The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.
Exam Question 11
You have several devices enrolled in Microsoft Endpoint Manager.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.
| Name | Member of |
|---|---|
| User1 | Group1 |
| User2 | Group1, Group2 |
| User3 | None |
The device type restrictions in Endpoint Manager are configured as shown in the following table.
| Priority | Name | Allowed platform | Assigned to |
|---|---|---|---|
| 1 | Policy1 | Android, iOS, Windows (MDM) | None |
| 2 | Policy2 | Windows (MDM) | Group2 |
| 3 | Policy3 | Android, iOS | Group1 |
| Default | All users | Android, Windows (MDM) | All users |
You add User3 as a device enrollment manager in Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- User1 can enroll Windows devices in Endpoint Manager.
- User2 can enroll Android in Endpoint Manager.
- User3 can enroll iOS devices in Endpoint Manager.
Correct Answer:
- User1 can enroll Windows devices in Endpoint Manager: No
- User2 can enroll Android in Endpoint Manager: Yes
- User3 can enroll iOS devices in Endpoint Manager: Yes
Exam Question 12
You create two device compliance policies for Android devices as shown in the following table.
| Policy | Configuration | Action | Assigned to |
|---|---|---|---|
| Policy1 | Require encryption of the data storage on the device. | Mark as noncompliant immediately. | Group1 |
| Policy2 | Require Google Play services. | Mark as noncompliant immediately. | Group2 |
You have the Android devices shown in the following table.
| Name | User | Configuration |
|---|---|---|
| Android1 | User1 | Not encrypted |
| Android2 | User2 | Google Play services not configured |
| Android3 | User3 | Not encrypted Google Play services configured |
The users belong to the groups shown in the following table.
| User | Group |
|---|---|
| User1 | Group1 |
| User2 | Group1, Group2 |
| User3 | Group2 |
The users enroll their device in Microsoft Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- The device of User1 is compliant.
- The device of User2 is compliant.
- The device of User3 is compliant.
Correct Answer:
- The device of User1 is compliant: No
- The device of User2 is compliant: No
- The device of User3 is compliant: Yes
Exam Question 13
Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain.
You update the Windows 10 devices by using Windows Update for Business.
What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Quality updates:
- 14 days
- 30 days
- 60 days
- 120 days
Feature updates:
- 60 days
- 180 days
- 365 days
- 540 days
Correct Answer:
- Quality updates: 30 days
- Feature updates: 365 days
Exam Question 14
Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices.
Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Deploy applications to Windows 10 devices.
B. Deploy VPN profiles to iOS devices.
C. Deploy VPN profiles to Windows 10 devices.
D. Publish applications to Android devices.
Correct Answer:
B. Deploy VPN profiles to iOS devices.
D. Publish applications to Android devices.
Exam Question 15
Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).
You have Windows 10 and Windows 8.1 devices.
You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
First action to perform:
- Enroll the devices in Microsoft Intune.
- Configure device compliance in Microsoft Intune.
- Create a Microsoft Azure Log Analytics workspace.
- Add an alias (CNAME) record to the DNS zone of contoso.com
Second action to perform:
- Configure all the devices to have a commercial ID.
- Configure software inventory in Configuration Manager.
- Configure all the devices to join the Windows Insider Program.
- Configure and restart the Windows Update service on all the devices.
Correct Answer:
- First action to perform : Create a Microsoft Azure Log Analytics workspace.
- Second action to perform: Configure all the devices to have a commercial ID.
Exam Question 16
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You have a Microsoft 365 subscription.
You need to ensure that administrators can manage the configuration settings for all the Windows 10 devices in your organization.
What should you configure?
A. the Enrollment restrictions
B. the mobile device management (MDM) authority
C. the Exchange on-premises access settings
D. the Windows enrollment settings
Correct Answer:
B. the mobile device management (MDM) authority
Exam Question 17
You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)
The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)
Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.
You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.
What should you do?
A. From the conditional access policy, configure the device state.
B. From the Azure Active Directory admin center, create a custom control.
C. From the Endpoint Manager admin center, create a device compliance policy.
D. From the Azure Active Directory admin center, create a named location.
Correct Answer:
D. From the Azure Active Directory admin center, create a named location.
Exam Question 18
You have computers that run Windows 10 Enterprise and are joined to the domain.
You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.
You need to prevent Windows from being updated for the next 30 days.
Which two Group Policy settings should you configure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Select when Quality Updates are received
B. Select when Preview Builds and Feature Updates are received
C. Turn off auto-restart for updates during active hours
D. Manage preview builds
E. Automatic updates detection frequency
Correct Answer:
B. Select when Preview Builds and Feature Updates are received
D. Manage preview builds
Exam Question 19
You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.
| Name | Platform | BitLocker Drive Encryption (BitLocker) | Member of |
|---|---|---|---|
| Device1 | Windows 10 | Disabled | Group1, Group2 |
| Device2 | Windows 10 | Disabled | Group2, Group3 |
| Device3 | Windows 10 | Disabled | Group3 |
The device compliance policies in Endpoint Manager are configured as shown in the following table.
| Name | Require BitLocker | Mark noncompliant after (days) | Assigned |
|---|---|---|---|
| Policy1 | Require | 5 | No |
| Policy2 | Require | 10 | Yes |
| Policy3 | Non configured | 15 | Yes |
The device compliance policies have the assignments shown in the following table.
| Name | Assigned to |
|---|---|
| Policy2 | Group2 |
| Policy3 | Group3 |
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- Device1 is marked as noncompliant after 10 days.
- Device2 is marked as noncompliant after 10 days.
- Device3 is marked as noncompliant after 15 days.
Correct Answer:
- Device1 is marked as noncompliant after 10 days: Yes
- Device2 is marked as noncompliant after 10 days: Yes
- Device3 is marked as noncompliant after 15 days: No
Exam Question 20
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.
Which role should you assign to the user?
A. Cloud application administrator
B. Application administrator
C. Global administrator
D. Service administrator
Correct Answer:
C. Global administrator