On which server should you install the Azure ATP sensor?

A. Server 1

B. Server 2

C. Server 3

D. Server 4

E. Server 5

Which report should the New York office auditors view?

A. DLP policy matches

B. DLP false positives and overrides

C. DLP incidents

D. Top Senders and Recipients

You have a Microsoft 365 E5 subscription that uses Azure Advanced Threat Protection (ATP).

You need to create a detection exclusion in Azure ATP.

Which tool should you use?

A. the Security and Compliance admin center

B. Microsoft Defender Security Center

C. the Microsoft 365 admin center

D. the Azure Advanced Threat Protection portal

E. the Cloud App Security portal

You have a Microsoft 365 tenant that is signed up for Microsoft Store for Business and contains a user named User1. You need to ensure that User1 can perform the following tasks in Microsoft Store for Business:

Assign licenses to users.

Procure apps from Microsoft Store.

Manage private store availability for all items.

The solution must use the principle of least privilege.

Which Microsoft Store for Business role should you assign to User1?

A. Basic Purchaser

B. Device Guard signer

C. Admin

D. Purchaser

You have a Microsoft 365 E5 subscription.

You need to identify which users accessed Microsoft Office 365 from anonymous IP addresses during the last seven days.

What should you do?

A. From the Cloud App Security admin center, select Users and accounts.

B. From the Microsoft 365 security center, view the Threat tracker.

C. From the Microsoft 365 admin center, view the Security and compliance report.

D. From the Azure Active Directory admin center, view the Risky sign-ins report.

You have a Microsoft 365 tenant that contains a Windows 10 device named Device1 and the Microsoft Endpoint Manager policies shown in the following table.

A. only the settings of Policy!

B. only the settings of Policy2

C. only the settings of Policy3

D. no settings

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You need to be notified when a single user downloads more than 50 files during any 60- second period. What should you configure?

A. a session policy

B. a file policy

C. an activity policy

D. an anomaly detection policy

You have a new Microsoft 365 E5 tenant.

You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected.

What should you do first?

A. Enable auditing.

B. Enable Microsoft 365 usage analytics.

C. Create an Insider risk management policy.

D. Create a communication compliance policy.

You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.

You plan to review device startup performance issues by using Endpoint analytics.

Which devices can you monitor by using Endpoint analytics?

A. Device1 only

B. Device1 and Device2 only

C. Device1, Device2, and Device3 only

D. Device1, Device2, and Device4 only

E. Device1, Device2, Device3, and Device4

You have a Microsoft 365 E5 subscription.

You define a retention label that has the following settings:

Retention period 7 years

Start the retention period bated on: When items were created

You need to prevent the removal of the label once the label K applied to a lie What should you select in the retention label settings?

A. Retain items even If users delete

B. Mark items as a record

C. Mark items as a regulatory record

D. Retain items forever

You have a Microsoft 365 subscription.

You have a data loss prevention (DLP) policy that blocks sensitive data from being shared in email messages.

You need to modify the policy so that when an email message containing sensitive data is sent to both external and internal recipients, the message is only prevented from being delivered to the external recipients.

What should you modify?

A. the policy rule exceptions

B. the DLP policy locations

C. the policy rule conditions

D. the policy rule actions

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant contains the users shown in the following table.

You create and assign a data loss prevention (DLP) policy named Policy1. Policy1 is configured to prevent documents that contain Personally Identifiable Information (Pll) from being emailed to users outside your organization. To which users can User! send documents that contain Pll?

A. User2only

B. User2and User3only

C. User2, User3, and User4 only

D. User2, User3, User4, and User5

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

You notice that it takes several days to notify email recipients when an incoming email message is marked as spam, and then quarantined.

You need to ensure that the email recipients are notified within 24 hours.

What should you do?

A. Modify the default inbound anti-spam policy.

B. Modify the DefaultFullAccessPolicy quarantine policy.

C. Add a custom quarantine policy.

D. Modify the global settings for quarantine policies.

HOTSPOT

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You configure a multi-factor authentication (MFA) registration policy that has the following settings:

You need to meet the requirement for the legal department.

Which three actions should you perform in sequence from the Security and Compliance admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Select and Place: