Microsoft 70-398 Exam Questions

Question 6 of 36

DRAG DROP -
Your organization is deploying new Windows 10 devices. You create a new organizational unit that contains all Windows 10 devices.
You are preparing a new security policy for Windows 10 devices. Your organization requires audits on the use of removable storage devices on personal devices.
You need to enable audits of removable storage.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Exam 70-398: Question 6 - Image 1

Correct Answer:

Question 7 of 36

A company deploys Office 365 in a federated identity model. The environment has two Active Directory Domain Services (AD DS) servers and two Web
Application Proxy servers that are not joined to the domain.
All externally published applications that use Windows Authentication and are hosted on-premises must use Active Directory Federation Services (AD FS) to log on.
You need deploy pre-authentication on the Web Application Proxy (WAP) servers.
What should you do first?

Enable Kerberos constrained delegation.

Join the WAP servers to the AD DS domain.

Remove and reinstall the AD FS role.

Remove and reinstall the WAP role.

Correct Answer: B

Question 8 of 36

A company has an Active Directory Domain Services (AD DS) domain named global.fabrikam.com, and an on-premises Microsoft Exchange Server 2010 server.
The company has an Office 365 E3 subscription. You have not assigned any licenses to users. You deploy Enterprise Mobility Suite (EMS). All client devices run
Windows 7 and Office 2010.
You must protect emails that contain sensitive information from unauthorized access.
You need to ensure that users can easily protect sensitive emails as messages are sent.
Which three actions should you perform? Each correct answer presents part of the solution.

Configure Exchange Online.

Configure Office 365 message encryption.

Upgrade client devices to Office 365 Pro Plus.

Assign an EMS license to each user.

Deploy theRights Management Service client.

Assign an Office 365 E3 license to each user.

Correct Answer: C, D, F

Question 9 of 36

DRAG DROP -
Your organization needs to implement a Dynamic Access Control (DAC) plan that includes user and device claims.
The domain controllers have not been enabled to provide claims and compound authentication.
You need to configure the Default Domain Controllers Group Policy Object to provide claims and compound authentication.
You decide to first enable the domain controllers to provide claims and compound authentication on request.
In which order should you perform the actions? To answer, move all actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:
Exam 70-398: Question 9 - Image 1

Correct Answer:

Question 10 of 36

You manage an Active Directory Domain Services (AD DS) domain that has 500 devices. All devices run Windows 7 Enterprise Edition. You deploy System
Center 2012 R2 Configuration Manager SP1.
You plan to upgrade all devices to Windows 10 Enterprise and encrypt the devices by using Microsoft BitLocker Administration and Monitoring (MBAM), Data secured with BitLocker must not be stored on USB devices.
You need to ensure that existing devices are ready for the upgrade.
What should you do?

Implement MBAM in thedomain. Create an MBAM group policy and apply the policy to all devices.

Verify that the System Center Configuration Manager agent is installed on all devices.

In the system BIOS, verify that all devices have a Trusted Platform Module (TPM) 1.2 or higher chip. Enable the TPM chip.

Integrate MBAM with System Center Configuration Manager. Deploy the BitLocker prepare task sequence to all laptop computers.

From System Center Configuration Manager, create a custom deploy task sequence that enables MBAM. Deploy the task sequence to all Windows 7 devices.

Correct Answer: B