Microsoft Role-based MS-203 Questions & Answers

• Question 1:

  You have Microsoft Exchange Online tenant that uses Microsoft Defender for Office 365. You have the policies shown in the following table.

  

  You need to track any modifications made to Policy1 by the identifying following:

  1.

  The name of the user that modified the policy

  2.

  The old and new values settings modified in Policy1

  3.

  How the modifications compare to the baseline settings of Standard Preset Security Policy Whet should you use in the Microsoft 365 Defender portal?

  A. Audit

  B. Configuration analyzer

  C. Threat tracker

  D. Threat analytics

  Correct Answer: A

  The Audit feature in the Microsoft 365 Defender portal allows you to track any modifications made to the policies in your tenant, including the Anti-malware Policy1. You can use the Audit feature to view the name of the user that modified the policy, the old and new values settings modified in Policy1 and how the modifications compare to the baseline settings of Standard Preset Security Policy.

  Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/audit-log-search

• Question 2:

  You have a Microsoft 365 E3 subscription that uses Microsoft Exchange Online. You need to retain audit log entries for users in the legal department for up to one year.

  Which two actions should you perform? Each Correct answer presents part of the solution.

  Note: Each Correct Selection is worth one point.

  A. For the default audit log retention policy, set Duration to 1 Year.

  B. Assign a Microsoft Office 365 E5 license to each legal department user.

  C. Create a retention policy that has a one-year retention tag and apply the policy to the user mailboxes in the legal department.

  D. Create a new audit log retention policy and assign the policy to the legal department.

  E. Assign a Microsoft Office 365 E5 license to each user in the tenant.

  Correct Answer: AC

  A. For the default audit log retention policy, set Duration to 1 Year.

  You can set the default audit log retention policy to retain log entries for up to one year by changing the "Duration" setting to "1 Year."

  C. Create a retention policy that has a one-year retention tag and apply the policy to the user mailboxes in the legal department.

  You can create a retention policy with a one-year retention tag, and then apply the policy to the user mailboxes in the legal department. This will ensure that the audit log entries for those users are retained for up to one year as per the

  retention tag.

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-in-thesecurity-compliance-center?view=o365-worldwide#create-or-edit-a-retention-policy

• Question 3:

  You have hybrid deployment between a Microsoft Exchange Online tenant and an onpremises Exchange Server 2019 organization. The deployment uses Azure AD Connect.

  All incoming email is delivered to Exchange Online. You have 10 mail-enabled public folders hosted on an on-premises Mailbox server.

  Customers receive an error when an email message is sent to a public folder.

  You need to ensure that all the mail-enabled public folders can receive email messages from the internet. The solution must ensure that messages can be delivered only to valid recipients.

  Solution: From Azure AD Connect, select Exchange Mail Public Folders.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  From Azure AD Connect, selecting Exchange Mail Public Folders will ensure that all the mail-enabled public folders can receive email messages from the internet and that messages can be delivered only to valid recipients. This is according to the Microsoft 365 Messaging documentation (https://docs.microsoft.com/en-us/exchange/hybriddeployment/hybrid-mail-flow).

• Question 4:

  You have a Microsoft Exchange Online tenant that contains a user named User1.

  User1 reports that an email message marked as high priority was undelivered.

  You need to trace the email messages sent by User1 during the last 15 days. The solution must include the DeliveryPriority property of the messages.

  Which report should you use?

  A. Outbound messages

  B. Summary

  C. Enhanced summary

  D. Extended

  Correct Answer: C

  Enhanced summary reports

  Available (completed) Enhanced summary reports are available in the Downloadable reports section at the beginning message trace. The following information is available in the report:

  *

  Delivery_priority*: Whether the message was sent with High, Low, or Normal priority.

  * origin_timestamp*: The date and time when the message was initially received by the service, using the configured UTC time zone.

  *

  sender_address: The sender's email address (alias@domain).

  Etc.

  Incorrect:

  Not A: The Outbound messages report displays information about email leaving your organization to the internet and over connectors.

  Not B: The summary report contains the following information:

  Date: The date and time at which the message was received by the service, using the configured UTC time zone.

  Sender: The email address of the sender (alias@domain).

  Recipient: The email address of the recipient or recipients. For a message sent to multiple recipients, there's one line per recipient. If the recipient is a distribution group, dynamic distribution group, or mail-enabled security group, the group will

  be the first recipient, and then each member of the group is on a separate line.

  Subject: The first 256 characters of the message's Subject: field.

  Status: These values are described in the Delivery status section.

  Reference: https://docs.microsoft.com/en-us/exchange/monitoring/trace-an-email-message/message-trace-modern-eac

• Question 5:

  You have a Microsoft Exchange Online tenant that contains a custom role group named RG1.

  You need to prevent users assigned to RG1 from running a specific cmdlet.

  Which cmdlet should you run to modify RG1?

  A. Remove-ManagementRoleEntry

  B. Disable-CmdletExtensionAgent

  C. Remove-ManagementRoleAssignment

  D. Set-ManagementScope

  Correct Answer: C

  Use the Remove-ManagementRoleEntry cmdlet to remove existing management role entries.

  Example:

  Remove-ManagementRoleEntry "Tier 1 Help Desk\New-Mailbox"

  This example removes the New-Mailbox role entry from the Tier 1 Help Desk role.

  Incorrect:

  *

  Use the Set-ManagementScope cmdlet to change an existing management scope.

  *

  Use the Disable-CmdletExtensionAgent cmdlet to disable existing cmdlet extension agents.

  Cmdlet extension agents are used by Exchange cmdlets in Exchange Server 2010 and later. Cmdlets provided by other Microsoft or third-party products can't use cmdlet extension agents.

  When you disable a cmdlet extension agent, the agent is disabled for the entire organization. When an agent is disabled, it's not made available to cmdlets. Cmdlets can no longer use the agent to perform additional operations.

  *

  Use the Remove-ManagementRoleAssignment cmdlet to remove management role assignments.

  When you remove a role assignment, the management role group, management role assignment, user, or universal security group (USG) that was assigned the associated role can no longer access the cmdlets or parameters made available

  by the role.

  Microsoft Exchange Online custom role group " Set-ManagementScope"

  Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/remove-managementroleentry?view=exchange-ps

• Question 6:

  You have a Microsoft 365 tenant that contains a user named User1.

  Automatic email forwarding to mailboxes outside your company is blocked for the tenant.

  You need to ensure that User1 can automatically forward email to an external recipient.

  What should you do?

  A. Create an anti-phishing policy.

  B. Create an anti-spam policy.

  C. Modify the Tenant Allow/Block List.

  D. Create an anti-malware policy.

  Correct Answer: B

  The new method of blocking AutoForwarding is managed in Threat Management policies instead of Exchange transport rules. It is well hidden with a relatively new default policy called Outbound spam filter policy.

  If you do have a need for email to be automatically forwarded from internal to an external destination, then a custom policy must be created to allow any exceptions.

  You need to create the custom Outbound Spam policy.

  Reference: https://www.thirdtier.net/2020/12/30/new-method-for-blocking-autoforward-and-making-exceptions/

• Question 7:

  You have a Microsoft Exchange Server 2016 organization.

  You are performing a full migration to Exchange Online.

  You need to migrate all the address lists and data loss prevention (DLP) policies to Exchange Online.

  What should you configure in the Hybrid Configuration Wizard?

  A. Centralized mail transport

  B. Organization Configuration Transfer

  C. a transport certificate

  D. a federation trust

  Correct Answer: B

  Attributes, such as Address lists and DLP policies, are copied from an on-premises Exchange organization to Exchange Online. These attributes are copied as soon as the Organization Configuration Transfer option is selected in the Hybrid Configuration Wizard.

  Reference: https://docs.microsoft.com/en-us/exchange/org-config-transfer-attributes/org-config-transfer-attributes

• Question 8:

  You have a hybrid deployment that contains a Microsoft Exchange Online tenant and an on-premises Exchange Server 2019 server named Server1.

  Server1 uses a certificate from a third-party certification authority (CA). The certificate is enabled for the SMTP service.

  You replace the certificate with a new certificate.

  You discover that delivery fails for all email messages sent from Server1 to your Microsoft 365 tenant.

  You receive the following error message for all the queued email messages: “450 4.4.101 Proxy session setup failed on Frontend with 451 4.4.0 Primary target IP address responded with 451 5.7.3 STARTTLS is required to send mail.”

  You need to ensure that the messages are delivered successfully from Server1 to the Microsoft 365 tenant.

  What should you do?

  A. From Server1, enable a self-signed certificate for the SMTP service.

  B. Run the Exchange Hybrid Configuration wizard.

  C. From the firewall, disable SMTP content inspection.

  D. From Server1, enable the new certificate for the IMAP4 service.

  Correct Answer: A

  Cause

  This issue occurs if the TlsCertificateName property of the hybrid server's receive connector contains incorrect certificate information after a new Exchange certificate is installed and old certificate that is used for hybrid mail flow is removed.

  Resolution

  Make sure that the new certificate is enabled for SMTP. If it's not, run the following command to enable the SMTP service on the newly installed certificate.

  Enable-ExchangeCertificate -services SMTP

  Reference: https://docs.microsoft.com/en-us/exchange/troubleshoot/email-delivery/cannot-receive-mail-with-new-certificate

• Question 9:

  You have a Microsoft 365 subscription that uses Microsoft Exchange Online and Microsoft Teams. Teams has a private team named Sales. Sales has a primary email address of [email protected].

  From the Microsoft Teams admin center, you rename the Sales team as WWSales.

  External users report delivery errors when they send email to [email protected]. Messages sent to [email protected] are delivered successfully.

  You need to ensure that external messages can be sent to both email addresses.

  What should you do?

  A. From the Microsoft Teams admin center, change the Privacy setting of WWSales to Public.

  B. From the Exchange admin center, modify the primary email address of the WWSales team.

  C. From the Exchange admin center, add an alias to the WWSales team.

  D. From the Microsoft Teams client, get an email address for the General channel of WWSales.

  Correct Answer: C

• Question 10:

  You have a Microsoft Exchange Online tenant that has anti-spam policies configured.

  You need to identify any anti-spam policy settings that were changed during the last three months and review recommendations for increasing compliance with the Microsoft Standard or Strict configurations for Exchange Online anti-spam

  policies.

  What should you use?

  A. the Insights dashboard in the Exchange admin center

  B. Microsoft Defender for Cloud Apps

  C. Configuration analyzer in Microsoft 365 Defender

  D. Compliance Manager

  Correct Answer: C