Microsoft 365 Security Administration v1.0
Question 1
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Active Directory domain named contoso.com.
You install and run Azure AD Connect on a server named Server1 that runs Windows Server.
You need to view Azure AD Connect events.
You use the System event log on Server1.
Does that meet the goal?
- A. Yes
- B. No
Answer : B
References:
https://support.pingidentity.com/s/article/PingOne-How-to-troubleshoot-an-AD-Connect-Instance
Question 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an on-premises Active Directory domain named contoso.com.
You install and run Azure AD Connect on a server named Server1 that runs Windows Server.
You need to view Azure AD Connect events.
You use the Application event log on Server1.
Does that meet the goal?
- A. Yes
- B. No
Answer : A
References:
https://support.pingidentity.com/s/article/PingOne-How-to-troubleshoot-an-AD-Connect-Instance
Question 3
You have a Microsoft 365 E5 subscription.
Some users are required to use an authenticator app to access Microsoft SharePoint Online.
You need to view which users have used an authenticator app to access SharePoint Online. The solution must minimize costs.
What should you do?
- A. From the Security & Compliance admin center, download a report.
- B. From Azure Log Analytics, query the logs.
- C. From the Security & Compliance admin center, perform an audit log search.
- D. From the Enterprise applications blade of the Azure Active Directory admin center, view the sign-ins.
Answer : D
Explanation:
The user sign-ins report provides information on the sign-in pattern of a user, the number of users that have signed in over a week, and the status of these sign- ins.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. From the Enterprise applications blade of the Azure Active Directory admin center, view the sign-ins.
2. From the Azure Active Directory admin center, view the sign-ins.
Other incorrect answer options you may see on the exam include the following:
1. From the Enterprise applications blade of the Azure Active Directory admin center, view the audit logs.
2. From the Azure Active Directory admin center, view the audit logs.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
Question 4
HOTSPOT -
You have a Microsoft 365 subscription that contains the users shown in the following table.
You implement Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
From PIM, you review the Application Administrator role and discover the users shown in the following table.
The Application Administrator role is configured to use the following settings in PIM:
✑ Maximum activation duration: 1 hour
✑ Notifications: Disable
✑ Incident/Request ticket: Disable
✑ Multi-Factor Authentication: Disable
✑ Require approval: Enable
✑ Selected approver: No results
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Question 5
You have a Microsoft 365 E5 subscription.
Some users are required to use an authenticator app to access Microsoft SharePoint Online.
You need to view which users have used an authenticator app to access SharePoint Online. The solution must minimize costs.
What should you do?
- A. From the Azure Active Directory admin center, view the sign-ins.
- B. From the Security & Compliance admin center, download a report.
- C. From the Enterprise applications blade of the Azure Active Directory admin center, view the audit logs.
- D. From the Azure Active Directory admin center, view the authentication methods.
Answer : A
Explanation:
The user sign-ins report provides information on the sign-in pattern of a user, the number of users that have signed in over a week, and the status of these sign- ins.
Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. From the Enterprise applications blade of the Azure Active Directory admin center, view the sign-ins.
2. From the Azure Active Directory admin center, view the sign-ins.
Other incorrect answer options you may see on the exam include the following:
1. From Azure Log Analytics, query the logs.
2. From the Security & Compliance admin center, perform an audit log search.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
Question 6
HOTSPOT -
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
✑ Administrators must be notified when the Security administrator role is activated.
✑ Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer : 
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-configure-security-alerts?tabs=new https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings?tabs=new
Question 7
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesnג€™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: [email protected]
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab instance: 11032396 -
You need to ensure that a user named Lee Gu can manage all the settings for Exchange Online. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft Office 365 admin center.
Answer : See explanation below.
Explanation:
1. In the Exchange Administration Center (EAC), navigate to Permissions > Admin Roles.
2. Select the group: Organization Management and then click on Edit.
3. In the Members section, click on Add.
4. Select the users, USGs, or other role groups you want to add to the role group, click on Add, and then click on OK.
5. Click on Save to save the changes to the role group.
Reference:
https://help.bittitan.com/hc/en-us/articles/115008104507-How-do-I-assign-the-elevated-admin-role-Organization-Management-to-the-account-that-is-performing-a-
Public-Folder-migration-
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
Question 8
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesnג€™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: [email protected]
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab instance: 11032396 -
You need to ensure that each user can join up to five devices to Azure Active Directory (Azure AD).
To complete this task, sign in to the Microsoft Office 365 admin center.
Answer : See explanation below.
Explanation:
1. After signing into the Microsoft 365 admin center, click Admin centers > Azure Active Directory > Devices.
2. Navigate to Device Settings.
3. Set the Users may join devices to Azure AD setting to All.
4. Set the Additional local administrators on Azure AD joined devices setting to None.
5. Set the Users may register their devices with Azure AD setting to All.
6. Leave the Require Multi-Factor Auth to join devices setting on it default setting.
7. Set the Maximum number of devices setting to 5.
8. Set the Users may sync settings and app data across devices setting to All.
9. Click the Save button at the top left of the screen.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal https://docs.microsoft.com/en-us/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365?view=o365-worldwide
Question 9
SIMULATION -
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesnג€™t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab.
But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password -
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: [email protected]
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab instance: 11032396 -
You need to ensure that group owners renew their Office 365 groups every 180 days.
To complete this task, sign in to the Microsoft Office 365 admin center.
Answer : See explanation below.
Explanation:
Set group expiration -
1. Open the Azure AD admin center with an account that is a global administrator in your Azure AD organization.
2. Select Groups, then select Expiration to open the expiration settings.
3. On the Expiration page, you can:
✑ Set the group lifetime in days. You could select one of the preset values, or a custom value (should be 31 days or more).
✑ Specify an email address where the renewal and expiration notifications should be sent when a group has no owner.
✑ Select which Office 365 groups expire. You can set expiration for:
✑ All Office 365 groups
✑ A list of Selected Office 365 groups
✑ None to restrict expiration for all groups
Save your settings when you're done by selecting Save.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-lifecycle
Question 10
SIMULATION -
You need to ensure that unmanaged mobile devices are quarantined when the devices attempt to connect to Exchange Online.
To complete this task, sign in to the Microsoft 365 portal.
Answer : See explanation below.
Explanation:
You need to configure the Exchange ActiveSync Access Settings.
1. Go to the Exchange admin center.
2. Click on Mobile in the left navigation pane.
3. On the Mobile Device Access page, click the Edit button in the Exchange ActiveSync Access Settings area.
4. Select the Quarantine option under When a mobile device that isn't managed by a rule or personal exemption connects to Exchange.
5. Optionally, you can configure notifications to be sent to administrators and a message to be sent to the mobile device user when a device is quarantined.
6. Click Save to save the changes.
Question 11
SIMULATION -
You need to ensure that all users must change their password every 100 days.
To complete this task, sign in to the Microsoft 365 portal.
Answer : See explanation below.
Explanation:
You need to configure the Password Expiration Policy.
1. Sign in to the Microsoft 365 Admin Center.
2. In the left navigation pane, expand the Settings section then select the Settings option.
3. Click on Security and Privacy.
4. Select the Password Expiration Policy.
5. Ensure that the checkbox labelled Set user passwords to expire after a number of days is ticked.
6. Enter 100 in the Days before passwords expire field.
7. Click Save changes to save the changes.
Question 12
SIMULATION -
You need to ensure that a user named Grady Archie can monitor the service health of your Microsoft 365 tenant. The solution must use the principle of least privilege.
To complete this task, sign in to the Microsoft 365 portal.
Answer : See explanation below.
Explanation:
You need to assign the Service Administrator role to Grady Archie.
1. In the Microsoft 365 Admin Center, type Grady Archie into the Search for users, groups, settings or tasks search box.
2. Select the Grady Archie user account from the search results.
3. In the Roles section of the user account properties, click the Edit link.
4. Select the Customized Administrator option. This will display a list of admin roles.
5. Select the Service admin role.
6. Click Save to save the changes.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/view-service-health
Question 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You have a user named User1. Several users have full access to the mailbox of User1.
Some email messages sent to User1 appear to have been read and deleted before the user viewed them.
When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank.
You need to ensure that you can view future sign-ins to the mailbox of User1.
You run the Set-AdminAuditLogConfig -AdminAuditLogEnabled $true
-AdminAuditLogCmdlets *Mailbox* command.
Does that meet the goal?
- A. Yes
- B. No
Answer : B
Reference:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-audit/set-adminauditlogconfig?view=exchange-ps
Question 14
You have a Microsoft 365 subscription that contains a user named User1.
You plan to use Compliance Manager.
You need to ensure that User1 can assign Compliance Manager roles to users. The solution must use the principle of least privilege.
Which role should you assign to User1?
- A. Compliance Manager Assessor
- B. Global Administrator
- C. Portal Admin
- D. Compliance Manager Administrator
Answer : B
Explanation:
The Global Admin can manage role assignments in Compliance Manager.
Incorrect Answers:
C: Portal Admin is for the now deprecated classic portal.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/working-with-compliance-manager?view=o365-worldwide
Question 15
You have a Microsoft 365 subscription linked to an Azure Active Directory (Azure AD) tenant that contains a user named User1.
You have a Data Subject Request (DSR) case named Case1.
You need to allow User1 to export the results of Case1. The solution must use the principle of least privilege.
Which role should you assign to User1 for Case1?
- A. eDiscovery Manager
- B. Security Operator
- C. eDiscovery Administrator
- D. Global Reader
Answer : A
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-gdpr-data-subject-requests-with-the-dsr-case-tool?view=o365-worldwide#step-1-assign- ediscovery-permissions-to-potential-case-members