Microsoft MS-101 Testing Material 2021

NEW QUESTION 1
HOTSPOT
You plan to allow users from the engineering department to enroll their mobile device in mobile device management (MDM).
The device type restrictions are configured as shown in the following table.

The device limit restrictions are configured as shown in the following table.

What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 2
HOTSPOT
You have a Microsoft 365 subscription that uses a default domain named contoso.com. Three files were created on February 1, 2021, as shown in the following table.

On March 1, 2021, you create two retention labels named Label1 and Label2.
The settings for Lable1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.)

The settings for Lable2 are configured as shown in the Label2 exhibit. (Click the Label2 tab.)

You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews

NEW QUESTION 3
HOTSPOT
You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table.

Group3 is a member of Group1.
Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP
contains the roles shown in the following table.

Windows Defender ATP contains the device groups shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 4
Your company uses on-premises Windows Server File Classification Infrastructure (FCI). Some documents on the on-premises file servers are classified as Confidential.
You migrate the files from the on-premises file servers to Microsoft SharePoint Online.
You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded file based on the Confidential classification.
What should you do first?

• A. From the SharePoint admin center, configure hybrid search.
• B. From the SharePoint admin center, create a managed property.
• C. From the Security & Compliance Center PowerShell, run the New-DataClassification cmdlet.
• D. From the Security & Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-dlp/newdataclassification?view=exchange-ps

NEW QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Microsoft 365 admin center, you configure the Organization profile settings. Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
References:
https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Onlineand-OneDrive-for/ba-p/46678A

NEW QUESTION 6
You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)

The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)

Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.
You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.
What should you do?

• A. From the conditional access policy, configure the device state.
• B. From the Azure Active Directory admin center, create a custom control.
• C. From the Intune admin center, create a device compliance policy.
• D. From the Azure Active Directory admin center, create a named location.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

NEW QUESTION 7
You have a Microsoft 365 subscription.
You configure a data loss prevention (DIP) policy.
You discover that users are incorrectly marking content as false positive and bypassing the OLP policy.
You need to prevent the users from bypassing the DLP policy. What should you configure?

• A. incident reports
• B. actions
• C. exceptions
• D. user overrides

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

NEW QUESTION 8
DRAG DROP
You need to meet the requirement for the legal department
Which three actions should you perform in sequence from the Security & Compliance admin center? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://www.sherweb.com/blog/edisHYPERLINK "https://www.sherweb.com/blog/ediscovery-office-365/"covery-office-365/

NEW QUESTION 9
You need to meet the compliance requirements for the Windows 10 devices. What should you create from the Intune admin center?

• A. a device compliance policy
• B. a device configuration profile
• C. an application policy
• D. an app configuration policy

Answer: D

NEW QUESTION 10
You have a Microsoft 365 subscription.
All users have their email stored in Microsoft Exchange Online.
In the mailbox of a user named User 1. You need to preserve a copy of all the email messages that contain the word Project X.
WDM should you do?

• A. From the Security & Compliance admin center, create an eDiscovery case.
• B. From the Exchange admin center, create a mail now rule.
• C. From the Security fit Compliance adman center, start a message trace.
• D. From Microsoft Cloud App Security, create an access policy.

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/ediscovery-cases#step-2-create-a-new-case

NEW QUESTION 11
HOTSPOT
You have a Microsoft Office 365 subscription.
You need to delegate eDiscovery tasks as shown in the following table.

The solution must follow the principle of the least privilege.
To which role group should you assign each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office3HYPERLINK "https://docs.microsoft.com/en-us/office365/securitycompliance/assign-ediscovery-permissions"65/securitycompliance/assign- ediscovery-permissions

NEW QUESTION 12
You need to notify the manager of the human resources department when a user in the department shares a file or folder from the department’s Microsoft SharePoint site.
What should you do?

• A. From the Security & Compliance admin center, create an alert policy.
• B. From the SharePoint site, create an alert.
• C. From the SharePoint admin center, modify the sharing settings.
• D. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/create-activity-alerts

NEW QUESTION 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint sharing policy to prevent sharing outside your organization.
You need to be notified if the SharePoint sharing policy is modified in the future.
Solution: From the Security & Compliance admin center, you create a threat management policy. Does this meet the goal?

• A. Yes
• B. No

Answer: A

NEW QUESTION 14
HOTSPOT
You have a Microsoft 365 subscription.
You have a group named Support. Users in the Support group frequently send email messages to external users.
The manager of the Support group wants to randomly review messages that contain attachments. You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/supervision-policies

NEW QUESTION 15
DRAG DROP
You have a Microsoft 365 subscription.
You have the devices shown in the following table.

You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible.
Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
hHYPERLINK "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection"ttps://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-HYPERLINK "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection"windows-defender-advanced-threat-protection

NEW QUESTION 16
You have a Microsoft 365 subscription.
From the Security & Compliance admin center, you create a content search of all the mailboxes that contain the word Project X.
You need to export the results of the content search. What do you need to download the report?

• A. a certification authority (CA) certificate
• B. an export key
• C. a password
• D. a user certificate

Answer: B

Explanation:
References:
https://docs.HYPERLINK "https://docs.microsoft.com/en-us/office365/securitycompliance/export-search-results"microsoft.com/en-us/office365/securitycompliance/export-search-results

NEW QUESTION 17
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Azure Active Directory admin center, you create a trusted location and a conditional access policy.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Conditional-Access-in-SharePoint-Onlineand-OneDrive-for/ba-p/46678

NEW QUESTION 18
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are deploying Microsoft Intune.
You successfully enroll Windows 10 devices in Intune.
When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intuen. Solution: You configure the Apple MDM Push certificate.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 19
Your company has a Microsoft 365 subscription.
You implement Microsoft Azure Information Protection.
You need to automatically protect email messages that contain the word Confidential in the subject line.
What should you create?

• A. a mail flow rule from the Exchange admin center
• B. a message trace from the Security & Compliance admin center
• C. a supervision policy from the Security & Compliance admin center
• D. a sharing policy from the Exchange admin center

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-exo-rules

NEW QUESTION 20
HOTSPOT
You have three devices enrolled in Microsoft Intune as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 21
HOTSPOT
From the Security & Compliance admin center, you create a retention policy named Policy1. You need to prevent all users from disabling the policy or reducing the retention period.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-retention/set-retentioncompliancepolicy?view=exchange-pHYPERLINK "https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-retention/set-retentioncompliancepolicy?view=exchange-ps"s

NEW QUESTION 22
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are deploying Microsoft Intune.
You successfully enroll Windows 10 devices in Intune.
When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You create an Apple Configurator enrollment profile. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 23
HOTSPOT
You need to configure a conditional access policy to meet the compliance requirements. You add Exchange Online as a cloud app.
Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 24
Your company has 10 offices.
The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.
You discover that one of the offices has the following:
•Computers that have several preinstalled applications
•Computers that use nonstandard computer names
•Computers that have Windows 10 preinstalled
•Computers that are in a workgroup
You must configure the computers to meet the following corporate requirements:
•All the computers must be joined to the domain.
•All the computers must have computer names that use a prefix of CONTOSO.
•All the computers must only have approved corporate applications installed.
You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time.
What should you recommend?

• A. a provisioning package
• B. wipe and load refresh
• C. Windows Autopilot
• D. an in-place upgrade

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

NEW QUESTION 25
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are deploying Microsoft Intune.
You successfully enroll Windows 10 devices in Intune.
When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune.
Solution: You add your user account as a device enrollment manager. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 26
......