Topic 5, Misc. Questions
You have a Microsoft 365 E5 subscription that contains the following user:
Name: User1
UPN: user1@contoso.com
Email address: user1@marketmg.contoso.com
MFA enrollment status: Disabled
When User1 attempts to sign in to Outlook on the web by using the user1@marketing.contoso.com email address, the user cannot sign in.
You need to ensure that User1 can sign in to Outlook on the web by using user1@marketing.contoso.com.
What should you do?
A.
Assign an MFA registration policy to User1.
B.
Reset the password of User1.
C.
Add an alternate email address for User1.
D.
Modify the UPN of User1.
Modify the UPN of User1.
Microsoft’s recommended best practices are to match UPN to primary SMTP address. This article addresses the small percentage of customers that cannot remediate UPN’s to match.
Note: A UPN is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than a distinguished name and easier to remember. By convention, this should map to the user's email name. The point of the UPN is toconsolidate the email and logon namespaces so that the user only needs to remember a single name.
Configure the Azure AD multifactor authentication registration policy Azure Active Directory (Azure AD) Identity Protection helps you manage the roll-out of Azure AD multifactor authentication (MFA) registration by configuring a Conditional Access policy to require MFA registration no matter what modern authentication app you're signing in to.
Reference:
https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1.
You need to enable User1 to create Compliance Manager assessments.
Solution: From the Microsoft 365 compliance center, you add User1 to the Compliance Manager Assessors role group.
Does this meet the goal?
A.
Yes
B.
No
Yes
You have a Microsoft 365 subscription.
You suspect that several Microsoft Office 365 applications or services were recently updated.
You need to identify which applications or services were recently updated.
What are two possible ways to achieve the goal? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A.
From the Microsoft 365 admin center review the Service health blade
B.
From the Microsoft 365 admin center, review the Message center blade.
C.
From the Microsoft 365 admin center review the Products blade.
D.
From the Microsoft 365 Admin mobile agg, review the messages.
From the Microsoft 365 admin center, review the Message center blade.
From the Microsoft 365 Admin mobile agg, review the messages.
You have a Microsoft 365 subscription.
Your company has a customer ID associated to each customer. The customer IDs contain 10 numbers followed by 10 characters. The following is a sample customer ID: 12-456-7890-abc-defghij.
You plan to create a data loss prevention (DLP) policy that will detect messages containing customer IDs.
D18912E1457D5D1DDCBD40AB3BF70D5D
What should you create to ensure that the DLP policy can detect the customer IDs?
A.
a sensitive information type
B.
a sensitivity label
C.
a supervision policy
D.
a retention label
a sensitive information type
You have a Microsoft 365 E5 tenant that contains 100 Windows 10 devices.
You plan to attack surface reduction (ASR) rules for the Windows 10 devices.
You configure the ASR rules in audit mode and collect audit data in a Log Analytics workspace.
You need to find the ASR rules that match the activities on the devices.
How should you complete the Kusto query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.
Your company has digitally signed applications.
You need to ensure that Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) considers the digitally signed applications safe and never analyzes them.
What should you create in the Microsoft Defender Security Center?
A.
a custom detection rule
B.
an allowed/blocked list rule
C.
an alert suppression rule
D.
an indicator
an indicator
You have a Microsoft 365 E5 subscription that contains a user named User1.
User1 exceeds the default daily limit of allowed email messages and is on the Restricted entities list.
You need to remove User1 from the Restricted entities list.
What should you use?
A.
the Exchange admin center
B.
the Microsoft Purview compliance portal
C.
the Microsoft 365 admin center
D.
the Microsoft 365 Defender portal
E.
the Microsoft Entra admin center
the Microsoft 365 Defender portal
Explanation:
Admins can remove user accounts from the Restricted entities page in the Microsoft 365 Defender portal or in Exchange Online PowerShell.
Remove a user from the Restricted entities page in the Microsoft 365 Defender portal In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & collaboration > Review > Restricted entities. Or, to go directly to the Restricted entities page, use https://security.microsoft.com/restrictedentities.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/removing-userfrom-restricted-users-portal-after-spam
You have a Microsoft 365 E5 subscription that.
You need to identify whenever a sensitivity label is applied, changed, or removed within the subscription.
Which feature should you use, and how many days will the data be retained? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
You have a Microsoft 365 E3 subscription that uses Microsoft Defender for Endpoint Plan 1.
Which two Defender for Endpoint features are available to the subscription? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A.
advanced hunting
B.
security reports
C.
digital certificate assessment
D.
device discovery
E.
attack surface reduction (ASR)
security reports
Explanation:
B: Overview of Microsoft Defender for Endpoint Plan 1, Reporting
The Microsoft 365 Defender portal (https://security.microsoft.com) provides easy access to information about detected threats and actions to address those threats.
The Home page includes cards to show at a glance which users or devices are at risk, how many threats were detected, and what alerts/incidents were created.
The Incidents & alerts section lists any incidents that were created as a result of triggered alerts. Alerts and incidents are generated as threats are detected across devices.
The Action center lists remediation actions that were taken. For example, if a file is sent to quarantine, or a URL is blocked, each action is listed in the Action center on the History tab.
The Reports section includes reports that show threats detected and their status.
E: What can you expect from Microsoft Defender for Endpoint P1?
Microsoft Defender for Endpoint P1 is focused on prevention/EPP including:
Next-generation antimalware that is cloud-based with built-in AI that helps to stop ransomware, known and unknown malware, and other threats in their tracks.
(E) Attack surface reduction capabilities that harden the device, prevent zero days, and offer granular control over access and behaviors on the endpoint. Device based conditional access that offers an additional layer of data protection and breach prevention and enables a Zero Trust approach.
The below table offers a comparison of capabilities are offered in Plan 1 versus Plan 2.
Incorrect:
Not A: P2 is by far the best fit for enterprises that need an EDR solution including automated investigation and remediation tools, advanced threat prevention and threat and vulnerability management (TVM), and hunting capabilities.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defenderendpoint-plan-1
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoftdefender-for-endpoint-plan-1-now-included-in-m365-e3/ba-p/3060639
| Page 11 out of 31 Pages |
| Previous |
Copyright © - All Rights Reserved