- (Exam Topic 4)
You have a Microsoft 365 E5 tenant that contains three users named User1, User2, and User3. You need to assign roles or role groups to the users as shown in the following table.
What should you use to assign a role or role group to each user? To answer, drag the appropriate tools to the correct roles or role groups. Each tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, text, application, chat or text message Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-co
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
You assign an enterprise application named App1 to Group1 and User2.
You configure an Azure AD access review of App1. The review has the following settings: 
Review name: Review1 Start date: 01–15–2020 Frequency: One time End date: 02–14–2020 Users to review: Assigned to an application Scope: Everyone Applications: App1 Reviewers: Members (self) Auto apply results to resource: Enable Should reviewer not respond: Take recommendations
On February 15, 2020, you review the access review report and see the entries shown in the following table:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Solution:
Graphical user interface, text Description automatically generated
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription that contains the users shown in the following table.
You discover that all the users in the subscription can access Compliance Manager reports. The Compliance Manager Reader role is not assigned to any users.
You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.
Solution: You recommend assigning the Compliance Manager Reader role to User5. Does this meet the goal?
Correct Answer:
B
- (Exam Topic 4)
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Microsoft 365 Username:
admin@LODSe00019@onmicrosoft.com Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only: Lab instance: 11122308
You need to create an Azure Information Protection label to meet the following requirements: 
Content must expire after 21 days.
Offline access must be allowed for 21 days only. Documents must be protected by using a cloud key. Authenticated users must be able to view content only.
To complete this task, sign in to the Microsoft 365 admin center.
Solution:
* 1. If you haven't already done so, open a new browser window and sign in to the Azure portal. Then navigate to the Azure Information Protection pane.
For example, in the search box for resources, services, and docs: Start typing Information and select Azure Information Protection.
* 2. From the Classifications > Labels menu option: On the Azure Information Protection - Labels pane, select the label you want to change.
On the Label pane, locate Set permissions for documents and emails containing this label, and select Protect.
* 3. Select Protection.
* 4. On the Protection pane, select Azure (cloud key).
* 5. Select Set permissions to define new protection settings in this portal.
* 6. If you selected Set permissions for Azure (cloud key), this option lets you select users and usage rights.
To specify the users that you want to be able to open protected documents and emails, select Add permissions. Then on the Add permissions pane, select the first set of users and groups who will have rights to use the content that will be protected by the selected label: Choose Select from the list where you can then add all users from your organization by selecting Add
When you choose all members or browse the directory, the users or groups must have an email address. In a production environment, users and groups nearly always have an email address, but in a simple testing environment, you might need to add email addresses to user accounts or groups. Change the File Content Expiration setting to 21 days. Change the Allow offline access setting to 21 days.
When you have finished configuring the permissions and settings, click OK.
This grouping of settings creates a custom template for the Azure Rights Management service. These templates can be used with applications and services that integrate with Azure Rights Management.
* 7. Click OK to close the Protection pane and see your choice of User defined or your chosen template display for the Protection option in the Label pane.
* 8. On the Label pane, click Save.
* 9. On the Azure Information Protection pane, use the PROTECTION column to confirm that your label now displays the protection setting that you want: A check mark if you have configured protection. An x mark to denote cancellation if you have configured a label to remove protection. A blank field when protection is not set.
When you clicked Save, your changes are automatically available to users and services. There's no longer a separate publish option.
Reference:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Microsoft 365 Username:
admin@LODSe00019@onmicrosoft.com Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only: Lab instance: 11122308
You need to protect against phishing attacks. The solution must meet the following requirements:
Phishing email messages must be quarantined if the messages are sent from a spoofed domain. As many phishing email messages as possible must be identified.
The solution must apply to the current SMTP domain names and any domain names added later. To complete this task, sign in to the Microsoft 365 admin center.
Solution:
* 1. After signing in to the Microsoft 365 admin center, select Security, Threat Management, Policy, then ATP Anti-phishing.
* 2. Select Default Policy to refine it.
* 3. In the Impersonation section, select Edit.
* 4. Go to Add domains to protect and select the toggle to automatically include the domains you own.
* 5. Go to Actions, open the drop-down If email is sent by an impersonated user, and choose the Quarantine message action.
Open the drop-down If email is sent by an impersonated domain and choose the Quarantine message action.
* 6. Select Turn on impersonation safety tips. Choose whether tips should be provided to users when the system detects impersonated users, domains, or unusual characters. Select Save.
* 7. Select Mailbox intelligence and verify that it's turned on. This allows your email to be more efficient by learning usage patterns.
* 8. Choose Add trusted senders and domains. Here you can add email addresses or domains that shouldn't be classified as an impersonation.
* 9. Choose Review your settings, make sure everything is correct, select Save, then Close. Reference:
https://support.office.com/en-us/article/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=
Does this meet the goal?
Correct Answer:
A
