Microsoft Microsoft Certifications MS-203 Questions & Answers

• Question 211:

  You discover that Policy1 failed to apply to the Executives group.

  You need to ensure that Policy1 is applied to all the members of the Executives group.

  What should you do?

  A. Increase the priority of Policy1.

  B. Decrease the priority of Strict Preset Security Policy.

  C. Remove the Executives group from the Strict protection preset security policy.

  D. Modify the Strict protection preset security policy to match Policy? and assign the Strict protection preset security policy to contoso.com.

  Correct Answer: D

  Preset security policies are policies that provide a centralized location for applying all of the recommended spam, malware, and phishing policies to users at once1 . The policy settings are not configurable and are set by Microsoft based on

  best practices1 .

  There are two types of preset security policies: Standard protection and Strict protection1 . Standard protection is a baseline protection profile that's suitable for most users1. Strict protection is a more aggressive protection profile for selected

  users who are high value targets or priority users1.

  If you want to apply Policy1 to the Executives group, you need to remove them from the Strict protection preset security policy first. Otherwise, the preset security policy will take precedence over Policy1 and prevent it from being applied2. To

  remove the Executives group from the Strict protection preset security policy, you can follow these steps2:

  Login to the Microsoft Security portal at https://security.microsoft.com. On the left nav, under Email and collaboration, select Policies and rules.

  Select Threat policies.

  Select Preset Security Policies underneath the Templated policies heading Select Manage underneath the Strict protection preset. Select Specific recipients and remove the Executives group from the list of recipients.

  Select Save.

• Question 212:

  You have a Microsoft Exchange Online tenant.

  You plan to place a hold on all email messages stored in the mailbox of a user named User1.

  What should you create first?

  A. an eDiscovery case

  B. sensitive info type

  C. a data loss prevention (DLP) policy

  D. an information barrier segment

  Correct Answer: A

  You can use an eDiscovery case to create and manage eDiscovery holds that can be applied to user mailboxes and other content locations in Microsoft Purview1. You can also use an eDiscovery case to search for and export content from

  mailboxes and other locations1.

  An eDiscovery case is different from a Litigation Hold, which is a hold that is applied to user mailboxes in Exchange Online1. A Litigation Hold isn't identified by a GUID1. A sensitive info type is a predefined or custom entity that can be used to

  identify and protect sensitive data in Microsoft Purview2. It is not related to placing a hold on email messages.

  A data loss prevention (DLP) policy is a policy that helps prevent the accidental or intentional sharing of sensitive information outside your organization2. It is not related to placing a hold on email messages.

  An information barrier segment is a group of users who are allowed or blocked from communicating with each other in Microsoft Teams or SharePoint Online2. It is not related to placing a hold on email messages.

• Question 213:

  You have two servers named EXCH1 and EXCH2 that run Windows Server 2012 R2 and have Microsoft Exchange 2016 installed.

  You purchase a Microsoft 365 subscription.

  You plan to configure a hybrid deployment between an Exchange Online tenant and the on- premises Exchange Server Organization.

  You need to identify the prerequisites to installing the Microsoft Hybrid Agent on EXCH1 and EXCH2.

  Which two prerequisites should you identify?

  Each correct answer presents part of the solution.

  A. All outbound HTTPS connections to Microsoft Online Services

  B. Enable Hybrid Modern Authentication (HMA).

  C. Upgrade the operating system of EXCH1 and EXCH2 to Windows Server 2019.

  D. Enable TLS 1.2.

  Correct Answer: AD

  A. All outbound HTTPS connections to Microsoft Online Services

  Reference:https://docs.microsoft.com/en-us/exchange/hybrid-deployment/prepare-for-hybrid-deployment

  To perform a hybrid deployment between an Exchange Online tenant and an on-premises Exchange Server organization, you must ensure that all outbound HTTPS connections to Microsoft Online Services are allowed. This is a prerequisite

  for installing the Microsoft Hybrid Agent.

  D. Enable TLS 1.2.

  Reference: https://docs.microsoft.com/en-us/exchange/hybrid- deployment/prepare-for-hybrid-deployment

  To perform a hybrid deployment between an Exchange Online tenant and an on-premises Exchange Server organization, you must ensure that Transport Layer Security (TLS) 1.2 is enabled on your on-premises Exchange servers. This is a

  prerequisite for installing the Microsoft Hybrid Agent.

• Question 214:

  You have a Microsoft Exchange Online tenant that uses an email domain named contoso.corn.

  An in-caning email messages route through an third-party filtering service named Filter1 to connector named Connector

  You discover that incoming messages contain headers that specify the source IP address as Filter1.

  You to ensure that incoming email messages contain headers that specify source IP address of the original sender. The solution must prevent any charges to the service.

  What should you do?

  A. From Microsoft 365 Defender portal configure enhanced filtering for Connector1.

  B. Configure Connector to authenticate messages by using the IP address of Filter service.

  C. Configure the MX Of contoso.com to point to contoso-can.mailgotection.outbok.com.

  D. From the Exchange admin center. create a transport rule to rewrite header for incoming messages.

  Correct Answer: C

• Question 215:

  You have a Microsoft Exchange Online tenant that contains a custom role group named RGI.

  You need to prevent users assigned to RGI from running a specific cmdlet.

  Which cmdlet should you run to modify RG1?

  A. Remove Entry

  B. Remove -ManagementRoleAssignment

  C. Set-ManagementScope

  D. Disable -Cmd1etExtensionAgent

  Correct Answer: B

• Question 216:

  You have a hybrid deployment between a Microsoft Exchange Online tenant and an onpremises Exchange Server 2019 organization.

  Users report that email messages between the Exchange Server organization and the Exchange Online tenant are undelivered.

  You install and enable a new certificate from a different trusted certification authority (CA). You

  need to ensure that mail flow between Exchange Server and Exchange Online is restored.

  Which two PowerShell cmdlets should you run? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. Set-SendConnector

  B. Set-IntraOrganirationConnector

  C. Update-Hybridconfiguration

  D. Set-ReceiveConnector

  Correct Answer: CD

• Question 217:

  You have a Microsoft Exchange Online tenant that uses Microsoft Defender for Office 365. You have the policies shown in the following table.

  

  You need to track any modifications made to Policy! by the identifying following:

  1.

  The name of the user that modified the policy

  2.

  The old and new values of settings modified in Policy!

  3.

  How the modifications compare to the baseline settings of Standard Preset Security Policy What should you use in the Microsoft 365 Defender portal?

  A. Threat tracker

  B. Threat analytics

  C. Audit

  D. Configuration analyzer

  Correct Answer: D

• Question 218:

  You have a Microsoft Exchange Online tenant that uses Microsoft Defender for Office 365.

  You need to create a new Safe Attachments policy named Policy1 that meets the following requirements:

  1.

  Immediately delivers email messages that contain attachments and replaces the attachments with placeholders

  2.

  Reattaches the attachments after scanning is complete

  3.

  Quarantines malicious attachments Which action should you select for Policy1?

  A. Monitor

  B. Block

  C. Dynamic Delivery

  D. Replace

  Correct Answer: C

• Question 219:

  You need to configure the Exchange organization to meet the security requirements for sending email messages to distribution groups.

  Which cmdlet should you run?

  A. Set-OrganizationConfig

  B. Set-DistributionGroup

  C. Set-Mailbox

  D. New-PolicyipConfig

  Correct Answer: A

  References: https://docs.microsoft.com/en-us/powershell/module/exchange/organization/set-organizationconfig?view=exchange-ps

• Question 220:

  You need to recommend a solution for the public folders that supports the planned changes and meets the technical requirements. What should you recommend?

  A. Office 365 groups

  B. Resource mailboxes

  C. Public folder replicas

  D. Microsoft SharePoint site mailboxes

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/exchange/collaboration/public-folders/migrate-to-office-365-groups?view=exchserver-2019