O: 67
Your network contains an Active Directory domain named contoso.com.
All users authenticate by using a third-party authentication solution.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services.
You need to recommend an identity strategy that meets the following requirements:
* Provides seamless SSO
* Minimizes the number of additional servers required to support the solution
* Stores the passwords of all the users in Microsoft Azure Active Directory (Azure AD)
* Ensures that all the users authenticate to Microsoft 365 by using their on-premises user account You are evaluating the implementation of federation.
Which two requirements are met by using federation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A.ensures that all the users authenticate to Microsoft 365 by using their on-premises user account.
• B.minimizes the number of additional servers required to support the solution
• C.stores the passwords of all the users in Azure AD
• D.provides seamless SSO

Comment: *

Name: *

Email: *

Verification: *

Your company uses on-premises Windows Server File Classification Infrastructure 9FCI). Some documents on the on-premises file servers are classifies as Confidential.
You migrate the files from the on-premises file servers to Microsoft SharePoint Online.
You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification.
What should you do first?

• A.From the SharePoint admin center, create a managed property.
• B.From the SharePoint admin center, configure hybrid search.
• C.From the Security & Compliance Center PowerShell, run the
  New-DlpComplianceRule cmdlet.
• D.From the Security & Compliance Center PowerShell, run the
  New-DataClassification cmdlet.

Comment: *

Name: *

Email: *

Verification: *

You have a Microsoft Azure Active Directory (Azure AD) tenant.
Your company implements Windows Information Protection (WIP).
You need to modify which users and applications are affected by WIP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:

Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure

Comment: *

Name: *

Email: *

Verification: *

Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
The network uses a firewall that contains a list of allowed outbound domains.
You began to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
* *.microsof.com
* *.office.com
Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

• A.From the firewall, create a list of allowed inbound domains.
• B.From the firewall, allow the IP address range of the Azure data center for outbound communication.
• C.Deploy an Azure AD Connect sync server in staging mode.
• D.From the firewall, modify the list of allowed outbound domains.
• E.From Azure AD Connect, modify the Customize synchronization options task

Comment: *

Name: *

Email: *

Verification: *

You have a data loss prevention (DLP) policy.
You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM). The solution must minimize the number of false positives.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
NOTE:Each correct selection is worth one point.

Correct Answer:

Explanation

You can tune your rules by adjusting the instance count and match accuracy to make it harder or easier for content to match the rules. Each sensitive information type used in a rule has both an instance count and match accuracy.
To make the rule easier to match, decrease the min count and/or increase the max count. You can also set max to any by deleting the numerical value.
To minimize the number of false positives, we need to increase the minimum match accuracy.
A sensitive information type is defined and detected by using a combination of different types of evidence.
Commonly, a sensitive information type is defined by multiple such combinations, called patterns. A pattern that requires less evidence has a lower match accuracy (or confidence level), while a pattern that requires more evidence has a higher match accuracy (or confidence level).
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
https://docs.microsoft.com/en-us/office365/securitycompliance/what-the-sensitive-information-types-look-for#in

Comment: *

Name: *

Email: *

Verification: *