The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.
Exam Question 211
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You sign for Microsoft Store for Business.
The tenant contains the users shown in the following table.
| Name | Microsoft Store for Business role | Azure AD role |
|---|---|---|
| User1 | Purchaser | None |
| User2 | Basic Purchaser | None |
| User3 | None | Application administrator |
| User4 | None | Cloud application administrator |
Microsoft Store for Business has the following Shopping behavior settings:
- Allow users to shop is set to On
- Make everyone a Basic Purchaser is set to Off
You need to identify which users can install apps from the Microsoft for Business private store.
Which users should you identify?
A. User3 only
B. User1 only
C. User1 and User2 only
D. User3 and User4 only
Correct Answer:
C. User1 and User2 only
Answer Description:
Allow users to shop controls the shopping experience in Microsoft Store for Education. When this setting is on, Purchasers and Basic Purchasers can purchase products and services from Microsoft Store for Education.
Exam Question 212
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant
named contoso.com.
In the tenant, you create a user named User1.
You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege.
To which role group should you add User1?
A. Security Administrator
B. Records Management
C. Compliance Administrator
D. eDiscovery Manager
Correct Answer:
B. Records Management
Exam Question 213
You plan to use the Security & Compliance admin center to import several PST files into Microsoft 365
mailboxes.
Which three actions should you perform before you import the data? Each correct answer presents part of the
solution.
NOTE: Each correct selection is worth one point.
A. From the Exchange admin center, create a public folder.
B. Copy the PST files by using AzCopy.
C. From the Exchange admin center, assign admin roles.
D. From the Microsoft Azure portal, create a storage account that has a blob container.
E. From the Microsoft 365 admin center, deploy an add-in.
F. Create a mapping file that uses the CSV file format.
Correct Answer:
B. Copy the PST files by using AzCopy.
C. From the Exchange admin center, assign admin roles.
F. Create a mapping file that uses the CSV file format.
Exam Question 214
You have a Microsoft 365 tenant.
You plan to create a retention policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Microsoft SharePoint files that are affected by the policy will be [answer choice].
- recoverable for up to seven years
- deleted seven years after they were created
- retained for only seven years from when they were created
Once the policy is created, [answer choice].
- some data may be deleted immediately
- data will be retained for a minimum of seven years
- users will be prevented from permanently deleting email messages for seven years
Correct Answer:
- Microsoft SharePoint files that are affected by the policy will be [deleted seven years after they were created].
- Once the policy is created, [some data may be deleted immediately].
Exam Question 215
You deploy Microsoft Azure Information Protection.
You need to ensure that a security administrator named SecAdmin1 can always read and inspect data protected by Azure Rights Management (Azure RMS).
What should you do?
A. From the Security & Compliance admin center, add SecAdmin1 to the eDiscovery Manager role group.
B. From the Azure Active Directory admin center, add SecAdmin1 to the Security Reader role group.
C. From the Security & Compliance admin center, add SecAdmin1 to the Compliance Administrator role group.
D. From Windows PowerShell, enable the super user feature and assign the role to SecAdmin1.
Correct Answer:
D. From Windows PowerShell, enable the super user feature and assign the role to SecAdmin1.
Answer Description:
The super user feature of the Azure Rights Management service from Azure Information Protection ensures that authorized people and services can always read and inspect the data that Azure Rights Management protects for your organization. However, the super user feature is not enabled by default. The PowerShell cmdlet Enable-AadrmSuperUserFeature is used to manually enable the super user feature.
Exam Question 216
You have a new Microsoft 365 subscription.
You need to prevent users from sending email messages that contain Personally Identifiable Information (PII).
Solution: From the Cloud App Security admin center, you create an access policy.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Exam Question 217
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You create an Azure Advanced Threat Protection (ATP) workspace named Workspace1.
The tenant contains the users shown in the following table.
| Name | Member of group | Azure AD role |
|---|---|---|
| User1 | Azure ATP Workspace1 Administrators | None |
| User2 | Azure ATP Workspace1 Users | None |
| User3 | None | Security administrator |
| User4 | Azure ATP Workspace1 Users | Global administrator |
You need to modify the configuration of the Azure ATP sensors.
Solution: You instruct User4 to modify the Azure ATP sensor configuration.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
A. Yes
Answer Description:
Only Azure ATP administrators can modify the sensors.
Any global administrator or security administrator on the tenant’s Azure Active Directory is automatically an Azure ATP administrator.
Exam Question 218
From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)
What will be excluded from the export?
A. a 10-MB XLSX file
B. a 5-MB MP3 file
C. a 75-MB PDF file
D. a 60-MB DOCX file
Correct Answer:
B. a 5-MB MP3 file
Exam Question 219
You have a Microsoft 365 subscription.
All users have their email stored in Microsoft Exchange Online.
In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX.
What should you do?
A. From Microsoft Cloud App Security, create an activity policy.
B. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
C. From the Exchange admin center, start a mail flow message trace.
D. From the Security & Compliance admin center, create an eDiscovery case.
Correct Answer:
D. From the Security & Compliance admin center, create an eDiscovery case.
Exam Question 220
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You create an Azure Advanced Threat Protection (ATP) workspace named Workspace1.
The tenant contains the users shown in the following table.
| Name | Member of group | Azure AD role |
|---|---|---|
| User1 | Azure ATP Workspace1 Administrators | None |
| User2 | Azure ATP Workspace1 Users | None |
| User3 | None | Security administrator |
| User4 | Azure ATP Workspace1 Users | Global administrator |
You need to modify the configuration of the Azure ATP sensors.
Solution: You instruct User3 to modify the Azure ATP sensor configuration.
Does this meet the goal?
A. Yes
B. No
Correct Answer:
B. No
Answer Description:
Only Azure ATP administrators can modify the sensors.
Any global administrator or security administrator on the tenant’s Azure Active Directory is automatically an Azure ATP administrator.