- (Exam Topic 4)
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
You need to configure an incident email notification rule that will be triggered when an alert occurs only on a Windows 10 device. The solution must minimize administrative effort.
What should you do first?
Correct Answer:
B
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldw https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-email-notifications?view=
- (Exam Topic 3)
You need to create the Safe Attachments policy to meet the technical requirements. Which option should you select?
Correct Answer:
D
Reference:
https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/office-365-security/sa
- (Exam Topic 4)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain. The domain contains 2,000 computers that run Windows 8.1 and have applications installed as shown in the following table.
You enroll all the computers in Upgrade Readiness.
You need to ensure that App1 and App2 have an UpgradeDecision status of Ready to upgrade. Solution: You set the importance status of App2 to Low install count.
Does this meet the goal?
Correct Answer:
A
If an app is installed on less than 2% of the targeted devices, it's marked Low install count. Two percent is the default value. You can adjust the threshold in the readiness settings from 0% to 10%. Desktop Analytics
automatically marks these apps as Ready to upgrade. Reference:
https://docs.microsoft.com/en-us/configmgr/desktop-analytics/about-deployment-plans
- (Exam Topic 4)
HOTSPOT
You have a Microsoft 365 E5 subscription that contains two users named Admin1 and Admin2. All users are assigned a Microsoft 365 Enterprise E5 license and auditing is turned on.
You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)
After Policy1 is created, the following actions are performed: 
Admin1 creates a user named User1. Admin2 creates a user named User2.
How long will the audit events for the creation of User1 and User2 be retained? To answer, select the
appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Solution:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-worldwide
Does this meet the goal?
Correct Answer:
A
- (Exam Topic 4)
You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table.
Group3 is a member of Group1.
Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP contains the roles shown in the following table.
Windows Defender ATP contains the device groups shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Solution:
Does this meet the goal?
Correct Answer:
A
