You have a Microsoft 365 E5 subscription that contains the security groups shown in the following table.
The subscription contains the users shown in the following table.
You have a Conditional Access policy that has the following settings:
• Assignments
o Users
■ Include: Group1
■ Exclude: Group2. Group3
o Target resources
■ Cloud apps
■ App1
■ Access controls
■ Grant
■ Block access
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
: 235
You have a Microsoft 365 tenant that is signed up for Microsoft Store for Business and contains a user named User1. You need to ensure that User1 can perform the following tasks in Microsoft Store for Business:
• Assign licenses to users.
• Procure apps from Microsoft Store.
• Manage private store availability for all items.
The solution must use the principle of least privilege.
Which Microsoft Store for Business role should you assign to User1?
You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
You plan to create 10 new users and configure group-based licensing to assign each user a Microsoft 365 E5 license.
To which group should you add the users, and which portal should you use to assign the license? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to configure Microsoft Entra Connect Sync to support the planned changes for the Montreal Users and Seattle Users OUs.
What should you do?
You have a Microsoft 365 subscription that includes Microsoft Intune and Microsoft Defender XDR.
All users have devices that run Windows 11.
From the Microsoft Defender portal, you review the Microsoft Secure Score recommendations. One of the top recommendations is to block all Microsoft Office applications from creating child processes.
You need to increase the secure score by addressing the recommendation.
What should you do?
: 221
You have a Microsoft 365 E5 subscription.
Users have the devices shown in the following table.
On which devices can you manage apps by using app configuration policies in Microsoft Endpoint Manager?
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
A Built-in protection preset security policy is applied to the subscription.
Which two policy types will be applied by the Built-in protection policy? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains the groups shown in the following exhibit.
To which groups can you assign Microsoft 365 E5 licenses?
You have a Microsoft 365 subscription.
You have the devices shown in the following table.
You plan to join the devices to Azure Active Directory (Azure AD)
What should you do on each device to support Azure AU join? To answer, drag the appropriate actions to the collect devices, Each action may be used once, more than once, of not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
The domain syncs to a Microsoft Entra tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)
User2 fails to authenticate to the Microsoft Entra tenant when signing in as usef2@fabfikam.com
You need to ensure that User2 can access the resources in Microsoft Entra ID.
Solution: From the Microsoft Entra admin center, you add < abrlkam.com as a custom domain You insttud User2 to sign in as user2@fabrikam.com
Does this meet the goal?
: 223
Your company has digitally signed applications.
You need to ensure that Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) considers the digitally signed applications safe and never analyzes them.
What should you create in the Microsoft Defender Security Center?
Your network contains an Active Directory forest named Contoso. Local.
You have a Microsoft 365 subscription.
You plan to implement a directory synchronization solution that will use password hash synchronization.
From the Microsoft 365 admin center, you successfully verify the contoso.com domain name.
You need to prepare the environment for the planned directory synchronization solution.
What should you do first?
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You plan to provide User4 with early access to Microsoft 365 feature and service updates.
You need to identify which Microsoft 365 setting must be configured, and which user can modify the setting. The solution must use the principle of least privilege.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 tenant that contains devices registered for mobile device management. The devices are configured as shown in the following table.
You plan to enable VPN access for the devices.
What is the minimum number of configuration policies required?
