MS-101 Online Dumps Boost Your Career

1. Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.

The company purchases a cloud app named App1 that supports Microsoft (loud App Security monitoring.

You configure App1 to be available from the My Apps portal.

You need to ensure that you can monitor App1 from Cloud App Security

What should you do?

2. You have a Microsoft 365 subscription

All users are assigned a Microsoft 365 E3 License.

You enable auditing for your organization.

What is the maximum amount of time data will be retained in the Microsoft 365 audit log?

3. HOTSPOT

You need to meet the Intune requirements for the Windows 10 devices.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

4. Which report should the New York office auditors view?

5. HOTSPOT

You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

6. You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.





You plan to implement attack surface reduction (ASR) rules.

Which devices will support the ASR rules?

7. DRAG DROP

Your company has a Microsoft 365 E5 tenant.

Users access resources in the tenant by using both personal and company-owned Android devices. Company policies requires that the devices have a threat level of medium or lower to access Microsoft Exchange Online mailboxes.

You need to recommend a solution to identify the threat level of the devices and to control access of the devices to the resources.

What should you include in the solution for each device type? To answer, drag the appropriate components to the correct devices. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

8. You have a Microsoft 365 subscription that uses a default domain named contoso.com.

You have two users named User 1 and User2.

From the Security & Compliance admin center, you add User1 to the ediscovery Manager role group.

From the Security & Compliance admin center, User1 creates a case named Case1

You need to ensure that User1 can add User2 as a case member. The solution must use the principle of least privilege.

To which role group should you add User2?

9. HOTSPOT

You have device compliance policies shown in the following table.





The device compliance state for each policy is shown in the following table.





NOTE: Each correct selection is worth one point.

10. Your company has a Microsoft 365 subscription that contains the domains shown in the following table.





The company plans to add a custom domain named fabrikam.com to the subscription and then to enable enrollment of devices to Intune by using auto discovery for Tabrikam.com.

You need to add a DNS record to the fabrikam.com zone.

Which record type should you use for the new record?

11. You use Microsoft System Center Configuration Manager (Current Branch) to manage devices.

Your company uses the following types of devices:

• Windows 10

• Windows 8.1

• Android

• iOS

Which devices can be managed by using co-management?

12. You have a Microsoft 365 subscription.

From the subscription, you perform an audit log search, and you download all the results.

You plan to review the audit log data by using Microsoft Excel.

You need to ensure that each audited property appears in a separate Excel column.

What should you do first?

13. You have a Microsoft 365 subscription that contains the alerts shown in the following table.





Which properties of the alerts can you modify?

14. You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.

You create a Microsoft Defender for identity instance Contoso.

The tenant contains the users shown in the following table.





You need to modify the configuration of the Defender for identify sensors.

Solutions: You instruct User3 to modify the Defender for identity sensor configuration.

Does this meet the goal?

15. HOTSPOT

From the Microsoft 365 compliance center, you configure a data loss prevention (DLP) policy for a Microsoft SharePoint Online site named Site1.

Site1 contains the roles shown in the following table.





Prvi creates the files shown in the exhibit. (Click the Exhibit tab.)





Which files can User1 and User2 open? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

16. Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You sign for Microsoft Store for Business.

The tenant contains the users shown in the following table.





Microsoft Store for Business has the following Shopping behavior settings:

✑ Allow users to shop is set to On

✑ Make everyone a Basic Purchaser is set to Off

You need to identify which users can install apps from the Microsoft for Business private store.

Which users should you identify?

17. You have a Microsoft 365 tenant.

Company policy requires that all Windows 10 devices meet the following minimum requirements:

✑ Require complex passwords.

✑ Require the encryption of data storage devices.

✑ Have Microsoft Defender Antivirus real-time protection enabled.

You need to prevent devices that do not meet the requirements from accessing resources in the tenant.

Which two components should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

18. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection

(ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.

Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Security administrator role.

Does this meet the goal?

19. You need to grant a user a named User1 access to download compliance reports from the Security & Compliance reports from the Security from the Security & Compliance admin center. The solution must use the principle of least privilege.

What should you do?

20. HOTSPOT

You create a Microsoft 365 subscription.

Your company’s privacy policy states that user activities must NOT be audited.

You need to disable audit logging in Microsoft 365.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

21. You enable the Azure AD Identity Protection weekly digest email.

You create the users shown in the following table.





Which users will receive the weekly digest email automatically?

22. HOTSPOT

You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2.

On September 5, 2019, you create and enforce a terms of use (ToU) in the tenant.

The ToU has the following settings:

✑ Name: Terms1

✑ Display name: Terms1 name

✑ Require users to expand the terms of use: Off

✑ Require users to consent on every device: Off

✑ Expire consents: On

✑ Expire starting on: October 10, 2019

✑ Frequency: Monthly

User1 accepts Terms1 on September 5, 2019. User2 accepts Terms1 on October 5, 2019.

When will Terms1 expire for the first time for each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

23. Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.

A user named User1 is a member of a dynamic group named Group1.

User1 reports that he cannot access documents shared to Group1.

You discover that User1 is no longer a member of Group1.

You suspect that an administrator made a change that caused User1 to be removed from Group1.

You need to identify which administrator made the change.

Which audit log activity should you search in the Security & Compliance admin center?

24. You have a Microsoft 365 E5 tenant.

You plan to create a custom Compliance Manager assessment template based on the ISO 27001:2013 template.

You need to export the existing template.

Which file format should you use for the exported template?

25. You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.





You need to configure an incident email notification rule that will be triggered when an alert occurs only on a Windows 10 device. The solution must minimize administrative effort.

What should you do first?

26. Your company has offices in five cities.

The company has a Microsoft 365 tenant.

Each office is managed by a local administrator.

You plan to deploy Microsoft Intune.

You need to recommend a solution to manage resources in intune that meets the following requirements:

✑ Local administrators must be able to manage only the resources in their respective office.

✑ Local administrators must be prevented from managing resources in other offices.

✑ Administrative effort must be minimized.

What should you include in the recommendation?

27. The users at your company use Dropbox to store documents. The users access Dropbox by using the MyApps portal.

You need to ensure that user access to Dropbox is authenticated by using a Microsoft 365 identify.

The documents must be protected if the data is downloaded to an untrusted device.

What should you do?

28. You have a Microsoft 365 E5 tenant.

You create an auto-labeling policy to encrypt emails that contain a sensitive info type. You specify the locations where the policy will be applied.

You need to deploy the policy.

What should you do first?

29. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You are deploying Microsoft Intune.

You successfully enroll Windows 10 devices in Intune.

When you try to enroll an iOS device in Intune, you get an error.

You need to ensure that you can enroll the iOS device in Intune.

Solution: You create the Mobility (MDM and MAM) settings.

Does this meet the goal?

30. Your network contains an on premises Active Directory domain.

Your company has a security policy that prevents additional software from txnrwj installed on domain controllers.

You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).

What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

31. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.

Which role should you assign to the user?

32. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection (ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.

Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Teams Service Administrator role.

Does this meet the goal?

33. HOTSPOT

You have a Microsoft 365 E5 tenant that contains 500 Windows 10 devices and a Windows 10 compliance policy.

You deploy a third-party antivirus solution to the devices.

You need to ensure that the devices are marked as compliant.

Which three settings should you modify in the compliance policy? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.

34. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.

Your company purchases a Microsoft 365 subscription.

You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Cloud App Security admin center.

Solution: From the Azure Active Directory admin center, you assign the Security administrator role to User1.

Does this meet the goal?

35. DRAG DROP

Your company purchases a cloud app named App1.

You need to ensure that you can use Microsoft Cloud App Security to block downloads in App1. App1 supports session controls.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

36. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure pilot co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: You add Device1 to an Active Directory group.

Does this meet the goal?

37. Your network contains an Active Directory domain named contoso.com. The domain contains 100 Windows 8.1 devices. You plan to deploy a custom Windows 10 Enterprise image to the Windows 8.1 devices. You need to recommend a Windows 10 deployment method.

What should you recommend?

38. You have a Microsoft 365 subscription that contains 500 users.

You have several hundred computers that run the 64-bit version of Windows 10 Enterprise and have the following configurations:

✑ Two volumes that contain data

✑ A CPU that has two cores

✑ TPM disabled

✑ 4 GB of RAM

All the computers are managed by using Microsoft Intune.

You need to ensure that you can turn on Windows Defender Application Guard on the computers.

What should you do first?

39. HOTSPOT

You have a Microsoft 365 E5 subscription.

You configure a new alert policy as shown in the following exhibit.





You need to identify the following:

✑ How many days it will take to establish a baseline for unusual activity.

✑ Whether alerts will be triggered during the establishment of the baseline.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

40. Your company has a Microsoft 365 E3 subscription.

All devices run Windows 10 Pro and are joined to Microsoft Azure Active Directory (Azure AD).

You need to change the edition of Windows 10 to Enterprise the next time users sign in to their computer. The solution must minimize downtime for the users.

What should you use?

41. HOTSPOT

You have a Microsoft 365 subscription.

You need to implement Windows Defender Advanced Threat Protection (ATP) for all the supported devices enrolled in mobile device management (MDM).

What should you include in the device configuration profile? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

42. HOTSPOT

You have a Microsoft 365 subscription that contains three groups named.

All users, Sales team, and Office users, and two users shown in the following table.





In Microsoft Endpoint Manager, you have the Policies for Office apps settings shown in the following exhibit.





The policies use the settings shown in the following table.





What is the default share folder location for User1 and the default Office theme for User2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

43. You have a Microsoft 365 tenant.

You plan to implement Endpoint Protection device configuration profiles.

Which platform can you manage by using the profile?

44. HOTSPOT

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The company stores 2 TBs of data in SharePoint Online document libraries.

The tenant has the labels shown in the following table.

45. You create the planned DLP policies.

You need to configure notifications to meet the technical requirements.

What should you do?

46. HOTSPOT

You have a data loss prevention (DIP) policy.

You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM). The solution must minimize the number of false positives.

Which two settings should you modify? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.

47. HOTSPOT

Your company has a Microsoft 36S subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The company stores 2 TBs of data in SharePoint Online document libraries.

The tenant has the labels shown in the following table.





From the Azure portal, you active unified labeling.

For each of the following statements, select yes if the statement is true Otherwise, select No. NOTE: Each correct selection is worth one point.

48. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You are deploying Microsoft Intune.

You successfully enroll Windows 10 devices in Intune.

When you try to enroll an iOS device in Intune, you get an error.

You need to ensure that you can enroll the iOS device in Intune.

Solution: You add your user account as a device enrollment manager.

Does this meet the goal?

49. HOTSPOT

From the Security & Compliance admin center, you create a retention policy named Policy1.

You need to prevent all users from disabling the policy or reducing the retention period.

Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

50. 1. Topic 1, Contoso, Ltd



Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The company has the employees and devices shown in the following table.





Contoso recently purchased a Microsoft 365 E5 subscription.



Existing Environment

The network contains an on-premises Active Directory forest named contoso.com.

The forest contains the servers shown in the following table.





All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.

The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.

The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.





The domain also includes a group named Group1.



Requirements

Planned Changes

Contoso plans to implement the following changes:

• Implement Microsoft 365.

• Manage devices by using Microsoft Intune.

• Implement Azure Advanced Threat Protection (ATP).

• Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.



Technical Requirements

Contoso identifies the following technical requirements:

• When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automaticaiy.

• Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.

• User1 must be able to enroll all the New York office mobile devices in Intune.

• Azure ATP sensors must be installed and must NOT use port mirroring.

• Whenever possible, the principle of least privilege must be used.

• A Microsoft Store for Business must be created.



Compliance Requirements

Contoso identifies the following compliance requirements:

• Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.

• Configure Windows Information Protection (W1P) for the Windows 10 devices.



HOTSPOT

You need to configure a conditional access policy to meet the compliance requirements.

You add Exchange Online as a cloud app.

Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

51. You have a Microsoft 365 subscription.

You need to be notified if users receive email containing a file that has a virus.

What should you do?

52. You have a Microsoft 365 subscription that uses Security & Compliance retention policies.

You implement a preservation lock on a retention policy that is assigned to all executive users.

Which two actions can you perform on the retention policy? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point?

53. You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.





You add custom apps to the private store in Microsoft Store Business.

You plan to create a policy to show only the private store in Microsoft Store for Business.

To which devices can the policy be applied?

54. You have a Microsoft 365 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

All the devices in your organization are onboarded to Microsoft Defender ATP.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

55. You have a Microsoft 365 E5 tenant that has sensitivity label support enabled for Microsoft and SharePoint Online.

You need to enable unified labeling for Microsoft 365 groups.

Which cmdlet should you run?

56. You have a Microsoft 365 E5 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.

You need to ensure that users can enroll devices in Microsoft Endpoint Manager without manually entering the address of Microsoft Endpoint Manager.

Which two DNS records should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

57. DRAG DROP

You create a Microsoft 36S subscription.

You need to create a deployment plan for Microsoft Azure Advanced Threat Protection (ATP).

Which five actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

58. You have a Microsoft 365 subscription.

All users have their email stored in Microsoft Exchange Online.

In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word Project X.

What should you do first?

59. You have a Microsoft 365 subscription.

Some users have iPads that are managed by your company.

You plan to prevent the ipad users from copying corporate data in Microsoft Word and pasting the data into other applications.

What should you create?

60. You plan to use the Security & Compliance admin center to import several PST files into Microsoft 365 mailboxes.

Which three actions should you perform before you import the data? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

61. HOTSPOT

You have a Microsoft 365 subscription that contains all the user data.

You plan to create the retention policy shown in the Locations exhibit. (Click the Locations tab.)





You configure the Advanced retention settings as shown in the Retention exhibit. (Click the Retention tab.)





The locations specified in the policy include the groups shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

62. HOTSPOT

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.

The tenant contains the users shown in the following table.





You create a retention label named Label1 that has the following configurations:

✑ Retains content for five years

✑ Automatically deletes all content that is older than five years

You turn on Auto labeling for Label1 by using a policy named Policy1.

Policy1 has the following configurations:

✑ Applies to content that contains the word Merger

✑ Specifies the OneDrive accounts and SharePoint sites locations

You run the following command.

Set-RetentionCompliancePolicy Policy1 CRestrictiveRetention $true-Force

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

63. Your company has 5,000 Windows 10 devices. All the devices are protected by using Windows Defender Advanced Threat Protection (ATP).

You need to view which Windows Defender ATP alert events have a high severity and occurred during the last seven days.

What should you use in Windows Defender ATP?

64. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear In the review screen.

You have a Microsoft Azure Active directory (Azure AD) tenant named contoso.com.

You create an Azure Advanced Threat Protection (ATP) workspace named Workspace1.

The tenet contains the users shown in the following table:





You need to modify the configuration of the Azure ATP sensors.

Solution: You instruct User 3 to modify the Azure ATP sensor configuration.

Does this meet the goal?

65. You have a Microsoft 365 E5 tenant that uses Microsoft Intune.

You need to ensure that users can select a department when they enroll their device in Intune.

What should you create?

66. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

From the Microsoft 365 Defender, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.

You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.

Solution: From the Microsoft 365 Defender, you modify the roles of the US eDiscovery Managers role group.

Does this meet the goal?

67. You need to protect the U.S. PII data to meet the technical requirements.

What should you create?

68. You have a Microsoft 365 E5 subscription.

You run an eDiscovery search that returns the following Azure Rights Management (Azure RMS) C encrypted content:

✑ Microsoft Exchange emails

✑ Microsoft OneDrive documents

✑ Microsoft SharePoint documents

Which content can be decrypted when you export the eDiscovery search results?

69. You have a Microsoft 365 E5 subscription.

You need to identify which users accessed Microsoft Office 365 from anonymous IP addresses during the last seven days.

What should you do?

70. HOTSPOT

You have a Microsoft 365 tenant that contains the groups shown in the following table.





You plan to create a compliance policy named Compliance1.

You need to identify the groups that meet the following requirements:

✑ Can be added to Compliance1 as recipients of noncompliance notifications

✑ Can be assigned to Compliance1

To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

71. HOTSPOT

You have a Microsoft 365 tenant named contoso.com.

The tenant contains the users shown in the following table.





You have the eDiscovery cases shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

72. HOTSPOT

You have a Microsoft 365 E5 tenant that contains five devices enrolled in Microsoft Intune as shown in the following table.





All the devices have an app named App1 installed.

You need to prevent users from copying data from App1 and pasting the data into other apps.

Which policy should you create in Microsoft Endpoint Manager, and what is the minimum number of required policies? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

73. HOTSPOT

You have a Microsoft Azure Active Directory (Azure AD) tenant named sk180818.onmicrosoft.com.

The tenant contains the users shown in the following table.





In Azure Information Protection, you create a label named Label1 as shown in the following exhibit.





Label1 is applied to a file named File1.

You send File1 as an email attachment to User1, User2, User3, and User4.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

74. You have a Microsoft 365 E5 tenant.

You plan to deploy a monitoring solution that meets the following requirements:

✑ Captures Microsoft Teams channel messages that contain threatening or violent language.

✑ Alerts a reviewer when a threatening or violent message is identified.

What should you include in the solution?

75. You purchase a new computer that has Windows 10, version 2004 preinstalled.

You need to ensure that the computer is up-to-date. The solution must minimize the number of updates installed.

What should you do on the computer?

76. You need to create the DLP policy to meet the technical requirements.

What should you configure first?

77. From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)





What will be excluded from the export?

78. You are testing a data loss prevention (DLP) policy to protect the sharing of credit card information with external users.

During testing, you discover that a user can share credit card information with external users by using email.

However, the user is prevented from sharing files that contain credit card information by using Microsoft

SharePoint Online.

You need to prevent the user from sharing the credit card information by using email and SharePoint.

What should you configure?

79. You have a Microsoft 365 subscription.

You need to be notified if users receive email containing a file that has a virus.

What should you do?

80. HOTSPOT

You have a Microsoft 365 subscription.

You are planning a threat management solution for your organization.

You need to minimize the likelihood that users will be affected by the following threats:

✑ Opening files in Microsoft SharePoint that contain malicious content

✑ Impersonation and spoofing attacks in email messages

Which policies should you create in the Security & Compliance admin center? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

81. DRAG DROP

You have a Microsoft 365 subscription.

In the Exchange admin center, you have a data loss prevention (DLP) policy named Policy1 that has the following configurations:

✑ Block emails that contain financial data.

✑ Display the following policy tip text: Message blocked.

From the Security & Compliance admin center, you create a DLP policy named Policy2 that has the following configurations:

✑ Use the following location: Exchange email.

✑ Display the following policy tip text: Message contains sensitive data.

✑ When a user sends an email, notify the user if the email contains health records.

What is the result of the DLP policies when the user sends an email? To answer, drag the appropriate results to the correct scenarios. Each result may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

82. HOTSPOT

You need to meet the technical requirement for log analysis.

What is the minimum number of data sources and log collectors you should create from Microsoft Cloud App Security? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

83. Your company has a Microsoft 365 subscription.

You implement Microsoft Azure Information Protection.

You need to automatically protect email messages that contain the word Confidential in the subject line.

What should you create?

84. HOTSPOT

You have an Azure subscription and an on-premises Active Directory domain. The domain contains 50

computers that run Windows 10.

You need to centrally monitor System log events from the computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

85. You have computers that run Windows 10 Enterprise and are joined to the domain.

You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.

You need to prevent Windows from being updated for the next 30 days.

Which two Group Policy settings should you configure? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

86. You have a Microsoft 365 subscription.

From the Security & Compliance admin center, you create a content search of all the mailboxes that contain the word Project X.

You need to export the results of the content search.

What do you need to download the report?

87. DRAG DROP

You have a Microsoft 365 subscription.

You have the devices shown in the following table.





You plan to join the devices to Azure Active Directory (Azure AD)

What should you do on each device to support Azure AU join? To answer, drag the appropriate actions to the collect devices, Each action may be used once, more than once, of not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

88. HOTSPOT

You have a Microsoft 365 tenant that has Enable Security defaults set to No in Azure Active Directory (Azure AD).

The tenant has two Compliance Manager assessments as shown in the following table.





The SP800 assessment has the improvement actions shown in the following table.





You perform the following actions:

✑ For the Data Protection Baseline assessment, change the Test status of Establish a threat intelligence program to Implemented.

✑ Enable multi-factor authentication (MFA) for all users.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

89. You implement Microsoft Azure Advanced Threat Protection (Azure ATP).

You have an Azure ATP sensor configured as shown in the following exhibit.





How long after the Azure ATP cloud service is updated will the sensor update?

90. You need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices.

What is the minimum of dedicated support technicians required?

91. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

From the Security & Compliance admin center, you create a role group named US

eDiscovery Managers by copying the eDiscovery Manager role group.

You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.

Solution: From Windows PowerShell, you run the New-ComplianceSecurityFilter cmdlet with the appropriate parameters.

Does this meet the goal?

92. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.

The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.

You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.

You install the Group Policy Management Console (GPMC) on Server1.

You need to configure the Windows Update for Business Group Policy settings on Server1.

Solution: You upgrade Server1 to Windows Server 2019.

Does this meet the goal?

93. You need to configure Office on the web to meet the technical requirements.

What should you do?

94. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.

You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.

Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters.

Does this meet the goal?

95. HOTSPOT

You have Microsoft 365 subscription.

You create an alert policy as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

96. DRAG DROP

You have a Microsoft 365 E5 tenant that contains 500 Android devices enrolled in Microsoft Intune.

You need to use Microsoft Endpoint Manager to deploy a managed Google Play app to the devices.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

97. HOTSPOT

You have several devices enrolled in Microsoft Intune.

You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.





The device type restrictions in Intune are configured as shown in the following table.





You add User3 as a device enrollment manager in Intune.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

98. HOTSPOT

You have a Microsoft 365 tenant that contains 100 Windows 10 devices. The devices are managed by using Microsoft Endpoint Manager.

You plan to create two attack surface reduction (ASR) policies named ASR1 and ASR2. ASR1 will be used to configure Microsoft Defender Application Guard. ASR2 will be used to configure Microsoft Defender SmartScreen.

Which ASR profile type should you use for each policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

99. Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains computers that run Windows 10 Enterprise and are managed by using Microsoft Intune.

The computers are configured as shown in the following table.





You plan to implement Windows Defender Application Guard for contoso.com.

You need to identify on which two Windows 10 computers Windows Defender Application Guard can be installed.

Which two computers should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

100. HOTSPOT

You have a Microsoft 365 E5 tenant that contains the users shown in the following table.





Users are assigned Microsoft Store for Business roles as shown in the following table.





Which users can add apps to the private store in Microsoft Store for Business, and which users can install apps from the private store? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

101. HOTSPOT

Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).

You have Windows 10 and Windows 8.1 devices.

You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

102. You plan to use Azure Sentinel and Microsoft Cloud App Security. You need to connect Cloud App Security to Azure Sentinel.

What should you do in the Cloud App Security admin center?

103. Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.

The tenant is configured to use Azure AD Identity Protection.

You plan to use an application named App1 that creates reports of Azure AD Identity Protection usage.

You register App1 in the tenant.

You need to ensure that App1 can read the risk event information of contoso.com.

To which API should you delegate permissions?

104. You have Windows 10 devices that are managed by using Microsoft Endpoint Manager.

You need to configure the security settings in Microsoft Edge.

What should you create in Microsoft Endpoint Manager?

105. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these

questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are

connected to your on-premises network.

Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy.

Does this meet the goal?

106. You have a Microsoft 365 tenant that contains the groups shown in the following table.





You plan to create a new Windows 10 Security Baseline profile.

To which groups can you assign to the profile?

107. You have a Microsoft 365 E5 subscription that uses Microsoft intune.

in the Microsoft Endpoint Manager admin center, you discover many stale and inactive devices,

You enable device clean-up rules

What can you configure as the minimum number of days before a device a removed automatically?

108. You have a Microsoft 365 E5 tenant.

You plan to deploy 1.000 new iOS devices to users. The devices will be shipped directly from the supplier to the users.

You need to recommend a Microsoft Intune enrollment option that meets the following requirements:

• Minimizes user interaction

• Minimizes administrative effort

• Automatically installs corporate apps

What should you recommend?

109. HOTSPOT

You create two device compliance policies for Android devices as shown in the following table.





You have the Android devices shown in the following table.





The users belong to the groups shown in the following table.





The users enroll their device in Microsoft Intune.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.