MS-102 Microsoft 365 Administrator Exam – Updated Questions and Answers (2025)

NEW QUESTION 1

- (Edutechnolab 1)

You need to meet the Intune requirements for the Windows 10 devices.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

1. Mastered
2. Not Mastered

Answer: A

Explanation:

References:

https://docs.microsoft.com/en-us/intune/windows-enroll

NEW QUESTION 2

- (Edutechnolab 1)

You need to ensure that User1 can enroll the devices to meet the technical requirements. What should you do?

1. From the Azure Active Directory admin center, assign User1 the Cloud device administrator rote.
2. From the Azure Active Directory admin center, configure the Maximum number of devices per user setting.
3. From the Intune admin center, add User1 as a device enrollment manager.
4. From the Intune admin center, configure the Enrollment restrictions.

Answer: C

Explanation:

References:

https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager

NEW QUESTION 3

- (Edutechnolab 1)

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure a pilot for co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the

collection.

Does this meet the goal?

 

1. Yes
2. NO

 

Answer: A

Explanation:

Device1 has the Configuration Manager client installed so you can manage Device1 by using Configuration Manager. To manage Device1 by using Microsoft Intune, the device has to be enrolled in Microsoft Intune. In the Co-management Pilot configuration, you configure a Configuration Manager Device Collection that determines which devices are auto-enrolled in Microsoft Intune. You need to add Device1 to the Device Collection so that it auto-enrols in Microsoft Intune. You will then be able to manage Device1 using Microsoft Intune. Reference: https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable

NEW QUESTION 4

- (Edutechnolab 1)

You need to meet the technical requirements and planned changes for Intune. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/intune/windows-enroll

NEW QUESTION 5

- (Edutechnolab 1)

You need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices. What is the minimum of dedicated support technicians required?

 

1. 1
2. 4
3. 7
4. 31

Answer: B

Explanation:

References:

https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager

NEW QUESTION 6

- (Edutechnolab 1)

You need to create the Microsoft Store for Business. Which user can create the store?

 

1. User2
2. User3
3. User4
4. User5

Answer: C

Explanation:

References:

https://docs.microsoft.com/en-us/microsoft-store/roles-and-permissions-microsoft-store-for-business

NEW QUESTION 7

You need to meet the compliance requirements for the Windows 10 devices. What should you create from the Intune admin center?

1. a device compliance policy
2. a device configuration profile
3. an application policy
4. an app configuration policy

Answer: C

NEW QUESTION 8

You need to protect the U.S. PII data to meet the technical requirements. What should you create?

 

1. a data loss prevention (DLP) policy that contains a domain exception
2. a Security & Compliance retention policy that detects content containing sensitive data
3. a Security & Compliance alert policy that contains an activity
4. a data loss prevention (DLP) policy that contains a user override

Answer: A 

NEW QUESTION 9

You need to recommend a solution for the security administrator. The solution must meet the technical requirements. What should you include in the recommendation?

 

1. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management
2. Microsoft Azure Active Directory (Azure AD) Identity Protection
3. Microsoft Azure Active Directory (Azure AD) conditional access policies
4. Microsoft Azure Active Directory (Azure AD) authentication methods

Answer: B

Explanation:

References:

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-condition states clearly that Sign-in risk

NEW QUESTION 10

You need to meet the technical requirement for large-volume document retrieval. What should you create?

1. a data loss prevention (DLP) policy from the Security & Compliance admin center
2. an alert policy from the Security & Compliance admin center
3. a file policy from Microsoft Cloud App Security
4. an activity policy from Microsoft Cloud App Security

Answer: D

Explanation:

References:

https://docs.microsoft.com/en-us/office365/securitycompliance/activity-policies-and-alerts

NEW QUESTION 10

You need to create the DLP policy to meet the technical requirements. What should you configure first?

 

1. sensitive info types
2. the Insider risk management settings
3. the event types
4. the sensitivity labels

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide

NEW QUESTION 12

You need to ensure that User2 can review the audit logs. The solutions must meet the technical requirements. To which role group should you add User2, and what should you use? To answer, select the appropriate options in the answer area.

 

 

NOTE: Each correct selection is worth one point.

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text Description automatically generated Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?vi

NEW QUESTION 13 

You plan to implement the endpoint protection device configuration profiles to support the planned changes. You need to identify which devices will be supported, and how many profiles you should implement.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Table Description automatically generated Reference:

https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create

NEW QUESTION 17

 

 

You have a Microsoft 365 E5 tenant that contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.

You create a sensitivity label named Sensitivity1 and an auto-label policy that has the following configurations: Name: AutoLabel1

Label to auto-apply: Sensitivity1

Rules for SharePoint Online sites: Rule1-SPO

Choose locations where you want to apply the label: Site1 Rule1-SPO is configured as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text, application Description automatically generated Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-w https://docs.microsoft.com/en- us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

 

NEW QUESTION 20

 

 

You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.

The devices are managed by using Microsoft Intune.

You plan to use a configuration profile to assign the Delivery Optimization settings. Which devices will support the settings?

 

1. Device1 only
2. Device1 and Device4
3. Device1, Device3, and Device4
4. Device1, Device2, Device3, and Device4

Answer: A

 

NEW QUESTION 21

 

 

You have a Microsoft 365 E5 subscription that uses Microsoft intune. The subscription contains the resources shown in the following table.

User1 is the owner of Device1.

You add Microsoft 365 Apps Windows 10 and later app types to Intune as shown in the following table. On Thursday, you review the results of the app deployments.

 

 

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

1. Mastered
2. Not Mastered

Answer: A

 

 

 

 

NEW QUESTION 22

You have a Microsoft 365 tenant.

You plan to manage incidents in the tenant by using the Microsoft 365 security center.

Which Microsoft service source will appear on the Incidents page of the Microsoft 365 security center?

 

1. Microsoft Defender for CloudUse the
2. Microsoft Purview
3. Azure Arc
4. Microsoft Defender for Identity

Answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender/investigate-alerts?view=o365-worldwide

 

NEW QUESTION 26

You have a Microsoft 365 subscription.

 

 

You have the devices shown in the following table.

You plan to join the devices to Azure Active Directory (Azure AD)

What should you do on each device to support Azure AU join? To answer, drag the appropriate actions to the collect devices, Each action may be used once, more than once, of not at all. You may need to drag the split bar between panes or scroll to view content.

 

 

NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. 
3.  
4. Not Mastered

 Answer: A 

 

NEW QUESTION 31

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain. You deploy an Azure AD tenant.

Another administrator configures the domain to synchronize to Azure AD.

You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully. You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.

You need to ensure that the 10 user accounts are synchronized to Azure AD.

Solution: From the Synchronization Rules Editor, you create a new outbound synchronization rule. Does this meet the goal?

 

1. Yes
2. No

Answer: B

Explanation:

The question states that “all the user account synchronizations completed successfully”. Therefore, the synchronization rule is configured correctly. It is likely that the 10 user accounts are being excluded from the synchronization cycle by a filtering rule.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering

 

NEW QUESTION 32

You have a Microsoft 365 E5 subscription.

You create an account tor a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint and OneDrive. Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Teams Administrator role.

Does this meet the goal?

 

1. Yes
2. no

Answer: B

NEW QUESTION 37

Your company has a Microsoft E5 tenant.

The company must meet the requirements of the ISO/IEC 27001:2013 standard. You need to assess the company’s current state of compliance. What should you use?

 

1. eDiscovery
2. Information governance
3. Compliance Manager
4. Data Subject Requests (DSRs)

 

Answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/compliance/regulatory/offering-iso-27001

NEW QUESTION 42

You have a Microsoft 365 E3 subscription.

You plan to launch Attack simulation training for all users.

Which social engineering technique and training experience will be available? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Box 1: Credential Harvest

Attack simulation training offers a subset of capabilities to E3 customers as a trial. The trial offering contains the ability to use a Credential Harvest payload and the ability to select 'ISA Phishing' or 'Mass Market Phishing' training experiences. No other capabilities are part of the E3 trial offering.

Note: In Attack simulation training, multiple types of social engineering techniques are available: Credential Harvest Malware Attachment Link to Malware Etc.

Box 2: Mass Market Phishing Reference:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-start

 

NEW QUESTION 43

You have a Microsoft 365 subscription.

A user named user1@contoso.com was recently provisioned.

You need to use PowerShell to assign a Microsoft Office 365 E3 license to User1. Microsoft Bookings must NOT be enabled.

How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Box 1: Connect-MgGraph

Assign Microsoft 365 licenses to user accounts with PowerShell Use the Microsoft Graph PowerShell SDK First, connect to your Microsoft 365 tenant.

Assigning and removing licenses for a user requires the User.ReadWrite.All permission scope or one of the other permissions listed in the 'Assign license' Microsoft Graph API reference page.

The Organization.Read.All permission scope is required to read the licenses available in the tenant. Connect-MgGraph -Scopes User.ReadWrite.All, Organization.Read.All

Box 2: Get-MgSubscribedSku

Run the Get-MgSubscribedSku command to view the available licensing plans and the number of available licenses in each plan in your organization. The number of available licenses in each plan is ActiveUnits - WarningUnits - ConsumedUnits.

Box 3: Set-MgUserLicense Assigning licenses to user accounts

To assign a license to a user, use the following command in PowerShell.

Set-MgUserLicense -UserId $userUPN -AddLicenses @{SkuId = "<SkuId>"} -RemoveLicenses @() This example assigns a license from the SPE_E5 (Microsoft 365 E5) licensing plan to the unlicensed user

belindan@litwareinc.com:

$e5Sku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'SPE_E5'

Set-MgUserLicense -UserId "belindan@litwareinc.com" -AddLicenses @{SkuId = $e5Sku.SkuId}

-RemoveLicenses @() Reference:

https://learn.microsoft.com/en-us/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365

 

NEW QUESTION 48

 

 

Your network contains an on-premises Active Directory domain and a Microsoft 365 subscription. The domain contains the users shown in the following table.

The domain contains the groups shown in the following table.

 

 

You are deploying Azure AD Connect.

 

 

You configure Domain and OU filtering as shown in the following exhibit.

You configure Filter users and devices as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

 

1. Mastered
2. Not Mastered 

Answer: A 

 

 

NEW QUESTION 53

 

 

You have a Microsoft 365 subscription that contains three groups named All users, Sales team, and Office users, and two users shown in the following table.

In Microsoft Endpoint Manager, you have the Policies for Office apps settings shown in the following exhibit.

 

 

The policies use the settings shown in the following table.

What is the default share folder location for User1 and the default Office theme for User2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Table Description automatically generated Reference:

https://docs.microsoft.com/en-us/deployoffice/overview-office-cloud-policy-service

 

NEW QUESTION 55

You have a Microsoft 365 tenant that contains two users named User1 and User2. You create the alert policy shown in the following exhibit.

 

 

User2 runs a script that modifies a file in a Microsoft SharePoint Online library once every four minutes and runs for a period of two hours. How many alerts will User1 receive?

 

1. 2
2. 5
3. 10
4. 25

Answer: D

 

NEW QUESTION 59

You have a Microsoft 365 E5 subscription.

 

 

From Azure AD Privileged Identity Management (PIM), you configure Role settings for the Global Administrator role as shown in the following exhibit.

 

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

 

 

 

 

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Box 1: will lose the role after eight hours

From exhibit: Activation, Activation maximum duration (hours): 8 hour(s) Box 2: for up to three months We see from exhibit: Assignment, Expire eligible assignment after: 3 month(s)

 

NEW QUESTION 61

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.

Your company purchases Microsoft 365 and creates an Azure AD tenant named contoso.onmicrosoft.com. You plan to install Azure AD Connect on a member server and implement pass-through authentication. You need to prepare the environment for the planned implementation of pass-through authentication. Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

 

1. From a domain controller install an Authentication Agent
2. From the Microsoft Entra admin center, confiqure an authentication method.
3. From Active Director,' Domains and Trusts add a UPN suffix
4. Modify the email address attribute for each user account.
5. From the Microsoft Entra admin center, add a custom domain name.
6. Modify the User logon name for each user account.

 

Answer: ABE

Explanation:

Deploy Azure AD Pass-through Authentication Step 1: Check the prerequisites Ensure that the following prerequisites are in place. In the Entra admin center

(E) 2. Add one or more custom domain names to your Azure AD tenant. Your users can sign in with one of these domain names.

(A) In your on-premises environment

• 1. Identify a server running Windows Server 2016 or later to run Azure AD Connect. If not enabled already, enable TLS 1.2 on the server. Add the server to the same Active Directory forest as the users whose passwords you need to validate. It should be noted that installation of Pass-Through Authentication agent on Windows Server Core versions is not supported.
• 2. Install the latest version of Azure AD Connect on the server identified in the preceding step. If you already have Azure AD Connect running, ensure that the version is supported.
• 3. Identify one or more additional servers (running Windows Server 2016 or later, with TLS 1.2 enabled) where you can run standalone Authentication Agents. These additional servers are needed to ensure the high availability of requests to sign in. Add the servers to the same Active Directory forest as the users whose passwords you need to validate.
• 4. Etc.

(B) Step 2: Enable the feature

Enable Pass-through Authentication through Azure AD Connect.

If you're installing Azure AD Connect for the first time, choose the custom installation path. At the User

sign-in page, choose Pass-through Authentication as the Sign On method. On successful completion, a Pass-through Authentication Agent is installed on the same server as Azure AD Connect. In addition, the Pass-through Authentication feature is enabled on your tenant.

Incorrect:

Not C: From Active Directory Domains and Trusts, add a UPN suffix Not D. Modify the email address attribute for each user account. Not F. Modify the User logon name for each user account. Reference:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta-quick-start

 

NEW QUESTION 62

You have an Azure subscription and an on-premises Active Directory domain. The domain contains 50 computers that run Windows 10. You need to centrally monitor System log events from the computers.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-windows-computer

 

NEW QUESTION 67

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer that runs Windows 10.

You need to verify which version of Windows 10 is installed.

Solution: From the Settings app, you select Update & Security to view the update history. Does this meet the goal?

 

1. Yes
2. No

Answer: B

 

NEW QUESTION 70

 

 

You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.

The device compliance policies in Endpoint Manager are configured as shown in the following table.

 

 

The device compliance policies have the assignments shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered 

Answer: A 

 

 

 

 

 

NEW QUESTION 74

You have a Microsoft 365 E5 tenant that contains 500 Android devices enrolled in Microsoft Intune. You need to use Microsoft Endpoint Manager to deploy a managed Google Play app to the devices.

Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

 

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Graphical user interface, text, application Description automatically generated Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-android-for-work#assign-a-managed-google-play-a

 

NEW QUESTION 79

You have several devices enrolled in Microsoft Endpoint Manager.

 

 

You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

The device type restrictions in Endpoint Manager are configured as shown in the following table.

 

 

 

 

 

1. Mastered
2. Not Mastered

 

Answer: A

 

 

 

NEW QUESTION 83

You have a Microsoft 365 tenant.

You need to retain Azure Active Directory (Azure AD) audit logs for two years. Administrators must be able to query the audit log information by using the Azure Active Directory admin center.

 

 

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. 

Not Mastered 

Answer: A 

 

 

 

 

NEW QUESTION 87

You have a Microsoft 365 subscription.

 

 

You have an Azure AD tenant that contains the users shown in the following table.

You configure Tenant properties as shown in the following exhibit.

 

Which users will be contacted by Microsoft if the tenant experiences a data breach?

 

1. Used only
2. User2 only
3. User3 only
4. Used and User2 only
5. User2 and User3 only

 

Answer: B

Explanation:

Microsoft 365 is committed to notifying customers within 72 hours of breach declaration. The customer's tenant administrator will be notified. Reference:

https://learn.microsoft.com/en-us/compliance/regulatory/gdpr-breach-office365

 

NEW QUESTION 92

 

 

You enable the Azure AD Identity Protection weekly digest email. You create the users shown in the following table.

Which users will receive the weekly digest email automatically?

 

1. Admin2, Admin3, and Admin4 only
2. Admin1, Admin2, Admin3, and Admin4
3. Admin2 and Admin3 only
4. Admin3 only
5. Admin1 and Admin3 only

Answer: E

Explanation:

By default, all Global Admins receive the email. Any newly created Global Admins, Security Readers or Security Administrators will automatically be added to the recipients list.

 

NEW QUESTION 96

You have a Microsoft 365 E5 subscription that contains 200 Android devices enrolled in Microsoft Intune. You create an Android app protection policy named Policy! that is targeted to all Microsoft apps and assigned to all users.

Policy! has the Data protection settings shown in the following exhibit.

 

 

 

Use the drop-down menus to select 'he answer choice that completes each statement based on the information presented in the graphic.

 

 

1. Mastered

Answer: A

Explanation:

 

 

 

NEW QUESTION 100

You have a Microsoft 365 E5 tenant. Users store data in the following locations: Microsoft Teams

Microsoft OneDrive Microsoft Exchange Online Microsoft SharePoint Online

You need to retain Microsoft 365 data for two years.

What is the minimum number of retention policies that you should create?

 

A. 1

B. 2

C. 3

D. 4

Answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/create-retention-policies?view=o365-worldwide

 

NEW QUESTION 104

You have a Microsoft 365 subscription.

You need to review metrics for the following: The daily active users in Microsoft Teams Recent Microsoft service issues

 

 

What should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Box 1: Usage reports

The daily active users in Microsoft Teams

Microsoft 365 Reports in the admin center - Microsoft Teams usage activity

The brand-new Teams usage report gives you an overview of the usage activity in Teams, including the number of active users, channels and messages so you can quickly see how many users across your organization are using Teams to communicate and collaborate. It also includes other Teams specific activities, such as the number of active guests, meetings, and messages.

Box 2: Service Health

Recent Microsoft service issues

You can view the health of your Microsoft services, including Office on the web, Yammer, Microsoft Dynamics CRM, and mobile device management cloud

services, on the Service health page in the Microsoft 365 admin center. If you are experiencing problems with a cloud service, you can check the service health to determine whether this is a known issue with a resolution in progress before you call support or spend time troubleshooting.

Reference:

https://learn.microsoft.com/en-us/microsoft-365/admin/activity-reports/microsoft-teams-usage-activity https://learn.microsoft.com/en- us/microsoft-365/enterprise/view-service-health

 

NEW QUESTION 107

 

 

You implement Microsoft Azure Advanced Threat Protection (Azure ATP). You have an Azure ATP sensor configured as shown in the following exhibit.

How long after the Azure ATP cloud service is updated will the sensor update?

 

1. 20 hours
2. 12 hours
3. 7 hours
4. 48 hours

 

Answer: B

NEW QUESTION 108

You have a Microsoft 365 tenant that contains 100 Windows 10 devices. The devices are managed by using Microsoft Endpoint Manager.

You plan to create two attack surface reduction (ASR) policies named ASR1 and ASR2. ASR1 will be used to configure Microsoft Defender Application Guard. ASR2 will be used to configure Microsoft Defender SmartScreen.

Which ASR profile type should you use for each policy? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Graphical user interface, text, application, chat or text message Description automatically generated Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy

 

NEW QUESTION 109

You have a Microsoft 365 E5 subscription.

You plan to implement Microsoft 365 compliance policies to meet the following requirements:

Identify documents that are stored in Microsoft Teams and SharePoint Online that contain Personally Identifiable Information (PII). Report on shared documents that contain PII. What should you create?

 

1. an alert policy
2. a data loss prevention (DLP) policy
3. a retention policy
4. a Microsoft Cloud App Security policy

 

Answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide

 

NEW QUESTION 110

You have a Microsoft 365 subscription.

 

 

You create a retention label named Retention1 as shown in the following exhibit.

You apply Retention! to all the Microsoft OneDrive content.

On January 1, 2020, a user stores a file named File1 in OneDrive. On January 10, 2020, the user modifies File1. On February 1, 2020, the user deletes File1.

When will File1 be removed permanently and unrecoverable from OneDrive?

 

1. February 1, 2020
2. July 1.2020
3. July 10, 2020
4. August 1, 2020

Answer: B

 

NEW QUESTION 115

 

 

You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.

The device compliance policies in Endpoint Manager are configured as shown in the following table.

 

 

The device compliance policies have the assignments shown in the following table.

For each of the following statements, select Yes if the statement Is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text, application Description automatically generated

NEW QUESTION 117

Your company has a Microsoft 365 E5 subscription. You need to perform the following tasks:

View the Adoption Score of the company. Create a new service request to Microsoft.

Which two options should you use in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Box 1: Reports

View the Adoption Score of the company. How to enable Adoption Score To enable Adoption Score:

Sign in to the Microsoft 365 admin center as a Global Administrator and go to Reports > Adoption Score Select enable Adoption Score. It can take up to 24 hours for insights to become available. Box 2: Support

Create a new service request to Microsoft.

Sign in to Microsoft 365 with your Microsoft 365 admin account, and select Support > New service request. If you're in the admin center, select Support > New service request.

Reference:

https://learn.microsoft.com/en-us/microsoft-365/admin/adoption/adoption-score https://support.microsoft.com/en-us/topic/contact-microsoft-office-support- fd6bb40e-75b7-6f43-d6f9-c13d1085

 

NEW QUESTION 119

You have a Microsoft 365 E5 tenant.

You configure a device compliance policy as shown in the following exhibit.

 

 

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Graphical user interface, text, application, email Description automatically generated Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-android

NEW QUESTION 124

Your network contains three Active Directory forests. There are forests trust relationships between the forests. You create an Azure AD tenant. You plan to sync the on-premises Active Directory to Azure AD.

You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails.

What should you include in the recommendation?

 

1. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode
2. three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode
3. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
4. three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode

Answer: A

Explanation:

Azure AD Connect can be active on only one server. You can install Azure AD Connect on another server for redundancy but the additional installation would need to be in Staging mode. An Azure AD connect installation in Staging mode is configured and ready to go but it needs to be manually switched to Active to perform directory synchronization.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom

NEW QUESTION 127

You have a Microsoft 365 tenant and a LinkedIn company page.

You plan to archive data from the LinkedIn page to Microsoft 365 by using the LinkedIn connector. Where can you store data from the LinkedIn connector?

 

1. a Microsoft OneDrive for Business folder
2. a Microsoft SharePoint Online document library
3. a Microsoft 365 mailbox
4. Azure Files

Answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/archive-linkedin-data?view=o365-worldwide

 

NEW QUESTION 128

 

 

You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You integrate Microsoft Intune and contoso.com as shown in the following exhibit.

You purchase a Windows 10 device named Device1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll

 

NEW QUESTION 129

 

 

You have a Microsoft 365 tenant that contains devices enrolled in Microsoft Intune. The devices are configured as shown in the following table.

You plan to perform the following device management tasks in Microsoft Endpoint Manager: Deploy a VPN connection by using a VPN device configuration profile.

Configure security settings by using an Endpoint Protection device configuration profile. You support the management tasks.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, application Description automatically generated Reference:

https://docs.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configure https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-macos

NEW QUESTION 131

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive. Solution: From the Microsoft Entra admin center, you assign SecAdmin1 the Security Administrator role.

Does this meet the goal?

 

1. Yes
2. No

Answer: A

Explanation:

You need to assign the Security Administrator role. Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp

 

NEW QUESTION 136

 

 

You have a Microsoft 365 tenant that contains the compliance policies shown in the following table.

The tenant contains the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

 

 

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text, application Description automatically generated

 

NEW QUESTION 139

 

 

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You have labels in Microsoft 365 as shown in the following table.

 

 

The content in Microsoft 365 is assigned labels as shown in the following table.

You have labels In Microsoft 365 as shown in the following table.

 

 

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

 

 

1. Mastered
2. 

Not Mastered 

Answer: A 

 

NEW QUESTION 143

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the objects shown in the following table.

 

You configure Azure AD Connect to sync contoso.com to Azure AD. Which objects will sync to Azure AD?

 

1. Group1 only
2. User1 and User2 only
3. Group1 and User1 only
4. Group1, User1, and User2

 

Answer: D

Explanation:

Disabled accounts

Disabled accounts are synchronized as well to Azure AD. Disabled accounts are common to represent resources in Exchange, for example conference rooms. The exception is users with a linked mailbox; as previously mentioned, these will never provision an account to Azure AD.

The assumption is that if a disabled user account is found, then we won't find another active account later and the object is provisioned to Azure AD with the userPrincipalName and sourceAnchor found. In case another active account will join to the same metaverse object, then its userPrincipalName and sourceAnchor will be used.

Reference:

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/concept-azure-ad-connect-sync-user-and

 

NEW QUESTION 146

You have a Microsoft 365 tenant that has Enable Security defaults set to No in Azure Active Directory (Azure AD). The tenant has two Compliance Manager assessments as shown in the following table.

 

 

The SP800 assessment has the improvement actions shown in the following table.

You perform the following actions:

 For the Data Protection Baseline assessment, change the Test status of Establish a threat intelligence program to Implemented.

 Enable multi-factor authentication (MFA) for all users.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text Description automatically generated Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-assessments?view=o365-worl https://docs.microsoft.com/en- us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwid

NEW QUESTION 148

You have a Microsoft 365 tenant.

You plan to implement device configuration profiles in Microsoft Intune. Which platform can you manage by using the profiles?

1. Ubuntu Linux
2. macOS
3. Android Enterprise
4. Windows 8.1

Answer: D

NEW QUESTION 150

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer that runs Windows 10.

You need to verify which version of Windows 10 is installed.

Solution: From the Settings app, you select System, and then you select About to view information about the system. Does this meet the goal?

 

1. Yes
2. No

Answer: A

Explanation:

Reference:

https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628be

 

NEW QUESTION 155

You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com. You create a Microsoft Defender for identity instance Contoso. The tenant contains the users shown in the following table.

You need to modify the configuration of the Defender for identify sensors.

Solutions: You instruct User4 to modify the Defender for identity sensor configuration. Does this meet the goal?

 

1. Yes
2. No

Answer: A

 

NEW QUESTION 158

 

 

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

In Microsoft Endpoint Manager, you have the Policies for Office apps settings shown in the following table.

 

 

The policies use the settings shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text, application Description automatically generated Reference:

https://docs.microsoft.com/en-us/deployoffice/overview-office-cloud-policy-service

 

NEW QUESTION 162

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

You need to identify the settings that are below the Standard protection profile settings in the preset security policies.

 

 

What should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. 

Not Mastered

 Answer: A 

 

 

 

NEW QUESTION 166

You have a Microsoft 365 E5 tenant that has sensitivity label support enabled for Microsoft and SharePoint Online. You need to enable unified labeling for Microsoft 365 groups. Which cmdlet should you run?

 

1. set-unifiedGroup
2. Set-Labelpolicy
3. Execute-AzureAdLebelSync
4. Add-UnifiedGroupLinks

Answer: C

 

NEW QUESTION 171

You have an Azure AD tenant.

You have 1,000 computers that run Windows 10 Pro and are joined to Azure AD. You purchase a Microsoft 365 E3 subscription. You need to deploy Windows 10 Enterprise to the computers. The solution must minimize administrative effort.

What should you do?

 

1. From the Microsoft Endpoinf Manager admin center, create a Windows Autopilot deployment profile.Assign the profile to all the computer
2. Instruct users to restart their computer and perform a network restart.
3. Enroll the computers in Microsoft Intun
4. Create a configuration profile by using the Edition upgrade and mode switch templat
5. From the Microsoft Endpoint Manager admin center, assign the profile to all the computers and instruct users to restart their computer.
6. From Windows Configuration Designer, create a provisioning package that has an EditionUpgrade configuration and upload the package to a Microsoft SharePoint Online sit
7. Instruct users to run the provisioning package from SharePoint Online.
8. From the Azure Active Directory admin center, create a security group that has dynamic device membershi
9. Assign licenses to the group and instruct users to sign in to their computer.

Answer: B

NEW QUESTION 173

 

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

You need to configure an incident email notification rule that will be triggered when an alert occurs only on a Windows 10 device. The solution must minimize administrative effort.

What should you do first?

 

1. From the Microsoft 365 admin center, create a mail-enabled security group.
2. From the Microsoft 365 Defender portal, create a device group.
3. From the Microsoft Endpoint Manager admin center, create a device category.
4. From the Azure Active Directory admin center, create a dynamic device group.

Answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldw https://docs.microsoft.com/en- us/microsoft-365/security/defender-endpoint/configure-email-notifications?view=

NEW QUESTION 175

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1. You need to enable User1 to create Compliance Manager assessments. Solution: From the Microsoft 365 compliance center, you add User1 to the Compliance Manager Assessors role group.

Does this meet the goal?

 

1. Yes
2. No

 

Answer: A

Explanation:

Reference:

https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/office-365-security/pe

NEW QUESTION 179

You have a Microsoft 365 E5 subscription.

You need to compare the current Safe Links configuration to the Microsoft recommended configurations. What should you use?

 

1. Microsoft Purview
2. Azure AD Identity Protection
3. Microsoft Secure Score
4. the configuration analyzer

Answer: C

NEW QUESTION 183

You have a Microsoft 365 E5 subscription.

All company-owned Windows 11 devices are onboarded to Microsoft Defender for Endpoint. You need to configure Defender for Endpoint to meet the following requirements:

 Block a vulnerable app until the app is updated.

 Block an application executable based on a file hash. The solution must minimize administrative effort.

What should you configure for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Box 1: A remediation request

Block a vulnerable app until the app is updated. Block vulnerable applications How to block vulnerable applications

Go to Vulnerability management > Recommendations in the Microsoft 365 Defender portal. Select a security recommendation to see a flyout with more information.

Select Request remediation.

Select whether you want to apply the remediation and mitigation to all device groups or only a few.

Select the remediation options on the Remediation request page. The remediation options are software update, software uninstall, and attention required. Pick a Remediation due date and select Next.

Under Mitigation action, select Block or Warn. Once you submit a mitigation action, it is immediately applied.

Review the selections you made and Submit request. On the final page you can choose to go directly to the remediation page to view the progress of remediation activities and see the list of blocked applications.

Box 2: A file indicator

Block an application executable based on a file hash.

While taking the remediation steps suggested by a security recommendation, security admins with the proper permissions can perform a mitigation action and block vulnerable versions of an application. File indicators of compromise (IOC)s are created for each of the executable files that belong to vulnerable versions of that application. Microsoft Defender Antivirus then enforces blocks on the devices that are in the specified scope.

The option to View details of blocked versions in the Indicator page brings you to the Settings > Endpoints > Indicators page where you can view the file hashes and response actions.

Reference:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-block-vuln-ap

NEW QUESTION 188

You have a Microsoft 365 subscription.

You need to configure a compliance solution that meets the following requirements: Defines sensitive data based on existing data samples Automatically prevents data that matches the samples from being shared externally in Microsoft SharePoint or email messages

Which two components should you configure? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

 

1. a trainable classifier
2. a sensitive info type
3. an insider risk policy
4. an adaptive policy scope
5. a data loss prevention (DLP) policy

Answer: AE

Explanation:

A: Classifiers

This categorization method is well suited to content that isn't easily identified by either the manual or automated pattern-matching methods. This method of categorization is more about using a classifier to identify an item based on what the item is, not by elements that are in the item (pattern matching). A classifier learns how to identify a type of content by looking at hundreds of examples of the content you're interested in identifying.

Where you can use classifiers

Classifiers are available to use as a condition for: Office auto-labeling with sensitivity labels Auto-apply retention label policy based on a condition Communication compliance

Sensitivity labels can use classifiers as conditions, see Apply a sensitivity label to content automatically. Data loss prevention

E: Organizations have sensitive information under their control such as financial data, proprietary data, credit card numbers, health records, or social security numbers. To help protect this sensitive data and reduce risk, they need a way to prevent their users from inappropriately sharing it with people who shouldn't have it. This practice is called data loss prevention (DLP).

Reference:

https://learn.microsoft.com/en-us/microsoft-365/compliance/classifier-learn-about https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp

NEW QUESTION 190

• (Edutechnolab 5)

Your company has multiple offices.

You have a Microsoft 365 E5 tenant that uses Microsoft Intune for device management. Each office has a local administrator. You need to ensure that the local administrators can manage only the devices in their respective office. What should you use?

 

1. scope tags
2. configuration profiles
3. device categories
4. conditional access policies

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/mem/intune/fundamentals/scope-tags

 

NEW QUESTION 193

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1. You need to automatically label the documents on Site1 that contain credit card numbers.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text, application, email Description automatically generated Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide#what-labe https://docs.microsoft.com/en- us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-w

NEW QUESTION 195

You have a Microsoft 365 E5 subscription.

You need to identify which users accessed Microsoft Office 365 from anonymous IP addresses during the last seven days. What should you do?

 

1. From the Cloud App Security admin center, select Users and accounts.
2. From the Microsoft 365 security center, view the Threat tracker.
3. From the Microsoft 365 admin center, view the Security & compliance report.
4. From the Azure Active Directory admin center, view the Risky sign-ins report.

Answer: A

NEW QUESTION 198

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1. Your company purchases a Microsoft 365 subscription. You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Cloud App Security admin center.

Solution: From the Azure Active Directory admin center, you assign the Compliance administrator role to User1. Does this meet the goal?

 

1. Yes
2. No

Answer: A

NEW QUESTION 200

You have a Microsoft 365 E5 subscription that uses Azure Advanced Threat Protection (ATP). You need to create a detection exclusion in Azure ATP. Which tool should you use?

 

1. the Security & Compliance admin center
2. Microsoft Defender Security Center
3. the Microsoft 365 admin center
4. the Azure Advanced Threat Protection portal
5. the Cloud App Security portal

Answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/defender-for-identity/what-is https://docs.microsoft.com/en-us/defender-for-identity/excluding-entities-from-detections

 

NEW QUESTION 203

 

 

You have a Microsoft 365 tenant that contains the groups shown in the following table.

You plan to create a compliance policy named Compliance1.

You need to identify the groups that meet the following requirements:

Can be added to Compliance1 as recipients of noncompliance notifications Can be assigned to Compliance1

To answer, select the appropriate options in the answer area.

 

 

NOTE: Each correct selection is worth one point.

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text, application, chat or text message Description automatically generated Reference:

https://www.itpromentor.com/devices-or-users-when-to-target-which-policy-type-in-microsoft-endpoint-manage

 

NEW QUESTION 207

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

 

 

 

All the devices are onboarded To Microsoft Defender for Endpoint

You plan to use Microsoft Defender Vulnerability Management to meet the following requirements:

•    
  Detect operating system vulnerabilities.

 

1. Mastered
2. Not Mastered 
3. Answer: A 

 

 

 

  

NEW QUESTION 210

You have a Microsoft 365 tenant.

You plan to implement Endpoint Protection device configuration profiles. Which platform can you manage by using the profile?

 

1. Android
2. CentOS Linux
3. iOS
4. Window 10

 

Answer: D

Explanation:

Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-configure

 

NEW QUESTION 212

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it As a result, these questions will not appear in the review screen.

Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.

The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.

You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings. You install the Group Policy Management Console (GPMC) on Server1.

You need to configure the Windows Update for Business Group Policy settings on Server1.

Solution: You raise the domain functional level to Windows Server 2019. You copy the Group Policy Administrative Templates from a Windows 10 computer to the Netlogon share on all the domain controllers.

Does this meet the goal?

 

1. Yes
2. No

 

Answer: B

 

NEW QUESTION 214

You purchase a new computer that has Windows 10, version 2004 preinstalled.

You need to ensure that the computer is up-to-date. The solution must minimize the number of updates installed. What should you do on the computer?

 

1. Install all the feature updates released since version 2004 and all the quality updates released since version 2004 only.
2. install the West feature update and the latest quality update only.
3. install all the feature updates released since version 2004 and the latest quality update only.
4. install the latest feature update and all the quality updates released since version 2004.

 

Answer: B

 

NEW QUESTION 219

You have a Microsoft 365 E5 tenant that contains five devices enrolled in Microsoft Intune as shown in the following table.

 

 

All the devices have an app named App1 installed.

You need to prevent users from copying data from App1 and pasting the data into other apps.

Which policy should you create in Microsoft Endpoint Manager, and what is the minimum number of required policies? To answer, select the appropriate options in the answer area.

 

 

NOTE: Each correct selection is worth one point.

 

1. Mastered
2. Not Mastered

 

Answer: A

Explanation:

Graphical user interface, application, table Description automatically generated Reference:

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy

 

NEW QUESTION 222

You have a Microsoft 365 tenant that contains a Windows 10 device. The device is onboarded to Microsoft Defender for Endpoint. From Microsoft Defender Security Center, you perform a security investigation.

You need to run a PowerShell script on the device to collect forensic information. Which action should you select on the device page?

 

1. Initiate Live Response Session
2. Initiate Automated Investigation
3. Collect investigation package
4. Go hunt

 

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwid

NEW QUESTION 223

You have a Microsoft 365 tenant that contains 1,000 Windows 10 devices. The devices are enrolled in Microsoft Intune. Company policy requires that the devices have the following configurations:

Require complex passwords.

Require the encryption of removable data storage devices. Have Microsoft Defender Antivirus real-time protection enabled.

You need to configure the devices to meet the requirements. What should you use?

 

1. an app configuration policy
2. a compliance policyC a security baseline profile D a conditional access policy

 

Answer: B

Explanation:

Reference:

https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

 

NEW QUESTION 226

You have a Microsoft 365 E5 subscription that contains two users named Admin1 and Admin2. All users are assigned a Microsoft 365 Enterprise E5 license and auditing is turned on.

You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)

 

After Policy1 is created, the following actions are performed: Admin1 creates a user named User1.

Admin2 creates a user named User2.

How long will the audit events for the creation of User1 and User2 be retained? To answer, select the appropriate options in the answer area.

 

 

NOTE: Each correct selection is worth one point.

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-worldwide

 

NEW QUESTION 231

Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD). The domain contains the servers shown in the following table.

 

You use Azure Information Protection.

You need to ensure that you can apply Azure Information Protection labels to the file stores on Server1. Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

 

 

1. Mastered
2. Not Mastered

 

Answer: A

 

Explanation:

Reference:

https://docs.microsoft.com/en-us/azure/information-protection/install-configure-rms-connector https://docs.microsoft.com/en-us/azure/information- protection/configure-servers-rms-connector

NEW QUESTION 232

You have a Microsoft 365 subscription.

You configure a new Azure AD enterprise application named App1. App1 requires that a user be assigned the Reports Reader role. Which type of group should you use to assign the Reports Reader role and to access App1?

 

1. a Microsoft 365 group that has assigned membership
2. a Microsoft 365 group that has dynamic user membership
3. a security group that has assigned membership
4. a security group that has dynamic user membership

Answer: C

Explanation:

To grant permissions to assignees to manage users and group access for a specific enterprise app, go to that app in Azure AD and open in the Roles and Administrators list for that app. Select the new custom role and complete the user or group assignment. The assignees can manage users and group access only for the specific app.

Note: You can add the following types of groups:

Assigned groups - Manually add users or devices into a static group.

Dynamic groups (Requires Azure AD Premium) - Automatically add users or devices to user groups or device groups based on an expression you create. Note:

Security groups

Security groups are used for granting access to Microsoft 365 resources, such as SharePoint. They can make administration easier because you need only administer the group rather than adding users to each resource individually.

Security groups can contain users or devices. Creating a security group for devices can be used with mobile device management services, such as Intune. Security groups can be configured for dynamic membership in Azure Active Directory, allowing group members or devices to be added or removed automatically based on user attributes such as department, location, or title; or device attributes such as operating system version.

Security groups can be added to a team.

Microsoft 365 Groups can't be members of security groups. Microsoft 365 Groups

Microsoft 365 Groups are used for collaboration between users, both inside and outside your company. With each Microsoft 365 Group, members get a group email and shared workspace for conversations, files, and calendar events, Stream, and a Planner.

Reference:

https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-apps https://learn.microsoft.com/en-us/microsoft-365/admin/create- groups/compare-groups? https://learn.microsoft.com/en-us/mem/intune/apps/apps-deploy

 

NEW QUESTION 236

You have a Microsoft 365 E5 tenant that contains the resources shown in the following table.

 

 

To which resources can you apply a sensitivity label by using an auto-labeling policy?

 

1. Mailbox1 and Site1 only
2. Mailbox1, Account1, and Site1 only
3. Account1 and Site1 only
4. Mailbox1, Account1, Site1, and Channel1
5. Account1, Site1, and Channel1 only

 

Answer: E

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

 

NEW QUESTION 240

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a computer that runs Windows 10.

You need to verify which version of Windows 10 is installed. Solution: From Device Manager, you view the computer properties. Does this meet the goal?

 

1. Yes
2. No

 

Answer: B

Explanation:

Reference:

https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628be

 

NEW QUESTION 245

Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains: Contoso.com

East.contoso.com

 

 

The forest contains the users shown in the following table.

The forest syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)

 

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

 

1. Mastered
2. Not Mastered

Answer: A

 

Explanation:

Box 1: Yes

The UPN of user1 is user1@contoso.com so he can authenticate to Azure AD by using the username user1@contoso.com. Box 2: No

The UPN of user2 is user2@east.contoso.com so he cannot authenticate to Azure AD by using the username user2@contoso.com. Box 3: No

The UPN of user3 is user3@fabrikam.com so he cannot authenticate to Azure AD by using the username user3@contoso.com.

 

NEW QUESTION 248

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.

You perform a proof of concept (PoC) deployment of Microsoft Defender for Endpoint for 10 test devices. During the onboarding process, you configure Microsoft Defender for Endpoint-related data to be stored in the United States.

You plan to onboard all the devices to Microsoft Defender for Endpoint. You need to store the Microsoft Defender for Endpoint data in Europe. What should you do first?

 

1. Delete the workspace.
2. Create a workspace.
3. Onboard a new device.
4. Offboard the test devices.

Answer: B

 

NEW QUESTION 261

You have a Microsoft 365 E5 tenant.

You need to ensure that when a document containing a credit card number is added to the tenant, the document is encrypted. Which policy should you use?

 

1. a retention policy
2. a retention label policy
3. an auto-labeling policy
4. an insider risk policy

Answer: C

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-w

 

NEW QUESTION 266

You have a Microsoft 365 E5 tenant.

You have a sensitivity label configured as shown in the Sensitivity label exhibit. (Click the Sensitivity label tab.)

 

 

 

 

You have an auto-labeling policy as shown in the Auto-labeling policy exhibit. (Click the Auto-labeling policy tab.)

A user sends an email that contains the components shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

 

 

1. Mastered
2. Not Mastered

Answer: A

Explanation:

Graphical user interface, text, application Description automatically generated

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-w

 

NEW QUESTION 268

You have a Microsoft 365 E3 subscription that uses Microsoft Defender for Endpoint Plan 1.

Which two Defender for Endpoint features are available to the subscription? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

 

1. advanced hunting
2. security reports
3. digital certificate assessment
4. device discovery
5. attack surface reduction (ASR)

Answer: BE

Explanation:

B: Overview of Microsoft Defender for Endpoint Plan 1, Reporting

The Microsoft 365 Defender portal (https://security.microsoft.com) provides easy access to information about detected threats and actions to address those threats.

The Home page includes cards to show at a glance which users or devices are at risk, how many threats were detected, and what alerts/incidents were created. The Incidents & alerts section lists any incidents that were created as a result of triggered alerts. Alerts and incidents are generated as threats are detected across devices.

The Action center lists remediation actions that were taken. For example, if a file is sent to quarantine, or a URL is blocked, each action is listed in the Action center on the History tab.

The Reports section includes reports that show threats detected and their status. E: What can you expect from Microsoft Defender for Endpoint P1? Microsoft Defender for Endpoint P1 is focused on prevention/EPP including:

Next-generation antimalware that is cloud-based with built-in AI that helps to stop ransomware, known and unknown malware, and other threats in their tracks.

(E) Attack surface reduction capabilities that harden the device, prevent zero days, and offer granular control over access and behaviors on the endpoint. Device based conditional access that offers an additional layer of data protection and breach prevention and enables a Zero Trust approach.

 

 

The below table offers a comparison of capabilities are offered in Plan 1 versus Plan 2.

Incorrect:

Not A: P2 is by far the best fit for enterprises that need an EDR solution including automated investigation and remediation tools, advanced threat prevention and threat and vulnerability management (TVM), and hunting capabilities.

Reference:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1 https://techcommunity.microsoft.com/t5/microsoft-defender- for-endpoint/microsoft-defender-for-endpoint-plan

 

NEW QUESTION 273

Your on-premises network contains an Active Directory domain named Contoso.com and 500 devices that run either macOS, Windows 8.1. Windows 10, or Windows 11. All the devices are managed by using Microsoft Endpoint Configuration Manager. The domain syncs with Azure Active Directory (Azure AD). You plan to implement a Microsoft 365 E5 subscription and enable co-management. Which devices can be co-managed after the implementation?

 

1. Windows 11 and Windows 10 only
2. Windows 11, Windows 10-Windows8.1.andmacOS
3. Windows 11 and macOS only
4. Windows 11 only
5. Windows 11. Windows 10, and Windows8.1 only

Answer: C

NEW QUESTION 276

• (Edutechnolab 5)

You have a Microsoft 365 E5 tenant.

 

 

You create a retention label named Retention1 as shown in the following exhibit.

When users attempt to apply Retention1, the label is unavailable. You need to ensure that Retention1 is available to all the users. What should you do?

 

1. Create a new label policy
2. Modify the Authority type setting for Retention!
3. Modify the Business function/department setting for Retention 1.
4. Use a file plan CSV template to import Retention1

Answer: A

Explanation:

Reference:

https://docs.microsoft.com/en-us/microsoft-365/compliance/create-apply-retention-labels?view=o365-worldwid

---