You have a Microsoft 365 subscription and an on-premises Active Directory domain named contoso.com. All client computers run Windows 10 Enterprise and are joined to the domain.
You need to enable Windows Defender Credential Guard on all the computers.
What should you do?
Answer:
D
Reference:
https://docs.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage
Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
The company purchases a cloud app named App1 that supports Microsoft Defender for Cloud Apps monitoring.
You configure App1 to be available from the My Apps portal.
You need to ensure that you can monitor App1 from Defender for Cloud Apps.
What should you do?
Answer:
A
HOTSPOT -
You use Microsoft Defender for Endpoint.
You have the Microsoft Defender for Endpoint machine groups shown in the following table.
You plan to onboard computers to Microsoft Defender for Endpoint as shown in the following table.
To which machine group will each computer be added? To answer, select the appropriate options in the answer are.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Your company has 5,000 Windows 10 devices. All the devices are protected by using Microsoft Defender Advanced Threat Protection (ATP).
You need to create a filtered view that displays which Microsoft Defender ATP alert events have a high severity and occurred during the last seven days.
What should you use in Microsoft Defender ATP?
Answer:
B
References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/investigate-alerts-windows-defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/automated-investigations-windows-defender-advanced-threat- protection
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Device Management admin center, you create a device configuration profile.
Does this meet the goal?
Answer:
B
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
Your company purchases a Microsoft 365 subscription.
You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Defender for Cloud Apps admin center.
Solution: From the Security & Compliance admin center, you assign the Security Administrator role to User1.
Does this meet the goal?
Answer:
B
Security Administrator has the required permissions, but it is not assigned from the Security and Compliance Center.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/manage-admins
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
Your company purchases a Microsoft 365 subscription.
You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Defender for Cloud Apps admin center.
Solution: From the Azure Active Directory admin center, you assign the Security administrator role to User1.
Does this meet the goal?
Answer:
A
The Security administrator has Full access with full permissions in Defender for Cloud Apps.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/manage-admins
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
Your company purchases a Microsoft 365 subscription.
You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Defender for Cloud Apps admin center.
Solution: From the Azure Active Directory admin center, you assign the Compliance administrator role to User1.
Does this meet the goal?
Answer:
A
The Compliance administrator has read-only permissions and can manage alerts, can create and modify file policies, allow file governance actions, and view all the built-in reports under Data Management, but cannot access Security recommendations for cloud platforms.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/manage-admins
HOTSPOT -
Your company purchases a cloud app named App1.
You plan to publish App1 by using a conditional access policy named Policy1.
You need to ensure that you can control access to App1 by using a Microsoft Cloud App Security session policy.
Which two settings should you modify in Policy1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad
HOTSPOT -
Your company uses Microsoft Defender Advanced Threat Protection (ATP). Microsoft Defender ATP includes the machine groups shown in the following table.
You onboard a computer named computer1 to Microsoft Defender ATP as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
