1
Your network contains an on-premises Active Directory forest name contoso.com The forest contains the following domains: Contoso.com East.contoso.com
An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.
You deploy a new domain named west.contoso.com to the forest.
You need to ensure that west.contoso.com syncs to the Azure AD tenant.
Solution: From the AD Connect server in contoso.com, you return the setup wizard and include the west.contoso.com domain.
Does this meet the goal?
- Yes
- No
What is No
You have Windows 10 devices that are managed by using Microsoft Endpoint Manager. All the devices have Microsoft Office 365 apps installed.
You need to configure the proofing tool settings for the Office 365 apps.
From the Microsoft Endpoint Manager admin center, what should you create?
- a device compliance policy
- an app
- a device configuration policy
- an app configuration policy
What is an app configuration policy
You start a new migration batch.
Users report slow performance when they use the on-premises Exchange Server organization
You discover that the migration is causing the slow performance
You need to reduce the impact of the mailbox migration on the end-users
What should you do?
- Configure back pressure
- Modify the migration endpoint settings
- Create a throttling policy
- Create a mail flow rule
What is modify the migration endpoint settings
Your company's Microsoft 365 tenant included Microsoft Exchange Online
You have been tasked with enabling calendar sharing with a partner organization, who also has a Microsoft 365 tenant
You have to make sure that users in the partner organization has access to the calendar of every user instantly
Which of the following actions should you take?
- Run the set-SPOSite cmdlet
- Configure a new organization relationship via Exchange admin center
- Configure a conditional access policy via Exchange admin center
- Configure the sharing settings via Exchange admin center
What is Configure a new organization relationship via Exchange admin center
You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device
You need to view which users authenticated by using multi-factor authentication
What should you do?
- From the Azure Active Directory admin center. view the user sign-ins
- From the Microsoft 365 admin center view the Security and Compliance reports
- From the Azure Active Directory admin center view the Security & Compliance reports
-From the Microsoft 365 admin center view the usage reports
What is From the Azure Active Directory admin center. view the user sign-ins
You have a Microsoft 365 E5 subscription
You need to ensure that users are promoted for multi-factor authentication (MFA) when they attempt to access Microsoft SharePoint Online resources. Users must NOT be prompted for MFA when they attempt to access other Microsoft 365 services.
What should you do?
- From the Cloud App Security admin center create an app access policy
- From the Azure Active Directory admin center, create a conditional access policy
- From the Microsoft Endpoint Manager admin center, create an app protection policy
- From the multi-factor authentication page, configure the users settings
What is From the Azure Active Directory admin center, create a conditional access policy
You plan to onboard all the devices to Windows Defender ATP data in Europe
What should you do first?
- Onboard a new device
- Create a workspace
- Offboard the test devices
- Delete the workspace
What is Offboard the test devices
From the Security and Compliance admin center, you create a content search of all the mailboxes that contain the work ProjectX
You need to export the results of the content search
What do you need to download the report?
- A password
- An export key
- A certification authority certificate
- A user certificate
What is An export key
You need an app named App1 to the enterprise applications in contoso.com
You need to configure self-service app access to App1
What should you do first?
- Add an owner to App1
- Configure an SSO method for App1
- Configure the provisioning mode for App1
- Assign App1 to users and groups
What is Configure the provisioning mode for App1
You need to configure just in time access to meet the technical requirements
What should you use?
- Azure AD Identify Protection
- Entitlement Management
- Azure AD Privileged Identity Management (PM)
- Access Reviews
What is Azure AD Privileged Identity Management (PM)
You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON
A tenant user has submitted a fraud alert for his account
Which of the following is the length of time that the users account will automatically be blocked for?
- 1 week
- 24 hours
- 90 days
- 1 month
What is 90 days
You have been tasked with making sure that sales department users are compelled to make use of multi-factor authentication for all cloud-based applications
Which of the following actions should you take?
- You should create a new app registration
- You should create a DLP
- You should create a session policy
- You should create a sign-on risk policy
What is You should create a sign-on risk policy
You recently configured a Microsoft SharePoint Online tenant in the subscription
You plan to create an alert policy
You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes.
What should you do first?
- Enable Microsoft Office 365 Cloud App Security
- Enable Microsoft Office 365 Analytics
- Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP)
What is Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP)
In the tenant, you create a user name User1
You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege
To which role group should you add User1?
- Security Administrator
- eDiscovery Manager
- Records Management
- Compliance Administrator
What is Compliance Administrator
You need to identify which users performed the following privileged administration tasks
.Deleted a folder from the second-stage Recycle Bin if Microsoft PoweraPoint
.Opened a mailbox of which the user was not the owner
.Reset a user password
What should you use?
- Security & Compliance audit log search
- Microsoft Azure AD audit logs
- Security & Compliance content search
- Microsoft Azure AD sign-ins
What is Microsoft Azure AD audit logs
An external vendor has a Microsoft account that has a username of user1@outlook.com
You plan to provide user1@outlook.com with access to several resources in the subscription
You need to add the external user account to contoso.onmicrosoft.com. The solution must ensure that the external vendor can authenticate by using user1@outlook.com.
What should you do?
- From the Azure portal, add a custom domain name and then create a new Azure AD user and user1@outlook.com as the username
- From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address
-From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify -UserPrincipalName user1@outlook.com
- From the Microsoft 365 admin center, add a contact, and then specify user1@outlook.com as the email address
What is From the Azure portal, add a new guest user, and then specify user1@outlook.com as the email address
Your companys Microsoft Azure AD tenant includes four users that are configured with the Privileged role administrator, the User administrator, the Security administrator, and the Billing administrator roles respectively,
A security group has been included in the tenant for the purpose of managing administrative accounts
Which of the four roles can be used with the Security administrator role to the security group?
- The Security administrator role
- Billing administrator role
- The User administrator role
- Privileged role administrator role
What is The User administrator role
.Android 8.0 Android 8.1.0 and Android 9
.iOS 12 and ios 13
.MacOS 10.14
.Windows 10
You need to deploy M365 apps to the devices.
From the Microsoft Endpoint Manager admin center, what is the minimum number of apps you should create?
- 4
- 1
- 3
- 7
What is 4
You have a M365 subscription. You have a username User1.
You need to ensure that User1 can place a hold on all mailbox content.
What permission should you assign User1?
- the eDiscovery Manager role from the Security & Compliance admin center
- the Compliance Management role from the Exchange admin center
- the User management administrator role from the M365 admin center
- the Information Protection administrator role from the Azure AD admin center
What is the eDiscovery Manager role from the Security & Compliance admin center
You publish an enterprise application named App1 that processes financial data
You need to ensure that access to App1 is revoked for users who no longer require viewing the process financial data
What should you configure?
- A conditional access policy
- An owner
- An app protection policy
- An access review
What is An access review
You have recently configured a conditional access policy to force mobile device users to use multi-factor authentication when accessing Microsoft SharePoint.
To check who used multi-factor authentication to authenticate, you view the Usage Reports from Azure Active Directory admin center
Select "No adjustment required" if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
- Event logs
- Audit Logs
- User sign-ins
- No adjustment required
What is User sign-ins
Your company has a security policy that prevents additional software from being installed on domain controllers
You need to monitor a domain controller by using Microsoft Azure (ATP)
What should you do? Select the BEST Answer
- Deploy an Azure ATP, standalone sensor and then configure port mirroring
- Deploy an Azure ATP sensor, and then configure detections
- Deploy an Azure ATP sensor, and then configure port mirroring
- Deploy an Azure ATP standalone sensor, and then configure detections
What is Deploy an Azure ATP sensor, and then configure detections
A new corporate security policy states that you must automatically send DLP incident reports to the users in the legal department.
You need to schedule the email delivery of the reports. The solution must ensure that the reports are sent as frequently as possible.
How frequently can you schedule the delivery of the reports?
- Monthly
- Hourly
- Daily
- Weekly
What is weekly
You need to identify all the users in the subscription who are licensed for M365 through a group membership. The solution must include the name of the group used to assign the license.
What should you use?
- Active users in the M365 admin center
- Reports in the M365 admin center
- The licenses blade in the Azure portal
- Reports in Security & Compliance admin center
What is The licenses blade in the Azure portal
You need to identify an authentication strategy for the planned M365 deployment. The solution must meet the following requirements.
.Ensure that users can access M365 by using their on-premises credentials
.Use the existing server infrastructure only
.Store all user passwords on-premises only
.Be highly available
Which authentication strategy should you identify?
- Password hash synchronization and seamless SSO
- Federation
- Password has synchronization and seamless SSO
- Pass-through authentication and seamless SSO
What is Pass-through authentication and seamless SSO