Skip to Content

MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 3

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers

Exam Question 201

You have a Microsoft 365 subscription.
You need to create a data loss prevention (DLP) policy that is configured to use the Set headers action.
To which location can the policy be applied?

A. OneDrive accounts
B. Exchange email
C. Teams chat and channel messages
D. SharePoint sites
Correct Answer:
B. Exchange email

Exam Question 202

You enable the Azure AD Identity Protection weekly digest email.
You create the users shown in the following table.

Name Role
User1 Security reader
User2 User administrator
User3 Security administrator
User4 Compliance administrator

Which users will receive the weekly digest email automatically?

A. Admin2, Admin3, and Admin4 only
B. Admin1, Admin2, Admin3, and Admin4
C. Admin2 and Admin3 only
D. Admin3 only
E. Admin1 and Admin3 only
Correct Answer:
E. Admin1 and Admin3 only
Answer Description:
By default, all Global Admins receive the email. Any newly created Global Admins, Security Readers or Security Administrators will automatically be added to the recipients list.

Exam Question 203

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
A user named User1 has files on a Windows 10 device as shown in the following table.

Name Text in file
File1.docx Importing and exporting is easy. For import, you need a source, and for export, you need a destination.
File2.docx You must declare what you want to import. Dangerous items cannot be imported. If you want to import valuables, you must pay customs.
File3.docx IM are initials for instant messaging. You can use Microsoft Skype for IM, but there are also other IM programs.

In Azure Information Protection, you create a label named Label1 that is configured to apply automatically.
Label1 is configured as shown in the following exhibit.
In Azure Information Protection, you create a label named Label1 that is configured to apply automatically.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • Label1 applied to File1.docx.
  • Label1 applied to File2.docx.
  • Label1 applied to File3.docx.

Correct Answer:

  • Label1 applied to File1.docx: No
  • Label1 applied to File2.docx: Yes
  • Label1 applied to File3.docx: No

Answer Description:
The phrase to match is “im” and it is case sensitive. The phrase must also appear at least twice.
Box 1: No
File1.docx contain the word “import” once only
Box 2: Yes
File2.docx contains two occurrences of the word “import” as well as the word “imported”
Box 3: No
File3.docx contains “IM” but his is not the correct letter case.

Exam Question 204

You have a Microsoft 365 subscription that uses a default domain named contoso.com.
Three files were created on February 1, 2019, as shown in the following table.

Name Stored in
File1 Microsoft OneDrive
File2 A Microsoft SharePoint library
File3 Microsoft Exchange Online email

On March 1, 2019, you create two retention labels named Label1 and Label2.
The settings for Lable1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)
The settings for Lable1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)
The settings for Lable2 are configured as shown in the Label2 exhibit. (Click the Label2 tab.)
The settings for Lable2 are configured as shown in the Label2 exhibit. (Click the Label2 tab.)
You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • File1 will be deleted automatically on February 1, 2020.
  • If User1 does not complete the disposition review within 90 days of receiving then notification, File2 will be deleted automatically after February 1, 2021.
  • File3 will be deleted automatically after February 1, 2021.

Correct Answer:

  • File1 will be deleted automatically on February 1, 2020: No
  • If User1 does not complete the disposition review within 90 days of receiving then notification, File2 will be deleted automatically after February 1, 2021: No
  • File3 will be deleted automatically after February 1, 2021: No

Answer Description:
Box 1: No
Retention overrides deletion.
Box 2: No
Content in a document library will be moved to the first-stage Recycle Bin within 7 days of disposition, and then
permanently deleted another 93 days after that. Thus 100 days in total.
Box 3: No
Items in an Exchange mailbox will be permanently deleted within 14 days of disposition.

Exam Question 205

You have a Microsoft 365 subscription.
In the Exchange admin center, you have a data loss prevention (DLP) policy named Policy1 that has the following configurations:

  • Block emails that contain financial data.
  • Display the following policy tip text: Message blocked.

From the Security & Compliance admin center, you create a DLP policy named Policy2 that has the following configurations:

  • Use the following location: Exchange email.
  • Display the following policy tip text: Message contains sensitive data.
  • When a user sends an email, notify the user if the email contains health records.

What is the result of the DLP policies when the user sends an email? To answer, drag the appropriate results to the correct scenarios. Each result may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Results:

  • The email will be blocked, and the user will receive the policy tip: Message blocked.
  • The email will be blocked, and the user will receive the policy tip: Message contains sensitive data.
  • The email will be allowed, and the user will receive the policy tip: Message blocked.
  • The email will be allowed, and the user will receive the policy tip: Message contains sensitive data.
  • The email will be allowed, and a message policy tip will NOT be displayed.

Answer area:

  • When the user sends an email that contains financial data and health records.
  • When the user sends an email that contains only financial data.

Correct Answer:

  • When the user sends an email that contains financial data and health records: The email will be blocked, and the user will receive the policy tip: Message blocked.
  • When the user sends an email that contains only financial data: The email will be allowed, and the user will receive the policy tip: Message contains sensitive data.

Answer Description:
Box 1: The email will be blocked, and the user will receive the policy tip: Message blocked.
If you’ve created DLP policies in the Exchange admin center, those policies will continue to work side by side with any policies for email that you create in the Security & Compliance Center. But note that rules created in the Exchange admin center take precedence. All Exchange mail flow rules are processed first, and then the DLP rules from the Security & Compliance Center are processed.
Box 2: The email will be allowed, and the user will receive the policy tip: Message contains sensitive data.

Exam Question 206

Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD). The domain contains the servers shown in the following table.

Name Operating system Configuration
Server1 Windows Server 2016 File Server Resource Manager (FSRM)
Server2 Windows Server 2016 None

You use Azure Information Protection.
You need to ensure that you can apply Azure Information Protection labels to the file stores on Server1.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

  • Authorize Server1.
  • Install the Microsoft Right Management connector on Server2.
  • Install a certificate on Server2.
  • Install a certificate on Server1.
  • Register a service principal name for Server1.
  • Run GenConnectorConfig.ps1 on Server1.
  • Run GenConnectorConfig.ps1 on Server2.

Correct Answer:

  • Install a certificate on Server2.
  • Install a certificate on Server1.
  • Register a service principal name for Server1.
  • Run GenConnectorConfig.ps1 on Server2.

Exam Question 207

You have a Microsoft 365 E5 subscription.
Users have the devices shown in the following table.

Name Platform Owner Enrolled in Microsoft Endpoint Manager
Device1 Android User1 Yes
Device2 Android User1 No
Device3 iOS User1 No
Device4 Windows 10 User2 Yes
Device5 Windows 10 User2 No
Device6 iOS User2 Yes

On which devices can you manage apps by using app configuration policies in Microsoft Endpoint Manager?

A. Device1, Device4, and Device6
B. Device2, Device3, and Device5
C. Device1, Device2, Device3, and Device6
D. Device1, Device2, Device4, and Device5
Correct Answer:
C. Device1, Device2, Device3, and Device6
Answer Description:
You can create and use app configuration policies to provide configuration settings for both iOS/iPadOS or Android apps on devices that are and are not enrolled in Microsoft Endpoint Manager.

Exam Question 208

You have a Microsoft 365 subscription.
From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
B. No

Exam Question 209

You have a Microsoft 365 subscription.
From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From the Security & Compliance admin center, you modify the roles of the US eDiscovery Managers role group.
Does this meet the goal?

A. Yes
B. No
Correct Answer:
B. No

Exam Question 210

You have a Microsoft 365 E5 subscription that contains two users named Admin1 and Admin2.
All users are assigned a Microsoft 365 Enterprise E5 license and auditing is turned on.
You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)
You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)
After Policy1 is created, the following actions are performed:

  • Admin1 creates a user named User1.
  • Admin2 creates a user named User2.

How long will the audit events for the creation of User1 and User2 be retained? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

User1:

  • 0 days
  • 30 days
  • 90 days
  • 180 days
  • 365 days

User2:

  • 0 days
  • 30 days
  • 90 days
  • 180 days
  • 365 days

Correct Answer:

  • User1: 90 days
  • User2: 365 days