HOTSPOT -
Your company is based in the United Kingdom (UK).
Users frequently handle data that contains Personally Identifiable Information (PII).
You create a data loss prevention (DLP) policy that applies to users inside and outside the company. The policy is configured as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based in the information presented in the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 subscription.
You need to prevent phishing email messages from being delivered to your organization.
What should you do?

A. From the Exchange admin center, create an anti-malware policy.

B. From the Security & Compliance admin center, create a DLP policy.

C. From the Security & Compliance admin center, create a new threat management policy.

D. From the Exchange admin center, create a spam filter policy.

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You have a user named Grady Archie. The solution must meet the following requirements:
✑ Grady Archie must be able to add payment methods to your Microsoft Office 365 tenant.
✑ The solution must minimize the number of licenses assigned to users.
✑ The solution must use the principle of least privilege.

You need to configure Microsoft Teams to support the technical requirements for collaborating with ADatum.
What should you configure in the Microsoft Teams admin center?

A. meeting policies

B. messaging policies

C. guest access

D. external access

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
✑ Users must be able to authenticate during business hours only.
✑ Authentication requests must be processed successfully if a single server fails.
✑ When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
✑ Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that contains a pass-through authentication model. You install an Authentication Agent on three servers and configure seamless SSO.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
Your company has a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
 
The tenant includes a security group named Admin1. Admin1 will be used to manage administrative accounts. External collaboration settings have default configuration.
You need to identify which users can perform the following administrative tasks:
✑ Create guest user accounts
✑ Add User3 to Admin1
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 E5 subscription that is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.
You purchase 100 Microsoft 365 Business Voice add-on licenses.
You need to ensure that the members of a group named Voice are assigned a Microsoft 365 Business Voice add-on license automatically.
What should you do?

A. From the Azure Active Directory admin center, modify the settings of the Voice group.

B. From the Microsoft 365 admin center, modify the settings of the Voice group.

C. From the Licenses page of the Microsoft 365 admin center, assign the licenses.

Your company has 10,000 users who access all applications from an on-premises data center.
You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully.
You discover that several user accounts fail to sync to Azure AD.
You need to resolve the issue as quickly as possible.
What should you do?

A. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts.

B. Run idfix.exe, and then click Complete.

C. From Windows PowerShell, run the Start-AdSyncCycle ג€”PolicyType Delta command.

D. Run idfix.exe, and then click Edit.

Your company has a Microsoft 365 subscription.
You have previously created a group that includes users who send email messages to external users on a regular basis. The group's manager would like to  group wants to examine messages that include attachments at random.
You are required to make sure that the manager can achieve his goal, but only make ten out of a hundred messages accessible to him.
You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.
Which of the following should you create?

A. A label policy.

B. A conditional access policy.

C. A DLP policy.

D. A supervisor policy.

You have a Microsoft 365 subscription.
Your company deploys an Active Directory Federation Services (AD FS) solution.
You need to configure the environment to audit AD FS user authentication.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From all the AD FS servers, run auditpol.exe.

B. From all the domain controllers, run the Set-AdminAuditLogConfig cmdlet and specify the ג€”LogLevel parameter.

C. On a domain controller, install Azure AD Connect Health for AD DS.

D. From the Azure AD Connect server, run the Register-AzureADConnectHealthSyncAgent cmdlet.

E. On an AD FS server, install Azure AD Connect Health for AD FS.

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a Microsoft Exchange Server 2019 organization.
You plan to sync the domain to Azure Active Directory (Azure AD) and to enable device writeback and group writeback.
You need to identify which group types will sync from Azure AD.
Which two group types should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. a Microsoft 365 group that uses the Assigned membership type

B. a security group that uses the Dynamic Device membership type

C. a Microsoft 365 group that uses the Dynamic User membership type

D. a security group that uses the Assigned membership type

E. a security group that uses the Dynamic User membership type

You publish an enterprise application named App1 that processes financial data.
You need to ensure that access to App1 is revoked for users who no longer require viewing the processed financial data.
What should you configure?

A. an owner

B. an app protection policy

C. an access review

D. a conditional access policy

DRAG DROP -
You have a Microsoft 365 E5 tenant.
You have a computer named Computer1 that runs Windows 10.
You need to list the properties of a Microsoft SharePoint Online tenant by using the CLI for Microsoft 365 on Computer1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription linked to an Azure AD tenant named contoso.com. The tenant contains a user named User1 and a Microsoft Teams team named Team1.
The External collaboration settings in Azure AD are configured as shown in the following exhibit.
 
You turn on guest access in Microsoft Teams.
The External access settings in Microsoft Teams are configured as shown in the following exhibit.
 
The Content sharing settings in Microsoft Teams are configured as shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
From the Microsoft 365 Apps admin center, you create a deployment configuration.
Which users can download the deployment configuration file from the Microsoft 365 Apps admin center?

A. Admin2 only

B. Admin2 and Admin3 only

C. Admin2 and Admin4 only

D. Admin1, Admin2, and Admin4 only

E. Admin1, Admin2, Admin3, and Admin4

You have a Microsoft 365 subscription.
You view the service advisories shown in the following exhibit.
 
You need to ensure that users who administer Microsoft SharePoint Online can view the advisories to investigate service health issues.
Which role should you assign to the users?

A. Compliance administrator

B. Message Center reader

C. Reports reader

D. Service administrator

HOTSPOT -
You need to create the UserLicenses group. The solution must meet the security requirements.
Which group type and control method should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 subscription that uses Microsoft OneDrive.
You need to prevent users from syncing .exe and .mp3 files from their local device to OneDrive.
What should you do?

A. From the Microsoft 365 admin center, configure directory synchronization.

B. From the SharePoint admin center, configure the Site storage limits settings.

C. From the Microsoft 365 Apps admin center, create a policy.

D. From the SharePoint admin center, configure the Sync settings.

After your company acquires a Microsoft 365 subscription, they instruct you to move all email data from their corporate Gmail to Microsoft Exchange Online.
The migration will be done via the Exchange admin center.
Which of the following is TRUE with regards to the data included in the migration?

A. All data will be migrated.

B. Only email data will be migrated.

C. Email and task data will be migrated.

D. Email and contact data will be migrated.

HOTSPOT -
Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following exhibit.
 
An on-premises Active Directory user account named Allan Yoo is synchronized to Azure AD. You view Allan's account from Microsoft 365 and notice that his username is set to
Allan@adatum.onmicrosoft.com
.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
Your company has a Microsoft 365 subscription that contains the following domains:
Contoso.onmicrosoft.com -
Contoso.com -
You plan to add the following domains to Microsoft 365 and to use them with Exchange Online:
✑ Sub1.contoso.onmicrosoft.com
✑ Sub2.contoso.com
✑ Fabrikam.com
You need to identify the minimum number of DNS records that must be added for Exchange Online to receive inbound email messages for the three domains.
How many DNS records should you add? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your on-premises network contains five file servers. The file servers host shares that contain user data.
You plan to migrate the user data to a Microsoft 365 subscription.
You need to recommend a solution to import the user data into Microsoft OneDrive.
What should you include in the recommendation?

A. Configure the settings of the OneDrive client on your Windows 10 device.

B. Configure the Sync settings in the OneDrive admin center.

C. Run the SharePoint Hybrid Configuration Wizard.

D. Run the SharePoint Migration Tool.

HOTSPOT -
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the Windows 10 devices shown in the following table.
 
All the devices are managed by using Microsoft Endpoint Manager and are members of a group named Group1.
From the Microsoft Endpoint Manager admin center, you create an app suite named App1 for Microsoft Office 365 apps.
You configure the App1 settings as shown in the exhibit.
 
You assign App1 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.
Hot Area:
 

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States.
You plan to onboard all the devices to Windows Defender ATP data in Europe.
What should you do first?

A. Create a workspace

B. Offboard the test devices

C. Delete the workspace

D. Onboard a new device

You need to add the custom domain names to Office 365 to support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?

A. three alias (CNAME) records

B. one text (TXT) record

C. one alias (CNAME) record

D. three text (TXT) records

HOTSPOT -
Your network contains an on-premises Active Directory domain. The domain contains a server named Server1. Server1 has a share named Share1 that contains the files shown in the following table.
 
You have a hybrid deployment of Microsoft 365.
You create a Microsoft SharePoint site collection named Collection1.
You plan to migrate Share1 to a document library in Collection1.
You configure the SharePoint Migration Tool as shown in the exhibit. (Click the Exhibit tab.)
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.
Contoso.com contains the users shown in the following table.
 
You add an enterprise application named App1 to contoso.com.
You configure the following self-service settings for App1:
✑ Allow users to request access to this application is set to Yes.
✑ To which group should assigned users be added is set to Group1.
✑ Who is allowed to approve access to this application is set to User2.
✑ Require approval before granting access to this application is set to Yes.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You plan to deploy Microsoft Teams to 2,500 users.
You need to estimate the internet bandwidth required for the deployment.
What should you use?

A. Advisor for Teams

B. Network planner

C. Skype for Business Server Remote Connectivity Test

D. Microsoft Remote Connectivity Analyzer

HOTSPOT -
You plan to deploy two Microsoft Power Platform environments as shown in the following table.
 
Which environment type should you use for each environment? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

A. Create a sign-in risk policy.

B. Create a new app registration.

C. Assign an Enterprise Mobility + Security E5 license to the finance department users.

D. Configure the sign-in status for the user accounts of the finance department users.

From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit.
 
You need to reduce the likelihood that the sign-ins are identified as risky.
What should you do?

A. From the Security & Compliance admin center, add the users to the Security Readers role group.

B. From the Conditional access blade in the Azure Active Directory admin center, create named locations.

C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.

D. From the Security & Compliance admin center, create a classification label.

Your on-premises network contains an Active Directory domain that syncs with an Azure Active Directory (Azure AD) tenant named contoso.com by using Azure
AD Connect.
Your company purchases another company that has an on-premises Active Directory domain named litwareinc.com.
You need to sync litwareinc.com with contoso.com.
What should you install in the litwareinc.com domain?

A. an Azure AD application proxy connector

B. an Azure AD Connect instance in staging mode

C. an Azure AD Connect provisioning agent

D. an active instance of Azure AD Connect

Your company has an on-premises Microsoft Exchange Server 2016 organization. The organization is in the company's main office in Melbourne. The main office has a low-bandwidth connection to the Internet.
The organization contains 250 mailboxes.
You purchase a Microsoft 365 subscription and plan to migrate to Exchange Online next month.
In 12 months, you plan to increase the bandwidth available for the Internet connection.
You need to recommend the best migration strategy for the organization. The solution must minimize administrative effort.
What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

A. network upload

B. cutover migration

C. hybrid migration

D. staged migration

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
 
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.
 
User2 fails to authenticate to Azure AD when signing in as
user2@fabrikam.com
.
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Azure Active Directory admin center, you assign User2 the Security reader role. You instruct User2 to sign in as
user2@contoso.com
.
Does this meet the goal?

A. Yes

B. No

Your network contains an on-premises Active Directory domain named contoso.com that is synced to a Microsoft Azure Active Directory (Azure AD) tenant.
The on-premises network contains a file server named Server1. Server1 has a share named Share1 that contains company documents.
Your company purchases a Microsoft 365 subscription.
You plan to migrate data from Share1 to Microsoft 365. Only data that was created or modified during the last three months will be migrated.
You need to identify all the files in Share1 that were modified or created during the last 90 days.
What should you use?

A. Server Manager

B. Microsoft SharePoint Migration Tool

C. Resource Monitor

D. Usage reports from the Microsoft 365 admin center

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speed
Internet connection. All the branch offices connect to the Internet by using the main office connection.
Users use Microsoft Outlook 2016 to connect to a Microsoft Exchange Server mailbox hosted in the main office.
The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.
You create a Microsoft 365 subscription, and then migrate all the user data to Microsoft 365.
You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.
Solution: In each branch office, you add a direct connection to the Internet.
Does this meet the goal?

A. Yes

B. No

HOTSPOT -
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
 
You configure the Office software download settings as shown in the exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT -
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains the users shown in the following table.
 
You need to identify which users can perform the following administrative tasks:
✑ Reset the password of User4.
✑ Modify the value for the manager attribute of User4.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your company has configured all user email to be stored in Microsoft Exchange Online.
You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.
Solution: You start by creating a spam filter policy via the Security & Compliance admin center.
Does the solution meet the goal?

A. Yes

B. No

You have Microsoft 365 E5 subscription that contains the groups shown in the following exhibit.
 
You need to create an access review.
For which groups can you create the access review?

A. Group1 and Group2 only

B. Group3 and Group4 only

C. Group1, Group2, and Group3 only

D. Group1, Group2, Group3, and Group5 only

E. Group1, Group2, Group3, Group4, and Group5

You have a Microsoft 365 E5 subscription that uses Microsoft Teams.
You need to provide Teams administrators with early access to Teams preview features.
What should you configure?

A. Release preferences in the Microsoft 365 admin center

B. Teams upgrade settings in the Microsoft Teams admin center

C. Office installation options in the Microsoft 365 admin center

D. Teams update policies in the Microsoft Teams admin center

You have recently created a Microsoft 365 subscription.
You have prepared an XML file for the upcoming Microsoft Office 365 ProPlus deployment.
The Channel attribute for the OfficeClientEdition attribute is set to Broad, while the Channel attribute for the Updates element is set to Targeted.
Which of the following the following are the months of the year that security updates will be installed?

A. January and July.

B. March and September

C. June and December

D. April and October

HOTSPOT -
You have a new Microsoft 365 subscription.
A user named User1 has a mailbox in Microsoft Exchange Online.
You need to log any changes to the mailbox folder permissions of User1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@admin.onmicrosoft.com
Microsoft 365 Password: xxxxxxxxxx
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 111111111 -
You plan to allow the users in your organization to invite external users as guest users to your Microsoft 365 tenant.
You need to prevent the organization's users from inviting guests who have an email address that uses a suffix of @gmail.com.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy a Microsoft Azure Active Directory (Azure AD) tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: From the Synchronization Rules Editor, you create a new outbound synchronization rule.
Does this meet the goal?

A. Yes

B. No

After acquiring a Microsoft 365 subscription, you configure the use of Microsoft Azure Multi-Factor Authentication (MFA) for all users in the Azure Active Directory
(Azure AD) tenant.
You want to produce a report that includes all the users who finished the Azure MFA registration process. You want to make use of an Azure Cloud Shell cmdlet.
Which of the following is the cmdlet you should use?

A. Get-AzureADUser

B. Get-MsolUser

C. New-AzureADMSInvitation

D. Set-MsolUserPrincipalName

HOTSPOT -
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.
 
From the Sign-ins blade of the Azure Active Directory admin center, for which users can User1 and User2 view the sign-ins? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has 3,000 users. All the users are assigned Microsoft 365 E3 licenses.
Some users are assigned licenses for all Microsoft 365 services. Other users are assigned licenses for only certain Microsoft 365 services.
You need to determine whether a user named User1 is licensed for Exchange Online only.
Solution: You run the Get-MsolUser cmdlet.
Does this meet the goal?

A. Yes

B. No

You recently migrated your on-premises email solution to Microsoft Exchange Online and are evaluating which licenses to purchase.
You want the members of two groups named IT and Managers to be able to use the features shown in the following table.
 
The IT group contains 50 users. The Managers group contains 200 users.
You need to recommend which licenses must be purchased for the planned solution. The solution must minimize licensing costs.
Which licenses should you recommend?

A. 250 Microsoft 365 E3 only

B. 50 Microsoft 365 E3 and 200 Microsoft 365 E5

C. 250 Microsoft 365 E5 only

D. 200 Microsoft 365 E3 and 50 Microsoft 365 E5

HOTSPOT -
Your company has a Microsoft Office 365 subscription that contains the groups shown in the following table.
 
You have the licenses shown in the following table.
 
Another administrator removes User1 from Group1 and adds Group2 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area: