- (Exam Topic 4)
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Microsoft 365 Username:
admin@LODSe244001@onmicrosoft.com Microsoft 365 Password: &=Q8v@2qGzYz
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only: Lab instance: 11032396
You need to create a case that prevents the members of a group named Operations from deleting email messages that contain the word IPO.
To complete this task, sign in to the Microsoft Office 365 admin center.
Solution:
* 1. Navigate to the Security & Compliance Center.
* 2. In the Security & Compliance Center, click eDiscovery > eDiscovery, and then click Create a case.
* 3. On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.
The new case is displayed in the list of cases on the eDiscovery page.
After you create a case, the next step is to add members to the case. The eDiscovery Manager who created the case is automatically added as a member. Members have to be assigned the appropriate eDiscovery permissions so they can access the case after you add them.
* 4. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
* 5. Click the name of the case that you want to add members to. The Manage this case flyout page is displayed.
* 6. Under Manage members, click Add to add members to the case.You can also choose to add a role group to the case. Under Manage role groups, click Add.
* 7. In the list of people or role groups that can be added as members of the case, click the check box next to the names of the people or role groups that you want to add.
* 8. After you select the people or role groups to add as members of the group, click Add.In Manage this case, click Save to save the new list of case members.
* 9. Click Save to save the new list of case members.
You can use an eDiscovery case to create holds to preserve content that might be relevant to the case. You can place a hold on the mailboxes and OneDrive for Business sites of people who are custodians in the case. You can also place a hold on the group mailbox, SharePoint site, and OneDrive for Business site for an Office 365 Group. Similarly, you can place a hold on the mailboxes and sites that are associated with Microsoft Teams or Yammer Groups. When you place content locations on hold, content is held until you remove the hold from the content location or until you delete the hold.
To create a hold for an eDiscovery case:
* 1. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
* 2. Click Open next to the case that you want to create the holds in.
* 3. On the Home page for the case, click the Hold tab.
* 4. On the Hold page, click Create.
* 5. On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.
* 6. (Optional) In the Description box, add a description of the hold.
* 7. Click Next.
* 8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.
* a. Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or teams again.
to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group. Select the user, group, team check box, click Choose, and then click Done.
* a. In the box under Keywords, type a search query in the box so that only the content that meets the search criteria is placed on hold. You can specify keywords, message properties, or document properties, such as file names. You can also use more complex queries that use a Boolean operator, such as AND, OR, or NOT. If you leave the keyword box empty, then all content located in the specified content locations will be placed on hold.
* b. Click Add conditions to add one or more conditions to narrow the search query for the hold. Each condition adds a clause to the KQL search query that is created and run when you create the hold. For example, you can specify a date range so that email or site documents that were created within the date ranged are placed on hold. A condition is logically connected to the keyword query (specified in the keyword box) by the AND operator. That means that items have to satisfy both the keyword query and the condition to be placed on hold.
* 9. After configuring a query-based hold, click Next.
* 10. Review your settings, and then click Create this hold. Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription
You need to ensure that users who are assigned the Exchange administrator role have time-limited permissions and must use multi factor authentication (MFA) to request the permissions.
What should you use to achieve the goal?
Correct Answer:
D
- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that has Microsoft Defender for Cloud Apps enabled. You need to create an alert in Defender for Cloud Apps when source code is shared externally.
Which type of policy should you create?
Correct Answer:
B
- (Exam Topic 4)
You have a Microsoft 365 subscription that contains several Windows 10 devices. The devices are managed by using Microsoft Intune.
You need to enable Windows Defender Exploit Guard (Windows Defender EG) on the devices. Which type of device configuration profile should you use?
Correct Answer:
A
References:
https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10
- (Exam Topic 4)
You have a Microsoft 365 tenant.
You have a database that stores customer details. Each customer has a unique 13-digit identifier that consists of a fixed pattern of numbers and letters.
You need to implement a data loss prevention (DLP) solution that meets the following requirements: 
Email messages that contain a single customer identifier can be sent outside your company. Email messages that contain two or more customer identifiers must be approved by the company’s data privacy team.
Which two components should you include in the solution? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
Correct Answer:
AD
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitive-information-type-entity-definitions?view=
