Microsoft 365 Security Administration v1.0

HOTSPOT -
You have a Microsoft 365 subscription that contains the users shown in the following table.

You create and enforce an Azure Active Directory (Azure AD) Identity Protection user risk policy that has the following settings:
✑ Assignments: Include Group1, Exclude Group2
✑ User-risk: User risk level of Medium and above
✑ Access: Allow access, Require password change
The users attempt to sign in. The risk level for each user is shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription.
You need to allow a user named User1 to view ATP reports from the Threat management dashboard.
Which role provides User1 with the required role permissions?

HOTSPOT -
Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD) as shown in the following exhibit.

The synchronization schedule is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that answers each question based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Hot Area:

HOTSPOT -
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to identify which users can perform the following actions:
✑ Configure a user risk policy.
✑ View the risky users report.
Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You add internal as a blocked word in the group naming policy for contoso.com.
You add Contoso- as prefix in the group naming policy for contoso.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

DRAG DROP -
You have a Microsoft 365 tenant.
User attributes are synced from your company's human resources (HR) system to Azure Active Directory (Azure AD).
The company has four departments that each has its own Microsoft SharePoint Online site. Each site must be accessed only by the users from its respective department.
You are designing an access management solution that has the following requirements:
✑ Users must be added automatically to the security group of their department.
✑ All security group owners must verify once quarterly that only the users in their department belong to their group.
Which components should you recommend to meet the requirements? To answer, drag the appropriate components to the correct requirements. Each component may only be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Select and Place:

HOTSPOT -
You have a Microsoft 365 E5 subscription that uses Microsoft Endpoint Manager.
The Compliance policy settings are configured as shown in the following exhibit.

On February 25, 2020, you create the device compliance policies shown in the following table.

On March 1. 2020, users enroll Windows 10 devices in Microsoft Endpoint Manager as shown in the following table

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

You have a Microsoft 365 tenant.
From the Azure Active Directory admin center, you review the Risky sign-ins report as shown in the following exhibit.

You need to ensure that you can see additional details including the risk level and the risk detection type.
What should you do?

You have a Microsoft 365 E5 subscription.
You plan to create a conditional access policy named Policy1.
You need to be able to use the sign-in risk level condition in Policy1.
What should you do first?

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

You assign an enterprise application named App1 to Group1 and User2.
You configure an Azure AD access review of App1. The review has the following settings:
✑ Review name: Review1
✑ Start date: 01`"15`"2020
✑ Frequency: One time
✑ End date: 02`"14`"2020
✑ Users to review: Assigned to an application
✑ Scope: Everyone
✑ Applications: App1
✑ Reviewers: Members (self)
✑ Auto apply results to resource: Enable
✑ Should reviewer not respond: Take recommendations
On February 15, 2020, you review the access review report and see the entries shown in the following table:

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4.
Solution: You enable SSPR for Group3.
Does that meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4.
Solution: You enable SSPR for Group2.
Does that meet the goal?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.

You need to ensure that User1, User2, and User3 can use self-service password reset (SSPR). The solution must not affect User4.
Solution: You enable SSPR for Group1.
Does that meet the goal?

You have a Microsoft 365 subscription that contains the users shown in the following table.

You enable self-service password reset for Group1 and configure security questions as the only authentication method for self-service password reset.
You need to identity which user must answer security questions to reset their password.
Which user should you identify?