You need to generate a report for the mobile devices that meets the technical requirements.
Which PowerShell cmdlet should you use?

A. Get-DevicePolicy

B. Get-MobileDevice

C. Get-MobileDeviceStatistics

D. Get-DeviceTenantPolicy

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Exchange Server 2019 hybrid deployment. All user mailboxes are hosted in Microsoft 365. All outbound SMTP email is routed through the on-premises Exchange organization.
A corporate security policy requires that you must prevent credit card numbers from being sent to internet recipients by using email.
You need to configure the deployment to meet the security policy requirement.
Solution: From the Exchange organization, you create a data loss prevention (DLP) policy.
Does this meet the goal?

A. Yes

B. No

DRAG DROP -
You have a hybrid deployment of Microsoft Exchange Server 2019.
You need to migrate 500 users to Exchange Online. The details of the users are stored in a file named C:Users.csv.
How should you complete the PowerShell commands? To answer, drag the appropriate cmdlets to the correct targets. Each cmdlet may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

DRAG DROP -
You purchase a Microsoft 365 subscription.
You create mailboxes for 10 users. Each user has a PST file stored in a network share.
You need to migrate the PST files to the mailboxes.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
NOTE: More than one order of answer choices is correct. You will receive credit for any of the correct orders you select.
Select and Place:
 

You have a Microsoft 365 subscription.
A safe attachments policy that uses Dynamic Delivery is applied to all recipients who match your SMTP domains.
You need to prevent attachments from being scanned when internal users send email to one another.
What should you do?

A. From the Exchange admin center, create a transport rule.

B. From the Exchange admin center, modify the malware filter.

C. From the Security & Compliance admin center, modify the safe attachments policy.

D. From the Security & Compliance admin center, modify the Service assurance settings.

You have a Microsoft Exchange Online tenant.
The tenant has the following Exchange ActiveSync configurations.
 
Which mail client can Android device users use?

A. both native Exchange ActiveSync clients and Microsoft Outlook for Android

B. Microsoft Outlook for iOS and Android only

C. native Exchange ActiveSync clients only

D. neither native Exchange ActiveSync clients nor Microsoft Outlook for Android

HOTSPOT
-
You have a Microsoft Exchange Online tenant that contains two groups named Group1 and Group2.
You need to ensure that the members of Group1 and Group2 can perform the following tasks:
•	The Group1 members must be able to audit logs, view retention policies, and modify Information Rights Management (IRM).
•	The Group2 members must be able to perform mailbox searches and place legal holds on Exchange data that meets specific criteria.
The solution must follow the principle of least privilege.
To which role group should you add each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft Exchange Online tenant that contains 1,000 users.
A user recently sent an email message that was never received by a recipient on the internet.
From the Exchange admin center, you successfully run a message trace but cannot see the message in the trace.
What is the most likely reason why the message fails to appear in the message trace?

A. The user addressed the message to multiple internal and external recipients.

B. The message is in the user’s Outbox folder.

C. Your administrative user account requires additional rights.

D. The user encrypted the email message.

HOTSPOT
-
You have a hybrid deployment between a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 organization. The deployment contains mailboxes.
You need to configure hybrid mail flow to meet the following requirements:
• All email received from the internet must be filtered for spam by using Exchange Online Protection (EOP).
• Both the on-premises Exchange organization and Microsoft 365 must be authorized to send email on behalf of the domain.
Which type of DNS record should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You have a hybrid deployment of Microsoft Exchange Server 2019.
You need to configure modern attachments for Outlook on the web.
From Exchange Management Shell, which cmdlet should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft Exchange Online tenant that contains 1,000 user mailboxes and 10 mail-enabled users. The mail-enabled users have email addresses in two SMTP domains named fabrikam.com and contoso.com.
You need to convert the mail-enabled users into user mailboxes.
What should you do first?

A. Remove the remote domains of fabrikam.com and contoso.com.

B. Assign a license to each user.

C. Add the users to an Office 365 group.

D. Modify the email forwarding settings of each user.

You recently implemented a hybrid deployment that contains a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 server named
Server1. The public IP address of Server1 is 131.107.1.100.
The deployment is configured as shown in the following table.
 
Users hosted in Microsoft 365 report that they receive non-delivery reports (NDRs) when they attempt to send email messages to mailboxes hosted in Exchange
Server 2019.
You need to ensure that the email is delivered successfully. The solution must ensure that email delivery is successful for all the users at your company.
What should you do?

A. Configure the remote domain to use a value of contoso.com.

B. Modify the MX record to point to the internal Exchange servers.

C. Configure the Outbound connector to use a smart host of 131.107.1.100.

D. Configure the accepted domain to use a value of *.

DRAG DROP -
You have a Microsoft 365 subscription.
You need to modify the anti-spam settings to meet the following requirements:
✑ Quarantine spam for 30 days.
✑ Notify administrators if users are blocked for sending spam.
✑ Every three days, provide users with a report that details which email messages were identified as spam.
Which spam filter policy should you modify to meet each requirement? To answer, drag the appropriate policies to the correct requirements. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

HOTSPOT -
You have a Microsoft Exchange Server 2019 hybrid deployment.
You run the Get-HybridConfiguration cmdlet and receive the output shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
You have a Microsoft Exchange Online tenant.
You have an on-premises scanner that emails scanned documents by using SMTP.
You need to create a Microsoft Office 365 SMTP relay to route email from the scanner to the internet. The solution must ensure that the connector accepts only email sent by the scanner.
How should you configure the connector? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT
-
You have a Microsoft Exchange Online tenant that contains a group named Tier1ServiceDesk.
You have an Azure AD administrative unit named US that contains only users in the United States.
You need to ensure that Tier1ServiceDesk can manage recipient email addresses for only the users in US. The solution must use the principle of least privilege.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Exchange Server 2019 organization that contains 200 mailboxes.
You need to add a second email address to each mailbox. The address must have a syntax that uses the first letter of each user's last name, followed by the user's first name, and then @fabrikam.com.
Solution: You convert all the mailboxes to shared mailboxes, and then you run the
Set-Mailbox cmdlet and specify the -EmailAddressPolicyEnabled $false parameter.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft Exchange Online tenant that has Office 365 Advanced Threat Protection (ATP) enabled.
The tenant contains a user named Ben Smith who has a UPN of
ben.smith@fabrikam.com
. Ben Smith is protected by using an ATP anti-phishing policy.
Ben Smith reports that emails sent from his personal account of
ben.smith@relecloud.com
are not delivered to his work email account.
You need to ensure that personal emails are delivered to the
ben.smith@fabrikam.com
account.
What should you do?

A. Create a transport rule to assign the MS-Exchange-Organization-PhishThresholdLevel header a value of 2 for the messages received from ben.smith@relecloud.com.

B. Add ben.smith@fabrikam.com as a trusted sender to the ATP anti-phishing policy.

C. Add ben.smith@relecloud.com as a trusted sender to the ATP anti-phishing policy.

D. Add relecloud.com to the ATP anti-phishing list of trusted domains.

You need to email a list of configuration changes to the Exchange Online environment that were recently performed by Allan Deyoung.
What should you do?

A. Run the admin audit log report

B. Run the external admin audit log report

C. Export the admin audit log

D. Run an administrator role group report

E. Export the mailbox audit logs

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid deployment between a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 organization. The deployment uses Azure AD Connect. All incoming email is delivered to Exchange Online.
You have 10 mail-enabled public folders hosted on an on-premises Mailbox server.
Customers receive an error when an email message is sent to a public folder.
You need to ensure that all the mail-enabled public folders can receive email messages from the internet. The solution must ensure that messages can be delivered only to valid recipients.
Solution: Configure the accepted domains as an internal relay.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft Exchange Online tenant.
You need to perform an In-Place eDiscovery search. The solution must meet the following requirements:
✑ Minimize administrative effort.
✑ Search both public folders and mailboxes.
✑ Use an In-Place Hold to place the search results on hold.
What should you do in the Microsoft 365 compliance center?

A. Search the public folders and the mailboxes in a single search, and then place the results on In-Place Hold.

B. Search the public folders first, and then place the results on In-Place Hold. Search the mailboxes second, and then place the results on In-Place Hold.

C. Search the public folders and the mailboxes in a single search. Once the search completes, place only the mailboxes that contain results and the public folders on In-Place Hold.

HOTSPOT -
You have a Microsoft 365 E5 tenant that contains the users shown in the following table.
 
You have a connector for a remote domain named contoso.com as shown in the following exhibit.
 
You have a transport rule as shown in the following exhibit.
 
User1 sends an email message to
user3@contoso.com
that has a subject line containing the word Confidential.
User2 sends an email message to
user4@contoso.com
that has a subject line of New report. The body of the message contains the word confidential.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have an on-premises Microsoft Exchange Server 2019 organization.
You plan to configure the environment to support a hybrid deployment.
You need to ensure that you can migrate mailboxes from the on-premises organization to Exchange Online.
Which two ports should be open between Exchange Online and the on-premises organization? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. 25

B. 80

C. 143

D. 389

E. 443

F. 993

You have a Microsoft Exchange Online tenant.
You plan to place a hold on all email messages stored in the mailbox of a user named User1.
What should you create first?

A. an eDiscovery case

B. a data loss prevention (DLP) policy

C. an information barrier segment

D. a sensitive info type

You have a Microsoft 365 subscription that contains a verified domain named contoso.com.
You have an app named App1 that sends meeting invitations on behalf of users. The invitations are sent from a Microsoft Exchange Online mailbox that has a sender address of
app1@contoso.com
and a reply-to address of the user scheduling the meeting.
You create an anti-phishing policy named Policy1 that includes all the users in contoso.com. Policy1 is configured to protect the domain against impersonation.
You discover that email messages sent from App1 are quarantined.
You need to ensure that App1 can send messages that impersonate any contoso.com user.
How should you modify Policy1?

A. Add app1@contoso.com as a trusted sender.

B. Enable spoof intelligence.

C. Add app1@contoso.com as an excluded user.

D. Enable mailbox intelligence.

You have a Microsoft Exchange Online tenant that contains the groups shown in the following table.
 
Which groups can you upgrade to a Microsoft 365 group?

A. Group1 only

B. Group1, Group2, Group3, and Group4

C. Group2 and Group3 only

D. Group3 only

E. Group1 and Group4 only

DRAG DROP -
You have a Microsoft Exchange Server 2019 organization.
All recipients have an SMTP address in the @adatum.com format.
You purchase a new domain named contoso.com.
You need to configure all the recipients to have a primary SMTP address in the @contoso.com format as soon as possible.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

HOTSPOT -
You have a hybrid deployment of Microsoft Exchange Server 2019 and Microsoft 365 that contains three servers.
All email received from the Internet is sent directly to the servers.
You run the following command.
Get-MalwareFilterPolicy | FL Name,BypassInboundMessages,BypassOutboundMessages,Action,IsDefault
You receive the output shown in the following exhibit.
 
You run the Get-TransportAgent cmdlet and receive the output shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You need to implement a solution to support the planned changes for the branch office administrators.
What should you do?

A. Assign the Mail Recipients role to the branch office administrators and use a default management scope.

B. Assign the Mail Recipients role to the branch office administrators and create a custom management scope.

C. Assign the Recipient Policies role to the branch office administrators and use a default management scope.

D. Assign the Recipient Policies role to the branch office administrators and create a custom management scope.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Exchange Online tenant that uses an email domain named contoso.com.
You need to prevent all users from performing the following tasks:
✑ Sending out-of-office replies to an email domain named fabrikam.com.
✑ Sending automatic replies to an email domain named adatum.com.
The solution must ensure that all the users can send out-of-office replies and automatic replies to other email domains on the internet.
Solution: You create two new remote domains.
Does this meet the goal?

A. Yes

B. No

You need to resolve the email delivery delay issue.
What should you do?

A. From the Security & Compliance admin center, modify the safe attachments policy.

B. From the Exchange admin center in Exchange Online, modify the antimalware policy.

C. From the Exchange admin center in Exchange Online, modify the spam filter policy.

D. From the Security & Compliance admin center, create a supervision policy.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Exchange Online tenant that uses an email domain named contoso.com.
You need to prevent all users from performing the following tasks:
✑ Sending out-of-office replies to an email domain named fabrikam.com.
✑ Sending automatic replies to an email domain named adatum.com.
The solution must ensure that all the users can send out-of-office replies and automatic replies to other email domains on the internet.
Solution: You create one mail flow rule.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You have a Microsoft Exchange Online subscription.
You run the following command.
Set-ActiveSyncOrganizationSettings `"DefaultAccessLevel Block
You run Get-ActiveSyncDeviceAccessRule | fl Identity,AccessLevel,Characteristic,QueryString, and you receive the following output.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
You have a Microsoft Exchange Server 2019 hybrid deployment.
You use Advanced Threat Protection (ATP).
You have safe attachments policies configured as shown in the following table.
 
You have the users shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft Exchange Online tenant.
Remote users report that they receive an error message when they attempt to add their email account to Microsoft Outlook.
You need to confirm that the DNS records resolve correctly for the users.
Which two DNS records should you test? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. autodiscover.outlook.com

B. smtp.office365.com

C. outlook.office365.com

D. security.microsoft365.com

E. portal.office.com

You have a Microsoft Exchange Server 2019 organization.
You run the following commands.
 
You have a user named Admin1.
You need to ensure that Admin1 can manage the mailboxes of users in the Executives organizational unit (OU) only.
What should you do?

A. Modify the membership of VIP Admins.

B. Add Admin1 to the Recipient Management management role group.

C. Move Admin1 to the Executives OU.

D. Create a custom role group.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Exchange Server 2019 hybrid deployment that contains two Mailbox servers named MBX1 and MBX2.
The company has the departments shown in the following table.
 
From the on-premises organization, outbound email is sent directly to the Internet by using DNS lookups.
You are informed that some sales department users send email messages that are identified as spam.
You need to automatically block the sales department users from repeatedly sending spam.
Solution: You run the Install-AntispamAgents.psl PowerShell script on the MBX1 Mailbox server.
Does this meet the goal?

A. Yes

B. No

You have two servers named EXCH1 and EXCH2 that run Windows Server 2012 R2 and have Microsoft Exchange Server 2016 installed.
You purchase a Microsoft 365 subscription. You plan to configure a hybrid deployment between an Exchange Online tenant and the on-premises Exchange Server organization.
You need to identify the prerequisites to installing the Microsoft Hybrid Agent on EXCH1 and EXCH2.
Which two prerequisites should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Enable TLS 1.2.

B. Upgrade the operating system of EXCH1 and EXCH2 to Windows Server 2019.

C. Enable Hybrid Modem Authentication (HMA).

D. Allow outbound HTTPS connections to Microsoft Online Services.

All the users in your company are licensed for Microsoft 365 and connect to their mailbox from client computers that run Windows 10.
The users connect to Outlook on the web by using the following browsers:
✑ Google Chrome
✑ Microsoft Edge
✑ Firefox
You apply restrictions for Outlook on the web sessions by using app protection policies in Microsoft Endpoint Manager, and then you deploy several Outlook Web
App policies.
You need to ensure that the users can continue to connect successfully to their mailbox by using Outlook on the web.
What should you do?

A. Enroll all the computers in Microsoft Intune

B. Instruct all the users to connect by using Microsoft Edge only

C. From Microsoft Cloud App Security, configure a sanctioned application

HOTSPOT
-
You are configuring a hybrid deployment between a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 organization.
The Exchange Server organization contains two servers named Server1 and Server2.
You have a proxy server named Proxy1 that is accessible by using http://proxy1:8080.
You install the Microsoft Hybrid Agent on Server1 and Server2.
You need to ensure that the Hybrid Agent uses only Proxy1 to connect to Microsoft Online Services.
How should you complete the PowerShell command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You run the Get-WebServicesVirtualDirectory cmdlet as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You need to ensure that a user named User1 can review audit reports from the Microsoft 365 security center. User1 must be prevented from tracing messages from the Security admin center.
Solution: You assign the Security administrator role to User1.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You need to ensure that In-Place Archiving is enabled for the marketing department users.
Which user should perform the change, and which tool should the user use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
 
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@abc.com
Microsoft 365 Password: xxxxxx -
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only.
Lab Instance: XXXXXX -
You need to ensure that the users in your tenant can only share calendar availability information with users in the tenant and users in a domain named contoso.com.
To complete this task, sign in to the Microsoft 365 admin center.

DRAG DROP -
You have a Microsoft 365 subscription.
You need to modify the anti-spam settings to meet the following requirements:
✑ Quarantine spam for 30 days.
✑ Notify administrators if users are blocked for sending spam.
✑ Every three days, provide users with a report that details which email messages were identified as spam.
Which spam filter policy should you modify to meet each requirement? To answer, drag the appropriate policies to the correct requirements. Each policy may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Exchange Server 2019 hybrid deployment. All user mailboxes are hosted in Microsoft 365. All outbound SMTP email is routed through the on-premises Exchange organization.
A corporate security policy requires that you must prevent credit card numbers from being sent to internet recipients by using email.
You need to configure the deployment to meet the security policy requirement.
Solution: From Microsoft 365, you create a data loss prevention (DLP) policy.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft Exchange Online tenant.
All users are assigned only an Office 365 Enterprise E3 license.
You need to ensure that the users can use only Microsoft Outlook to connect to their Microsoft 365 mailbox when they connect from an Android device.
What should you create?

A. a conditional access policy in Azure Active Directory (Azure AD)

B. a data loss prevention (DLP) policy

C. an app protection policy Microsoft Endpoint Manager

D. a connection filter policy in Exchange Online Protection (EOP)

You have a Microsoft 365 E5 subscription.
A user attempts to send an email message to an external recipient and receives the following error message: `Your message couldn't be delivered because you weren't recognized as a valid sender. The most common reason for this is that your email address is suspected of sending spam and it's no longer allowed to send messages outside of your organization. Contact your email admin for assistance. Remove Server returned '550 5.1.8 Access denied, bad outbound sender'.`
You need to ensure that the user can send email to external recipients.
What should you use?

A. Threat management in the Security & Compliance admin center.

B. Data loss prevention in the Security & Compliance admin center.

C. compliance management in the Exchange admin center

D. action center in the Exchange admin center

DRAG DROP
-
Your network contains an Active Directory Domain Services (AD DS) domain that syncs with an Azure AD tenant.
You have a Microsoft 365 subscription. All mailboxes are hosted in Microsoft Exchange Online.
You need to create a group that meets the following requirements:
•	Only mailbox users that have a custom attribute of EmployeeID can be members of the group.
•	Group membership must be updated automatically.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 

You have a hybrid deployment between a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 organization. The deployment contains an Exchange Server 2019 server named Server1.
Server1 has a public certificate named Cert1 that is bound to the SMTP protocol. Cert1 will expire soon.
You replace Cert1 with a new certificate named Cert2 from a different public certification authority (CA).
After you replace the certificate, you discover that email delivery between Server1 and the Exchange Online tenant fails.
You need to ensure that messages can be delivered successfully.
What should you do on Server1?

A. Recreate the certificate and include an exportable private key.

B. Restart the MSExchangeTransport service.

C. Rerun the Hybrid Configuration wizard.

D. Bind a self-signed certificate to the SMTP protocol