directory (Azure AD) Privileged Identity Management
You need to enable mailbox intelligence for all users.
Migrate the on-premises mailboxes to Exchange Online
ou need to ensure that you can detect when sensitive groups are modified and when malicious services are created.
Modify the Domain synchronizer candidate's settings on the Azure ATP sensors.
"User1 receives three email alerts from Azure AD Identity Protection User2 receives three email alerts from Azure AD Identity Protection User3 receives three email alerts from Azure AD Identity Protection"
NNN
"From a webbrowser on Computer1, you can open http://www.contoso.com. From a webbrowser on Computer1, you can open http://www.litwareinc.com/public From a webbrowser on Computer2, you can open http://www.litwareinc.com"
NYN
"If User1 types ""Product1 and Product2""... If User1 types ""Product2 and Product1""... If User1 types ""product2""..."
NYN
"When User1 uses Dev1, Policy3 applies When User2 uses Dev1, Policy2 applies When User2 uses Dev2, Policy4 applies"
NYN
"From Dev1, User1 can copy from App1 to App3 From Dev2, User1 can copy from App1 to App2 From Dev2, User1 can copy from App1 to App3"
NYY
What PowerShell cmdlet is used to provision user accounts?
New-MsolUser eg: New-MsolUser -UserPrincipalName [email protected] -DisplayName "Stella Carrillo" - FirstName "Stella" -LastName "Carrillo" -UsageLocation "US" -LicenseAssignment "Adatum: ENTERPRISEPREMIUM"
What is password write-back?
Password write-back allows users to change their passwords in the cloud according to their on-premises AD.
Which role should you assign to User1?
Privileged role administrator
What PowerShell cmdlet is used to delete user accounts?
Remove-MsolUser (Use -ObjectId Guid or -UserPrincipalName parameters)
What PowerShell cmdlet is used to restore deleted user accounts?
Restore-MsolUser
You need to enable auditing for all Microsoft Exchange Online users.
Run the Set-Mailbox CMDLET
What kind of databases are supported for ADFS?
SQL or WID (Windows Internal Database)
To which role group should you add Auditor?
Security operator
What should User6 use to meet the technical requirements?
Service requests in the Microsoft 365 admin center
What cmdlet is used to add a home link to the ADFS sign in page?
Set-AdfsGlobalWebContent
What cmdlet is used to add a privacy link to the ADFS sign in page?
Set-AdfsGlobalWebContent
What cmdlet is used to add a sign-in description on the ADFS sign in page?
Set-AdfsGlobalWebContent
What cmdlet is used to add help desk links on the ADFS sign in page?
Set-AdfsGlobalWebContent
What cmdlet is used to change the company name on the ADFS sign in page?
Set-AdfsGlobalWebContent
What cmdlet is used to change the company logo on the ADFS sign in page?
Set-AdfsWebTheme
What cmdlet is used to change the illustration on the ADFS sign in page?
Set-AdfsWebTheme
What cmdlet is used to switch authentication between "federated" (ADFS) and "managed" (Password Sync)
Set-MsolDomainAuthentication
Which blade should you recommend using from the Azure Active Directory admin center?
Sign-ins
What are the 5 steps (in order) to deploy Cloud App Security?
Step 1 - Set up Cloud Discovery Step 2 - Set instant visibility, protection, and governance actions for your apps Step 3 - Control cloud apps with policies Step 4 - Personalize your experience Step 5 - Organize the data according to your needs
What is the Azure AD default directory quota for a verified domain?
The default quota for a verified domain is 300k objects.
What is the Azure AD default directory quota for an unverified domain?
The default quota for an unverified domain is 50k objects.
What is password synchronization?
The on-premises AD provides a hash of the user's password to Azure AD. When the user signs in, Azure AD validates the password against this hash.
What is the purpose of Azure AD Connect?
The purpose of Azure AD Connect to enable coexistence between your on-premises Active Directory environment and Microsoft 365 in the cloud.
true/false: The ADFS farm should be located in the internal network and be domain joined.
True.
true/false: The Web Application Proxy (WAP) should be located in the perimeter network.
True.
true/false: ADFS can be fully deployed in Azure.
True. However, a VPN connection may be required to the local environment.
What is a good way to test ADFS connectivity from a browser?
Use the ADFS IdP-Initiated sign on page. Note that by default, this page is disabled, so it will need to be enabled to perform this test.
ou need to identify the users against which you can use Attack Simulator.
User3 and User4 only
What database is recommended for most ADFS deployments?
WID (Windows Internal Database)
You need to ensure that the users can use the new label to protect their email.
Wait six hours and ask the users to try again
You have a Microsoft 365 subscription. You need to create data loss prevention (DLP) queries in Microsoft SharePoint Online to find sensitive data stored in sites. Which type of site collection should you create first?
Which type of site collection should you create first? A. Records Center B. Compliance Policy Center IT Certification Guaranteed, The Easy Way! 40 *C. eDiscovery Center* D. Enterprise Search Center E. Document Center *Answer: C*
What is the minimum domain functional level for deploying ADFS?
Windows Server 2008
What is the minimum OS that Azure AD Connect can be installed on?
Windows Server 2008 (for password sync or password write-back, Windows Server 2008 R2)
THIS--You ASSIGN the eDiscovery Manager role to Admin1, and then create an eDiscovery case. "
Y
THIS--You recommend assigning the Compliance Manager Reader role to User1.
Y
You create a new label in the global policy and instruct the user to resend the email message.
Y
You modify the privacy profile and then create a DSR case.
Y
You run the Set-Mailbox -Identity "User1" -AuditEnabled $true command.
Y
You use the APPLICATION event log on Server1.
Y
"External users can access File1 The users in contoso.com can access File2 External users can access File3"
YNN
"File1 triggers an alert from Policy1 File2 triggers an alert from Policy1 File3 triggers an alert from Policy1 "
YNN
"User1 can run an anti-virus scan on Device1 User2 can collect an investigative package from Device2 User3 can isolate Device1."
YNN
Dev2,Dev5,Dev6
YNY
"In Montreal office In the Seattle office In the New York office"
YYN
"Users can access the file on Jan 15, 2019 Administrator can recover the file on Apr 15, 2019 Administrator can recover the file on Apr 15, 2020"
YYN
Application Admin Role
YYN
Which of the following strategies can be used to help prevent malicious elevation of privilege? (Select 3) [A] Multi-factor authentication [B] Account isolation [C] Minimize the number of global admin members to no less than 2 and no more than 5 [D] Malicious insider identification [E] Variable password mitigation [F] Minimize the use of multiple users logging on to the same computer
[A] Multi-factor authentication [C] Minimize the number of global admin members to no less than 2 and no more than 5 [F] Minimize the use of multiple users logging on to the same computer
Account credentials and personal computers can become compromised through which of the following methods? (Select 3) [A] Phishing [B] Running failed code [C] Firmware embedding [D] Spoofing [E] Malicious attachments [F] Hardware drivers
[A] Phishing [D] Spoofing [E] Malicious attachments
Which of the following features are designed to prevent malware by protecting users from malicious emails and attachments? (Select 2) [A] Advanced Security Management [B] Advanced Threat Protection [C] Threat Intelligence [D] Auditing and alerts [E] Exchange Online Protection
[B] Advanced Threat Protection [E] Exchange Online Protection
Which of the following strategies can be used to help prevent data deletion? (Select 2) [A] Back up mission critical data to online stores [B] Elevation of privilege [C] Build redundancies into data management processes [D] Role-based delegation
[B] Elevation of privilege [C] Build redundancies into data management processes
Which of the following are methods for preventing data exfiltration? (Select 3) [A] Create safe attachment Policies [B] Ensure that you have a process for backing up mission critical data [C] Use Access Control Lists to ensure that document libraries are restricted to only named individuals [D] Configure external sharing policies [E] Use least privilege by granting only the required minimum privilege to the smallest group of users that you can
[C] Use Access Control Lists to ensure that document libraries are restricted to only named individuals [D] Configure external sharing policies [E] Use least privilege by granting only the required minimum privilege to the smallest group of users that you can
You need to enforce Microsoft Azure Multi-Factor Authentication (MFA) by using conditional access for all users who are NOT physically present in the office.
a named location in Azure Active Directory (Azure AD)
Which type of Cloud App Security policy should you create?
a session policy
You need to recommend a solution to protect the sign-ins of Admin1 and Admin2.
a user risk policy
Which additional property should you include in the Content Search query?
itemclass:ipm.post
What are the minimum and maximum number of days before password expiration that Microsoft 365 can be set to send a warning?
minimum = 1 day maximum = 30 days
What are the minimum and maximum number of days until user password expiration that can be set in Microsoft 365?
minimum = 14 days maximum = 730 days
ou need to ensure that the labels will be available for manual assignment as soon as possible.
run Start-ManagedFolderAssistant
You need to provide the administrator with the Azure information required to deploy the sensors.
the URL of the Azure ATP admin center