81. You are configuring Conditional Access App Control (CAAC) for SharePoint Online to prevent printing and downloading of content when the Sire IS accessed from unmanaged devices. You stat by configuring the appropriate conditional access policy in Azure Active Directory You also need to configure the correct policy in Microsoft Cloud App Security
Which CAS pol cy do you create?
a. Activity policy
b. File policy
c. Access pol cy
d. Session policy
Answer: D
Reference
https //docs microsoftcom/en-us/cloud-app-security/session-pol cy aad
https //docs microsoftcom/en-us/cloud-app-security/proxy deployment-aad
83. You are implementing MCAS (Microsoft Cloud App Security)
Which of the following data sources can be used for discovery of Shadow (Choose three )
a Log collector
b Data Gateway
c Secure Web Gateway
d Defender ATP
e Azure Sentinel
Answer: A, C, D
Explanation:
MCAS integrates with Zscaler and iboss Via secure web gateway
Data gateway is used by Azure data solutions like Power BI to get data from on-premises data sources
Azure Sentinel is Microsoft's SIEM/SOAR solution and not a data source for MCAS MCAS IS a data source for Sentinel though
Reference
https //docs microsoftcom/en-us/cloud-app-security/set-up-cloud-dlscovery
84. How long are messages sent to Office 365 Quarantine retained before being purged?
a 15 days
b 30 days
c go days
d 24 hours
e 48 hours
Answer: B
Reference
https //docs cy sett ngs
85. Which of the following tools will you use to manage regulatory compliance within the shared responsibility model of the cloud?
a. Service Trust Portal
b Compliance Manager
c Trust Center
d Azure Security Center
e Microsoft Compliance Portal
Answer: B
Explanation:
Both the compliance manager and the trust cent r are components of the service trust portal
Each of them have a different purpose
See the document link for details
86. You have an M365 subscription and you are using Azure Information Protection to classify, label and protect documents in your organization Your on-premises Active Directory IS being synced to Azure AD You have both on-premises
groups and Azure AD groups You want to assign your policy to these groups
What are the requirements for these groups to be selected for AIP assignment? (Choose all that apply )
a The AD groups must have email addresses assigned
b The AAD groups must have email addresses assigned
c The AD groups can be universal
d The AD groups can be domain local
e The AAD groups can be 0365 groups
f The AAD groups can be security groups
Answer: A, B, C, D, E
Explanation:
Any group type is fine as long as It IS synced from AD and it contains an email address
AAD security groups dont have email addresses assigned, hence cant be used for AIP assignment
Reference
https //docs mi crosoftcom/en-us/azure/i nformati on-protecti on/prepare#azure-i nformati on-protecti on-requi rements-for-group-accoun
87. You are the security administrator of your organizations M365 environment You have configured 0365-ATP safe attachments policy with dynamic delivery. Your users complain that the system takes too ong to scan and deliver attachments after messages have been delivered. You dont want to reduce your security posture. Which course of action should you take?
a Log a support ticket with Microsoft
b Change the safe attachments policy to Monitor
c Change the safe attachments policy to Replace
d Change the safe attachments pol cy to Off
e Sell the company's admin credentials at an underground web site and resign
Answer: C
Reference
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-attachments-poIicies#step-3-Iearn-about-atp-safe-attachments-poI cy options
88. You assign the Security Reader role to userl using the M365 admin portal. You want to verify what permssyons user1 has. Where do you go to look?
a Roles and administrators from AAD in the Azure portal
b Azure AD Roles from PIM in the Azure portal
c Identity protection from AAD in the Azure portal
d Manage roles from M365 admin portal
e Manage groups from the M365 admin portal
f Conditional access from AAD in the Azure portal
Answer: A
Explanation:
The only place where you can see details about permissions for a role (built-in or custom) is in AAD roles and administrators
All the other options are actual places where you can go, but none other than Roles and administrators in AAD can you see the deta ed permissions
You can also see detailed permissions in the documentation about roles
AAD Roles and Administrators is also the only place where you can create a custom role
Reference
https //docs microsoftcom/en-us/azure/role-based-access-control/custom-roles-poltal
89. Which of the fol owing role assignments can approve a valid Azure Privileged Identity Management request? (Choose two )
a Global administrator
b Privileged Role Administrator
c Security Administrator
d Privileged Authentication Administrator
e Owner
Answer: A, B
Explanation:
Only Global Administrator and Privileged Role Administrator can approve PIM requests
Privileged authentication administrator is not a PIM-reIated role
The Azure resource role of Owner can not approve PIM requests
Reference
https //docs microsoftcom/en-us/azure/actlve-dlrectory/pnvlleged-identity-management/azure-ad-pim-approval-workflow
https //docs microsoftcom/en-us/azure/actlve-directory/users-groups-roles/directory-assign-admin-roles
90. Which of the fol owing threat protection components are offered by Windows 10? (Choose all that apply )
a Device Guard
b App Locker
c Secure Boot
d Credential Guard
e Controlled Folder Access
f Azure Information Protection
g 0365 ATP
h Azure ATP
Answer: A, B, C, D, E
Reference
https //docs microsoftcom/en-us/intune/endpoint-protection-windows- 10
91. You are a junior security administrator for your organization's M365 implementation. All users are assigned a M365-E5 license and your senior colleagues have deployed full-stack ATP. You are requested to present a repot on malware detected in email every Monday at your company's internal security meeting . Your current role does not afford you global administrator privileges and your organization has a strict least privilege policy.
You need security administrator privilege in order to access repots in the Security & Compliance Center.
a. Leave unchanged
b Security Reader
c reviewer
d Supervisory Review
Answer: B
Reference
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/create-a-scheduIe-for-a-rep01tQview 0365-worldwlde#create-a-schedule-for-a-repolt
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compIiance-cente Q','lew 0365-worldwlde
In the Security & Compliance Center, go to Repots > Dashboard
a Leave unchanged
b Repots > Manage schedules
c Repots > Repots for download
d Home > Microsoft Secure Score
Answer: A
Reference
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/create-a-scheduIe-for-a-rep01tQview 0365-worldwlde#create-a-schedule-for-a-repolt
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compIiance-centerQvIew 0365-worldwlde
93. You have the fol owing 0365 DLP rules defined in priority order You have a file that is uploaded to OneDrive that matches all of the rules in the list below
Rule 1 only notifies users, POI cy 1
Rule 2 notifies users, restricts access, and allows user overrides, pol cy tip 2
Rule 3 notifies users, restricts access, and does not allow user overrides, pol cy 3
Rule 4 only notifies users, policy tip 4
Rule 5 restricts access, policy tip 5
Rule 6 notifies users, restricts access, and does not allow user overrides, pol cy 6
What is the effective pol cy tip that WI be displayed?
a Policy 1
b Policy IP2
c Policy tip 3
d Policy tip 4
e Policy
f Policy tip 6
Answer: C
Explanation:
Most restrictive, pol cy tip from the most restrictive, highest priority (0 IS a higher priority than g) IS shown
Reference
https //docs microsoftcom/en-us/microsoft-365/compIiance/data- oss-prevention-poIIaesQvIew 0365-worldwlde#the-pnorlty-by which-rules-are-processed
94. You are configuring RBAC in Azure You need to give a user named Ted contributor access to the Marketing resource group Match the RBAC property with the details in the scenario.
What does Contributor represent in the RBAC configuration?
a Role definition
b Security principle
c Role assignment
d Scope
Answer: A
Explanation:
The security principle, role definition and scope together make up a role assignment
Although it is technical y correct that the security principle Ted IS part of a role definition, in this case it is more accurate that Ted is the security principle The same goes for the role definition and scope
Reference
https //docs microsoftcom/en-za/azure/role-based-access-control/role-definitions
What does Ted represent in the RBAC configuration?
Answer: B Security Principle
What does Marketing represent in the RBAC configuration?
Answer: D Scope
95. Which of the fol owing Windows 10 Enterprise features provides biometric identity access control?
a Windows Hello
b Credential Guard
c Device Guard
d Defender Antivirus
e Defender ATP
Answer: A
Reference
https //docs microsoftcom/en-us/windows/security/
https //docs microsoftcom/en-us/windows/security/identity-protectlon/hello-for-business/hello-ovemew
97. You are a junior security administrator for your organization's M365 implementation All users are assigned a M365-E5 license and your senior colleagues have deployed full-stack ATP You are requested to present a repot on malware detected in email every Monday at your company's internal security meeting Your current role does not afford you global administrator privileges and your organization has a strict least privilege pol cy
In the Security & Compliance Center, you navigate to the appropriate screen and choose Create schedule
a Leave unchanged
b Malware detected in email
c Metrics and trends
d Office 365 ATP
Answer: B
Reference
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/create-a-scheduIe-for-a-rep01tQview 0365-worldwlde#create-a-schedule-for-a-repolt
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compIiance-centerQvIew 0365-worldwlde
98. The exhibit shows the O365 Security & Compliance Centre Interface;
Alerts
Permissions
Classification
Data lost prevention
Records Management
Information Goverance
Supervision
Threat management
Mail Flow
Data Privacy
Search
Ediscovery
Reports
Where would you configure data retention labels?
a Data loss prevention
b Records management
c Information governance
d Data privacy
e Search
f eDiscovery
g Classification
Answer: G
99. Which of the fol owing types of groups can you assign an AIP policy too (Choose three )
a Office 365
b Distribution
c Security
d Mail-enabled security
Answer: A, B, D
Explanation:
You can assign a AIP policy to any group that has an email address Security groups dont have email addresses
100. You configure Azure Information Protection (AIP) for your organization. You have deployed the unified labelling client to your endpoints, who all run Windows 10 Your users have been using AIP for a few months, but your organization's privacy department have decided to change their classification naming convention and as a result you also had to change one of your AIP label's name, but no other settings had changed
You notice that the updated label has not yet synchronized to your local machine. You want to stat testing the updated label. What PowerShell cmdlet can you run in order to reset the settings of your locally installed AIP client?
a Get-AlpServiceTempIate
b Add-AlpServiceTempIate
c clear-AipAuthentication
d Connect-AlpSemce
Answer: C
Reference
https //docs microsoftcom/en-us/azure/information-protection/administer-powershell
https //docs microsoftcom/en-us/povvershell/module/azureinformationprotectlon/clear-aipauthenticationoview azureipps
101. You are configuring a Windows Server 2016 server in your environment that Will be a domain controller You want to enable the following security products on the new server:
• Azure ATP
• Defender ATP
• Azure Sentinel
Which of the following will you download and install on the server? Each answer IS part of the complete solution (Choose two )
a Microsoft Management Agent
b Local script
c Sensor setup package
d Azure Management Agent
Answer: A, C
Explanation:
Sentinel is not officially part of the curriculum, but in this context IS synonymous with Azure Log Analytics that is part of the curriculum
You need a sensor download for Azure ATP and you need MMA for Sentinel and Defender ATP No such thing as Azure Management Agent
You could also use Azure Security Console to onboard Windows Server 2016 — this also just installs MMA
You would need a local script if you had a Windows Server 2019 — just like With WIO
Reference
https //docs mi crosoftcom/en-us/wi ndows/security/threat-protecti on/mi crosoft-defender-atp/confi gure-server-endpoi nts#i nstall-and-confi gure-mi crosoft-monitori ng-agent-mma-to-repoft-sensor-data-to-mi crosoft-defender-atp
https //docs microsoftcom/en-us/azure-advanced-threat-protection/instaII-atp-step4
https //docs microsoftcom/en-us/azure/sentinel/connect-windows-security-events
Which of the following items will you require for the configuration on the server? (Choose all that apply )
a Workspace ID from Azure ATP console
b Workspace key from Azure ATP console
c Workspace ID from Defender ATP console
d Workspace key from Defender ATP console
e Workspace ID from Sentinel console
f Workspace key from Sentinel console
Answer: B, C, D, E, F
Explanation:
Sentinel is not officially part of the curriculum, but in this context IS synonymous with Azure Log Analytics that is part of the curriculum
You need a sensor download for Azure ATP and you need MMA for Sentinel and Defender ATP No such thing as Azure Management Agent
You could also use Azure Security Console to onboard Windows Server 2016 — this also just installs MMA
You would need a local script if you had a Windows Server 2019 — just like With W 10
How will you configure the Microsoft Management Agent on the server? (Choose all that apply )
A Workspace ID from Azure ATP console
B Workspace key from Azure ATP console
C Workspace ID from Defender ATP console
D Workspace key from Defender ATP console
E Workspace ID from Sentinel console
F Workspace key from Sentinel console
Answer: C, D, E, F
Explanation:
MMA needs the workspace ID and key for each of the environments you want to connect to
Defender ATP and Sentinel in this case
102. Which of the fol owing would you create in order to prevent deletion of all mailbox content in the course of a compliance investigation?
a eDiscovery
b Litigation hold
c Retention label and pol cy
d Preservation hold library
Answer: B
Explanation:
litigation hold prevents deletion
Having and applying retention labels (and pol cy) doesnt prevent deletion of data
Content with retention labels that are deleted are placed in the preservation hold library
eDiscovery IS the tool that you'll use in the course of an investigation to find retained (and/or deleted content)
Reference
https //docs microsoftcom/en-za/microsoft-365/compIiance/create-a-Iitigation-hoId
103. In 0365 ATP Safe Attachments, what happens when you select Dynamic Delivery?
a The message IS delivered, but attachments containing malware IS blocked
b The message is not delivered until attachments have been confirmed safe
c The message IS delivered, but attachments containing malware IS replaced by a message informing the user that the missing attachment contained malware and was blocked
d The message and attachments are quarantined if malware IS detected in any of the attachments
e The message is delivered without attachment• When the attachments are confirmed safe, the message is updated with the attachments
Answer: E
Reference
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/dynamic-deIivery and-previewing
104. You have to review messages that have been quarantined byyour organization's 0365 ATP security
Where would you go to do this?
a Protection office com, threat management, review, quarantine
b Securitycenter windows corn, incidents, filter detection sources to Office ATP
c Portal cloudappsecurity corn, investigate, files, filter app o Microsoft Exchange On
d Use the Preview-QuarantineMessage PowerShell cmdlet
Answer: A
Explanation:
You should use the 0365 Security & Compliance Center to review quarantined messages
You could also use Get-QuarintineMessage PowerShell cmdlet or if you know the ID of the quarantined message you want to view you can use Preview-QuarantineMessage, but the latter doesnt work for 0365 ATP as per the documentation below
Reference
https //docs microsoftcom/en-za/microsoft-365/security/office-365-security/manage-quarantined-messages-and-fiIes#v ew-your-organizations-quarantined-messages
105. You have a M365-E5 subscription You have deployed Microsoft Defender ATP You want to run a phishing campaign in your organization using the Attack Simulator.
Which of the following options must you do?
a Switch on Microsoft Cloud App Security in Defender ATP settings
b Switch on Office 365 Threat Intelligence connection in Defender ATP settings
c Enable your account for MFA
d Deploy and configure Microsoft Cloud App Security
e Create a user account from where attack simulator Will send out the phishing emails
Answer: C
Explanation:
If you want to use the attach sim, you must have your account MFAed All the other options are optional or not relevant
Reference
https //docs microsoftcom/en-us/mcrosoft-365/security/office-365-security/attack-simuIatorQvIew 0365-worldwlde#what-do-you-need-to-know-before-you-begin
106. Your organization has decided that user's personal mobile devices are not to be enrolled or managed byyour organization's Intune Mobile Device Management (MDM) solution Furthermore, your organization requires you to protect organization's data, including data on users' personal mobile devices
Which of the following is the best course of action in this scenario?
a Deploy Azure Information Protection (AIP) to classify, label and protect corporate data on users' devices
b Deploy Azure Active Directory Identity Protection to provide access control to corporate data on users' devices
c Enroll devices in Intune MDM and deploy device configuration policies to protect corporate data on users' devices
d Deploy Intune Mobile Application Management policies to protect corporate data on users' devices
e None of the options meet the object ves
Answer: D
Explanation:
You need MAM WE policies to control and protect corporate data on users' mobile devices MAM does not require MDM enrolment
Reference
https //docs microsoftcom/en-us/mem/intune/apps/app-management
107. Which of the fol owing components are required for Azure AD Hybrid Identity with Password Hash Sync? (Choose two )
A Azure AD Connect
b Federation Proxy
c Federation Server
d Authentication Agent
e Active Directory
Answer: A, E
Reference
https //docs microsoftcom/en-za/azure/security/fundamentals/choose-ad-authn
108 Where do you configure WI 0 telemetry settings in Intune?
a Device configuration profile Device restrictions
b Endpoint security Security baselines
c Compliance pol cy Conditional access
d Device configuration profile Endpoint protection
Answer: A
Reference
https //docs mi crosoftcom/en-us/mem/i ntune/confi gurati ce-restri cti ons-wi ndows- 1 0
109. Your organization has AD DS and on premises Exchange server Users og in using their email addresses
Their email addresses are standardized using the following naming convention firstname surname@contoso com You are
performing a cloud migration of your users to M365 As one of your initial steps of the migration you are configuring AAD Connect in line with the deta ed planning you've already completed
Which of the fol owing must you do in preparation for the deployment of AAD Connect? (Choose all that app y )
a Perform a domain registration on Azure AD
b Run the DAX tool
c Prepare the AD Connect server
d Assign user licenses
e Obtain AAD global administrator account
f Obtain AD enterprise administrator account
Answer: A, B, C, E, F
Explanation:
Azure AD Connect doesnt require any user license assignment Technically, users are licensed with Azure AD free edition
Reference
https //docs microsoftcom/en-za/azure/active-directory/hybrid/how to-connect-install-prerequisites
110. You have a multi-domayn single-forest Active Directory that contains 100 users 10 of your users belong to the Executives group You have a M365-E5 subscription and would like to synchronize your on-premises identities with Azure AD. You have to minimize costs and administrative effort.
You install AD Connect using express settings and successfully complete a full synchronization of all 100 user accounts. Subsequently, you configure a filter in AD Connect to only synchronize members of the Execut ves group. What happens to the accounts in Azure AD that was synchronized before you applied the filer?
a The Azure AD user accounts in the Executives group are deleted
b The Azure AD user accounts that are not in the Executives group are deleted
c The Azure AD user accounts that are not in the Executives group are retained, but no longer synchronized
d The AD user accounts that are not in the Executives group are deleted
Answer: B
Explanation:
Careful of the difference between AD (referring to the on premises AD) and Azure AD (the cloud AD) in th
e exam
Reference
https //docs microsoftcom/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering
After installing AD Connect using express settings, you successfully complete a full synchronization of all 100 user accounts Your users 0365 services including extensive use of OneDrive for about a month
You configure a filter in AD Connect to only synchronize members of the Execut ves group You discover after your configuration that all user accounts (other than members of the Execut ves group) have been deleted along with OneDrive data
How do you recover the user accounts and restore the data of the deleted user accounts?
a Resynchronize the user accounts to Azure AD by removing the filter condition from AD Connect User data is automatically restored
b You can only restore the user accounts using the 0365 admin center Restore user data using PowerShell
c You can only restore the user accounts using PowerShell Restore user data using PowerShell
d Stop synchronization by uninstalling AD Connect Delete all user accounts in Azure AD Reinstall AD Connect and configure the appropriate filter conditions Restore user data using PowerShell
Answer: A
Reference
https //docs microsoftcom/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering
111. You are configuring Intune device configuration profiles You need to adjust the BitLocker settings
Which profile type would you configure?
a Device restrictions
b Endpoint protection
c Microsoft Defender ATP (Windows 10 Desktop)
d Custom
Answer: B
Reference
https //docs microsoftcom/en-us/mem/intune/protect/endpoint-protectlon-configure
112. You've deployed WIP in silent mode, what is the user experience?
a Sensitive content is blocked without user intervention
b User IS warned not to share sensitive data, but can override the warning
c User IS warned not to share sensitive data, and the action is blocked
d Sensitive data is not blocked
Answer: D
Explanation:
The modes are block, allow overrides, silent and off Silent mode is a monitoring-only mode
Reference
https //docs mi crosoftcom/en-us/wi ndovvs/security/i nformati on-protecti on/wi ndows-i nformati on-protecti on/protect-enterpri se-data-usi ng-WI p-protecti on-modes
113. Your organization has a single-domain, single-forest Active Directory You have installed Azure AD Connect with express settings You need a new group that you want to use to manage access to a cloud application you have registered with Azure Active Directory. Where would you create the group from?
a M365 Admin Center
b Azure AD Admin Center
c Active Directory Users and Computers
d Any of the above
e None of the above
Answer: D
Explanation:
Using express settings on AD Connect will sync users and certain groups (and other things) from on-premises to Azure AD Creating the group on the on-premises AD will work, since it be synchronized to the cloud. Creating the group in the cloud native y or from either the M365 or Azure AD admin centers Will also work
Reference
https //docs microsoftcom/en-us/azure/active-directory/hybrid/concept-azure-ad-connect-sync-default-configuration#group-out-of-box-rules
114. Your organization strictly follows the principle of least privilege
Which of the following roles do you require in order to implement privileged identity management?
a Global Administrator
b Azure Subscription Owner
c Azure Subscription Contributor
d Security Administrator
e Privileged Role Administrator
Answer: A
Explanation:
You must be a Global Administrator to implement (opt-in to) PIM for the first time
Once you implemented PIM, you can change role eligibility assignments using Privileged Role Administrator
Security Administrator cannot manage Azure AD role assignments or settings
Reference
https //docs microsoftcom/en-us/azure/act ve-dlrectory/users-groups-roles/dlrectory-assign-admin-roles#security-administrator
https //docs microsoftcom/en-us/azure/act ve-directory/privileged-identity-management/pim-configure#vwho-can-do-what
https //docs microsoftcom/en-us/azure/act ve-dlrec ory/pnvlleged-identity-management/pim-getting-stafted#enable-pim
115. You are the administrator of your organization's Office 365 ATP anti-phishing policies
What is the default location for delivering email messages identified as phishing?
a Phishing emails are blocked (deleted)
b Phishing emails are delivered to users' inbox
c Phishing emails are delivered to 0365 quarantine
d Phishing emails are delivered to users' junk email folder
Answer: D
Reference
https //docs mi crosoftcom/en-us/mi crosoft-365/security/offi ce-365-security/set-up-anti-phi shi ng-poli ci esQvi ew=0365-worIdwi de#i mpersonati on-setti ngs-i n-atp-anti-phi shi ng-poll es
116. You have implemented Azure AD Connect for your organization You have made some changes to user accounts in your local Active Directory and notice that these changes have not yet synchronized to Azure
What is the PS command to force an Azure AD Connect sync?
a Start-ADSyncSyncCycIe -PolicyType Delta
b Stan-ADSyncSyncCycIe -PolicyType Initial
c Get-ADSyncScheduIer
d Set-MsoIDirSyncFeature -Feature SynchronizeUpnForManagedUsers -Enable $true
Answer: A
Reference
https //techcommunity microsoftcomft5/itops-taIk-bIog/powersheII-basIcs-how-to-force-azuread-connect-to-sync/ba-p/88 7043
https //docs microsoftcom/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis
https //docs microsoftcom/en-us/azure/active-directory/hybrid/how-to-connect-syncsemce-features
117. What license do you require to enable password writeback in Azure AD Connect? You must minimize costs
a M365 E5
b M365 E3
c EMS E5
d EMS-E3
e 0365-E3
f 0365-E5
g Azure AD Premium Pl
h Azure AD Premium P2
Answer: G
Explanation:
You need at a minimum Azure AD Premium Pl AAD-PI is also included in EMS-E3 and M365-E3, but n tin
0 0365
Reference
https //docs microsoftcom/en-us/azure/actlve-dlrectory/authentication/concept-sspr-writeback#licensing-requirements-for-password-writeback
118. Your organization uses SharePoint Online to share files with internal team members as well as occasionally share files With external users Your CISO IS concerned that users in the Retail department is could potentially share files that contain credit card numbers with external recipients from their SharePoint online Site You are tasked to remove external sharing for files where this is already happening, and also prevent it from happening in future You decide to use Microsoft Cloud App Security to accomplish the task
Which section of the pol cy would you use to configure only files that contain credit card numbers should be matched with this pol cyQ
a Create a filter
b Apply to
c Inspection method
d Governance actions
Answer: C
Explanation:
119. Which AD Connect-related PowerShell cmdlet causes an immediate full directory synchronization?
a Stan-AdSynchronization -Now
b Stan-AdSynchronization -Immediate
c Stan-AdSyncSyncCycIe -PolicyType Delta
d Start-AdSyncSyncCycIe -PolicyType Initial
Answer: D
Reference
https //docs microsoftcom/en-us/azure/active-directory/hvbrid/how-to-connect-sync-feature-scheduler
120. You are investigating an incident reported by a user where several files were deleted from his shared OneDrive folders. You need to find out who deleted the files. Which is the most appropriate course of action?
a From the OneDrive admin center, open Storage
b From Security and Compliance Center, open eDiscovery
c From Security and Compliance Center, open Content search
d From Security and Compliance Center, open
e From MCAS (Microsoft Cloud App security), open activity' log
Answer: E
Reference
https //docs microsoftcom/en-us/cloud-app-security/act vity-filters
121. Which of the following classl Ication labels are configurable in 03650 (Choose two )
a Encryption label
b Protection label
c Sensitivity' label
d Compliance label
e Retention label
Policy label
Answer: C, E
122. When you enable in-place archiving for a user's mailbox In 0365, which of the fol owing will happen for the user's mailbox?
a When the user's mailbox exceeds the maximum mailbox Size by 50%, Outlook will prompt the user to move email to the archive mailbox
b When the user's mailbox exceeds the maximum mailbox Size by 20%, Outlook will prompt the user to move email to the archive mailbox
c All email older than 2 years will be immediately moved to the archive mailbox
d All email older than 3 years will be immediately moved to the archive mailbox
Answer: C
Reference
https //docs microsoftcom/en-us/microsoft-365/compIiance/enabIe-archive-maiIboxes
124. Which three technologies is used by 0365 ATP to implement anti-spoof ngQ (Choose three )
a. SPF
b DKIM
c DMARC
d DNSSEC
e Azure Information Protection
Answer: A, B, C
Reference
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/anti-spoofing-protectIon
125. Which of these are components provisioned during an Azure ATP installation? (Choose three )
a portal
b Sensor
c Cloud service
d Appliance
e Agent
Answer: A, B, C
Reference
https //docs microsoftcom/en-us/azure-advanced-threat-protection/atp architecture
126. Your company's head of Security has instructed you to put a continual privileged access review system in place He requires that all privileged accounts be reviewed every seven days Users with administrative privileges must self-assess their access, however, if an administrator doesnt respond within three days of receiving such a request privileged access must be removed.
What tool WI you use to implement his requirements?
a Azure Active Directory
b Azure AD Privileged Identity' Management
c Identity Governance
d Act Vlty og
Answer: B
Explanation:
Access review for Azure AD roles (I ke Global Administrator or other privileged role) IS configured under Azure AD Privileged Identity Management
Reference
https //docs microsoftcom/en-us/azure/active-directory/privileged-identity-management/pim-hovv-to-pefform-security-revlew
What would you select for the "If reviewers dont respond" option?
a No change
b Remove access
c Approve access
d Take recommendations
Answer: B
Explanation:
Remove access is the option required by the question However, you could also select take recommendations which allows
Reference
https //docs microsoftcom/en-us/azure/active-directory/privileged-identity-management/pim-hovv-to-staft-security-revlew
he system to decide to remove or approve access based on past behavior
127. A user phones to complain that his browser is not allowing him to visit a URL that is normally used for business saying that " This website was blocked by your Office 365 Aadministrator" as in the exhibit.
You know that your M365 security policies was recently updated
Where would you stat your investigation?
a Microsoft Defender ATP
b Azure ATP
C Office ATP
D Microsoft Secure Score
Answer: C
Explanation:
UR blocking is part of 0365 ATP Safe Links
Reference
https //docs microsoftcom/en-us/microsoft-365/security/office-365-security/atp-safe-Iinks-warning-pages
128. What is the maximum number of days you can allow users to remember their MFA sessions?
15 days
30 days
c 60 days
120 days
Answer: C
Reference
https //docs microsoftcom/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#mfa-service-settings
129. You are configuring 0365 security You notice that URLs in 0365 are being rewritten in order to prevent users clicking on malicious URLs. However, you want to prevent certain URLs that you trust from being rewritten in this way and apply it to the entire organization. How would you configure this exclusion?
a Create a conditional access pol cy
b Edit the default conditional access pol cy
c Create a safe links policy
d Edit the default safe links pol cy
e Create a 0365 ATP security pol cy
f Edit the default 0365 ATP security pol cy
Answer: C
Explanation:
Rewriting URLs is part of 0365 ATP specifically the Safe Links pol cy
The default safe links policy applies to the entire organization (licensing permitting), but does not allow reconfiguration of the URL rewrite settings
Creating a custom safe links policy (and applying it to the entire organization) allows configuring the URL rewr te exclusions
Reference
https //docs microsoftcom/en-za/microsoft-365/security/office-365-security/set-up-a-custom-do-not-rewrite-urIs-hst-with-atp
130. Which of the fol owing response options are available in Azure ATPQ (Choose three )
a Protection pol cy
b Alert notification
c Syslog notification
d Microsoft Flow automation playbook
Answer: B, C, D
Explanation:
Azure ATP can send alerts to email or Syslog (SIEM)
Azure ATP integrates with Cloud App Security
Cloud App Security policies can be configured with Microsoft Flow automation playbooks, including responding to alerts passed from Azure ATP
Reference
https //docs microsoftcom/en-us/azure-advanced-threat-protection/notifications
https //docs microsoftcom/en-us/azure-advanced-threat-protection/atp-mcas-lntegration
https //docs microsoftcom/en-us/cloud-app-security/flow-integration
131. You use the content search tool n 0365 Security & Compliance Center as part of an eDiscovery project
Which of the fol owing search types are available to you? (Choose three )
a Content search
b Saved search
c New search
d Guided search
e Search by ID list
Answer: C, D, E
Reference
https //docs microsoftcom/en-za/mcrosoft-365/compIiance/content-search
132. Which license bundles include threat intelligence? (Choose two )
M365-E3
b M365-E5
0365-E3
d 0365-E5
EMS-E3
EMS-E5
Answer: B, D
Explanation:
Threat intelligence IS part of 0365-E5 0365-E5 is included in M365-E5 Threat intelligence is not part of the EMS bundle
Reference
https //docs microsoftcom/en-za/microsoft-365/security/office-365-security/threat-trackers
133. You have deployed AIP in your organization You are trying to discover, classify and protect existing data in your organization You have deployed AIP scanner to a server named agbrotherl
Which of the fol owing are valid targets in for your AIP Scanner deployment? (Choose two )
a UNC path over SMB protocol
b Local storage on BigBrother1
c OneDrive
d Windows Server 2012 and above
e SharePoint Server 2013 and above
f Exchange Server 2013 and above
Answer: A, B
Explanation:
A server with AIP Scanner deployed can scan itself or any UNC over SMB file shares
It is not intended for cloud storage like OneDrive MCAS IS a better solution in such a case
Any OS that supports creating SMB file share is supported, but simply having the OS IS not enough, a file share IS required for remote scanning
SharePoint and Exchange are not supported for AIP Scanner
Reference
https //docs microsoft com/en-us/azure/information-protection/deploy alp-scanner
134. You need to configure Microsoft Defender Exploit Guard on all your Intune-managed Windows 10 devices. What type of device configuration profile would you configure?
Device restrictions
b. Endpoint protection
Microsoft Defender ATP (Windows 10 Desktop)
Custom
Answer: B
Reference
https //docs microsoftcom/en-us/mem/intune/protect/endpoint-protectlon-configure
135. Which of these are capabil ties provided by Microsoft Defender ATPQ (Choose all that apply )
a Attack surface reduction
b Next Generation Protection
c Endpoint Detection and Response
d Auto Investigation and Remediation
e Security Posture
f Anti-malware
g Security' Management
Answer: A, B, C, D, E, G
Explanation:
Traditional anti-malware (I hash scan and compare to known malicious hashes database) is not a capability of Defender ATP — that is provided by Defender Antivirus which IS a separate product entirely
Reference
https //docs microsoftcom/en-us/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-advanced-threat-protectlon
136. Jeff is an entity covered under the GDPR to which your company Jeff has requested - as is his right under GDPR - a repot of his personally identifiable data held by your company
What do you configure?
a Content search
b eDiscovery case
c Advanced eDiscovery case
d Data subject request
e Litigation hold
Answer: D
Reference
https //docs microsoftcom/en-us/microsoft-365/compIiance/gdpr-dsr-office365QvIew 0365-worldwlde
137. What are the installation steps in the correct order for deploy ng Azure ATPQ
a ) Create Azure ATP instance
b ) Create an Azure AD service accoun
c ) Connect to Active Directory
d ) Download Azure ATP Sensor package
e ) Install Azure ATP Sensor
A a b c d e
B b a d e c
C b a c d e
D a c d e
E a b d e
Answer: D
Reference
https //docs microsoftcom/en-us/azure-advanced-threat-protection/install-atp-step 1
138. Your organization has a single-domain, single-forest Active Directory You have installed Azure AD Connect with express sett ngs You need a new group that you want to use to manage access to a cloud application you have registered with Azure Active Directory
What is the maximum number of members the group can have if you create the group on Active Directory?
A Unlimited
B 5,000
C 50,000
D 500,000
Answer: C
Explanation:
If the group is created on the on-premises Active Directory, it must have less than 50,000 members to be synchronized, else won't be synchronized
Reference
https //docs microsoftcom/en-us/azure/active-dlrectory/hybrid/concept-azure-ad-connect-sync-default-configuration#group-out-of-box-rules
139. You are the administrator of your organization's M365 subscription You are managing your users' existing Windows 10 workstations using Intune You want to configure the telemetry settings to only send security-related information to Microsoft
Which of the following do you configure?
a Device configuration profile
b Device configuration pol cy
c Device compliance pol cy
d Device deployment profile
e MDM Security Baseline profile
Answer: A
Explanation:
Device configuration profile allows forcing the configuration settings of the OS
No such thing as a device configuration policy
Device compliance policy has the minimum requirements for the device to be marked as compliant
Device deployment profile is for Autopilot; new installations, not existing
MDM Security baseline is recommended security settings (AKA configuration profile)
Reference
https //docs mi crosoftcom/en-us/mem/i ntune/confi gurati ce-restri cti ons-wi ndows- 1 0#repolti ng-and-telemetry
140. Name - File copy alert
Description - Add a description
Severity - Low
Category - Information governance
Filter - Activity is Copied file and File name is Like any of FileI
Threshold - 10
Window - 1 hour
Scope - All users
You create an alert policy as in the exhibit (Choose all that apply )
A Userl copies FileI every 5 minutes An alert is triggered after 10 minutes
B Userl copies FileI every 5 minutes An alert is triggered after 50 minutes
C Userl copies FileI every 5 minute• An alert is triggered after 60 minutes
D Five users all copy F el every 5 minutes An alert is triggered after 10 minutes
E Five users all copy F el every 5 minutes An alert is triggered after 50 minutes
F Five users all copy FileI every 5 minute• An alert is triggered after 60 minutes
Answer: C,F
Explanation:
The alert triggers after the threshold is met or exceeded and the window has expired
View alerts shows how many times the conditions (filter) was met within the window period
Reference
https //docs microsoftcom/en-us/microsoft-365/compIiance/aIeft-poIiaes
141. Using minimum effort how would you enforce Safe Boot on your Windows 10 computers?
a Run Msinf032
b Deploy AD Group Policy
c Modify' BIOS settings
d Deploy an Intune configuration profile
Answer: C
Reference
https //docs microsoftcom/en-us/windows-hardvvare/manufacture/desktop/dlsabling-secure-boot
142. How do you require MFA for all users while keeping productivity disruptions to a minimum?
Enable MFA for all users using the MFA console
B Enable a conditional access policy
Enable Azure AD Privileged Identity management
Enable Azure Role Based Access Control
Answer: B
Explanation:
Enabling MFA for all users using the MFA console will certainly cause all users to be challenged for MFA, but they will have to supply MFA for every authentication Conditional access allows us to only challenge for MFA under certain
conditions, thereby minimizing productivity impact while maintaining a high level of security
Reference
https //docs microsoftcom/en-us/azure/active-directory/conditional-access/ovemew
143. Who participates in the shared responsibility model in the compliance manager? (Choose two )
a Microsoft
b Azure
c Customer
d Partner
e Vendor
f Standards organization
Answer: A, C
Reference
https //docs microsoftcom/en-us/microsoft-365/compIiance/meet-data-protection-and-reguIatory reqs-using-microsoft-cloud#compliance-score-methodology
144. You have been appointed as the new IT manager at your organization after the previous manager was fired One of the other administrators assigns you the Global Administrator role in Azure AD You, however find out that the previous manager (the one that was fired) was the on y one with access to your organization's Azure subscription that contains all of your organization's workloads
The workload IS still on, but nobody can administer it
What should you do to assign yourself the owner role in Azure?
a Log in to the Azure portal, click on Azure Active Directory, then properties and switch on access management
b Log in to the Azure portal, click on subscriptions, then Identity and Access Management then assign yourself the owner role
c Log in to the Azure portal, click on Azure Active Directory, then open your user account from users, then configure Azure role assignments
D Log in to the Azure portal, click on Privileged Identity Management then permanently assign yourself the owner role
Answer: A
Explanation:
Also known as "elevate access
Reference
https //docs microsoftcom/en-us/azure/role-based-access-control/elevate-access-global-admin
145.You are configuring Azure Active Directory and need to synchronize on-premises Active Directory user accounts, but your security officer does not want passwords or their derivatives to be stored in the cloud at all. Which options are available to you? (Choose two )
a AAD Connect with Azure Active Directory Domain Services
b AAD Connect with pass-through authentication (PTA)
c AAD Connect with password hash-sync (PHS)
d AAD Connect with AD federation (AD PS)
Answer: B, D
Explanation:
In PTA and ADFS authentication happens on-premises PHS syncs hashes to the cloud Azure Active Directory Domain Services keeps password hashes in the cloud, so this is not a correct option
Azure AD Connect hybrid identity model but it is important to understand the different Azure AD and on-premises AD topologies and how Azure AD Connect synchronizes them
Reference
https //docs microsoftcom/en-us/azure/actlve-dlrectory/hybrid/choose-ad-authn
https //docs microsoftcom/en-us/azure/active-directory-domain-services/compare-identity-solutions
It also is not strictly speaking an
146. What sign-in methods do AD Connect Seamless SSO work with? (Choose two )
A PHS
B PTA
C ADFS
D AD Trust
Answer: A, B
Reference
https //docs microsoftcom/en-us/azure/active-directory/hybrid/how-to-connect-sso-faq
147. Sensitivity labels can enforce information protection policies if the file was created in SharePoint Online
a Leave unchanged
b in OneDrive
c in Dropbox
d in an Office 365 app
e anywhere
f in any app integrated with Azure Active Directory
Answer: D
Explanation:
The idea here is that only Office apps al ows the selection (and if the label IS configured for protection, encryption) of AIP labels
The OS of the system where the AIP client app is installed can also appy labels, but this is not one of the options MCAS and SharePoint itself can also apply AIP labels to content if configured to do so
apply AIP labels, although one can make a 3rd party app AIP-aware by using the SDK
That would be any Office 365 app On the desktop, on the web or in the mobile apps
Reference
https //docs microsoftcom/en-us/Iearn/moduIes/m365-security-info-ovemew/summary knowledge-check
Usually 3rd party apps cannot
148. Sensitivity labels added to the metadata of documents that are labelled highly confidential and protected by AIP are encrypted
A True
B False
Answer: B
Explanation:
Sensitivity labels added to document metadata are a ways stored in clear text (not encrypted) to allow 3rd party DLP and information protection solutions to read the label regardless of the encryption of the document itself
Reference
https //docs microsoftcom/en-us/Iearn/moduIes/m365-security-sensitivity-IabeIs/use-sensitivIty-IabeIs
149. You are implementing compliance management for your organization
How do you enable 0365 in-place archiving?
a Admin.microsoftcom, Exchange, Compliance management; archive
b Protection.office.com; information governance, archive
c servicetrust.microsoftcom, Compliance manager, archiving
d servicetrust,microsoftcom, Trust center, archiving
Answer: B
Reference
https //docs microsoftcom/en-us/microsoft-365/compIiance/enabIe-archive-maiIboxes
150. You are the global administrator of your organization's M365 subscription You have created a data subject request case and you are reviewing the search results, but you see the following message in place of the expected results:
You dont have permssyons to prevyew, ask the admmstrator to assygn them.
Where would you assign yourself the appropriate permissions?
a Azure portal
b M365 admin portal
c Office 365 Security' & Compliance Center
d Microsoft Cloud App Security
e M365 Compliance Center
Answer: C
Reference
https //docs microsoftcom/en-us/microsoft-365/compIiance/assign-edIscovery-permissions
151. By default who can invite 82B guests to your Azure ADO
a All members and existing guests
b Members with the Guest inviter role
c All members, but not existing guests
d None of the above
Answer: A
Reference
https //docs microsoftcom/en-us/azure/actIve-dIrectory/b2b/deIegate-invitations
152. You need to download the exported results from a content search
What security mechanism do you need to access the download location?
a The password
b The export key
c The administrator credentials
d The certificate
e The PIN code
Answer: B
Reference
https //docs
153. Your company has a M365 subscription and is using Intune to manage endpoints and mobile devices Your company, however, does not allow the enrolment of personally owned devices in MDM, but allows use Of these devices to access corporate data. The policy further states that all devices, whether personally owned or corporate owned must be prevented from accessing corporate data if the device IS jailbroken or rooted
Which of the fol owing would you deploy to achieve your goal?
A A conditional access pol cy that uses a device access control
B A conditional access pol cy that uses a device condition
C A device compliance pol cy
D A device configuration profile
E An app protection policy
Answer: E
Explanation:
Conditional access with device access control or condition will block access from non-compliant devices, but requires device enrolment in MDM
Device compliance policy will check (and block) jailbreak, but requires MDM
A device configuration profile requires MDM and also cannot check for jailbreak
App protection policy can check for jailbreak and doesn't require MDM
Reference
https //docs microsoft com/en-us/mem/intune/apps/app-protection-pol cy
154. You have just deployed MCAS and have successfully connected the Office 365 app connector You want to create a pol cy that will create an alert when a user logs in from your honeynet network
Which of the following policies would you create?
a Access pol cy
b Activity policy
c Anomaly detection pol cy
d File policy
e Session policy
Answer: B
Reference
https //docs microsoftcom/en-us/cloud-app-securib//control-cloud-apps-with-pollaes
https //docs microsoftcom/en-us/cloud-app-security/user-act vity-pollaes
155. Your organization has several conditional access policies for various purposes One of these policies requires users to provide MFA when they access Teams However, you're uncertain that all users are being prompted for MFA and you want to verify this
Where would you obtain information to help you reach your goal?
A 0365 Security & Compliance Center, Repots
B M365 Security Center, Repots
C M365 Admin Center, Repots
D Azure AD portal, Enterprise applications
E Azure AD portal Conditional access
Answer: D
Reference
https //docs microsoftcom/en-us/azure/active-dlrectory/manage-apps/apphcation-sign-in-problem-first-pafty-microsoft#check-a-specl
c-conditional-access-pol cy