Skip Navigation Links
 

Microsoft - MS-101: Microsoft 365 Mobility and Security

Sample Questions

Question: 83
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are an administrator for a company. Your company uses Microsoft Cloud App Security.

You plan to integrate Cloud App Security and security information and event management (SIEM).

You need to deploy a SIEM agent on a server that runs Windows Server 2016.

What should you do?

(To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AFirst action to perform: Install Java 8.
Second action to perform: Run the java command and specify the -jar parameter.
B First action to perform: Install Microsoft .Net Framework 3.5.
Second action to perform: Run the Install-WindowsFeature cmdlet and specify the -Source parameter.
C First action to perform: Install Microsoft .Net Framework 3.5.
Second action to perform: Run the Set-MMAgent cmdlet.
D First action to perform: Add the Windows internal Database feature.
Second action to perform: Run the Install-WindowsFeature cmdlet and specify the -Source parameter.
E First action to perform: Add the Windows internal Database feature.
Second action to perform: Run the Set-MMAgent cmdlet.
F First action to perform: Add the Setup and Boot Event Collection feature.
Second action to perform: Add the Setup and Boot Event Collection feature.

Correct answer: A

Explanation:

You can integrate Microsoft Cloud App Security with your SIEM server to enable centralized monitoring of alerts and activities from connected apps. As new activities and events are supported by connected apps, visibility into them is then rolled out into Microsoft Cloud App Security. Integrating with a SIEM service allows you to better protect your cloud applications while maintaining your usual security workflow, automating security procedures, and correlating between cloud-based and on-premises events. The Microsoft Cloud App Security SIEM agent runs on your server and pulls alerts and activities from Microsoft Cloud App Security and streams them into the SIEM server.

The SIEM agent is deployed in your organization’s network. When deployed and configured, it pulls the data types that were configured (alerts and activities) using Cloud App Security RESTful APIs. The traffic is then sent over an encrypted HTTPS channel on port 443.

Once the SIEM agent retrieves the data from Cloud App Security, it sends the Syslog messages to your local SIEM. Cloud App security uses the network configurations you provided during the setup (TCP or UDP with a custom port).

Integrating with your SIEM is accomplished in three steps:

  1. Set it up in the Cloud App Security portal.
  2. Download the JAR file and run it on your server.
  3. Validate that the SIEM agent is working.

Prerequisites

  • A standard Windows or Linux server (can be a virtual machine).
  • The server must be running Java 8; earlier versions aren't supported.
  • OS: Windows or Linux
  • CPU: 2
  • Disk space: 20 GB
  • RAM: 2 GB
  • The server must be running Java 8. Earlier versions aren't supported.
  • Set your firewall.
Reference: SIEM integration

Question: 84
Measured Skill: Implement Microsoft 365 Security and Threat Management (30-35%)

You are a cloud administrator for a company. You configure an anti-phishing policy as shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AIf a message is identified as a domain impersonation, the message is delivered to the inbox folder.
To reduce the likelihood of the impersonation policy generating false positives, configure Enable antispoofing protection.
B If a message is identified as a domain impersonation, the message is delivered to the inbox folder.
To reduce the likelihood of the impersonation policy generating false positives, configure Advanced phishing thresholds.
C If a message is identified as a domain impersonation, the message is moved to the Deleted Items folder.
To reduce the likelihood of the impersonation policy generating false positives, configure Advanced phishing thresholds.
D If a message is identified as a domain impersonation, the message is moved to the Deleted Items folder.
To reduce the likelihood of the impersonation policy generating false positives, configure Mailbox intelligence.
E If a message is identified as a domain impersonation, the message is moved to the Junk EMail folder.
To reduce the likelihood of the impersonation policy generating false positives, configure Mailbox intelligence.
F If a message is identified as a domain impersonation, the message is moved to the Junk EMail folder.
To reduce the likelihood of the impersonation policy generating false positives, configure Domain impersonation.

Correct answer: C

Explanation:

The answer for the first statement can be easily taken right from the exhibit:



The Advanced phishing thresholds defines the level of settings for how phishing messages are handled.
  • Standard Email suspected to be phish is handled in the standard way.

  • Aggressive Email suspected to be phish with a high or very high degree of confidence are handled by the system in the same way.

  • More aggressive Email suspected to be phish with a medium, high, or very high degree of confidence are handled by the system in the same way.

  • Most aggressive Email suspected to be phish with a low, medium, high, or very high degree of confidence are handled by the system in the same way.
When you want to be more aggressive in the treatment of potentially phishing messages within Office 365. For example, messages with a very high probability of being phish will have the most aggressive actions taken on them while messages with a low probability have less aggressive actions taken on them. This setting also impacts other parts of the filtering system that combine signals together. The chance of moving good messages increases as the level of settings increases.

We should reduce the Advanced phishing thresholds to Standard.

Reference: Learn about ATP anti-phishing policy options

Question: 85
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are a cloud administrator. You have a Microsoft 365 subscription.

You need to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity during the past month. The solution must minimize administrative effort.

Which admin center should you use?

AAzure ATP
B Security & Compliance
C Cloud App Security
D Flow

Correct answer: B

Explanation:

Need to find if a user viewed a specific document or purged an item from their mailbox? If so, you can use the Office 365 Security & Compliance Center to search the unified audit log to view user and administrator activity in your Office 365 organization. Why a unified audit log? Because you can search for the following types of user and admin activity in Office 365:

  • User activity in SharePoint Online and OneDrive for Business

  • User activity in Exchange Online (Exchange mailbox audit logging)

  • Admin activity in SharePoint Online

  • Admin activity in Azure Active Directory (the directory service for Office365)

  • Admin activity in Exchange Online (Exchange admin audit logging)

  • User and admin activity in Sway

  • eDiscovery activities in the security and compliance center

  • User and admin activity in Power BI

  • User and admin activity in Microsoft Teams

  • User and admin activity in Dynamics 365

  • User and admin activity in Yammer

  • User and admin activity in Microsoft Flow

  • User and admin activity in Microsoft Stream

  • Analyst and admin activity in Microsoft Workplace Analytics

  • User and admin activity in Microsoft PowerApps

Reference: Search the audit log in the Security & Compliance Center

Question: 86
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are testing a data loss prevention (DLP) policy to protect the sharing of credit card information with external users.

During testing, you discover that a user can share credit card information with external users by using email. However, the user is prevented from sharing files that contain credit card information by using Microsoft SharePoint Online.

You need to prevent the user from sharing the credit card information by using email and SharePoint.

What should you configure?

AThe locations of the DLP policy
B The user overrides of the DLP policy rule
C The status of the DLP policy
D The conditions of the DLP policy rule

Correct answer: A

Explanation:

DLP policies can be applied to one or more Microsoft 365 locations.



Question: 87
Measured Skill: Implement Modern Device Services (30-35%)

Your company uses Microsoft System Center Configuration Manager (Current Branch) and Microsoft Intune to co-manage devices.

Which two actions can be performed only from Intune?

(Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.)

ADeploy applications to Windows 10 devices.
B Deploy VPN profiles to iOS devices.
C Deploy VPN profiles to Windows 10 devices.
D Publish applications to Android devices.

Correct answer: B, D

Explanation:

Microsoft System Center Configuration Manager can manage only Windows-based devices.

Note: When you concurrently manage Windows 10 devices with both Configuration Manager and Microsoft Intune, this configuration is called co-management. When you manage devices with Configuration Manager and enroll to a third-party MDM service, this configuration is called coexistence. Having two management authorities for a single device can be challenging if not properly orchestrated between the two. With co-management, Configuration Manager and Intune balance the workloads to make sure there are no conflicts. This interaction doesn't exist with third-party services, so there are limitations with the management capabilities of coexistence.

See also: What is co-management?



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2019 by cert2brain.com