MS-101 : Microsoft 365 Mobility and Security : Part 08
-
You have a Microsoft 365 tenant.
You plan to manage incidents in the tenant by using the Microsoft 365 security center.
Which Microsoft service source will appear on the Incidents page of the Microsoft 365 security center?
- Azure Sentinel
- Azure Information Protection
- Azure Security Center
- Microsoft Defender for Identity
-
You have a Microsoft 365 E5 subscription.
All users have Mac computers. All the computers are enrolled in Microsoft Endpoint Manager and onboarded to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
You need to configure Microsoft Defender ATP on the computers.
What should you create from the Endpoint Management admin center?
- a Microsoft Defender ATP baseline profile
- a device configuration profile
- an update policy for iOS
- ]a mobile device management (MDM) security baseline profile
-
Case Study
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.
Contoso recently purchased a Microsoft 365 E5 subscription.
Existing Environment
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.
All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.
The domain also includes a group named Group1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
– Implement Microsoft 365.
– Manage devices by using Endpoint Manager.
– Implement Azure Advanced Threat Protection (ATP).
– Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
– Update computers in the New York office with the spring Semi-Annual Channel feature update.Technical Requirements
Contoso identifies the following technical requirements:
– When a Windows 10 device is joined to Azure AD, the device must enroll to Endpoint Manager automatically.
– Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
– Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
– User1 must be able to enroll all the New York office mobile devices in Endpoint Manager.
– Azure ATP sensors must be installed and must NOT use port mirroring.
– Whenever possible, the principle of least privilege must be used.
– A Microsoft Store for Business must be created.Compliance Requirements
Contoso identifies the following compliance requirements:
– Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Endpoint Manager and configured in accordance with the corporate policy.
– Configure Windows Information Protection (WIP) for the Windows 10 devices.-
On which server should you install the Azure ATP sensor?
- Server1
- Server2
- Server3
- Server4
- Server5
-
-
Case Study
Overview
ADatum Corporation is an international financial services company that has 5,000 employees.
ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy.
All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet.
Existing Environment
Current Infrastructure
ADatum recently purchased a Microsoft 365 subscription.
All user files are migrated to Microsoft 365.
All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements
ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365.
Requirements
Business Goals
ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements
ADatum identifies the following technical requirements:
– Centrally perform log analysis for all offices.
– Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
– Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
– Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
– Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
– If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user’s user account.
– A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
– Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.-
You need to meet the technical requirement for large-volume document retrieval.
What should you create?
- an activity policy from Microsoft Cloud App Security
- a data loss prevention (DLP) policy from the Security & Compliance admin center
- a file policy from Microsoft Cloud App Security
- an alert policy from the Security & Compliance admin center
-
-
HOTSPOT
You have a Microsoft 365 tenant named contoso.com. The tenant contains the users shown in the following table.
You have the eDiscovery cases shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
-
You have a Microsoft 365 subscription.
All users have their email stored in Microsoft Exchange Online.
In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX.
What should you do?
- From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
- From the Security & Compliance admin center, create a label and a label policy.
- From the Security & Compliance admin center, start a message trace.
- From Microsoft Cloud App Security, create an activity policy.
-
You have a Microsoft 365 tenant.
You discover that administrative tasks are unavailable in the Microsoft Office 365 audit logs of the tenant.
You run the Get-AdminAuditLogConfig cmdlet and receive the following output:
You need to ensure that administrative tasks are logged in the Office 365 audit logs.
Which attribute should you modify?
- TestCmdletLoggingEnabled
- UnifiedAuditLogIngestionEnabled
- AdminAuditLogEnabled
-
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a new Microsoft 365 subscription.
You need to prevent users from sending email messages that contain Personally Identifiable Information (PII).
Solution: From the Security & Compliance admin center, you create a data loss prevention (DLP) policy.
Does this meet the goal?
- Yes
- No
Explanation:
In Microsoft 365, you can create a data loss prevention (DLP) policy in two different admin centers:
– In the Security & Compliance admin center (now known as the Microsoft 365 Compliance Center), you can create a single DLP policy to help protect content in SharePoint, OneDrive, Exchange, Teams, and now Endpoint Devices.
– In the Exchange admin center, you can create a DLP policy to help protect content only in Exchange. -
Your company has a Microsoft 365 tenant.
The company sells products online and processes credit card information.
You need to be notified if a file stored in Microsoft SharePoint Online contains credit card information. The file must be removed automatically from its current location until an administrator can review its contents.
What should you use?
- a Security & Compliance data loss prevention (DLP) policy
- a Microsoft Cloud App Security access policy
- a Security & Compliance retention policy
- a Microsoft Cloud App Security file policy
-
HOTSPOT
You configure an anti-phishing policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
-
You need to notify the manager of the human resources department when a user in the department shares a file or folder from the department’s Microsoft SharePoint Online site.
What should you do?
- From the Security & Compliance admin center, create an alert policy.
- From the SharePoint Online site, create an alert.
- From the SharePoint Online admin center, modify the sharing settings.
- From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
-
HOTSPOT
You have a Microsoft 365 subscription.
You are configuring permissions for Security & Compliance.
You need to ensure that the users can perform the tasks shown in the following table.
The solution must use the principle of least privilege.
To which role should you assign each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
-
HOTSPOT
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
Your company implements Windows Information Protection (WIP).
You need to modify which users and applications are affected by WIP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
-
HOTSPOT
You have a Microsoft 365 subscription.
All users are assigned Microsoft Azure Active Directory Premium licenses.
From the Device Management admin center, you set Microsoft Intune as the MDM authority.
You need to ensure that when the members of a group named Marketing join a device to Azure Active Directory (Azure AD), the device is enrolled automatically in Intune. The Marketing group members must be limited to five devices enrolled in Intune.
Which two options should you use to perform the configurations? To answer, select the appropriate blades in the answer area.
NOTE: Each correct selection is worth one point.
Explanation:Device enrollment manager (DEM) is an Intune permission that can be applied to an Azure AD user account and lets the user enroll up to 1,000 devices
You can create and manage enrollment restrictions that define what devices can enroll into management with Intune, including the:
– Number of devices.
– Operating systems and versions.The Marketing group members must be limited to five devices enrolled in Intune
-
You have a Microsoft 365 subscription.
You plan to enable Microsoft Azure Information Protection.
You need to ensure that only the members of a group named PilotUsers can protect content.
What should you do?
- Run the Set-AadrmOnboardingControlPolicy cmdlet.
- Run the Add-AadrmRoleBasedAdministrator cmdlet.
- Create an Azure Information Protection policy.
- Configure the protection activation status for Azure Information Protection.
-
Your company has a Microsoft 365 subscription.
You need to identify which users performed the following privileged administration tasks:
– Deleted a folder from the second-stage Recycle Bin of Microsoft SharePoint
– Opened a mailbox of which the user was not the owner
– Reset a user passwordWhat should you use?
- Microsoft Azure Active Directory (Azure AD) audit logs
- Security & Compliance content search
- Microsoft Azure Active Directory (Azure AD) sign-ins
- Security & Compliance audit log search
Explanation:
You can view the required information in the audit logs. The Azure AD audit logs provide records of system activities for compliance. To access the audit report, select Audit logs in the Activity section of Azure Active Directory. -
You have a Microsoft 365 subscription.
You have a user named User1.
You need to ensure that User1 can place a litigation hold on all mailbox content.
Which role should you assign to User1?
- eDiscovery Manager from the Security & Compliance admin center
- Compliance Management from the Exchange admin center
- User management administrator from the Microsoft 365 admin center
- Information Protection administrator from the Azure Active Directory admin center
-
You have a Microsoft 365 subscription.
All users are assigned a Microsoft 365 E3 license.
You enable auditing for your organization.
What is the maximum amount of time data will be retained in the Microsoft 365 audit log?
- 2 years
- 1 year
- 30 days
- 90 days
-
HOTSPOT
Your company is based in the United Kingdom (UK).
Users frequently handle data that contains Personally Identifiable Information (PII).
You create a data loss prevention (DLP) policy that applies to users inside and outside the company. The policy is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
-
HOTSPOT
You have a Microsoft 365 subscription that contains all the user data.
You plan to create the retention policy shown in the Locations exhibit. (Click the Locations tab.)
You configure the Advanced retention settings as shown in the Retention exhibit. (Click the Retention tab.)
The locations specified in the policy include the groups shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.