You have a Microsoft 365 subscription.
You plan to implement a hybrid configuration that has the following requirements:
• Minimizes the number of times users are prompted for credentials when they access Microsoft 365 resources
• Supports the use of Azure AD Identity Protection
You need to configure Azure AD Connect to support the planned changes implementation.
Which two options should you select? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Answer:
AB
You have a Microsoft 365 subscription.
You plan to use Productivity Score and need to ensure that it can obtain device and software metrics.
What should you do?
Answer:
C
You have a Microsoft 365 subscription.
You create a new Conditional Access policy named CAPolicy1.
You need to be able to review how CAPolicy1 has affected users after 90 days.
What should you do?
Answer:
D
DRAG DROP
-
You have a Microsoft 365 subscription.
You need to meet the following requirements:
• Report a Microsoft 365 service issue.
• Request help on how to add a new user to an Azure AD tenant.
What should you use in the Microsoft 365 admin center? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between Panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
You have a Microsoft 365 subscription.
You plan to enable Microsoft Azure Information Protection.
You need to ensure that only the members of a group named PilotUsers can protect content.
What should you do?
Answer:
D
If you don't want all users to be able to protect documents and emails immediately by using Azure Rights Management, you can configure user onboarding controls by using the
Set-AadrmOnboardingControlPolicy cmdlet.
Note: Set-AadrmOnboardingControlPolicy from the AADRM module is now deprecated. After July 15, 2020, this cmdlet name will be supported only as an alias to its replacement in the AIPService module. Set-AipServiceOnboardingControlPolicy Sets the user on-boarding control policy for Azure Information Protection.
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/activate-service
Your company has a Microsoft 365 subscription.
You need to identify which users performed the following privileged administration tasks:
✑ Deleted a folder from the second-stage Recycle Bin if Microsoft SharePoint
✑ Opened a mailbox of which the user was not the owner
Reset a user password -
What should you use?
Answer:
A
You can view the required information in the audit logs. The Azure AD audit logs provide records of system activities for compliance. To access the audit report, select Audit logs in the Activity section of Azure Active Directory.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-audit-logs
You have a Microsoft 365 subscription. You have a user named User1.
You need to ensure that User1 can place a hold on all mailbox content.
What permission should you assign to User1?
Answer:
B
To create a query-based In-Place Hold, a user requires both the Mailbox Search and Legal Hold roles to be assigned directly or via membership in a role group that has both roles assigned. To create an In-Place Hold without using a query, which places all mailbox items on hold, you must have the Legal Hold role assigned. The Discovery Management role group is assigned both roles.
Reference:
https://docs.microsoft.com/en-us/Exchange/permissions/feature-permissions/policy-and-compliance-permissions?view=exchserver-2019
HOTSPOT -
You have a new Microsoft 365 subscription.
A user named User1 has a mailbox in Microsoft Exchange Online.
You need to log any changes to the mailbox folder permissions of User1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
To enable auditing for a single mailbox use this PowerShell command: Set-Mailbox username -AuditEnabled $true
Reference:
https://support.microsoft.com/en-us/help/4026501/office-auditing-in-office-365-for-admins https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps-ps
You have a Microsoft E5 subscription.
You need to ensure that administrators who need to manage Microsoft Exchange Online are assigned the Exchange administrator role for five hours at a time.
What should you implement?
Answer:
E
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings
Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants.
You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users.
You need to recommend a solution for the planned directory synchronization.
What should you include in the recommendation?
Answer:
A
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-ad-tenants
