Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
admin@[email protected]
Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only:
Lab instance: 11122308









You need to prevent any email messages that contain data covered by the U.K. Data Protection Act from being sent to recipients outside of your organization, unless the messages are sent to an external domain named adatum.com.
To complete this task, sign in to the Microsoft 365 admin center.

Correct Answer:

See explanation below.
Explanation
1. After signing into the Microsoft 365 admin center, navigate to Compliance Management in the Exchange Admin center.
2. Click on "Data Loss Prevention" option.
3. To add a new custom DLP policy, Click on (+) plus button to get the context menu
4. Click on "New Custom DLP policy" option, a new window appears where you have to enter policy name, description, state and mode of the requirement details. Click on save button to create policy and continue...
5. You will be back to the "Data Loss Prevention" screen with newly added policy information.
6. Double click on the added row to open the policy details, click on rules option in left part of the screen as depicted
7. Click on (+) plus button to add a new rule. Select the "Block messages with sensitive information" rule.
8. On the following screen, we can add condition, action, exceptions, rule activation and deactivation dates

9. Click on "Select Sensitive information Types" to specify the sensitive information details.

10. Click on (+) plus button and add the following Sensitive information Types:
* U.K. National Insurance Number (NINO
* U.S. / U.K. Passport Number
* SWIFT Code
11. Click on Ok
12. Add an exception for recipients in the adatum.com domain
13. Add recipients for incident reports and click ok
14. Click save
15. Click save
Reference:
https://events.collab365.community/configure-data-loss-prevention-policies-in-exchange-online-in-office-365/

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 E5 subscription.
From Microsoft Azure Active Directory (Azure AD), you create a security group named Group1. You add 10 users to Group1.
You need to apply app enforced restrictions to the members of Group1 when they connect to Microsoft Exchange Online from non-compliant devices, regardless of their location.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 subscription linked to an Azure Active Directory (Azure AD) tenant that contains a user named User1. You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege. Which rote should you assign to User1?

• A.the View-Only Audit Logs role m the Security & Compliance admin
• B.the Security reader role in the Azure Active Directory admin center
• C.the View-Only Audit Logs role in the Exchange admin center
• D.the Compliance Management role in the Exchange admin center

Comment: *

Name: *

Email: *

Verification: *

You configure Microsoft Azure Active Directory (Azure AD) Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You plan to implement Azure Active Directory (Azure AD) Identity Protection.
You need to identify which users can perform the following actions:
Configure a user risk policy.
View the risky users report.
Which users should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

Comment: *

Name: *

Email: *

Verification: *