Certification Exam Prep Questions For Microsoft (MS-101) Microsoft 365 Mobility and Security


QuickStart is now offering assessment questions for Microsoft (MS-101) Microsoft 365 Mobility and Security Whether you are deciding which exam to sign up for, or simply want to practice the materials necessary to complete certification for this course, we have provided a practice assessment to better aid in certification. 100% of the questions are real questions; from a recent version of the test you will take for Microsoft (MS-101) Microsoft 365 Mobility and Security


Arrow
 

1

Your company is concerned about potential security risks to cloud-based applications. You enable Azure Active Directory (Azure AD) Identity Protection for your Azure AD Premium tenant. When a potential user sign-in risk is detected, the user should be forced to sign-in using multi-factor authentication (MFA). You need to determine the best way to accomplish this. Solution: You configure an Azure AD Conditional Access policy. Does this solution meet the goal?

A. Yes
Correct!
B. No
Incorrect.
2

Your company is concerned about potential security risks to cloud-based applications. You enable Azure Active Directory (Azure AD) Identity Protection for your Azure AD Premium tenant. When a potential user sign-in risk is detected, the user should be forced to sign-in using multi-factor authentication (MFA). You need to determine the best way to accomplish this. Solution: You configure an Intune Compliance policy. Does this solution meet the goal?

A. Yes
Incorrect.
B. No
Correct!
3

Your company is concerned about potential security risks to cloud-based applications. You enable Azure Active Directory (Azure AD) Identity Protection for your Azure AD Premium tenant. When a potential user sign-in risk is detected, the user should be forced to sign-in using multi-factor authentication (MFA). You need to determine the best way to accomplish this. Solution: You configure a Security & Compliance Data Loss Prevention (DLP) policy. Does this solution meet the goal?

A. Yes
Incorrect.
B. No
Correct!
4

Your company has an on-premises Windows Active Directory domain. Domain client computers run Windows 8.1 or Windows 10. You use System Center Configuration Manager (Current Branch) to manage client computers. Your company has a Microsoft 365 E5 subscription. Domain client computers are hybrid joined to your Azure Active Directory (Azure AD) tenant. You need to upgrade computers running Windows 8.1 to Windows 10. You want to automate the process as much as possible. You want to migrate all compatible applications and data. Solution: You enable Windows Autopilot. Does this solution meet the goal?

5

Your company has an on-premises Windows Active Directory domain. Domain client computers run Windows 8.1 or Windows 10. You use System Center Configuration Manager (Current Branch) to manage client computers. Your company has a Microsoft 365 E5 subscription. Domain client computers are hybrid joined to your Azure Active Directory (Azure AD) tenant. You need to upgrade computers running Windows 8.1 to Windows 10. You want to automate the process as much as possible. You want to migrate all compatible applications and data. Solution: You create a Configuration Manager upgrade package task sequence. Does this solution meet the goal?

A. Yes
Correct!
B. No
Incorrect.
6

Your company has an on-premises Windows Active Directory domain. Domain client computers run Windows 8.1 or Windows 10. You use System Center Configuration Manager (Current Branch) to manage client computers. Your company has a Microsoft 365 E5 subscription. Domain client computers are hybrid joined to your Azure Active Directory (Azure AD) tenant. You need to upgrade computers running Windows 8.1 to Windows 10. You want to automate the process as much as possible. You want to migrate all compatible applications and data. Solution: You enable Windows Subscription Activation. Does this solution meet the goal?

7

Your network is configured as a Windows Active Directory (AD) domain. All domain clients and member servers are hybrid-joined to your Azure Active Directory (Azure AD) domain. All domain clients run Windows 10. Member servers run Windows Server 2012 R2 or Windows Server 2016. You configure System Center Configuration Manager (SCCM) and Intune co-management. Your company implements Windows Defender Advanced Threat Protection (ATP). You need to onboard all member servers and domain clients. Solution: You download an SCCM onboarding configuration package, configure a device collection with all target devices, and deploy the package. Does this solution meet the goal?

A. No
Incorrect.
B. Yes
Correct!
8

Your network is configured as a Windows Active Directory (AD) domain. All domain clients and member servers are hybrid-joined to your Azure Active Directory (Azure AD) domain. All domain clients run Windows 10. Member servers run Windows Server 2012 R2 or Windows Server 2016. You configure System Center Configuration Manager (SCCM) and Intune co-management. Your company implements Windows Defender Advanced Threat Protection (ATP). You need to onboard all member servers and domain clients. Solution: You download an SCCM onboarding configuration package, configure a device collection with all target devices, and deploy the package. Does this solution meet the goal?

A. Yes
Incorrect.
B. No
Correct!
9

Your network is configured as a Windows Active Directory (AD) domain. All domain clients and member servers are hybrid-joined to your Azure Active Directory (Azure AD) domain. All domain clients run Windows 10. Member servers run Windows Server 2012 R2 or Windows Server 2016. You configure System Center Configuration Manager (SCCM) and Intune co-management. Your company implements Windows Defender Advanced Threat Protection (ATP). You need to onboard all member servers and domain clients. Solution: You download a local script onboarding configuration package and run the script on each of the target computers. Does this solution meet the goal?

A. Yes
Correct!
B. No
Incorrect.
10

Your network is configured as a Windows Active Directory (AD) domain. All domain clients and member servers are hybrid-joined to your Azure Active Directory (Azure AD) domain. All domain clients run Windows 10. Member servers run Windows Server 2012 R2 or Windows Server 2016. You configure System Center Configuration Manager (SCCM) and Intune co-management. Your company implements Windows Defender Advanced Threat Protection (ATP). You need to onboard all member servers and domain clients. Solution: You download a local script onboarding configuration package and run the script on each of the target computers. Does this solution meet the goal?

A. No
Correct!
B. Yes
Incorrect.
11

Your network is configured as an Active Directory Domain Services (AD DS) domain. All domain users are synced with your Azure Active Directory (Azure AD) tenant. Your company has a Microsoft 365 E5 subscription and deploys Exchange Online. SharePoint Online, and OneDrive Online. Your company wants to improve its data security. You need to ensure that when content is detected to contain customer credit card information, the following actions are taken: • Email the user saving or emailing the content • Email the company compliance officer about the content • Restrict access to the content until it is reviewed by an administrator The solution should apply to Exchange Online, SharePoint Online, and OneDrive Online. Solution: You create an alert policy in the Security and Compliance Center. Does this solution meet the goal?

A. No
Correct!
B. Yes
Incorrect.
12

Your network is configured as an Active Directory Domain Services (AD DS) domain. All domain users are synced with your Azure Active Directory (Azure AD) tenant. Your company has a Microsoft 365 E5 subscription and deploys Exchange Online, SharePoint Online, and OneDrive Online. Your company wants to improve its data security. You need to ensure that when content is detected to contain customer credit card information, the following actions are taken: • Email the user saving or emailing the content • Email the company compliance officer about the content • Restrict access to the content until it is reviewed by an administrator The solution should apply to Exchange Online, SharePoint Online, and OneDrive Online. Solution: You create a data loss prevention (DLP) policy in the Security and Compliance Center. Does this solution meet the goal?

A. No
Incorrect.
B. Yes
Correct!
13

Your company has a Microsoft 365 E3 subscription, and all users are assigned a Microsoft 365 E3 license. You deploy Exchange Online, SharePoint Online, and Microsoft Teams. You enable auditing for your company in the Security & Compliance Center. You need to enable auditing for Exchange Online mailboxes for select users. What should you use?

A. Set-AdminAuditLogConfig
Incorrect.
B. Exchange admin center
Incorrect.
C. Set-Mailbox
Correct!
D. Exchange admin center
Incorrect.
14

Your network is configured as an Active Directory Domain Services (AD DS) domain. All domain users are synced with your Azure Active Directory (Azure AD) tenant. Your company has a Microsoft Enterprise Mobility + Security (EMS) E3 subscription. Your company implements Azure Information Protection (AIP) and uses Azure Rights Management. You configure on-premises Information Rights Management (IRM). You determine that Exchange Online is not currently integrated with AIP. You need to configure IRM integration with Exchange Online. What should you do?

15

Your network is configured as an Active Directory Domain Services (AD DS) domain. All domain users are synced with your Azure Active Directory (Azure AD) tenant. Your company has a Microsoft 365 E5 subscription. Your company implemented Azure Information Protection (AIP) and uses Azure Rights Management. You configure on-premises Information Rights Management (IRM). You need to configure IRM integration with SharePoint Online. What should you use?

16

Your company has a Windows Active Directory (AD) domain named company1.com that is synced with an Azure Active Directory (Azure AD) tenant. Your company has a Microsoft 365 subscription. You deploy Exchange Online for your company email. You have an email retention policy that applies to all user mailboxes to retain email items for five years. You configure legislative hold on select user mailboxes without specifying a hold duration. You need to determine what will happen when a held mailbox is deleted. What happens when a mailbox is deleted?

17

Your network is configured as a Windows Active Directory (AD) domain. Your company has an Enterprise Mobility + Security 5 (EMS E5) license. All domain member computers are hybrid-joined to Azure Active Directory (Azure AD). You create an Azure Advanced Threat Protection (ATP) instance using the default settings in Azure ATP portal. You need to collect traffic data from your domain controllers and forward the data to Azure ATP through one location. What should you install?

18

CompanyA has a Windows Enterprise Active Directory (AD) domain named companya.com. The domain includes approximately 2,000 member devices that run Windows 10. All member devices are hybrid joined to Azure Active Directory (Azure AD). All employees at CompanyA are licensed for Office 365 E3. You manage all Windows 10 devices using a third-party on-premises mobile device management (MDM) solution. You plan to configure integration between Azure AD and your on-premises MDM solution. You need to configure the Terms of Use endpoint that users are redirected to during enrollment. What should you do?

19

SchoolA has approximately 5,000 students, teachers. and staff. All students, teachers, and staff are licensed for Microsoft 365 A3. You plan to implement a new Cloud App security policy that monitors sign-in activity for Office 365. You need to enable app control for Office 365. Which policy do you need to configure?

20

Your company has a Microsoft 365 subscription and an Azure Active Directory (Azure AD) domain hybrid-joined to a Windows AD domain. The company is implementing retention policies to meet various legal and corporate policy requirements. Members of the Azure AD RetSec group will have rights to publish retention labels through Security and Compliance. You need to add RetSec to the role group that will give them the necessary rights. Your solution should use the principle of least privilege. To which group should you should add RetSec?

21

Your network is configured as an Active Directory Domain Services (AD DS) domain. All domain users are synced with your Azure Active Directory (Azure AD) tenant. Your company has a Microsoft 365 E5 subscription. You enable Azure AD Identity Protection (AIP) for your company. You configure sign-in risk policies for your company. You are concerned about how quickly risk information is reported. You need to identify which types of risk events have a reporting latency of 10 minutes or less. Which two risk events report in 10 minutes or less? Each correct answer presents part of the solution.

22

Your network is configured as an Active Directory Domain Services (AD DS) domain. All domain users are synced with your Azure Active Directory (Azure AD) tenant. Your company has a Microsoft 365 E5 subscription. You migrate your company email to Exchange Online. Your company uses Azure Information Protection (AIP). Azure Rights Management was activated by default when you set up AIR. You want to integrate AIP with your on-premises SharePoint and Windows file server resources. You need to configure your infrastructure to support the integration. What should you deploy?

23

Your network has a Windows Active Directory (AD) domain with all domain devices hybrid-joined to Azure Active Directory (Azure AD). Your company has a Microsoft 365 subscription. Your company plans a gradual deployment of Azure Information Protection (AIP) with a pilot rollout limited to one group of users. You need to ensure that only members of the AIPPilot group can use AIP to protect content. This should apply to both mobile devices and Windows domain clients. Which PowerShell cmdlet or feature should you use?

24

Your network is configured as a Windows Active Directory (AD) domain with multiple geographic locations. Network devices are hybrid-joined with your Azure Active Directory (Azure AD) tenant and enrolled in Intune. You enable Azure AD Identity Protection. You configure a sign-in risk policy with risky sign-in recovery. Users should be able to self-recover using multifactor authentication (MFA). You set a policy that requires users to set up their accounts for additional security verification through MFA. You need to provide as much grace time as possible for user to register for MFA. What is the maximum grace period

A. 14 days
Correct!
B. 60 days
Incorrect.
C. 7 days
Incorrect.
D. 30 days
Incorrect.
25

Your network is configured as a Windows Active Directory (AD) domain with domain members hybrid-joined to an Azure Active Directory (Azure AD) tenant. Your company has a Microsoft 365 E3 subscription. You migrate all domain users from an on-premises Exchange server to Exchange Online. You configure a retention policy that applies to all active user mailboxes. The policy includes the following retention tags: • Items that are 2 years old are automatically moved from a user's primary mailbox to the user's archive mailbox. • Items in the Deleted Items folder that are 5 years old are deleted automatically. • Items in the user's primary or archive mailbox are automatically permanently deleted. A user deletes an item from the Deleted Items folder. What happens to the item?

26

Your network is configured as a Windows Active Directory (AD) domain. Your company has an Enterprise Mobility + Security 5 (EMS E5) license. All domain member computers are hybrid-joined to Azure Active Directory (Azure AD) and are enrolled in Intune. All member computers run the System Center Configuration Manager (SCCM) client. Your company wants to use Azure Advanced Threat Protection (ATP) to identify, detect, and investigate threats from data collected from your on-premises AD. You need to develop a deployment plan for Azure ATP. You create an Azure ATP instance. What should you do next?

27

SchoolA has 250 devices that run Windows 10, version 1903. These devices are joined to a Windows Enterprise Active Directory (AD) domain and managed using System Center Configuration Manager (SCCM). The devices are assigned to teachers at SchoolA. All teachers users are licensed for Microsoft 365 A3. You plan to deploy Windows 10, version 1903. You implement Upgrade Readiness. All Windows 10 devices report they are compatible with You need to upgrade all existing Windows 8.1 devices to meet the following requirements: • Preserve all compatible user data, applications and settings. • Minimize internet traffic. • Minimize administrative effort. • Control where the feature update is deployed from. • Control when the feature update is deployed. version 1903. Windows 10, version 1903. Your solution needs to Which solution should you recommend?

28

Your network contains a Windows Active Directory (AD) domain. Your network includes 2000 client computers running Windows 10 Enterprise that are deployed through Windows as a Service (WaaS). You configure 100 client computers for the Windows Insider program and the remaining clients in the semi-annual service channel. You configure Windows Update for Business to manage Windows 10 updates. You need to prevent the download of Windows security and driver updates for two weeks while some network issues are resolved. Which Group Policy do you need to configure?

29

Your company has a Microsoft 365 E3 subscription, and all users are assigned a Microsoft 365 E3 license. You deploy Exchange Online, SharePoint Online, and Microsoft Teams. You enable auditing for your company in the Security & Compliance Center. You realize that site-specific SharePoint items are not audited. You need to configure site-specific auditing. What should you use?

30

Your network is configured as a Windows Active Directory (AD) domain. All domain clients and member servers are hybrid-joined to your Azure Active Directory (Azure AD) domain. Domain clients run Windows 8.1 or Windows 10. Your company implements Windows Defender Advanced Threat Protection (ATP) and onboards all domain client computers. Your company plans to decommission all computers running Windows 8.1. You offboard the computers from Defender ATP. You need to determine how long data collected from the offloaded computers will be available. Retention settings are configured at default values. How long are collected data and referenced alerts retained?

A. 5 Years
Incorrect.
B. 1 Year
Incorrect.
C. 30 days
Incorrect.
D. 6 months
Correct!
PDP Url

Sample Question - Microsoft 365 Mobility and Security (MS-101)


Self-Paced

Learning Style

Beginner

Difficulty

1 Hour

Course Duration

Certificate

See Sample

Buy Individually
About Individual Course:
  • Individual course plan gives you access to this course
$109.00
$109.00
/ Each

Outline

More Information

More Information
Lab Access No
Learning Style Self-Paced Learning
Difficulty Beginner
Course Duration 1 Hour
Language English

Reviews

Write Your Own Review
Only registered users can write reviews. Please Sign in or create an account

Contact A Learning Consultant


click here