Skip Navigation Links
 

Microsoft - MS-101: Microsoft 365 Mobility and Security

Sample Questions

Question: 186
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are an administrator for a company. You have three devices enrolled in Microsoft Intune as shown in the following table.



The device compliance policies in Intune are configured as shown in the following table.



The device compliance policies have the assignments shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

ADevice1 is compliant: Yes
Device2 is compliant: Yes
Device3 is compliant: Yes
B Device1 is compliant: Yes
Device2 is compliant: Yes
Device3 is compliant: No
C Device1 is compliant: No
Device2 is compliant: Yes
Device3 is compliant: No
D Device1 is compliant: No
Device2 is compliant: Yes
Device3 is compliant: Yes
E Device1 is compliant: No
Device2 is compliant: No
Device3 is compliant: Yes
F Device1 is compliant: No
Device2 is compliant: No
Device3 is compliant: No

Correct answer: E

Explanation:

None of the devices has BitLocker enabled.

Device1 is member of Group3, which has Policy3 applied. Policy3 requires BitLocker. Therefore Device1 is not compliant with the policy.

Device2 is member of Group2 and Group3. Policy2 and Policy3 apply. Policy2 does not require BitLocker and Policy3 requires BitLocker. The NonCompliant status is assigned to that device.

Device3 is member of Group2 only and policy2 will apply. Policy2 does not require BitLocker. Device3 is compliant.

Reference: Get started with device compliance policies in Intune

Question: 187
Measured Skill: Implement Microsoft 365 Security and Threat Management (30-35%)

You have a Microsoft 365 subscription. You are planning a threat management solution for your organization.

You need to minimize the likelihood that users will be affected by the following threats:
  • Opening files in Microsoft SharePoint that contain malicious content.
  • Impersonation and spoofing attacks in email messages.
Which policies should you create in the Security & Compliance admin center?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AOpening files in Microsoft SharePoint that contain malicious content: Anti-spam
Impersonation and spoofing attacks in email messages: ATP anti-phishing
B Opening files in Microsoft SharePoint that contain malicious content: ATP safe attachments
Impersonation and spoofing attacks in email messages: ATP anti-phishing
C Opening files in Microsoft SharePoint that contain malicious content: Anti-spam
Impersonation and spoofing attacks in email messages: ATP safe links
D Opening files in Microsoft SharePoint that contain malicious content: ATP safe attachments
Impersonation and spoofing attacks in email messages: Anti-spam

Correct answer: B

Explanation:

Office 365 Advanced Threat Protection (ATP) safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.

The policies that are defined for your organization determine the behavior and protection level for predefined threats. Policy options are extremely flexible. For example, your organization's security team can set fine-grained threat protection at the user, organization, recipient, and domain level. It is important to review your policies regularly because new threats and challenges emerge daily.

  • ATP Safe Attachments: Provides zero-day protection to safeguard your messaging system, by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox. ATP safe Attachments protects your organization also in SharePoint and OneDrive from inadvertently sharing malicious files. 

  • ATP Safe Links: Provides time-of-click verification of URLs, for example, in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links remain accessible and malicious links are dynamically blocked.

  • ATP for SharePoint, OneDrive, and Microsoft Teams: Protects your organization when users collaborate and share files, by identifying and blocking malicious files in team sites and document libraries.

  • ATP anti-phishing protection: Detects attempts to impersonate your users and custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks.

References:

Office 365 Advanced Threat Protection

Turn on Office 365 ATP for SharePoint, OneDrive, and Microsoft Teams

Question: 188
Measured Skill: Implement Modern Device Services (30-35%)

Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD).

The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 has the File Server Resource Manager role service installed.

You need to configure Server1 to use the Azure Rights Management (Azure RMS) connector.

You install the Microsoft Management connector on Server1.

What should you do next on Server1?

ARun the GenConnectorConfig.ps1 script.
B Configure the URL of the AIPMigrated group.
C Enable BitLocker Drive Encryption (BitLocker).
D Install a certification authority (CA).

Correct answer: A

Explanation:

The Microsoft Rights Management (RMS) connector lets you quickly enable existing on-premises servers to use their Information Rights Management (IRM) functionality with the cloud-based Microsoft Rights Management service (Azure RMS). With this functionality, IT and users can easily protect documents and pictures both inside your organization and outside, without having to install additional infrastructure or establish trust relationships with other organizations.

The RMS connector is a small-footprint service that you install on-premises, on servers that run Windows Server 2016, Windows Server 2012 R2, Windows Server 2012. In addition to running the connector on physical computers, you can also run it on virtual machines, including Azure IaaS VMs. After you deploy the connector, it acts as a communications interface (a relay) between the on-premises servers and the cloud service.

Installing the RMS connector involves downloading the RMSConnectorSetup.exe setup file and the GenConnectorConfig.ps1 configuration script.

Reference: Installing and configuring the Azure Rights Management connector

Question: 189
Measured Skill: Implement Modern Device Services (30-35%)

You have a Microsoft 365 subscription. All users are assigned Microsoft Azure Active Directory Premium licenses.

From the Azure Active Directory admin center, you set Microsoft Intune as the MDM authority.

You need to ensure that when the members of a group named Marketing join a device to Azure Active Directory (Azure AD), the device is enrolled automatically in Intune. The Marketing group members must be limited to five devices enrolled in Intune.

Which two options should you use to perform the configurations?

(To answer, select the appropriate blades in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAndroid enrollment
B Windows enrollment
C Terms and conditions
D Enrollment restrictions
E Device categories
F Device entollment managers

Correct answer: B, D

Explanation:

The Marketing group members must be limited to five devices enrolled in Intune.

First, we need to configure the Automatic Enrollment settings from the Windows enrollment blade and ensure that the Marketing users are included in the MDM user scope.

Second, we need to configure the Enrollment restrictions and assign a device limit of 5 devices to the Marketing users.

Question: 190
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You have a Microsoft 365 subscription.

All users have their email stored in Microsoft Exchange Online.

In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX.

What should you do?

AFrom Microsoft Cloud App Security, create an access policy.
B From the Security & Compliance admin center, create an eDiscovery case.
C From Microsoft Cloud App Security, create an activity policy.
D From the Security & Compliance admin center, create a data loss prevention (DLP) policy.

Correct answer: B

Explanation:

Organizations have many reasons to respond to a legal case involving certain executives or other employees in your organization. This might involve quickly finding and retaining for further investigation-specific information in email, documents, instant messaging conversations, and other content locations used by people in their day-to-day work tasks. You can perform these and many other similar activities by using the eDiscovery case tools in the security and compliance center.

Reference: eDiscovery cases in the Security & Compliance Center



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2020 by cert2brain.com