Welcome to Gitbit
GitBit was created to help the world get better at securing their Microsoft 365 tenants. A lot of organizations are now using Microsoft 365 but how many of them are secure? Not many!
Go to https://www.gitbit.org to get started. Or you can jump right into one of our lessons. Or jump right into the practice questions. The practice questions are very similar to the questions you'll find on the MS-500 certification by Microsoft.
Lessons
MS-500 Practice Questions
- Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD) as shown in the following exhibit. The synchronization schedule is configured as shown in the following exhibit. Which employees can authenticate by using Azure AD? What should you do to remove the warning for pass-through authentication?
- Your organization has a Microsoft 365 tenant with the domain name gitbit.org. The MFA configuration is shown below. Your Microsoft 365 tenant has the following users. What will happen when User1 and User2 log in?
- Your organization has configured multiple conditional access policies to block non-compliant devices from connecting to Microsoft 365 and other services. Some users complain that they cannot access some services due to their devices being non-compliant. Where can you go to check which conditional access policy is blocking the users' login?
- Access to the Azure AD admin center by any user administrators must be reviewed once a month. The user must lose access if they don't respond within 7 days of the access request. You create an access review policy and specify the scope and a group. What other settings do you need to configure?
- All user users have a Microsoft 365 E5 license. You have a hybrid Microsoft Exchange Server. Some of your user's mailboxes are located in Microsoft 365 while others are located in the on-premises Exchange server You are tasked with setting up and configuring Microsoft Defender for Office 365 anti-phishing policy. Management has asked you to enable mailbox intelligence for all users. What do you need to do to verify all mailboxes have mailbox intelligence enabled and working?
- Your organization has a Microsoft 365 tenant with auditing enabled. You've been asked to grant John Gruber the ability to review audit logs in your Microsoft 365 tenant. You give John Gruber the Global administrator role. A few days later and learn John Gruber disabled auditing. You re-enable auditing and then remove John Gruber's user account from the Global administrator role. You need to give John Gruber the ability to review audit logs but he can't be given permission to disable auditing. Your organization adheres to the principle of least privilege. Which role should you give to John Gruber?
- You have a Microsoft Defender for Endpoint deployment that has the custom network indicators turned on. Microsoft Defender for Endpoint protects two computers that run Windows 10 as shown in the following table. Microsoft Defender for Endpoint has the machine groups shown in the following table. From the Microsoft Defender admin center, you create the URLs/Domains indicators shown in the following table. For each of the following statements, check the box if the statement is true.
- You need to protect against phishing attacks. The solution must meet the following requirements: Phishing email messages must be quarantined if the messages are sent from a spoofed domain. As many phishing email messages as possible must be identified. The solution must apply to the current SMTP domain names and any domain names added later. What steps should you take to complete the task?
- Your organization has hired a new admin named John Gruber. Your manager has asked you to give John Gruber the ability to enable and configure Azure AD Privileged Identity Management. Your organization adhere's to the principle of least privilege What role should you assign to John Gruber
- You create a data loss prevention (DLP) policy as shown in the following exhibit: What is the effect of the policy when a user attempts to send an email message that contains sensitive information?
- Your organization has a Microsoft 365 tenant. You've hired a new employee named John Gruber. You manager has asked you to assign John a role in Microsoft 365. John is required to monitor the service health in Microsoft 365 and create service requests. Your organization adheres to the principle of least privilege. What role should you assign?
- You need to ensure that a user named Joe Gruber can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege. What steps should you take to complete the task?
- Your manager has asked you to create a sensitivity label. Where do you go to create the label?
- Your organization has a Microsoft 365 tenant with AD Connect syncing your on-premises AD to Microsoft 365. All computers are running Windows 10 and are configured to use Microsoft Intune. You've been tasked with protecting the VPN. Your manager has asked you to require every computer connecting to the VPN is marked as compliant. What do you need to do first?
- Your organization has a Microsoft 365 tenant with Exchange Online and all mailboxes are housed in Exchange Online. Your organization hires a new admin named John Gruber. You've been tasked with assigning John his Microsoft 365 roles. John will need to configure retention of all the mailboxes including their deleted items. Your organization adheres to the principle of least privilege.
- Your organization has a Microsoft 365 tenant with a primary domain of GitBit.org Your organization works with a partner company named Uber Bikes. Your Microsoft OneDrive settings haven't been changed. You need to allow your users to share files from Microsoft OneDrive to specific users at Uber Bikes but prevent your users from sharing files with anyone else. What settings should you change in the SharePoint Online admin center?
- You have a Microsoft 365 tenant with Microsoft 365 E5 licenses. The tenant contains the following users. You've been tasked with implementing Azure Active Directory (Azure AD) Identity Protection. Before you can implement it your manager has asked you which users can perform the following actions: Configure a user risk policy. View the risky users' report. Which users can perform the tasks listed below?
- Your organization has a Microsoft 365 tenant with a domain of gitbit.org. You configure the Sharing settings in Microsoft SharePoint Online as below. Click the box next to each true statement
- Your organization has an Active Directory domain named gitbit.org. You've installed Azure AD Connect on ServerA which is a server running Windows 2016. There's an error syncing user accounts from your on-premises AD to Microsoft 365. You've been tasked with resolving the error. To start, you RDP to ServerA and open the Directory Service event logs. What location can you use to troubleshoot the AD Connect sync errors?
- You need to prevent any emails that contain information covered by the U.K. Data Protection Act from being sent to people outside of your organization unless the messages are sent to an external domain named gitbit.org. What should you do to set it up?
- You have a Microsoft 365 subscription that contains a user named User1. You plan to use Compliance Manager. You need to ensure that User1 can assign Compliance Manager roles to users. The solution must use the principle of least privilege. Which role should you assign to User1?
- Your organization has a Microsoft 365 tenant. Only some of your users are required to use an MFA to access Microsoft SharePoint Online. You need to view which users have used MFA to access SharePoint Online. What do you do?
- Your manager has asked you to configure the following in Microsoft 365. Set guest access to be reviewed every 30 days. Grant John Gruber the ability to invite guests to the Microsoft 365 tenant. Your organization adheres to the principle of least privilege. What should you do?
- Your organization has a Microsoft 365 tenant with Microsoft 365 E5 licenses. Your organization currently uses AD Connect to sync your user accounts from the on-premises AD to Microsoft 365. Your organization is also using Active Directory Federation Services (AD FS) to federate between the on-premises Active Directory (AD) and the Microsoft 365 tenant. Azure AD Connect has the following settings: Your manager has asked if you can update the configuration so leaked credentials detection can run properly. Solution: You modify the Source Anchor settings. Does that meet the goal?
- Your organization has a Microsoft 365 tenant with a primary domain of gitbit.org Your organization has the following safe links policy. Which URL can users access from Microsoft Office Online?
- You have a Microsoft 365 tenant with Microsoft 365 E5 licenses. Your organization uses Intune and it's managed through the Microsoft Endpoint Manager admin center. You've already configured the compliance policy settings as below. On April 1, 2022, you create the device compliance policies shown below On April 5, 2022, users enroll the following Windows 10 devices in Intune. Check the boxes below if the statements are true.
- Your organization has a Microsoft 365 tenant with a Microsoft SharePoint Online site named SiteA. An admin has created an eDiscovery case named CaseA that searches SiteA. You have created a new sensitive information type but when you look at CaseA the new sensitive information type is not returning any documents. What do you need to do to fix the case?
- You have a Microsoft 365 subscription. Yesterday, you created retention labels and published the labels to Microsoft Exchange Online mailboxes. You need to ensure that the labels will be available for manual assignment as soon as possible. What should you do?
- Your company has a main office and a Microsoft 365 subscription. You need to enforce Microsoft Azure Multi-Factor Authentication (MFA) by using conditional access for all users who are NOT physically present in the office. What should you include in the configuration?
- Your organization has a Microsoft 365 tenant. Your manager asks you to configure notifications whenever an administrator starts an eDiscovery search. How do you configure the notifications?
- Your manager asks you to give John Gruber the ability to assign the reports reader role to other users. Your organization adheres to the principle of least privilege. Which role should you assign to John Gruber?
- your organization has a Microsoft 365 tenant. Most of your users access Microsoft SharePoint Online from unmanaged personal devices. You've been tasked with preventing users from downloading, printing, and syncing files to unmanaged devices. What should you do to fulfill the task?
- You need to ensure that all users must change their passwords every 100 days. What steps should you take to complete the task?
- Your organization has a Microsoft 365 tenant that contains 5,000 mailboxes. Another admin, named John Gruber, has been tasked with searching every mailbox for emails going to a competing company. You need to configure Microsoft 365 so that John Gruber can search through the mailboxes. The solution should not give John Gruber the ability to send emails from any mailbox. What do you need to do to fulfill the request?
- Your organization has a Microsoft 365 tenant and you've already created a Microsoft Defender Safe Attachments policy. You've configured the policy to quarantine malware. You've been asked to change the retention duration for the attachments that end up in the quarantine. Which threat management policy should you update from the Microsoft Defender admin center?
- The network contains an Active Directory forest named gitbit.org. GitBit has a hybrid Microsoft Azure Active Directory (Azure AD) environment. The company maintains some on-premises servers for specific applications, but most end-user applications are provided by a Microsoft 365 E5 subscription. GitBit identifies the following issues: Since last Friday, the IT team has been receiving automated email messages that contain "Unhealthy Identity Synchronization Notification" in the subject line. Several users recently opened email attachments that contained malware. The process to remove the malware was time-consuming. You need to resolve the issue that generates the automated email messages to the IT team. Which tool should you run first?
- Your organization has the sensitive info type data classifications shown below. Your organization has the Information Protection labels shown below Your organization has the Information Protection label policies shown below check the box next to each true statement.
- Your organization has a Microsoft 365 tenant. Your manager has asked you to set up app-enforced restrictions for 20 users so they can't download attachments unless they are on a compliant device. From the Azure AD admin center, you create a security group called GroupA. What are the next two steps you need to take?
- You organization has a Microsoft 365 tenant with the following users. The Microsoft 365 tenant contains the following dynamic groups. Which users are members of ADGroup1 and ADGroup2?
- One of your Microsoft 365 users stores the following files in Microsoft OneDrive. File1.docx ImportantFile2.docx File_Important3.docx Your Microsoft 365 tenant has a Microsoft Cloud App Security file policy that has the filter shown below. Your manager asks you which files with the above policy apply. Check the box next to each file the policy will apply.
- Where can you go to review the location (IP address) when administrators log in to your Microsoft 365 tenant?
- your organization has a Microsoft 365 tenant that contains the following users. You configure an Azure AD Identity Protection sign-in risk policy with the following settings: Assigned to Group1 and excludes Group2. Only apply if the user risk level is medium or above. If the user risk level is medium or above allow access but require a password change. The risk level for each user is shown below. Which users will be required to change their password?
- You have an on-premises infrastructure that contains the following: An Active Directory domain with a domain controller named ServerA. A server named ServerB that's not a domain controller. A security policy is configured that prevents ServerA from connecting to the Internet. ServerB can connect to the Internet. You've been tasked with implementing Microsoft Defender for Identity to monitor ServerA. How should you configure the servers?
- Your organization is using Microsoft 365 and has 500 computers. You need to protect all the computers using Microsoft Defender for Endpoint. Ten of the devices are used by executives. Your manager explains the requirements to you as follows: Administrators must manually approve all remediation for any of the executives. All other users must have remediation performed automatically. What should you recommend?
- You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table. You create and enforce an Azure AD Identity Protection user risk policy that has the following settings: Assignments: Include Group1, Exclude Group2 Conditions: Sign-in risk of Low and above Access: Allow access, Require password change You need to identify how the policy affects User1 and User2. What occurs when User1 and User2 sign in from an unfamiliar location?
- Several users in your organization have called in reporting they received an email that should have had an attachment but there was no attachment. You've been tasked with tracking down why the email attachment has been removed. What two places can you go to review the missing attachments?
- You have a Microsoft 365 tenant with Microsoft E5 licenses. Users and devices are added/removed daily. Users in the sales department change their devices frequently. You've been asked to create three groups with the following requirements. The solution must minimize administrative effort. How many assigned groups and how many dynamic groups should be created?
- You have a Microsoft 365 subscription that includes a user named User1. You have a conditional access policy that applies to Microsoft Exchange Online. The conditional access policy is configured to use Conditional Access App Control. You need to create a Microsoft Defender for Cloud Apps policy that blocks User1 from printing from Exchange Online. Which type of Cloud App Security policy should you create?
- Your organization has a Microsoft 365 tenant and an on-premises Active Directory (AD) domain. Your organization has installed AD Connect but hasn't enabled the syncing of your on-premises AD to Microsoft 365. Your organization is currently using the default authentication settings. Your manager has asked you to perform the following Have all domain joined computers registered in Azure AD. Configure Microsoft 365 to lock out any user that's currently locked out of the on-premises AD. What two settings will you need to configure to meet the goals listed above?
- Your organization has a Microsoft 365 tenant with devices registered in Azure AD. The devices are managed by using Microsoft Intune. Your manager asks you to enable and configure Windows Defender Exploit Guard (Windows Defender EG) on the devices. Which type of device configuration profile should you use?
- Your organization has a Microsoft 365 tenant and an on-premises Active Directory domain named gitbit.org. Your on-premises domain is synced to Microsoft 365. Your on-premises domain has the following groups that are being synced to Microsoft 365. Your organization has the following cloud-only groups in Azure AD. You've been tasked with creating an information protection label named LabelA. You've created the label and now need to publish the label. What groups can you publish LabelA to?
- You need to ensure that a user named Joe Gruber receives incident reports when email messages that contain data covered by the U.K. Data Protection Act are sent outside of your organization. What steps should you take to complete the task?
- Security Requirements: GitBit identifies the following security requirements: Access to the Azure Active Directory admin center by the user administrators must be reviewed every seven days. If an administrator fails to respond to an access request within three days, access must be removed Users who manage Microsoft 365 workloads must only be allowed to perform administrative tasks for up to three hours at a time. Global administrators must be exempt from this requirement Users must be prevented from inviting external users to view company data. Only global administrators and a user named User1 must be able to send invitations Azure Advanced Threat Protection (ATP) must capture security group modifications for sensitive groups, such as Domain Admins in Active Directory Workload administrators must use multi-factor authentication (MFA) when signing in from an anonymous or an unfamiliar location The location of the user administrators must be audited when the administrators authenticate to Azure AD Email messages that include attachments containing malware must be delivered without the attachment The principle of least privilege must be used whenever possible You plan to configure an access review to meet the security requirements for the workload administrators. You create an access review policy and specify the scope and a group. Which other settings should you configure? To answer, select the appropriate options in the answer area.
- Your organization has a Microsoft 365 tenant. Your tenant has an information protection label named CompanyConfidential in the Microsoft Compliance admin center. Your tenant has CompanyConfidential applied to a global policy. One of your users protects an email using the CompanyConfidential label and sends the email to an external recipient. The external recipient reports that they cannot open the email. You've been asked to assist the user so the email can be sent to the external recipient. What should you do?
- You've been tasked with updating the safe links policy. Your manager gives you the following 2 requirements: Block any access to the GitBit.org domain Track user clicks on any links to gitbit.org. What steps need to be completed to fulfill the requirements?
- Your organization has a Microsoft 365 tenant with Microsoft 365 E5 licenses. You've just implemented a Defender for Office 365 safe attachments policy for your entire organization. Your help desk is getting calls that emails containing attachments are taking a long to be received. You need to reconfigure the safe attachments policy so emails are received more quickly but the attachments still need to be scanned for malware and any attachments with malware must be blocked. How should you reconfigure the safe attachment policy?
- You've been tasked to create a group that will be used for publishing sensitivity labels. The group must only contain user accounts. What are the possible ways to create the group?
- Your organization has a Microsoft 365 tenant with all computers running Windows 10 and are onboarded to Microsoft Defender for Endpoint. Your organization has a device group named DeviceGroupA. Your manager has asked you to enable delegation for the security settings of the devices in DeviceGroupA. What do you need to do?
- Your organization has a Microsoft 365 tenant named GitBit.org that contains the following users. Your organization has registered the following devices in Azure AD. You create the app protection policies in the Microsoft Endpoint Manager admin center as shown below. Check the box next to each true statement below.
- Where can you go to approve Customer Lockbox requests?
- What are two ways you can create a group that will be used to provide limited access to Windows Analytics?
- Your organization has Microsoft 365 tenant configured with a hybrid on-premises Exchange server. All computers in the organization run Windows 10 Enterprise, are joined to the domain, and use Microsoft Office 365 ProPlus. You have a server named ServerA that runs Windows Server 2016 and hosts the telemetry database. You've been tasked with preventing private details in the telemetry data from being sent to Microsoft. What should you do?
- Your manager discovers that users are sharing Microsoft SharePoint files and content with external people. He has asked you to block sharing invitations to any external users except users from gitbit.org. How do you complete the task?
- You have a Microsoft 365 tenant with the following devices enrolled in Intune. You've configured the following compliance policies in Intune including the groups they are assigned to: What policies will apply to which devices?
- Your organization has an on-premises Active Directory domain that runs Windows Server 2022 servers and has advanced auditing enabled. Your organization is already collecting the servers' security logs using a third-party SIEM solution. Your organization has purchased a Microsoft 365 tenant and your manager has asked you to deploy Microsoft Defender for identity by using standalone sensors. You need to configure the Defender for Identity standalone sensor to detect when certain sensitive groups are updated and any time malicious services are created. How can you fulfill your manager's request?
- You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit. Check the box next to each correct statement
- You have a Microsoft 365 Enterprise E5 subscription. You use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP). You plan to use Microsoft Office 365 Attack simulator. What is a prerequisite for running an Attack simulator?
- Your organization has Microsoft 365 tenant with Microsoft 365 E5 licenses. The tenant contains the following users. Your manager has asked you which admins can enable Microsoft Defender for Endpoint roles. Click the check box next to each user that can enable Microsoft Defender for Endpoint roles.
- Your company has 500 computers. You plan to protect the computers by using Microsoft Defender for Endpoints. Twenty of the computers belong to company executives. You need to recommend a remediation solution that meets the following requirements: Microsoft Defender for Endpoints administrators must manually approve all remediation for the executives Remediation must occur automatically for all other users What should you recommend doing from Windows Defender Security Center?
- Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table. You plan to implement Defender for Identity for the domain. You install a Defender for Identity standalone sensor on Server1. You need to monitor the domain by using Defender for Identity. What should you do?
- You have a Microsoft 365 tenant. Your manager asks you to enable auditing for all Microsoft Exchange Online mailboxes/users. What should you do?
- A new admin has started with your organization the new admin will need to manage Exchange Online. You've been asked to grant the new user the required permissions. What steps should you take to complete the task?
- You have a Microsoft 365 tenant that's licensed for Microsoft Defender for Endpoint. You have the following devices enrolled in Microsoft Endpoint Manager. You've integrated Endpoint Manager and Microsoft Defender for Endpoint. You plan to evaluate the risk level for all the devices listed above. Which devices can be evaluated?
- Your organization has a Microsoft 365 tenant. The organization has the offices shown below. The Microsoft 365 tenant has the following users. Your tenant has the following Microsoft Cloud App Security policy. Check the box next to each true statement.
- Your organization has the offices in the following chart. Each office has the following IP addresses. You've configured named locations in Azure AD as below. An address space of 198.35.3.0/24 is defined in the trusted IPs list on the Multi-Factor Authentication page. MFA is enabled for the users in the sales department. You are evaluating which sales department users will be prompted for MFA. Check the box for each true statement.
- You have a Microsoft 365 subscription. All computers run Windows 10 Enterprise and are managed by using Microsoft Intune. You plan to view only security-related Windows telemetry data. You need to ensure that only Windows security data is sent to Microsoft. What should you create from the Intune admin center?
- You've been tasked with configuring groups so they expire unless the group owners renew the group. Where do you go to configure group expiration?
- You have a Microsoft 365 tenant with the domain name GitBit.org. You configure the Sharing settings in Microsoft SharePoint Online admin center as shown below. Check the box next to each statement that's true.
- You have a Microsoft 365 subscription. From the Security & Compliance admin center, you create the retention policies shown in the following table. Policy1 is configured as showing in the following exhibit. Policy2 is configured as shown in the following exhibit. For each of the following statements, check the box if the statement is true.
- Your company has a Microsoft 365 subscription. The company does not permit users to enroll personal devices in mobile device management (MDM). Users in the sales department have personal iOS devices. You need to ensure that the sales department users can use the Microsoft Power BI app from iOS devices to access the Power BI data in your tenant. The users must be prevented from backing up the app data to iCloud. What should you create?
- A colleague has been asked to deploy several Microsoft Defender for Identity sensors. He's asked you to give him the Azure information required to deploy the sensors. What information should you provide?
- All the devices in the Microsoft 365 tenant are managed by using Microsoft Intune. Your organization has purchased an app named AppA. AppA that supports Microsoft's session controls. Your manager asks you to configure AppA so it can be reviewed in real-time. What do you need to do?
- Your organization has a Microsoft 365 tenant. Your organization has a user named John Gruber. Several users have full access to John Gruber's mailbox. A few emails that were sent to John Gruber have been read and deleted before John Gruber viewed them. You've been asked to see who accessed and deleted the emails. You search the audit log in the Microsoft Defender admin center to see who read and deleted the emails but the audit logs are blank. So your manager has asked you to configure the audit logs so your can view who accessed the mailbox in the future. What Exchange PowerShell commands do you need to run to verify you can see the audit logs in the future?
- A user calls the help desk and informs you that changes were made to several files on his Microsoft OneDrive. He's asked you to get a report of everyone that's modified files in his OneDrive. What do you do?
- Your organization is using a Microsoft 365 tenant. From the Microsoft 365 admin center, you create a new user named John Gruber. You were requested to assign the User Administrator role to John Gruber but before you do your boss wants to know everything the role will give John access to. Which admin centers could you use to view the permissions of an administrator role?
- You have a Microsoft 365 tenant with the following user accounts configured. On what user accounts would User2 be unable to reset passwords?
- You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription. You need to allow a user named User1 to view ATP reports from the Threat management dashboard. Which role provides User1 with the required role permissions?
- Your organization has a Microsoft 365 tenant with a user named John Gruber. The CEO of your organization believes John Gruber may have sent email messages to one of your rivals with company secrets. You must provide a way to review any emails sent by User1 to the rival, even those that were deleted after being sent.
- The devices enrolled in Intune are configured as shown in the following table: The device compliance policies in Intune are configured as shown in the following table: The device compliance policies have the assignments shown in the following table: The Mark devices with no compliance policy are assigned as Compliant. You are evaluating which devices are compliant with Intune. Check the box if the device is compliant
- Your organization has a Microsoft 365 tenant. Your manager has asked you to re-configure the Microsoft 365 tenant to meet the following security requirements: Admins need to be informed when the Security administrator role is activated. Users assigned the Security Administrator role need to be automatically removed if they don't log in for 30 days. Which Azure AD PIM setting should you re-configure to meet the security requirements.
- Your organization has a Microsoft 365 tenant that's syncing the users and groups from an on-premises AD. You've been asked to configure a new group that will be used for publishing sensitivity labels to pilot users. The group must contain only user accounts (excluding guest accounts). The membership of the group should be automatically updated.
- Your organization has a hybrid Microsoft 365 tenant with an Exchange on-premises server. You've been asked to implement Microsoft 365 Attack Simulator but before you do your manager needs to know who can receive the fake threats. Which users should you tell your boss can receive the attack simulation fake threats?
- Your organization has a Microsoft 365 tenant and has Microsoft Defender for Identity configured. You turn the delayed deployment of updates on for a server named ServerA. How long will the delay be for updates to ServerA?
- Your manager has asked you to set up the Microsoft 365 tenant so users can only join 5 devices to the tenant. What do you need to do to configure it?
- You have a Microsoft 365 E5 subscription. You need to ensure that users who are assigned the Exchange administrator role have time-limited permissions and must use multi-factor authentication (MFA) to request the permissions. What should you use to achieve the goal?
- Your organization has a Microsoft 365 tenant with Microsoft 365 E5 licenses assigned to everyone. Your organization is currently using Microsoft Defender for Endpoint. You've been tasked with integrating Microsoft Defender for Office 365 and Microsoft Defender for Endpoint. Where do you configure the integration?
- You have a Microsoft 365 tenant with Defender for Endpoint. Intune is set up and installed on your Windows 10 devices. You open the Microsoft Endpoint Manager admin center and create an attack surface reduction policy. The policy is shown in the image below. Check the box next to each statement that's true.
- Your organization has the IP address ranges shown below. Users must use MFA unless they are signing in from the internal network of the Chicago office. Which IP addresses should you configure in the Trusted IP list for MFA?
- Your organization has a Microsoft 365 tenant with a SharePoint Online site named SiteA. SiteA has the following files/folders. At 9:00, you create a Microsoft Cloud App Security policy named PolicyA shown below. Then you upload the files to SiteA Mark the checkbox next to each true statement.
- Your organization has a Microsoft 365 tenant with many Microsoft Defender for Office 365 policies configured. Your manager has asked you to grant John Gruber the ability to view Microsoft Defender for Office 365 reports through the dashboard. Which role should you assign to John Gruber?
- Your organization has a Microsoft Sentinel workspace that has a connector configured to Azure AD and Microsoft Office 365. You need to configure a Fusion rule template to detect multistage attacks where users sign in by using compromised credentials. Then they delete multiple files from Microsoft OneDrive. What do you need to do after you create an active rule that has the default settings?
- Your manager has asked you to block any access to the site malware.gitbit.org. He wants to ensure you block the site from being opened from within an email or any Microsoft Office application. How can you fulfill his request?
- You have a Microsoft 365 subscription. The Global administrator role is assigned to your user account. You have a user named Admin1. You create an eDiscovery case named Case1. You need to ensure that Admin1 can view the results of Case1. What should you do first?
- Your organization has a Microsoft 365 tenant with the following users. UserA is a member of Group1 UserB is a member of Group2 UserC is a member of Group3 Your organization implements Microsoft Defender for Endpoints. Microsoft Defender for Endpoints is configured with the following roles. Microsoft Defender for Endpoints contains the following machine groups. check the box next to each true statement.
- Your organization has a Microsoft 365 tenant with a primary domain of gitbit.org The following Windows 10 devices are joined to Azure AD. What devices can you use BitLocker to Go? What devices can you turn on auto-unlock?
- You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription. You need to allow a user named User1 to view ATP reports in the Threat management dashboard. Which role provides User1 with the required role permissions?
- your organization has a Microsoft 365 tenant with the following users. Your organization has implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM). From PIM, you see the Application Administrator role has the following users. PIM is configured to use the following settings for users with the Application Administrator role assigned. Require approval to activate: Yes Approvers: None Check the box next to each true statement.
- Your organization has a Microsoft 365 tenant. Some users access Microsoft SharePoint Online from unmanaged personal devices. Your manager has asked you to prevent the users from downloading, printing, and syncing files from their unmanaged personal devices. What do you need to do?
- Your organization has a Microsoft 365 but doesn't have the Azure AD premium licenses. Your manager has asked you to configure MFA on John's user account. You need to ensure John has to use MFA for all authentication requests. What should you do to complete the task?
- You recently created and published several labels policies in a Microsoft 365 subscription. You need to view which labels were applied by users manually and which labels were applied automatically. What should you do from the Compliance admin center?
- Your organization has a Microsoft 365 tenant with a default domain of gitbit.org Your organization's Azure AD contains the following users. Your organization's Microsoft Endpoint Manager admin center shows the following devices enrolled. Both devices have three apps named AppA, AppB, and AppC installed. You create an app protection policy named ProtectionPolicyA that has the following settings: Protected apps: AppA Exempt apps: AppB Windows Information Protection mode: Block You apply ProtectionPolicyA to Group1 and Group3. You exclude Group2 from ProtectionPolicyA. Check the box next to each true statement
- Your organization has an on-premises Active Directory domain named gitbit.org Your organization has installed Azure AD Connect on a server to sync your on-premises AD to Microsoft 365. There's an error in the sync. You've been tasked with finding and resolving the error. You need to view Azure AD Connect events. What event logs do you use?
- Your organization has a Microsoft 365 tenant with the primary domain of gitbit.org OneDrive contains the following files that are shared externally. You create a data loss prevention (DLP) policy and apply it to OneDrive. You configure the DLP policy with the following rules Rule 1: Applies when content is marked with Label1 and shared with people outside my organization Restrict access by blocking people outside your organization. Notify the user who shared or last modified the content. Allow overrides from Microsoft 365 services. Priority: 0 Rule2: Applies when content is marked with Label1 or Label2 Block everyone from accessing the content excluding the owner and last modifier Priority: 1 Rule3: Applies when content is marked with Label2 and shared with people outside my organization Restrict access by blocking people outside your organization. Notify the user who shared or last modified the content. Allow overrides from Microsoft 365 services. Priority: 2 Check the box next to each true statement
- You have an Azure AD tenant named GitBit.org that contains the following users. You add configure the following group naming policies: The word internal is added to the list of blocked words. You set GitBit- as a prefix. Check the box next to each true statement below.
- Your organization has a Microsoft 365 tenant. You need to include a sensitive information type in Data Subject Request cases. Which four actions should you perform in sequence?
- Your network contains an Active Directory domain named GitBit.org. The domain contains a VPN server named VPN1 that runs Windows Server 2016 and has the Remote Access server role installed. You have a Microsoft Azure subscription. You are deploying Microsoft Defender for Identity. You install the Microsoft Defender for Identity sensor on a server named Server1 that runs Windows Server 2016. You need to integrate the VPN and Defender for Identity. What should you do?
- Your organization has a Microsoft 365 tenant. The security requirements have changed and any admins who manage Microsoft 365 must be limited in their administrative actions for three hours at a time. Global administrators must be exempt from this requirement Your organizations current configuration of Azure AD Privileged Identity Management is shown below. What changes do you need to make to meet the new security requirements?
- Your organization has a Microsoft 365 tenant. User accounts are synced from your organization's human resources system to Azure AD. Your organization has five departments that each have there own Microsoft SharePoint Online site. Every user must be granted access to their own department's site. No users should be able to access a site that is not a member of the site's respective department. Your manager has asked you to configure the security of the SharePoint sites. He's given you the following requirements: Users should be automatically added to the security group corresponding to their department. All group owners must verify their group membership only contains their department's users once a month. How do you configure Microsoft 365 to meet the security requirements?
- Your organization has a Microsoft 365 tenant. You've been tasked with updating the security requirements of the tenant. If an authentication attempt is suspicious, your manager wants MFA to be required regardless of the user's location. What policy do you need to update to meet the security requirements?
- Your organization has a Microsoft 365 tenant and a database that stores customer information. Each customer has a unique 10-digit ID that starts with Git- and then has the 10 digit ID. Your manager has asked you to implement a data loss prevention (DLP) policy that meets the following security requirements: Emails that contain a single customer ID can be sent. Emails that contain more than 2 customer IDs must not be sent until they are approved by the company's data privacy team. Which two components should you configure?
- You have a Microsoft 365 subscription. You are creating a retention policy named Retention1 as shown in the following exhibit. You apply Retention1 to SharePoint sites and OneDrive accounts.
- You have a Microsoft 365 tenant that contains a user named User1. You have already created an eDiscovery case named CaseA. You need to allow John Gruber to export CaseA. Your organization requires you to use the principle of least privilege. Which role should you grant to John Gruber to fulfill the request above?
- You need to ensure that unmanaged mobile devices are quarantined when the devices attempt to connect to Exchange Online. What steps should you take to complete the task?
- You have a Microsoft 365 tenant with a Microsoft Sentinel workspace. You've been asked by your manager to configure Microsoft 365 so you can manage incidents based on alerts generated by Microsoft Cloud App Security. What do you need to do first?
- You have a Microsoft 365 tenant with Microsoft 365 E5 licenses. Most of your users are required to use an authenticator app to access Microsoft 365. You need to view which users have used an authenticator app to access Microsoft 365. What should you do?
- You have a Microsoft 365 subscription. You have a user named User1. Several users have full access to the mailbox of User1. Some email messages sent to User1 appear to have been read and deleted before the user viewed them. When you search the audit log in Security & Compliance to identify who signed in to the mailbox of User1, the results are blank. You need to ensure that you can view future sign-ins to the mailbox of User1. You run the Set-Maibox -Identity "User1" -AuditEnabled $true command. Does that meet the goal?
- Your organization is currently using Microsoft 365. Your manager has asked you where he can go to audit the sign in's of any user with the user administrator role. Where you should tell him to go?
- You have a Microsoft 365 subscription. You identify the following data loss prevention (DLP) requirements: Send notifications to users if they attempt to send attachments that contain EU Social Security Numbers (SSN) or Equivalent ID. Prevent any email messages that contain credit card numbers from being sent outside your organization. Block the external sharing of Microsoft OneDrive content that contains EU passport numbers. Send administrators email alerts if any rule matches occur. What is the minimum number of DLP policies and rules you must create to meet the requirements? To answer, select the appropriate options in the answer area.
- Your organization has a Microsoft 365 tenant with all users hosted in Exchange Online. It's a new tenant and all the defaults are still in place. You manage email security. Where do suspicious emails go?
- Your organization has the DLP policy shown below. What will happen if a user sends an email that contains a credit card number?
- Your organization has a Microsoft 365 tenant with Microsoft 365 E5 licenses. Your manager has asked you to reconfigure the email filter to deliver any emails that contain malware without the attachment. What two options do you need to configure?
- You have a Microsoft 365 tenant. You have 500 computers that run Windows 10. You plan to monitor the computers by using Microsoft Defender for Endpoint after the computers are enrolled in Microsoft Intune. You need to ensure that the computers connect to Microsoft Defender for Endpoint. How should you prepare Intune for Microsoft Defender for Endpoint?
- You have a Microsoft 365 tenant with Microsoft 365 E5 licenses. A user named John Gruber is configured to receive alerts from Azure AD Identity Protection as shown below. Your tenant contains the following users. The user sign-in log is shown below Check the box next to each true statement.
- You have a Microsoft Sentinel workspace that has a connector to Azure AD and a connector to Microsoft Office 365. A new admin has been hired and needs to perform the following tasks. Create and run playbooks. Manage incidents. Which two roles could you assign to the new user?
- You configure several Advanced Threat Protection (ATP) policies in a Microsoft 365 subscription. You need to allow a user named User1 to view ATP reports in the Threat management dashboard. Which role provides User1 with the required role permissions?
- You have a Microsoft 365 tenant named GitBit.org that contains the following users: You create an Azure AD Identity Protection sign-in risk policy. You've assigned the policy to GroupA and excluded GroupB. You've set the sign-in risk condition to low and above. You've set the access control to Allow access, require MFA You need to understand how the policy will affect your users. What will happen when one of the user's signs in from an anonymous IP address?
- Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the groups shown in the following table. The domain is synced to a Microsoft Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table. You create an Information Protection label policy named Policy1. You need to apply Policy1. To which groups can you apply Policy1?