Skip Navigation Links
 

Microsoft - MS-101: Microsoft 365 Mobility and Security

Sample Questions

Question: 421
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You have a Microsoft 365 E5 subscription. The subscription contains users that have the following types of devices:
  • Windows 10
  • Android
  • macOS
On which devices can you configure Endpoint Data Loss Prevention (Endpoint DLP) policies?

AWindows 10 only
B Windows 10 and Android only
C Windows 10 and macOS only
D Windows 10, Android, and iOS

Correct answer: C

Explanation:

You can use Microsoft Purview Data Loss Prevention (DLP) to monitor the actions that are being taken on items you've determined to be sensitive and to help prevent the unintentional sharing of those items. 

Endpoint data loss prevention (Endpoint DLP) extends the activity monitoring and protection capabilities of DLP to sensitive items that are physically stored on Windows 10, Windows 11, and macOS (Catalina 10.15 and higher) devices. Once devices are onboarded into the Microsoft Purview solutions, the information about what users are doing with sensitive items is made visible in activity explorer and you can enforce protective actions on those items via DLP policies.

Reference: Learn about Endpoint data loss prevention



Question: 422
Measured Skill: Implement Modern Device Services (40-45%)

Your on-premises network contains an Active Directory domain named contoso.com and 500 devices that run either macOS, Windows 8.1, Windows 10, or Windows 11. All the devices are managed by using Microsoft Endpoint Configuration Manager.

The domain syncs with Azure Active Directory (Azure AD).

You plan to implement a Microsoft 365 E5 subscription and enable co-management.

Which devices can be co-managed after the implementation?

AWindows 11 and Windows 10 only
B Windows 11, Windows 10, Windows 8.1 and macOS
C Windows 11 and macOS only
D Windows 11 only
E Windows 11, Windows 10 and Windows 8.1 only

Correct answer: A

Explanation:

Co-management is one of the primary ways to attach your existing Configuration Manager deployment to the Microsoft 365 cloud. It helps you unlock more cloud-powered capabilities like conditional access.

Co-management enables you to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune. It lets you cloud-attach your existing investment in Configuration Manager by adding new functionality. By using co-management, you have the flexibility to use the technology solution that works best for your organization.

When a Windows device has the Configuration Manager client and is enrolled to Intune, you get the benefits of both services. You control which workloads, if any, you switch the authority from Configuration Manager to Intune. Configuration Manager continues to manage all other workloads, including those workloads that you don't switch to Intune, and all other features of Configuration Manager that co-management doesn't support.

You're also able to pilot a workload with a separate collection of devices. Piloting allows you to test the Intune functionality with a subset of devices before switching a larger group.

Reference: What is co-management?



Question: 423
Measured Skill: Implement Modern Device Services (40-45%)

You have several devices enrolled in Microsoft Endpoint Manager.

You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.



The device type restrictions in Endpoint Manager are configured as shown in the following table.



You add User3 as a device enrollment manager in Endpoint Manager.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AUser1 can enroll Windows devices in Endpoint Manager: Yes
User2 can enroll Android devices in Endpoint Manager: Yes
User3 can enroll iOS devices in Endpoint Manager: Yes
B User1 can enroll Windows devices in Endpoint Manager: Yes
User2 can enroll Android devices in Endpoint Manager: Yes
User3 can enroll iOS devices in Endpoint Manager: No
C User1 can enroll Windows devices in Endpoint Manager: Yes
User2 can enroll Android devices in Endpoint Manager: No
User3 can enroll iOS devices in Endpoint Manager: Yes
D User1 can enroll Windows devices in Endpoint Manager: No
User2 can enroll Android devices in Endpoint Manager: Yes
User3 can enroll iOS devices in Endpoint Manager: No
E User1 can enroll Windows devices in Endpoint Manager: No
User2 can enroll Android devices in Endpoint Manager: No
User3 can enroll iOS devices in Endpoint Manager: Yes
F User1 can enroll Windows devices in Endpoint Manager: No
User2 can enroll Android devices in Endpoint Manager: No
User3 can enroll iOS devices in Endpoint Manager: No

Correct answer: E

Explanation:

User1 is a member of Group1. Group1 is assigned to Policy3. User1 can register Android and iOS devices, but not Windows devices.

User2 is a member of Group1 and Group2. The assigned policy with the highest priority (lowest number) is applied (Policy2). User2 can register Windows devices but not Android and iOS devices.

User3 is a Device Enrollment Manager (DEM). Device Enrollment Managers can register up to 1000 devices for Endpoint Manager management regardless of the configured restrictions.

Change enrollment restriction priority
Priority is used when a user exists in multiple groups that are assigned restrictions. Users are subject only to the highest priority restriction assigned to a group that they are in. For example, Joe is in group A assigned to priority 5 restrictions and also in group B assigned to priority 2 restrictions. Joe is subject only to the priority 2 restrictions.

References:

Set enrollment restrictions

Enroll devices in Endpoint Manager by using a device enrollment manager account

Question: 424
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Cloud Apps.

You need to create a policy that will generate an email alert when a banned app is detected requesting permission to access user information or data in the subscription.

What should you configure?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

APolicy type: Activity
Filter criteria: App tag
B Policy type: Activity
Filter criteria: App
C Policy type: App discovery
Filter criteria: Permission level
D Policy type: OAuth app
Filter criteria: App state
E Policy type: Session
Filter criteria: App
F Policy type: Session
Filter criteria: Permission level

Correct answer: D

Explanation:

We should configure an OAuth app policy that applies to banned apps as shown below. OAuth app policies enable you to investigate which permissions each app requested and which users authorized them for Office 365, Google Workspace, and Salesforce.

The following policy sends an email alert when a banned app requests permissions:

Reference: OAuth app policies



Question: 425
Measured Skill: Implement Microsoft 365 Security and Threat Management (20-25%)

You have a Microsoft 365 tenant that contains two users named User1 and User2.

You create the alert policy shown in the following exhibit.



User2 runs a script that modifies a file in a Microsoft SharePoint Online library once every four minutes and runs for a period of two hours.

How many alerts will User1 receive?

A2
B 5
C 10
D 25

Correct answer: A

Explanation:

The alert is triggered when the activity (file modified) is detected at least 5 times in a 60 minute period.

The activity runs 15 times per hour. One alert is generated every hour. The script runs for a period of two hours. A total of 2 warnings are triggered.





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2022 by cert2brain.com