MS-101 Exam Questions - Real & Updated Questions PDF
Pass Guaranteed Quiz 2021 Realistic Verified Free Microsoft
What Experience Candidates Should Have?
To ace the Microsoft MS-101 certification exam on the first attempt, the students should be familiar with Microsoft 365 workloads and must have worked with at least one of them as an administrator. The options include Windows as a Service, SharePoint, Exchange, and Skype for Business. Besides, the candidates have to possess a solid knowledge of the IT fundamentals, such as DNS, PowerShell, and Active Directory, as well as server administration & networking.
NEW QUESTION 45
You purchase a new Microsoft 365 subscription.
You create 100 users who are assigned Microsoft 365 E3 licenses.
From the Security & Compliance admin center, you enable auditing.
Six months later, a manager sends you an email message asking the following questions:
* Question1: Who created a team named Team1 14 days ago?
* Question2: Who signed in to the mailbox of User1 30 days ago?
* Question3: Who changed the site collection administrators of a site 60 days ago?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-and-compliance?
https://docs.microsoft.com/en-us/office365/securitycompliance/enable-mailbox-auditing
NEW QUESTION 46
You have a Microsoft 365 subscription.
You plan to enable Microsoft Azure Information Protection.
You need to ensure that only the members of a group named PilotUsers can protect content.
What should you do?
- A. Run the Add-AadrmRoleBasedAdministrator cmdlet.
- B. Configure the protection activation status for Azure Information Protection.
- C. Create an Azure Information Protection policy.
- D. Run the Set-AadrmOnboardingControlPolicy cmdlet.
Answer: C
Explanation:
Explanation
Explanation/Reference:
https://blogs.technet.microsoft.com/kemckinn/2018/05/17/creating-labels-for-azure-information-protection/
NEW QUESTION 47
You have a Microsoft 365 tenant that uses Microsoft Endpoint Manager for device management. You need to add the phone number of the help desk to the Company Portal app. What should you do?
- A. From the Microsoft Endpoint Manager admin center, create an app configuration policy.
- B. From the Microsoft 365 admin center, modify Help desk information.
- C. From the Microsoft 365 admin center, modify Organization information.
- D. From Customization in the Microsoft Endpoint Manager admin center, modify the support information for the tenant.
Answer: B
NEW QUESTION 48
You create a new Microsoft 365 subscription and assign Microsoft 365 E3 licenses to 100 users.
From the Security & Compliance admin center, you enable auditing.
You are planning the auditing strategy.
Which three activities will be audited by default? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
- A. A user delegates permissions to their mailbox.
- B. A user purges messages from their mailbox.
- C. An administrator creates a new Microsoft SharePoint site collection.
- D. An administrator creates a new mail flow rule.
- E. A user shares a Microsoft SharePoint folder with an external user.
Answer: C,D,E
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/search-the-audit-log-in-security-andcompliance?
NEW QUESTION 49
You create two device compliance policies for Android devices as shown in the following table.
The users belong to the groups shown in the following table.
The users enroll their device in Microsoft Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android
NEW QUESTION 50
You have the Microsoft Azure Advanced Threat Protection (ATP) workspace shown in the Workspace exhibit.
(Click the Workspace tab.)
The sensors settings for the workspace are configured as shown in the Sensors exhibit. (Click the Sensors tab.)
You need to ensure that Azure ATP stores data in Asia.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step1
NEW QUESTION 51
HOTSPOT
You have retention policies in Microsoft 365 as shown in the following table.
Policy1 is configured as shown in the Policy1 exhibit. (Click the Policy1 tab.)
Policy2 is configured as shown in the Policy2 exhibit. (Click the Policy2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies#the-principles-of-retention-or- what-takes-precedence
NEW QUESTION 52
Your company uses Microsoft Cloud App Security.
You plan to integrate Cloud App Security and security information and event management (SIEM).
You need to deploy a SIEM agent on a server that runs Windows Server 2016.
What should you do? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/integrate-your-siem-server-with-office-365-cas
NEW QUESTION 53
You have the Microsoft Azure Advanced Threat Protection (ATP) workspace shown in the Workspace exhibit.
(Click the Workspace tab.)
The sensors settings for the workspace are configured as shown in the Sensors exhibit. (Click the Sensors tab.)
You need to ensure that Azure ATP stores data in Asia.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
NEW QUESTION 54
From the Security & Compliance admin center, you create a retention policy named Policy1.
You need to prevent all users from disabling the policy or reducing the retention period.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
References:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-retention/set-retentioncompliancepolicy?view=exchange-ps
NEW QUESTION 55
You have three devices enrolled in Microsoft Intune as shown in the following table.
The device compliance policies in Intune are configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 56
Your company purchases a cloud app named App1.
You plan to publish App1 by using a conditional access policy named Policy1.
You need to ensure that you can control access to App1 by using a Microsoft Cloud App Security session policy.
Which two settings should you modify in Policy1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/cloud-app-security/proxy-deployment-aad
Topic 2, Contoso, Ltd
Existing Environment
Requirement
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.
All servers run Windows Server 2016. All desktops and laptops are Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.
The domain also includes a group named Group1.
Planned Changes
Contoso plans to implement the following changes:
* Implement Microsoft 365.
* Manage devices by using Microsoft Intune.
* Implement Azure Advanced Threat Protection (ATP).
* Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.
Technical Requirements
Contoso identifies the following technical requirements:
* When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automaticity.
* Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.
* User1 must be able to enroll all the New York office mobile devices in Intune.
* Azure ATP sensors must be installed and must NOT use port mirroring.
* Whenever possible, the principle of least privilege must be used.
* A Microsoft Store for Business must be created.
Compliance Requirements
Contoso identifies the following compliance requirements:
* Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.
* Configure Windows Information Protection (W1P) for the Windows 10 devices.
NEW QUESTION 57
You need to configure a conditional access policy to meet the compliance requirements.
You add Exchange Online as a cloud app.
Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 58
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant that contains a user named User1.
Your company purchases a Microsoft 365 subscription.
You need to ensure that User1 is assigned the required role to create file policies and manage alerts in the Cloud App Security admin center.
Solution: From the Security & Compliance admin center, you assign the Security Administrator role to User1.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/cloud-app-security/manage-admins
NEW QUESTION 59
You have a Microsoft 365 tenant that contains devices enrolled in Microsoft Intune. The devices are configured as shown in the following table.
You plan to perform the following device management tasks in Microsoft Endpoint Manager:
* Deploy a VPN connection by using a VPN device configuration profile.
* Configure security settings by using an Endpoint Protection device configuration profile.
You need to identify which devices will support the management tasks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configure
https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-macos
NEW QUESTION 60
The users at your company use Dropbox Business to store documents. The users access Dropbox Business by using the MyApps portal.
You need to ensure that user access to Dropbox Business is authenticated by using a Microsoft 365 identity.
The documents must be protected if the data is downloaded to a device that is not trusted.
What should you do?
- A. From the Azure Active Directory admin center, configure the organizational relationships settings.
- B. From the Device Management admin center, configure Exchange on-premises access settings.
- C. From the Azure Active Directory admin center, configure the device settings.
- D. From the Device Management admin center, configure conditional access settings.
Answer: A
NEW QUESTION 61
You have a Microsoft 365 subscription.
All users have their email stored in Microsoft Exchange Online.
In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX.
What should you do?
- A. From the Exchange admin center, create a mail flow rule.
- B. From the Security & Compliance admin center, create an eDiscovery case.
- C. From Microsoft Cloud App Security, create an access policy.
- D. From the Security & Compliance admin center, start a message trace.
Answer: B
Explanation:
Explanation
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/ediscovery-cases#step-2-create-a-new-case
NEW QUESTION 62
From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)
What will be excluded from the export?
- A. a 60-MB DOCX file
- B. a 5-KB RTF file
- C. an 80-MB PPTX file
- D. a 12-MB BMP file
Answer: D
Explanation:
Section: [none]
Explanation:
Unrecognized file formats are excluded from the search.
Certain types of files, such as Bitmap or MP3 files, don't contain content that can be indexed. As a result, the search indexing servers in Exchange and SharePoint don't perform full-text indexing on these types of files.
These types of files are considered to be unsupported file types.
Incorrect Answers:
A: DOCX is a supported Microsoft PowerPoint file format.
C: RTF is a supported Rich Text File format.
D: PPTX is a supported Microsoft PowerPoint file format.
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/partially-indexed-items-in-content-search?
view=o365-worldwide
https://docs.microsoft.com/en-us/office365/securitycompliance/export-a-content-search-report
NEW QUESTION 63
You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.
The domain contains the devices shown in the following table.
The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Note: Block access overrides Grant access
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access
NEW QUESTION 64
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.
Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
References:
https://docs.microsoft.com/en-us/powershell/module/azurerm.resources/new-azurermroleassignment?view=azurermps-6.13.0
NEW QUESTION 65
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains a group named Group1 and the users shown in the following table:
The tenant has a conditional access policy that has the following configurations:
Name: Policy1
Assignments:
- Users and groups: Group1
- Cloud aps or actions: All cloud apps
* Access controls:
* Grant, require multi-factor authentication
* Enable policy: Report-only
You set Enabled Security defaults
For each of the following settings select Yes, if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Report-only mode is a new Conditional Access policy state that allows administrators to evaluate the impact of Conditional Access policies before enabling them in their environment. With the release of report-only mode:
* Conditional Access policies can be enabled in report-only mode.
* During sign-in, policies in report-only mode are evaluated but not enforced.
* Results are logged in the Conditional Access and Report-only tabs of the Sign-in log details.
* Customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the Conditional Access insights workbook.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-report-onl
NEW QUESTION 66
You create two device compliance policies for Android devices as shown in the following table.
The users belong to the groups shown in the following table.
The users enroll their device in Microsoft Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android
NEW QUESTION 67
Your company has a Microsoft 365 subscription that contains the domains shown in the following table.
The company plans to add a custom domain named fabrikam.com to the subscription and then to enable enrollment of devices to Intune by using auto discovery for Tabrikam.com.
You need to add a DNS record to the fabnkam.com /on* Which record type should you use for the new record?
- A. SRV
- B. PTR
- C. CNAME
- D. TXT
Answer: C
NEW QUESTION 68
Your company uses on-premises Windows Server File Classification Infrastructure (FCI). Some documents on the on-premises file servers are classified as Confidential.
You migrate the files from the on-premises file servers to Microsoft SharePoint Online.
You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded file based on the Confidential classification.
What should you do first?
- A. From the Security & Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet.
- B. From the SharePoint admin center, create a managed property.
- C. From the SharePoint admin center, configure hybrid search.
- D. From the Security & Compliance Center PowerShell, run the New-DataClassification cmdlet.
Answer: A
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-dlp/newdataclassification view=exchange-ps
NEW QUESTION 69
......
Exam MS-101: Microsoft 365 Mobility and Security
Candidates for this exam are Microsoft 365 Enterprise Administrators who take part in evaluating, planning, migrating, deploying, and managing Microsoft 365 services. They perform Microsoft 365 tenant management tasks for an enterprise, including its identities, security, compliance, and supporting technologies.
Candidates have a working knowledge of Microsoft 365 workloads and should have been an administrator for at least Exchange, SharePoint, Teams, Windows 10 deployment. Candidates also have a working knowledge of networking, server administration, and IT fundamentals such as DNS, Active Directory, and PowerShell.
Part of the requirements for: Microsoft 365 Certified: Enterprise Administrator Expert
Get to the Top with MS-101 Practice Exam Questions: https://www.dumpexams.com/MS-101-real-answers.html
Free Microsoft 365 MS-101 Ultimate Study Guide: https://drive.google.com/open?id=1iKpyUTfTmrqN-Qfi5kbcTkF1QCVOtJDW