ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-203 All Questions

View all questions & answers for the MS-203 exam
Go to Exam

Exam MS-203 topic 4 question 86 discussion

Actual exam question from Microsoft's MS-203
Question #: 86
Topic #: 4
[All MS-203 Questions]

HOTSPOT -
You have a Microsoft Exchange Online tenant that contains two users named Admin1 and Admin2. The users are assigned the roles shown in the following table.

Admin1 performs the following actions:
* From the Microsoft 365 admin center, adds a new user named User1 who is assigned a Microsoft Office 365 Enterprise E5 license
* From Exchange Online PowerShell, runs the New-Mailbox cmdlet
Admin2 performs the following actions:
* From Exchange Online PowerShell, runs the Search-Mailbox cmdlet and specifies the -DeleteContent switch
* From Exchange Online PowerShell, runs the Test-ApplicationAccessPolicy cmdlet
Which actions are recorded in the administrator audit log? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No actions are recorded.
Recipient Management - Members have administrative access to create or modify Exchange Online recipients within the Exchange Online organization.
Default roles assigned:

Distribution Groups -

Mail Recipient Creation -

Mail Recipients -

Message Tracking -

Migration -

Move Mailboxes -

Recipient Policies -

Reset Password -

Team Mailboxes -
Exchange Online Receipt management role
Box 2: All actions are recorded.
Organization Management - Members have administrative access to the entire Exchange Online organization and can perform almost any task in Exchange
Online.
Reference:
https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo
by 99redeyeflight at Sept. 18, 2022, 5:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Amir1909
6 months, 2 weeks ago
- Only the running of New-Mailbox is recorded - No actions are recorded
upvoted 1 times
...
Nyamnyam
7 months, 3 weeks ago
OMG, MSFT is once again bullying with this question. In fact Recipient Management shouldn't be able to assign a license. Furthermore, if you assign an E5 license to a new cloud user, it will automatically create a mailbox. So the whole Admin1 scenario is absurd. Now to the admin audit logs in EXCH 2019 - they will record any actions taken to modify objects in an Exchange organization by default. THIS exactly is what Forkbeard reports in his test, so I presume either he does it on EXCH 2019 or EXO is following the 2019 principle - in which case the online documentation regarding excluded verbs is not correct. Soooo, you either answer what happens in reality, or you answer what you read in theory. I'm afraid, that the "correct" answer will be the theory, simply because that's how the exam questions are created on the first place.
upvoted 1 times
...
Forkbeard
1 year, 4 months ago
Ok so I tested this. Here are my results: Admin1 performs the following actions: * From the Microsoft 365 admin center, adds a new user named User1 who is assigned a Microsoft Office 365 Enterprise E5 license <-- NOT LOGGED * From Exchange Online PowerShell, runs the New-Mailbox cmdlet <-- LOGGED Admin2 performs the following actions: * From Exchange Online PowerShell, runs the Search-Mailbox cmdlet and specifies the -DeleteContent switch <-- LOGGED (both searches, with and without -DeleteContent were logged, without mentioning if -DeleteContent was used) * From Exchange Online PowerShell, runs the Test-ApplicationAccessPolicy cmdlet <-- NOT LOGGED Correct answers would then be: Admin1: Only the running of New-Mailbox is recorded. Admin2: Only the running of Search-Mailboxis recorded. Now I should mention that I tested this with the ASSUMPTION that both Admin1 and Admin2 have the relevant permissions. I tested this with my Global Admin account whom I added to a Mailbox Import Export Management group, which has the Mailbox Import Export role assigned.
upvoted 4 times
...
HawkesLager
1 year, 7 months ago
https://learn.microsoft.com/en-us/exchange/security-and-compliance/exchange-auditing-reports/view-administrator-audit-log The admin audit log doesn't record actions based on cmdlets that begins with the verbs Get, Search, or Test.
upvoted 2 times
...
pyramidhead
1 year, 7 months ago
All actions in the first Search-Mailbox in the second, because it has -DeleteContent switch
upvoted 3 times
...
PawelNotts
1 year, 9 months ago
If the audit only records successful actions (based on what's permitted for a user) then for the first one I'd say New-Mailbox and second is just Search-Mailbox... If however this works as a Windows Server audit (which includes failed attempts) then I'd say All actions in the first and just Search-Mailbox in the second.
upvoted 3 times
...
99redeyeflight
1 year, 9 months ago
Admin doesnt have the proper rights from role assignment to manage licneses, so i'm unsure about the first part second part definitely isn't all actions "The admin audit log doesn't record actions based on cmdlets that begins with the verbs Get, Search, or Test." https://learn.microsoft.com/en-us/exchange/security-and-compliance/exchange-auditing-reports/view-administrator-audit-log
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel