Top Microsoft MS-101 Courses Online - Updated [Jan-2022]
MS-101 Practice Dumps - Verified By Dumpexams Updated 320 Questions
Main Skills Tested in Microsoft MS-101 Exam
The process of obtaining this expert-level badge requires applicants to spend enough time on studies. And the first step for you to do in this case is to get the MS-101 exam’s blueprint to identify the concepts covered and create a learning plan according to this list. Below, you will find complete details on each included topic and its connected subtopics:
- Microsoft 365 governance and compliance management – this is the final section of the assessment that is also divided into several subtopics. When they reach this section, candidates will need to understand how to configure Data Loss Prevention and implement sensitivity labels. Also, they will learn more about data governance, audit procedures, and eDiscovery services.
- Implementation of Microsoft 365 security and threat management – IT specialists will need to learn how to implement Cloud App Security, threat management, and Microsoft Defender Advanced Threat Protection. Another skill involved in this domain focuses on monitoring security reports and alerts.
- Implementation of modern device services– in this chapter, you will discover concepts related to mobile device management implementation and device compliance management. Also, exam-takers will learn how to create effective planning for devices and applications. Finally, they will become able to handle Windows 10 deployment.
Microsoft MS-101: Preparation Process
This certification exam has a total of three domains with each covering different knowledge and skill areas. It’s important to understand these topics and develop practical skills to be able to pass the test. Microsoft offers various preparation resources that the individuals can use for exam preparation. We’ll look at them in detail.
NEW QUESTION 108
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/quickstart-configure-named-locations
NEW QUESTION 109
Your company has a Microsoft 365 subscription that uses an Azure Directory (Azure AD0 tenant named Contoso.com. The tenant contains the users shown in the following table.
You create a relation label named Label1 that has the following configurations:
Retains content for five years.
Automatically deletes all content that is older than five years.
You turn on Auto labeling for Label1 b using a policy named Policy1. Policy1 has the following configurations:
* Retains content for five years
* Automatically deletes all content that is older than five years
You turn on Auto labeling for Label 1 by using a policy named Policy1. Policy has the following configurations:
* Applies to content that contains the word Merger
* Specifies the OneDrive accounts and SharePoint sites locations
You run the following command
Set RetentionConpliancePolicy Policy1 RestrictiveRelention $true Force
Answer:
Explanation:
NEW QUESTION 110
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint sharing policy is modified in the future.
Solution: From the SharePoint admin center, you modify the sharing settings.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION 111
You have the Microsoft Azure Advanced Threat Protection (ATP) workspace shown in the Workspace exhibit.
(Click the Workspace tab.)
The sensors settings for the workspace are configured as shown in the Sensors exhibit. (Click the Sensors tab.)
You need to ensure that Azure ATP stores data in Asia.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step1
NEW QUESTION 112
You need to meet the technical requirements and planned changes for Intune.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/intune/windows-enroll
NEW QUESTION 113
You have a Microsoft 365 subscription.
All users are assigned Microsoft Azure Active Directory Premium licenses.
From the Device Management admin center, you set Microsoft Intune as the MDM authority.
You need to ensure that when the members of a group named Marketing join a device to Azure Active Directory (Azure AD), the device is enrolled automatically in Intune. The Marketing group members must be limited to five devices enrolled in Intune.
Which two options should you use to perform the configurations? To answer, select the appropriate blades in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Device enrollment manager (DEM) is an Intune permission that can be applied to an Azure AD user account and lets the user enroll up to 1,000 devices You can create and manage enrollment restrictions that define what devices can enroll into management with Intune, including the:
* Number of devices.
* Operating systems and versions.
The Marketing group members must be limited to five devices enrolled in Intune References:
https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment-manager-enroll
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set
NEW QUESTION 114
Your company has five security information and event management (SIEM) appliances. The traffic logs from each appliance are saved to a file share named Logs.
You need to analyze the traffic logs.
What should you do from Microsoft Cloud App Security?
- A. Click Discover, and then click
- B. Click Investigate, and then click
- C. Click Investigate, and then click
- D. Click Control, and then click
Answer: C
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/investigate-an-activity-in-office-365-cas
NEW QUESTION 115
Your company has a Microsoft 365 subscription that contains the domains shown in the following table.
The company plans to add a custom domain named fabrikam.com to the subscription and then to enable enrollment of devices to Intune by using auto discovery for Tabrikam.com.
You need to add a DNS record to the fabnkam.com /on* Which record type should you use for the new record?
- A. PTR
- B. CNAME
- C. TXT
- D. SRV
Answer: B
NEW QUESTION 116
You create two device compliance policies for Android devices as shown in the following table.
The users belong to the groups shown in the following table.
The users enroll their device in Microsoft Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android
NEW QUESTION 117
Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD).
The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 has the File Server Resource Manager role service installed.
You need to configure Server1 to use the Azure Rights Management (Azure RMS) connector.
You install the Microsoft Management connector on Server1.
What should you do next on Server1?
- A. Install a certification authority (CA).
- B. Enable BitLocker Drive Encryption (BitLocker).
- C. Run the GenConnectorConfig.ps1 script.
- D. Configure the URL of the AIPMigrated group.
Answer: C
Explanation:
If you want to use the server configuration tool for the RMS connector, to automate the configuration of registry settings on your on-premises servers, download and run the GenConnectorConfig.ps1 script.
References:
https://docs.microsoft.com/en-us/azure/information-protection/install-configure-rms-connector#installing-the-rms-connector
NEW QUESTION 118
Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP includes the machine groups shown in the following table.
You onboard a computer named computer1 to Windows Defender ATP as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 119
HOTSPOT
You need to meet the technical requirements and planned changes for Intune.
What should you do? To answer, select the appropriate options is the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/intune/windows-enroll
Testlet 3
Case Study
Overview
ADatum Corporation is an international financial services company that has 5,000 employees.
ADatum has six offices: a main office in New York and five branch offices in Germany, the United Kingdom, France, Spain, and Italy.
All the offices are connected to each other by using a WAN link. Each office connects directly to the Internet.
Existing Environment
Current Infrastructure
ADatum recently purchased a Microsoft 365 subscription.
All user files are migrated to Microsoft 365.
All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of the user, for example, [email protected] or [email protected].
Each office has a security information and event management (SIEM) appliance. The appliance comes from three different vendors.
ADatum uses and processes Personally Identifiable Information (PII).
Problem Statements
ADatum entered into litigation. The legal department must place a hold on all the documents of a user named User1 that are in Microsoft 365.
Requirements
Business Goals
ADatum wants to be fully compliant with all the relevant data privacy laws in the regions where is operates.
ADatum wants to minimize the cost of hardware and software whenever possible.
Technical Requirements
ADatum identifies the following technical requirements:
* Centrally perform log analysis for all offices.
* Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
* Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
* Provide the users in the finance department with access to Service assurance information in Microsoft Office 365.
* Ensure that documents and email messages containing the PII data of European Union (EU) citizens are preserved for 10 years.
* If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a security administrator and suspend the user's user account.
* A security administrator requires a report that shown which Microsoft 365 users signed in. Based on the report, the security administrator will create a policy to require multi-factor authentication when a sign-in is high risk.
* Ensure that the users in the New York office can only send email messages that contain sensitive U.S. PII data to other New York office uses. Email messages must be monitored to ensure compliance. Auditors in the New York office must have access to reports that show the sent and received email messages containing sensitive U.S. PII data.
NEW QUESTION 120
You have a Microsoft 365 subscription that contains the users shown in the following table.
You run the following cmdlet.
Set-MailboxAuditBypassAssociation -Identity User2
-AuditByPassEnabled $true
The users perform the following actions:
* User1 accesses an item in the mailbox of User2.
* User2 modifies a mailbox item in the mailbox of User3.
* User3 signs in to her mailbox.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/powershell/module/exchange/set-mailboxauditbypassassociation?view=exchange-ps
NEW QUESTION 121
You need to recommend a solution for the security administrator. The solution must meet the technical requirements.
What should you include in the recommendation?
- A. Microsoft Azure Active Directory (Azure AD) Identity Protection
- B. Microsoft Azure Active Directory (Azure AD) Privileged Identity Management
- C. Microsoft Azure Active Directory (Azure AD) conditional access policies
- D. Microsoft Azure Active Directory (Azure AD) authentication methods
Answer: C
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/untrusted-networks
NEW QUESTION 122
You have a Microsoft 365 subscription.
You are planning a threat management solution for your organization.
You need to minimize the likelihood that users will be affected by the following threats:
Opening files in Microsoft SharePoint that contain malicious content
Impersonation and spoofing attacks in email messages
Which policies should you create in the Security & Compliance admin center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: ATP Safe Attachments
ATP Safe Attachments provides zero-day protection to safeguard your messaging system, by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox.
Box 2: ATP anti-phishing
ATP anti-phishing protection detects attempts to impersonate your users and custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks.
ATP Safe Links provides time-of-click verification of URLs, for example, in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked.
References:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp#configure-atp-policies
NEW QUESTION 123
Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains computers that run Windows 10 Enterprise and are managed by using Microsoft Intune. The computers are configured as shown in the following table.
You plan to implement Windows Defender Application Guard for contoso.com.
You need to identify on which two Windows 10 computers Windows Defender Application Guard can be installed.
Which two computers should you identify? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. Computer1
- B. Computer2
- C. Computer4
- D. Computer3
Answer: B,D
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/reqs-w
NEW QUESTION 124
You have Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Note: The Aggregation settings has a 120 minute window
NEW QUESTION 125
......
Exam Peculiarities and Self-Study
Microsoft doesn’t usually reveal the details of its certification exams. However, it is known that the MS-101 test is going to last for 180 minutes. During this time, each applicant will have to complete around 40 to 60 questions. The question formats that may appear in your delivery of the exam include hot area, multiple choice, case studies, drag and drop, fill-in-the-blank, and others.
To schedule the test, you need to follow the link on the official website and pay the fee of $165. This price applies to the United States. If you are located in another country, it will be most probably lower for you. The Microsoft MS-101 exam is available for taking in English and Japanese. To complete this certification test with flying colors, you need to score no less than 700 out of 1000 points.
If you want to study for the Microsoft MS-101 test, you can explore the preparation options offered by Microsoft on its website. These include the paid instructor-led training course under the title “Microsoft 365 Mobility and Security” as well as numerous free online learning paths for self-study.
New (2022) Microsoft MS-101 Exam Dumps: https://www.dumpexams.com/MS-101-real-answers.html
Updated MS-101 Exam Dumps - PDF Questions and Testing Engine: https://drive.google.com/open?id=1iKpyUTfTmrqN-Qfi5kbcTkF1QCVOtJDW