You work for an organization which is concerned about the cloud-based applications’ security risks. You have an Azure AD Premium tenant for which you decide to enable Azure Active Directory (Azure AD) Identity Protection. If there is a user sign-in risk detected, multi-factor authentication (MFA) should be applied for the user to sign in. You are required to come up with the best way to achieve this goal. Solution: You configure an Intune Compliance policy. Do you think this solution will meet the goal?

You work for an organization which is concerned about the cloud-based applications’ security risks. You have an Azure AD Premium tenant for which you decide to enable Azure Active Directory (Azure AD) Identity Protection. If there is a user sign-in risk detected, multi-factor authentication (MFA) should be applied for the user to sign in. You are required to come up with the best way to achieve this goal. Solution: You configure a Security & Compliance Data Loss Prevention (DLP) policy. Do you think this solution will meet the goal?

You work for an organization that has an on-premises Windows Active Directory domain. Windows 10 or Windows 8.1 is running on client computers on the domain. You are managing client computers using System Center Configuration Manager (Current Branch). Your organization has subscribed to Microsoft 365 E5. Domain client computers are hybrid joined to your Azure Active Directory (Azure AD) tenant. You are required to upgrade Windows 8.1 to Windows 10 in the computers and want the process to be automated. You also want all compatible applications and data to be migrated. Solution: You enable Windows Autopilot. Do you think this solution will meet the goal?

You work for an organization which is concerned about the cloud-based applications’ security risks. You have an Azure AD Premium tenant for which you decide to enable Azure Active Directory (Azure AD) Identity Protection. If there is a user sign-in risk detected, multi-factor authentication (MFA) should be applied for the user to sign in. You are required to come up with the best way to achieve this goal. Solution: You configure an Azure AD Conditional Access policy. Do you think this solution will meet the goal?

You work for an organization that has an on-premises Windows Active Directory domain. Windows 10 or Windows 8.1 is running on client computers on the domain. You are managing client computers using System Center Configuration Manager (Current Branch). Your organization has subscribed to Microsoft 365 E5. Domain client computers are hybrid joined to your Azure Active Directory (Azure AD) tenant. You are required to upgrade Windows 8.1 to Windows 10 in the computers and want the process to be automated. You also want all compatible applications and data to be migrated. Solution: You create a Configuration Manager upgrade package task sequence. Do you think this solution will meet the goal?

You work for an organization that has an on-premises Windows Active Directory domain. Windows 10 or Windows 8.1 is running on client computers on the domain. You are managing client computers using System Center Configuration Manager (Current Branch). Your organization has subscribed to Microsoft 365 E5. Domain client computers are hybrid joined to your Azure Active Directory (Azure AD) tenant. You are required to upgrade Windows 8.1 to Windows 10 in the computers and want the process to be automated. You also want all compatible applications and data to be migrated. Solution: You enable Windows Subscription Activation. Do you think this solution will meet the goal?

You work for an organization whose network is configured as a Windows Active Directory (AD) domain. There are clients on the domain and member servers as well, all hybrid-joined to the Azure Active Directory (Azure AD) domain of the organization. Windows 10 is running on all client computers. Windows Server 2012 R2 or Windows Server 2016 is run on member servers. You configure System Center Configuration Manager (SCCM) and Intune co-management. Windows Defender Advanced Threat Protection (ATP) is implemented by the organization and you are required to onboard all domain clients and member servers. Solution: You download an SCCM onboarding configuration package, configure a device collection with all target devices, and deploy the package. Do you think this solution meets the goal?

You work for an organization whose network is configured as a Windows Active Directory (AD) domain. There are clients on the domain and member servers as well, all hybrid-joined to the Azure Active Directory (Azure AD) domain of the organization. Windows 10 is running on all client computers. Windows Server 2012 R2 or Windows Server 2016 is run on member servers. You configure System Center Configuration Manager (SCCM) and Intune co-management. Windows Defender Advanced Threat Protection (ATP) is implemented by the organization and you are required to onboard all domain clients and member servers. Solution: You download an SCCM onboarding configuration package, configure a device collection with all target devices, and deploy the package. Do you think this solution meets the goal?

You work for an organization whose network is configured as a Windows Active Directory (AD) domain. There are clients on the domain and member servers as well, all hybrid-joined to the Azure Active Directory (Azure AD) domain of the organization. Windows 10 is running on all client computers. Windows Server 2012 R2 or Windows Server 2016 is run on member servers. You configure System Center Configuration Manager (SCCM) and Intune co-management. Windows Defender Advanced Threat Protection (ATP) is implemented by the organization and you are required to onboard all domain clients and member servers. Solution: You download a local script onboarding configuration package and run the script on each of the target computers. Does this solution meet the goal? Do you think this solution meets the goal?

You work for an organization whose network is configured as a Windows Active Directory (AD) domain. There are clients on the domain and member servers as well, all hybrid-joined to the Azure Active Directory (Azure AD) domain of the organization. Windows 10 is running on all client computers. Windows Server 2012 R2 or Windows Server 2016 is run on member servers. You configure System Center Configuration Manager (SCCM) and Intune co-management. Windows Defender Advanced Threat Protection (ATP) is implemented by the organization and you are required to onboard all domain clients and member servers. Solution: You download a local script onboarding configuration package and run the script on each of the target computers. Does this solution meet the goal? Do you think this solution meets the goal?

You work for an organization that has a network configured as an Active Directory Domain Services (AD DS) domain. The organization has an Azure Active Directory (Azure AD) tenant having all domain users synced with it. The organization has subscribed to Microsoft 365 E5 and Exchange Online is deployed. SharePoint Online, and OneDrive Online. The organization decides to improve its data security. You have to make sure these actions are taken when the content is detected to contain customer credit card information: -Email the user saving or emailing the content -Email the company compliance officer about the content -Restrict access to the content until it is reviewed by an administrator The solution should apply to Exchange Online, SharePoint Online, and OneDrive Online. Solution: You create an alert policy in the Security and Compliance Center. Do you think the solution meets the goal?

You work for an organization that has a network configured as an Active Directory Domain Services (AD DS) domain. The organization has an Azure Active Directory (Azure AD) tenant having all domain users synced with it. The organization has subscribed to Microsoft 365 E5 and Exchange Online is deployed. SharePoint Online, and OneDrive Online. The organization decides to improve its data security. You have to make sure these actions are taken when the content is detected to contain customer credit card information: -Email the user saving or emailing the content -Email the company compliance officer about the content -Restrict access to the content until it is reviewed by an administrator The solution should apply to Exchange Online, SharePoint Online, and OneDrive Online. Solution: You create a data loss prevention (DLP) policy in the Security and Compliance Center. Do you think the solution meets the goal?

The organization you work for has subscribed to a Microsoft 365 E3 subscription. a Microsoft 365 E3 license is assigned to all users. Three Microsoft software are deployed including Exchange Online, SharePoint Online, and Microsoft Teams. auditing for your organization has been enabled by you in the Security & Compliance Center. You need to get the Exchange Online mailboxes for selected users audited. What would be you?

Your organization has a network that is configured as an Active Directory Domain Services (AD DS) domain. Your have an Azure Active Directory (Azure AD) tenant that has all the domain users synched. The organization has subscribed to a Microsoft Enterprise Mobility + Security (EMS) E3 subscription. Azure Information Protection (AIP) is implemented and Azure Rights Management is used by the organization. You configure on-premises Information Rights Management (IRM). You realize that Exchange Online is not currently integrated with AIP. What step would you take if you want to configure IRM integration with Exchange Online?

Your organization has a network that is configured as an Active Directory Domain Services (AD DS) domain. The organization has an Azure Active Directory (Azure AD) tenant that has all domain users synced with it. The organization has subscribed to Microsoft 365 E5. Azure Information Protection (AIP) is implemented and Azure Rights Management is used by the organization. You configure on-premises Information Rights Management (IRM). What step would you take if you want to configure IRM integration with SharePoint Online?

The company you work for has company1.com as a Windows Active Directory (AD) domain. The domain is synced with an Azure Active Directory (Azure AD) tenant. The company has subscribed to Microsoft 365. Exchange Online is deployed for emails of your company. An email retention policy is applied in your organization according to which emails in all users’ mailboxes are saved for five years. Legislative hold is applied on selected user mailboxes but a hold duration is not specified. Can you identify from the options below which one defines what will happen when a held mailbox is deleted?

Your company has a network that is configured as a Windows Active Directory (AD) domain. The company has licenses for Enterprise Mobility and Security 5 (EMS E5). There are several domain member computers in the network. All the domain members are hybrid-joined to Azure Active Directory (Azure AD). An Azure Advanced Threat Protection (ATP) instance is created using the default settings in Azure ATP portal. You are required to collect domain controller traffic data and forward it to Azure ATP via single location. What would you install?

There is a school called SchoolA with almost 5,000 students, teachers and other working staff. All these people who are part of the school are licensed for Microsoft 365 A3. It is decided to implement a new Cloud App security policy through which Office 365 sign-in activity can be monitored. Identify the policy you need to configure if you are required to enable app control for Office 365.

Your organization has subscribed to Microsoft 365. The organization has an Azure Active Directory (Azure AD) domain. The domain is hybrid-joined to a Windows Active Directory (AD) domain. Retention policy is being implemented by the organization to meet legal and corporate policy requirements. Azure AD RetSec group has members having rights to publish retention labels through Security and Compliance. You need to add RetSec to the role group that will give them the necessary rights. The soluiton you suggest must use the principle of least privilege. Identify to which group would you add RetSec?

Your organization has a network that is configured as an Active Directory Domain Services (AD DS) domain. The organization also has an Azure Active Directory (Azure AD) tenant with the domain users on all synced with it. The organization has subscribed to Microsoft 365 E5. Azure AD Identity Protection (AIP) is enabled for your company. Sign-in risk policies are also configured for the company. You are concerned about how quickly risk information is reported. You have to know the types of risk events that have a reporting latency of 10 minutes or less. Can you identify this from the following options? (opt any TWO)

You work for an organization that has a Microsoft 365 E3 subscription. All users are licensed with a Microsoft 365 E3 license. You deploy three MS software including Exchange Online, SharePoint Online, and Microsoft Teams. Your company is enabled to be audited in the Security & Compliance Center. You come to know that audit has not been performed on site-specific SharePoint items and so you need to configure audit for site-specific items. What would you use?

Your company has a network that is configured as a Windows Active Directory (AD) domain. Member servers and domain clients are all hybrid-joined to your Azure Active Directory (Azure AD) domain. Windows 8.1 or Windows 10 is run by the domain clients. Windows Defender Advanced Threat Protection (ATP) is implemented by your company and all the domain client computers are onboarded. Your company plans to decommission all computers running Windows 8.1. Using Defender ATP, you offboard the computers. You need to determine how long data collected from the offloaded computers will be available. Default values are set on Retention settings. How long are collected data and referenced alerts retained?

Your organization has an Active Directory Domain Services (AD DS) domain and an Azure Active Directory (Azure AD) tenant with all domain users synced with it. The organization has subscribed to a Microsoft 365 E5 subscription. You are required to migrate your company email to Exchange Online. Azure Information Protection (AIP) is used by your organization. When AIP is set up, Azure Rights Management was activated by default. You want to integrate AIP with your on-premises SharePoint and Windows file server resources. To support the integration, you decide to configure your infrastructure. Which of the following options would you deploy?

You work for an organization that has a Windows Active Directory (AD) domain with all domain devices hybrid-joined to Azure Active Directory (Azure AD). The organization has subscribed to a Microsoft 365 subscription. It is planned by the organization to gradually deploy Azure Information Protection (AIP) which will have a pilot rollout for a specific user group. You should have only members of the AIPPilot group to be using AIP to protect content. Mobile devices and Windows domain clients must both have this applied. Identify the PowerShell cmdlet or feature you must use.

Your company’s network has a Windows Active Directory (AD) domain. Your company is licensed with Enterprise Mobility + Security 5 (EMS E5). There are domain member computers hybrid-joined to Azure Active Directory (Azure AD) and are enrolled in Intune. System Center Configuration Manager (SCCM) client is run by all member computers. For the data collected from on-premises AD, Azure Advanced Threat Protection (ATP) is decided to be used so it can identify, detect, and investigate threats. You are required to establish a deployment plan and as a first step you create an ATP instance. Identify the next step you would take.