HOTSPOT
-
You have a Microsoft 365 subscription that contains the users shown in the following table.
 
You create a new administrative unit named AU1 and configure the following AU1 dynamic membership rule.
(user.department -eq "Engineering") and (user.jobTitle -notContains "Executive")
The subscription contains the role assignments shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 tenant.
You configure sensitivity labels.
Users report that the Sensitivity button is unavailable in Microsoft Word for the web. The Sensitivity button is available in Microsoft 365 Word.
You need to ensure that the users can apply the sensitivity labels when they use Word for the web.
What should you do?

A. Enable sensitivity labels for files in Microsoft SharePoint and OneDrive.

B. Publish the sensitivity labels.

C. Copy policies from Azure Information Protection to the Microsoft Purview compliance portal.

D. Create an auto-labeling policy.

HOTSPOT -
You have a Microsoft 365 subscription that contains the users shown in the following table.
 
You need to configure a dynamic user group that will include the guest users in any department that contains the word Support.
How should you complete the membership rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
Your network contains an Active Directory domain named fabrikam.com. The domain contains the objects shown in the following table.
 
The groups have the members shown in the following table.
 
You are configuring synchronization between fabrikam.com and an Azure AD tenant.
You configure the Domain/OU Filtering settings in Azure AD Connect as shown in the Domain/OU Filtering exhibit (Click the Domain/OU Filtering tab.)
 
You configure the Filtering settings in Azure AD Connect as shown in the Filtering exhibit. (Click the Filtering tab.)
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Your network contains an Active Directory domain named adatum.com that is synced to a Microsoft Entra tenant.
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?

A. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.

B. From Azure Cloud Shell, run the Get-MgUser and Update-MgUser cmdlets.

C. From the Microsoft Entra admin center, select all the Microsoft Entra users, and then use the User settings blade.

D. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You need to configure threat protection for Microsoft 365 to meet the following requirements:
• Limit a user named User1 from sending more than 30 email messages per day.
• Prevent the delivery of a specific file based on the file hash.
Which two threat policies should you configure in Microsoft Defender for Office 365? To answer, select the appropriate threat policies in the answer area.
NOTE: Each correct selection is worth one point.
 

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates an Azure AD tenant named contoso.onmicrosoft.com.
You plan to install Azure AD Connect on a member server and implement pass-through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From a domain controller, install an Authentication Agent.

B. From the Microsoft Entra admin center, configure an authentication method.

C. From Active Directory Domains and Trusts, add a UPN suffix.

D. Modify the email address attribute for each user account.

E. From the Microsoft Entra admin center, add a custom domain name.

F. Modify the User logon name for each user account.

HOTSPOT -
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.
 
The devices are configured as shown in the following table.
 
You have a Conditional Access policy named CAPolicy1 that has the following settings:
Assignments -
Users or workload identities: Group1
Cloud apps or actions: Office 365 SharePoint Online
Conditions -
Filter for devices: Exclude filtered devices from the policy
Rule syntax: device.displayName -startsWith "Device"
Access controls -
Grant -
Grant: Block access -
Session: 0 controls selected -
Enable policy: On -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription that uses retention policies.
You implement a preservation lock on a retention policy that is assigned to all executive users.
Which two actions can you perform on the retention policy after you implemented the preservation lock? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Add locations to the policy.

B. Reduce the duration of policy.

C. Remove locations from the policy.

D. Extend the duration of the policy.

E. Disable the policy.

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named Site1. Site1 contains the files shown in the following table.
 
You have a data loss prevention (DLP) policy named DLP1 that has the advanced DLP rules shown in the following table.
 
You apply DLP1 to Site1.
Which policy tip is displayed for each file? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Your network contains an Active Directory forest named contoso.local.
You have a Microsoft 365 subscription.
You plan to implement a directory synchronization solution that will use password hash synchronization.
From the Microsoft 365 admin center, you successfully verify the contoso.com domain name.
You need to prepare the environment for the planned directory synchronization solution.
What should you do first?

A. From the Microsoft 365 admin center, verify the contoso.local domain name.

B. From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.

C. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.

D. From Active Directory Users and Computers, modify the UPN suffix for all users.

You have a Microsoft 365 subscription.
You need to receive a notification each time a user in the service desk department grants Full Access permissions for a user mailbox.
What should you configure?

A. a data loss prevention (DLP) policy

B. an alert policy

C. an audit search

D. an insider risk management policy

You have a Microsoft 365 subscription.
You view the Service health Overview as shown in the following exhibit.
 
You need to ensure that a user named User1 can view the advisories to investigate service health issues.
Which role should you assign to User1?

A. Message Center Reader

B. Reports Reader

C. Service Support Administrator

D. Compliance Administrator

HOTSPOT
-
You have a Microsoft 365 E5 tenant.
You have a sensitivity label configured as shown in the Sensitivity label exhibit.
 
You have an auto-labeling policy as shown in the Auto-labeling policy exhibit.
 
A user sends an email that contains the components shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated with Microsoft Intune.
Devices are onboarded by using Microsoft Defender for Endpoint.
You plan to block devices based on the results of the machine risk score calculated by Microsoft Defender for Endpoint.
What should you create first?

A. a device configuration policy

B. a device compliance policy

C. a conditional access policy

D. an endpoint detection and response policy

HOTSPOT -
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You add the following assignment for the User Administrator role:
Scope type: Directory -
Selected members: Group1 -
Assignment type: Active -
Assignment starts: Mar 15, 2023 -
Assignment ends: Aug 15, 2023 -
You add the following assignment for the Exchange Administrator role:
Scope type: Directory -
Selected members: Group2 -
Assignment type: Eligible -
Assignment starts: Jun 15, 2023 -
Assignment ends: Oct 15, 2023 -
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
• User passwords must be 10 characters or more.
Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription.
You need to implement a passwordless authentication solution that supports the following device types:
• Windows
• Android
• iOS
The solution must use the same authentication method for all devices.
Which authentication method should you use?

A. the Microsoft Authentication app

B. FIDO2-compliant security keys

C. multi-factor authentication (MFA)

D. Windows Hello for Business

HOTSPOT
-
You have a Microsoft 365 subscription that contains two administrative units named AU1 and AU2.
The subscription contains the users shown in the following table.
 
The subscription contains the groups shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Your company has a Microsoft 365 E5 subscription.
You onboard a device on the company's network to Microsoft Defender for Endpoint.
In the Microsoft 365 Defender portal, you notice that the device inventory displays many devices that have an Onboarding status of Can be onboarded.
You need to ensure that onboarded devices are prevented from polling the network for device discovery but can still discover devices with which they communicate directly.
What should you configure in the Microsoft 365 Defender portal?

A. standard discovery

B. device discovery exclusions

C. basic discovery

D. a network assessment job

You have a Microsoft 365 E5 subscription that uses Endpoint security.
You need to create a group and assign the Endpoint Security Manager role to the group.
Which type of group can you use?

A. Microsoft 365 only

B. security only

C. mail-enabled security and security only

D. mail-enabled security, Microsoft 365, and security only

E. distribution, mail-enabled security, Microsoft 365, and security

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
The subscription has the following two anti-spam policies:
• Name: AntiSpam1
• Priority: 0
• Include these users, groups and domains
• Users: User3
• Groups: Group1
• Exclude these users, groups and domains
• Groups: Group2
• Message limits
• Set a daily message limit: 100
• Name: AntiSpam2
• Priority: 1
• Include these users, groups and domains
• Users: User1
• Groups: Group2
• Exclude these users, groups and domains
• Users: User3
• Message limits
• Set a daily message limit: 50
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant contains the users shown in the following table.
 
You create and assign a data loss prevention (DLP) policy named Policy1. Policy1 is configured to prevent documents that contain Personally Identifiable Information (PII) from being emailed to users outside your organization.
To which users can User1 send documents that contain PII?

A. User2 only

B. User2 and User3 only

C. User2, User3, and User4 only

D. User2, User3, User4, and User5

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2.
You plan to configure a data loss prevention (DLP) strategy that meets the following requirements:
• Members of Group1 must be prevented from sharing documents that contain credit card numbers.
• Members of Group2 must be prevented from sharing documents that are classified as internal by Microsoft Purview Information Protection.
• The solution must minimize administrative effort.
You need to create a DLP policy for each group.
Which condition should you add to each DIP policy rule for each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint contains the device groups shown in the following table.
 
You onboard computers to Microsoft Defender for Endpoint as shown in the following table.
 
Of which groups are Computer1 and Computer2 members? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You configure an anti-phishing policy as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You have labels in Microsoft 365 as shown in the following table.
 
The content in Microsoft 365 is assigned labels as shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription.
You need to be alerted when Microsoft 365 Defender detects high-severity incidents.
What should you use?

A. a custom detection rule

B. a threat policy

C. an alert policy

D. a notification rule

HOTSPOT -
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and contains the devices shown in the following table.
 
Defender for Endpoint has the device groups shown in the following table.
 
You create an incident email notification rule configured as shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription.
You have an Azure AD tenant that contains the users shown in the following table.
 
You configure Tenant properties as shown in the following exhibit.
 
Which users will be contacted by Microsoft if the tenant experiences a data breach?

A. User1 only

B. User2 only

C. User3 only

D. User1 and User2 only

E. User2 and User3 only

You have a Microsoft 365 tenant.
You plan to manage incidents in the tenant by using the Microsoft Defender XDR.
Which Microsoft service source will appear on the Incidents page of the Microsoft 365 Defender portal?

A. Microsoft Sentinel

B. Microsoft Defender for Cloud

C. Azure Web Application Firewall

D. Microsoft Defender for Identity

HOTSPOT
-
Your company has a Microsoft 365 subscription that contains the domains shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription.
From the Microsoft 365 Defender portal, you plan to export a detailed report of compromised users.
What is the longest time range that can be included in the report?

A. 1 day

B. 7 days

C. 30 days

D. 90 days

DRAG DROP
-
You have an Azure subscription that is linked to a hybrid Microsoft Entra tenant.
All users sync from Active Directory Domain Services (AD DS) to the tenant by using Express Settings in Microsoft Entra Connect.
You plan to implement self-service password reset (SSPR).
You need to ensure that when a user resets or changes a password, the password syncs with AD DS.
Which actions should you perform in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that is linked to an Azure AD tenant named contoso.com.
You purchase 100 Microsoft 365 Business Voice add-on licenses.
You need to ensure that the members of a group named Voice are assigned a Microsoft 365 Business Voice add-on license automatically.
What should you do?

A. From the Licenses page of the Microsoft 365 admin center, assign the licenses.

B. From the Microsoft Entra admin center, modify the settings of the Voice group.

C. From the Microsoft 365 admin center, modify the settings of the Voice group.

You have a Microsoft 365 E5 subscription.
Conditional Access is configured to block high-risk sign-ins for all users.
All users are in France and are registered for multi-factor authentication (MFA).
Users in the media department will travel to various countries during the next month.
You need to ensure that if the media department users are blocked from signing in while traveling, the users can remediate the issue without administrator intervention.
What should you configure?

A. an exclusion group

B. the MFA registration policy

C. named locations

D. self-service password reset (SSPR)

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft Entra admin center, you assign SecAdmin1 the Teams Administrator role.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated with Microsoft Intune.
Devices are enrolled to Microsoft Intune and onboarded by using Microsoft Defender for Endpoint.
You plan to block devices based on the results of the machine risk score calculated by Microsoft Defender for Endpoint.
What should you create first?

A. a device configuration policy

B. an endpoint detection and response policy

C. a device compliance policy

You have a Microsoft 365 E5 subscription that contains users in the United States, Europe, and Asia.
You use Azure AD Identity Protection.
You have a virtual desktop infrastructure (VDI). All VDI servers are located in the United States.
Users connect to Microsoft 365 from laptops and the VDI.
Some VDI users report that they are blocked from signing in to Microsoft 365 due to a high sign-in risk.
You need to reduce the likelihood that the VDI users will be erroneously blocked from signing in to Microsoft 365. The solution must ensure that sign-ins from the VDI environment are protected by using Identity Protection.
What should you configure?

A. ExpressRoute for Microsoft 365

B. a trusted location

C. a Satellite Geography location

D. a Conditional Access policy

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named Site1.
You need to perform the following tasks:
• Create a sensitive info type named SIT1 based on a regular expression.
• Add a watermark to all new documents that are matched by SIT1.
Which two settings should you use in the Microsoft Purview compliance portal? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that contains a domain named contoso.com.
You deploy a new Microsoft Defender for Office 365 anti-phishing policy named Policy1 that has user impersonation protection enabled for a user named
user1@contoso.com
.
You discover that Policy1 blocks email messages from a regular contact named
user1@fabnkam.com
.
You need to ensure that the messages are delivered successfully.
What should you do for Policy1?

A. Select Enable domains to protect.

B. Configure the Phishing email threshold setting.

C. Configure which users to protect.

D. Select Enable mailbox intelligence.

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
 
At 08:00, you create an incident notification rule that has the following configurations:
• Name: Notification1
• Notification settings
• Notify on alert severity: Low
• Device group scope: All (3)
• Details: First notification per incident
• Recipients:
User1@contoso.com
,
User2@contoso.com
At 08:02, you create an incident notification rule that has the following configurations:
• Name: Notification2
• Notification settings
• Notify on alert severity: Low, Medium
• Device group scope: DeviceGroup1, DeviceGroup2
• Recipients:
User1@contoso.com
In Microsoft 365 Defender, alerts are logged as shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Your company has three main offices and one branch office. The branch office is used for research.
The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication.
You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office.
What should you include in the recommendation?

A. Azure AD password protection

B. a Microsoft Intune device configuration profile

C. a Microsoft Intune device compliance policy

D. Azure AD conditional access

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft Entra admin center, you assign SecAdmin1 the Security Administrator role.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 E5 subscription.
From the Microsoft 365 Defender portal, you review your company’s Microsoft Secure Score.
You discover a large number of recommended actions.
You need to ensure that the actions can be filtered based on specific department names.
What should you create first?

A. a dynamic security group

B. a tag

C. an administrative unit

D. a custom detection rule

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.
When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.
 
You need to enable user access to the partner company's portal.
Which Microsoft Defender for Endpoint setting should you modify?

A. Alert notifications

B. Alert suppression

C. Custom detections

D. Advanced hunting

E. Indicators

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You need to configure the Org settings to meet the following requirements:
• Sign users out of Microsoft Office 365 web apps after one hour of inactivity.
• Integrate an internal support tool with Office.
Which settings should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 subscription.
You need to configure an auto-apply policy for sensitivity labels that will protect corporate data. The solution must meet the following requirements:
• Documents containing content that matches a custom regular expression must be classified automatically.
• Contract documents in a standard format must be classified automatically.
What should you configure for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that contains the groups shown in the following exhibit.
 
To which groups can you assign Microsoft 365 E5 licenses?

A. Group1 and Group2 only

B. Group2 and Group3 only

C. Group3 and Group4 only

D. Group1, Group2, and Group3 only

E. Group2, Group3, and Group4 only

HOTSPOT -
You have a Microsoft 365 E3 subscription.
You plan to launch Attack simulation training for all users.
Which social engineering technique and training experience will be available? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.