HOTSPOT -
You have a data loss prevention (DLP) policy.
You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM).
The solution must minimize the number of false positives.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You need to select the update channel for Microsoft 365 Apps. The solution must meet the technical requirements.
What should you select?

A. Current Channel

B. Semi-Annual Enterprise Channel

C. Monthly Enterprise Channel

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Device Management admin center, you a trusted location and compliance policy.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 E5 tenant.
You plan to create the Microsoft Power Platform environments shown in the following table.
 
What is the minimum amount of available database capacity required to create the environments?

A. 1 GB

B. 2 GB

C. 3 GB

D. 4 GB

E. 7 GB

Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users.
Users that connect to Microsoft 365 services report that they are prompted for multi-factor authentication multiple times a day.
You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices. Your solution must ensure that users are still prompted for MFA.
What should you do?

A. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device.

B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.

C. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

D. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD).
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?

A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.

B. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.

C. From Azure Cloud Shell, run the Get-MsolUser and Set-MSOluser cmdlets.

D. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.

HOTSPOT -
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the users shown in the following table.
 
You create an Azure Active Directory (Azure AD) tenant named fabrikam.onmicrosoft.com.
You plan to sync the users in the forest to fabrikam.onmicrosoft.com by using Azure AD Connect.
Which username will be assigned to User1 and User2 in Azure AD after the synchronization? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 E5 subscription.
You plan to implement Microsoft 365 usage analytics reports in Microsoft Power BI.
You need to ensure that the Microsoft 365 usage analytics template app can access Microsoft 365 usage data.
Which Authentication method should you select for Power BI?

A. Anonymous

B. OAuth2

C. Key

D. Basic

HOTSPOT -
You have an Active Directory domain named Adatum.com that is synchronized to Azure Active Directory as shown in the exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT
-
You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 is configured as shown in the following exhibit.
 
An external user named User1 has an email address of
user1@outlook.com
.
You need to add User1 to Group1.
What should you do first and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

Your company has an Active Directory domain as well as a Microsoft Azure Active Directory (Azure AD) tenant.
After configuring directory synchronization for all users in the organization, you configure a number of new user accounts to be created automatically.
You want to run a command to make sure that the new user accounts synchronize to Azure AD in the shortest time required.
Which of the following is the command that you should use?

A. New-ADSyncRule

B. Set-ADSyncSchedulerConnectorOverride

C. Start-ADSyncSyncCycle

D. Set-ADSyncSchema

HOTSPOT -
Your network contains an Active Directory domain named fabrikam.com. The domain contains the objects shown in the following table.
 
The groups have the members shown in the following table.
 
You are configuring synchronization between fabrikam.com and a Microsoft Azure Active Directory (Azure AD) tenant.
You configure the Domain/OU Filtering settings in Azure AD Connect as shown in the Domain/OU Filtering exhibit.
 
You configure the Filtering settings in Azure AD Connect as shown in the Filtering exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your company's Microsoft Azure Active Directory (Azure AD) tenant includes four users. Three of the users are each configured with the Password administrator,
Security administrator, and the User administrator roles respectively. The fourth user has no role configured.
Which of the following are the users that are able to reset the password of the fourth user?

A. The users with the Password administrator and the User administrator roles.

B. The users with the Security administrator and the User administrator roles.

C. The users with the Password administrator and the Security administrator roles.

D. The user with the Password administrator role only.

Your company has an on-premises Microsoft Exchange Server 2016 organization. The organization is in the company's main office in Melbourne. The main office has a low-bandwidth connection to the Internet.
The organization contains 250 mailboxes.
You purchase a Microsoft 365 subscription and plan to migrate to Exchange Online next month.
In 12 months, you plan to increase the bandwidth available for the Internet connection.
You need to recommend the best migration strategy for the organization. The solution must minimize administrative effort.
What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. network upload

B. cutover migration

C. hybrid migration

D. staged migration

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
✑ Users must be able to authenticate during business hours only.
✑ Authentication requests must be processed successfully if a single server fails.
✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies.
Does this meet the goal?

A. Yes

B. No

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You plan to invite several guest users to access the resources in your organization.
You need to ensure that only guests who have an email address that uses the @contoso.com suffix can connect to the resources in your Microsoft 365 tenant.

HOTSPOT -
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
 
You configure the Office software download settings as shown in the exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You need to configure Microsoft Teams to support the technical requirements for collaborating with ADatum.
What should you configure in the Microsoft Teams admin center?

A. meeting policies

B. messaging policies

C. guest access

D. external access

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Monitoring and reports from the Compliance admin center.
Does this meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Reports from the Microsoft 365 compliance center.
Does this meet the goal?

A. Yes

B. No

Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
The network uses a firewall that contains a list of allowed outbound domains.
You begin to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
✑ *.microsoft.com
*.office.com
 
Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. From the firewall, allow the IP address range of the Azure data center for outbound communication.

B. From Azure AD Connect, modify the Customize synchronization options task.

C. Deploy an Azure AD Connect sync server in staging mode.

D. From the firewall, create a list of allowed inbound domains.

E. From the firewall, modify the list of allowed outbound domains.

DRAG DROP -
You have a pilot app named App1 deployed to a Microsoft Power Platform production environment named Prod1.
You need to reset the Prod1 environment in preparation for the production deployment of App1.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You have a user named Grady Archie. The solution must meet the following requirements:
✑ Grady Archie must be able to add payment methods to your Microsoft Office 365 tenant.
✑ The solution must minimize the number of licenses assigned to users.
✑ The solution must use the principle of least privilege.

Your company has configured all user email to be stored in Microsoft Exchange Online.
You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.
Solution: You start by creating a label and label policy via the Security & Compliance admin center.
Does the solution meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains:
✑ Contoso.com
✑ East.contoso.com
An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant.
You deploy a new domain named west.contoso.com to the forest.
You need to ensure that west.contoso.com syncs to the Azure AD tenant.
Solution: You install a new Azure AD Connect server in west.contoso.com and set AD Connect to staging mode.
Does this meet the goal?

A. Yes

B. No

You have an on-premises web application that is published by using a URL of https://app.contoso.local.
You purchase a Microsoft 365 subscription.
Several external users must be able to connect to the web application.
You need to recommend a solution for external access to the application. The solution must support multi-factor authentication.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From an on-premises server, install a connector, and then publish the app.

B. From the Azure Active Directory admin center, enable an Application Proxy.

C. From the Azure Active Directory admin center, create a conditional access policy.

D. From an on-premises server, install an Authentication Agent.

E. Republish the web application by using https://app.contoso.com.

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You hire a new Microsoft 365 administrator named Nestor Wilke. Nestor Wilke will begin working for your organization in several days.
You need to ensure that Nestor Wilke is prevented from using his account until he begins working.

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
 
You need to ensure that when Lynne Robbins attempts to sign in to the Microsoft Office 365 portal, Lynne Robbins is prompted to authenticate by using multiple methods.
To answer, sign in to the Microsoft 365 portal.

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You add an app named App1 to the enterprise applications in contoso.com.
You need to configure self-service app access for App1.
What should you do first?

A. Assign App1 to users and groups.

B. Add an owner to App1.

C. Configure the provisioning mode for App1.

D. Configure an SSO method for App1.

Your company has an on-premises Microsoft Exchange Server 2013 organization.
The company has 100 users.
The company purchases Microsoft 365 and plans to move its entire infrastructure to the cloud.
The company does NOT plan to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD).
You need to recommend which type of migration to use to move all email messages, contacts, and calendar items to Exchange Online.
What should you recommend?

A. cutover migration

B. IMAP migration

C. remote move migration

D. staged migration

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1.
You suspect that an imposter is signing in to Azure AD by using the credentials of User1.
You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past 24 hours.
To which three roles should you add Admin1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Security administrator

B. Password administrator

C. User administrator

D. Compliance administrator

E. Reports reader

F. Security reader

HOTSPOT -
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.
Contoso.com contains the users shown in the following table.
 
You add an enterprise application named App1 to contoso.com.
You configure the following self-service settings for App1:
✑ Allow users to request access to this application is set to Yes.
✑ To which group should assigned users be added is set to Group1.
✑ Who is allowed to approve access to this application is set to User2.
✑ Require approval before granting access to this application is set to Yes.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
You have a new Microsoft 365 subscription.
A user named User1 has a mailbox in Microsoft Exchange Online.
You need to log any changes to the mailbox folder permissions of User1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your company has a Microsoft Azure Active Directory (Azure AD) tenant with multi-factor authentication enabled.
You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON.
A tenant user has submitted a fraud alert for his account.
Which of the following is the length of time that the user's account will automatically be blocked for?

A. 24 hours

B. 90 days

C. 1 month

D. 1 week

HOTSPOT -
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You configure a multi-factor authentication (MFA) registration policy that has the following settings:
Assignments:
 
- Include: Group1
- Exclude: Group2
✑ Access controls: Require Azure MFA registration
✑ Enforce Policy: On
You create a conditional access policy that has the following settings:
✑ Name: Policy1
✑ Assignments:
- Include: Group2
- Exclude: Group1
✑ Access controls:
- Grant, Require multi-factor authentication
✑ Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have Windows 10 devices that are managed by using Microsoft Endpoint Manager. All the devices have Microsoft Office 365 apps installed.
You need to configure the proofing tool settings for the Office 365 apps.
From the Microsoft Endpoint Manager admin center, what should you create?

A. a device compliance policy

B. an app configuration policy

C. an app

D. a device configuration profile

You have a Microsoft 365 subscription.
You view the service advisories shown in the following exhibit.
 
You need to ensure that users who administer Microsoft SharePoint Online can view the advisories to investigate service health issues.
Which role should you assign to the users?

A. Compliance administrator

B. Message Center reader

C. Reports reader

D. Service administrator

HOTSPOT
-
You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.
All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).
You plan to create a user named Admin1 that will perform following tasks:
•	View BitLocker recovery keys.
•	Configure the usage location for the users in contoso.com.
You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege.
Which two roles should you assign? To answer, select the appropriate roles in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

A. Create a sign-in risk policy.

B. Create a new app registration.

C. Assign an Enterprise Mobility + Security E5 license to the finance department users.

D. Configure the sign-in status for the user accounts of the finance department users.

You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
A temporary employee at your company uses an email address of
user1@outlook.com
.
You need to ensure that the temporary employee can sign in to contoso.com by using the
user1@outlook.com
account.
What should you do?

A. From the Azure Active Directory admin center, create a new user.

B. From the Microsoft 365 admin center, create a new contact.

C. From the Azure Active Directory admin center, create a new guest user.

D. From the Microsoft 365 admin center, create a new user.

Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants.
You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users.
You need to recommend a solution for the planned directory synchronization.
What should you include in the recommendation?

A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.

B. Deploy one server that runs Azure AD Connect, and then specify two sync groups.

C. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.

D. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using domain-based filtering.

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
Currently, users cannot install Microsoft 365 Apps for enterprise from the Microsoft Office portal.
You need to perform the following tasks:
•	Enable the installation of Microsoft 365 Apps for enterprise from the Office portal.
•	Ensure that the users can auto-claim Microsoft Teams licenses.
Which two Org settings should you configure in the Microsoft 365 admin center? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
✑ Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
✑ User passwords must be 10 characters or more.
Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.
Does this meet the goal?

A. Yes

B. No

DRAG DROP -
You have a Microsoft 365 E5 tenant.
You have a computer named Computer1 that runs Windows 10.
You need to list the properties of a Microsoft SharePoint Online tenant by using the CLI for Microsoft 365 on Computer1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

HOTSPOT -
Your company is based in the United Kingdom (UK).
Users frequently handle data that contains Personally Identifiable Information (PII).
You create a data loss prevention (DLP) policy that applies to users inside and outside the company. The policy is configured as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based in the information presented in the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy a Microsoft Azure Active Directory (Azure AD) tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: From Azure AD Connect, you modify the filtering settings.
Does this meet the goal?

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy a Microsoft Azure Active Directory (Azure AD) tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: You run idfix.exe and export the 10 user accounts.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription that contains an enterprise application named App1.
App1 requires user consent to access user profile and email address information.
You need to ensure that when a user accesses App1, users are granted consent automatically without being prompted. The solution must NOT affect any other apps in the subscription.
What should you do?

A. From the Azure Active Directory admin center, configure permissions for App1.

B. From the Azure Active Directory admin center, configure the User consent settings.

C. From the Microsoft 365 admin center, disable user consent to apps.

D. From the Microsoft 365 admin center, enable privileged access.

Your network contains two on-premises Active Directory forests named contoso.com and fabrikam.com. Fabrikam.com contains one domain and five domain controllers. Contoso.com contains the domains shown in the following table.
 
You need to sync all the users from both the forests to a single Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
What is the minimum number of Azure AD Connect sync servers required?

A. 1

B. 2

C. 3

D. 4

You have an on-premises Microsoft Exchange Server organization that contains 500 mailboxes and a third-party email archive solution.
You have a Microsoft 365 tenant that contains a user named User1.
You plan to use the User1 account to perform a PST import of the archive mailboxes to the tenant.
Which two roles does User1 require to perform the import? The solution must use the principle of least privilege. Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Mail Recipients

B. Exchange admin

C. Records Management

D. Mailbox Import Export

E. eDiscovery Manager