The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.
Exam Question 221
You have a Microsoft Azure Active Directory (Azure AD) tenant named sk180818.onmicrosoft.com. The tenant contains the users shown in the following table.
| Name | Username | Type |
|---|---|---|
| User1 | [email protected] | Member |
| User2 | [email protected] | Member |
| User3 | [email protected] | Member |
| User4 | [email protected] | Guest |
In Azure Information Protection, you create a label named Label1 as shown in the following exhibit.
Label1 is applied to a file named File1.
You send File1 as an email attachment to User1, User2, User3, and User4.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- User2 can modify File1.
- User3 can print File1.
- User4 can read File1.
Correct Answer:
- User2 can modify File1: Yes
- User3 can print File1: No
- User4 can read File1: No
Exam Question 222
Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
The company stores 2 TBs of data in SharePoint Online document libraries.
The tenant has the labels shown in the following table.
| Name | Type |
|---|---|
| Label1 | Sensitivity label |
| Label2 | Retention label |
| Label3 | Azure Information Protection label |
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- Label1 can now be used as a sensitivity label or an Azure Information Protection label.
- Label2 can now be used as a retention label or an Azure Information Protection label.
- Label3 can now be used as a sensitivity label or an Azure Information Protection label.
Correct Answer:
- Label1 can now be used as a sensitivity label or an Azure Information Protection label: Yes
- Label2 can now be used as a retention label or an Azure Information Protection label: No
- Label3 can now be used as a sensitivity label or an Azure Information Protection label: Yes
Exam Question 223
You create a Microsoft 365 subscription.
Your company’s privacy policy states that user activities must NOT be audited.
You need to disable audit logging in Microsoft 365.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:
Set-AdminAuditLogConfig -UnifiedAuditLogingestionEnabled $false
Exam Question 224
You have a Microsoft 365 E5 tenant that contains the resources shown in the following table.
| Name | Type |
|---|---|
| Mailbox1 | Microsoft Exchange Online mailbox |
| Account1 | Microsoft OneDrive account |
| Site1 | Microsoft SharePoint Online site |
| Channel | Microsoft Teams channel |
To which resources can you apply a sensitivity label by using an auto-labeling policy?
A. Mailbox1 and Site1 only
B. Mailbox1, Account1, and Site1 only
C. Account1 and Site1 only
D. Mailbox1, Account1, Site1, and Channel1
E. Account1, Site1, and Channel1 only
Correct Answer:
E. Account1, Site1, and Channel1 only
Exam Question 225
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
| Name | Mailbox size |
|---|---|
| User1 | 5 MB |
| User2 | 15 MB |
| User3 | 25 MB |
| User4 | 55 MB |
You have a Microsoft Office 365 retention label named Retention1 that is published to Exchange email.
You have a Microsoft Exchange Online retention policy that is applied to all mailboxes. The retention policy contains a retention tag named Retention2.
Which users can assign Retention1 and Retention2 to their emails? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Users who can assign Retention1:
- User4 only
- User3 and User4 only
- User2, User3, and User4 only
- User1, User2, User3, and User4
Users who can assign Retention2:
- User4 only
- User3 and User4 only
- User2, User3, and User4 only
- User1, User2, User3, and User4
Correct Answer:
- Users who can assign Retention1: User2, User3, and User4 only
- Users who can assign Retention2: User2, User3, and User4 only
Exam Question 226
You have a Microsoft 365 subscription.
You need to grant a user named User1 access to download compliance reports from the Security &
Compliance admin center. The solution must use the principle of least privilege.
What should you do?
A. Add User1 to the Service Assurance User role group.
B. Create a new role group that has the Preview role and add User1 to the role group.
C. Add User1 to the Compliance Administrator role group.
D. Add User1 to the Security Reader role group.
Correct Answer:
D. Add User1 to the Security Reader role group.
Manage Microsoft 365 governance and compliance: Testlet 2: Case Study
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.
| Location | Employees | Laptops | Desktops | Mobile devices |
|---|---|---|---|---|
| Montreal | 2,500 | 2,800 | 300 | 3,100 |
| Seattle | 1,000 | 1,100 | 200 | 1,500 |
| New York | 300 | 320 | 30 | 400 |
Contoso recently purchased a Microsoft 365 E5 subscription.
Existing Environment
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.
| Name | Configuration |
|---|---|
| Server1 | Domain controller |
| Server2 | Member server |
| Server3 | Network Policy Server (NPS)server |
| Server4 | Remote access server |
| Server5 | Microsoft Azure AD Connect server |
All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.
| Name | Azure AD role |
|---|---|
| User1 | None |
| User2 | Application administrator |
| User3 | Cloud application administrator |
| User4 | Global administrator |
| User5 | Intune administrator |
The domain also includes a group named Group1.
Requirements
Planned Changes
Contoso plans to implement the following changes:
- Implement Microsoft 365.
- Manage devices by using Microsoft Intune.
- Implement Azure Advanced Threat Protection (ATP).
- Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.
Technical Requirements
Contoso identifies the following technical requirements:
- When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically.
- Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.
- User1 must be able to enroll all the New York office mobile devices in Intune.
- Azure ATP sensors must be installed and must NOT use port mirroring.
- Whenever possible, the principle of least privilege must be used.
- A Microsoft Store for Business must be created.
Compliance Requirements
Contoso identifies the following compliance requirements:
- Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.
- Configure Windows Information Protection (WIP) for the Windows 10 devices.
Exam Question 227
You need to meet the compliance requirements for the Windows 10 devices.
What should you create from the Endpoint Management admin center?
A. a device compliance policy
B. a device configuration profile
C. an app protection policy
D. an app configuration policy
Correct Answer:
C. an app protection policy
Manage Microsoft 365 governance and compliance: Testlet 3: Case Study
Overview
ADatum Corporation is an international financial services company that has 5,000 employees.
ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy.
All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet.
Existing Environment
Current Infrastructure
ADatum recently purchased a Microsoft 365 subscription.
All user files are migrated to Microsoft 365.
All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements
ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365.
Requirements
Business Goals
ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements
ADatum identifies the following technical requirements:
- Centrally perform log analysis for all offices.
- Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
- Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
- Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
- Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
- If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user’s user account.
- A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign in is high risk.
- Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
Exam Question 228
Which report should the New York office auditors view?
A. DLP incidents
B. Top Senders and Recipients
C. DLP false positives and overrides
D. DLP policy matches
Correct Answer:
A. DLP incidents
Exam Question 229
You need to meet the technical requirement for the EU PII data.
What should you create?
A. a data loss prevention (DLP) policy from the Security & Compliance admin center
B. a data loss prevention (DLP) policy from the Exchange admin center
C. a retention policy from the Exchange admin center
D. a retention policy from the Security & Compliance admin center
Correct Answer:
D. a retention policy from the Security & Compliance admin center
Exam Question 230
You need to protect the U.S. PII data to meet the technical requirements.
What should you create?
A. a data loss prevention (DLP) policy that contains a domain exception
B. a Security & Compliance retention policy that detects content containing sensitive data
C. a Security & Compliance alert policy that contains an activity
D. a data loss prevention (DLP) policy that contains a user override
Correct Answer:
C. a Security & Compliance alert policy that contains an activity