MS-101 : Microsoft 365 Mobility and Security : Part 01

  1. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are deploying Microsoft Endpoint Manager.

    You successfully enroll Windows 10 devices in Endpoint Manager.

    When you try to enroll an iOS device in Endpoint Manager, you get an error.

    You need to ensure that you can enroll the iOS device in Endpoint Manager.

    Solution: You add your user account as a device enrollment manager.

    Does this meet the goal?

    • Yes
    • No
  2. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are deploying Microsoft Endpoint Manager.

    You successfully enroll Windows 10 devices in Endpoint Manager.

    When you try to enroll an iOS device in Endpoint Manager, you get an error.

    You need to ensure that you can enroll the iOS device in Endpoint Manager.

    Solution: You configure the Apple MDM Push certificate.

    Does this meet the goal?

    • Yes
    • No
  3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You are deploying Microsoft Endpoint Manager.

    You successfully enroll Windows 10 devices in Endpoint Manager.

    When you try to enroll an iOS device in Endpoint Manager, you get an error.

    You need to ensure that you can enroll the iOS device in Endpoint Manager.

    Solution: You create an Apple Configurator enrollment profile.

    Does this meet the goal?

    • Yes
    • No
  4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

    You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

    You configure pilot co-management.

    You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

    You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

    Solution: You create a device configuration profile from the Device Management admin center.

    Does this meet the goal?

    • Yes
    • No
  5. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

    You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

    You configure pilot co-management.

    You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

    You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

    Solution: You add Device1 to an Active Directory group.

    Does this meet the goal?

    • Yes
    • No
  6. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

    You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

    You configure pilot co-management.

    You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

    You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

    Solution: You unjoin Device1 from the Active Directory domain.

    Does this meet the goal?

    • Yes
    • No
  7. HOTSPOT

    Your network contains an Active Directory forest named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

    You use Microsoft Endpoint Configuration Manager for device management.

    You have the Windows 10 devices shown in the following table.

     
    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 001
    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 001

    You configure Endpoint Configuration Manager co-management as follows:

    Automatic enrollment in Intune: Pilot
    Pilot collection for all workloads: Collection2

    You configure co-management workloads as shown in the following exhibit.

     
    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 002
    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 002

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 003 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 003 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 003 Answer
    MS-101 Microsoft 365 Mobility and Security Part 01 Q07 003 Answer

     
  8. HOTSPOT

    You have three devices enrolled in Microsoft Intune as shown in the following table.

     
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 004
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 004

    The device compliance policies in Intune are configured as shown in the following table.

     
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 005
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 005

    The device compliance policies have the assignments shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 006
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 006

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 007 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 007 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 007 Answer
    MS-101 Microsoft 365 Mobility and Security Part 01 Q08 007 Answer
  9. You have Windows 10 Pro devices that are joined to an Active Directory domain.

    You plan to create a Microsoft 365 tenant and to upgrade the devices to Windows 10 Enterprise.

    You are evaluating whether to deploy Windows Hello for Business.

    What are two prerequisites of the deployment? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • Microsoft Endpoint Manager enrollment
    • Microsoft Azure Active Directory (Azure AD)
    • smartcards
    • TPM-enabled devices
  10. You have a Microsoft 365 tenant.

    All users are assigned the Enterprise Mobility + Security license.

    You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Endpoint Manager automatically.

    What should you configure?

    • Enrollment restrictions from the Endpoint Manager admin center
    • device enrollment managers from the Endpoint Manager admin center
    • MAM User scope from the Azure Active Directory admin center
    • MDM User scope from the Azure Active Directory admin center
  11. HOTSPOT

    You have several devices enrolled in Microsoft Endpoint Manager.

    You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 008
    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 008

    The device type restrictions in Endpoint Manager are configured as shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 009
    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 009

    You add User3 as a device enrollment manager in Endpoint Manager.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 010 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 010 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 010 Answer
    MS-101 Microsoft 365 Mobility and Security Part 01 Q11 010 Answer

    Explanation:

    Box 1:
    No. User1 is in Group1. The two device type policies that apply to Group1 are Policy3 and the Default (All Users) policy. However, Policy3 has a higher priority than the default policy so Policy3 is the only effective policy. Policy3 allows the enrolment of Android and iOS devices only, not Windows.

    Box 2:
    No. User2 is in Group1 and Group2. The device type policies that apply to Group1 and Group2 are Policy2, Policy3 and the Default (All Users) policy. However, Policy2 has a higher priority than Policy 3 and the default policy so Policy2 is the only effective policy. Policy2 allows the enrolment of Windows devices only, not Android.

    Box 3:
    Yes. User3 is a device enrollment manager. Device restrictions to not apply to a device enrollment manager.

  12. HOTSPOT

    You create two device compliance policies for Android devices as shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 011
    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 011

    You have the Android devices shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 012
    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 012

    The users belong to the groups shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 013
    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 013

    The users enroll their device in Microsoft Endpoint Manager.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 014 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 014 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 014 Answer
    MS-101 Microsoft 365 Mobility and Security Part 01 Q12 014 Answer
  13. HOTSPOT

    Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain.

    You update the Windows 10 devices by using Windows Update for Business.

    What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q13 015 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q13 015 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q13 015 Answer
    MS-101 Microsoft 365 Mobility and Security Part 01 Q13 015 Answer
  14. Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices.

    Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution.

    NOTE: Each correct selection is worth one point.

    • Deploy applications to Windows 10 devices.
    • Deploy VPN profiles to iOS devices.
    • Deploy VPN profiles to Windows 10 devices.
    • Publish applications to Android devices.
  15. HOTSPOT

    Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).

    You have Windows 10 and Windows 8.1 devices.

    You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.

    What should you do? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q15 016 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q15 016 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q15 016 AnswerMS-101 Microsoft 365 Mobility and Security Part 01 Q15 016 Answer
    MS-101 Microsoft 365 Mobility and Security Part 01 Q15 016 Answer
  16. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

    You have a Microsoft 365 subscription.

    You need to ensure that administrators can manage the configuration settings for all the Windows 10 devices in your organization.

    What should you configure?

    • the Enrollment restrictions
    • the mobile device management (MDM) authority
    • the Exchange on-premises access settings
    • the Windows enrollment settings
  17. You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)

    MS-101 Microsoft 365 Mobility and Security Part 01 Q17 017
    MS-101 Microsoft 365 Mobility and Security Part 01 Q17 017

    The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)

    MS-101 Microsoft 365 Mobility and Security Part 01 Q17 018
    MS-101 Microsoft 365 Mobility and Security Part 01 Q17 018

    Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.

    You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.

    What should you do?

    • From the conditional access policy, configure the device state.
    • From the Azure Active Directory admin center, create a custom control.
    • From the Endpoint Manager admin center, create a device compliance policy.
    • From the Azure Active Directory admin center, create a named location.
  18. You have computers that run Windows 10 Enterprise and are joined to the domain.

    You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.

    You need to prevent Windows from being updated for the next 30 days.

    Which two Group Policy settings should you configure? Each correct answer presents part of the solution.

    NOTE: Each correct selection is worth one point.

    • Select when Quality Updates are received
    • Select when Preview Builds and Feature Updates are received
    • Turn off auto-restart for updates during active hours
    • Manage preview builds
    • Automatic updates detection frequency
  19. HOTSPOT

    You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 019
    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 019

    The device compliance policies in Endpoint Manager are configured as shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 020
    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 020

    The device compliance policies have the assignments shown in the following table.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 021
    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 021

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 022 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 022 Question
    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 022 Answer
    MS-101 Microsoft 365 Mobility and Security Part 01 Q18 022 Answer
  20. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

    You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.

    Which role should you assign to the user?

    • Cloud application administrator
    • Application administrator
    • Global administrator
    • Service administrator
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments