MS-101 Exam - Microsoft 365 Mobility and Security (beta)

NEW QUESTION 1
HOTSPOT
You have a Microsoft 365 subscription.
You have a group named Support. Users in the Support group frequently send email messages to external users.
The manager of the Support group wants to randomly review messages that contain attachments. You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/supervision-policies

NEW QUESTION 2
DRAG DROP
You need to meet the requirement for the legal department
Which three actions should you perform in sequence from the Security & Compliance admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://www.sherweb.com/blog/edisHYPERLINK "https://www.sherweb.com/blog/ediscovery-office-365/"covery-office-365/

NEW QUESTION 3
HOTSPOT
You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.

The domain contains the devices shown in the following table.

The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access

NEW QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/new- azurermroleassignment?
view=azurermps-6.13.0

NEW QUESTION 5
Your company uses Microsoft System Center Configuration Manager (Current Branch) and Microsoft Intune to co-manage devices.
Which two actions can be performed only from Intune? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

• A. Deploy applications to Windows 10 devices.
• B. Deploy VPN profiles to iOS devices.
• C. Deploy VPN profiles to Windows 10 devices.
• D. Publish applications to Android devices.

Answer: BD

Explanation:
References:
https://docs.microsofHYPERLINK "https://docs.microsoft.com/en-us/sccm/comanage/overview"t.com/en-us/sccm/comanage/overview
https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/create-vpn-profiles

NEW QUESTION 6
HOTSPOT
You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection

NEW QUESTION 7
Your network contains an on premises Active Directory domain.
Your company has a security policy that prevents additional software from txnrwj installed on domain controllers.
You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP). What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

• A. Deploy an Azure ATP sensor, and then configure port mirroring.
• B. Deploy an Azure ATP sensor, and then configure detections.
• C. Deploy an Azure ATP standalone sensor, and then configure detections.
• D. Deploy an Azure ATP standalone sensor, and then configure port mirroring.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/instHYPERLINK "https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5"all-atp-step5

NEW QUESTION 8
In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.
Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.)

You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.
What should you configure?

• A. an action
• B. a group
• C. an exception
• D. a condition

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies#how-dlp-policies-work

NEW QUESTION 9
HOTSPOT
You need to configure a conditional access policy to meet the compliance requirements. You add Exchange Online as a cloud app.
Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 10
HOTSPOT
You have a Microsoft 365 subscription that uses a default domain named contoso.com. Three files were created on February 1, 2021, as shown in the following table.

On March 1, 2021, you create two retention labels named Label1 and Label2.
The settings for Lable1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)

The settings for Lable2 are configured as shown in the Label2 exhibit. (Click the Label2 tab.)

You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews

NEW QUESTION 11
You have a Microsoft 365 subscription.
All users have their email stored in Microsoft Exchange Online.
In the mailbox of a user named User 1. You need to preserve a copy of all the email messages that contain the word Project X.
WDM should you do?

• A. From the Security & Compliance admin center, create an eDiscovery case.
• B. From the Exchange admin center, create a mail now rule.
• C. From the Security fit Compliance adman center, start a message trace.
• D. From Microsoft Cloud App Security, create an access policy.

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/ediscovery-cases#step-2-create-a-new-case

NEW QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From Windows PowerShell, you run the New-ComplianceSecurityFilter cmdlet with the appropriate parameters.
Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-filtering-for-content- search
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-content-search/newcompliancesecurityfilter?view=exchange-ps

NEW QUESTION 13
HOTSPOT
You create two device compliance policies for Android devices as shown in the following table.

The users belong to the groups shown in the following table.

The users enroll their device in Microsoft Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android

NEW QUESTION 14
You need to ensure that User1 can enroll the devices to meet the technical requirements. What should you do?

• A. From the Azure Active Directory admin center, assign User1 the Cloud device administrator rote.
• B. From the Azure Active Directory admin center, configure the Maximum number of devices per user setting.
• C. From the Intune admin center, add User1 as a device enrollment manager.
• D. From the Intune admin center, configure the Enrollment restrictions.

Answer: C

Explanation:
References:
https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrHYPERLINK "https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager"ollment-manager

NEW QUESTION 15
HOTSPOT
You have three devices enrolled in Microsoft Intune as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 16
You have a Microsoft 365 subscription.
You configure a data loss prevention (DIP) policy.
You discover that users are incorrectly marking content as false positive and bypassing the OLP policy.
You need to prevent the users from bypassing the DLP policy. What should you configure?

• A. incident reports
• B. actions
• C. exceptions
• D. user overrides

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

NEW QUESTION 17
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).
You configure pilot co-management
You add a new device named Device 1 to the domain. You install the Configuration Manager client on Device1.
You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.
Solution: You unjoin Device1 from the Active Directory domain. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 18
HOTSPOT
You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table.

Your company uses Microsoft Intune.
Several devices are enrolled in Intune as shown in the following table.

You create a conditional access policy that has the following settings: The Assignments settings are configured as follows:
Users and groups: Group1
Cloud apps: Microsoft Office 365 Exchange Online
Conditions: Include All device state, exclude Device marked as compliant Access controls is set to Block access.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 19
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
In the tenant, you create a user named User1.
You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege.
To which role group should you add User1?

• A. Security Administrator
• B. Records Management
• C. Compliance Administrator
• D. eDiscovery Manager

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/file-plan-manager

NEW QUESTION 20
HOTSPOT
You have Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the
information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Note: The Aggregation settings has a 120 minute window

NEW QUESTION 21
You have a Microsoft 365 subscription.
You need to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity during the past month. The solution must minimize administrative effort.
Which admin center should you use?

• A. Azure ATP
• B. Security & Compliance
• C. Cloud App Security
• D. Flow

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance

NEW QUESTION 22
HOTSPOT
As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://www.windowscentral.com/whats-difference-HYPERLINK "https://www.windowscentral.com/whats-difference-between-quality-updates-and-feature-updates-windows-10"between-quality-updates-and-feature-updates-windows-10

NEW QUESTION 23
HOTSPOT
You have three devices enrolled .n Microsoft Intune as shown .n the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 24
You plan to use the Security & Compliance admin center to import several PST files into Microsoft 365 mailboxes.
Which three actions should you perform before you import the data? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. From the Exchange admin center, create a public folder.
• B. Copy the PST files by using AzCopy.
• C. From the Exchange admin center, assign admin roles.
• D. From the Microsoft Azure portal, create a storage account that has a blob container.
• E. From the Microsoft 365 admin center, deploy an add-in.
• F. Create a mapping file that uses the CSV file format.

Answer: BCF

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/use-network-upload-to-import-pst- files

NEW QUESTION 25
......