Microsoft 365 Identity and Services v1.0

Page:    1 / 18   
Exam contains 265 questions

HOTSPOT -
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You have three applications App1, App2, App3. The Apps use files that have the same file extensions.
Your company uses Windows Information Protection (WIP). WIP has the following configurations:
-> Windows Information Protection mode: Silent
-> Protected apps: App1
-> Exempt apps: App2
From App1, you create a file named File1.
What is the effect of the configurations? To answer, select the appropriate options in the answer area.
Hot Area:




Answer :

Explanation:
Exempt apps: These apps are exempt from this policy and can access corporate data without restrictions.
Windows Information Protection mode: Silent: WIP runs silently, logging inappropriate data sharing, without stopping anything that would’ve been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.
Reference:
https://docs.microsoft.com/en-us/intune/apps/windows-information-protection-policy-create https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure

Your company has 10 offices.
The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.
You discover that one of the offices has the following:
-> Computers that have several preinstalled applications
-> Computers that use nonstandard computer names
-> Computers that have Windows 10 preinstalled
-> Computers that are in a workgroup
You must configure the computers to meet the following corporate requirements:
-> All the computers must be joined to the domain.
-> All the computers must have computer names that use a prefix of CONTOSO.
-> All the computers must only have approved corporate applications installed.
You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time.

  • A. a provisioning package
  • B. wipe and load refresh
  • C. Windows Autopilot
  • D. an in-place upgrade


Answer : A

Explanation:
By using a provisioning package, IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a device.
Incorrect Answers:
C: With Windows Autopilot the user can set up pre-configured devices without the need consult their IT administrator.
D: Use the In-Place Upgrade option when you want to keep all (or at least most) existing applications.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

You have a Microsoft 365 subscription.
You recently configured a Microsoft SharePoint Online tenant in the subscription.
You plan to create an alert policy.
You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes.
What should you do first?

  • A. Enable Microsoft Office 365 Cloud App Security.
  • B. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).
  • C. Enable Microsoft Office 365 Analytics.


Answer : B

Explanation:
An alert policy consists of a set of rules and conditions that define the user or admin activity that generates an alert, a list of users who trigger the alert if they perform the activity, and a threshold that defines how many times the activity has to occur before an alert is triggered.
In this question, we would use the “Malware detected in file†activity in the alert settings then configure the threshold (5 detections) and the time window (10 minutes).
The ability to configure alert policies based on a threshold or based on unusual activity requires Advanced Threat Protection (ATP).
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies

From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit.


You need to reduce the likelihood that the sign-ins are identified as risky.
What should you do?

  • A. From the Security & Compliance admin center, add the users to the Security Readers role group.
  • B. From the Conditional access blade in the Azure Active Directory admin center, create named locations.
  • C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.
  • D. From the Security & Compliance admin center, create a classification label.


Answer : B

Explanation:
A named location can be configured as a trusted location. Typically, trusted locations are network areas that are controlled by your IT department. In addition to
Conditional Access, trusted named locations are also used by Azure Identity Protection and Azure AD security reports to reduce false positives for risky sign-ins.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

DRAG DROP -
You have a Microsoft 365 subscription.
You have the devices shown in the following table.


You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible.
Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:



Answer :

Explanation:
Box 1:
To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to:
Configure and update System Center Endpoint Protection clients.
Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
Box 2:
For Windows 10 clients, the following deployment tools and methods are supported:

Group Policy -
System Center Configuration Manager
Mobile Device Management (including Microsoft Intune)

Local script -
Box 3:
Windows Server 2016 can be onboarded by using Azure Security Centre. When you add servers in the Security Centre, the Microsoft Monitoring Agent is installed on the servers.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat- protection

HOTSPOT -
You have a Microsoft 365 subscription.
You need to implement Windows Defender Advanced Threat Protection (ATP) for all the supported devices enrolled devices enrolled on mobile device management (MDM).
What should you include in the device configuration profile? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:




Answer :

Explanation:
You can integrate Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) with Microsoft Intune as a Mobile Threat Defense solution.
Integration can help you prevent security breaches and limit the impact of breaches within an organization. Microsoft Defender ATP works with devices that run
Windows 10 or later.
When you establish a connection from Intune to Microsoft Defender ATP, Intune receives a Microsoft Defender ATP onboarding configuration package from
Microsoft Defender ATP. This package is deployed to devices by using a device configuration profile.
Reference:
https://docs.microsoft.com/en-us/intune/advanced-threat-protection

You have a Microsoft 365 tenant.
You have a line-of-business application named App1 that users access by using the My Apps portal.
After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.
You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.
What should you do?

  • A. From Microsoft Cloud App Security, modify the impossible travel alert policy.
  • B. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.
  • C. From the Azure Active Directory admin center, modify the conditional access policy.
  • D. From Microsoft Cloud App Security, create an app discovery policy.


Answer : A

Explanation:
Impossible travel detection identifies two user activities (is a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second.
We need to modify the policy so that it applies to App1 only.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

Your network contains an on-premises Active Directory domain.
Your company has a security policy that prevents additional software from being installed on domain controllers.
You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).
What should you do? More than once choice may achieve the goal. Select the BEST answer.

  • A. Deploy an Azure ATP standalone sensor, and then configure port mirroring.
  • B. Deploy an Azure ATP standalone sensor, and then configure detections.
  • C. Deploy an Azure ATP sensor, and then configure detections.
  • D. Deploy an Azure ATP sensor, and then configure port mirroring.


Answer : C

Explanation:
If you’re installing on a domain controller, you don’t need a standalone ATP sensor. You need to configure the detections to detect application installations. With an ATP sensor (non-standalone), you don’t need to configure port mirroring.
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5 https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning#choosing-the-right-sensor-type-for-your-deployment

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States.
You plan to onboard all the devices to Windows Defender ATP data in Europe.
What should you do first?

  • A. Create a workspace
  • B. Offboard the test devices
  • C. Delete the workspace
  • D. Onboard a new device


Answer : B

Explanation:
When onboarding Windows Defender ATP for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United
Kingdom, or the United States. Once configured, you cannot change the location where your data is stored.
The only way to change the location is to offboard the test devices then onboard them again with the new location.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy#do-i-have-the-flexibility-to-select-where-to-store- my-data

You implement Microsoft Azure Advanced Threat Protection (Azure ATP).
You have an Azure ATP sensor configured as shown in the following exhibit.

Updates -


How long after the Azure ATP cloud service is updated will the sensor update?

  • A. 1 hour
  • B. 7 days
  • C. 48 hours
  • D. 12 hours
  • E. 72 hours


Answer : E

Explanation:
The exhibit shows that the sensor is configure for Delayed update.
Given the rapid speed of ongoing Azure ATP development and release updates, you may decide to define a subset group of your sensors as a delayed update ring, allowing for a gradual sensor update process. Azure ATP enables you to choose how your sensors are updated and set each sensor as a Delayed update candidate.
Sensors not selected for delayed update are updated automatically, each time the Azure ATP service is updated. Sensors set to Delayed update are updated on a delay of 72 hours, following the official release of each service update.
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/sensor-update

Your company has a Microsoft 365 E3 subscription.
All devices run Windows 10 Pro and are joined to Microsoft Azure Active Directory (Azure AD).
You need to change the edition of Windows 10 to Enterprise the next time users sign in to their computer. The solution must minimize downtime for the users.
What should you use?

  • A. Subscription Activation
  • B. Windows Update
  • C. Windows Autopilot
  • D. an in-place upgrade


Answer : C

Explanation:
When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing
Windows 10 installation can be transformed into a “business-ready†state, applying settings and policies, installing apps, and even changing the edition of
Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

HOTSPOT -
You have three devices enrolled in Microsoft Intune as shown in the following table.


The device compliance policies in Intune are configured as shown in the following table.

The device compliance policies have the assignment shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
Device 1:
No because Device1 is in group3 which has Policy1 assigned which requires BitLocker.
Device 2:
No because Device2 is in group3 which has Policy1 assigned which requires BitLocker. Device2 is also in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Device3:
Yes because Device3 is in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Reference:
https://blogs.technet.microsoft.com/cbernier/2017/07/11/windows-10-intune-windows-bitlocker-management-yes/

HOTSPOT -
Your company has a Microsoft 365 tenant.
You plan to allow users from the engineering department to enroll their mobile device in mobile device management (MDM).
The device type restrictions are configured as shown in the following table.


The device limit restrictions are configured as shown in the following table.

What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
When multiple policies are applied to groups that users are a member of, only the highest priority (lowest number) policy applies.
In this case, the Engineering users are assigned two device type policies (the default policy and the priority 2 policy). The priority 2 policy has a higher priority than the default policy so the Engineers’ allowed platform is Android only.
The engineers have two device limit restrictions policies applied them. The priority1 policy is a higher priority than the priority2 policy so the priority1 policy device limit (15) applies.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set

Your network contains an Active Directory domain named contoso.com. The domain contains 1000 Windows 8.1 devices.
You plan to deploy a custom Windows 10 Enterprise image to the Windows 8.1 devices.
You need to recommend a Windows 10 deployment method.
What should you recommend?

  • A. Wipe and load refresh
  • B. Windows Autopilot
  • C. a provisioning package
  • D. an in-place upgrade


Answer : A

Explanation:
To deploy a custom image, you must use the wipe and load refresh method. You cannot deploy a custom image by using an in-place upgrade, Windows Autopilot or a provisioning package.
Reference:
https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios

You use Microsoft System Center Configuration manager (Current Branch) to manage devices.
Your company uses the following types of devices:
-> Windows 10
-> Windows 8.1
-> Android
-> iOS
Which devices can be managed by using co-management?

  • A. Windows 10 and Windows 8.1 only
  • B. Windows 10, Android, and iOS only
  • C. Windows 10 only
  • D. Windows 10, Windows 8.1, Android, and iOS


Answer : C

Explanation:
You can manage only Windows 10 devices by using co-management.
When you concurrently manage Windows 10 devices with both Configuration Manager and Microsoft Intune, this configuration is called co-management. When you manage devices with Configuration Manager and enroll to a third-party MDM service, this configuration is called coexistence.
Reference:
https://docs.microsoft.com/en-us/configmgr/comanage/overview

Page:    1 / 18   
Exam contains 265 questions

Talk to us!


Have any questions or issues ? Please dont hesitate to contact us