Free MS-101 Sample Questions — Microsoft 365 Mobility and Security

You have a Microsoft 365 tenant that is signed up for Microsoft Store for Business and contains a user named User1. You need to ensure that User1 can perform the following tasks in Microsoft Store for Business: ✑ Assign licenses to users. ✑ Procure apps from Microsoft Store. ✑ Manage private store availability for all items. The solution must use the principle of least privilege. Which Microsoft Store for Business role should you assign to User1?

• A. Admin
• B. Device Guard signer
• C. Basic Purchaser
• D. Purchaser

You have a Microsoft 365 tenant. You plan to enable BitLocker Disk Encryption (BitLocker) automatically for all Windows 10 devices that enroll in Microsoft Intune. What should you use?

• A. an attack surface reduction (ASR) policy
• B. an app configuration policy
• C. a device compliance policy
• D. a device configuration profile

Your company uses on-premises Windows Server File Classification Infrastructure (FCI). Some documents on the on-premises file servers are classified as Confidential. You migrate the files from the on-premises file servers to Microsoft SharePoint Online. You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification. What should you do first?

• A. From the SharePoint admin center, configure hybrid search
• B. From the SharePoint admin center, create a managed property
• C. From the Security & Compliance Center PowerShell, run the New-DataClassification cmdlet
• D. From the Security & Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet

You have a Microsoft 365 E5 subscription that contains a user named User1. You create a retention label named Retention1 that is published to all locations. You need to ensure that User1 can label email messages by using Retention1 as soon as possible. Which cmdlet should you run in Microsoft Exchange Online PowerShell?

• A. Start-ManagedFolderAssistant
• B. Start-AppBackgroundTask
• C. Start-MpScan
• D. Start-Process

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint. You plan to perform device discovery and authenticated scans of network devices. You install and register the network scanner on a device named Device1. What should you do next?

• A. Download and run an onboarding package
• B. Connect Defender for Endpoint to Microsoft Intune
• C. Apply for Microsoft Threat Experts – Targeted Attack Notifications
• D. Create an assessment job

You have a Microsoft 365 subscription. You need to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity during the past month. The solution must minimize administrative effort. Which admin center should you use?

• A. Azure ATP
• B. Security & Compliance
• C. Defender for Cloud Apps
• D. Flow

You have a Microsoft 365 subscription. You have a user named User1. You need to ensure that User1 can place a hold on all mailbox content. What permission should you assign to User1?

• A. the eDiscovery Manager role from the Microsoft 365 compliance center
• B. the Compliance Management role from the Exchange admin center
• C. the User management administrator role from Microsoft 365 admin center
• D. the Information Protection administrator role from the Azure Active Directory admin center

Your network contains an on-premises Active Directory domain. Your company has a security policy that prevents additional software from being installed on domain controllers. You need to monitor a domain controller by using Microsoft Defender for Identity. What should you do? More than one answer choice may achieve the goal. Choose the BEST answer.

• A. Deploy a Microsoft Defender for identity sensor, and then configure port mirroring
• B. Deploy a Microsoft Defender for identity sensor, and then configure detections
• C. Deploy a Microsoft Defender for Identity standalone sensor, and then configure detections
• D. Deploy a Microsoft Defender for Identity standalone sensor, and then configure port mirroring

You have a Microsoft 365 subscription. All users have their email stored in Microsoft Exchange Online. In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX. What should you do?

• A. From Microsoft Defender for Cloud Apps, create an activity policy
• B. From the Security & Compliance admin center, create a data loss prevention (DLP) policy
• C. From the Exchange admin center, start a mail flow message trace
• D. From the Security & Compliance admin center, create an eDiscovery case

You have a Microsoft 365 E5 subscription. You run an eDiscovery search that returns the following Azure Rights Management (Azure RMS) `" encrypted content: ✑ Microsoft Exchange emails ✑ Microsoft OneDrive documents ✑ Microsoft SharePoint documents Which content can be decrypted when you export the eDiscovery search results?

• A. Exchange emails only
• B. SharePoint documents, OneDrive documents, and Exchange emails
• C. OneDrive documents only
• D. SharePoint documents and OneDrive documents only
• E. SharePoint documents only

You have a Microsoft 365 E5 tenant. You plan to deploy a monitoring solution that meets the following requirements: ✑ Captures Microsoft Teams channel messages that contain threatening or violent language ✑ Alerts a reviewer when a threatening or violent message is identified What should you include in the solution?

• A. audit log retention policies
• B. communication compliance policies
• C. Data Subject Requests (DSRs)
• D. insider risk management policies

The users at your company use Dropbox Business to store documents. The users access Dropbox Business by using the MyApps portal. You need to ensure that user access to Dropbox Business is authenticated by using a Microsoft 365 identity. The documents must be protected if the data is downloaded to a device that is not trusted. What should you do?

• A. From the Azure Active Directory admin center, configure conditional access settings
• B. From the Azure Active Directory admin center, configure the device settings
• C. From the Azure Active Directory admin center, configure organizational relationships settings
• D. From the Endpoint Manager admin center, configure device enrollment settings

Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices. Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Deploy applications to Windows 10 devices
• B. Deploy VPN profiles to iOS devices
• C. Deploy VPN profiles to Windows 10 devices
• D. Publish applications to Android devices

You plan to use Microsoft Sentinel and Microsoft Defender for Cloud Apps. You need to connect Microsoft Defender for Cloud Apps to Microsoft Sentinel. What should you do in the Microsoft Defender for Cloud Apps portal?

• A. From Automatic log upload, add a data source
• B. From Automatic log upload, add a log collector
• C. From Connected apps, add an app connector
• D. From Security extensions, add a SIEM agent

Your company has a Microsoft 365 E5 subscription. Users in the research department work with sensitive data. You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted. What should you do?

• A. Create a data loss prevention (DLP) policy that has a Content is shared condition
• B. Create a new safe links policy
• C. Create a data loss prevention (DLP) policy that has a Content contains condition

Your company has a Microsoft 365 subscription. You implement sensitivity labels for your company. You need to automatically protect email messages that contain the word Confidential in the subject line. What should you create?

• A. a SecOps mailbox from the Microsoft 365 Defender portal
• B. a sharing policy from the Exchange admin center
• C. a mail flow rule from the Exchange admin center
• D. a data loss prevention (DLP) policy from the Microsoft 365 compliance center

You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps. You configure a session control policy to block downloads from SharePoint Online sites. Users report that they can still download files from SharePoint Online sites. You need to ensure that file download is blocked while still allowing users to browse SharePoint Online sites. What should you configure?

• A. an access policy
• B. a data loss prevention (DLP) policy
• C. an activity policy
• D. a Conditional Access policy

You deploy Microsoft Azure Information Protection. You need to ensure that a security administrator named SecAdmin1 can always read and inspect data protected by Azure Rights Management (Azure RMS). What should you do?

• A. From the Security & Compliance admin center, add SecAdmin1 to the eDiscovery Manager role group
• B. From the Azure Active Directory admin center, add SecAdmin1 to the Security Reader role group
• C. From the Security & Compliance admin center, add SecAdmin1 to the Compliance Administrator role group
• D. From Windows PowerShell, enable the super user feature and assign the role to SecAdmin1

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant is configured to use Azure AD Identity Protection. You plan to use an application named App1 that creates reports of Azure AD Identity Protection usage. You register App1 in the tenant. You need to ensure that App1 can read the risk event information of contoso.com. To which API should you delegate permissions?

• A. Windows Azure Service Management API
• B. Windows Azure Active Directory
• C. Microsoft Graph
• D. Office 365 Management

You have a Microsoft 365 subscription. All users have their email stored in Microsoft Exchange Online. In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX. What should you do?

• A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy
• B. From the Microsoft Purview compliance portal, create a label and a label policy
• C. From the Microsoft 365 Defender, start a message trace
• D. From the Exchange admin center, create a mail flow rule