- (Exam Topic 4)
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains two users named User1 and User2.
You need to assign Role Based Access Control (RBAC) roles to User1 and User2 to meet the following requirements:
Use the principle of least privilege
Enable User1 to view sync errors by using Azure AD Connect Health
Enable User2 to configure Azure Active Directory Connect Health Settings Which two roles should you assign?

1. A. The Monitoring Readers role in Azure AD Connect Health to User1
2. B. The Security reader role in Azure AD to User 1
3. C. The Reports reader role in Azure AD to User 1
4. D. The Contributor role in Azure AD Connect Health to User 2
5. E. The Monitoring Contributor role in Azure Connect Health to User 2
6. F. The Security operator role in Azure AD to User2

Correct Answer: BD

- (Exam Topic 4)
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com.
You need to recommend an Azure AD Privileged Identity Management (PIM) solution that meets the following requirements:
Administrators must be notified when the Security administrator role is activated.
Users assigned the Security administrator role must be removed from the role automatically if they do not sign in for 30 days.
Which Azure AD PIM setting should you recommend configuring for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Reference:
https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-config https://docs.microsoft.com/bs-latn-ba/azure/active-directory/privileged-identity-management/pim-how-to-chang

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You recently created and published several labels policies in a Microsoft 365 subscription.
You need to view which labels were applied by users manually and which labels were applied automatically. What should you do from the Security & Compliance admin center?

1. A. From Search & investigation, select Content search
2. B. From Data governance, select Events
3. C. From Search & investigation, select eDiscovery
4. D. From Reports, select Dashboard

Correct Answer: D
https://docs.microsoft.com/en-us/microsoft-365/compliance/view-label-activity-for-documents

- (Exam Topic 4)
You have a Microsoft 365 subscription.
A customer requests that you provide her with all documents that reference her by name. You need to provide the customer with a copy of the content.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Solution:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/gdpr-dsr-office365

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
Username and password

Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below. Microsoft 365 Username:
admin@LODSe00019@onmicrosoft.com Microsoft 365 Password: #HSP.ug?$p6un
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support only: Lab instance: 11122308









You need to create an eDiscovery case that places a hold on the mailbox of a user named Allan Deyoung. The hold must retain email messages that have a subject containing the word merger or the word Contoso.
To complete this task, sign in to the Microsoft 365 admin center.
Solution:
* 1. Navigate to eDiscovery in the Security & Compliance Center, and then click Create a case.
* 2. On the New Case page, give the case a name, type an optional description, and then click Save. The case name must be unique in your organization.

The new case is displayed in the list of cases on the eDiscovery page. You can hover the cursor over a case name to display information about the case, including the status of the case (Active or Closed), the description of the case (that was created in the previous step), and when the case was changed last and who changed it.
To create a hold for an eDiscovery case:
* 1. In the Security & Compliance Center, click eDiscovery > eDiscovery to display the list of cases in your organization.
* 2. Click Open next to the case that you want to create the holds in.
* 3. On the Home page for the case, click the Hold tab.

* 4. On the Hold page, click Create.
* 5. On the Name your hold page, give the hold a name. The name of the hold must be unique in your organization.

* 6. (Optional) In the Description box, add a description of the hold.
* 7. Click Next.
* 8. Choose the content locations that you want to place on hold. You can place mailboxes, sites, and public folders on hold.

Exchange email - Click Choose users, groups, or teams and then click Choose users, groups, or teams
again. to specify mailboxes to place on hold. Use the search box to find user mailboxes and distribution groups (to place a hold on the mailboxes of group members) to place on hold. You can also place a hold on the associated mailbox for a Microsoft Team, a Yammer Group, or an Office 365 Group. Select the user, group, team check box, click Choose, and then click Done.
Note
When you click Choose users, groups, or teams to specify mailboxes to place on hold, the mailbox picker that's displayed is empty. This is by design to enhance performance. To add people to this list, type a name (a minimum of 3 characters) in the search box.
* 9. After configuring a query-based hold, click Next.
* 10. Review your settings, and then click Create this hold. Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/ediscovery-cases?view=o365-worldwide#step-4-pla

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A