Microsoft - MS-203: Microsoft 365 Messaging
Sample Questions
Question: 424
Measured Skill: Secure the messaging environment (25–30%)
You have a Microsoft Exchange Online tenant that contains the users shown in the following table.
You need to create audit retention policies to retain the mailbox activity of all the users.
What is the maximum duration that you can set for each user?
(To answer, drag the appropriate duration values to the correct users. Each duration value may be used once, more than once, or not at all. NOTE: Each correct selection is worth one point.)
| A | User1: 90 Days
User2: 90 Days
User3: 30 Days |
| B | User1: 6 Months
User2: 6 Months
User3: 90 Days |
| C | User1: 1 Year
User2: 1 Year
User3: 90 Days |
| D | User1: 1 Year
User2: 1 Year
User3: 6 Months |
| E | User1: 10 Years
User2: 10 Years
User3: 90 Days |
| F | User1: 10 Years
User2: 10 Years
User3: 1 Year |
Correct answer: DExplanation:
You can create and manage audit log retention policies in the Microsoft Purview compliance portal. Audit log retention policies are part of the new Microsoft Purview Audit (Premium) capabilities. An audit log retention policy lets you specify how long to retain audit logs in your organization. You can retain audit logs for up to 10 years. You can create policies based on the following criteria:
- All activities in one or more Microsoft 365 services
- Specific activities (in a Microsoft 365 service) performed by all users or by specific users
- A priority level that specifies which policy takes precedence in you have multiple policies in your organization
The available options for the amount of time to retain the audit logs that meet the criteria of the policy are 7 Days, 30 Days, 6 Months, 9 Months, 1 Year, 3 Years (preview), 5 Years (preview), and 7 Years (preview). Users with the 10-year Audit Log Retention add-on license can select a 10 Years option.
If you have non-E5 users or guest users in your organization, their corresponding audit records are retained for 180 days.
To retain an audit log for longer than 180 days (and up to 1 year), the user who generates the audit log (by performing an audited activity) must be assigned an Office 365 E5 or Microsoft 365 E5 license or have a Microsoft 365 E5 Compliance or E5 eDiscovery and Audit add-on license. To retain audit logs for 10 years, the user who generates the audit log must also be assigned a 10-year audit log retention add-on license in addition to an E5 license.
Reference: Manage audit log retention policies
Question: 425
Measured Skill: Secure the messaging environment (25–30%)
You have a Microsoft Exchange Online tenant that contains a group named Marketing.
You need to ensure that the Marketing group meets the following requirements:
- Members of the Marketing group must be prevented from creating their own distribution groups.
- Members of the Marketing group must be prevented from modifying their contact information.
The solution must NOT affect any other users in the tenant.
Which three actions should you perform in sequence?
(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
| A | Sequence: 1, 3, 7 |
| B | Sequence: 5, 4, 7 |
| C | Sequence: 6, 3, 7 |
| D | Sequence: 1, 3, 2 |
| E | Sequence: 8, 4, 2 |
| F | Sequence: 8, 4, 7 |
Correct answer: DExplanation:
We need to create a new role assignment policy for user roles and deselect the MyDistributionGroups (allows to create distribution groups) and MyContactInformation (allows to change your own contact information) roles. We then need to assign the role assignment policy to the members of the marketing group. The role assignment policy cannot be assigned directly to the Marketing group. However, multiple users or mailboxes can be selected at the same time when assigning the policy.
Reference: Role assignment policies in Exchange Online
Question: 426
Measured Skill: Secure the messaging environment (25–30%)
You have a Microsoft Exchange Online tenant that contains two users named User1 and User2.
User1 receives an email message that appears to come from User2.
You discover that the message did NOT originate from User2.
You need to prevent email impersonation in the Exchange environment.
Which type of policy should you use, and which setting should you configure?
(To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.)
| A | Policy type: Anti-malware
Setting: Add trusted senders and domains |
| B | Policy type: Anti-malware
Setting: Enable users to protect |
| C | Policy type: Anti-phishing
Setting: Enable domains to protect |
| D | Policy type: Anti-phishing
Setting: Enable users to protect |
| E | Policy type: Anti-spam
Setting: Add trusted senders and domains |
| F | Policy type: Anti-spam
Setting: Enable domains to protect |
Correct answer: DExplanation:
Anti-phishing policies in Microsoft Defender for Office 365 allow to configure impersonation protection settings for specific message senders and sender domains, mailbox intelligence settings, and adjustable advanced phishing thresholds.
Enable users to protect turns on user impersonation protection.
Enable domains to protect turns on domain impersonation protection,
Both options will help to prevent email impersonation in the Exchange environment. The question describes a use case for user impersonation protection.
References:
Anti-phishing protection in Microsoft 365
Configure anti-phishing policies in Microsoft Defender for Office 365
Question: 427
Measured Skill: Manage Microsoft Exchange Online settings and resources (40–45%)
You have a Microsoft Exchange Online tenant.
A user named User1 has an Exchange Online mailbox.
User1 leaves your company.
You need to configure the user account of User1 to meet the following requirements:
- The Microsoft 365 license assigned to User1 must be available for another user.
- Manager1 must be able to manage all the contents in the mailbox of User1.
Which three actions should you perform in sequence?
(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
| A | Sequence: 2, 6, 7 |
| B | Sequence: 6, 5, 7 |
| C | Sequence: 4, 6, 1 |
| D | Sequence: 5, 4, 3 |
Correct answer: BExplanation:
First, we should convert the mailbox of User1 into a shared mailbox. A shared mailbox can store up to 50GB of data without assigning a license to it.
Second, we should grant Manager1 the Full Access permission to the mailbox of User1. The Full Access permission enables Manager1 to manage all the contents in the mailbox of User1.
Third, we should remove User1's license so that it can be reassigned to another user.
Question: 428
Measured Skill: Secure the messaging environment (25–30%)
You have a Microsoft Exchange Online tenant that contains two groups named Group1 and Group2.
You need to ensure that the members of Group1 can perform In-Place eDiscovery searches only for the members of Group2.
Which three actions should you perform in sequence?
(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
| A | Sequence: 4, 3, 6 |
| B | Sequence: 4, 5, 2 |
| C | Sequence: 1, 3, 2 |
| D | Sequence: 1, 5, 6 |
Correct answer: AExplanation:
We need to create a custom management sope that includes the members of Group2 only and assign the Discovery Management role to Group1 for the new scope only.
Scope is the set of resources that access applies to. In Azure, you can specify a scope at four levels: management group, subscription, resource group, and resource. Scopes are structured in a parent-child relationship. Each level of hierarchy makes the scope more specific. You can assign roles at any of these levels of scope. The level you select determines how widely the role is applied. Lower levels inherit role permissions from higher levels.
If you want users to be able to use Microsoft Exchange Server In-Place eDiscovery, you must first authorize them by adding them to the Discovery Management role group. Members of the Discovery Management role group have Full Access mailbox permissions for the Discovery mailbox that's created by Exchange Setup.
References:
Understand scope for Azure RBAC
Assign eDiscovery permissions in Exchange Online