You have already completed the Test before. Hence you can not start it again.
Test is loading...
You must sign in or sign up to start the Test.
You have to finish following quiz, to start this Test:
Your results are here!! for" MS-900 Practice Test 3 "
0 of 54 questions answered correctly
Your time:
Time has elapsed
Your Final Score is : 0
You have attempted : 0
Number of Correct Questions : 0 and scored 0
Number of Incorrect Questions : 0 and Negative marks 0
Average score
Your score
MS-900
You have attempted: 0
Number of Correct Questions: 0 and scored 0
Number of Incorrect Questions: 0 and Negative marks 0
You can review your answers by clicking view questions. Important Note : Open Reference Documentation Links in New Tab (Right Click and Open in New Tab).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
Answered
Review
Question 1 of 54
1. Question
TRUE ORÂ FALSE
After users are enrolled in MFA they must configure a second authentication factor the next time they sign in
Correct
Incorrect
Unattempted
Question 2 of 54
2. Question
You are a Microsoft 365 administrator. You need to implement the appropriate features for this scenario. What should you implement?
“Secure members of the Global Administrators Group by using dynamic risk profiles”
Correct
Identity Protection is a tool that allows organizations to accomplish three key tasks:
Automate the detection and remediation of identity-based risks.
Investigate risks using data in the portal.
Export risk detection data to third-party utilities for further analysis.
Identity Protection is a tool that allows organizations to accomplish three key tasks:
Automate the detection and remediation of identity-based risks.
Investigate risks using data in the portal.
Export risk detection data to third-party utilities for further analysis.
Identity Protection is a tool that allows organizations to accomplish three key tasks:
Automate the detection and remediation of identity-based risks.
Investigate risks using data in the portal.
Export risk detection data to third-party utilities for further analysis.
TRUE OR FALSE
Compliance Manager performs assessment against your entire Microsoft 365 environment and evaluates both Microsoft and Customer controls.
Correct
Microsoft Compliance Manager (preview)Â is a free workflow-based risk assessment tool in the Microsoft Service Trust Portal for managing regulatory compliance activities related to Microsoft cloud services. Part of your Microsoft 365, Office 365, or Azure Active Directory subscription, Compliance Manager helps you manage regulatory compliance within the shared responsibility model for Microsoft cloud services.
Microsoft-managed controls
For each cloud service, Microsoft implements and manages a set of controls as part of Microsoft’s compliance with various standards and regulations. Each control provides details about how Microsoft implemented the control, and how and when that implementation was tested and validated by Microsoft and/or by an independent third-party auditor.
Customer-managed controls
Customer-managed controls are managed by your organization. Your organization is responsible for customer-managed control implementation as part of your compliance process for a given standard or regulation. Customer-managed controls are organized into control families for the corresponding certification or regulation. Use the customer-managed controls to implement the recommended actions suggested by Microsoft as part of your compliance activities. Your organization can use the prescriptive guidance and recommended customer actions in each customer-managed control to manage the implementation and assessment process for that control. https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-overview?view=o365-worldwide
Incorrect
Microsoft Compliance Manager (preview)Â is a free workflow-based risk assessment tool in the Microsoft Service Trust Portal for managing regulatory compliance activities related to Microsoft cloud services. Part of your Microsoft 365, Office 365, or Azure Active Directory subscription, Compliance Manager helps you manage regulatory compliance within the shared responsibility model for Microsoft cloud services.
Microsoft-managed controls
For each cloud service, Microsoft implements and manages a set of controls as part of Microsoft’s compliance with various standards and regulations. Each control provides details about how Microsoft implemented the control, and how and when that implementation was tested and validated by Microsoft and/or by an independent third-party auditor.
Customer-managed controls
Customer-managed controls are managed by your organization. Your organization is responsible for customer-managed control implementation as part of your compliance process for a given standard or regulation. Customer-managed controls are organized into control families for the corresponding certification or regulation. Use the customer-managed controls to implement the recommended actions suggested by Microsoft as part of your compliance activities. Your organization can use the prescriptive guidance and recommended customer actions in each customer-managed control to manage the implementation and assessment process for that control. https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-overview?view=o365-worldwide
Unattempted
Microsoft Compliance Manager (preview)Â is a free workflow-based risk assessment tool in the Microsoft Service Trust Portal for managing regulatory compliance activities related to Microsoft cloud services. Part of your Microsoft 365, Office 365, or Azure Active Directory subscription, Compliance Manager helps you manage regulatory compliance within the shared responsibility model for Microsoft cloud services.
Microsoft-managed controls
For each cloud service, Microsoft implements and manages a set of controls as part of Microsoft’s compliance with various standards and regulations. Each control provides details about how Microsoft implemented the control, and how and when that implementation was tested and validated by Microsoft and/or by an independent third-party auditor.
Customer-managed controls
Customer-managed controls are managed by your organization. Your organization is responsible for customer-managed control implementation as part of your compliance process for a given standard or regulation. Customer-managed controls are organized into control families for the corresponding certification or regulation. Use the customer-managed controls to implement the recommended actions suggested by Microsoft as part of your compliance activities. Your organization can use the prescriptive guidance and recommended customer actions in each customer-managed control to manage the implementation and assessment process for that control. https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-overview?view=o365-worldwide
Question 4 of 54
4. Question
A company purchases Microsoft 365 E5.
You need to determine which security features you should implement.
Which features should you implement” To identify sensitive data and create policies that help prevent users from accidentally or intentionally sharing the data?
Correct
Incorrect
Unattempted
Question 5 of 54
5. Question
You need to reduce the amount of time that the IT team spends on user support. What are the three possible ways to achieve this goal?
Note that each correct answer presents a complete solution
You are the Microsoft 365 administrator for a company.
Your company plans to open a new office in the United Kingdom.
You need to provide penetration tests and security assessment reports for the new office.
Where can you locate the required reports?
Correct
Microsoft Service Trust Portal (Industries & Regions section)
Provides industry- and region-specific compliance information about Microsoft Cloud services.
Industries: At this time, this page provides an industry-specific landing page for the Financial Services industry. This contains information such as compliance offerings, FAQs, and success stories. Resources for more industries will be released in the future, however, you can find resources for more industries by going to the Trust Documents > Data Protection page in the STP.
Regions:Â Provides legal opinions on Microsoft Cloud services compliance with various laws of various countries. Specific countries include Australia, Canada, Czech Republic, Denmark, Germany, Poland, Romania, Spain, and the United Kingdom.
Microsoft Service Trust Portal (Industries & Regions section)
Provides industry- and region-specific compliance information about Microsoft Cloud services.
Industries: At this time, this page provides an industry-specific landing page for the Financial Services industry. This contains information such as compliance offerings, FAQs, and success stories. Resources for more industries will be released in the future, however, you can find resources for more industries by going to the Trust Documents > Data Protection page in the STP.
Regions:Â Provides legal opinions on Microsoft Cloud services compliance with various laws of various countries. Specific countries include Australia, Canada, Czech Republic, Denmark, Germany, Poland, Romania, Spain, and the United Kingdom.
Microsoft Service Trust Portal (Industries & Regions section)
Provides industry- and region-specific compliance information about Microsoft Cloud services.
Industries: At this time, this page provides an industry-specific landing page for the Financial Services industry. This contains information such as compliance offerings, FAQs, and success stories. Resources for more industries will be released in the future, however, you can find resources for more industries by going to the Trust Documents > Data Protection page in the STP.
Regions:Â Provides legal opinions on Microsoft Cloud services compliance with various laws of various countries. Specific countries include Australia, Canada, Czech Republic, Denmark, Germany, Poland, Romania, Spain, and the United Kingdom.
You need to configure a data governance solution for your company. You know the complete solution must meet the following requirements:
-> Classify documents
-> Ensure that classifications are enforced
-> Delete documents that are no longer used
Which actions should you perform to perform 2nd step i.e. Ensure that classifications are enforced?
Correct
Supervision allows you to set policies to monitor email and 3rd party communications in your organization. You can specify people to review these communications.
Incorrect
Supervision allows you to set policies to monitor email and 3rd party communications in your organization. You can specify people to review these communications.
Unattempted
Supervision allows you to set policies to monitor email and 3rd party communications in your organization. You can specify people to review these communications.
Question 8 of 54
8. Question
You need to configure a data governance solution for your company. You know the complete solution must meet the following requirements:
-> Classify documents
-> Ensure that classifications are enforced
-> Delete documents that are no longer used
Which actions should you perform to perform 1st step I.e. Classify documents?
Correct
Classify your information for governance purposes. For example, you could have a label for a contract, employee review, or another type of information. Labels can also have a retention policy associated with it.
Incorrect
Classify your information for governance purposes. For example, you could have a label for a contract, employee review, or another type of information. Labels can also have a retention policy associated with it.
Unattempted
Classify your information for governance purposes. For example, you could have a label for a contract, employee review, or another type of information. Labels can also have a retention policy associated with it.
Question 9 of 54
9. Question
You are the Microsoft 365 administrator for a company.
You need to identify available cloud security features.
Match this feature to the correct description.
Block users from accessing cloud apps from certain devices.
A company is moving to Microsoft Azure. Some applications cannot be moved. You need to identify which applications will remain in a hybrid environment after the migration. Which applications will remain in a hybrid environment?
Correct
A hybrid cloud combines public and private clouds, allowing you to run your applications in the most appropriate location. For example, you could host a website in the public cloud and link it to a highly secure database hosted in your private cloud (or on-premises data-center). In hybrid scenario’s most companies will keep the most sensitive databases on-premises and move everything else to the cloud. https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/4-cloud-deployment-models
Incorrect
A hybrid cloud combines public and private clouds, allowing you to run your applications in the most appropriate location. For example, you could host a website in the public cloud and link it to a highly secure database hosted in your private cloud (or on-premises data-center). In hybrid scenario’s most companies will keep the most sensitive databases on-premises and move everything else to the cloud. https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/4-cloud-deployment-models
Unattempted
A hybrid cloud combines public and private clouds, allowing you to run your applications in the most appropriate location. For example, you could host a website in the public cloud and link it to a highly secure database hosted in your private cloud (or on-premises data-center). In hybrid scenario’s most companies will keep the most sensitive databases on-premises and move everything else to the cloud. https://docs.microsoft.com/en-us/learn/modules/principles-cloud-computing/4-cloud-deployment-models
Question 12 of 54
12. Question
A company plans to migrate to Microsoft 365.
You need to advise the company about how Microsoft provides protection in a multitenancy environment.
What are the three ways that Microsoft provides protection? Each correct answer presents part of the solution. (Choose three.)
You need to determine which security features you should implement.
Which features should you implement for “Providing recommendations to reduce risk”?
Correct
Microsoft Secure Score is a representation of your organization’s security posture, and your opportunity to improve it.
Incorrect
Microsoft Secure Score is a representation of your organization’s security posture, and your opportunity to improve it.
Unattempted
Microsoft Secure Score is a representation of your organization’s security posture, and your opportunity to improve it.
Question 14 of 54
14. Question
True or False
To enable or disable targeted releases in an organization, select each user who should receive early access to features and functionality from a list.
Correct
In-Office 365 admins can choose how their company or individuals in the company receive updates.
While the default option is our “Standard release” and updates are pushed to your tenant as they become broadly available, you can also opt in to the “Targeted release” option (formerly known as First Release). In the latter case, you and your users will be the first to see the latest updates and can help shape the product by providing early feedback.
Set up the release option in the admin center
You can change how your organization receives Microsoft 365 updates by following these steps. You have to be a global admin in Microsoft 365 to opt-in.
In the admin center, go to the Settings > Org Setting, and under the Organization profile tab, choose Release preferences.
To disable targeted release, select Standard release, then select Save changes.
To enable targeted release for all users in your organization, select Targeted release for everyone, then select Save changes.
To enable targeted release for some people in your organization, select Targeted release for selected users, then select Save changes.
Choose Select users to add users one at a time, or Upload users to add them in bulk.
When you’re done adding users, select Save changes.
Incorrect
In-Office 365 admins can choose how their company or individuals in the company receive updates.
While the default option is our “Standard release” and updates are pushed to your tenant as they become broadly available, you can also opt in to the “Targeted release” option (formerly known as First Release). In the latter case, you and your users will be the first to see the latest updates and can help shape the product by providing early feedback.
Set up the release option in the admin center
You can change how your organization receives Microsoft 365 updates by following these steps. You have to be a global admin in Microsoft 365 to opt-in.
In the admin center, go to the Settings > Org Setting, and under the Organization profile tab, choose Release preferences.
To disable targeted release, select Standard release, then select Save changes.
To enable targeted release for all users in your organization, select Targeted release for everyone, then select Save changes.
To enable targeted release for some people in your organization, select Targeted release for selected users, then select Save changes.
Choose Select users to add users one at a time, or Upload users to add them in bulk.
When you’re done adding users, select Save changes.
Unattempted
In-Office 365 admins can choose how their company or individuals in the company receive updates.
While the default option is our “Standard release” and updates are pushed to your tenant as they become broadly available, you can also opt in to the “Targeted release” option (formerly known as First Release). In the latter case, you and your users will be the first to see the latest updates and can help shape the product by providing early feedback.
Set up the release option in the admin center
You can change how your organization receives Microsoft 365 updates by following these steps. You have to be a global admin in Microsoft 365 to opt-in.
In the admin center, go to the Settings > Org Setting, and under the Organization profile tab, choose Release preferences.
To disable targeted release, select Standard release, then select Save changes.
To enable targeted release for all users in your organization, select Targeted release for everyone, then select Save changes.
To enable targeted release for some people in your organization, select Targeted release for selected users, then select Save changes.
Choose Select users to add users one at a time, or Upload users to add them in bulk.
When you’re done adding users, select Save changes.
Question 15 of 54
15. Question
TRUEÂ ORÂ FALSE
Cloud solution providers can bill customers for Microsoft 365 licenses on an annual basis.
Correct
Cloud Partners(CSP) own and control the billing cycle (monthly or annually)
Incorrect
Cloud Partners(CSP) own and control the billing cycle (monthly or annually)
Unattempted
Cloud Partners(CSP) own and control the billing cycle (monthly or annually)
Question 16 of 54
16. Question
A company deploys Microsoft Azure AD. You enable multi-factor authentication. You need to inform users about the multi-factor authentication methods that they can use. Which of the following methods is NOT a valid multi-factor authentication method in Microsoft 365?
Correct
When a user signs in to an application or service and receives an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure Multi-Factor Authentication verification methods, or the user can access their own My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure Multi-Factor Authentication:
Microsoft Authenticator app
OATH Hardware token
SMS
Voice call
When a user signs in to an application or service and receives an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure Multi-Factor Authentication verification methods, or the user can access their own My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure Multi-Factor Authentication:
Microsoft Authenticator app
OATH Hardware token
SMS
Voice call
When a user signs in to an application or service and receives an MFA prompt, they can choose from one of their registered forms of additional verification. An administrator could require registration of these Azure Multi-Factor Authentication verification methods, or the user can access their own My Profile to edit or add verification methods.
The following additional forms of verification can be used with Azure Multi-Factor Authentication:
Microsoft Authenticator app
OATH Hardware token
SMS
Voice call
An organization is considering migrating some of its resources to the cloud. The company does not plan to deploy Microsoft AzureExpressRoute or site-to-site VPNs. You need to identify if this workload can migrate to the cloud by choosing the best answer.
” A legacy application that requires connectivity to on-premises data store”
Correct
Incorrect
Unattempted
Question 19 of 54
19. Question
An organization is considering migrating some of its resources to the cloud. The company does not plan to deploy Microsoft AzureExpressRoute or site-to-site VPNs. You need to identify if this workload can migrate to the cloud by choosing the best answer.
” You need to deploy a Microsoft SharePoint collaboration site for partners”
Correct
Incorrect
Unattempted
Question 20 of 54
20. Question
You are a Microsoft 365 administrator for a company where employees use Microsoft Office 365 Enterprise to create documents. You need to implement document classification and protection by using Microsoft Information protection which actions should you perform each current each correct answer presents part of his solution And is worth one point
For the following statement, select Yes if the statement is true. Otherwise, select No.
“Microsoft Intune can define where corporate data is stored”
Correct
App protection policies make sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
App protection policies make sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
App protection policies make sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
An organization is considering migrating some of its resources to the cloud. The company does not plan to deploy Microsoft AzureExpressRoute or site-to-site VPNs. You need to identify if this workload can migrate to the cloud by choosing the best answer.
” You need to deploy the external-facing website”
Correct
Incorrect
Unattempted
Question 23 of 54
23. Question
This question requires that you evaluate the “Italicized” text to determine if it is correct.
A company needs to protect documents and emails by automatically applying classifications and labels. You must minimize costs.
You should implement Microsoft Azure Information Protection for Microsoft Office 365.
Review the above “italicized” text. If it makes the statement correct, select No change is needed. If the statement is incorrect, select the answer choice that makes the statement correct.
Correct
Incorrect
Unattempted
Question 24 of 54
24. Question
TRUEÂ ORÂ FALSE
Cloud Service Providers can provide 30 days of trial licenses to customers
Correct
CSP’s can’t provide any trial license to customers.
Incorrect
CSP’s can’t provide any trial license to customers.
Unattempted
CSP’s can’t provide any trial license to customers.
Question 25 of 54
25. Question
True or False
By default, all the Microsoft 365 users are configured for “Targeted Release”
Correct
In-Office 365 admins can choose how their company or individuals in the company receive updates.
While the default option is our “Standard release” and updates are pushed to your tenant as they become broadly available, you can also opt in to the “Targeted release” option (formerly known as First Release). In the latter case, you and your users will be the first to see the latest updates and can help shape the product by providing early feedback.
Incorrect
In-Office 365 admins can choose how their company or individuals in the company receive updates.
While the default option is our “Standard release” and updates are pushed to your tenant as they become broadly available, you can also opt in to the “Targeted release” option (formerly known as First Release). In the latter case, you and your users will be the first to see the latest updates and can help shape the product by providing early feedback.
Unattempted
In-Office 365 admins can choose how their company or individuals in the company receive updates.
While the default option is our “Standard release” and updates are pushed to your tenant as they become broadly available, you can also opt in to the “Targeted release” option (formerly known as First Release). In the latter case, you and your users will be the first to see the latest updates and can help shape the product by providing early feedback.
Question 26 of 54
26. Question
You are the Microsoft 365 administrator for a company. You install Microsoft Office 365 Enterprise on five devices. You deactivate the Microsoft Office 365 Enterprise license on one device.
Which task can you perform on that device?Â
Correct
When you deactivate a Microsoft Office 365 Enterprise license, Office 365 Enterprise remains installed on the computer, but you can only view and print documents. All features for editing or creating new documents are disabled.
Incorrect
When you deactivate a Microsoft Office 365 Enterprise license, Office 365 Enterprise remains installed on the computer, but you can only view and print documents. All features for editing or creating new documents are disabled.
Unattempted
When you deactivate a Microsoft Office 365 Enterprise license, Office 365 Enterprise remains installed on the computer, but you can only view and print documents. All features for editing or creating new documents are disabled.
Question 27 of 54
27. Question
You need to ensure that the process by which users sign in to Microsoft 365 confirms the identity of the user. Which feature should you use?
Correct
Multi-factor authentication is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). It protects the user from an unknown person trying to access their data such as personal ID details or financial assets. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
Incorrect
Multi-factor authentication is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). It protects the user from an unknown person trying to access their data such as personal ID details or financial assets. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
Unattempted
Multi-factor authentication is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is). It protects the user from an unknown person trying to access their data such as personal ID details or financial assets. https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks
Question 28 of 54
28. Question
You need to configure a data governance solution for your company. You know the complete solution must meet the following requirements:
-> Classify documents
-> Ensure that classifications are enforced
-> Delete documents that are no longer used
Which actions should you perform to perform 3rd step i.e. Delete documents that are no longer used
Correct
Retention policies ensure that you do not delete content prematurely. Once the content has reached the end of its retention period it can be deleted, start an approval process for deletion, or it can do nothing.
Incorrect
Retention policies ensure that you do not delete content prematurely. Once the content has reached the end of its retention period it can be deleted, start an approval process for deletion, or it can do nothing.
Unattempted
Retention policies ensure that you do not delete content prematurely. Once the content has reached the end of its retention period it can be deleted, start an approval process for deletion, or it can do nothing.
Question 29 of 54
29. Question
You are a Microsoft 365 administrator. You need to implement the appropriate features for this scenario. What should you implement?
“Secure admin roles by requiring approvals”
Correct
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
You need to determine which security features you should implement.
Which features should you implement for “Control how a Microsoft Support Engineer accesses data during a help session”?
Correct
Office 365 Customer Lockbox feature which will help a customer to control how a Microsoft support engineer is going to access customer data during a scenario where customers have raised a support request to investigate some service issues related to customers Office 365 tenant.
Incorrect
Office 365 Customer Lockbox feature which will help a customer to control how a Microsoft support engineer is going to access customer data during a scenario where customers have raised a support request to investigate some service issues related to customers Office 365 tenant.
Unattempted
Office 365 Customer Lockbox feature which will help a customer to control how a Microsoft support engineer is going to access customer data during a scenario where customers have raised a support request to investigate some service issues related to customers Office 365 tenant.
Question 32 of 54
32. Question
You are a Microsoft 365 administrator. You need to implement the appropriate features for this scenario. What should you implement?
“Restrict access to Microsoft Outlook using a PIN”
Correct
You can protect corporate data in Outlook for iOS and Android using Intune app protection policies. App Protection Policies (APP) define which apps are allowed and the actions they can take with your organization’s data. The choices available in APP enable organizations to tailor the protection to their specific needs.
Enterprise basic data protection (Level 1) ensures that apps are protected with a PIN and encrypted and perform selective wipe operations. For Android devices, this level validates Android device attestation. This is an entry-level configuration that provides similar data protection control in Exchange Online mailbox policies and introduces IT and the user population to APP.
Reference Read: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android
Incorrect
You can protect corporate data in Outlook for iOS and Android using Intune app protection policies. App Protection Policies (APP) define which apps are allowed and the actions they can take with your organization’s data. The choices available in APP enable organizations to tailor the protection to their specific needs.
Enterprise basic data protection (Level 1) ensures that apps are protected with a PIN and encrypted and perform selective wipe operations. For Android devices, this level validates Android device attestation. This is an entry-level configuration that provides similar data protection control in Exchange Online mailbox policies and introduces IT and the user population to APP.
Reference Read: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android
Unattempted
You can protect corporate data in Outlook for iOS and Android using Intune app protection policies. App Protection Policies (APP) define which apps are allowed and the actions they can take with your organization’s data. The choices available in APP enable organizations to tailor the protection to their specific needs.
Enterprise basic data protection (Level 1) ensures that apps are protected with a PIN and encrypted and perform selective wipe operations. For Android devices, this level validates Android device attestation. This is an entry-level configuration that provides similar data protection control in Exchange Online mailbox policies and introduces IT and the user population to APP.
Reference Read: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/outlook-for-ios-and-android/secure-outlook-for-ios-and-android
Question 33 of 54
33. Question
A company deploys Microsoft Intune.
An employee loses a Windows 10 device that contains corporate data.
You need to ensure that the corporate data on the device is secured as quickly as possible.
Which two options can you use?
To answer, select the appropriate actions in the answer area.
Correct
Incorrect
Unattempted
Question 34 of 54
34. Question
A company plans to migrate to a hybrid cloud infrastructure. You need to determine where to manage the different features after the hybrid deployment is complete.
“Configure e-mail disclaimers”.
Correct
Incorrect
Unattempted
Question 35 of 54
35. Question
TRUE OR FALSE
Compliance Managers allow you to take corrective action from within the Service Trust Portal.
Correct
Compliance Manager is accessible from the Microsoft Service Trust Portal. Anyone with a Microsoft account or Azure Active Directory organizational account can access the Compliance Manager.
There are specific administrative functions that are only available to the global administrator and only visible when logged in with a global administrator account. The global administrator can:
Assign user roles
Turn on and off automatic Secure Score updates
Configure user privacy settings
Compliance Manager is accessible from the Microsoft Service Trust Portal. Anyone with a Microsoft account or Azure Active Directory organizational account can access the Compliance Manager.
There are specific administrative functions that are only available to the global administrator and only visible when logged in with a global administrator account. The global administrator can:
Assign user roles
Turn on and off automatic Secure Score updates
Configure user privacy settings
Compliance Manager is accessible from the Microsoft Service Trust Portal. Anyone with a Microsoft account or Azure Active Directory organizational account can access the Compliance Manager.
There are specific administrative functions that are only available to the global administrator and only visible when logged in with a global administrator account. The global administrator can:
Assign user roles
Turn on and off automatic Secure Score updates
Configure user privacy settings
TRUE OR FALSE
Cloud Service Providers can only charge customers for licenses that the customers use.
Correct
Cloud Service Providers can only charge customers per license. More information on licensing is available in the following link
Incorrect
Cloud Service Providers can only charge customers per license. More information on licensing is available in the following link
Unattempted
Cloud Service Providers can only charge customers per license. More information on licensing is available in the following link
Question 37 of 54
37. Question
TRUE OR FALSE
Compliance Manager allows you to assign individuals within the organization to be responsible for the control.
Correct
Customer-managed controls
Customer-managed controls are managed by your organization. Your organization is responsible for customer-managed control implementation as part of your compliance process for a given standard or regulation. Customer-managed controls are organized into control families for the corresponding certification or regulation. Use the customer-managed controls to implement the recommended actions suggested by Microsoft as part of your compliance activities. Your organization can use the prescriptive guidance and recommended customer actions in each customer-managed control to manage the implementation and assessment process for that control.
Customer-managed controls in Assessments also have built-in workflow management functionality that you can use to manage and track your progress towards Assessment completion. With this workflow functionality, you can:
Assign Action Items for each control
Track assigned Action Items
Upload evidence of the implementation of the control
Document the testing and validation of the control
Mark the Action Items as implemented and tested
For example, a Compliance Officer in your organization assigns an Action Item to an IT admin with the responsibility and necessary permissions to perform the recommended action. The IT admin uploads evidence of the implementation tasks (screenshots of configuration or policy settings) and assigns the Action Item back to the Compliance Officer when completed. The Compliance Officer evaluates the collected evidence, tests the implementation of the control, and records the implementation date and test results in Compliance Manager.
Customer-managed controls
Customer-managed controls are managed by your organization. Your organization is responsible for customer-managed control implementation as part of your compliance process for a given standard or regulation. Customer-managed controls are organized into control families for the corresponding certification or regulation. Use the customer-managed controls to implement the recommended actions suggested by Microsoft as part of your compliance activities. Your organization can use the prescriptive guidance and recommended customer actions in each customer-managed control to manage the implementation and assessment process for that control.
Customer-managed controls in Assessments also have built-in workflow management functionality that you can use to manage and track your progress towards Assessment completion. With this workflow functionality, you can:
Assign Action Items for each control
Track assigned Action Items
Upload evidence of the implementation of the control
Document the testing and validation of the control
Mark the Action Items as implemented and tested
For example, a Compliance Officer in your organization assigns an Action Item to an IT admin with the responsibility and necessary permissions to perform the recommended action. The IT admin uploads evidence of the implementation tasks (screenshots of configuration or policy settings) and assigns the Action Item back to the Compliance Officer when completed. The Compliance Officer evaluates the collected evidence, tests the implementation of the control, and records the implementation date and test results in Compliance Manager.
Customer-managed controls
Customer-managed controls are managed by your organization. Your organization is responsible for customer-managed control implementation as part of your compliance process for a given standard or regulation. Customer-managed controls are organized into control families for the corresponding certification or regulation. Use the customer-managed controls to implement the recommended actions suggested by Microsoft as part of your compliance activities. Your organization can use the prescriptive guidance and recommended customer actions in each customer-managed control to manage the implementation and assessment process for that control.
Customer-managed controls in Assessments also have built-in workflow management functionality that you can use to manage and track your progress towards Assessment completion. With this workflow functionality, you can:
Assign Action Items for each control
Track assigned Action Items
Upload evidence of the implementation of the control
Document the testing and validation of the control
Mark the Action Items as implemented and tested
For example, a Compliance Officer in your organization assigns an Action Item to an IT admin with the responsibility and necessary permissions to perform the recommended action. The IT admin uploads evidence of the implementation tasks (screenshots of configuration or policy settings) and assigns the Action Item back to the Compliance Officer when completed. The Compliance Officer evaluates the collected evidence, tests the implementation of the control, and records the implementation date and test results in Compliance Manager.
For the following statement, select Yes if the statement is true. Otherwise, select No.
“Once a device is registered with Microsoft Intune data wipe will include users personal data”
A company plans to migrate to a hybrid cloud infrastructure. You need to determine where to manage the different features after the hybrid deployment is complete.
“Set frequency of Microsoft 365 Updates”.
Correct
Incorrect
Unattempted
Question 41 of 54
41. Question
A company purchases Microsoft 365 E5.
You need to determine which security features you should implement.
Which features should you implement for “Protect against malware, viruses and malicious URLS”?
Correct
ffice 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. ATP includes:
Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.
Reports: View real-time reports to monitor ATP performance in your organization.
Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.
Incorrect
ffice 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. ATP includes:
Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.
Reports: View real-time reports to monitor ATP performance in your organization.
Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.
Unattempted
ffice 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools. ATP includes:
Threat protection policies: Define threat-protection policies to set the appropriate level of protection for your organization.
Reports: View real-time reports to monitor ATP performance in your organization.
Threat investigation and response capabilities: Use leading-edge tools to investigate, understand, simulate, and prevent threats.
Automated investigation and response capabilities: Save time and effort investigating and mitigating threats.
Question 42 of 54
42. Question
A company is a Microsoft 365 reseller. The company does not provide managed services or direct customer support. You need to provide licenses for customers and earn commissions for each license sold. What should you do?
Correct
The correct answer is “Buy licenses for customers from a Microsoft authorized distributor”. Questions do not ask you to join as a CSP but appear like you are an individual.
The company is already a reseller and cos they don’t provide support or billing, they are most likely be Indirect CSP
Incorrect
The correct answer is “Buy licenses for customers from a Microsoft authorized distributor”. Questions do not ask you to join as a CSP but appear like you are an individual.
The company is already a reseller and cos they don’t provide support or billing, they are most likely be Indirect CSP
Unattempted
The correct answer is “Buy licenses for customers from a Microsoft authorized distributor”. Questions do not ask you to join as a CSP but appear like you are an individual.
The company is already a reseller and cos they don’t provide support or billing, they are most likely be Indirect CSP
Question 43 of 54
43. Question
A company plans to migrate to a hybrid cloud infrastructure. You need to determine where to manage the different features after the hybrid deployment is complete.
“Configure Compliance”.
Correct
Incorrect
Unattempted
Question 44 of 54
44. Question
A company plans to migrate to a hybrid cloud infrastructure. You need to determine where to manage the different features after the hybrid deployment is complete.
“Configure MFA for cloud services”
Correct
Incorrect
Unattempted
Question 45 of 54
45. Question
You are the Microsoft administrator for a company all staff must use Microsoft Outlook to access corporate email. When users access outlook on mobile devices they must use a PIN to open the application. You need to implement a Microsoft intune policy to enforce the security requirements which policy should you use?
Correct
App protection policies make sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
App protection policies make sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
App protection policies make sure that the app-layer protections are in place. For example, you can:
Require a PIN to open an app in a work context
Control the sharing of data between apps
Prevent the saving of company app data to a personal storage location
A company assigns a Microsoft 365 license to each employee. You need to install Microsoft Office 365 Enterprise on each employee device. Which three methods can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
An organization plans to deploy Microsoft Office 2019 or Office 365 Enterprise. What are the two advantages of Office 365 Enterprise over Microsoft Office 2019? Each correct answer presents a complete solution. (Choose two.)
NOTE: Each correct selection is worth one point.
Correct
A single subscription of Office 365 Enterprise allows you to install Office 365 on up to 5 devices.
Office 365 Enterprise includes a fully functional, free to use mobile apps i.e Outlook, Teams & Yammer.
Office 365 subscriptions (E3, E5, etc.) do not allow for downgrading.
Office 365 Enterprise is updated automatically. Updates include updates to existing features as well as new features being added to the product. https://support.office.com/en-us/article/what-s-new-in-office-online-fc1de049-98f3-46da-a5aa-da4a19c3e909?ui=en-USandrs=en-USandad=US
Incorrect
A single subscription of Office 365 Enterprise allows you to install Office 365 on up to 5 devices.
Office 365 Enterprise includes a fully functional, free to use mobile apps i.e Outlook, Teams & Yammer.
Office 365 subscriptions (E3, E5, etc.) do not allow for downgrading.
Office 365 Enterprise is updated automatically. Updates include updates to existing features as well as new features being added to the product. https://support.office.com/en-us/article/what-s-new-in-office-online-fc1de049-98f3-46da-a5aa-da4a19c3e909?ui=en-USandrs=en-USandad=US
Unattempted
A single subscription of Office 365 Enterprise allows you to install Office 365 on up to 5 devices.
Office 365 Enterprise includes a fully functional, free to use mobile apps i.e Outlook, Teams & Yammer.
Office 365 subscriptions (E3, E5, etc.) do not allow for downgrading.
Office 365 Enterprise is updated automatically. Updates include updates to existing features as well as new features being added to the product. https://support.office.com/en-us/article/what-s-new-in-office-online-fc1de049-98f3-46da-a5aa-da4a19c3e909?ui=en-USandrs=en-USandad=US
Question 48 of 54
48. Question
You are an IT Administrator for a large company with Office 365 global admin account. You need to follow one of the following concepts to decide when users will get a Windows release. Please choose the best answer.
You are in Microsoft 365 administrator for a company stop user experience is an issue with SharePoint online you need to resolve the issue which two options can you use?
Note that each correct answer presents a complete solution.
Let’s assume that you have been hired by ABC company as a security administrator for their Microsoft 365 environment. You have been advised to ensure that employees accessing the system from outside the corporate network must use corporate devices. Which tool could you use to meet this organizational requirement?
Correct
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Another Example: A payroll manager wants to access the payroll application and is required to perform multi-factor authentication to access it.
Incorrect
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Another Example: A payroll manager wants to access the payroll application and is required to perform multi-factor authentication to access it.
Unattempted
Conditional Access policies at their simplest are if-then statements, if a user wants to access a resource, then they must complete an action. Another Example: A payroll manager wants to access the payroll application and is required to perform multi-factor authentication to access it.
Question 53 of 54
53. Question
Exchange Online hybrid is an example of what kind of cloud deployment model?
Correct
A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.
Incorrect
A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.
Unattempted
A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.
Question 54 of 54
54. Question
Identify three core components of Microsoft 365?
Correct
Microsoft 365 is a bundle of services that includes Office 365, Windows 10 Enterprise and Enterprise Mobility + Security (EMS).
Incorrect
Microsoft 365 is a bundle of services that includes Office 365, Windows 10 Enterprise and Enterprise Mobility + Security (EMS).
Unattempted
Microsoft 365 is a bundle of services that includes Office 365, Windows 10 Enterprise and Enterprise Mobility + Security (EMS).
Use Page numbers below to navigate to other practice tests