Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the Exchange Administrator role.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You have a Microsoft 365 E5 subscription.
From Azure AD Privileged Identity Management (PIM), you configure Role settings for the Global Administrator role as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
 
The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)
 
User2 fails to authenticate to Azure AD when signing in as
user2@fabrikam.com
.
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Microsoft Entra admin center, you assign User2 the Security Reader role. You instruct User2 to sign in as
user2@contoso.com
.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription.
You need to be notified to your personal email address when a Microsoft Exchange Online service issue occurs.
What should you do?

A. From the Exchange admin center, create a contact.

B. From the Microsoft Outlook client, configure an Inbox rule.

C. From the Microsoft 365 admin center, update the technical contact details.

D. From the Microsoft 365 admin center, customize the Service health settings.

HOTSPOT -
You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 is configured as shown in the following exhibit.
 
An external user named User1 has an email address of
user1@outlook.com
.
You need to add User1 to Group1.
What should you do first, and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that uses Microsoft Intune.
You need to access service health alerts from a mobile phone.
What should you use?

A. the Microsoft Authenticator app

B. the Microsoft 365 Admin mobile app

C. Intune Company Portal

D. the Intune app

HOTSPOT
-
You have a Microsoft 365 subscription.
You plan to update the EmployeeType attribute for all the users in a group named Contractors. You retrieve the GroupId value of the Contractors group.
You need to use Microsoft Graph PowerShell to retrieve all the Contractors group users and set their EmployeeType attribute to Part-time.
How should you complete the PowerShell script? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You need to ensure that users are prevented from opening or downloading malicious files from Microsoft Teams, OneDrive, or SharePoint Online.
What should you do?

A. Create a new Anti-malware policy.

B. Configure the Safe Links global settings.

C. Create a new Anti-phishing policy.

D. Configure the Safe Attachments global settings.

You have a Microsoft 365 E5 tenant.
You need to create a policy that will trigger an alert when unusual Microsoft Office 365 usage patterns are detected.
What should you use to create the policy?

A. the Microsoft Apps admin center

B. the Microsoft Purview compliance portal

C. the Microsoft 365 admin center

D. the Microsoft 365 Defender portal

You have a Microsoft 365 tenant that contains a Windows 10 device. The device is onboarded to Microsoft Defender for Endpoint.
From Microsoft 365 Defender portal, you perform a security investigation.
You need to run a PowerShell script on the device to collect forensic information.
Which action should you select on the device page?

A. Collect investigation package

B. Go hunt

C. Initiate Live Response Session

D. Initiate Automated Investigation

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.
 
You configure Azure AD Connect to sync contoso.com to Azure AD.
Which objects will sync to Azure AD?

A. Group1 only

B. User1 and User2 only

C. Group1 and User1 only

D. Group1, User1, and User2

You have a Microsoft 365 E5 subscription.
Your company’s Microsoft Secure Score recommends the actions shown in the following exhibit.
 
You select Create Safe Links policies for email messages and change Status to Risk accepted in the Status & action plan settings.
How does the change affect the Secure Score?

A. remains the same

B. increases by 1 point

C. increases by 9 points

D. decreases by 1 point

E. decreases by 9 points

You have a Microsoft 365 subscription.
All users are assigned Microsoft 365 Apps for enterprise licenses.
You need to ensure that reports display the names of users that have activated Microsoft 365 apps and on how many devices.
What should you modify in the Microsoft 365 admin center?

A. the Reports reader role

B. Organization information

C. Org settings for Privacy profile

D. Org settings for Reports

HOTSPOT -
You have a Microsoft 365 tenant.
You create a retention label as shown in the Retention Label exhibit. (Click the Retention Label tab.)
 
You create a label policy as shown in the Label Policy exhibit. (Click the Label Policy tab.)
 
The label policy is configured as shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2.
You plan to configure a data loss prevention (DLP) strategy that meets the following requirements:
• Members of Group1 must be prevented from sharing documents that contain credit card numbers.
• Members of Group2 must be prevented from sharing documents that are classified as internal by Microsoft Purview Information Protection.
• The solution must minimize administrative effort.
You need to create a DLP policy for each group.
Which condition should you add to each DIP policy rule for each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription.
You need to recommend a solution for monitoring and reporting application access. The solution must meet the following requirements:
• Support KQL for querying data.
• Retain report data for at least one year.
What should you include in the recommendation?

A. a security report in Microsoft 365 Defender

B. Endpoint analytics

C. Microsoft 365 usage analytics

D. Azure Monitor workbooks

HOTSPOT
-
Overview
-
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named A. Datum Corporation.
Environment
-
On-Premises Environment
-
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.
 
The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud Environment
-
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure AD Premium P2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
• Password hash synchronization is enabled.
• Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.
 
Self-service password reset (SSPR) is enabled.
The Azure AD tenant has Security defaults enabled.
Problem Statements
-
Litware identifies the following issues:
• Admin1 cannot create conditional access policies.
• Admin4 receives an error when attempting to use SSPR.
• Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Requirements
-
Planned Changes
-
Litware plans to implement the following changes:
• Implement Microsoft Intune.
• Implement Microsoft Teams.
• Implement Microsoft Defender for Office 365.
• Ensure that users can install Office 365 apps on their device.
• Convert all the Windows 10 Pro devices to Windows 10 Enterprise ES.
• Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.
Technical Requirements
-
Litware identifies the following technical requirements:
• Administrators must be able to specify which version of an Office 365 desktop app will be available to users and to roll back to previous versions.
• Only Admin2 must have access to new Office 365 service and feature updates before they are released to the company.
• Litware users must be able to invite A. Datum users to participate in the following activities:
• Join Microsoft Teams channels.
• Join Microsoft Teams chats.
• Access shared files.
• Just in time access to critical administrative roles must be required.
• Microsoft 365 incidents and advisories must be reviewed monthly.
• Office 365 service status notifications must be sent to Admin2.
• The principle of least privilege must be used.
You need to ensure that Admin4 can use SSPR.
Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You plan to create a Conditional Access policy that will use GPS-based named locations.
Which users can the policy protect?

A. User2 and User4 only

B. User1, User2, User3, and User4

C. User1 only

D. User1 and User3 only

You have a Microsoft 365 subscription that uses retention policies.
You implement a preservation lock on a retention policy that is assigned to all executive users.
Which two actions can you perform on the retention policy after you implemented the preservation lock? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Add locations to the policy.

B. Reduce the duration of policy.

C. Remove locations from the policy.

D. Extend the duration of the policy.

E. Disable the policy.

Your network contains an Active Directory forest named contoso.local.
You have a Microsoft 365 subscription.
You plan to implement a directory synchronization solution that will use password hash synchronization.
From the Microsoft 365 admin center, you successfully verify the contoso.com domain name.
You need to prepare the environment for the planned directory synchronization solution.
What should you do first?

A. From the Microsoft 365 admin center, verify the contoso.local domain name.

B. From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.

C. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.

D. From Active Directory Users and Computers, modify the UPN suffix for all users.

HOTSPOT
-
You have a Microsoft 365 E5 tenant that contains a Microsoft SharePoint site named Site1. Site1 contains the files shown in the following table.
 
You create a sensitivity label named Sensitivity1 and an auto-label policy that has the following configurations:
• Name: AutoLabel1
• Label to auto-apply: Sensitivity1
• Choose locations where you want to apply the label: Site1
The Define content that contains sensitive info settings for AutoLabel1 is shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.
When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.
 
You need to enable user access to the partner company's portal.
Which Microsoft Defender for Endpoint setting should you modify?

A. Alert notifications

B. Alert suppression

C. Custom detections

D. Advanced hunting

E. Indicators

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant contains the users shown in the following table.
 
You create and assign a data loss prevention (DLP) policy named Policy1. Policy1 is configured to prevent documents that contain Personally Identifiable Information (PII) from being emailed to users outside your organization.
To which users can User1 send documents that contain PII?

A. User2 only

B. User2 and User3 only

C. User2, User3, and User4 only

D. User2, User3, User4, and User5

HOTSPOT
-
You have a Microsoft 365 Enterprise E5 subscription.
You add a cloud-based app named App1 to the Azure AD enterprise applications list.
You need to ensure that two-step verification is enforced for all user accounts the next time they connect to App1.
Which three settings should you configure from the policy? To answer, select the appropriate settings in the answer area,
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription.
You plan to implement Microsoft Purview Privileged Access Management.
Which Microsoft Office 365 workloads support privileged access?

A. Microsoft Exchange Online only

B. Microsoft Teams only

C. Microsoft Exchange Online and SharePoint Online only

D. Microsoft Teams and SharePoint Online only

E. Microsoft Teams, Exchange Online, and SharePoint Online

You have a Microsoft 365 E5 tenant.
You create a retention label named Retention1 as shown in the following exhibit.
 
You apply Retention1 to all the Microsoft OneDrive content.
On January 1, 2020, a user stores a file named File1 in OneDrive.
On January 10, 2020, the user modifies File1.
On February 1, 2020, the user deletes File1.
When will File1 be removed permanently and unrecoverable from OneDrive?

A. February 1, 2020

B. July 1, 2020

C. July 10, 2020

D. August 1, 2020

Your on-premises network contains an Active Directory domain.
You have a Microsoft 365 subscription.
You need to sync the domain with the subscription. The solution must meet the following requirements:
On-premises Active Directory password complexity policies must be enforced.
Users must be able to use self-service password reset (SSPR) in Azure AD.
What should you use?

A. password hash synchronization

B. Azure AD Identity Protection

C. Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)

D. pass-through authentication

HOTSPOT
-
Your network contains an on-premises Active Directory domain that is synced to Azure AD as shown in the following exhibit.
 
An on-premises Active Directory user account named Allan Yoo is synchronized to Azure AD. You view Allan’s account from Microsoft 365 and notice that his username is set to
Allan@adatum.onmicrosoft.com
.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Overview -
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named A. Datum Corporation.
Environment -
On-Premises Environment -
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.
 
The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud Environment -
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure AD Premium P2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
• Password hash synchronization is enabled.
• Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.
 
Self-service password reset (SSPR) is enabled.
The Azure AD tenant has Security defaults enabled.
Problem Statements -
Litware identifies the following issues:
• Admin1 cannot create conditional access policies.
• Admin4 receives an error when attempting to use SSPR.
• Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Requirements -
Planned Changes -
Litware plans to implement the following changes:
• Implement Microsoft Intune.
• Implement Microsoft Teams.
• Implement Microsoft Defender for Office 365.
• Ensure that users can install Office 365 apps on their device.
• Convert all the Windows 10 Pro devices to Windows 10 Enterprise ES.
• Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.
Technical Requirements -
Litware identifies the following technical requirements:
• Administrators must be able to specify which version of an Office 365 desktop app will be available to users and to roll back to previous versions.
• Only Admin2 must have access to new Office 365 service and feature updates before they are released to the company.
• Litware users must be able to invite A. Datum users to participate in the following activities:
• Join Microsoft Teams channels.
• Join Microsoft Teams chats.
• Access shared files.
• Just in time access to critical administrative roles must be required.
• Microsoft 365 incidents and advisories must be reviewed monthly.
• Office 365 service status notifications must be sent to Admin2.
• The principle of least privilege must be used.
You need to configure Azure AD Connect to support the planned changes for the Montreal Users and Seattle Users OUs.
What should you do?

A. From PowerShell, run the Add-ADSyncConnectorAttributeInclusion cmdlet.

B. From the Microsoft Azure AD Connect wizard, select Manage federation.

C. From the Microsoft Azure AD Connect wizard, select Customize synchronization options.

D. From PowerShell, run the Start-ADSyncSyncCycle cmdlet.

HOTSPOT
-
Your company has an Azure AD tenant named contoso.onmicrosoft.com that contains the users shown in the following table.
 
You need to identify which users can perform the following administrative tasks:
• Reset the password of User4.
• Modify the value for the manager attribute of User4.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You have a Microsoft 365 E5 subscription.
From Azure AD Identity Protection on August 1, you configure a Multifactor authentication registration policy that has the following settings:
Assignments: All users -
Controls: Require Azure AD multifactor authentication registration
Enforce Policy: On -
On August 3, you create two users named User1 and User2.
Users authenticate by using Azure Multi-Factor Authentication (MFA) for the first time on the dates shown in the following table.
 
By which dates will User1 and User2 be forced to complete their Azure MFA registration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the Teams Administrator role.
Does this meet the goal?

A. Yes

B. No

You have an Azure AD tenant that contains the users shown in the following table.
 
You need to compare the permissions of each role. The solution must minimize administrative effort.
Which portal should you use?

A. the Microsoft Purview compliance portal

B. the Microsoft 365 admin center

C. the Microsoft 365 Defender portal

D. the Microsoft Entra admin center

You have a Microsoft 365 E5 subscription that contains the following user:
Name: User1 -
UPN:
user1@contoso.com
-
Email address:
user1@marketmg.contoso.com
MFA enrollment status: Disabled -
When User1 attempts to sign in to Outlook on the web by using the
user1@marketing.contoso.com
email address, the user cannot sign in.
You need to ensure that User1 can sign in to Outlook on the web by using
user1@marketing.contoso.com
.
What should you do?

A. Assign an MFA registration policy to User1.

B. Reset the password of User1.

C. Add an alternate email address for User1.

D. Modify the UPN of User1.

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
 
Which groups can be members of Group1 and Group4? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You configure a multi-factor authentication (MFA) registration policy that has the following settings:
• Assignments:
o Include: Group1
o Exclude: Group2
• Access controls: Require Azure MFA registration
• Enforce Policy: On
You create a conditional access policy that has the following settings:
• Name: Policy 1
• Assignments:
o Include: Group2
o Exclude: Group1
• Access controls:
o Grant, Require multi-factor authentication
• Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
A Built-in protection preset security policy is applied to the subscription.
Which two policy types will be applied by the Built-in protection policy? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Anti-malware

B. Safe Attachments

C. Safe Links

D. Anti-phishing

E. Anti-spam

HOTSPOT
-
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365.
You need to automate Attack simulation training for users when a phishing campaign is detected in real-time.
Which type of automation should you use, and which condition should you configure for the Attack simulation training? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription.
Users access Microsoft 365 from both their laptop and a corporate Virtual Desktop Infrastructure (VDI) solution.
From Azure AD Identity Protection, you enable a sign-in risk policy.
Users report that when they use the VDI solution, they are regularly blocked when they attempt to access Microsoft 365.
What should you configure?

A. the Tenant restrictions settings in Azure AD

B. a trusted location

C. a Conditional Access policy exclusion

D. the Microsoft 365 network connectivity settings

You have a Microsoft 365 E5 tenant.
You configure sensitivity labels.
Users report that the Sensitivity button is unavailable in Microsoft Word for the web. The Sensitivity button is available in Microsoft 365 Word.
You need to ensure that the users can apply the sensitivity labels when they use Word for the web.
What should you do?

A. Enable sensitivity labels for files in Microsoft SharePoint and OneDrive.

B. Publish the sensitivity labels.

C. Copy policies from Azure Information Protection to the Microsoft Purview compliance portal.

D. Create an auto-labeling policy.

HOTSPOT
-
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You need to identify the settings that are configured less secure than the Standard protection profile settings in the preset security policies.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Your network contains an on-premises Active Directory domain named contoso.com.
For all user accounts, the Logon Hours settings are configured to prevent sign-ins outside of business hours.
You plan to sync contoso.com to an Azure AD tenant
You need to recommend a solution to ensure that the logon hour restrictions apply when synced users sign in to Azure AD.
What should you include in the recommendation?

A. pass-through authentication

B. conditional access policies

C. password synchronization

D. Azure AD Identity Protection policies

HOTSPOT -
You have a Microsoft 365 E5 tenant.
You need to ensure that administrators are notified when a user receives an email message that contains malware. The solution must use the principle of least privilege.
Which type of policy should you create, and which Microsoft Purview solutions role is required to create the policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Overview -
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment -
Active Directory Environment -
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication. Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of
username@fabrikam.com
.
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure -
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as DNS servers.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements -
Planned Changes -
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements -
Fabrikam identifies the following technical requirements:
All users must be able to exchange email messages successfully during Project1 by using their current email address.
Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal.
Microsoft 365 Apps for enterprise applications must be installed from a network share only.
Disruptions to email access must be minimized.
Application Requirements -
Fabrikam identifies the following application requirements:
An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.
The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.
Security Requirements -
Fabrikam identifies the following security requirements:
After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed from the group automatically.
After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
The principle of least privilege must be used.
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created while adding a domain name for the project.
Which DNS record should you recommend?

A. host (A)

B. host information (HINFO)

C. text (TXT)

D. pointer (PTR)

Overview -
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment -
Active Directory Environment -
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication. Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of
username@fabrikam.com
.
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure -
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as DNS servers.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements -
Planned Changes -
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements -
Fabrikam identifies the following technical requirements:
All users must be able to exchange email messages successfully during Project1 by using their current email address.
Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal.
Microsoft 365 Apps for enterprise applications must be installed from a network share only.
Disruptions to email access must be minimized.
Application Requirements -
Fabrikam identifies the following application requirements:
An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.
The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.
Security Requirements -
Fabrikam identifies the following security requirements:
After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed from the group automatically.
After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
The principle of least privilege must be used.
You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2.
Which authentication strategy should you implement for the pilot projects?

A. pass-through authentication

B. pass-through authentication and seamless SSO

C. password hash synchronization and seamless SSO

D. password hash synchronization

You have a Microsoft 365 subscription.
You have an Azure AD tenant that contains the users shown in the following table.
 
You configure Tenant properties as shown in the following exhibit.
 
Which users will be contacted by Microsoft if the tenant experiences a data breach?

A. User1 only

B. User2 only

C. User3 only

D. User1 and User2 only

E. User2 and User3 only

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You create an administrative unit named AU1 that contains the members shown in the following exhibit.
 
The User Administrator role has the assignments shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription.
You plan to use Adoption Score and need to ensure that it can obtain device and software metrics.
What should you do?

A. Enable privileged access.

B. Enable Endpoint analytics.

C. Configure Support integration.

D. Run the Microsoft 365 network connectivity test on each device.

DRAG DROP
-
Your company has an Azure AD tenant named contoso.onmicrosoft.com.
You purchase a domain named contoso.com from a registrar and add all the required DNS records.
You create a user account named User1. User1 is configured to sign in as
user1@contoso.onmicrosoft.com
.
You need to configure User1 to sign in as
user1@contoso.com
.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 

Your network contains an Active Directory domain and an Azure AD tenant.
The network uses a firewall that contains a list of allowed outbound domains.
You begin to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
• *.microsoft.com
• *.office.com
Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. From the firewall, modify the list of allowed outbound domains.

B. From Azure AD Connect, modify the Customize synchronization options task.

C. From the firewall, create a list of allowed inbound domains.

D. Deploy an Azure AD Connect sync server in staging mode.

E. From the firewall, allow the IP address range of the Azure data center for outbound communication.