1. Your company has an Azure Active Directory (Azure AD) tenant All users use Windows 10 devices. You plan to create a conditional access policy named Polk)/ and exclude devices marked as Compliant. You need to ensure that the compliant devices are excluded from Policy’. What should you do first? Answer: Join the devices to Azure AD
2. Your company has an Azure Active Directory (Azure AD) tenant that contains four users named Usert. User2. User3. and Userd. The users access a cloud app named Appl from the following devices: Answer: User1 only
3. You have a Windows device named Devicel that is joined to Azure Active Directory (Azure AD) and managed by using Endpoint Manager. On October 1. you create the following compliance policies and apply them to Device’:
Policyl: Mark devices as NonCompliant after three days. Policy2: Mark devices as NonCompliant after five days.
Devicel meets the requirements of Policyl. Devicel does NOT meet the requirements of Policy2. What will be the compliance status of Devicel on October 4? Answer: NonCompliant
4. Your company plans to implement Microsoft Intune. Intune is a mobile device management (MDM) provider. Select Yes if the statement is true. Otherwise. select No. Answer: Yes
5. Your company has a Microsoft 365 infrastructure and an on-premises deployment of Microsoft Endpoint Configuration Manager. You have the following devices:
• Device 1: Windows 8.1 • Device2: Windows 10 • Device3: Android
Which device can be co-managed? Answer: Windows 10
6. Your company plans to implement Windows Autopilot Microsoft Endpoint Configuration Manager is required for Windows Autopilot. Select Yes if the statement is true. Otherwise. select No. Answer: Yes
7. Your company plans to implement Windows Autopilot You can use Windows Autopilot to deploy only devices that have internet connectivity. Select Yes if the statement is true. Otherwise. select No. Answer: Yes
8. Your company has an Azure Active Directory (Azure AD) tenant. You plan to grant guest users access to the following resources:
• An Azure file share named sharel • An enterprise application named Appl • A Microsoft SharePoint Online site named Sitel • A Microsoft Exchange Online mailbox named Mailbox)
You plan to use an access package to provide the required access.
To which resources can you provide access by using an access package? Answer: App1 and Site1 only
9. You plan to create a guest user account named Guest’ in an Azure Active Directory (Azure AD) tenant You need to ensure that Guest’ accepts your company’s Terms of use before the user can access company resources. What should you create? Answer: a conditional access policy
10. Your company plans to deploy connectors to a Microsoft 365 Infrastructure. To ensure that email can be delivered from Microsoft 365 to the Internet. you must create a connector in Microsoft Exchange Online. Select Yes if the statement is true. Otherwise lect No. Answer: No
11. Your company plans to deploy connectors to a Microsoft 365 infrastructure.
A Microsoft Exchange Online connector is required to deliver email messages from Exchange Online to an on.premises Exchange Server in a hybrid configuration.
Select Yes if the statement is true. Otherwise, select No. Answer: Yes
12. Your company has a Microsoft 365 infrastructure and an on-premises third-party email server. From the Security & Compliance admin center, you plan to configure an Enhanced Filtering threat management policy. What should you do before you configure the policy? Answer: Add a Microsoft Exchange Online connector
13. Your company has a Microsoft 365 E5 subscription and uses Microsoft Defender for Identity. You are preparing a report on threats in your infrastructure. You plan to include exposure of devices in the infrastructure in the report. From which portal should you view the Exposure score? Answer: Microsoft Defender Security Center
14. Your company has several computers enrolled in Microsoft Defender for Endpoint (MSDE). An administrator creates a Kusto Query Language (KQL) query that retrieves a list of computers that have specific vulnerabilities. You need to view which computers have the vulnerabilities. What should you use to run the query? Answer: advanced hunting
15. Your company has a Microsoft 365 infrastructure. You need to turn on Microsoft Defender for Office 365 for Microsoft SharePoint Online. OneDrive. and Microsoft Teams. Which type of Microsoft Defender for Office 365 policy should you configure? Answer: Safe attachments
16. To deploy Microsoft 365 Apps by using Microsoft Endpoint Manager. the apps must first be uploaded to Microsoft Endpoint Manager.
Select Yes if the statement is true. Otherwise. select No. Answer: No
17. You have an Azure Active Directory (Azure AD) tenant that contains a user named Userl. You sign up for Microsoft Store for Business. You need to ensure that Userl can add apps to the private store. The solution must use the principle of least privilege. Which role you should assign to User’? Answer: Purchaser
18. Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contosocom. You sign up for Microsoft Store for Business. The tenant conuins the users shown in the folk/Mac ubk.
Name Microsoft Store for Business role Azure AD role Used I Purchaser None User2 Basic Purchaser None User3 None Application administrator Lser4 None Cloud application administrator Used None None
Microsoft Store for Business has the following Shopping behavior settings: Anser: User1 and User2 only
19. Microsoft 365 Apps can be preactivated when included in a Windows 10 image.
Select Yes if the statement is true. Otherwise, select No. Answer: No
20. You create an auto-labeling policy that has the following settings:
• location: Exchange • Rule for Exchange email: Apply label to sensitive information • Label: La bell
From Microsoft Exchange Online. a user sends an email message that includes a Microsoft Word attachment. The attachment contains sensitive corporate information. The body of the email is blank.
How will Exchange Online apply Labell to the message? Answer: Labell is applied to the attachment and the message
21. You have a Microsoft SharePoint Online site that contains the following files:
• File3.txt • File1.doc • File4.png • File2.docx
To which files can you apply sensitivity labels by using auto labeling? Answer: File2.docx only
22. Your company plans to implement sensitivity labels. Sensitivity labels can be used to encrypt files and email. Select Yes if the statement is true. Otherwise. select No. Answer: Yes
23. Your company has a Microsoft 365 infrastructure that contains a user named Admint. Admint is a global administrator. You need to ensure that Admint can create insider risk management policies. What should you do? Answer: from the Security admin center. add Admin1 to another role group
24. Your company has a Microsoft 365 infrastructure. You need to create an insider risk management policy for the company. What should you use? Answer: Compliance admin center
25. Your company uses insider risk alerts in Microsoft 365. You are viewing several insider risk alerts in the Alert dashboard. You plan to address the alerts in a few days. For how many days will the alerts be visible in the dashboard? Answer: 30
