MS-900 Simulado Modulo 4

A company deploys Microsoft Azure AD. You enable multi-factor authentication.

You need to inform users about the multi-factor authentication methods that they can use.

Which of the following methods is NOT a valid multi-factor authentication method in Microsoft 365?

Receive an automated call on the desk phone that includes a verification code.
Use the Microsoft Authenticator mobile application to receive a notification and authenticate.
Receive a call on a phone.
Enter a Windows 10 PIN code when prompted.

A company deploys Microsoft Azure AD. You run the Identity Secure Score report. The report displays five security items.

Which three security items on the report have the most impact on the score? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Enable policy to block legacy authentication.
Enable user risk policy.
Require multi-factor authentication for all users.
Delete/block accounts not used in last 30 days.
Do not expire passwords.

You deploy Enterprise Mobility + Security E5 and assign Microsoft 365 licenses to all employees.

Employees must not be able to share documents or forward emails that contain sensitive information outside the company.

You need to enforce the file sharing restrictions.

What should you do?

Use Microsoft Azure Information Protection to define a label. Associate the label with an Azure Rights Management template that prevents the sharing of files or emails that are marked with the label.
Create a Microsoft SharePoint Online content type named "Sensitivity". Apply the content type to other content types in Microsoft 365. Create a Microsoft Azure Rights Management template that prevents the sharing of any content where the Sensitivity column value is set to Sensitive.
Use Microsoft Azure Information Rights Protection to define a label. Associate the label with an Active Directory Rights Management template that prevents the sharing of files or emails that are marked with the label.
Create a label named Sensitive. Apply a Data Layer Protection policy that notifies users when their document contains personally identifiable information (PII).

You manage a local Active Directory Domain Services environment. Your company purchases an Enterprise E1 license for all users.

You need to implement self-service password reset. You want to achieve this goal while minimizing costs.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Upgrade your subscription to Azure AD Premium P2.
Deploy Azure AD Connect.
Deploy Azure Information Protection.
Upgrade your subscription to Azure AD Premium P1.

You are a Microsoft 365 administrator for a company.

What are two ways that you can ensure data security? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

service-level encryption using customer-provided key
tenant-dedicated Microsoft Azure AD encryption using customer-provided key
single-tenant infrastructure partitions for sensitive data
data transfer using transport-layer security (TLS)

You are a Microsoft 365 administrator for a company.

You need to identify security vulnerabilities by using the Office 365 Attack Simulator.

Which three attack simulations are available? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Brute-force password
Cross-site scripting
Password-spray
Denial-of-service
Display name spear-phishing

Your organization plans to deploy Microsoft 365 in a hybrid scenario.

You need to ensure that employees can use a smart card for authentication.

Which hybrid identity solution should you implement?

password hash synchronization with single sign-on
Active Directory Federation Services (AD FS)
PingFederate and federation integration
pass-through authentication and single sign-on

You need to ensure that the process by which users sign in to Microsoft 365 confirms the identity of the user.

Which feature should you use?

mobile application management (MAM)
Advanced Threat Protection (ATP)
Multi-Factor Authentication (MFA)
data loss prevention (DLP) policies

You are a Microsoft 365 administrator for a company.

You need to ensure that company documents are marked as confidential. You must prevent employees from sharing documents with people outside the company.

What are two possible ways to achieve the goal? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Validate outbound emails by using DomainKeys Identified Mail (DKIM)
Create sensitive information types
Configure Secure/Multipurpose Internet Mail Extensions (S/MIME) settings for Outlook
Create a data-loss prevention policy
Apply sensitivity labels to documents

You are the Microsoft 365 administrator for a company.

An employee requests personal data under General Data Protection Regulation (GDPR) guidelines.

You need to retrieve data for the employee.

What should you do?

Create a data subject request case.
Create a retention policy.
Create a data-loss prevention policy.
Create a GDPR assessment.

A company has a Microsoft 365 subscription. Employees use personal devices to access company data in the cloud.

You need to restrict employees from copying data to personal OneDrive folders.

What should you use?

Information Rights Management
Microsoft Azure Security Center
Office 365 Advanced Threat Protection
Microsoft Endpoint Manager

You are the network administrator of a company.

The Microsoft 365 tenant contains sensitive information. Employees must verify their identities when they sign into Microsoft 365 by providing information in addition to their Azure AD password.

You need to select the tools that employees can use to verify their identities.

Which two tools should you select? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Customer Lockbox for Office 365
Microsoft Security Center
Windows Hello for Business
Microsoft Authenticator

You need to move videos to a Microsoft 365 tenant and ensure that the contents are automatically transcribed.

Which Microsoft 365 service should you use?

Yammer
Stream
Power Automate

An organization uses Microsoft 365 Business to secure their data.

Many users install the organization’s data on their personal tablets and phones.

You need to protect the organization’s data stored on users’ devices.

Which three features support device security? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Remotely wiping company data
Enabling Advanced Threat Protection for users
Disabling the device remotely
Automatically deleting files after 90 days of inactivity
Requiring users to have a PIN on their device

This question requires that you evaluate the underlined text to determine if it is correct.

You use Microsoft Intune for device management. You must determine how many devices run each operating system.

You must launch Intune and navigate to the Mobile Apps blade.

Select the correct answer if the underlined text does not make the statement correct. Select “No change is needed” if the underlined text makes the statement correct.

Device configuration
Device compliance
No change is needed
Devices

You are the Microsoft 365 administrator for a company.

You need to ensure that users receive a warning message if they select links in emails that might be unsafe.

What should you do?

Use Windows PowerShell to install the latest antimalware engine updates
Enable Microsoft Office 365 Advanced Threat Protection
Use the Microsoft Exchange Admin Center to configure a new spam-filter policy
Use the Microsoft Exchange Admin Center to create a new antimalware policy

A business acquaintance from another company sends you a document that is encrypted by Azure Information Protection (AIP).

You are unable to open the document because the user account cannot be authenticated by the company’s Azure Active Directory.

You need to access the document.

What should you do?

Implement Azure Rights Management (RMS) for individuals for the user account.
Implement Information Rights Management (IRM) for the Office application.
Upgrade your account to include AIP for Office 365.

A company deploys Microsoft Azure AD. You enable multi-factor authentication.

You need to inform users about the multi-factor authentication methods that they can use.

Which of the following methods is NOT a valid multi-factor authentication method in Microsoft 365?

Receive an automated call on the desk phone that includes a verification code
Insert a small card in to a desktop computer and provide a PIN code when prompted
Receive a call on a mobile phone and select the pound sign (#) when prompted
Receive an SMS text message that includes a verification code

You are a Microsoft 365 administrator for a company.

Several users report that they receive emails which have a PDF attachment. The PDF attachment launches malicious code.

You need to remove the message from inboxes and disable the PDF threat if an affected document is opened.

Which feature should you implement?

Microsoft Exchange Admin Center block lists
Sender Policy Framework
Advanced Threat Protection anti-phishing
zero-hour auto purge
DKIM signed messages with mail flow rules

You are the Microsoft 365 administrator for a company.

All staff must use Microsoft Outlook to access corporate email. When users access Outlook on mobile devices, they must use a PIN to open the application.

You need to implement a Microsoft Intune policy to enforce the security requirements.

Which policy should you use?

device compliance
device configuration
app protection
app configuration

A company deploys Exchange Online and SharePoint Online.

You must audit and assessment reports for the Microsoft 365 cloud services that the company uses.

You need to provide the required documents.

Which Microsoft site should you use to obtain this information?

Compliance Manager
Service Trust Portal
Office 365 Security and Compliance Center
Azure portal

A company is planning to use Microsoft Threat Protection.

The company needs to protect Windows 10 client computers from malicious viruses. The company also needs to identify unauthorized cloud apps that are used by end users.

You need to identify the Microsoft Threat Protection solutions that meet the requirements.

Which two solutions should you choose? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Azure Advanced Threat Protection
Microsoft Defender Advanced Threat Protection
Office 365 Advanced Threat Protection
Microsoft Cloud App Security

A company has Microsoft 365.

The company needs to secure their environment. They start by identifying the highest risks to security according to Microsoft.

You need to identify the security changes that are recommended by Microsoft 365.

Which tool should you choose?

Microsoft Intune
Microsoft Secure Score
Azure Information Protection scanner
Advanced Threat Analytics
Microsoft 365 compliance center

A company uses Microsoft 365.

The company wants users to be prompted for additional verification when they access a federated third-party application. However, users must not be prompted for additional verification when they access Microsoft Outlook.

You need to identify a solution that meets the requirements.

Which solution should you choose?

Conditional Access
Multi-factor authentication (MFA)
Active Directory Federation Services (AD FS)
Self-service password reset (SSPR)

A company plans to migrate to Microsoft 365.

You need to advise the company about how Microsoft provides protection in a multitenancy environment.

What are three ways that Microsoft provides protection? Each correct answer presents part of the solution. (Choose three.)

NOTE: Each correct selection is worth one point

Customer content at rest is encrypted on the server by using BitLocker.
Microsoft Azure AD provides authorization and role-based access control at the tenant layer.
Customer content at rest is encrypted on the server by using transport-layer security (TLS).
Microsoft Azure AD provides authorization and role-based access control at the transport layer.
Mailbox databases in Microsoft Exchange Online contain only mailboxes from a single tenant.
Mailbox databases in Microsoft Exchange Online contain mailboxes from multiple tenants.

You are the Microsoft 365 administrator for a company.

Your company plans to open a new office in the United Kingdom.

You need to provide penetration test and security assessment reports for the new office.

Where can you locate the required reports?

Data Governance page of the Security and Compliance portal
Compliance Manager page of the Services Trust portal
Data Loss Prevention page of the Security and Compliance portal
Regional Compliance page of the Services Trust portal

You are the Microsoft Office 365 administrator for a company.

You need to perform security and compliance reviews before new updates are distributed to the entire company.

What should you implement?

standard releases
Microsoft 365 Enterprise Test Lab
targeted releases
FastTrack

A company has a Microsoft 365 subscription that includes Office apps.
A user has identified a new issue while working with an app. When the user attempts to create a support request, the following message displays:

You don’t have parmission to access this page or perform this action.

You need to determine the cause of the error message.

What is the cause?

The user account is disabled.
The user does not have a license assigned for the app.
The user account is not a member of the global admin role.
The company does not have Premier support.

Your company purchases Microsoft 365 E3 and Azure AD P2 licenses.

You need to provide identity protection against login attempts by unauthorized users.

What should you implement?

Azure AD Identity Protection
Azure AD Privileged Identity Management
Azure Information Protection
Azure Identity and Access Management

You are a Microsoft 365 administrator for a company. Employees use Microsoft Office 365 ProPlus to create documents.

You need to implement document classification and protection by using Microsoft Azure Information Protection.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Add an Azure subscription to your Microsoft 365 tenant
Install the Azure Information Protection client
Create a custom Azure Information Protection policy with the Confidential label
Enable the default Azure Information Protection policy
Install the Rights Management Service client

A company uses Microsoft 365.

The company needs to label emails and documents that contain confidential text.

You need to identify a feature that meets this requirement.

Which feature should you choose?

Customer Key
Sensitivity label
Microsoft Outlook rule
Retention label

Simulado Summary

Information

Resultados

Resultados

Categories

1. Question

2. Question

3. Question

4. Question

5. Question

6. Question

7. Question

8. Question

9. Question

10. Question

11. Question

12. Question

13. Question

14. Question

15. Question

16. Question

17. Question

18. Question

19. Question

20. Question

21. Question

22. Question

23. Question

24. Question

25. Question

26. Question

27. Question

28. Question

29. Question

30. Question

31. Question