An administrator plans to deploy several Azure Advanced Threat Protection (ATP) sensors.
You need to provide the administrator with the Azure information required to deploy the sensors.
What information should you provide?
Answer:
D
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/workspace-portal
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: [email protected]
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab instance: 11032396 -
You need to ensure that a user named Alex Wilber can register for multifactor authentication (MFA).
To complete this task, sign in to the Microsoft Office 365 admin center.
Answer:
See explanation below.
Enable Modern authentication for your organization
1. To enable modern authentication, from the admin center, select Settings > Settings and then in the Services tab, choose Modern authentication from the list.
2. Check the Enable modern authentication box in the Modern authentication panel.
Enable multi-factor authentication for your organization
1. In the admin center, select Users and Active Users.
2. In the Active Users section, Click on multi-factor authentication.
3. On the Multi-factor authentication page, select user if you are enabling this for one user or select Bulk Update to enable multiple users.
4. Click on Enable under Quick Steps.
5. In the Pop-up window, Click on Enable Multi-Factor Authentication.
After you set up multi-factor authentication for your organization, your users will be required to set up two-step verification on their devices.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
HOTSPOT -
You have a Microsoft 365 subscription that uses a default domain name of contoso.com.
Microsoft Azure Active Directory (Azure AD) contains the users shown in the following table.
Microsoft Endpoint Manager has two devices enrolled as shown in the following table:
Both devices have three apps named App1, App2, and App3 installed.
You create an app protection policy named ProtectionPolicy1 that has the following settings:
✑ Protected apps: App1
✑ Exempt apps: App2
✑ Windows Information Protection mode: Block
You apply ProtectionPolicy1 to Group1 and Group3. You exclude Group2 from ProtectionPolicy1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
You have a Microsoft 365 tenant.
You have 500 computers that run Windows 10.
You plan to monitor the computers by using Microsoft Defender for Endpoint after the computers are enrolled in Microsoft Intune.
You need to ensure that the computers connect to Microsoft Defender for Endpoint.
What should you do in Microsoft Endpoint Manager admin center?
Answer:
B
Reference:
https://docs.microsoft.com/en-us/intune/advanced-threat-protection
HOTSPOT -
Your company has a Microsoft 365 subscription that contains the users shown in the following table.
The company implements Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). Microsoft Defender ATP includes the roles shown in the following table:
Microsoft Defender ATP contains the machine groups shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
You have a hybrid deployment of Microsoft 365 that contains the users shown in the following table.
You plan to use Microsoft 365 Attack Simulator.
You need to identify the users against which you can use Attack Simulator.
Which users should you identify?
Answer:
C
Each targeted recipient must have an Exchange Online mailbox.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide
SIMULATION -
You need to implement a solution to manage when users select links in documents or email messages from Microsoft Office 365 ProPlus applications or Android devices. The solution must meet the following requirements:
✑ Block access to a domain named fabrikam.com
✑ Store information when the users select links to fabrikam.com
To complete this task, sign in to the Microsoft 365 portal.
Answer:
See explanation below.
You need to configure a Safe Links policy.
1. Go to the Office 365 Microsoft 365 Compliance center.
2. Navigate to Threat Management > Policy > Safe Links.
3. In the Policies that apply to the entire organization section, select Default, and then click the Edit icon.
4. In the Block the following URLs section, type in *.fabrikam.com. This meets the first requirement in the question.
5. In the Settings that apply to content except email section, untick the checkbox labelled Do not track when users click safe links. This meets the second requirement in the question.
6. Click Save to save the changes.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-worldwide
SIMULATION -
You need to configure your organization to automatically quarantine all phishing email messages.
To complete this task, sign in to the Microsoft 365 portal.
Answer:
See explanation below.
You need to edit the Anti-Phishing policy.
1. Go to the Office 365 Microsoft 365 Compliance center.
2. Navigate to Threat Management > Policy > ATP Anti-Phishing.
3. Click on Default Policy.
4. In the Impersonation section, click Edit.
5. Go to the Actions section.
6. In the If email is sent by an impersonated user: box, select Quarantine the message from the drop-down list.
7. In the If email is sent by an impersonated domain: box, select Quarantine the message from the drop-down list.
8. Click Save to save the changes.
9. Click Close to close the anti-phishing policy window.
You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.
You need to allow a user named User1 to view ATP reports in the Threat management dashboard.
Which role provides User1 with the required role permissions?
Answer:
A
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/view-reports-for-atp#what-permissions-are-needed-to-view-the-atp-reports
You have a Microsoft 365 subscription and a Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) subscription.
You have devices enrolled in Microsoft Endpoint Manager as shown in the following table:
You integrate Microsoft Defender ATP and Endpoint Manager.
You plan to evaluate the Microsoft Defender ATP risk level for the devices.
You need to identify which devices can be evaluated.
Which devices should you identify?
Answer:
D
Microsoft Defender ATP (now known as Microsoft Defender for Endpoint) now supports Windows 7 SP1 and above, Windows Server 2008 SP1 and above, the three most recent major releases of macOS, iOS 11.0 and above, Android 6.0 and above and Red Hat Enterprise Linux 7.2 or higher, CentOS 7.2 or higher,
Ubuntu 16.04 LTS or higher LTS, Debian 9 or higher, SUSE Linux Enterprise Server 12 or higher, and Oracle Linux 7.2 or higher.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/evaluation-lab https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements
