Skip to Content

MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 2

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

Exam Question 111

You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table.

Name Member of
User1 Group1
User2 Group2
User3 Group3

Group3 is a member of Group1.
Your company uses Microsoft Defender Advanced Threat Protection (ATP). Microsoft Defender ATP contains the roles shown in the following table.

Name Permission Assigned user group
Microsoft Defender ATP administrator (default) View data, Alerts investigation, Active remediation actions, Manage security settings None
Role1 View data, Alerts investigation Group1
Role2 View data Group2

Microsoft Defender ATP contains the device groups shown in the following table.

Rank Machine group Machine User access
1 ATP1 Device1 Group1
Last Ungrouped machines (default) Device2 None

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • User1 can view Device1 in Microsoft Defender Security Center.
  • User2 can sign in to Microsoft Defender Security Center.
  • User3 can view Device1 in Microsoft Defender Security Center.

Correct Answer:

  • User1 can view Device1 in Microsoft Defender Security Center: Yes
  • User2 can sign in to Microsoft Defender Security Center: No
  • User3 can view Device1 in Microsoft Defender Security Center: Yes

Exam Question 112

Your company uses Microsoft Cloud App Security.
You plan to integrate Cloud App Security and security information and event management (SIEM).
You need to deploy a SIEM agent on a server that runs Windows Server 2016.
What should you do? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.

First action to perform:

  • Install Java 8.
  • Install Microsoft .NET Framework 3.5
  • Add the Setup and Boot Event Collection feature.

Second action to perform:

  • Run the Set-MMagent cmdlet.
  • Add the Setup and Boot Event Collection feature.
  • Run the java command and specify the -jar parameter.
  • Run the Install-WindowsFeature cmdlet and specify the -source parameter.

Correct Answer:

  • First action to perform: Install Java 8.
  • Second action to perform: Run the java command and specify the -jar parameter.

Exam Question 113

From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the following exhibit.
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

To require multi-factor authentication when signing in to unfamiliar locations, you must create a [answer choice].

  • named location in Azure AD
  • sign-in risk policy
  • user risk policy

To avoid generating alerts when signing in to the Montreal location, create [answer choice].

  • a named location in Azure AD
  • a sign-in risk policy
  • a user risk policy

Correct Answer:

  • To require multi-factor authentication when signing in to unfamiliar locations, you must create a [sign-in risk policy].
  • To avoid generating alerts when signing in to the Montreal location, create [a named location in Azure AD].

Exam Question 114

Your company uses Microsoft Azure Advanced Threat Protection (ATP) and Microsoft Defender ATP.
You need to integrate Microsoft Defender ATP and Azure ATP.
What should you do?

A. From Azure ATP, configure the notifications and reports.
B. From Azure ATP, configure the data sources.
C. From Microsoft Defender Security Center, configure the Machine management settings.
D. From Microsoft Defender Security Center, configure the General settings.
Correct Answer:
B. From Azure ATP, configure the data sources.

Exam Question 115

You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table.

Name Member of
User1 Group1
User2 Group2
User3 Group3

Group3 is a member of Group1.
Your company uses Microsoft Defender Advanced Threat Protection (ATP). Microsoft Defender ATP contains the roles shown in the following table.

Name Permission Assigned user group
Microsoft Defender ATP administrator (default) View data, Alerts investigation, Active remediation actions, Manage security settings Group3
Role1 View data, Alerts investigation Group1
Role2 View data Group2

Microsoft Defender ATP contains the device groups shown in the following table.

Rank Machine group Machine User access
1 ATP1 Device1 Group1
Last Ungrouped machines (default) Device2 Group2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • User1 can run an antivirus scan on Device2.
  • User2 can collect an investigation package from Device2.
  • User3 can isolate Device1.

Correct Answer:

  • User1 can run an antivirus scan on Device2: No
  • User2 can collect an investigation package from Device2: No
  • User3 can isolate Device1: Yes

Exam Question 116

You have a Microsoft 365 subscription. All client devices are managed by Microsoft Endpoint Manager.
You need to implement Microsoft Defender Advanced Threat Protection (ATP) for all the supported devices enrolled in mobile device management (MDM).
What should you include in the device configuration profile? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Platform:

  • Android
  • iOS
  • Windows 10 and later
  • Windows 8.1 and later

Settings:

  • Offboard package
  • Onboard package
  • Windows Defender Application Guard
  • Windows Defender Firewall

Correct Answer:

  • Platform: Windows 10 and later
  • Settings: Onboard package

Exam Question 117

You have a Microsoft 365 subscription.
Your company purchases a new financial application named App1.
From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that many applications have a low score because they are missing information about domain registration and consumer popularity.
You need to prevent the missing information from affecting the App1 score.
What should you configure from the Cloud Discover settings?

A. Organization details
B. Default behavior
C. Score metrics
Correct Answer:
D. App tags

Exam Question 118

You have a Microsoft 365 E5 subscription.
You need to be notified if users receive email containing a file that has a virus.
What should you do?

A. From the Exchange admin center, create an in-place eDiscovery & hold.
B. From the Exchange admin center, create a spam filter policy.
C. From the Exchange admin center, create an anti-malware policy.
D. From the Exchange admin center, create a mail flow rule.
Correct Answer:
C. From the Exchange admin center, create an anti-malware policy.

Exam Question 119

You have a Microsoft 365 subscription that links to an Azure Active Directory (Azure AD) tenant named
contoso.onmicrosoft.com.
A user named User1 stores documents in Microsoft OneDrive.
You need to place the contents of User1’s OneDrive account on an eDiscovery hold.
Which URL should you use for the eDiscovery hold? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:
https://contoso-my.sharepoint.com/personal/User1_contoso_onmicrosoft_com

Exam Question 120

You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains a group named Group1 and the users shown in the following table:

Name Role
Admin1 Conditional Access administrator
Admin2 Security administrator
Admin3 User administrator

The tenant has a conditional access policy that has the following configurations:

  • Name: Policy1
  • Assignments:
    • Users and groups: Group1
    • Cloud aps or actions: All cloud apps
  • Access controls:
  • Grant, require multi-factor authentication
  • Enable policy: Report-only

You set Enabled Security defaults to Yes for the tenant.
For each of the following settings select Yes, if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • Admin1 can set Enable policy for Policy1 to On.
  • Admin2 can set Enable policy for Policy1 to Off.
  • Admin3 can set Users and groups for for Policy1 to All users.

Correct Answer:

  • Admin1 can set Enable policy for Policy1 to On: Yes
  • Admin2 can set Enable policy for Policy1 to Off: Yes
  • Admin3 can set Users and groups for for Policy1 to All users: Yes

Answer Description:
Report-only mode is a new Conditional Access policy state that allows administrators to evaluate the impact of Conditional Access policies before enabling them in their environment. With the release of report-only mode:

  • Conditional Access policies can be enabled in report-only mode.
  • During sign-in, policies in report-only mode are evaluated but not enforced.
  • Results are logged in the Conditional Access and Report-only tabs of the Sign-in log details.
  • Customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the Conditional Access insights workbook.