Microsoft MS-900 Practice Test - Questions Answers, Page 16
Question list
List of questions
Related questions
Your company purchases Microsoft 365 E3 and Azure AD P2 licenses.
You need to provide identity protection against login attempts by unauthorized users.
What should you implement?
Azure AD Identity Protection
Azure AD Privileged Identity Management
Azure Information Protection
Azure Identity and Access Management
You are a Microsoft 365 administrator for a company. Employees use Microsoft Office 365 ProPlus to create documents. You need to implement document classification and protection by using Microsoft Azure Information Protection. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Add an Azure subscription to your Microsoft 365 tenant
Install the Azure Information Protection client
Create a custom Azure Information Protection policy with the Confidential label
Enable the default Azure Information Protection policy
Install the Rights Management Service client
A company deploys Microsoft Azure AD. You run the Identity Secure Score report. The report displays five security items. Which three security items on the report have the most impact on the score? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
Enable policy to block legacy authentication.
Enable user risk policy.
Require multi-factor authentication for all users.
Delete/block accounts not used in last 30 days.
Do not expire passwords.
A company deploys Microsoft Azure AD. You enable multi-factor authentication.
You need to inform users about the multi-factor authentication methods that they can use.
Which of the following methods is NOT a valid multi-factor authentication method in Microsoft 365?
Receive an automated call on the desk phone that includes a verification code.
Use the Microsoft Authenticator mobile application to receive a notification and authenticate.
Receive a call on a phone.
Enter a Windows 10 PIN code when prompted.
You deploy Enterprise Mobility + Security E5 and assign Microsoft 365 licenses to all employees.
Employees must not be able to share documents or forward emails that contain sensitive information outside the company. You need to enforce the file sharing restrictions.
What should you do?
Use Microsoft Azure Information Protection to define a label. Associate the label with an Azure Rights Management template that prevents the sharing of files or emails that are marked with the label.
Create a Microsoft SharePoint Online content type named Sensitivity. Apply the content type to other content types in Microsoft 365. Create a Microsoft Azure Rights Management template that prevents the sharing of any content where the Sensitivity column value is set to Sensitive.
Use Microsoft Azure Information Rights Protection to define a label. Associate the label with an Active Directory Rights Management template that prevents the sharing of files or emails that are marked with the label.
Create a label named Sensitive. Apply a Data Layer Protection policy that notifies users when their document contains personally identifiable information (PII).
You manage a local Active Directory Domain Services environment. Your company purchases an Enterprise E1 license for all users. You need to implement self-service password reset. You want to achieve this goal while minimizing costs. Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
Upgrade your subscription to Azure AD Premium P2.
Deploy Azure AD Connect.
Deploy Azure Information Protection.
Upgrade your subscription to Azure AD Premium P1.
You are a Microsoft 365 administrator for a company.
What are two ways that you can ensure data security? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
service-level encryption using customer-provided key
tenant-dedicated Microsoft Azure AD encryption using customer-provided key
single-tenant infrastructure partitions for sensitive data
data transfer using transport-layer security (TLS)
You are a Microsoft 365 administrator for a company.
You need to identify security vulnerabilities by using the Office 365 Attack Simulator.
Which three attack simulations are available? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
Brute-force password
Cross-site scripting
Password-spray
Denial-of-service
Display name spear-phishing
Your organization plans to deploy Microsoft 365 in a hybrid scenario.
You need to ensure that employees can use a smart card for authentication.
Which hybrid identity solution should you implement?
password hash synchronization with single sign-on
Active Directory Federation Services (AD FS)
PingFederate and federation integration
pass-through authentication and single sign-on
You need to ensure that the process by which users sign in to Microsoft 365 confirms the identity of the user. Which feature should you use?
mobile application management (MAM)
Advanced Threat Protection (ATP)
Multi-Factor Authentication (MFA)
data loss prevention (DLP) policies
Question