Question 1

You have a Microsoft 365 E5 tenant.

You configure sensitivity labels.

Users report that the Sensitivity button is unavailable in Microsoft Word for the web. The Sensitivity button is available in Microsoft 365 Word.

You need to ensure that the users can apply the sensitivity labels when they use Word for the web.

What should you do?

• A. Enable sensitivity labels for files in Microsoft SharePoint and OneDrive.
• B. Publish the sensitivity labels.
• C. Copy policies from Azure Information Protection to the Microsoft Purview compliance portal.
• D. Create an auto-labeling policy.

Question 2

You have a Microsoft 365 subscription.
You configure a new Azure AD enterprise application named App1. App1 requires that a user be assigned the Reports Reader role.
Which type of group should you use to assign the Reports Reader role and to access App1?

• A. a Microsoft 365 group that has assigned membership
• B. a Microsoft 365 group that has dynamic user membership
• C. a security group that has assigned membership
• D. a security group that has dynamic user membership

Question 3

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365.

You have the policies shown in the following table.



All the policies are configured to send malicious email messages to quarantine.

Which policies support a customized quarantine retention period?

• A. Policy1 and Policy2 only
• B. Policy1 and Policy3 only
• C. Policy2 and Policy4 only
• D. Policy3 and Policy4 only

Question 4

Your network contains an Active Directory domain named adatum.com that is synced to Azure AD.
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?

• A. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
• B. From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets.
• C. From Windows PowerShell on a domain controller, run the Get-MgUser and Update-MgUser cmdlets.
• D. From Azure Cloud Shell, run the Get-MgUser and Update-MgUser cmdlets.

Question 5

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy an Azure AD tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: From the Synchronization Rules Editor, you create a new outbound synchronization rule.
Does this meet the goal?

• A. Yes
• B. No

Question 6

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You need to ensure that users are prevented from opening or downloading malicious files from Microsoft Teams, OneDrive, or SharePoint Online.
What should you do?

• A. Create a new Anti-malware policy.
• B. Configure the Safe Links global settings.
• C. Create a new Anti-phishing policy.
• D. Configure the Safe Attachments global settings.

Question 7

DRAG DROP You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.
You need to configure policies to meet the following requirements:
Customize the common attachments filter.
Enable impersonation protection for sender domains.
Which type of policy should you configure for each requirement? To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Question 8

HOTSPOT

From the Microsoft Purview compliance portal, you create a retention policy named Policy1.

You need to prevent all users from disabling the policy or reducing the retention period.

How should you configure the Azure PowerShell command? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 9

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.



Which users can review the Adoption Score in the Microsoft 365 admin center?

• A. User1 only
• B. User2 only
• C. User1 and User2 only
• D. User1 and User3 only
• E. User1, User2, and User3

Question 10

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
User passwords must be 10 characters or more.

Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.

Does this meet the goal?

• A. Yes
• B. No