You have a Microsoft 365 subscription. You create a retention policy and apply the policy to Exchange Online mailboxes. You need to ensure that the retention policy tags can be assigned to mailbox items as soon as possible. What should you do?

You need to implement Windows Defender ATP to meet the security requirements. What should you do?

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. You create and enforce an Azure AD Identity Protection user risk policy that has the following settings: Assignments: Include Group1, Exclude Group2 Conditions: Sign in risk of Low and above Access: Allow access, Require password change You need to identify how the policy affects User1 and User2. What occurs when User1 and User2 sign in from an unfamiliar location? To answer,

Your company has a Microsoft 365 subscription. The company does not permit users to enroll personal devices in mobile device management (MOM). Users in the sales department have personal iOS devices. You need to ensure that the sales department users can use the Microsoft Power Bl app from iOS devices to access the Power Bl data in your tenant. The users must be prevented from backing up the app's data to iCIoud. What should you create?

You have a Microsoft 365 E5 subscription that has Microsoft 365 Defender enabled. You plan to deploy a third-party app named App1 that will receive alert data from Microsoft 365 Defender. Which format will Microsoft 365 Defender use to send the alert data to App1?

You have a Microsoft 365 Enterprise E5 subscription. You use Windows Defender Advanced Threat Protection (Windows Defender ATP). You need to integrate Microsoft Office 365 Threat Intelligence and Windows Defender ATP. Where should you configure the integration?

You have a Microsoft 365 E5 subscription that contains a user named User1. The Azure Active Directory (Azure AD) Identity Protection risky users report identifies User1. For User1, you select Confirm user compromised. User1 can still sign in. You need to prevent User1 from signing in. The solution must minimize the impact on users at a tower risk level. Solution: From the Access settings, you select Block access for User1. Does this meet the goal?

You create an Azure Sentinel workspace. You configure Azure Sentinel to ingest data from Azure Active Directory (Azure AD). In the Azure Active Directory admin center, you discover Azure AD Identity Protection alerts. The Azure Sentinel workspace shows the status as shown in the following exhibit. In Azure Log Analytics, you can see Azure AD data in the Azure Sentinel workspace. What should you configure in Azure Sentinel to ensure that incidents are created for detected threats?

You plan to add a file named ConfidentialHR.docx to a Microsoft SharePoint library. You need to ensure that a user named Megan Bowen is notified when another user accesses ConfidentialHR.xlsx. To complete this task, sign in to the Microsoft 365 portal.

You have a hybrid Microsoft 365 environment. All computers run Windows 10 Enterprise and have Microsoft Office 365 ProPlus installed. All the computers are joined to Active Directory. You have a server named Server1 that runs Windows Server 2016. Server1 hosts the telemetry database. You need to prevent private details in the telemetry data from being transmitted to Microsoft. What should you do?

An administrator configures Azure AD Privileged Identity Management as shown in the following exhibit. What should you do to meet the security requirements?

You have a Microsoft 365 subscription that uses a default domain name of contoso.com. Microsoft Azure Active Directory (Azure AD) contains the users shown in the following table. Microsoft Intune has two devices enrolled as shown in the following table: Both devices have three apps named App1, App2, and App3 installed. You create an app protection policy named ProtectionPolicy1 that has the following settings: Protected apps: App1 Exempt apps: App2 Windows Information Protection mode: Block You apply Protec

You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices are managed by using Microsoft Endpoint Manager. You need to enable Microsoft Defender Exploit Guard (Microsoft Defender EG) on the devices. Which type of device configuration profile should you use?

You have a Microsoft SharePoint Online site named Site! that has the users shown in the following table. You create the retention labels shown In the following table.

You have a Microsoft 365 subscription. All users use Microsoft Exchange Online. Microsoft 365 is configured to use the default policy settings without any custom rules. You manage message hygiene. Where are suspicious email messages placed by default? To answer, drag the appropriate location to the correct message types. Each location may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

You have a Microsoft Sentinel workspace that has an Azure Active Directory (Azure AD) connector and an Office 365 connector. From the workspace, you plan to create an analytics rule that will be based on a custom query and will run a security play. You need to ensure that you can add the security playbook and the custom query to the rule. What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription and a hybrid Microsoft Exchange Server organization. Each member of a group named Executive has an on-premises mailbox. Only the Executive group members have multi-factor authentication (MFA) enabled. Each member of a group named Research has a mailbox in Exchange Online. You need to use Microsoft Office 365 Attack simulator to model a spear-phishing attack that targets the Research group members. The email address that you intend to spoof belongs to the Executive gr