MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 1

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

Exam Question 61

You need to create the Microsoft Store for Business.
Which user can create the store?

A. User2
B. User3
C. User4
D. User5
Correct Answer:
C. User4

Exam Question 62

You need to meet the Intune requirements for the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Settings to configure in Azure AD:

  • Device settings
  • Mobility (MDM and MAM)
  • Organizational relationship
  • User settings

Settings to configure in Intune:

  • Device compliance
  • Device configuration
  • Device enrollment
  • Mobile Device Management Authority

Correct Answer:

  • Settings to configure in Azure AD: Mobility (MDM and MAM)
  • Settings to configure in Intune: Device enrollment

Exam Question 63

You need to configure a conditional access policy to meet the compliance requirements.
You add Exchange Online as a cloud app.
Which two additional settings should you configure in Policy1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Which two additional settings should you configure in Policy1?

Correct Answer:
Answer: Which two additional settings should you configure in Policy1?

Exam Question 64

As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Seattle:

  • 6 months
  • 18 months
  • 24 months
  • 30 months
  • 5 years

New York:

  • 6 months
  • 18 months
  • 24 months
  • 30 months
  • 5 years

Correct Answer:

  • Seattle: 24 months
  • New York: 30 months

Exam Question 65

You need to ensure that User1 can enroll the devices to meet the technical requirements.
What should you do?

A. From the Azure Active Directory admin center, assign User1 the Cloud device administrator role.
B. From the Azure Active Directory admin center, configure the Maximum number of devices per user setting.
C. From the Endpoint Management admin center, add User1 as a device enrollment manager.
D. From the Endpoint Management admin center, configure the Enrollment restrictions.
Correct Answer:
C. From the Endpoint Management admin center, add User1 as a device enrollment manager.

Exam Question 66

You need to meet the technical requirements and planned changes for Intune.
What should you do? To answer, select the appropriate options is the answer area.
NOTE: Each correct selection is worth one point.

Settings to configure in Azure AD:

  • Device settings
  • Mobility (MDM and MAM)
  • Organizational relationship
  • User settings

Settings to configure in Intune:

  • Device compliance
  • Device configuration
  • Device enrollment
  • Mobile Device Management Authority

Correct Answer:

  • Settings to configure in Azure AD: Mobility (MDM and MAM)
  • Settings to configure in Intune: Device enrollment

Implement modern device services: Testlet 3: Case Study

Overview

ADatum Corporation is an international financial services company that has 5,000 employees.
ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy.
All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet.

Existing Environment

Current Infrastructure

ADatum recently purchased a Microsoft 365 subscription.
All user files are migrated to Microsoft 365.
All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected]
Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
ADatum uses and processes Personally Identifiable Information (PII).

Problem Statements

ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365.

Requirements

Business Goals

ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
ADatum wants to minimize the cost of hardware and software whenever possible.

Technical Requirements

ADatum identifies the following technical requirements:

  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user’s user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.

Exam Question 67

You need to recommend a solution for the security administrator. The solution must meet the technical requirements.
What should you include in the recommendation?

A. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management
B. Microsoft Azure Active Directory (Azure AD) Identity Protection
C. Microsoft Azure Active Directory (Azure AD) conditional access policies
D. Microsoft Azure Active Directory (Azure AD) authentication methods
Correct Answer:
C. Microsoft Azure Active Directory (Azure AD) conditional access policies

Exam Question 68

You have a Microsoft 365 subscription.
You have the devices shown in the following table.

Operating systemQuantity
WIndows 8.15
Windows 105
Windows Server 20165

You need to onboard the devices to Microsoft Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible.
Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Correct Answer:

  • Windows 8.1: Microsoft Monitoring Agent
  • Windows 10: A local script
  • Windows Server 2016: Microsoft Monitoring Agent

Exam Question 69

The users at your company use Dropbox Business to store documents. The users access Dropbox Business by using the MyApps portal.
You need to ensure that user access to Dropbox Business is authenticated by using a Microsoft 365 identity.
The documents must be protected if the data is downloaded to a device that is not trusted.
What should you do?

A. From the Azure Active Directory admin center, configure conditional access settings.
B. From the Azure Active Directory admin center, configure the device settings.
C. From the Azure Active Directory admin center, configure organizational relationships settings.
D. From the Endpoint Manager admin center, configure device enrollment settings.
Correct Answer:
A. From the Azure Active Directory admin center, configure conditional access settings.

Exam Question 70

You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint sharing policy is modified in the future.
Solution: From the SharePoint admin center, you modify the sharing settings.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
B. No