Skip to Content

MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 1

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

Exam Question 91

Your company uses Microsoft Defender Advanced Threat Protection (ATP). Microsoft Defender ATP includes the machine groups shown in the following table.

Rank Machine group Members
1 Group1 Tag Equals demo And OS In Windows 10
2 Group2 Tag Equals demo
3 Group3 Domain Equals adatum.com
4 Group4 Domain Equals adatum.com And OS In Windows 10
Last Ungrouped machines (default) Not applicable

You onboard a computer named computer1 to Microsoft Defender ATP as shown in the following exhibit.
You onboard a computer named computer1 to Microsoft Defender ATP as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement.
NOTE: Each correct selection is worth one point.

Computer1 will be a member of [answer choice].:

  • Group3 only
  • Group4 only
  • Group3 and Group4 only
  • Ungrouped machines

If you add the tag demo to Computer1, the computer will be a member of [answer choice].:

  • Group1 only
  • Group1 and Group2 only
  • Group1, Group2, Group3, and Group4
  • Ungrouped machines

Correct Answer:

  • Computer1 will be a member of [Group3 and Group4 only].
  • If you add the tag demo to Computer1, the computer will be a member of [Group1, Group2, Group3, and Group4].

Exam Question 92

You have a Microsoft 365 subscription.
You are planning a threat management solution for your organization.
You need to minimize the likelihood that users will be affected by the following threats:

  • Opening files in Microsoft SharePoint that contain malicious content
  • Impersonation and spoofing attacks in email messages

Which policies should you create in the Security & Compliance admin center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Opening files in SharePoint that contain malicious content:

  • Anti-spam
  • ATP anti-phishing
  • ATP safe attachments
  • ATP Safe Links

Impersonation and spoofing attacks in email messages:

  • Anti-spam
  • ATP anti-phishing
  • ATP safe attachments
  • ATP Safe Links

Correct Answer:

  • Opening files in SharePoint that contain malicious content: ATP safe attachments
  • Impersonation and spoofing attacks in email messages: ATP anti-phishing

Answer Description:
Box 1: ATP Safe Attachments
ATP Safe Attachments provides zero-day protection to safeguard your messaging system, by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox.
Box 2: ATP anti-phishing
ATP anti-phishing protection detects attempts to impersonate your users and custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks. ATP Safe Links provides time-of-click verification of URLs, for example, in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked.

Exam Question 93

You have a Microsoft 365 subscription.
All users have their email stored in Microsoft Exchange Online.
In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX.
What should you do first?

A. From Microsoft Cloud App Security, create an access policy.
B. From the Security & Compliance admin center, create an eDiscovery case.
C. From Microsoft Cloud App Security, create an activity policy.
D. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
Correct Answer:
D. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
Answer Description:
A DLP policy contains a few basic things:

Where to protect the content: locations such as Exchange Online, SharePoint Online, and OneDrive for Business sites, as well as Microsoft Teams chat and channel messages.

When and how to protect the content by enforcing rules comprised of: Conditions the content must match before the rule is enforced. For example, a rule might be configured to look only for content containing Social Security numbers that’s been shared with people outside your organization.

Actions that you want the rule to take automatically when content matching the conditions is found. For example, a rule might be configured to block access to a document and send both the user and compliance officer an email notification.

Exam Question 94

You have a Microsoft 365 subscription.
From the subscription, you perform an audit log search, and you download all the results.
You plan to review the audit log data by using Microsoft Excel.
You need to ensure that each audited property appears in a separate Excel column.
What should you do first?

A. From Power Query Editor, transform the JSON data.
B. Format the Operations column by using conditional formatting.
C. Format the AuditData column by using conditional formatting.
D. From Power Query Editor, transform the XML data.
Correct Answer:
A. From Power Query Editor, transform the JSON data.
Answer Description:
After you search the Office 365 audit log and download the search results to a CSV file, the file contains a column named AuditData, which contains additional information about each event. The data in this column is formatted as a JSON object, which contains multiple properties that are configured as property:value pairs separated by commas. You can use the JSON transform feature in the Power Query Editor in Excel to split each property in the JSON object in the AuditData column into multiple columns so that each property has its own column. This lets you sort and filter on one or more of these properties.

Exam Question 95

You have a Microsoft 365 subscription.
You need to be notified if users receive email containing a file that has a virus.
What should you do?

A. From the Exchange admin center, create a spam filter policy.
B. From the Security & Compliance admin center, create a data governance event.
C. From the Security & Compliance admin center, create an alert policy.
D. From the Exchange admin center, create a mail flow rule.
Correct Answer:
C. From the Security & Compliance admin center, create an alert policy.
Answer Description:
You can create alert policies to track malware activity and data loss incidents. We’ve also included several default alert policies that help you monitor activities such as assigning admin privileges in Exchange Online, malware attacks, phishing campaigns, and unusual levels of file deletions and external sharing.

The Email messages containing malware removed after delivery default alert generates an alert when any messages containing malware are delivered to mailboxes in your organization.

Incorrect answers:
A: A spam filter policy includes selecting the action to take on messages that are identified as spam. Spam filter policy settings are applied to inbound messages.
B: A data governance event commences when an administrator creates it, following which background processes look for content relating to the event and take the retention action defined in the label. The retention action can be to keep or remove items, or to mark them for manual disposition.
D: You can inspect email attachments in your Exchange Online organization by setting up mail flow rules. Exchange Online offers mail flow rules that provide the ability to examine email attachments as a part of your messaging security and compliance needs. However, mail flow rules are not used to detect malware in emails.

Exam Question 96

You have the Microsoft Azure Advanced Threat Protection (ATP) workspace shown in the Workspace exhibit. (Click the Workspace tab.)
You have the Microsoft Azure Advanced Threat Protection (ATP) workspace shown in the Workspace exhibit. (Click the Workspace tab.)
The sensors settings for the workspace are configured as shown in the Sensors exhibit. (Click the Sensors tab.)
The sensors settings for the workspace are configured as shown in the Sensors exhibit. (Click the Sensors tab.)
You need to ensure that Azure ATP stores data in Asia.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Modify the integration setting for the workspace.

  • Delete the workspace.
  • Regenerate the access keys.
  • Create a new workspace.
  • Modify the Azure ATP user roles.

Correct Answer:

  • Delete the workspace.
  • Create a new workspace.
  • Regenerate the access keys.

Exam Question 97

Your company has five security information and event management (SIEM) appliances. The traffic logs from each appliance are saved to a file share named Logs.
You need to analyze the traffic logs.
What should you do from Microsoft Cloud App Security?

A. Click Investigate, and then click Activity log.
B. Click Control, and then click Policies. Create a file policy.
C. Click Discover, and then click Create snapshot report.
D. Click Investigate, and then click Files.
Correct Answer:
A. Click Investigate, and then click Activity log.

Exam Question 98

You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
Your company purchases a Microsoft 365 subscription.
You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Cloud App Security admin center.
Solution: From the Cloud App Security admin center, you assign the App/instance admin role for all Microsoft Online Services to User1.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
B. No
Answer Description:
App/instance admin: Has full or read-only permissions to all of the data in Microsoft Cloud App Security that deals exclusively with the specific app or instance of an app selected.

Exam Question 99

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
The tenant is configured to use Azure AD Identity Protection.
You plan to use an application named App1 that creates reports of Azure AD Identity Protection usage.
You register App1 in the tenant.
You need to ensure that App1 can read the risk event information of contoso.com.
To which API should you delegate permissions?

A. Windows Azure Service Management API
B. Windows Azure Active Directory
C. Microsoft Graph
D. Office 365 Management
Correct Answer:
C. Microsoft Graph

Exam Question 100

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains computers that run Windows 10 Enterprise and are managed by using Microsoft Intune. The computers are configured as shown in the following table.

Name CPU Cores RAM TPM
Computer1 64-bit 2 12 GB Enabled
Computer2 64-bit 4 12 GB Enabled
Computer3 64-bit 8 16 GB Disabled
Computer4 32-bit 4 4 GB Disabled

You plan to implement Windows Defender Application Guard for contoso.com.
You need to identify on which two Windows 10 computers Windows Defender Application Guard can be installed.
Which two computers should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Computer1
B. Computer3
C. Computer2
D. Computer4
Correct Answer:
B. Computer3
C. Computer2