You have a Microsoft 365 subscription.
You are configuring permissions for Security & Compliance.
You need to ensure that the users can perform the tasks shown in the following table.

The solution must use the principle of least privilege.
To which role should you assign each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
References:
https://docs.microsoft.com/en-usHYPERLINK "https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-center#mapping-of-role-groups-to-assigned-roles"/office365/securitycompliance/permissions-in-the-security-and-compliance-center#mapping-of-role-groups-to-assigned-roles

Comment: *

Name: *

Email: *

Verification: *

Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the users shown in the following table.

You create an Azure Active Directory (Azure AD) tenant named fabrikam.onmicrosoft.com.
You plan to sync the users in the forest to fabrikam.onmicrosoft.com by using Azure AD Connect.
Which username will be assigned to User1 and User2 in Azure AD after the synchronization? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Comment: *

Name: *

Email: *

Verification: *

You need to meet the application requirement for App1.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A.From the Azure Active Directory admin center, configure the application URL settings.
• B.From the Azure Active Directory admin center, add an enterprise application.
• C.On an on-premises server, download and install the Microsoft AAD Application Proxy connector.
• D.On an on-premises server, install the Hybrid Configuration wizard.
• E.From the Microsoft 365 admin center, configure the Software download settings.

Correct Answer: A,B,C

An on-premises web application named App1 must allow users to complete their expense reports online.
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.
In this question, we need to add an enterprise application in Azure and configure a Microsoft AAD Application Proxy connector to connect to the on-premises web application (App1).
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy#how-application-proxy-works
Topic 2, Contoso, Ltd
Existing Environment
The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You recently configured the forest to sync to the Azure AD tenant.
You add and then verify adatum.com as an additional domain name.
All servers run Windows Server 2016.
All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.
All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.
Contoso has the users shown in the following table.

Contoso has the groups shown in the following table.

Microsoft Office 365 licenses are assigned only to Group2.
The network also contains external users from a vendor company who have Microsoft accounts that use a suffix of @outlook.com.
Requirements
Planned Changes
Contoso plans to provide email addresses for all the users in the following domains:
East.adatum.com
Contoso.adatum.com
Humongousinsurance.com
Technical Requirements
Contoso identifies the following technical requirements:
All new users must be assigned Office 365 licenses automatically.
The principle of least privilege must be used whenever possible.
Security Requirements
Contoso identifies the following security requirements:
User2 must be able to view reports and schedule the email delivery of security and compliance reports.
The members of Group1 must be required to answer a security question before changing their password.
User3 must be able to manage Office 365 connectors.
User4 must be able to reset User3 password.

Comment: *

Name: *

Email: *

Verification: *

You have three devices enrolled in Microsoft Intune as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation:
Device 1:
No because Device1 is in group3 which has Policy1 assigned which requires BitLocker.
Device 2:
No because Device2 is in group3 which has Policy1 assigned which requires BitLocker. Device2 is also in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Device3:
Yes because Device3 is in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Reference:
https://blogs.technet.microsoft.com/cbernier/2017/07/11/windows-10-intune-windows-bitlocker-management-yes/

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft Azure Active Directory (Azure AD) tenant.
Your company implements Windows Information Protection (WIP).
You need to modify which users and applications are affected by WIP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Explanation

Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device.
The MAM User scope determines which users are affected by WIP. App protection policies are used to configure which applications are affected by WIP.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/crea

Comment: *

Name: *

Email: *

Verification: *