Skip Navigation Links
 

Microsoft - MS-101: Microsoft 365 Mobility and Security

Sample Questions

Question: 347
Measured Skill: Implement Microsoft 365 Security and Threat Management (20-25%)

You are an administrator for a company. Your company has a Microsoft 365 E5 tenant.

You have the alerts shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

(NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AFor Alert1, you can change Status to Investigating only.
For Alert2, you can not change Status.
B For Alert1, you can change Status to Investigating only.
For Alert2, you can change Status to Dismissed or Active only.
C For Alert1, you can change Status to Investigating or Resolved only.
For Alert2, you can change Status to Dismissed or Investigating only.
D For Alert1, you can change Status to Investigating or Dismissed only.
For Alert2, you can change Status to Dismissed only.
E For Alert1, you can change Status to Investigating, Resolved, or Dismissed.
For Alert2, you can change Status to Dismissed, Investigating, or Active.
F For Alert1, you can change Status to Investigating, Resolved, or Dismissed.
For Alert2, you can not change Status.

Correct answer: E

Explanation:

The status of an active alert can be changed to one of the following states:



The status of a resolved alert can be changed to one of the following states:



Question: 348
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are an administrator for a company. Your company has a Microsoft 365 E5 tenant.

You configure sensitivity labels.

Users report that the Sensitivity button is unavailability in Microsoft Word for the web. The sensitivity button is available in Word for Microsoft 365.

You need to ensure that the users can apply the sensitivity labels when they use Word for the web.

What should you do?

ACopy policies from Azure information Protection to the Microsoft 365 Compliance center.
B Publish the sensitivity labels.
C Create an auto-labeling policy.
D Enable sensitivity labels for files in Microsoft SharePoint Online and OneDrive.

Correct answer: D

Explanation:

Enable built-in labeling for supported Office files in SharePoint and OneDrive so that users can apply your sensitivity labels in Office for the web. When this feature is enabled, users will see the Sensitivity button on the ribbon so they can apply labels, and see any applied label name on the status bar.

Enabling this feature also results in SharePoint and OneDrive being able to process the contents of Office files that have been encrypted by using a sensitivity label. The label can be applied in Office for the web, or in Office desktop apps and uploaded or saved in SharePoint and OneDrive. Until you enable this feature, these services can't process encrypted files, which means that coauthoring, eDiscovery, Data Loss Prevention, search, and other collaborative features won't work for these files.

You can enable the new capabilities by using the Microsoft 365 compliance center, or by using PowerShell. As with all tenant-level configuration changes for SharePoint and OneDrive, it takes about 15 minutes for the change to take effect.

Reference: How to enable sensitivity labels for SharePoint and OneDrive (opt-in)



Question: 349
Measured Skill: Implement Modern Device Services (40-45%)

You have a Microsoft 365 E5 tenant that contains 500 Windows 10 devices. The devices are enrolled in Microsoft Intune.

You plan to use Endpoint analytics to identify hardware issues.

You need to enable Windows Health Monitoring on the devices to support Endpoint analytics.

What should you do?

AConfigure the Endpoint analytics baseline regression threshold.
B Create a configuration profile.
C Create a Windows 10 Security Baseline profile.
D Create a compliance policy.

Correct answer: B

Explanation:

Endpoint analytics is part of the Microsoft Productivity Score. These analytics give you insights for measuring how your organization is working and the quality of the experience you're delivering to your users. Endpoint analytics can help identify policies or hardware issues that may be slowing down devices and help you proactively make improvements before end-users generate a help desk ticket.

Microsoft can collect event data, and provide recommendations to improve performance on your Windows devices. Endpoint Analytics analyzes this data, and can recommend software, help improve startup performance, and fix common support issues.

In Intune, you can create a Windows Health Monitoring device configuration profile to enable this data collection, and then deploy this profile to your devices.

References:

Use Windows Health Monitoring profile on Windows devices in Microsoft Intune

What is Endpoint analytics?



Question: 350
Measured Skill: Implement Microsoft 365 Security and Threat Management (20-25%)

You have a Microsoft 365 E5 tenant.

You need to ensure that administrators are notified when a user receives an email message that contains malware. The solution must use the principle of least privilege.

Which type of policy should you create and which Microsoft 365 compliance center role is required to create the policy?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

APolicy type: Alert
Role: Organization Managemen
B Policy type: Alert
Role: Security Administrator
C Policy type: Threat
Role: Communication Compliance Administrators
D Policy type: Threat
Role: Security Administrator
E Policy type: Compliance
Role: Organization Managemen
F Policy type: Compliance
Role: Quarantine Administrator

Correct answer: B

Explanation:

You can use the alert policy and alert dashboard tools in the Microsoft 365 compliance center or the Microsoft 365 Defender portal to create alert policies and then view the alerts generated when users perform activities that match the conditions of an alert policy. There are several default alert policies that help you monitor activities such as assigning admin privileges in Exchange Online, malware attacks, phishing campaigns, and unusual levels of file deletions and external sharing.

Alert policies let you categorize the alerts that are triggered by a policy, apply the policy to all users in your organization, set a threshold level for when an alert is triggered, and decide whether to receive email notifications when alerts are triggered.

Creating Alert policies requires the Security Administrator RBAC role.

Reference: Alert policies in Microsoft 365



Question: 351
Measured Skill: Manage Microsoft 365 Governance and Compliance (35-40%)

You are an administrator for a company. You have the device compliance policies shown in the following table.



The device compliance state for each policy is shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

(Note: Each correct selection is worth one point.)

www.cert2brain.com

ADevice1 has an overall compliance state of Compliant: Yes
Device2 has an overall compliance state of Not Compliant: Yes
Device3 has an overall compliance state of In grace period: Yes
B Device1 has an overall compliance state of Compliant: Yes
Device2 has an overall compliance state of Not Compliant: Yes
Device3 has an overall compliance state of In grace period: No
C Device1 has an overall compliance state of Compliant: No
Device2 has an overall compliance state of Not Compliant: Yes
Device3 has an overall compliance state of In grace period: No
D Device1 has an overall compliance state of Compliant: No
Device2 has an overall compliance state of Not Compliant: Yes
Device3 has an overall compliance state of In grace period: Yes
E Device1 has an overall compliance state of Compliant: No
Device2 has an overall compliance state of Not Compliant: No
Device3 has an overall compliance state of In grace period: Yes
F Device1 has an overall compliance state of Compliant: No
Device2 has an overall compliance state of Not Compliant: No
Device3 has an overall compliance state of In grace period: No

Correct answer: A

Explanation:

The Device compliance status chart shows the compliance states for all Intune enrolled devices. The device compliance states are kept in two different databases: Intune and Azure Active Directory.

Descriptions of the different device compliance policy states:

  • Compliant: The device successfully applied one or more device compliance policy settings.

  • In-grace period: The device is targeted with one or more device compliance policy settings. But, the user hasn't applied the policies yet. This status means the device is not-compliant, but it's in the grace-period defined by the admin

  • Not evaluated: An initial state for newly enrolled devices. Other possible reasons for this state include:

    • Devices that aren't assigned a compliance policy and don't have a trigger to check for compliance
    • Devices that haven't checked in since the compliance policy was last updated
    • Devices not associated to a specific user, such as:
      • iOS/iPadOS devices purchased through Apple's Device Enrollment Program (DEP) that don't have user affinity
      • Android kiosk or Android Enterprise dedicated devices
    • Devices enrolled with a device enrollment manager (DEM) account
  • Not-compliant: The device failed to apply one or more device compliance policy settings. Or, the user hasn't complied with the policies.

  • Device not synced: The device failed to report its device compliance policy status because one of the following reasons:

    • Unknown: The device is offline or failed to communicate with Intune or Azure AD for other reasons.

    • Error: The device failed to communicate with Intune and Azure AD, and received an error message with the reason.

Policy conflicts can occur when multiple Intune policies are applied to a device. If the policy settings overlap, Intune resolves any conflicts by using the following rules:

  • If the conflicting settings are from an Intune configuration policy and a compliance policy, the settings in the compliance policy take precedence over the settings in the configuration policy. This happens even if the settings in the configuration policy are more secure.

  • If you have deployed multiple compliance policies, Intune uses the most secure of these policies.

Reference: Monitor Intune Device compliance policies





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2021 by cert2brain.com