Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the SharePoint Administrator role.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
Each user has a device with the Microsoft Authenticator app installed.
From Microsoft Authenticator settings for the subscription, the Enable and Target settings are configured as shown in the exhibit. (Click the Exhibit tab.)
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
• User passwords must be 10 characters or more.
Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
Overview
-
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named A. Datum Corporation.
Environment
-
On-Premises Environment
-
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.
 
The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud Environment
-
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure AD Premium P2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
• Password hash synchronization is enabled.
• Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.
 
Self-service password reset (SSPR) is enabled.
The Azure AD tenant has Security defaults enabled.
Problem Statements
-
Litware identifies the following issues:
• Admin1 cannot create conditional access policies.
• Admin4 receives an error when attempting to use SSPR.
• Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Requirements
-
Planned Changes
-
Litware plans to implement the following changes:
• Implement Microsoft Intune.
• Implement Microsoft Teams.
• Implement Microsoft Defender for Office 365.
• Ensure that users can install Office 365 apps on their device.
• Convert all the Windows 10 Pro devices to Windows 10 Enterprise ES.
• Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.
Technical Requirements
-
Litware identifies the following technical requirements:
• Administrators must be able to specify which version of an Office 365 desktop app will be available to users and to roll back to previous versions.
• Only Admin2 must have access to new Office 365 service and feature updates before they are released to the company.
• Litware users must be able to invite A. Datum users to participate in the following activities:
• Join Microsoft Teams channels.
• Join Microsoft Teams chats.
• Access shared files.
• Just in time access to critical administrative roles must be required.
• Microsoft 365 incidents and advisories must be reviewed monthly.
• Office 365 service status notifications must be sent to Admin2.
• The principle of least privilege must be used.
You are evaluating the use of multi-factor authentication (MFA).
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You have an Azure AD tenant named contoso.com that contains the users shown in the following table.
 
Multi-factor authentication (MFA) is configured to use 131.107.5.0/24 as trusted IPs.
The tenant contains the named locations shown in the following table.
 
You create a conditional access policy that has the following configurations:
Users or workload identities assignments: All users
Cloud apps or actions assignment: App1
Conditions: Include all trusted locations
Grant access: Require multi-factor authentication
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains a SharePoint site named Site1. Site1 contains the files shown in the following table.
 
You have the users shown in the following table.
 
You create a data loss prevention (DLP) policy with an advanced DLP rule and apply the policy to Site1. The DLP rule is configured as shown in the following exhibit.
 

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

HOTSPOT
-
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You need to identify the settings that are configured less secure than the Standard protection profile settings in the preset security policies.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You have a new Microsoft 365 E5 tenant.
Enable Security defaults is set to Yes.
A user signs in to the tenant for the first time.
Which multi-factor authentication (MFA) method can the user use, and how many days does the user have to register for MFA? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure AD by using the Azure AD Connect Express Settings. Password writeback is disabled.
You create a user named User1 and enter Pass in the Password field as shown in the following exhibit.
 
The Azure AD password policy is configured as shown in the following exhibit.
 
You confirm that User1 is synced to Azure AD.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
Your network contains an Active Directory domain and an Azure AD tenant.
You implement directory synchronization for all 10,000 users in the organization.
You automate the creation of 100 new user accounts.
You need to ensure that the new user accounts synchronize to Azure AD as quickly as possible.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have an Azure AD tenant that contains the groups shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You create an administrative unit named AU1 that contains the members shown in the following exhibit.
 
The User Administrator role has the assignments shown in the following exhibit.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy an Azure AD tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: From Azure AD Connect, you modify the filtering settings.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.
All the devices in your organization are onboarded to Microsoft Defender for Endpoint.
You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.
What should you do?

A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.

B. From Alerts queue, create a suppression rule and assign an alert.

C. From Advanced hunting, create a query and a detection rule.

D. From the Microsoft Purview compliance portal, create an audit log search.

Your network contains an Active Directory forest named contoso.local.
You purchase a Microsoft 365 subscription.
You plan to move to Microsoft 365 and to implement a hybrid deployment solution for the next 12 months.
You need to prepare for the planned move to Microsoft 365.
What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer.

A. Purchase a third-party X.509 certificate.

B. Create an external forest trust.

C. Rename the Active Directory forest.

D. Purchase a custom domain name.

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You have labels in Microsoft 365 as shown in the following table.
 
The content in Microsoft 365 is assigned labels as shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

DRAG DROP
-
Your company has an Azure AD tenant named contoso.onmicrosoft.com.
You purchase a domain named contoso.com from a registrar and add all the required DNS records.
You create a user account named User1. User1 is configured to sign in as
user1@contoso.onmicrosoft.com
.
You need to configure User1 to sign in as
user1@contoso.com
.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
 

You have a Microsoft 365 E5 subscription.
From the Microsoft 365 Defender portal, you review your company’s Microsoft Secure Score.
You discover a large number of recommended actions.
You need to ensure that the actions can be filtered based on specific department names.
What should you create first?

A. a dynamic security group

B. a tag

C. an administrative unit

D. a custom detection rule

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365 and contains a mailbox named Mailbox1.
You plan to use Mailbox1 to collect and analyze unfiltered email messages.
You need to ensure that Defender for Office 365 takes no action on any inbound emails delivered to Mailbox1.
What should you do?

A. Configure a retention policy for Mailbox1.

B. Create a mail flow rule.

C. Configure Mailbox1 as a SecOps mailbox.

D. Place a litigation hold on Mailbox1.

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You notice that it takes several days to notify email recipients when an incoming email message is marked as spam, and then quarantined.
You need to ensure that the email recipients are notified within 24 hours.
What should you do?

A. Modify the default inbound anti-spam policy.

B. Modify the DefaultFullAccessPolicy quarantine policy.

C. Add a custom quarantine policy.

D. Modify the global settings for quarantine policies.

Your network contains an on-premises Active Directory domain. The domain contains 2,000 computers that run Windows 10.
You purchase a Microsoft 365 subscription.
You implement password hash synchronization and Azure AD Seamless Single Sign-On (Seamless SSO).
You need to ensure that users can use Seamless SSO from the Windows 10 computers.
What should you do?

A. Join the computers to Azure AD.

B. Create a conditional access policy in Azure AD.

C. Modify the Intranet zone settings by using Group Policy.

D. Deploy an Azure AD Connect staging server.

HOTSPOT
-
Your company has a Microsoft 365 subscription that contains the users shown in the following table.
 
External collaboration settings have default configuration.
You need to identify which users can perform the following administrative tasks:
• Modify the password protection policy.
• Create guest user accounts.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You create a Conditional Access policy named Policy1 and assign Policy1 to all users.
You need to configure Policy1 to enforce multi-factor authentication (MFA) if the user risk level is high.
Which two settings should you configure in Policy1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
 

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates an Azure AD tenant named contoso.onmicrosoft.com.
You plan to install Azure AD Connect on a member server and implement pass-through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From a domain controller, install an Authentication Agent.

B. From the Microsoft Entra admin center, configure an authentication method.

C. From Active Directory Domains and Trusts, add a UPN suffix.

D. Modify the email address attribute for each user account.

E. From the Microsoft Entra admin center, add a custom domain name.

F. Modify the User logon name for each user account.

Your on-premises network contains an Active Directory domain.
You have a Microsoft 365 E5 subscription.
You plan to implement a hybrid configuration that has the following requirements:
• Minimizes the number of times users are prompted for credentials when they access Microsoft 365 resources
• Supports the use of Azure AD Identity Protection
You need to configure Azure AD Connect to support the planned implementation.
Which two options should you select? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Password Hash Synchronization

B. Password writeback

C. Directory extension attribute sync

D. Enable single sign-on

E. Pass-through authentication

You have a Microsoft 365 subscription that uses Microsoft 365 Defender.
You need to compare your company's security configurations to Microsoft best practices and review improvement actions to increase the security posture.
What should you use?

A. Microsoft Secure Score

B. Cloud discovery

C. Exposure distribution

D. Threat tracker

E. Exposure score

You have a Microsoft 365 subscription.
You need to implement a passwordless authentication solution that supports the following device types:
• Windows
• Android
• iOS
The solution must use the same authentication method for all devices.
Which authentication method should you use?

A. the Microsoft Authentication app

B. FIDO2-compliant security keys

C. multi-factor authentication (MFA)

D. Windows Hello for Business

Your network contains an on-premises Active Directory domain.
You have a Microsoft 365 subscription.
You implement a directory synchronization solution that uses pass-through authentication.
You configure Azure AD smart lockout as shown in the following exhibit.
 
You discover that Active Directory users can use the passwords in the custom banned passwords list.
You need to ensure that banned passwords are banned for all users.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From a domain controller, install the Azure AD Password Protection Proxy.

B. From Active Directory, modify the Default Domain Policy.

C. From a domain controller, install the Azure AD Application Proxy connector.

D. From all the domain controllers, install the Azure AD Password Protection DC Agent.

E. From Password protection for Windows Server Active Directory, modify the Mode setting.

F. From Custom banned passwords, modify the Enforce custom list setting.

HOTSPOT -
Your network contains an on-premises Active Directory domain.
You have a Microsoft 365 E5 subscription.
You plan to implement directory synchronization.
You need to identify potential synchronization issues for the domain. The solution must use the principle of least privilege.
What should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?

A. Security Reader

B. Global Administrator

C. Owner

D. User Administrator

You have a Microsoft 365 subscription.
You need to be notified to your personal email address when a Microsoft Exchange Online service issue occurs.
What should you do?

A. From the Exchange admin center, create a contact.

B. From the Microsoft Outlook client, configure an Inbox rule.

C. From the Microsoft 365 admin center, update the technical contact details.

D. From the Microsoft 365 admin center, customize the Service health settings.

HOTSPOT
-
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
 
You configure a multi-factor authentication (MFA) registration policy that has the following settings:
• Assignments:
o Include: Group1
o Exclude: Group2
• Access controls: Require Azure MFA registration
• Enforce Policy: On
You create a conditional access policy that has the following settings:
• Name: Policy 1
• Assignments:
o Include: Group2
o Exclude: Group1
• Access controls:
o Grant, Require multi-factor authentication
• Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

Your network contains an on-premises Active Directory domain named contoso.com.
For all user accounts, the Logon Hours settings are configured to prevent sign-ins outside of business hours.
You plan to sync contoso.com to an Azure AD tenant
You need to recommend a solution to ensure that the logon hour restrictions apply when synced users sign in to Azure AD.
What should you include in the recommendation?

A. pass-through authentication

B. conditional access policies

C. password synchronization

D. Azure AD Identity Protection policies

HOTSPOT
-
You have a Microsoft 365 subscription.
You need to identify all users that have an Enterprise Mobility + Security plan, and then provide a list of the users in the CSV format.
Which settings should you use in the Microsoft 365 admin center, and which option should you select? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365.
You need to automate Attack simulation training for users when a phishing campaign is detected in real-time.
Which type of automation should you use, and which condition should you configure for the Attack simulation training? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
Overview
-
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle.
Litware collaborates with a third-party company named A. Datum Corporation.
Environment
-
On-Premises Environment
-
The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.
 
The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019.
Cloud Environment
-
Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure AD Premium P2 licenses.
The subscription contains a verified DNS domain named litware.com.
Azure AD Connect is installed and has the following configurations:
• Password hash synchronization is enabled.
• Synchronization is enabled for the LitwareAdmins OU only.
Users are assigned the roles shown in the following table.
 
Self-service password reset (SSPR) is enabled.
The Azure AD tenant has Security defaults enabled.
Problem Statements
-
Litware identifies the following issues:
• Admin1 cannot create conditional access policies.
• Admin4 receives an error when attempting to use SSPR.
• Users access new Office 365 service and feature updates before the updates are reviewed by Admin2.
Requirements
-
Planned Changes
-
Litware plans to implement the following changes:
• Implement Microsoft Intune.
• Implement Microsoft Teams.
• Implement Microsoft Defender for Office 365.
• Ensure that users can install Office 365 apps on their device.
• Convert all the Windows 10 Pro devices to Windows 10 Enterprise ES.
• Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU.
Technical Requirements
-
Litware identifies the following technical requirements:
• Administrators must be able to specify which version of an Office 365 desktop app will be available to users and to roll back to previous versions.
• Only Admin2 must have access to new Office 365 service and feature updates before they are released to the company.
• Litware users must be able to invite A. Datum users to participate in the following activities:
• Join Microsoft Teams channels.
• Join Microsoft Teams chats.
• Access shared files.
• Just in time access to critical administrative roles must be required.
• Microsoft 365 incidents and advisories must be reviewed monthly.
• Office 365 service status notifications must be sent to Admin2.
• The principle of least privilege must be used.
You need to configure the Office 365 service status notifications and limit access to the service and feature updates. The solution must meet the technical requirements.
What should you configure in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

DRAG DROP
-
You have an Azure subscription that is linked to a hybrid Microsoft Entra tenant.
All users sync from Active Directory Domain Services (AD DS) to the tenant by using Express Settings in Microsoft Entra Connect.
You plan to implement self-service password reset (SSPR).
You need to ensure that when a user resets or changes a password, the password syncs with AD DS.
Which actions should you perform in sequence? To answer, drag the appropriate actions to the correct order. Each action may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription.
You need to add additional onmicrosoft.com domains to the subscription. The additional domains must be assignable as email addresses for users.
What is the maximum number of onmicrosoft.com domains the subscription can contain?

A. 1

B. 2

C. 5

D. 10

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
You need to configure Privileged Identity Management (PIM) for the User Administrator role in Microsoft Entra. Eligible users must meet the following requirements:
• Always be able to request the User Administrator role
• Must provide a reason when requesting the User Administrator role
• Must require multi-factor authentication (MFA) when activating the User Administrator role
The solution must minimize administrative effort.
How should you configure the Role settings for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 tenant.
You plan to manage incidents in the tenant by using the Microsoft 365 Defender.
Which Microsoft service source will appear on the Incidents page of the Microsoft 365 Defender portal?

A. Microsoft Sentinel

B. Microsoft Defender for Cloud

C. Azure Arc

D. Microsoft Defender for Identity

HOTSPOT
-
You have an Azure AD tenant that contains the users shown in the following table.
 
You enable self-service password reset for all users. You set Number of methods required to reset to 1, and you set Methods available to users to Security questions only.
What information must be configured for each user before the user can perform a self-service password reset? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint includes the device groups shown in the following table.
 
You onboard a computer named computer1 to Microsoft Defender for Endpoint as shown in the following exhibit.
 
Use the drop-down menus to select the answer choice that completes each statement.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription that contains the following user:
Name: User1 -
UPN:
user1@contoso.com
-
Email address:
user1@marketmg.contoso.com
MFA enrollment status: Disabled -
When User1 attempts to sign in to Outlook on the web by using the
user1@marketing.contoso.com
email address, the user cannot sign in.
You need to ensure that User1 can sign in to Outlook on the web by using
user1@marketing.contoso.com
.
What should you do?

A. Assign an MFA registration policy to User1.

B. Reset the password of User1.

C. Add an alternate email address for User1.

D. Modify the UPN of User1.

HOTSPOT -
You have a Microsoft 365 subscription.
You are planning a threat management solution for your organization.
You need to minimize the likelihood that users will be affected by the following threats:
Opening files in Microsoft SharePoint that contain malicious content
Impersonation and spoofing attacks in email messages
Which policies should you create in Microsoft 365 Defender? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

HOTSPOT -
You have an Azure AD tenant that contains the administrative units shown in the following table.
 
You have the following users:
• A user named User1 that is assigned the Password Administrator for AU1 and AU2.
• A user named User2 that is assigned the User Administrator for AU1.
• A user named User3 that is assigned the User Administrator for the tenant.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 subscription that contains a user named User1.
User1 requires admin access to perform the following tasks:
Manage Microsoft Exchange Online settings.
Create Microsoft 365 groups.
You need to ensure that User1 only has admin access for eight hours and requires approval before the role assignment takes place.
What should you use?

A. Azure AD Identity Protection

B. Microsoft Entra Verified ID

C. Conditional Access

D. Azure AD Privileged Identity Management (PIM)

HOTSPOT -
You have a Microsoft 365 tenant.
You create a retention label as shown in the Retention Label exhibit. (Click the Retention Label tab.)
 
You create a label policy as shown in the Label Policy exhibit. (Click the Label Policy tab.)
 
The label policy is configured as shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
 

HOTSPOT
-
You have a Microsoft 365 E5 subscription.
All corporate Windows 11 devices are managed by using Microsoft Intune and onboarded to Microsoft Defender for Endpoint.
You need to meet the following requirements:
• View an assessment of the device configurations against the Center for Internet Security (CIS) v1.0.0 benchmark.
• Protect a folder named C:Folder1 from being accessed by untrusted applications on the devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

DRAG DROP -
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2.
You need to ensure that each group can perform the tasks shown in the following table.
 
The solution must use the principle of least privilege.
Which role should you assign to each group? To answer, drag the appropriate roles to the correct groups. Each role may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.