MS-101 Microsoft 365 Mobility and Security Exam Questions and Answers – Page 3

The latest MS-101 Microsoft 365 Mobility and Security certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the MS-101 Microsoft 365 Mobility and Security exam and earn MS-101 Microsoft 365 Mobility and Security certification.

Exam Question 221

You have a Microsoft Azure Active Directory (Azure AD) tenant named sk180818.onmicrosoft.com. The tenant contains the users shown in the following table.

NameUsernameType
User1User1@sk180818.onmicrosoft.comMember
User2User2@sk180818.onmicrosoft.comMember
User3User3@sk180818.onmicrosoft.comMember
User4User4@gmail.comGuest

In Azure Information Protection, you create a label named Label1 as shown in the following exhibit.
In Azure Information Protection, you create a label named Label1 as shown in the following exhibit.
Label1 is applied to a file named File1.
You send File1 as an email attachment to User1, User2, User3, and User4.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • User2 can modify File1.
  • User3 can print File1.
  • User4 can read File1.

Correct Answer:

  • User2 can modify File1: Yes
  • User3 can print File1: No
  • User4 can read File1: No

Exam Question 222

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
The company stores 2 TBs of data in SharePoint Online document libraries.
The tenant has the labels shown in the following table.

NameType
Label1Sensitivity label
Label2Retention label
Label3Azure Information Protection label

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

  • Label1 can now be used as a sensitivity label or an Azure Information Protection label.
  • Label2 can now be used as a retention label or an Azure Information Protection label.
  • Label3 can now be used as a sensitivity label or an Azure Information Protection label.

Correct Answer:

  • Label1 can now be used as a sensitivity label or an Azure Information Protection label: Yes
  • Label2 can now be used as a retention label or an Azure Information Protection label: No
  • Label3 can now be used as a sensitivity label or an Azure Information Protection label: Yes

Exam Question 223

You create a Microsoft 365 subscription.
Your company’s privacy policy states that user activities must NOT be audited.
You need to disable audit logging in Microsoft 365.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Correct Answer:
Set-AdminAuditLogConfig -UnifiedAuditLogingestionEnabled $false

Exam Question 224

You have a Microsoft 365 E5 tenant that contains the resources shown in the following table.

NameType
Mailbox1Microsoft Exchange Online mailbox
Account1Microsoft OneDrive account
Site1Microsoft SharePoint Online site
ChannelMicrosoft Teams channel

To which resources can you apply a sensitivity label by using an auto-labeling policy?

A. Mailbox1 and Site1 only
B. Mailbox1, Account1, and Site1 only
C. Account1 and Site1 only
D. Mailbox1, Account1, Site1, and Channel1
E. Account1, Site1, and Channel1 only
Correct Answer:
E. Account1, Site1, and Channel1 only

Exam Question 225

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

NameMailbox size
User15 MB
User215 MB
User325 MB
User455 MB

You have a Microsoft Office 365 retention label named Retention1 that is published to Exchange email.
You have a Microsoft Exchange Online retention policy that is applied to all mailboxes. The retention policy contains a retention tag named Retention2.
Which users can assign Retention1 and Retention2 to their emails? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Users who can assign Retention1:

  • User4 only
  • User3 and User4 only
  • User2, User3, and User4 only
  • User1, User2, User3, and User4

Users who can assign Retention2:

  • User4 only
  • User3 and User4 only
  • User2, User3, and User4 only
  • User1, User2, User3, and User4

Correct Answer:

  • Users who can assign Retention1: User2, User3, and User4 only
  • Users who can assign Retention2: User2, User3, and User4 only

Exam Question 226

You have a Microsoft 365 subscription.
You need to grant a user named User1 access to download compliance reports from the Security &
Compliance admin center. The solution must use the principle of least privilege.
What should you do?

A. Add User1 to the Service Assurance User role group.
B. Create a new role group that has the Preview role and add User1 to the role group.
C. Add User1 to the Compliance Administrator role group.
D. Add User1 to the Security Reader role group.
Correct Answer:
D. Add User1 to the Security Reader role group.

Manage Microsoft 365 governance and compliance: Testlet 2: Case Study

Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.

LocationEmployeesLaptopsDesktopsMobile devices
Montreal2,5002,8003003,100
Seattle1,0001,1002001,500
New York30032030400

Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment

The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

NameConfiguration
Server1Domain controller
Server2Member server
Server3Network Policy Server (NPS)server
Server4Remote access server
Server5Microsoft Azure AD Connect server

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

NameAzure AD role
User1None
User2Application administrator
User3Cloud application administrator
User4Global administrator
User5Intune administrator

The domain also includes a group named Group1.

Requirements

Planned Changes

Contoso plans to implement the following changes:

  • Implement Microsoft 365.
  • Manage devices by using Microsoft Intune.
  • Implement Azure Advanced Threat Protection (ATP).
  • Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.

Technical Requirements

Contoso identifies the following technical requirements:

  • When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automatically.
  • Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.
  • User1 must be able to enroll all the New York office mobile devices in Intune.
  • Azure ATP sensors must be installed and must NOT use port mirroring.
  • Whenever possible, the principle of least privilege must be used.
  • A Microsoft Store for Business must be created.

Compliance Requirements

Contoso identifies the following compliance requirements:

  • Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.
  • Configure Windows Information Protection (WIP) for the Windows 10 devices.

Exam Question 227

You need to meet the compliance requirements for the Windows 10 devices.
What should you create from the Endpoint Management admin center?

A. a device compliance policy
B. a device configuration profile
C. an app protection policy
D. an app configuration policy
Correct Answer:
C. an app protection policy

Manage Microsoft 365 governance and compliance: Testlet 3: Case Study

Overview

ADatum Corporation is an international financial services company that has 5,000 employees.
ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy.
All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet.

Existing Environment

Current Infrastructure

ADatum recently purchased a Microsoft 365 subscription.
All user files are migrated to Microsoft 365.
All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, user1@us.adatum.com or user2@uk.adatum.com.
Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
ADatum uses and processes Personally Identifiable Information (PII).

Problem Statements

ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365.

Requirements

Business Goals

ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
ADatum wants to minimize the cost of hardware and software whenever possible.

Technical Requirements

ADatum identifies the following technical requirements:

  • Centrally perform log analysis for all offices.
  • Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
  • Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
  • Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
  • Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
  • If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user’s user account.
  • A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign in is high risk.
  • Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.

Exam Question 228

Which report should the New York office auditors view?

A. DLP incidents
B. Top Senders and Recipients
C. DLP false positives and overrides
D. DLP policy matches
Correct Answer:
A. DLP incidents

Exam Question 229

You need to meet the technical requirement for the EU PII data.
What should you create?

A. a data loss prevention (DLP) policy from the Security & Compliance admin center
B. a data loss prevention (DLP) policy from the Exchange admin center
C. a retention policy from the Exchange admin center
D. a retention policy from the Security & Compliance admin center
Correct Answer:
D. a retention policy from the Security & Compliance admin center

Exam Question 230

You need to protect the U.S. PII data to meet the technical requirements.
What should you create?

A. a data loss prevention (DLP) policy that contains a domain exception
B. a Security & Compliance retention policy that detects content containing sensitive data
C. a Security & Compliance alert policy that contains an activity
D. a data loss prevention (DLP) policy that contains a user override
Correct Answer:
C. a Security & Compliance alert policy that contains an activity