You have a Microsoft 365 environment that contains 1,000 mobile devices.
You need to recommend a solution to prevent all the mobile devices that use the Exchange ActiveSync protocol from authenticating by using Basic authentication.
Which two solutions should you recommend? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Configure the CAS mailbox settings for each mailbox.

B. Implement Azure Multi-Factor Authentication (MFA).

C. Create an authentication policy.

D. Create a conditional access policy.

E. Create a device access rule.

HOTSPOT -
You have a Microsoft Exchange Online subscription.
You run the following command.
Set-ActiveSyncOrganizationSettings `"DefaultAccessLevel Block
You run Get-ActiveSyncDeviceAccessRule | fl Identity,AccessLevel,Characteristic,QueryString, and you receive the following output.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
 
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@abc.com
Microsoft 365 Password: xxxxxx -
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only.
Lab Instance: XXXXXX -
You need to prevent users in your company from sending out-of-office replies to users who use an email address suffix of @contoso.com. The solution must NOT use mail flow rules.
To complete this task, sign in to the Exchange admin center.

HOTSPOT -
You have a Microsoft Exchange Online tenant that contains a mail-enabled public folder named CustomerSupport.
You need to create a group for the customer support team at your company. The solution must ensure that email sent to the group is also posted to the
CustomerSupport public folder.
How should you configure the group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your company has a Microsoft Exchange Server 2019 organization.
You are auditing the Litigation Hold on the mailboxes of the company's research and development department.
You discover that the mailbox of a user named User1 has a Litigation Hold enabled.
You need to discover who placed the Litigation Hold on the mailbox of User1, and when the Litigation Hold was enabled.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From the Exchange admin center, run a per-mailbox Litigation Hold report.

B. From PowerShell, run the Get-Mailbox cmdlet.

C. From PowerShell, run the Get-MailboxStatistics cmdlet.

D. From the Exchange admin center, run an In-place eDiscovery and Hold report.

DRAG DROP -
Your company has a Microsoft Exchange Online subscription for an email domain named contoso.com.
The company works with a partner company that uses an email domain named tailspintoys.com.
You need to configure the environment only to accept email from tailspintoys.com if the email is sent from an IP address of 131.107.12.85.
How should you configure the connector from the Exchange admin center? To answer, drag the appropriate options to the correct message settings. Each option may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

You have a hybrid deployment that contains a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 server named Server1.
Server1 uses a certificate from a third-party certification authority (CA). The certificate is enabled for the SMTP service.
You replace the certificate with a new certificate.
You discover that delivery fails for all email messages sent from Server1 to your Microsoft 365 tenant.
You receive the following error message for all the queued email messages: “450 4.4.101 Proxy session setup failed on Frontend with 451 4.4.0 Primary target IP address responded with 451 5.7.3 STARTTLS is required to send mail.”
You need to ensure that the messages are delivered successfully from Server1 to the Microsoft 365 tenant.
What should you do?

A. Run the Exchange Hybrid Configuration wizard.

B. From Server1, run the iisreset command.

C. From Server1, enable the new certificate for the IMAP4 service.

D. From Server1, request a new certificate that support TLS.

You have a Microsoft Exchange Online tenant that contains a group named Group1.
You need to create a mail flow rule to enforce TLS for all email messages sent from Group1 to a partner company that has an email domain named contoso.com.
What should you do first?

A. Disable plus addressing.

B. Create a connector to contoso.com.

C. Configure enhanced filtering.

D. Add contoso.com as an accepted domain.

E. Add contoso.com as a remote domain.

HOTSPOT -
You have a Microsoft Exchange Server 2019 hybrid deployment.
You need to configure Hybrid Modern Authentication (HMA).
How should you complete the PowerShell commands? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft Exchange Server 2016 organization.
You are performing a full migration to Exchange Online.
You need to migrate all the address lists and data loss prevention (DLP) policies to Exchange Online.
What should you configure in the Hybrid Configuration Wizard?

A. Centralized mail transport

B. Organization Configuration Transfer

C. a transport certificate

D. a federation trust

You have a Microsoft Exchange Server 2019 organization that contains several thousand users. Most users connect to their mailbox by using a mobile device.
A new corporate security policy requires that when connecting from a mobile device, all users on devices that run iOS must use the Outlook mobile app only.
You need to modify the organization to meet the security requirement.
What should you do?

A. From the Exchange Management Shell, run the New-DeviceConditionalAccessPolicy cmdlet.

B. From the Exchange admin center, create a mobile device access rule.

C. From the Exchange Management Shell, run the New-DeviceConfigurationRule cmdlet.

D. From the Exchange admin center, modify the default mobile device mailbox policy.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Exchange Online tenant that contains 1,000 users.
A user named User1 receives a non-delivery report (NDR) when attempting to send an email message to an internal group named
sales@contoso.com
. The NDR contains the following text: `5.7.1 Delivery not authorized.`
You need to ensure that User1 can send email to
sales@contoso.com
successfully.
Solution: You modify the properties of a mail flow rule.

A. Yes

B. No

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Exchange Server 2019 hybrid deployment that contains two Mailbox servers named MBX1 and MBX2.
The company has the departments shown in the following table.
 
From the on-premises organization, outbound email is sent directly to the Internet by using DNS lookups.
You are informed that some sales department users send email messages that are identified as spam.
You need to automatically block the sales department users from repeatedly sending spam.
Solution: You modify the outbound spam filter policy in Exchange Online.
Does this meet the goal?

A. Yes

B. No

HOTSPOT
-
You have a Microsoft 365 subscription that contains a user named User1.
You need to ensure that User1 can perform the following actions:
•	Search all mailboxes.
•	Purge email from all mailboxes.
The solution must use the principle of least privilege.
To which role group should you add User1, and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft Exchange Online tenant that uses Microsoft Defender for Office 365.
You have the policies shown in the following table.
 
You need to track any modifications made to Policy1 by the identifying following:
•	The name of the user that modified the policy
•	The old and new values of settings modified in Policy1
•	How the modifications compare to the baseline settings of Standard Preset Security Policy
What should you use in the Microsoft 365 Defender portal?

A. Audit

B. Threat tracker

C. Threat analytics

D. Configuration analyzer

You have a Microsoft Exchange Server 2019 organization.
You need to configure the organization to use Exchange Online Protection (EOP) for the message hygiene of all inbound and outbound email.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Install an Exchange hybrid server.

B. For the organization, configure an MX record that points to Microsoft 365.

C. Create a hybrid organization relationship.

D. From the on-premises organization, create a connector to relay outbound email to Microsoft Office 365.

E. Create a Microsoft 365 Connector to the on-premises organization.

F. Create on-premises transport rules to control the outbound message flow.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You need to ensure that a user named User1 can review audit reports from the Microsoft 365 security center. User1 must be prevented from tracing messages from the Security admin center.
Solution: You assign the Security administrator role to User1.
Does this meet the goal?

A. Yes

B. No

DRAG DROP
-
You have a Microsoft Exchange Online tenant that uses Microsoft Defender for Office 365.
You create the policies shown in the following table.
 
What is the default retention period of quarantined email messages for each policy? To answer, drag the appropriate retention periods to the correct policies. Each retention period may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
 

Which contacts can sign in to and access resources in the adatum.com tenant?

A. Contact1 only

B. Contact2 only

C. Contact1 and Contact3 only

D. Contact2 and Contact3 only

E. Contact1, Contact2, and Contact3

You have a Microsoft Exchange Online tenant that uses an email domain named @contoso.com.
You recently configured Microsoft 365 to use a new email domain named @fabrikam.com instead of @contoso.com.
Users report that when they send email messages to external recipients, the messages are often erroneously identified as SPAM.
You verify that all the users can receive email successfully from other companies.
You need to reduce the likelihood that the email will be identified as SPAM by the external recipients.
What should you modify?

A. a text (TXT) record

B. a mail exchanger (MX) record

C. a remote domain

D. a mail flow rule

E. a safe attachments policy

HOTSPOT
-
You have a Microsoft Exchange Online tenant.
You suspect that an administrator accessed the mailbox of a user named User1.
You need to run a PowerShell command to identify which administrator signed in to the mailbox of User1.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a hybrid deployment between a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 organization. The deployment uses Azure AD Connect. All incoming email is delivered to Exchange Online.
You have 10 mail-enabled public folders hosted on an on-premises Mailbox server.
Customers receive an error when an email message is sent to a public folder.
You need to ensure that all the mail-enabled public folders can receive email messages from the internet. The solution must ensure that messages can be delivered only to valid recipients.
Solution: Configure the accepted domains as an internal relay.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 subscription that uses Microsoft Exchange Online Protection (EOP) with the default settings
You need to ensure that email messages sent from the unauthorized IP addresses of any sending domain are marked as High confidence spam. The solution must minimize administrative effort.
What should you do?

A. Create a mail flow rule.

B. For the default anti-spam inbound policy, set SPF record: hard fail to On.

C. For the default anti-spam inbound policy, set Conditional Sender ID filtering: hard fail to On.

D. For the default connection filter policy, add an entry to the IP Block List.

You manage a Microsoft Exchange Server 2019 hybrid deployment. All user mailboxes are located both on-premises and in the cloud. All public folders reside in
Exchange Online.
You need to configure the deployment so that the on-premises mailboxes can access the public folders.
Which three commands should you run? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Sync-MailPublicFolders.ps1

B. Set-OrganizationConfig ג€”PublicFoldersEnabled Remote

C. Import-PublicFolderMailboxes.ps1

D. Sync-MailPublicFoldersCloudToOnprem.ps1

E. Set-OrganizationConfig ג€”PublicFoldersEnabled Local -RemotePublicFolderMailboxes PfMailbox1

All the users in your company have Microsoft 365 mailboxes.
Each user connects to Microsoft Exchange Online and OneDrive for Business from a personal computer that runs Windows 10.
You need to ensure that the users can save attachments to OneDrive for Business only when they connect to their mailbox from Outlook on the web.
What should you create?

A. an Exchange ActiveSync device access rule

B. an app protection policy in Microsoft Endpoint Manager

C. an Outlook Web App policy in Exchange Online

D. a device compliance policy in Microsoft Endpoint Manager

You have a Microsoft Exchange Online tenant that contains a public folder named PF1.
You need to ensure that email sent to
pf1@contoso.com
is posted to F1.
What should you do?

A. Create a shared mailbox.

B. Mail-enable the public folder.

C. Create a public folder mailbox.

D. Create a mail flow rule.

Your company has a Microsoft Exchange Server 2019 hybrid deployment.
The company has a finance department.
You need to move all the on-premises mailboxes of the finance department to Exchange Online. The bulk of the move operation must occur during a weekend when the company's Internet traffic is lowest. The move must then be finalized the following Monday. The solution must minimize disruption to end users.
What should you do first?

A. Schedule a task that runs the New-MoveRequest cmdlet and specifies the Remote parameter.

B. Run the New-MigrationBatch cmdlet and specify the MoveOptions parameter.

C. Run the New-MigrationBatch cmdlet and specify the CompleteAfter parameter.

D. Create a script that moves most of the mailboxes on Friday at 22:00 and the remaining mailboxes on Monday at 09:00.

You have a Microsoft Exchange Online tenant that contains 1,000 users.
A user recently sent an email message that was never received by a recipient on the internet.
From the Exchange admin center, you successfully run a message trace but cannot see the message in the trace.
What is the most likely reason why the message fails to appear in the message trace?

A. The user addressed the message to multiple internal and external recipients.

B. The message is in the user’s Outbox folder.

C. Your administrative user account requires additional rights.

D. The user encrypted the email message.

You have a hybrid deployment that contains a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 server named Server1.
Server1 uses a certificate from a third-party certification authority (CA). The certificate is enabled for the SMTP service.
You replace the certificate with a new certificate.
You discover that delivery fails for all email messages sent from Server1 to your Microsoft 365 tenant.
You receive the following error message for all the queued email messages: “450 4.4.101 Proxy session setup failed on Frontend with 451 4.4.0 Primary target IP address responded with 451 5.7.3 STARTTLS is required to send mail.”
You need to ensure that the messages are delivered successfully from Server1 to the Microsoft 365 tenant.
What should you do?

A. From the Exchange admin center, update the certificate thumbprint in the properties of a connector.

B. From Server1, regenerate the certificate and select Make private keys exportable.

C. From Server1, run the iisreset command.

D. From Server1, request a new certificate that support TLS.

You purchase a Microsoft 365 E5 subscription.
You plan to use the Hybrid Configuration wizard to configure a hybrid deployment between Exchange Online and the on-premises Exchange organization.
You need to identify which ports are required to support configuring the hybrid deployment.
Which two ports should you open on the firewall? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. 25

B. 80

C. 443

D. 995

E. 587

You have a Microsoft Exchange Online tenant.
You need to ensure that all new mailboxes can send and receive messages that are up to a maximum of 50 MB.
What should you do in the Exchange admin center?

A. From Manage mailboxes, configure the Message size restriction Mail flow setting.

B. Configure a mail flow rule.

C. From Manage mailboxes, configure the Message delivery restriction Mail flow setting.

D. For each new mailbox, configure the recipient limit.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You need to ensure that a user named User1 can review audit reports from the Microsoft 365 security center. User1 must be prevented from tracing messages from the Security admin center.
Solution: You assign the Reports reader role to User1.
Does this meet the goal?

A. Yes

B. No

You recently implemented a hybrid deployment that contains a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 server named
Server1. The public IP address of Server1 is 131.107.1.100.
The deployment is configured as shown in the following table.
 
Users hosted in Microsoft 365 report that they receive non-delivery reports (NDRs) when they attempt to send email messages to mailboxes hosted in Exchange
Server 2019.
You need to ensure that the email is delivered successfully. The solution must ensure that email delivery is successful for all the users at your company.
What should you do?

A. Configure the remote domain to use a value of contoso.com.

B. Modify the MX record to point to the internal Exchange servers.

C. Configure the Outbound connector to use a smart host of 131.107.1.100.

D. Configure the accepted domain to use a value of *.

You have 1,000 user accounts that are each licensed for Microsoft 365. Each user account has a Microsoft Exchange Online mailbox.
Ten of the user accounts are configured as service accounts for applications. The applications send event notifications to the mailboxes of the service accounts by using SMTP. The developers of each application have delegated access to the mailbox of their respective application.
You need to ensure that all the event notifications sent by the applications are retained in the service account mailboxes so that new developers can review older notifications. The developers must be able to view only the notifications for their respective application. The solution must minimize licensing costs.
What should you do?

A. Replace the service account mailboxes with a single user mailbox that contains journal rules.

B. Replace the service account mailboxes with a mail-enabled group.

C. Convert the service account mailboxes into shared mailboxes.

D. Convert the service account mailboxes into mail-enabled users.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft Exchange Online tenant that contains the following email domains:
✑ Adatum.com
✑ Contoso.com
✑ Fabrikam.com
When external recipients receive email messages from the users in the tenant, all the messages are delivered by using the @contoso.com email domain.
You need to ensure that the users send email by using the @fabrikam.com email domain.
Solution: You modify the properties of the fabrikam.com accepted domain.
Does this meet the goal?

A. No

B. Yes

You have a Microsoft Exchange Online tenant that contains a mail-enabled public folder named folder1.
You need to prevent users from creating posts by sending email to folder1. The solution must ensure that the users can create new items in folder1 by using Microsoft Outlook.
Which command should you run?

A. Add-PublicFolderClientPermission “folder1” -AccessRights None

B. Disable-MailPublicFolder -Identity “folder1”

C. Enable-MailPublicFolder -Identity “folder1” -HiddenFromAddressListsEnabled $True

D. Set-MailPublicFolder -Identity “folder1” -AcceptMessagesOnlyFromDLMembers

You have a Microsoft Exchange Online subscription.
You need to generate a CSV file containing all the email messages that failed to send from the
user1@contoso.com
email address during the last 30 days.
What are two possible ways to achieve the goal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. From the Security & Compliance center, run a message trace.

B. From the Exchange admin center, run a message trace.

C. From Exchange Online PowerShell, run the Get-MessageTrace cmdlet.

D. From the Security & Compliance center, export the mailbox audit logs.

E. From Exchange Online PowerShell, run the Get-MessagetraceDetail cmdlet.

You need to recommend a solution for the public folders that supports the planned changes and meets the technical requirements.
What should you recommend?

A. Microsoft 365 groups

B. Resource mailboxes

C. Public folder replicas

D. Microsoft SharePoint site mailboxes

HOTSPOT -
You have a Microsoft Exchange Online tenant that contains the users shown in the following table.
 
From the Exchange admin center, you issue a Wipe Data command for User1 and User2.
What occurs on the device of each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

Your network contains an Active Directory domain named corp.contoso.com. The domain contains client computers that have Microsoft Office 365 Apps installed.
You have a hybrid deployment that contains a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 server named Server1.
All recipients use an email address suffix of @contoso.com.
You migrate all the Exchange Server recipients to Exchange Online, and then decommission Server1.
Users connected to the internal network report that they receive an Autodiscover error when they open Microsoft Outlook.
You need to ensure that all users can connect successfully to their mailbox by using Outlook.
Which two actions should you perform? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Add an accepted domain.

B. From the domain, modify the Autodiscover service connection point (SCP).

C. From the contoso.com DNS zone, modify the Autodiscover alias (CNAME) record.

D. Modify the name of the TLS certificate.

E. From the corp.contoso.com DNS zone, modify the Autodiscover host (A) record.

You have a Microsoft Exchange Online tenant named contoso.com that uses Microsoft 365 Defender and contains a security group named Executives.
You perform the following tasks:
•	Configure a Strict protection preset security policy and apply the policy to the Executives group.
•	Create a Safe Attachments policy named Policy1 and apply the policy to contoso.com.
You discover that Policy1 failed to apply to the Executives group.
You need to ensure that Policy1 is applied to all the members of the Executives group.
What should you do?

A. Increase the priority of Policy1.

B. Decrease the priority of Strict Preset Security Policy.

C. Modify the Strict protection preset security policy to match Policy1 and assign the Strict protection preset security policy to contoso.com.

D. Remove the Executives group from the Strict protection preset security policy.

HOTSPOT -
Your company has a Microsoft Exchange Server 2019 hybrid deployment.
The company has four departments that have the mailboxes shown in the following table.
 
The mailboxes are configured as shown in the following table.
 
You have two administrators named Admin1 and Admin2 that are assigned the permissions shown in the following table.
 
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
 

You have a Microsoft Exchange Server 2019 organization.
You plan to implement a hybrid deployment between Exchange Online and Exchange Server. The deployment must meet the following requirements:
✑ Support Outlook for iOS and Android.
✑ Support 500 on-premises mailboxes.
✑ Support Modern Authentication.
Which hybrid configuration topology should you recommend?

A. Classic Full

B. Modern Minimal

C. Modern Full

D. Classic Minimal

HOTSPOT
-
You have a Microsoft Exchange Online tenant that contains a public folder named PF1 and three users named User1, User2, and User3.
Users are assigned public folder permissions to PF1 as shown in the following table.
 
Which users can read items in PF1, and which users can delete all the items in PF1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
 

You have a Microsoft 365 E5 subscription and an on premises Microsoft Exchange Server 2019 organization that contains the servers shown in the following table.
 
You run the Hybrid Configuration wizard on EXCH1.
After running the wizard, you discover that Outlook on the web redirection.
You need to disable Outlook on the web redirection.
What should you do?

A. Run the Update-HybridConfiguration cmdlet.

B. Reconfigure Azure AD Connect.

C. Rerun the Hybrid Configuration wizard.

D. Run the Set-HybridConfiguration cmdlet.

DRAG DROP -
You have a Microsoft Exchange Server 2019 organization.
You need to identify which accounts in Active Directory are assigned permissions to dismount mailbox databases.
How should you complete the command? To answer, drag the appropriate values to the correct targets. Each value may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:
 

You have a Microsoft 365 tenant that contains a user named User1.
User1 reports that she cannot configure a mail profile in Microsoft Outlook for Windows.
User1 receives the following error message: "Encrypted connection to your mail server is not available."
You verify that User1 is assigned a Microsoft Office 365 Enterprise F3 license and can send email messages from her account by using Outlook on the web.
You need to ensure that User1 can connect to Outlook successfully.
What should you do?

A. Run the Microsoft Support and Recovery Assistant for Office 365.

B. Activate the installation of Office 365 ProPlus.

C. Modify the license assigned to User1.

D. Install a new certificate on the computer of User1.

HOTSPOT -
You have a Microsoft Exchange Server 2019 organization that uses an email domain named contoso.com.
You plan to move several mailboxes to Microsoft 365.
You need to configure hybrid mail flow to meet the following requirements:
✑ All email messages received from the internet must be filtered for spam by Microsoft 365.
✑ Your company's on-premises firewall must allow email messages between the on-premises Exchange servers and Microsoft 365.
What should you configure? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
 

HOTSPOT
-
You have a Microsoft Exchange Online tenant.
You need to add a custom domain named contoso.com that meets the following requirements:
•	All email messages from the internet must first be filtered by a third-party cloud service before being delivered to Exchange Online.
•	Recipient email systems must validate the messaging server for contoso.com.
Which type of DNS record should you use for each requirement? To answer, select the appropriate options in the answer area.
 

You deploy a Microsoft Exchange Server 2019 organization.
You need to ensure that users of all new mailboxes are prevented from editing their personal information.
What should you do?

A. From the Exchange admin center, create a new role assignment policy.

B. From PowerShell, run the New-RoleAssignmentPolicy cmdlet and specify the -isDefault parameter.

C. From the Exchange admin center, create a new role group and assign the role group to Domain Users.

D. From PowerShell, run the New-RoleGroup cmdlet and specify the -CustomRecipientWriteScope parameter.