MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 1

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

Exam Question 11

You have several devices enrolled in Microsoft Endpoint Manager.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

NameMember of
User1Group1
User2Group1, Group2
User3None

The device type restrictions in Endpoint Manager are configured as shown in the following table.

PriorityNameAllowed platformAssigned to
1Policy1Android, iOS, Windows (MDM)None
2Policy2Windows (MDM)Group2
3Policy3Android, iOSGroup1
DefaultAll usersAndroid, Windows (MDM)All users

You add User3 as a device enrollment manager in Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • User1 can enroll Windows devices in Endpoint Manager.
  • User2 can enroll Android in Endpoint Manager.
  • User3 can enroll iOS devices in Endpoint Manager.

Correct Answer:

  • User1 can enroll Windows devices in Endpoint Manager: No
  • User2 can enroll Android in Endpoint Manager: Yes
  • User3 can enroll iOS devices in Endpoint Manager: Yes

Exam Question 12

You create two device compliance policies for Android devices as shown in the following table.

PolicyConfigurationActionAssigned to
Policy1Require encryption of the data storage on the device.Mark as noncompliant immediately.Group1
Policy2Require Google Play services.Mark as noncompliant immediately.Group2

You have the Android devices shown in the following table.

NameUserConfiguration
Android1User1Not encrypted
Android2User2Google Play services not configured
Android3User3Not encrypted
Google Play services configured

The users belong to the groups shown in the following table.

UserGroup
User1Group1
User2Group1, Group2
User3Group2

The users enroll their device in Microsoft Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • The device of User1 is compliant.
  • The device of User2 is compliant.
  • The device of User3 is compliant.

Correct Answer:

  • The device of User1 is compliant: No
  • The device of User2 is compliant: No
  • The device of User3 is compliant: Yes

Exam Question 13

Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain.
You update the Windows 10 devices by using Windows Update for Business.
What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Quality updates:

  • 14 days
  • 30 days
  • 60 days
  • 120 days

Feature updates:

  • 60 days
  • 180 days
  • 365 days
  • 540 days

Correct Answer:

  • Quality updates: 30 days
  • Feature updates: 365 days

Exam Question 14

Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices.
Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. Deploy applications to Windows 10 devices.
B. Deploy VPN profiles to iOS devices.
C. Deploy VPN profiles to Windows 10 devices.
D. Publish applications to Android devices.
Correct Answer:
B. Deploy VPN profiles to iOS devices.
D. Publish applications to Android devices.

Exam Question 15

Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).
You have Windows 10 and Windows 8.1 devices.
You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

First action to perform:

  • Enroll the devices in Microsoft Intune.
  • Configure device compliance in Microsoft Intune.
  • Create a Microsoft Azure Log Analytics workspace.
  • Add an alias (CNAME) record to the DNS zone of contoso.com

Second action to perform:

  • Configure all the devices to have a commercial ID.
  • Configure software inventory in Configuration Manager.
  • Configure all the devices to join the Windows Insider Program.
  • Configure and restart the Windows Update service on all the devices.

Correct Answer:

  • First action to perform : Create a Microsoft Azure Log Analytics workspace.
  • Second action to perform: Configure all the devices to have a commercial ID.

Exam Question 16

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You have a Microsoft 365 subscription.
You need to ensure that administrators can manage the configuration settings for all the Windows 10 devices in your organization.
What should you configure?

A. the Enrollment restrictions
B. the mobile device management (MDM) authority
C. the Exchange on-premises access settings
D. the Windows enrollment settings
Correct Answer:
B. the mobile device management (MDM) authority

Exam Question 17

You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)
You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit.
The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)
The users and groups settings are configured as shown in the Users and Groups exhibit.
Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.
You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.
What should you do?

A. From the conditional access policy, configure the device state.
B. From the Azure Active Directory admin center, create a custom control.
C. From the Endpoint Manager admin center, create a device compliance policy.
D. From the Azure Active Directory admin center, create a named location.
Correct Answer:
D. From the Azure Active Directory admin center, create a named location.

Exam Question 18

You have computers that run Windows 10 Enterprise and are joined to the domain.
You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.
You need to prevent Windows from being updated for the next 30 days.
Which two Group Policy settings should you configure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A. Select when Quality Updates are received
B. Select when Preview Builds and Feature Updates are received
C. Turn off auto-restart for updates during active hours
D. Manage preview builds
E. Automatic updates detection frequency
Correct Answer:
B. Select when Preview Builds and Feature Updates are received
D. Manage preview builds

Exam Question 19

You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.

NamePlatformBitLocker Drive Encryption (BitLocker)Member of
Device1Windows 10DisabledGroup1, Group2
Device2Windows 10DisabledGroup2, Group3
Device3Windows 10DisabledGroup3

The device compliance policies in Endpoint Manager are configured as shown in the following table.

NameRequire BitLockerMark noncompliant after (days)Assigned
Policy1Require5No
Policy2Require10Yes
Policy3Non configured15Yes

The device compliance policies have the assignments shown in the following table.

NameAssigned to
Policy2Group2
Policy3Group3

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • Device1 is marked as noncompliant after 10 days.
  • Device2 is marked as noncompliant after 10 days.
  • Device3 is marked as noncompliant after 15 days.

Correct Answer:

  • Device1 is marked as noncompliant after 10 days: Yes
  • Device2 is marked as noncompliant after 10 days: Yes
  • Device3 is marked as noncompliant after 15 days: No

Exam Question 20

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.
Which role should you assign to the user?

A. Cloud application administrator
B. Application administrator
C. Global administrator
D. Service administrator
Correct Answer:
C. Global administrator