Free4Dump MS-101 dumps & Microsoft 365 Sure Practice with 402 Questions
New MS-101 Exam Questions| Real MS-101 Dumps
For more info visit:
Microsoft MS-101 Exam Reference
Microsoft Exam MS-101: Microsoft 365 Mobility and Security
The Microsoft MS-101 exam is the second of the two tests required to obtain the Microsoft 365 Certified: Enterprise Administrator Expert certification. The other exam one should nail to get accredited is Microsoft MS-100 that covers the Identity and Services of Microsoft 365.
The main objective of MS-101 exam is to create skilled and seasoned Microsoft 356 experts that can handle real-world security and mobility-related issues with full confidence.
NEW QUESTION # 204
You have a Microsoft 365 tenant.
You plan to create a retention policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 205
You have a Microsoft 365 tenant that has Enable Security defaults set to No in Azure Active Directory (Azure AD).
The tenant has two Compliance Manager assessments as shown in the following table.
The SP800 assessment has the improvement actions shown in the following table.
You perform the following actions:
For the Data Protection Baseline assessment, change the Test status of Establish a threat intelligence program to Implemented.
Enable multi-factor authentication (MFA) for all users.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-assessments?view=o365-worldwide#create-assessments
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-calculation?view=o365-worldwide#action-types-and-points
NEW QUESTION # 206
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains
1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States.
You plan to onboard all the devices to Windows Defender ATP.
You need to store the Windows Defender ATP data in Europe.
What should you first?
- A. Delete the workspace.
- B. Onboard a new device.
- C. Offboard the test devices.
- D. Create a workspace.
Answer: C
NEW QUESTION # 207
You have a Microsoft 365 subscription that contains all the user data.
You plan to create the retention policy shown in the Locations exhibit. (Click the Locations tab.)
You configure the Advanced retention settings as shown in the Retention exhibit. (Click the Retention tab.)
The locations specified in the policy include the groups shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies
NEW QUESTION # 208
You have a Microsoft 365 subscription.
You create a Microsoft Cloud App Security policy named Risk1 based on the Logon from a risky IP address template as shown in the following exhibit.
You have two users named User1 and User2. Each user signs in to Microsoft SharePoint Online from a risky IP address 10 times within 24 hours.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 209
You are testing a data loss prevention (DLP) policy to protect the sharing of credit card information with external users.
During testing, you discover that a user can share credit card information with external users by using email.
However, the user is prevented from sharing files that contain credit card information by using Microsoft SharePoint Online.
You need to prevent the user from sharing the credit card information by using email and SharePoint.
What should you configure?
- A. the conditions of the DLP policy rule
- B. the locations of the DLP policy
- C. the status of the DLP policy
- D. the user overrides of the DLP policy rule
Answer: B
Explanation:
Section: [none]
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies
NEW QUESTION # 210
HOTSPOT
You have a Microsoft 365 tenant named contoso.com. The tenant contains the users shown in the following table.
You have the eDiscovery cases shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions
NEW QUESTION # 211
Your company purchases a cloud app named App1.
You plan to publish App1 by using a conditional access policy named Policy1.
You need to ensure that you can control access to App1 by using a Microsoft Cloud App Security session policy.
Which two settings should you modify in Policy1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad
NEW QUESTION # 212
You deploy Microsoft Azure Information Protection.
You need to ensure that a security administrator named SecAdmin1 can always read and inspect data protected by Azure Rights Management (Azure RMS).
What should you do?
- A. From the Security & Compliance admin center, add SecAdmin1 to the Compliance Administrator role group.
- B. From the Azure Active Directory admin center, add SecAdmin1 to the Security Reader role group.
- C. From Windows PowerShell, enable the super user feature and assign the role to SecAdmin1.
- D. From the Security & Compliance admin center, add SecAdmin1 to the eDiscovery Manager role group.
Answer: C
Explanation:
The super user feature of the Azure Rights Management service from Azure Information Protection ensures that authorized people and services can always read and inspect the data that Azure Rights Management protects for your organization. However, the super user feature is not enabled by default. The PowerShell cmdlet Enable-AadrmSuperUserFeature is used to manually enable the super user feature.
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-super-users
NEW QUESTION # 213
Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP includes the machine groups shown in the following table.
You onboard a computer named computer1 to Windows Defender ATP as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 214
You have a Microsoft 365 subscription that uses a default domain named contoso.com.
Three files were created on February 1, 2019, as shown in the following table.
On March 1, 2019, you create two retention labels named Label1 and Label2.
The settings for Lable1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)
The settings for Lable2 are configured as shown in the Label2 exhibit. (Click the Label2 tab.)
You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
Retention overrides deletion.
Box 2: No
Content in a document library will be moved to the first-stage Recycle Bin within 7 days of disposition, and then permanently deleted another 93 days after that. Thus 100 days in total.
Box 3: No
Items in an Exchange mailbox will be permanently deleted within 14 days of disposition.
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews
NEW QUESTION # 215
You have a Microsoft 365 tenant.
You plan to implement device configuration profiles in Microsoft Intune.
Which platform can you manage by using the profiles?
- A. Windows 8.1
- B. Ubuntu Linux
- C. macOS
- D. Android Enterprise
Answer: A
NEW QUESTION # 216
You have a Microsoft 365 E5 tenant that contains the users shown in the following table.
The tenant contains the devices shown in the following table.
You have the apps shown in the following table.
You plan to use Microsoft Endpoint Manager to manage the apps for the users.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-deploy
https://docs.microsoft.com/en-us/mem/intune/apps/apps-windows-10-app-deploy
NEW QUESTION # 217
Your company uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
The devices onboarded to Microsoft Defender ATP are shown in the following table.
The alerts visible in the Microsoft Defender ATP alerts queue are shown in the following table.
You create a suppression rule that has the following settings:
Triggering IOC: Any IOC
Action: Hide alert
Suppression scope: Alerts on ATP1 machine group
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 218
You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table.
Group3 is a member of Group1.
Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP contains the roles shown in the following table.
Windows Defender ATP contains the device groups shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 219
You have three devices enrolled in Microsoft Intune as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 220
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
Your company purchases a Microsoft 365 subscription.
You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Cloud App Security admin center.
Solution: From the Cloud App Security admin center, you assign the App/instance admin role for all Microsoft Online Services to User1.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Section: [none]
Explanation:
App/instance admin: Has full or read-only permissions to all of the data in Microsoft Cloud App Security that deals exclusively with the specific app or instance of an app selected.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/manage-admins
NEW QUESTION # 221
As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet March Feature Updates:
Serviced for 18 months from release date September Feature Updates: Serviced for 30 months from release date References:
https://www.windowscentral.com/whats-difference-between-quality-updates-and-feature-updates-windows-10
Topic 3, Litware Inc.
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the button to return to the question.
Overview
General Overviews
Litware, Inc. is a technology research company. The company has a main office in Montreal and a branch office in Seattle.
Environment
Existing Environment
The network contains an on-premises Active Directory domain named litware.com. The domain contains the users shown in the following table.
Microsoft Cloud Environment
Litware has a Microsoft 365 subscription that contains a verified domain named litware.com. The subscription syncs to the on-premises domain.
Litware uses Microsoft Intune for device management and has the enrolled devices shown in the following table.
Litware.com contains the security groups shown in the following table.
Litware uses Microsoft SharePoint Online and Microsoft Teams for collaboration.
The verified domain is linked to an Azure Active Directory (Azure AD) tenant named litware.com. Audit log search is turned on for the litware.com tenant.
Problem Statements
Litware identifies the following issues:
* Users open email attachments that contain malicious content.
* Devices without an assigned compliance policy show a status of Compliant.
* User1 reports that the Sensitivity option in Microsoft Office for the web fails to appear.
* Internal product codes and confidential supplier ID numbers are often shared during Microsoft Teams meetings and chat sessions that include guest users and external users.
Requirements
Planned Changes
Litware plans to implement the following changes:
* Implement device configuration profiles that will configure the endpoint protection template settings for supported devices.
* Configure information governance for Microsoft OneDrive, SharePoint Online, and Microsoft Teams.
* Implement data loss prevention (DLP) policies to protect confidential information.
* Grant User2 permissions to review the audit logs of he litware.com tenant.
* Deploy new devices to the Seattle office as shown in the following table.
* Implement a notification system for when DLP policies are triggered.
* Configure a Safe Attachments policy for the litware.com tenant.
Technical Requirements
Litware identifies the following technical requirements:
* Retention settings must be applied automatically to all the data stored in SharePoint Online sites, OneDrive accounts, and Microsoft Teams channel messages, and the data must be retained for five years.
* Emails messages that contain attachments must be delivered immediately, and placeholder must be provided for the attachments until scanning is complete.
* All the Windows 10 devices in the Seattle office must be enrolled in Intune automatically when the devices are joined to or registered with Azure AD.
* Devices without an assigned compliance policy must show a status of Not Compliant in the Microsoft Endpoint Manager admin center.
A notification must appear in the Microsoft 365 compliance center when a DLP policy is triggered.
User2 must be granted the permissions to review audit logs for the following activities:
- Admin activities in Microsoft Exchange Online
- Admin activities in SharePoint Online
- Admin activities in Azure AD
Users must be able to apply sensitivity labels to documents by using Office for the web.
Windows Autopilot must be used for device provisioning, whenever possible.
A DLP policy must be created to meet the following requirements:
- Confidential information must not be shared in Microsoft Teams chat sessions, meetings, or channel messages.
- Messages that contain internal product codes or supplier ID numbers must be blocked and deleted.
The principle of least privilege must be used.
NEW QUESTION # 222
You need to meet the requirement for the legal department
Which three actions should you perform in sequence from the Security & Compliance admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
References:
https://www.sherweb.com/blog/ediscovery-office-365/
NEW QUESTION # 223
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You have a Microsoft Office 365 retention label named Retention1 that is published to Exchange email.
You have a Microsoft Exchange Online retention policy that is applied to all mailboxes. The retention policy contains a retention tag named Retention2.
Which users can assign Retention1 and Retention2 to their emails? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-exchange?view=o365-worldwide
NEW QUESTION # 224
You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table.
Your company uses Microsoft Intune.
Several devices are enrolled in Intune as shown in the following table.
You create a conditional access policy that has the following settings:
The Assignments settings are configured as follows:
* Users and groups: Group1
* Cloud apps: Microsoft Office 365 Exchange Online
* Conditions: Include All device state, exclude Device marked as compliant Access controls is set to Block access.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 225
You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.
You plan to review device startup performance issues by using Endpoint analytics.
Which devices can you monitor by using Endpoint analytics?
- A. Device1 and Device2 only
- B. Device1, Device2, and Device3 only
- C. Device1, Device2, Device3, and Device4
- D. Device1 only
- E. Device1, Device2, and Device4 only
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/analytics/overview
NEW QUESTION # 226
You have a Microsoft 365 tenant
You have a line-of-business application named App1 that users access by using the My Apps portal.
After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control, You need to be alerted by email if impossible travel is detected for a user of Appl. The solution must ensure that alerts are generated for App1 only.
What should you do?
- A. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.
- B. From Microsoft Cloud App Security, create an app discovery policy.
- C. From Microsoft Cloud App Security, modify the impossible travel alert policy.
- D. From the Azure Active Directory admin center, modify the conditional access policy.
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-anomaly-detection-policy
NEW QUESTION # 227
......
Microsoft MS-101 exam consists of 40-60 multiple-choice questions and is timed at 150 minutes. To pass the exam, candidates must score at least 700 out of 1000 points. MS-101 exam is available in multiple languages and can be taken online or at a testing center. After passing the exam, candidates will receive a Microsoft Certified: Microsoft 365 Mobility and Security certification, which is recognized by employers worldwide and can help advance their career in Microsoft 365 management and security.
MS-101 Braindumps – MS-101 Questions to Get Better Grades: https://passleader.free4dump.com/MS-101-real-dump.html