You have a Microsoft 365 E5 subscription.

You plan to configure multi-factor authentication (MFA).

You need to select an authentication method for users. The solution must ensure that each time a user is prompted for MFA, the application name that requires MFA is provided.

What should you select?

Correct Answer: B 🗳️

You have a Microsoft 365 E5 subscription.

You plan to use Microsoft Entra ID Protection.

You need to ensure that account passwords must be changed if account credentials are leaked.

What should you configure?

Correct Answer: A 🗳️

HOTSPOT
-

You have a Microsoft Entra tenant that has security defaults enabled.

You create a user named Admin1.

You need to ensure that Admin1 can create and apply Conditional Access policies.

Which two settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

HOTSPOT
-

You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.

You have a cloud app named App1.

You need to implement a security solution for App1 that meets the following requirements:

• Enables the real-time monitoring of user activities
• Blocks specific activities as needed

What should you include in the solution for each requirement? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

You have a Microsoft 365 E5 subscription.

You plan to ingest syslog data from a supported firewall device to Microsoft Defender for Cloud Apps.

You need to configure automatic log upload.

Which two components should you configure for the log collector? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Correct Answer: BE 🗳️

You have a Microsoft 365 subscription that uses Microsoft Defender XDR.

From Automatic remediation in the Microsoft Defender portal, you set Automation level to Semi – require approval for non-temp folders for the endpoints.

You need to identify the impact of the Automation level setting on the endpoints.

Which two actions will occur based on the remediation settings? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

Correct Answer: AD 🗳️

You have a Microsoft 365 E5 subscription that contains devices onboarded to Microsoft Defender for Endpoint.

You integrate Microsoft Defender for Cloud Apps with Defender for Endpoint.

You need identify which cloud apps and services were used most during the last 30 days.

What should you do?

Correct Answer: B 🗳️

You have a Microsoft 365 E5 subscription that contains a user named User1.

You create an outbound anti-spam policy named Policy1 as shown in the following exhibit.



You assign Policy1 to User1.

What is the maximum number of email messages that User1 can send in a 24-hour period?

Correct Answer: B 🗳️

HOTSPOT
-

You have a Microsoft 365 E5 subscription.

You connect a cloud app that contains a group named Group1 to Microsoft Defender for Cloud Apps.

You need to configure the Cloud apps settings to monitor all activities performed by the members of Group1.

Which two settings should you configure? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

Correct Answer:

You have a Microsoft 365 E5 subscription. The subscription contains a Microsoft SharePoint Online site named Site1.

Site1 contains the following files:

• File.docx
• ImportantFile.docx
• File_Important.docx

From Microsoft Defender Cloud Apps, you create a file policy named Policy that has the filter shown in the following exhibit.



To which files will Policy1 apply?

Correct Answer: C 🗳️