You have a new Microsoft 365 E5 tenant. You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected. What should you do first?
A. Enable auditing
The first step you should take is to Enable auditing.
In order to monitor and get alerted on specific activities such as elevation of administrative privileges, auditing needs to be enabled in your Microsoft 365 environment. Auditing will record events such as changes in permissions and other administrative activities, which can then be monitored through alert policies to notify administrators when specific events occur.
-A
When an elevation of Microsoft Exchange Online administrative privileges is detected in your Microsoft 365 E5 tenant, you should first enable auditing.
To enable an alert policy in a new Microsoft 365 E5 tenant that will be triggered by the elevation of Microsoft Exchange Online administrative privileges, the first step you should take is:
A. Enable auditing.
Auditing must be enabled to track and record actions within the tenant, which allows for the creation of alert policies based on those audit logs1. Once auditing is enabled, you can create alert policies in the Microsoft Purview compliance portal or the Microsoft Defender portal to monitor activities such as assigning admin privileges in Exchange Online1
So if Auditing is enabled by default, why shouldn't you then choose for C?
https://learn.microsoft.com/en-us/purview/insider-risk-management-policies
Insider risk management policies determine which users are in-scope and which types of risk indicators are configured for alerts. You can quickly create a security policy that applies to all users in your organization or define individual users or groups for management in a policy.
So if Auditing is enabled by default, why shouldn't you then choose for C?
https://learn.microsoft.com/en-us/purview/insider-risk-management-policies
Insider risk management policies determine which users are in-scope and which types of risk indicators are configured for alerts. You can quickly create a security policy that applies to all users in your organization or define individual users or groups for management in a policy.
Gotta be A. The others don't really matter in this situation. Anything alert related would have an alert policy setup specifically, so auditing is the only reliable option. Power of deduction is a great thing xD
- A
But, question makes no sense. Audit is enabled by default. All other options are less obvious.
https://learn.microsoft.com/en-us/purview/audit-solutions-overview#audit-standard
Hello.
I believe the answer below will help you with this question:
"Audit logging is turned on by default for Microsoft 365 organizations. However, when setting up a new Microsoft 365 organization, you should verify the auditing status for your organization. For instructions, see the Verify the auditing status for your organization section in this article."
https://learn.microsoft.com/en-us/purview/audit-log-enable-disable
upvoted 3 times
...
...
This section is not available anymore. Please use the main Exam Page.MS-102 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Nilz76
Highly Voted 1 year, 8 months agoanonavia
Highly Voted 1 year, 10 months agoFemiA55
Most Recent 7 months, 3 weeks agoMR_Eliot
10 months ago[Removed]
12 months agonorbe01
9 months, 4 weeks agorus123
1 year, 1 month agomikl
1 year, 1 month agoSecAzO365
1 year, 5 months agoSecAzO365
1 year, 5 months agobenpatto
1 year, 6 months agoosxzvkwpfcfxobqjby
1 year, 10 months agoGLLimaBR
1 year, 4 months ago