Skip Navigation Links
 

Microsoft - MS-101: Microsoft 365 Mobility and Security

Sample Questions

Question: 104
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are an administrator for a company. You purchase a new Microsoft 365 subscription.

You create 100 users who are assigned Microsoft 365 E3 licenses.

From the Security & Compliance admin center, you enable auditing.

Six months later, a manager sends you an email message asking the following questions:
  • Question 1: Who created a team named Team1 14 days ago?
  • Question 2: Who signed in to the mailbox of User1 30 days ago?
  • Question 3: Who changed the site collection administrators of a site 60 days ago?
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAn audit log search from the Security & Compliance admin center will provide the answer to question 1: Yes
An audit log search from the Security & Compliance admin center will provide the answer to question 2: Yes
An audit log search from the Security & Compliance admin center will provide the answer to question 3: Yes
B An audit log search from the Security & Compliance admin center will provide the answer to question 1: Yes
An audit log search from the Security & Compliance admin center will provide the answer to question 2: Yes
An audit log search from the Security & Compliance admin center will provide the answer to question 3: No
C An audit log search from the Security & Compliance admin center will provide the answer to question 1: Yes
An audit log search from the Security & Compliance admin center will provide the answer to question 2: No
An audit log search from the Security & Compliance admin center will provide the answer to question 3: No
D An audit log search from the Security & Compliance admin center will provide the answer to question 1: No
An audit log search from the Security & Compliance admin center will provide the answer to question 2: Yes
An audit log search from the Security & Compliance admin center will provide the answer to question 3: No
E An audit log search from the Security & Compliance admin center will provide the answer to question 1: Yes
An audit log search from the Security & Compliance admin center will provide the answer to question 2: No
An audit log search from the Security & Compliance admin center will provide the answer to question 3: Yes
F An audit log search from the Security & Compliance admin center will provide the answer to question 1: No
An audit log search from the Security & Compliance admin center will provide the answer to question 2: No
An audit log search from the Security & Compliance admin center will provide the answer to question 3: No

Correct answer: E

Explanation:

Need to find if a user viewed a specific document or purged an item from their mailbox? If so, you can use the Office 365 Security & Compliance Center to search the unified audit log to view user and administrator activity in your Office 365 organization. Why a unified audit log? Because you can search for the following types of user and admin activity in Office 365:

  • User activity in SharePoint Online and OneDrive for Business

  • User activity in Exchange Online (enabling Exchange mailbox audit logging required)

  • Admin activity in SharePoint Online

  • Admin activity in Azure Active Directory (the directory service for Office 365)

  • Admin activity in Exchange Online (enabling Exchange admin audit logging required)

  • User and admin activity in Sway

  • eDiscovery activities in the security and compliance center

  • User and admin activity in Power BI

  • User and admin activity in Microsoft Teams

  • User and admin activity in Dynamics 365

  • User and admin activity in Yammer

  • User and admin activity in Microsoft Flow

  • User and admin activity in Microsoft Stream

  • Analyst and admin activity in Microsoft Workplace Analytics

  • User and admin activity in Microsoft PowerApps



Question: 105
Measured Skill: Implement Modern Device Services (30-35%)

You configure a conditional access policy. The locations settings are configured as shown in the following exhibit.



The users and groups settings are configured as shown in the following exhibit.



Members of the Marketing group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.

You need to ensure that the members of the Marketing group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.

What should you do?

AFrom the conditional access policy, configure the device state.
B From the Azure Active Directory admin center, create a custom control.
C From the Intune admin center, create a device compliance policy.
D From the Intune admin center admin center, create a named location.

Correct answer: D

Explanation:

The conditional access policy allows access for users who are located in trusted locations. We need to define the office location as a trusted location. For this purpose, a named location must be created and marked as trustworthy.



Reference: What is the location condition in Azure Active Directory Conditional Access?

Question: 106
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are a cloud administrator for a company. You have a Microsoft 365 tenant. You create a retention label as shown in the following exhibit.



You create a label policy as shown in the following exhibit.



The label policy is configured as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAny sent email messages that contain the word ProjectX will be deleted immediately: Yes
Any sent email messages that contain the word ProjectX will be retained for six months: Yes
Users are required to manually apply a label to email messages that contain the word ProjectX: Yes
B Any sent email messages that contain the word ProjectX will be deleted immediately: Yes
Any sent email messages that contain the word ProjectX will be retained for six months: No
Users are required to manually apply a label to email messages that contain the word ProjectX: Yes
C Any sent email messages that contain the word ProjectX will be deleted immediately: No
Any sent email messages that contain the word ProjectX will be retained for six months: Yes
Users are required to manually apply a label to email messages that contain the word ProjectX: Yes
D Any sent email messages that contain the word ProjectX will be deleted immediately: Yes
Any sent email messages that contain the word ProjectX will be retained for six months: Yes
Users are required to manually apply a label to email messages that contain the word ProjectX: No
E Any sent email messages that contain the word ProjectX will be deleted immediately: No
Any sent email messages that contain the word ProjectX will be retained for six months: Yes
Users are required to manually apply a label to email messages that contain the word ProjectX: No
F Any sent email messages that contain the word ProjectX will be deleted immediately: No
Any sent email messages that contain the word ProjectX will be retained for six months: No
Users are required to manually apply a label to email messages that contain the word ProjectX: No

Correct answer: E

Explanation:

The label named 6Months is configured to retain the labeled content for 6 months and then delete it.

The policy applies the label automatically to content in Exchange that contains the word "ProjectX."

Question: 107
Measured Skill: Implement Microsoft 365 Security and Threat Management (30-35%)

Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP includes the machine groups shown in the following table.



You onboard a computer named computer1 to Windows Defender ATP as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AComputer1 will be a member of Group3 only.
If you add the tag demo to Computer1, the computer will be a member of Group1 only.
B Computer1 will be a member of Group4 only.
If you add the tag demo to Computer1, the computer will be a member of Group1 only.
C Computer1 will be a member of Group3 and Group4 only.
If you add the tag demo to Computer1, the computer will be a member of Group1 and Group2 only.
D Computer1 will be a member of Group3 and Group4 only.
If you add the tag demo to Computer1, the computer will be a member of Group1, Group2, Group3, and Group4.
E Computer1 will be a member of Ungrouped machines.
If you add the tag demo to Computer1, the computer will be a member of Group1, Group2, Group3, and Group4.
F Computer1 will be a member of Ungrouped machines.
If you add the tag demo to Computer1, the computer will be a member of Ungrouped machines.

Correct answer: A

Explanation:

In an enterprise scenario, security operation teams are typically assigned a set of machines. These machines are grouped together based on a set of attributes such as their domains, computer names, or designated tags.

In Microsoft Defender ATP, you can create machine groups and use them to:

  • Limit access to related alerts and data to specific Azure AD user groups with assigned RBAC roles
  • Configure different auto-remediation settings for different sets of machines
  • Assign specific remediation levels to apply during automated investigations
  • In an investigation, filter the Machines list to just specific machine groups by using the Group filter.

You can create machine groups in the context of role-based access (RBAC) to control who can take specific action or see information by assigning the machine group(s) to a user group.

Manage machine groups

You can promote or demote the rank of a machine group so that it is given higher or lower priority during matching. When a machine is matched to more than one group, it is added only to the highest ranked group. You can also edit and delete groups.

By default, machine groups are accessible to all users with portal access. You can change the default behavior by assigning Azure AD user groups to the machine group.

Machines that are not matched to any groups are added to Ungrouped machines (default) group. You cannot change the rank of this group or delete it. However, you can change the remediation level of this group, and define the Azure AD user groups that can access this group.



Reference: Create and manage machine groups



Question: 108
Measured Skill: Implement Microsoft 365 Security and Threat Management (30-35%)

You have the Microsoft Azure Advanced Threat Protection (ATP) workspace shown in the following exhibit.



The sensors settings for the workspace are configured as shown in the following exhibit.



You need to ensure that Azure ATP stores data in Asia.

Which three actions should you perform in sequence?

(To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)

www.cert2brain.com

ASequence: 2, 3, 4
B Sequence: 4, 1, 3
C Sequence: 2, 4, 3
D Sequence: 1, 3, 5

Correct answer: C

Explanation:

Currently, Azure ATP data centers are deployed in Europe, North America/Central America/Caribbean and Asia. Your instance is created automatically in the data center that is geographically closest to your Azure Active Directory (Azure AD). Once created, Azure ATP instances aren't movable.

When creating a new instance, the geographic region can not be selected to save the data.

Deleting and recreating the instance appears to be the best (but impossible) solution.

Reference: Quickstart: Create your Azure ATP instance



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2019 by cert2brain.com