Skip Navigation Links
 

Microsoft - MS-101: Microsoft 365 Mobility and Security

Sample Questions

Question: 212
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

From the Security & Compliance admin center, you create a content export as shown in the following exhibit.



What will be excluded from the export?

AA 10-MB XLSX file
B An 80-MB PPTX file
C A 5-KB RTF file
D A 5-MB MP3 file

Correct answer: D

Explanation:

A Content Search that you run from the Security & Compliance Center in Office 365 automatically includes indexed and partially indexed items but not non indexed items in the estimated search results when you run a search. Partially indexed items are Exchange mailbox items and documents on SharePoint and OneDrive for Business sites that for some reason weren't completely indexed for search.

For legal investigations, your organization may be required to review partially indexed items. You can also specify whether to include partially indexed items when you export search results to a local computer or when you prepare the results for analysis with Office 365 Advanced eDiscovery.

Certain types of files, such as Bitmap or MP3 files, don't contain content that can be indexed. As a result, the search indexing servers in Exchange and SharePoint don't perform full-text indexing on these types of files. These types of files are considered to be unsupported file types.

Partially indexed items in Content Search in Office 365

Question: 213
Measured Skill: Implement Microsoft 365 Security and Threat Management (30-35%)

You have a Microsoft 365 subscription.

You create a Microsoft Cloud App Security policy named Risk1 based on the Logon from a risky IP address template as shown in the following exhibit.



You have two users named Admin1 and User1. Each user signs in to Microsoft SharePoint Online from a risky IP address 10 times within 24 hours.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAdmin1 will receive one notification.
User1 will receive one notification.
B Admin1 will receive five notifications.
User1 will receive one notification.
C Admin1 will receive five notifications.
User1 will receive five notifications.
D Admin1 will receive ten notifications.
User1 will receive ten notifications.
E Admin1 will receive five notifications.
User1 will receive ten notifications.
F Admin1 will receive no notification.
User1 will receive no notification.

Correct answer: B

Explanation:

The daily alert limit of the policy is set to 5 alerts. This limit applies to admins only. Each user will receive a maximum of one notifications within 24 hours.

Note: The maximum for administrator email notifications is 500 messages per day. The maximum for administrator text messages is 10 messages per day.

Question: 214
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You have a Microsoft 365 subscription that contains the users shown in the following table.



You run the following cmdlet.

Set-MailboxAuditBypassAssociation –Identity User2 –AuditByPassEnabled $true

The users perform the following actions:
  • User1 accesses an item in the mailbox of User2.
  • User2 modifies a mailbox item in the mailbox of User3.
  • User3 signs in to her mailbox.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AThe action performed by User1 is audited: Yes
The action performed by User2 is audited: Yes
The action performed by User3 is audited: Yes
B The action performed by User1 is audited: Yes
The action performed by User2 is audited: Yes
The action performed by User3 is audited: No
C The action performed by User1 is audited: Yes
The action performed by User2 is audited: No
The action performed by User3 is audited: Yes
D The action performed by User1 is audited: No
The action performed by User2 is audited: Yes
The action performed by User3 is audited: No
E The action performed by User1 is audited: No
The action performed by User2 is audited: No
The action performed by User3 is audited: Yes
F The action performed by User1 is audited: No
The action performed by User2 is audited: No
The action performed by User3 is audited: No

Correct answer: C

Explanation:

The Set-MailboxAuditBypassAssociation cmdlet is used to configure mailbox audit logging bypass for user or computer accounts such as service accounts for applications that access mailboxes frequently.

When you configure a user or computer account to bypass mailbox audit logging, access or actions taken by the user or computer account to any mailbox isn't logged. By bypassing trusted user or computer accounts that need to access mailboxes frequently, you can reduce the noise in mailbox audit logs.

If you use mailbox audit logging to audit mailbox access and actions, you must monitor mailbox audit bypass associations at regular intervals. If a mailbox audit bypass association is added for an account, the account can access any mailbox in the organization to which it has been assigned access permissions, without any mailbox audit logging entries being generated for such access, or any actions taken such as message deletions.

The cmdlet from the question bypasses the User2 account from mailbox audit logging only.

Reference: Set-MailboxAuditBypassAssociation

Question: 215
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.



You create and assign a data loss prevention (DLP) policy named Policy1. Policy1 is configured to prevent documents that contain Personally Identifiable Information (PII) from being emailed to users outside your organization.

To which users can User1 send documents that contain PII?

AUser2 only
B User2 and User3 only
C User2, User3, and User4 only
D User2, User3, User4, and User5

Correct answer: B

Explanation:

Guest accounts are considered "outside your organization". Users who have non-guest accounts in a host organization's Active Directory or Azure Active Directory tenant are considered as people inside the organization.

Reference: Overview of data loss prevention

Question: 216
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You have a Microsoft 365 subscription that contains a user named User1.

You need to ensure that User1 can search the Microsoft 365 audit logs from the Security & Compliance admin center.

Which role should you assign to User1?

AView-Only Audit Logs in the Security & Compliance admin center.
B View-Only Audit Logs in the Exchange admin center.
C Security Reader in the Azure Active Directory admin center.
D Security Reader in the Security & Compliance admin center.

Correct answer: B

Explanation:

You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Note global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group.

Important: If you assign a user the View-Only Audit Logs or Audit Logs role on the Permissions page in the Security & Compliance Center, they won't be able to search the audit log. You have to assign the permissions in Exchange Online. This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet.

View-Only Audit Logs
This role enables administrators and end users, such as legal and compliance officers, to search the administrator audit log and view the results that are returned. The audit log can be searched using the Shell or reports can be run from the Exchange Control Panel. Users and groups assigned this role can view anything contained within the audit log, including the cmdlets that were run and who ran them, the objects they were run against, and the parameters and values that were provided. Because the results returned might include sensitive information, this role should only be assigned to those with an explicit need to view the information.

Reference: Requirements to search the audit log



 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2020 by cert2brain.com