You have a Microsoft 365 E5 subscription.
You plan to create the data loss prevention (DLP) policies shown in the following table.

You need to create DLP rules for each policy.
Which policies support the sender is condition and the file extension is condition? To answer select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

Comment: *

Name: *

Email: *

Verification: *

HOTSPOT
You have an Azure AD tenant that contains the administrative units shown in the following table.

You have the following users:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A.A user named User1 that is assigned the Password Administrator for AU1 and AU2.
• B.A user named User2 that is assigned the User Administrator for AU1.
• C.A user named User3 that is assigned the User Administrator for the tenant.

Correct Answer: A

Explanation

Box 1: No
User1 is assigned the Password Administrator for AU1 and AU2.
User3 is in AU2. User3 is User Adminstrator.
Password administrators cannot reset User Administrators passwords.
Note: Password Administrator
Users with this role have limited ability to manage passwords. This role does not grant the ability to manage service requests or monitor service health. Whether a Password Administrator can reset a user's password depends on the role the user is assigned.

Box 2: Yes
Box 3: No
User1 is assigned the Password Administrator for AU1 and AU2.
User2 is in AU1. User2 is User Adminstrator.
Password administrators cannot reset User Administrators passwords.
Note: User Administrator
Can manage all aspects of users and groups, including resetting passwords for limited admins.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#who-can-reset-passwords
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

Comment: *

Name: *

Email: *

Verification: *

HOTSPOT
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.

The devices are configured as shown in the following table.

You have a Conditional Access policy named CAPolicy1 that has the following settings:
1.Assignments
* Users or workload identities: Group1
* Cloud apps or actions: Office 365 SharePoint Online
* Conditions
- Filter for devices: Exclude filtered devices from the policy
- Rule syntax: device.displayName -startsWith "Device"
2.Access controls
* Grant
- Grant: Block access
* Session: 0 controls selected
3.Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

Box 1: No
User1 is member of Group1 and has Device1.
Device1 is not Azure AD joined.
Note: Requiring a hybrid Azure AD joined device is dependent on your devices already being hybrid Azure AD joined.
Box 2: Yes
User2 is member of Group1 and has devices Device2 and Device3.
Device2 is Azure AD joined.
Device2 is excluded from CAPolicy1 (which would block access to Site1).
Box 3: Yes
User2 is member of Group1 and has devices Device2 and Device3.
Device3 is Android and is Azure AD registered.
Device3 is excluded from CAPolicy1 (which would block access to Site1).
Note: On Windows 7, iOS, Android, macOS, and some third-party web browsers, Azure AD identifies the device using a client certificate that is provisioned when the device is registered with Azure AD. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy- compliant-device

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 E5 tenant.
You need to ensure that administrators are notified when a user receives an email message that contains malware. The solution must use the principle of least privilege.
Which type of policy should you create and which Microsoft 365 compliance center role is required to create the pokey? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:

Comment: *

Name: *

Email: *

Verification: *

Your company has a Microsoft 365 subscription.
you implement sensitivity Doris for your company.
You need to automatically protect email messages that contain the word Confidential m the subject line.
What should you create?

• A.a data loss prevention (DLP) policy from the Microsoft 365 compliance center
• B.a mail flow rule from the Exchange admin center
• C.a message Dace from the Microsoft 365 security center
• D.a sharing policy from the Exchange admin center

Comment: *

Name: *

Email: *

Verification: *