Skip to Content

MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 2

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

Exam Question 191

You are testing a data loss prevention (DLP) policy to protect the sharing of credit card information with external users.
During testing, you discover that a user can share credit card information with external users by using email.
However, the user is prevented from sharing files that contain credit card information by using Microsoft SharePoint Online.
You need to prevent the user from sharing the credit card information by using email and SharePoint.
What should you configure?

A. the locations of the DLP policy
B. the user overrides of the DLP policy rule
C. the status of the DLP policy
D. the conditions of the DLP policy rule
Correct Answer:
A. the locations of the DLP policy

Exam Question 192

You have a Microsoft 365 subscription.
You need to view the IP address from which a user synced a Microsoft SharePoint Online library.
What should you do?

A. From the SharePoint Online admin center, view the usage reports.
B. From the Security & Compliance admin center, perform an audit log search.
C. From the Microsoft 365 admin center, view the usage reports.
D. From the Microsoft 365 admin center, view the properties of the user’s user account.
Correct Answer:
B. From the Security & Compliance admin center, perform an audit log search.

Exam Question 193

Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in the following table.

Name IP address
Server1 192.168.1.10
Server2 192.168.2.10

A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1, App2, and App3 are installed on a Windows 10 device named Device1. All open files have the .abc file extension.
You implement Windows Information Protection (WIP) by creating a policy named Policy1 that uses the following configurations:

  • Exempt apps: App2
  • Protected apps: App1
  • Windows Information Protection mode: Block
  • Network boundary: IPv4 range of: 192.168.1.1-192.168.1.255

You ensure that Policy1 applies to Device1.
You need to identify the apps from which you can open File1.abc.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • You can open File1.abc in App1
  • You can open File1.abc in App2
  • You can open File1.abc in App3

Correct Answer:

  • You can open File1.abc in App1: Yes
  • You can open File1.abc in App2: Yes
  • You can open File1.abc in App3: No

Exam Question 194

In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.
Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.)
Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.
What should you configure?

A. an exception
B. an action
C. a condition
D. a group
Correct Answer:
B. an action

Exam Question 195

You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit.
You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

If you copy the file from OneDrive to your internet connected computer, you [answer choice].

  • cannot open the document.
  • can open the document indefinitely.
  • can open the document for up to 7 days.
  • can open the document for up to 30 days

If you email the document to a user outside your organization, the user [answer choice].

  • cannot open the document.
  • can open the document indefinitely.
  • can open the document for up to 7 days.
  • can open the document for up to 30 days

Correct Answer:

  • If you copy the file from OneDrive to your internet connected computer, you [can open the document for up to 30 days].
  • If you email the document to a user outside your organization, the user [cannot open the document].

Exam Question 196

You have a Microsoft Office 365 subscription.
You need to delegate eDiscovery tasks as shown in the following table.

User Task
User1 Decrypt Microsoft Azure Rights Management (Azure RMS)-protected content.
View only the eDiscovery cases created by User1.
Configure case settings.
Place content on hold.
User2 View the eDiscovery cases created by both User1 and User2.
Export data from Advanced eDiscovery.

The solution must follow the principle of the least privilege.
To which role group should you assign each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

User1:

  • eDiscovery Administrator
  • eDiscovery Manager
  • Records Management
  • Reviewer
  • Security Administrator

User2:

  • eDiscovery Administrator
  • eDiscovery Manager
  • Records Management
  • Reviewer
  • Security Administrator

Correct Answer:

  • User1: eDiscovery Manager
  • User2: eDiscovery Administrator

Exam Question 197

You have a Microsoft 365 subscription.
You need to identify which administrative users performed eDiscovery searches during the past week.
What should you do from the Security & Compliance admin center?

A. Perform a content search
B. Create a supervision policy
C. Create an eDiscovery case
D. Perform an audit log search
Correct Answer:
D. Perform an audit log search

Exam Question 198

You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.
You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

DLP1 cannot be applied to [answer choice].

  • Exchange email
  • SharePoint sites
  • OneDrive accounts

DLP1 will be applied only to documents that have [answer choice].

  • both a credit card number and the 1 year label applied
  • either a credit card number or the 1 year label applied
  • between 85 and 100 credit card numbers

Correct Answer:

  • DLP1 cannot be applied to [Exchange email].
  • DLP1 will be applied only to documents that have [either a credit card number or the 1 year label applied].

Answer Description:
Using a retention label in a policy is only supported for items in SharePoint Online and OneDrive for Business.

Exam Question 199

You have a Microsoft 365 subscription.
From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From Windows PowerShell, you run the New-ComplianceSecurityFilter cmdlet with the appropriate parameters.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
A. Yes

Exam Question 200

You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.

Name Member of
User1 Group1
User2 Group1, Group2

The domain contains the devices shown in the following table.

Name Compliance status
Device1 Compliant
Device2 Noncompliant

The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.

Name Includes Excludes Device state includes Device state excludes Grant
Policy1 Group1 None All device states Device marked as compliant Block access
Policy2 Group1 Group2 None None Block access
Policy3 Group1 None All device states None Grant access

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • User1 can access App1 from Device1.
  • User2 can access App1 from Device1.
  • User2 can access App1 from Device2.

Correct Answer:

  • User1 can access App1 from Device1: No
  • User2 can access App1 from Device1: No
  • User2 can access App1 from Device2: No

Answer Description:
Note: Block access overrides Grant access