HOTSPOT
-

You have a Microsoft 365 E5 subscription.

All corporate Windows 11 devices are managed by using Microsoft Intune and onboarded to Microsoft Defender for Endpoint.

You need to meet the following requirements:

• View an assessment of the device configurations against the Center for Internet Security (CIS) v1.0.0 benchmark.
• Protect a folder named C:\Folder1 from being accessed by untrusted applications on the devices.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

You have a Microsoft 365 subscription that contains the alerts shown in the following table.



Which properties of the alerts can you modify?

Correct Answer: B 🗳️

You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.

All the devices in your organization are onboarded to Microsoft Defender for Endpoint.

You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.

What should you do?

Correct Answer: C 🗳️

HOTSPOT
-

You have a Microsoft 365 E5 tenant that connects to Microsoft Defender for Endpoint.

You have devices enrolled in Microsoft Intune as shown in the following table.



You plan to use risk levels in Microsoft Defender for Endpoint to identify whether a device is compliant. Noncompliant devices must be blocked from accessing corporate resources.

You need to identify which devices can be onboarded to Microsoft Defender for Endpoint, and which Endpoint security policies must be configured.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

HOTSPOT
-

You have a Microsoft 365 E5 subscription.

You configure a new alert policy as shown in the following exhibit.



You need to identify the following:

• How many days it will take to establish a baseline for unusual activity
• Whether alerts will be triggered during the establishment of the baseline

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

You have a Microsoft 365 E5 tenant.

You create a retention label named Retention1 as shown in the following exhibit.



You apply Retention1 to all the Microsoft OneDrive content.

On January 1, 2020, a user stores a file named File1 in OneDrive.

On January 10, 2020, the user modifies File1.

On February 1, 2020, the user deletes File1.

When will File1 be removed permanently and unrecoverable from OneDrive?

Correct Answer: B 🗳️

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains a SharePoint site named Site1. Site1 contains the files shown in the following table.



You have the users shown in the following table.



You create a data loss prevention (DLP) policy with an advanced DLP rule and apply the policy to Site1. The DLP rule is configured as shown in the following exhibit.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named site1.

You need to ensure that site1 meets the following requirements:

• Retains all data for 10 years
• Prevents the sharing of data outside the organization

Which two items should you create and apply to site1? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Correct Answer: AB 🗳️

You have a Microsoft 365 E5 subscription.

From the Microsoft Purview compliance portal, you create a new data loss prevention (DLP) policy named DLP1 that protects financial data from being shared by using Microsoft Teams messages. You apply DLP1 to the users in the finance department.

An incident is raised when a finance department user named User1 shares financial data in a Teams channel that includes external members.

When User1 uses Teams to send the same message in a 1:1 chat or a private channel, the message is blocked as expected.

You need to ensure that User1 is prevented from sharing financial data in Teams channels that include external members.

What should you do?

Correct Answer: B 🗳️

You have a Microsoft 365 subscription.

You need to create a data loss prevention (DLP) policy that is configured to use the Set headers action.

To which location can the policy be applied?

Correct Answer: A 🗳️