November 13, 2022 | Author: Anonymous | Category: N/A
Exam A Exam QUESTION 1 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Correct Answer:
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference:
QUESTION 2 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F
S Section: ection: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/get-started/ QUESTION 3 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:
Correct Answer:
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview
D283ABFBEDB32CDCE3B3406B9C29DB2F QUESTION 4 HOTSPOT
Select the answer that correctly completes the sentence. Select Hot Area:
Correct Answer:
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference:
QUESTION 5 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Explanation: Federation is a collection of domains that have established trust.
Reference: R eference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed QUESTION 6 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Explanation: Box 1: Yes System updates reduces security vulnerabilities, and provide a more stable environment for end users. Not applying updates leaves unpatched vulnerabilities and results in environments that are susceptible to attacks. Box 2: Yes Box 3: Yes If you only use a password to authenticate a user, it leaves an attack vector open. With MFA enabled, your accounts are more secure. Reference: https://docs.microsoft.com/en-us/azure/security-center/secure-score-security-controls QUESTION 7
D283ABFBEDB32CDCE3B3406B9C29DB2F Which score measures an organization's progress in completing actions that help reduce risks associated to data protection and regulatory standards? A. Microsoft Secure Score B. Productivity Score C. Secure score in Azure Security Center D. Compliance score
Correct Answer: D Correct Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365worldwide QUESTION 8 What do you use to provide real-time real-tim e integration between Azure Sentinel and another security source? A. Azure AD Connect B. a Log Analytics workspace C. Azure Information Protection D. a connector Correct Answer: D Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Explanation: To on-board Azure Sentinel, you first need to connect to your security sources. Azure Sentinel comes with a number of connectors for Microsoft solutions, including Microsoft 365 Defender solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for f or Identity, and Microsoft Cloud App Security, etc. Reference: https://docs.microsoft.com/en-us/azure/sentinel/overview QUESTION 9 Which Microsoft portal provides information about how Microsoft cloud services comply with regulatory standard, such as International Organization for Standardization (ISO)? (I SO)? A. the Microsoft Endpoint Manager admin center B. Azure Cost Management + Billing C. Microsoft Service Trust Portal D. the Azure Active Directory admin center Correct Answer: C Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Explanation: The Microsoft Service Trust Portal contains details about Microsoft's implementation of controls and processes
D283ABFBEDB32CDCE3B3406B9C29DB2F that protect our cloud services and the customer data therein. Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365worldwide QUESTION 10 In the shared responsibility model for an Azure deployment, what is Microsoft solely responsible for managing?
A. the management of mobile devices B. the permissions for the user data stored in Azure C. the creation and management of user accounts D. the management of the physical hardware Correct Answer: D Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference:
QUESTION 11 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Correct Answer:
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Explanation: Box 1: Yes
D283ABFBEDB32CDCE3B3406B9C29DB2F Box 2: Yes Box 3: No The Zero Trust model does not assume that everything behind the corporate firewall fi rewall is safe, the Zero Trust model assumes breach and verifies each request as though it originated from an uncontrolled network. Reference: https://docs.microsoft.com/en-us/security/zero-trust/ QUESTION 12
HOTSPOT HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Correct Answer:
QUESTION 13 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F
QUESTION 14 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Box B ox 1: Yes A certificate is required that provides a private and a public key. key. Box 2: Yes The public key is used to validate the private key that is associated with a digital signature. Box 3: Yes The private key, or rather the password to the private key, validates the identity of the signer. Reference: https://support.microsoft.com/en-us/office/obtain-a-digital-certificate-and-create-a-digital-signature-e3d9d8133305-4164-a820-2e063d86e512 https://docs.microsoft.com/en-us/dynamics365/fin-ops-core/fin-ops/organization-administration/electronic signature-overview QUESTION 15 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:
QUESTION Q UESTION 16 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:
https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization QUESTION 17 HOTSPOT
Select the answer that correctly completes the sentence. Select Hot Area:
Correct Answer: Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b QUESTION 18 In the Microsoft Cloud Adoption Framework for Azure, which two phases are addressed before tthe he Ready phase? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
D283ABFBEDB32CDCE3B3406B9C29DB2F A. Plan B. Manage C. Adopt D. Govern E. Define Strategy Correct Answer: AE Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/overview QUESTION 19 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
S Section: ection: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference:
QUESTION 20 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
D283ABFBEDB32CDCE3B3406B9C29DB2F
S Section: ection: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference:
QUESTION 21 HOTSPOT Select the answer that correctly completes the sentence.
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference:
Reference: R eference: https://docs.microsoft.com/en-us/security/benchmark/azure/baselines/cloud-services-security-baseline
D283ABFBEDB32CDCE3B3406B9C29DB2F QUESTION 22 What is an example of encryption at rest? A. encrypting communications by using a site-to-site VPN B. encrypting a virtual machine disk C. accessing a website by using an encrypted HTTPS connection D. sending an encrypted email Correct Answer: B Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest QUESTION 23 Which three statements accurately describe the guiding principles of Zero Trust? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Define the perimeter by physical locations. B. Use identity as the primary pri mary security boundary boundary.. C. Always verify the permissions of a user explicitly. D. Always assume that the user system can be breached. E. Use the network as the primary security boundary. Correct Answer: BCD Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/security/zero-trust/ QUESTION 24 HOTSPOT Which service should you use to view your Azure secure score? To answer, answer, select the appropriate service in the answer area. Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/security-center/secure-score-access-and-track
QUESTION 25 What can you use to provide a user with a two-hour window to complete an administrative task in Azure? A. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) B. Azure Multi-Factor Authentication (MFA) C. Azure Active Directory (Azure AD) Identity Protection
D. conditional access policies D. Correct Answer: D Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy common QUESTION 26 In a hybrid identity model, what can you use to sync identities between Active Directory Domain Services (AD DS) and Azure Active Directory (Azure AD)? A. Active Directory Federation Services (AD FS) B. Azure Sentinel C. Azure AD Connect D. Azure Ad Privileged Identity Management (PIM) Correct Answer: C Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect QUESTION 27 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Correct Answer
Section: S ection: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Box 1: Yes Azure AD supports custom roles. Box 2: Yes Global Administrator has access to all administrative features in Azure Active Directory. Box 3: No Reference: https://docs.microsoft.com/en-us/azure/active-directory/roles/concept-understand-roles https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference QUESTION 28 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: S ection: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Box 1: No Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service. Box 2: Yes Microsoft 365 uses Azure Active Directory (Azure AD). Azure Active Directory (Azure AD) is included with your Microsoft 365 subscription. Box 3: Yes Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service. Reference: https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide QUESTION 29 HOTSPOT Select the answer that correctly completes the sentence.
: Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation
D283ABFBEDB32CDCE3B3406B9C29DB2F D 283ABFBEDB32CDCE3B3406B9C29DB2F Explanation/Reference: Explanation: Biometrics templates are stored locally on a device. Reference: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-overview QUESTION 30 What is the purpose of Azure Active Directory (Azure AD) Password Protection? A. to control how often users must change their passwords B. to identify devices to which users can sign in without using multimulti-factor factor authentication (MFA) C. to encrypt a password by using globally recognized encryption standards D. to prevent users from using specific words in their passwords Correct Answer: D Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Azure AD Password Protection detects and blocks known weak weak passwords and their variants, and can also block additional weak terms that are specific to your organization. With Azure AD Password Protection, default global banned password lists are automatically applied to all users in an Azure AD tenant. To support your own business and security needs, you can define entries in a custom banned password list. Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad-on-premises QUESTION 31 Which Azure Active Directory (Azure AD) feature can you use to evaluate group membership and automatically remove users that no longer require membership in a group? A. access reviews B. managed identities C. conditional access policies D. Azure AD Identity Protection Correct Answer: A Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage manage group memberships, access to enterprise applications, and role assignments. Reference: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview QUESTION 32 HOTSPOT
D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F Select the answer that correctly completes the sentence.
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan. Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks QUESTION 33 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:D283ABFBEDB32CDCE3B36B9C29DB2F Area:D283ABFBEDB32CDCE3B36B9C29DB2F
Section: S ection: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Box 1: Yes Box 2: No Conditional Access policies are enforced after first-factor authentication is completed. Box 3: Yes Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview QUESTION 34 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:D283ABFBEDB32CDCE3B3406B9C29DB2F Area:D283ABFBEDB32CDCE3B3406B9C29DB2F
Section: S ection: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/defender-for-identity/what-is QUESTION 35 HOTSPOT Select the answer that correctly completes the sentence.
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Microsoft Defender for Identity is i s a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization. Reference: https://docs.microsoft.com/en-us/defender-for-identity/what-is QUESTION 36 HOTSPOT Select the answer that correctly completes the sentence.
D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F
: Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Azure Active Directory (Azure AD) is a cloud-based user identity and authentication service. Reference: https://docs.microsoft.com/en-us/microsoft-365/enterprise/about-microsoft-365-identity?view=o365-worldwide QUESTION 37 Which Azure Active Directory (Azure AD) feature can you use to provide just-in-time (JIT) access to manage Azure resources? A. conditional access policies B. Azure AD Identity Protection C. Azure AD Privileged Identity Management (PIM) D. authentication method policies Correct Answer: C Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Azure AD Privileged Identity Management (PIM) provides just-in-time privileged access to Azure AD and Azure resources Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure QUESTION 3883ABFBEDB32CDCE3B3406B9C29DB2F 3883ABFBEDB32CDCE3B3406B9C29DB2F
W Which hich three authentication methods can be used by Azure Multi-Factor Multi -Factor Authentication (MFA)? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. text message (SMS) B. Microsoft Authenticator app C. email verification D. phone call E. security question Correct Answer: ABD Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methods QUESTION 39 Which Microsoft 365 feature can you use to restrict communication and the sharing of information between members of two departments at your organization? A. sensitivity label policies B. Customer Lockbox C. information batteries D. Privileged Access Management (PA (PAM) M) Correct Answer: C Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers QUESTION 40 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Correct Answer:
D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview QUESTION 41 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
: Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Box 1: Yes Conditional access policies can be applied to all users Box 2: No Conditional access policies are applied after first-factor authentication is
mpleted.D283ABFBEDB32CDCE3B3406B9C29DB2F m pleted.D283ABFBEDB32CDCE3B3406B9C29DB2F Box 3: Yes Users with devices of specific platforms or marked with a specific state can be used when enforcing Conditional Access policies. Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview QUESTION 42 HOTSPOT Select the answer that correctly completes the sentence.
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: When you register an application through the Azure portal, an application object and service principal are automatically created in your home directory or tenant. Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal QUESTION 43 Which three authentication methods does Windows Hello for Business support? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. fingerprint B. facial recognition C. PIN D. email verification E. security question Correct Answer: ABC Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: D283ABFBEDB32CDCE3B3406B9C29DB2F
Reference: R eference: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-how-it-works authentication QUESTION 44 HOTSPOT Select the answer that correctly completes the sentence.
:
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults QUESTION 45 You have an Azure subscription. You need to implement approval-based, time-bound role activation. What should you use? A. Windows Hello for Business B. Azure Active Directory (Azure AD) Identity Protection C. access reviews in Azure Active Directory (Azure AD) AD)D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM) Correct Answer: D Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions
Explanation Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure QUESTION 46 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
D283ABFBEDB32CDCE3B3406B9C29DB2F https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy admin-mfa QUESTION 47 HOTSPOT
Select the answer that correctly completes the sentence. Select
: Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/cloud-app-security/what-is-cloud-app-security QUESTION 48 HOTSPOT Select the answer that correctly completes the sentence.
D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference:
Reference: R eference: https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview QUESTION 49 What should you use in the Microsoft 365 security center to view security trends and track the protection status of identities? A. Attack simulator B. Reports C. Hunting D. Incidents Correct Answer: B Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/reports-and-insights-in-security and-compliance?view=o365-worldwide QUESTION 50 HOTSPOT Select the answer that correctly completes the sentence.
Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/incidents-overview?view=o365-worldwide QUESTION 51 What are two capabilities of Microsoft Mi crosoft Defender for Endpoint? Each correct selection presents a complete solution. NOTE: Each correct selection is worth one point.
D283ABFBEDB32CDCE3B3406B9C29DB2F A. automated investigation and remediation B. transport encryption C. shadow IT detection
D. attack surface reduction D. Correct Answer: AD Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint? view=o365-worldwide QUESTION 52 DRAG DROP Match the Azure networking service to the appropriate description. To answer, drag the appropriate service from the column on tthe he left to its description on the right. Each service may be used once, more than once, or not at all. NOTE: Each correct match is worth one point.
Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Explanation: Box 1: Azure Firewall Azure Firewall provide Source Network Address Translation Translation and Destination Network Address Translation. Box 2: Azure Bastion Azure Bastion provides secure and seamless RDP/SSH connectivity connectivity to your virtual machines directly from the
D283ABFBEDB32CDCE3B3406B9C29DB2F Azure portal over TLS. Box 3: Network security group (NSG) You can use an Azure network security group to filter network traffic to and from Azure resources in an Azure virtual network.
Reference: R eference: https://docs.microsoft.com/en-us/azure/networking/fundamentals/networking-overview https://docs.microsoft.com/en-us/azure/bastion/bastion-overview https://docs.microsoft.com/en-us/azure/firewall/features https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview QUESTION 53 HOTSPOT Select the answer that correctly completes the sentence.
Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Explanation: Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Reference: https://docs.microsoft.com/en-us/azure/sentinel/overview QUESTION 54 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: S ection: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Explanation: Box 1: Yes Azure Defender provides security alerts and advanced threat protection for virtual machines, SQL databases databases,, containers, web applications, your network, your storage, and more mor e Box 2: Yes Cloud security posture management (CSPM) is available for free to all Azure users. Box 3: Yes Azure Security Center is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection prot ection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. Reference: https://docs.microsoft.com/en-us/azure/security-center/azure-defender https://docs.microsoft.com/en-us/azure/security-center/defender-for-storage-introduction https://docs.microsoft.com/en-us/azure/security-center/security-center-introduction QUESTION 55 HOTSPOT Select the answer that correctly completes the sentence.
D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/threat-analytics?view=o365-worldwide QUESTION 56 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
r: r: Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Explanation: You can use an Azure network security group tto o filter network traffic to and from Azure resources in an Azure
D283ABFBEDB32CDCE3B3406B9C29DB2F virtual network. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol. Reference: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview
QUESTION 57 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: S ection: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune https://docs.microsoft.com/en-us/mem/intune/fundamentals/what-is-device-management
QUESTION 58
D283ABFBEDB32CDCE3B3406B9C29DB2F HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area
r: r: Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/bastion/bastion-overview https://docs.microsoft.com/en-us/azure/bastion/tutorial-create-host-portal QUESTION 59 What feature in Microsoft Defender for f or Endpoint provides the first lline ine of defense against cyberthreats by reducing the attack surface? A. automated remediation B. automated investigation C. advanced hunting
D283ABFBEDB32CDCE3B3406B9C29DB2F D. network protection Correct Answer: D Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Explanation: Network protection helps protect devices from Internet-based Inter net-based events. Network protection is an attack surface reduction capability capability..
Reference: R eference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365worldwide QUESTION 60 HOTSPOT Select the answer that correctly completes the sentence. Hot Area: Correct Answer: Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/sentinel/overview QUESTION 61 Which two types of resources can be protected by using Azure Firewall? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. A. Azure virtual machines B. Azure Active Directory (Azure AD) users C. Microsoft Exchange Online inboxes D. Azure virtual networks E. Microsoft SharePoint Online sites D283ABFBEDB32CDCE3B3406B9C29DB2F Correct Answer: DE Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference:
QUESTION 62 You plan to implement a security strategy and place multiple layers of defense thr throughout oughout a network infrastructure. Which security methodology does this represent? A. threat modeling B. identity as the security perimeter C. defense in depth D. the shared responsibility model Correct Answer: C Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/learn/modules/secure-network-connectivity-azure/2-what-is-defense-in-depth
QUESTION Q UESTION 63 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
: D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference:
QUESTION 64 What can you use to scan email attachments and forward the attachments to recipients only iiff the attachments are free from malware? A. Microsoft Defender for Office 365 B. Microsoft Defender Antivirus C. Microsoft Defender for Identity D. Microsoft Defender for Endpoint Correct Answer: A Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service description QUESTION 65 Which feature provides the extended detection and response (XDR) capability of Azure Sentinel? A. integration with the Microsoft 365 compliance center B. support for threat hunting
C.. integration with Microsoft 365 Defender C D. support for Azure Monitor Workbooks Correct Answer: C Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender/eval-overview?view=o365-worldwide QUESTION 66 What can you use to provide threat detection for Azure SQL Managed Instance? A. Microsoft Secure Score B. application security groups C. Azure Defender D. Azure Bastion Correct Answer: C Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference:
QUESTION 67 D283ABFBEDB32CDCE3B3406B9C29DB2F HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: S ection: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference:
QUESTION 68 Which Azure Active Directory (Azure AD) feature can you use to restrict Microsoft Intune-managed devices from accessing corporate resources? A. network security groups (NSGs) B. Azure AD Privileged Identity Management (PIM) C. conditional access policies D. resource locks Correct Answer: C Section: Describe the Capabilities of Microsoft Security Solutions Explanation Explanation/Reference:
QUESTION 69 Which two tasks can you implement by using data loss prevention (DLP) policies in Microsoft 365? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. D283ABFBEDB32CDCE3B3406B9C29DB2F A. Display policy tips to users who are about to violate your organization’s policies. B. Enable disk encryption on endpoints. C. Protect documents in Microsoft OneDrive that t hat contain sensitive information. D. Apply security baselines to devices. Correct Answer: AC Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide QUESTION 70 HOTSPOT Select the answer that correctly completes the sentence.
Section: S ection: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365worldwide#how-compliance-manager-continuously-assesses-controls QUESTION 71 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. D283ABFBEDB32CDCE3B3406B9C29DB2F NOTE: Each correct selection is worth one point.
Section: S ection: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Explanation: Box 1: Yes You can use sensitivity labels to provide protection settings that include encryption of emails and documents to prevent unauthorized people from accessing this data. Box 2: Yes You can use sensitivity labels to mark tthe he content when you use Office apps, by adding watermarks, headers, or footers to documents that have the label applied. Box 3: Yes You can use sensitivity labels to mark tthe he content when you use Office apps, by adding headers, or footers to email that have the label applied. Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide QUESTION 72
D283ABFBEDB32CDCE3B3406B9C29DB2F Which Microsoft 365 compliance feature can you use to encrypt content automatically based on specific conditions? A. Content Search
B.. sensitivity labels B C. retention policies D. eDiscovery Correct Answer: B Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide QUESTION 73 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation D283ABFBEDB32CDCE3B3406B9C29DB2F Explanation/Reference: Explanation: Box 1: No Compliance Manager tracks Microsoft managed controls, customer-managed controls, and shared controls.
Box 2: Yes Box Box 3: Yes Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager?view=o365-worldwide QUESTION 74 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation
D283ABFBEDB32CDCE3B3406B9C29DB2F Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/governance/policy/overview QUESTION 75 What is a use case for implementing information barrier policies in Microsoft 365? A. to restrict unauthenticated access to Microsoft 365 B. to restrict Microsoft Teams chats between certain groups within an organization C. to restrict Microsoft Exchange Online email between certain groups within an or organization ganization D. to restrict data sharing to external email recipients
Correct C orrect Answer: C Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/information-barriers-policies?view=o365-worldwide QUESTION 76 What can you use to provision Azure resources across multiple subscriptions in a consistent manner? A. Azure Defender B. Azure Blueprints C. Azure Sentinel D. Azure Policy Correct Answer: B Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/governance/blueprints/overview QUESTION 77 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area
Section: S ection: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Explanation: Box 1: Yes The MailItemsAccessed event is a mailbox auditing action and is triggered when mail data is accessed by mail protocols and mail clients. Box 2: No Basic Audit retains audit records for 90 days. Advanced Audit retains all Exchange, SharePoint, and Azure Active Directory audit records for one year. year. This is accomplished by a default audit log retention ret ention policy that retains any audit rrecord ecord that contains the value of Exchange, SharePoint, or AzureActiveDirectory for the Workload property (which indicates the service in which the activity occurred) for one year. Box 3: yes Advanced Audit in Microsoft 365 provides high-bandwidth access to the Office 365 Management Management Activity API. Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide
D283ABFBEDB32CDCE3B3406B9C29DB2F https://docs.microsoft.com/en-us/microsoft-365/compliance/auditing-solutions-overview?view=o365worldwide#licensing-requirements
https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft h ttps://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft 365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#advanced audit QUESTION 78 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Explanation: Box 1: No Box 2: Yes Leaked Credentials indicates that the user's valid credentials have been leaked.
D283ABFBEDB32CDCE3B3406B9C29DB2F Box 3: Yes Multi-Factor Authentication can be required based on conditions, one of which is user risk. Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-risk-based-sspr-mfa QUESTION 79 Which Microsoft 365 compliance center feature can you use to t o identify all the documents on a Microsoft SharePoint Online site that contain a specific key word? A. Audit B. Compliance Manager C. Content Search D. Alerts Correct Answer: C Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Explanation: The Content Search tool in the Security & Compliance Center can be used to quickly find f ind email in Exchange mailboxes, documents in SharePoint sites and OneDrive locations, and instant messaging conversations in Skype for Business. The first step is to starting using the Content Search tool to t o choose content locations to search and configure a keyword query to search for specific items. Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/search-for-content?view=o365-worldwide QUESTION 80 HOTSPOT Select the answer that correctly completes the sentence.
D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference:
Reference: R eference: https://docs.microsoft.com/en-us/microsoft-365/compliance/microsoft-365-compliance-center?view=o365worldwide QUESTION 81 Which Microsoft 365 feature can you use to restrict users from sending email messages that contain lists of customers and their associated credit card numbers? A. retention policies B. data loss prevention (DLP) policies C. conditional access policies D. information barriers Correct Answer: B Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide QUESTION 82 HOTSPOT Select the answer that correctly completes the sentence.
: Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview QUESTION 83 In a Core eDiscovery workflow, what should you do before you can search for content?D283ABFBEDB32CDCE3B3406B9C29DB2F content? D283ABFBEDB32CDCE3B3406B9C29DB2F A. Create an eDiscovery hold. B. Run Express Analysis. C. Configure attorney-client privilege detection. D. Export and download results. Correct Answer: A Section: Describe the Capabilities of Microsoft Compliance Solutions
Explanation Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide QUESTION 84 Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security? A. Microsoft Service Trust Portal B. Compliance Manager C. Microsoft 365 compliance center D. Microsoft Support Correct Answer: A Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365worldwide QUESTION 85 What can you protect by using the information infor mation protection solution in the Microsoft 365 compliance center? A. computers from zero-day exploits B. users from phishing attempts C. files from malware and viruses D. sensitive data from being exposed to unauthorized users Correct Answer: D Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/information-protection?view=o365-worldwide QUESTION 86 What can you specify in Microsoft 365 sensitivity labels? A. how long files must be preserved B. when to archive an email message C. which watermark to add to files D. where to store files Correct Answer: C
D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide QUESTION 87 HOTSPOT
For each of the following statements, select Y For Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Explanation: Box 1: No Advanced Audit helps organizations to conduct forensic and compliance compliance investigations by increasing audit log retention. Box 2: No Box 3: Yes Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/advanced-audit?view=o365-worldwide QUESTION 88 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select D283ABFBEDB32CDCE3B3406B9C29DB2F No.D283ABFBEDB32CDCE3B3406B9C29DB2F No. NOTE: Each correct selection is worth one point.
Section: S ection: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: QUESTION 89 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
D283ABFBEDB32CDCE3B3406B9C29DB2F D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-sensitivity-labels?view=o365worldwide QUESTION 90 HOTSPOT Select the answer that correctly completes the sentence.
Section: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference:
D283ABFBEDB32CDCE3B3406B9C29DB2F Reference: https://docs.microsoft.com/en-us/azure/security/fundamentals/customer-lockbox-overview QUESTION 91
In a Core eDiscovery workflow, what should you do before you can search for content? In A. Create an eDiscovery hold. B. Run Express Analysis. C. Configure attorney-client privilege detection. D. Export and download results. Correct Answer: A Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide QUESTION 92 HOTSPOT For each of the following statements, select Y Yes es if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
D283ABFBEDB32CDCE3B3406B9C29DB2F Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Explanation: Box 1: Yes Azure AD supports custom roles.
Box 2: Yes Box Global Administrator has access to all administrative features in Azure Active Directory. Box 3: No Reference: https://docs.microsoft.com/en-us/azure/active-directory/roles/concept-understand-roles https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference QUESTION 93 Which Microsoft portal provides information about how Microsoft manages privacy, compliance, and security? A. Microsoft Service Trust Portal B. Compliance Manager C. Microsoft 365 compliance center D. Microsoft Support Correct Answer: A Section: Describe the Capabilities of Microsoft Compliance Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-with-service-trust-portal?view=o365worldwide QUESTION 94 HOTSPOT Which service should you use to view your Azure secure score? To answer, answer, select the appropriate service in the answer area. Hot Area:
D283ABFBEDB32CDCE3B3406B9C29DB2F
S Section: ection: Describe the Concepts of Security, Compliance, and Identity Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/security-center/secure-score-access-and-track
QUESTION 95 HOTSPOT Select the answer that correctly completes the sentence. Hot Area:
: Section: Describe the Capabilities of Microsoft Identity and Access Man-agement Solutions Explanation Explanation/Reference: Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
D283ABFBEDB32CDCE3B3406B9C29DB2F
96. 96.
You create three sensitivity labels named Sensitivity1, Sensitivity2, and Sensitivity3 and perform the following actions: ✑ Publish Sensitivity1. ✑ Create an auto-labeling policy for Sensitivity2. You plan to create a file policy named Policy1 in Microsoft Cloud App Security. Which sensitivity labels can you apply to Microsoft SharePoint Online in Policy1? A. Sensitivity1 A. Sensitivity1 only only
•
B. Sensitivity1, Sensitivity2, and Sensitivity3
•
C. Sensitivity2 only
•
D. Sensitivity1 and Sensitivity2 only
•
Correct Answer: D Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/apply-sens ce/apply-sensitivity-label-autom itivity-label-automatically?view=o3 atically?view=o365-w 65-w o rldwide https://doc https://docs.microsoft.com/ s.microsoft.com/en-us/cloud-a en-us/cloud-app-security/azip pp-security/azip-integration -integration 97
You have a Microsoft OneDrive for Business folder that contains the files shown in the following table. In Microsoft Cloud App Security, you create a file policy to automatically apply a classification. What is the effect of applying the policy? A. The policy A. policy will apply to only only the .docx .docx and .txt files. The policy policy will classify classify the files within within 24 hours. hours.
•
B. The policy will apply to all the files. The policy will classify only 100 files daily. C. The policy
•
•
will apply to only the .docx files. The policy will classify only 100 files daily. D. The policy will apply to only the .docx and .txt files. The policy will classify the files
•
immediately. Correct Answer: C Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/cloud-a en-us/cloud-app-security/azip pp-security/azip-integration -integration 98.
HOTSPOT You have a Microsoft 365 tenant named contoso.com that contains two users named User1 and User2. The tenant uses Microsoft Office 365 Message Encryption (OME). User1 plans to send emails that contain attachments as shown in the following table. User2 plans to send emails that contain attachments as shown in the following table. For which emails will the attachment attachments s be protected? To To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Correct C orrect Answer:
Reference: R eference: https://support.microsoft. https://sup port.microsoft.com/en-gb/of com/en-gb/office/introduc fice/introduction-to-irm-for-email-me tion-to-irm-for-email-messages-bb64 ssages-bb643d33-4a3f 3d33-4a3f-4ac7-9770-f -4ac7-9770-f d 50d95f58dc?ui=en-us&rs=en- gb&ad=gb#FileTypesforIRM https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/ome?view=o ce/ome?view=o365-worldwide 365-worldwide https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/off en-us/office365/service ice365/servicedescriptions/e descriptions/exchange-on xchange-online-service-descrip line-service-description/exchan tion/exchange ge online-limits#message-limits-1 98.
HOTSPOT You use project codes that have a format of three alphabetical characters that represent the project type, followed by three digits, for example Abc123. You need to create a new sensitive info type for the project codes. How should you configure the regular expression to detect the content? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Correct C orrect Answer: Reference: https://joannecklein.com https://joa nnecklein.com/2018/08/0 /2018/08/07/build-and-u 7/build-and-use-custom-sen se-custom-sensitive-information sitive-information-types-in-off -types-in-office-365 ice-365 / 5. HOTSPOT You have a Microsoft SharePoint Online site named Site1 and a sensitivity label named Sensitivity1. Sensitivity1 adds a watermark and a header to content. You create a policy to automatically apply Sensitivity1 to emails in Microsoft Exchange Online and Site1. How will Sensitivity1 Sensitiv ity1 mark matching emails and Site1 documents? To To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Hot Area:
Correct C orrect
Answer: Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
99.
HOTSPOT ✑
You need to implement an information compliance policy to meet the following requirements: Documents that contain passport numbers from the United States, Germany, Australia, and Japan must be identified automatically. When a user attempts to send an email or an attachment that contains a passport number, the user
✑
must receive a tooltip in Microsoft Outlook.
Users must be blocked from using Microsoft SharePoint Online or OneDrive for Business to share a ✑ document that contains a passport number. number . What is the minimum number of sensitivity labels and auto-labeling policies you should create? To answer, select the appropriate options in the answer answer area. NOTE: Each correct selection is worth one point. point. Hot Area:
Correct Answer: Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/get-started ce/get-started-with-sensitivity-lab -with-sensitivity-labels?view=o36 els?view=o365-worl 5-worl d wide 100
HOTSPOT -
You Y ou have a Microsoft 365 E5 tenant. You create sensitivity labels as shown in the Sensitivity Labels exhibit. The Confidential/External Confidential/External sensitivity label is configured to encrypt files and emails when applied to content. The sensitivity labels are published as shown in the Published exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area:
Correct C orrect Answer: Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/sensitivity-lab ce/sensitivity-labels?view=o36 els?view=o365-worldwid 5-worldwid 101
You are implementing a data classification solution.
The T he research department at your company requires that documents containing programming code be labeled as Confidential. The department provides samples of the code from its document library. The solution must minimize administrative effort. What should you do? A. Create a custom classifier A. classifier..
•
B. Create a sensitive info type that uses Exact Data Match (EDM).
•
C. Use the source code classifier.
•
D. Create a sensitive info type that uses a regular expression.
•
Correct Answer: C Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/classifier-learn ce/classifier-learn-about?view=o -about?view=o365-worldwid 365-worldwid e102.
You have a new Microsoft 365 tenant. You need to ensure that custom trainable classifiers can be created in the tenant. To which role should you be assigned to perform the configuration?
•
A. Secur Security ity administrator administrator B. Security operator
•
C. Global administrator
•
D. Compliance administrator
•
Correct Answer: D Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/classifier-get ce/classifier-get-started-with?vie -started-with?view=o365-worldwid w=o365-worldwid e 103.
You need to automatically apply a sensitivity label to documents that contain information about your company's network including computer names, IP addresses, and configuration information. Which two objects should you use? Each correct answer presents part of the solution. (Choose two.) NOTE: Each correct selection is worth one point. A. an Information A. Information protection protection auto-labe auto-labeling ling policy policy
•
B. a custom trainable classifier
•
C. a sensitive info type that uses a regular expression
•
D. a data loss prevention (DLP) policy
•
E. a sensitive info type that uses keywords
•
F. a sensitivity label that has auto-labeling
•
Correct Answer: AB Reference:
https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/classifier-learn ce/classifier-learn-about?view=o -about?view=o365-worldwide 365-worldwide
https://docs.microsoft.com/ h ttps://docs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/apply-sens ce/apply-sensitivity-label-autom itivity-label-automatically?view=o3 atically?view=o365-w 65-w o rldwide 104.
You are creating a custom trainable classifier to identify organizational product codes referenced in Microsoft 365 content. You identify 300 files to use as seed content. Where should you store the seed content? A. a Microsoft A. Microsoft SharePoint SharePoint Online Online folder
•
B. a Microsoft OneDrive for Business folder
•
C. an Azure file share
•
D. Microsoft Exchange Online shared mailbox
•
Correct Answer: A Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/classifier-get ce/classifier-get-started-with?vie -started-with?view=o365-worldwid w=o365-worldwid e 105.
Each product group at your company must show a distinct product logo in encrypted emails instead of the standard Microsoft Office 365 logo. What should you do to create the branding templates? A. Create a Transport A. Transport rule. rule.
•
B. Create an RMS template.
•
C. Run the Set-IRMConfiguration cmdlet.
•
D. Run the New-OMEConfiguration cmdlet.
•
Correct Answer: D Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/add-your-o ce/add-your-organization-bra rganization-brand-to-encrypt nd-to-encrypted-messa ed-messa g es?view=o3 es?view=o365-worldwide 65-worldwide 106.
You create a custom sensitive info type that uses Exact Data Match (EDM). You plan to periodically update and upload the data used for EDM. What is the maximum frequency with which the data can be uploaded? A. twice per week A.
•
B. twice per day
•
C. once every six hours
•
D. once every 48 hours
•
E. twice per hour
•
Correct C orrect Answer: A 107.
HOTSPOT You are implementing Microsoft Office 365 Message Encryption (OME) for a Microsoft 365 tenant named contoso.com. You need to meet the following requirements: ✑ All email to a domain named fabrikam.com must be encrypted automatically. Encrypted emails must expire seven days after they are sent. What should you configure for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. ✑
Correct Answer: Reference: https://docs.microsoft.com/en-us/microsoft https://docs.microsoft.com/ en-us/microsoft-365/complian -365/compliance/email-encrypt ce/email-encryption?view=o36 ion?view=o365-worldwide 5-worldwide https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/ome-advan ce/ome-advanced-expiration ced-expiration?view=o365 ?view=o365-worldwid -worldwid e
108. 108.
A user re reports ports that that she can no longer access a Microsoft Excel Excel file named Northwind Northwind Customer Customer Data.xlsx. From the Cloud App Security portal, you discover the alert shown in the exhibit.
You restore the file from quarantine. You need to prevent files that match the policy from being quarantined. Files that match the policy must generate an alert. What should you do? A. Modify the policy template. A.
•
B. Assign the Global reader role to the file owners.
•
C. Exclude file matching by using a regular expression.
•
D. Update the governance action.
•
Correct Answer: D Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/cloud-a en-us/cloud-app-security/da pp-security/data-protection ta-protection-policies#create -policies#create-a-new-file-polic -a-new-file-polic y 109. HOTSPOT You create a sensitivity label as shown in the Sensitivity Label exhibit. You create an auto-labeling policy as shown in the Auto Labeling Policy exhibit.
A user sends sends the following email: From:
[email protected] To:
[email protected] Subject: Address List Message Body: Here are the lists that you requested. Attachments: Attachments: Both attachments contain lists of IP addresses. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point. Hot Area: Correct Answer: Reference: https://docs.microsoft.com/en-us/microsoft https://docs.microsoft.com/ en-us/microsoft-365/complian -365/compliance/apply-sens ce/apply-sensitivity-label-autom itivity-label-automatically?view=o3 atically?view=o365-w 65-w o rldwide 110.
You receive an email that contains a list of words that will be used for a sensitive information type.
You need to create a file that can be used as the source of a keyword dictionary. In which format
should s hould you save the list? A. a JSON file that has an element A. element for each word word
•
B. an ACCDB database file that contains a table named Dictionary
•
C. an XML file that contains a keyword tag for each word
•
D. a CSV file that contains words separated by commas
•
Correct Answer: D 111
You have a Microsoft 365 E5 tenant that uses a domain named contoso.com. A user named named User1 User1 sends link-base link-based, d, branded branded emails that that are encrypted encrypted by using Microsoft Office 365 Advanced Message Encryption to the recipients shown in the following table. For which recipients can User1 revoke the emails? A. Recipient4 A. Recipient4 only
•
B. Recipient1 only
•
C. Recipient1, Recipient2, Recipient3, and Recipient4
•
D. Recipient3 and Recipient4 only
•
E. Recipient1 and Recipient2 only
•
Correct Answer: A Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/revoke-ome ce/revoke-ome-encrypted-mail? -encrypted-mail?view=o365-world view=o365-worldwid wid e 112
You need to test Microsoft Office 365 Message Encryption (OME) capabilities for your company. The test must verify the following information: The acquired default template names The encryption and decryption verification status Which PowerShell cmdlet should you run? ✑
A. Test-Clie A. Test-ClientAccess ntAccessRule Rule
•
B. Test-Mailflow
•
C. Test-OAuthConnectivi Test-OAuthConnectivity ty
•
D. Test-IRMConfigurati Test-IRMConfiguration on
•
Correct Answer: D Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/set-up-new ce/set-up-new-message-encryp -message-encryption-capabilitie tion-capabilities?view s?view = o365-worldwid o365-worldwide e
113. 113.
You have a Microsoft 365 tenant that uses trainable classifiers. You are creating a custom trainable classifier. You collect 300 sample file types from various geographical locations to use as seed content. Some of the file samples are encrypted. You organize the files into categories as shown in the following table. Which file categories can be used as seed content? A. Category2, A. Category2, Category3, Category3, and and Category5 Category5 only only
•
B. Category1 and Category3 only
•
C. Category4 and Category6 only
•
D. Category4 and Category5 only
•
Correct Answer: C Reference: https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/microsoft en-us/microsoft-365/complian -365/compliance/classifier-get ce/classifier-get-started-with?vie -started-with?view=o365-worldwid w=o365-worldwide e https://docs.microsoft.com/ https://do cs.microsoft.com/en-us/sharep en-us/sharepoint/technica oint/technical-reference/de l-reference/default-crawled-file fault-crawled-file-name-extensio -name-extensions-and-par ns-and-par s ed-file-types
