MS-101 : Microsoft 365 Mobility and Security : Part 06

MS-101 : Microsoft 365 Mobility and Security : Part 06

1. You have a Microsoft 365 subscription that contains 500 users.

   You have several hundred computers that run the 64-bit version of Windows 10 Enterprise and have the following configurations:

   – Two volumes that contain data
   – A CPU that has two cores
   – TPM disabled
   – 4 GB of RAM

   All the computers are managed by using Microsoft Endpoint Manager.

   You need to ensure that you can turn on Windows Defender Application Guard on the computers.

   What should you do first?

   • Modify the edition of Windows 10.
   • Create an additional volume.
   • Replace the CPU and enable TPM.
   • Replace the CPU and increase the RAM.

   Explanation:
   The computers need 4 CPU cores and 8GB of RAM.

2. You have a Microsoft 365 E5 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

   From Microsoft Defender ATP, you turn on the Allow or block file advanced feature.

   You need to block users from downloading a file named File1.exe.

   What should you use?

   • a suppression rule
   • an indicator
   • a device configuration profile

3. You have a Microsoft 365 E5 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

   When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.

   

   You need to enable user access to the partner company’s portal.

   Which Microsoft Defender ATP setting should you modify?

   • Custom detections
   • Advanced hunting
   • Alert notifications
   • Indicators
   • Alert suppression

4. HOTSPOT

   You have a Microsoft 365 subscription.

   You create a Microsoft Cloud App Security policy named Risk1 based on the Logon from a risky IP address template as shown in the following exhibit.

   

   You have two users named User1 and User2. Each user signs in to Microsoft SharePoint Online from a risky IP address 10 times within 24 hours.

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

5. HOTSPOT

   You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table.

   

   Group3 is a member of Group1.

   Your company uses Microsoft Defender Advanced Threat Protection (ATP). Microsoft Defender ATP contains the roles shown in the following table.

   

   Microsoft Defender ATP contains the device groups shown in the following table.

   

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

6. HOTSPOT

   Your company uses Microsoft Cloud App Security.

   You plan to integrate Cloud App Security and security information and event management (SIEM).

   You need to deploy a SIEM agent on a server that runs Windows Server 2016.

   What should you do? To answer, select the appropriate settings in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

7. HOTSPOT

   From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

8. Your company uses Microsoft Azure Advanced Threat Protection (ATP) and Microsoft Defender ATP.

   You need to integrate Microsoft Defender ATP and Azure ATP.

   What should you do?

   • From Azure ATP, configure the notifications and reports.
   • From Azure ATP, configure the data sources.
   • From Microsoft Defender Security Center, configure the Machine management settings.
   • From Microsoft Defender Security Center, configure the General settings.

9. HOTSPOT

   You have a Microsoft Azure Activity Directory (Azure AD) tenant contains the users shown in the following table.

   

   Group3 is a member of Group1.

   Your company uses Microsoft Defender Advanced Threat Protection (ATP). Microsoft Defender ATP contains the roles shown in the following table.

   

   Microsoft Defender ATP contains the device groups shown in the following table.

   

   For each of the following statements, select Yes if the statement is true. Otherwise, select No.

   NOTE: Each correct selection is worth one point.

   

   

10. HOTSPOT

    You have a Microsoft 365 subscription. All client devices are managed by Microsoft Endpoint Manager.

    You need to implement Microsoft Defender Advanced Threat Protection (ATP) for all the supported devices enrolled in mobile device management (MDM).

    What should you include in the device configuration profile? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

11. You have a Microsoft 365 subscription.

    Your company purchases a new financial application named App1.

    From Cloud Discovery in Microsoft Cloud App Security, you view the Discovered apps page and discover that many applications have a low score because they are missing information about domain registration and consumer popularity.

    You need to prevent the missing information from affecting the App1 score.

    What should you configure from the Cloud Discover settings?

    • Organization details
    • Default behavior
    • Score metrics
    • App tags

12. You have a Microsoft 365 E5 subscription.

    You need to be notified if users receive email containing a file that has a virus.

    What should you do?

    • From the Exchange admin center, create an in-place eDiscovery & hold.
    • From the Exchange admin center, create a spam filter policy.
    • From the Exchange admin center, create an anti-malware policy.
    • From the Exchange admin center, create a mail flow rule.

13. HOTSPOT

    You have a Microsoft 365 subscription that links to an Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

    A user named User1 stores documents in Microsoft OneDrive.

    You need to place the contents of User1’s OneDrive account on an eDiscovery hold.

    Which URL should you use for the eDiscovery hold? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

14. HOTSPOT

    You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains a group named Group1 and the users shown in the following table:

    

    The tenant has a conditional access policy that has the following configurations:

    Name: Policy1
    Assignments:
    – Users and groups: Group1
    – Cloud aps or actions: All cloud apps
    Access controls:
    Grant, require multi-factor authentication
    Enable policy: Report-only

    You set Enabled Security defaults to Yes for the tenant.

    For each of the following settings select Yes, if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

    Explanation:

    Report-only mode is a new Conditional Access policy state that allows administrators to evaluate the impact of Conditional Access policies before enabling them in their environment. With the release of report-only mode:
    – Conditional Access policies can be enabled in report-only mode.
    – During sign-in, policies in report-only mode are evaluated but not enforced.
    – Results are logged in the Conditional Access and Report-only tabs of the Sign-in log details.
    – Customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the Conditional Access insights workbook.

15. Your network contains an on-premises Active Directory domain.

    Your company has a security policy that prevents additional software from being installed on domain controllers.

    You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).

    What should you do? More than one answer choice may achieve the goal. Select the BEST answer.

    • Deploy an Azure ATP sensor, and then configure port mirroring.
    • Deploy an Azure ATP sensor, and then configure detections.
    • Deploy an Azure ATP standalone sensor, and then configure detections.
    • Deploy an Azure ATP standalone sensor, and then configure port mirroring.
    Explanation:

    We cannot install additional software on the domain controllers. Azure ATP Standalone Sensor is a full agent installed on a dedicated server that can monitor traffic from multiple domain controllers. This is an alternative to those that do not wish to install an agent directly on a domain controller.

    Incorrect Answers:
    A, B: Azure ATP Sensor is a lightweight agent installed directly on a domain controller to monitor and report traffic. However, we cannot install additional software on the domain controllers

16. Your company has digitally signed applications.

    You need to ensure that Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) considers the digitally signed applications safe and never analyzes them.

    What should you create in the Microsoft Defender Security Center?

    • a custom detection rule
    • an allowed/blocked list rule
    • an alert suppression rule
    • an indicator

17. DRAG DROP

    You create a Microsoft 365 subscription.

    You need to create a deployment plan for Microsoft Azure Advanced Threat Protection (ATP).

    Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

    

    

18. You have a Microsoft 365 E5 subscription that uses Azure Advanced Threat Protection (ATP).

    You need to create a detection exclusion in Azure ATP.

    Which tool should you use?

    • the Security & Compliance admin center
    • Microsoft Defender Security Center
    • the Microsoft 365 admin center
    • the Azure Advanced Threat Protection portal
    • the Cloud App Security portal

19. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 subscription.

    You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.

    Solution: From the Endpoint Management admin center, you create a device configuration profile.

    Does this meet the goal?

    • Yes
    • No

20. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft 365 E5 subscription.

    You create an account for a new security administrator named SecAdmin1.

    You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection (ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.

    Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Security administrator role.

    Does this meet the goal?

    • Yes
    • No