ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-400 All Questions

View all questions & answers for the SC-400 exam
Go to Exam

Exam SC-400 topic 5 question 11 discussion

Actual exam question from Microsoft's SC-400
Question #: 11
Topic #: 5
[All SC-400 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You have a user named User1. Several users have full access to the mailbox of User1.

Some email messages sent to User1 appear to have been read and deleted before the user viewed them.

When you search the audit log in the Microsoft Purview compliance portal to identify who signed in to the mailbox of User1, the results are blank.

You need to ensure that you can view future sign-ins to the mailbox of User1.

Solution: You run the Set-AuditConfig -Workload Exchange command.

Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by izgi43 at Nov. 9, 2023, 11:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SDiwan
8 months, 3 weeks ago
Selected Answer: B
The question is about ensuring "future sign ins" of other users are available in audit logs. So, by default audit logs are enabled for mailbox but it only logs sign-ins by mailbox "Owner" in this case user1. That is why when we searched the audit logs we could not find any sign-ins by other users who are "Delegates" i.e users with full access to user1 mailbox. So, ideally what should be done is use below powershell to enable auditing of action called "MailboxLogin" to AuditDelegate of user1. Set-Mailbox -Identity [email protected] -AuditDelegate @{Add="MailboxLogin"}. After this, sign ins of other users who are delegates to user1's mailbox is also audited. Documentation => https://learn.microsoft.com/en-us/purview/audit-mailboxes#change-the-mailbox-actions-to-audit
upvoted 3 times
...
SDiwan
8 months, 3 weeks ago
Selected Answer: A
Ok, this seems tricky. By default, mailbox auditing is turned ON. But the question says that the user was not able to find any logs that means some switched it OFF. So, the forst things to do is to turn ON again the mailbox auditing using the command
upvoted 1 times
SDiwan
8 months, 3 weeks ago
Ignore the above, the correct answer is B.
upvoted 2 times
...
...
sswitzer
9 months, 2 weeks ago
Selected Answer: A
Yes, running the Set-AuditConfig -Workload Exchange command can help meet the goal of viewing future sign-ins to the mailbox of User1. The Set-AuditConfig cmdlet in this context is used to configure auditing settings for the specified workload, and in this case, it's for the Exchange workload.
upvoted 1 times
SDiwan
8 months, 3 weeks ago
Correct answer is B, by default audit log is turned ON for exchange but the catch is it only logs sign-ins from "Owner" i.e user1 in this case. Other users who have full access are called "Delegates" of this mailbox and by default the sign-ins by delegates are not logged. It needs to be manually turned on , but the powershell script is different.
upvoted 1 times
...
sswitzer
9 months, 2 weeks ago
That was from chatgpt
upvoted 1 times
...
...
CharlieGolf
9 months, 2 weeks ago
Selected Answer: B
https://learn.microsoft.com/en-us/purview/audit-mailboxes
upvoted 2 times
...
minami_hsn
10 months ago
From copilot: The Set-AuditConfig cmdlet is used to configure audit settings for an organization. The -Workload parameter specifies the workload to configure audit settings for. If you run the Set-AuditConfig -Workload Exchange command, it will configure audit settings for the Exchange workload. However, this command alone will not enable mailbox auditing for User1. To enable mailbox auditing for User1, you need to follow the steps I mentioned earlier: connect to Exchange Online PowerShell, enable mailbox auditing for User1 using the Set-Mailbox cmdlet, and specify the mailbox owner actions to audit.
upvoted 2 times
...
minami_hsn
10 months ago
The answer is No. Ask the copilot: To ensure that you can view future sign-ins to the mailbox of User1, you need to enable mailbox auditing for User1. Here's how you can do it: Connect to Exchange Online PowerShell. Run the following command to enable mailbox auditing for User1: Set-Mailbox -Identity User1 -AuditEnabled $true By default, the audit log only records certain actions. You can use the Set-Mailbox cmdlet to specify additional mailbox owner actions to audit. For example, to audit the HardDelete, SendAs, and SendOnBehalf actions, run the following command: Set-Mailbox -Identity User1 -AuditOwner HardDelete,SendAs,SendOnBehalf After you have enabled mailbox auditing for User1, you can search the audit log in the Microsoft Purview compliance portal to view future sign-ins to the mailbox of User1.
upvoted 1 times
...
izgi43
1 year ago
on the exam thu nov 9
upvoted 1 times
Domza
10 months, 1 week ago
thank you
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel