MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 2

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers

Exam Question 101

Your company uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
The devices onboarded to Microsoft Defender ATP are shown in the following table.

NameMachine group
Device1ATP1
Device2ATP1
Device3ATP2

The alerts visible in the Microsoft Defender ATP alerts queue are shown in the following table.

NameMachine
Alert1Device1
Alert2Device2
Alert3Device3

You create a suppression rule that has the following settings:

  • Triggering IOC: Any IOC
  • Action: Hide alert
  • Suppression scope: Alerts on ATP1 machine group

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • After you create the suppression rule, Alert1 is visible in the alerts queue.
  • After you create the suppression rule, Alert3 is visible in the alerts queue.
  • After you create the suppression rule, a new alert triggered on Device2 is visible in the alerts queue.

Correct Answer:

  • After you create the suppression rule, Alert1 is visible in the alerts queue: Yes
  • After you create the suppression rule, Alert3 is visible in the alerts queue: Yes
  • After you create the suppression rule, a new alert triggered on Device2 is visible in the alerts queue: No

Answer Description:
A suppression rule will not affect alerts that are already in the alerts queue. Only new alerts will be suppressed.

Exam Question 102

Your company has a Microsoft 365 subscription.
You need to configure Microsoft 365 to meet the following requirements:

  • Malware found in email attachments must be quarantined for 20 days.
  • The email address of senders to your company must be verified.

Which two options should you configure in the Security & Compliance admin center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

  • ATP anti-phishing: Protect users from phishing attacks (like impersonation and spoofing), and use safety tips to warn users about potentially harmful messages.
  • ATP safe attachments: Protect your organization from malicious content in email attachments and files in SharePoint, OneDrive, and Teams.
  • ATP Safe Links: Protect your users from opening and sharing malicious links in email messages and Office 2016 desktop apps.
  • Anti-spam: Protect your organization’s email from spam, including what actions to take if spam is detected.
  • DKIM: Add DKIM (DomainKeys Identified Mail) signatures to your domains so recipients know what email messages actually came from your users.
  • Anti-malware: Protect your organization’s email from malware, including what actions to take and who to notify if malware is detected.

Correct Answer:

  • ATP anti-phishing: Protect users from phishing attacks (like impersonation and spoofing), and use safety tips to warn users about potentially harmful messages.
  • ATP safe attachments: Protect your organization from malicious content in email attachments and files in SharePoint, OneDrive, and Teams.

Exam Question 103

You have a Microsoft 365 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
All the devices in your organization are onboarded to Microsoft Defender ATP.
You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.
What should you do?

A. From Alerts queue, create a suppression rule and assign an alert
B. From the Security & Compliance admin center, create an audit log search
C. From Advanced hunting, create a query and a detection rule
D. From the Security & Compliance admin center, create a data loss prevention (DLP) policy
Correct Answer:
C. From Advanced hunting, create a query and a detection rule

Exam Question 104

You have an Azure Active Directory (Azure AD) tenant and a Microsoft 365 E5 subscription. The tenant contains the users shown in the following table.

NameRole
User1Security administrator
User2Security operator
User3Security reader
User4Compliance administrator

You plan to implement Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
You verify that role-based access control (RBAC) is turned on in Microsoft Defender ATP.
You need to identify which user can view security incidents from the Microsoft Defender Security Center.
Which user should you identify?

A. User1
B. User2
C. User3
D. User4
Correct Answer:
A. User1

Exam Question 105

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Microsoft Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Microsoft Defender ATP-related data to be stored in the United States.
You plan to onboard all the devices to Microsoft Defender ATP.
You need to store the Microsoft Defender ATP data in Europe.
What should you do first?

A. Create a workspace.
B. Onboard a new device.
C. Delete the workspace.
D. Offboard the test devices.
Correct Answer:
D. Offboard the test devices.

Exam Question 106

You have a Microsoft 365 subscription.
You need to be notified if users receive email containing a file that has a virus.
What should you do?

A. From the Exchange admin center, create an in-place eDiscovery & hold.
B. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
C. From the Exchange admin center, create an anti-malware policy.
D. From the Exchange admin center, create a mail flow rule.
Correct Answer:
C. From the Exchange admin center, create an anti-malware policy.

Exam Question 107

You have a Microsoft 365 subscription that contains 500 users.
You have several hundred computers that run the 64-bit version of Windows 10 Enterprise and have the following configurations:

  • Two volumes that contain data
  • A CPU that has two cores
  • TPM disabled
  • 4 GB of RAM

All the computers are managed by using Microsoft Endpoint Manager.
You need to ensure that you can turn on Windows Defender Application Guard on the computers.
What should you do first?

A. Modify the edition of Windows 10.
B. Create an additional volume.
C. Replace the CPU and enable TPM.
D. Replace the CPU and increase the RAM.
Correct Answer:
D. Replace the CPU and increase the RAM.
Answer Description:
The computers need 4 CPU cores and 8GB of RAM.

Exam Question 108

You have a Microsoft 365 E5 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
From Microsoft Defender ATP, you turn on the Allow or block file advanced feature.
You need to block users from downloading a file named File1.exe.
What should you use?

A. a suppression rule
B. an indicator
C. a device configuration profile
Correct Answer:
B. an indicator

Exam Question 109

You have a Microsoft 365 E5 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).
When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.
When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.
You need to enable user access to the partner company’s portal.
Which Microsoft Defender ATP setting should you modify?

A. Custom detections
B. Advanced hunting
C. Alert notifications
D. Indicators
E. Alert suppression
Correct Answer:
D. Indicators

Exam Question 110

You have a Microsoft 365 subscription.
You create a Microsoft Cloud App Security policy named Risk1 based on the Logon from a risky IP address template as shown in the following exhibit.
You create a Microsoft Cloud App Security policy named Risk1 based on the Logon from a risky IP address template as shown in the following exhibit.
You have two users named User1 and User2. Each user signs in to Microsoft SharePoint Online from a risky IP address 10 times within 24 hours.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Admin1 will receive [answer choice].:

  • one notification
  • five notifications
  • ten notifications
  • no notifications

User1 will receive [answer choice].:

  • one notification
  • five notifications
  • ten notifications
  • no notifications

Correct Answer:

  • Admin1 will receive [five notifications].
  • User1 will receive [five notifications].