You have a Microsoft 365 E5 subscription that contains a user named User1 and the groups shown in the following table.

You have the Compliance Manager improvement action shown in the following exhibit

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
User 1, Group 1, and Group 2
27/27
SSPR (Self-Service Password Reset) does not require an E5 license. SSPR is included in Microsoft 365 and Office 365 subscriptions, including lower-tiered plans such as Microsoft 365 Business Standard and Office
365 E3.
Microsoft 365 Groups can be configured to use SSPR (Self-Service Password Reset). In fact, Microsoft 365 Groups inherit the SSPR settings from the underlying Azure Active Directory (Azure AD) tenant.
SSPR (Self-Service Password Reset) can also be configured for security groups in Microsoft 365.
Like Microsoft 365 Groups, security groups in Microsoft 365 inherit the SSPR settings from the underlying Azure Active Directory (Azure AD) tenant. To enable SSPR for security groups, you need to ensure that SSPR is enabled in your Azure AD tenant and that the appropriate user accounts are registered for SSPR.

Comment: *

Name: *

Email: *

Verification: *

Case Study 1 - Fabrikam, Inc
Overview
Fabrikam, Inc. is a consulting company that has a main office in Montreal and six branch offices in New York, Seattle, Miami, Houston, Los Angeles, and Vancouver.
Existing Environment
Cloud Environment
Fabrikam has a Microsoft 365 tenant that contains the following resources:
An Azure Active Directory (Azure AD) tenant that syncs to an on-premises Active Directory domain named corp.fabrikam.com Microsoft Cloud App Security connectors configured for all supported cloud applications used by the company Some users have company Dropbox accounts.
Compliance Configuration
Fabrikam has the following in the Microsoft 365 compliance center:
A data loss prevention (DLP) policy is configured. The policy displays a tooltip to users. Users can provide a business justification to override a DLP policy violation.
The Azure Information Protection unified labeling scanner is installed and configured.
A sensitivity label named Fabrikam Confidential is configured.
An existing third-party records management system is managed by the compliance department.
Human Resources (HR) Management System
The HR department has an Azure SQL database that contains employee information. Each employee has a unique 12-character alphanumeric ID. The database contains confidential employee attributes including payroll information, date of birth, and personal contact details.
On-Premises Environment
You have an on-premises file server that runs Windows Server 2019 and stores Microsoft Office documents in a shared folder named Data.
All end-user computers are joined to the corp.fabrikam.com domain and run a third-party antimalware application.
Business Processes
Sales Contracts
Users in the sales department receive draft sales contracts from customers by email. The sales contracts are written by the customers and are not in a standard format.
Employment Applications
Employment applications and resumes are received by HR department managers and stored in either mailboxes, Microsoft SharePoint Online sites, OneDrive for Business folders, or Microsoft Teams channels.
The employment application form is downloaded from SharePoint Online and a serial number is assigned to each application.
The resumes are written by the applicants and are in any format.
Requirements
HR Requirements
You need to create a DLP policy that will notify the HR department of a DLP policy violation if a document that contains confidential employee attributes is shared externally. The DLP policy must use an Exact Data Match (EDM) classification derived from a CSV export of the HR department database.
The HR department identifies the following requirements for handling employment applications:
Resumes must be identified automatically based on similarities to other resumes received in the past.
Employment applications and resumes must be deleted automatically two years after the applications are received.
Documents and emails that contain an application serial number must be identified automatically and marked as an employment application.
Sales Requirements
A sensitivity label named Sales Contract must be applied automatically to all draft and finalized sales contracts.
Compliance Requirements
Fabrikam identifies the following compliance requirements:
All DLP policies must be applied to computers that run Windows 10, with the least possible changes to the computers.
Users in the compliance department must view the justification provided when a user receives a tooltip notification for a DLP violation.
If a document that has the Fabrikam Confidential sensitivity label applied is uploaded to Dropbox, the file must be deleted automatically.
The Fabrikam Confidential sensitivity label must be applied to existing Microsoft Word documents in the Data shared folder that have a document footer containing the following string: Company use only.
Users must be able to manually select that email messages are sent encrypted. The encryption will use Office 365 Message Encryption (OME) v2. Any email containing an attachment that has the Fabrikam Confidential sensitivity label applied must be encrypted automatically by using OME.
Existing policies configured in the third-party records management system must be replaced by using Records management in the Microsoft 365 compliance center. The compliance department plans to export the existing policies, and then produce a CSV file that contains matching labels and policies that are compatible with records management in Microsoft 365.
The CSV file must be used to configure records management in Microsoft 365.
Executive Requirements
You must be able to restore all email received by Fabrikam executives for up to three years after an email is received, even if the email was deleted permanently.
Hotspot Question
You need to implement a solution to encrypt email. The solution must meet the compliance requirements.
What should you create in the Exchange admin center and the Microsoft 365 compliance center?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
The case study states that a sensitivity label has already been created, so all we need to do is find a way to apply this and encrypt.
When creating a DLP policy we can specify the locations, select the (already created) "Fabrikam Confidential" label and then add an action to restrict/encrypt.
When attempting to create an auto-labelling policy, we are asked to add a sensitive info type, which would need to be created. Since we have everything all ready to go in a DLP policy (and the label has already been created) then this is the quickest method.

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 subscription that has Enable Security defaults set to No in Azure AD.
You have a custom compliance manager template named Regulation1.
You have the assessments shown in the following table.

Assessment1 has the improvement actions shown in the following table.

Assessment2 has the improvement actions shown in the following table.

You perform the following actions:
* For Assessment2, change the Test status of Establish a threat intelligence program to Implemented.
* Enable multi-factor authentication (MFA) for all users.
* Configure a privileged access policy.
For each of the following statements, select Yes if the statement is true. Otherwise select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft 365 subscription that contains two Microsoft SharePoint Online sites named Site! and Site2. You plan to use policies to meet the following requirements:
* Add a watermark of Confidential to a document if the document contains the words Project1 or Project2.
* Retain a document for seven years if the document contains credit card information.
* Add a watermark of Internal Use Only to all the documents stored on Site2.
* Add a watermark of Confidential to all the documents stored on Site!
You need to recommend the minimum number of sensitive info types required. How many sensitive info types should you recommend?

• A.2
• B.1
• C.3
• D.4

Comment: *

Name: *

Email: *

Verification: *

You have a data loss prevention (DLP) policy configured for endpoints as shown in the following exhibit.

From a computer named Computer1, 3 user can sometimes upload files to cloud services and sometimes cannot. Other users experience the same issue. What are two possible causes of the issue? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A.The Copy to clipboard action is set to Audit only.
• B.The Access by unallowed apps action is set to Audit only.
• C.The unallowed browsers in the Microsoft 365 Endpoint data loss prevention (Endpoint DLP) settings are NOT configured.
• D.The computers are NOT onboarded to the Microsoft 365 compliance center.
• E.There are file path exclusions in the Microsoft 365 Endpoint data loss prevention (Endpoint DIP) settings.

Comment: *

Name: *

Email: *

Verification: *