MS-101 : Microsoft 365 Mobility and Security : Part 11

MS-101 : Microsoft 365 Mobility and Security : Part 11

1. DRAG DROP

   Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD). The domain contains the servers shown in the following table.

   

   You use Azure Information Protection.

   You need to ensure that you can apply Azure Information Protection labels to the file stores on Server1.

   Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

   

   

2. You have a Microsoft 365 E5 subscription.

   Users have the devices shown in the following table.

   

   On which devices can you manage apps by using app configuration policies in Microsoft Endpoint Manager?

   • Device1, Device4, and Device6
   • Device2, Device3, and Device5
   • Device1, Device2, Device3, and Device6
   • Device1, Device2, Device4, and Device5
   Explanation:
   You can create and use app configuration policies to provide configuration settings for both iOS/iPadOS or Android apps on devices that are and are not enrolled in Microsoft Endpoint Manager.

3. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You have a Microsoft 365 subscription.

   From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.

   You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.

   Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters.

   Does this meet the goal?

   • Yes
   • No

4. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

   After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

   You have a Microsoft 365 subscription.

   From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.

   You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.

   Solution: From the Security & Compliance admin center, you modify the roles of the US eDiscovery Managers role group.

   Does this meet the goal?

   • Yes
   • No

5. HOTSPOT

   You have a Microsoft 365 E5 subscription that contains two users named Admin1 and Admin2.

   All users are assigned a Microsoft 365 Enterprise E5 license and auditing is turned on.

   You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)

   

   After Policy1 is created, the following actions are performed:

   – Admin1 creates a user named User1.
   – Admin2 creates a user named User2.

   How long will the audit events for the creation of User1 and User2 be retained? To answer, select the appropriate options in the answer area.

   NOTE: Each correct selection is worth one point.

   

   

6. Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

   You sign for Microsoft Store for Business.

   The tenant contains the users shown in the following table.

   

   Microsoft Store for Business has the following Shopping behavior settings:

   – Allow users to shop is set to On
   – Make everyone a Basic Purchaser is set to Off

   You need to identify which users can install apps from the Microsoft for Business private store.

   Which users should you identify?

   • User3 only
   • User1 only
   • User1 and User2 only
   • User3 and User4 only
   Explanation:
   Allow users to shop controls the shopping experience in Microsoft Store for Education. When this setting is on, Purchasers and Basic Purchasers can purchase products and services from Microsoft Store for Education.

7. You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

   In the tenant, you create a user named User1.

   You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege.

   To which role group should you add User1?

   • Security Administrator
   • Records Management
   • Compliance Administrator
   • eDiscovery Manager

8. You plan to use the Security & Compliance admin center to import several PST files into Microsoft 365 mailboxes.

   Which three actions should you perform before you import the data? Each correct answer presents part of the solution.

   NOTE: Each correct selection is worth one point.

   • From the Exchange admin center, create a public folder.
   • Copy the PST files by using AzCopy.
   • From the Exchange admin center, assign admin roles.
   • From the Microsoft Azure portal, create a storage account that has a blob container.
   • From the Microsoft 365 admin center, deploy an add-in.
   • Create a mapping file that uses the CSV file format.

9. HOTSPOT

   You have a Microsoft 365 tenant.

   You plan to create a retention policy as shown in the following exhibit.

   

   Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

   NOTE: Each correct selection is worth one point.

   

   

10. You deploy Microsoft Azure Information Protection.

    You need to ensure that a security administrator named SecAdmin1 can always read and inspect data protected by Azure Rights Management (Azure RMS).

    What should you do?

    • From the Security & Compliance admin center, add SecAdmin1 to the eDiscovery Manager role group.
    • From the Azure Active Directory admin center, add SecAdmin1 to the Security Reader role group.
    • From the Security & Compliance admin center, add SecAdmin1 to the Compliance Administrator role group.
    • From Windows PowerShell, enable the super user feature and assign the role to SecAdmin1.
    Explanation:
    The super user feature of the Azure Rights Management service from Azure Information Protection ensures that authorized people and services can always read and inspect the data that Azure Rights Management protects for your organization. However, the super user feature is not enabled by default. The PowerShell cmdlet Enable-AadrmSuperUserFeature is used to manually enable the super user feature.

11. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a new Microsoft 365 subscription.

    You need to prevent users from sending email messages that contain Personally Identifiable Information (PII).

    Solution: From the Cloud App Security admin center, you create an access policy.

    Does this meet the goal?

    • Yes
    • No

12. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

    You create an Azure Advanced Threat Protection (ATP) workspace named Workspace1.

    The tenant contains the users shown in the following table.

    

    You need to modify the configuration of the Azure ATP sensors.

    Solution: You instruct User4 to modify the Azure ATP sensor configuration.

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    Only Azure ATP administrators can modify the sensors.

    Any global administrator or security administrator on the tenant’s Azure Active Directory is automatically an Azure ATP administrator.

13. From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)

    

    What will be excluded from the export?

    • a 10-MB XLSX file
    • a 5-MB MP3 file
    • a 75-MB PDF file
    • a 60-MB DOCX file

14. You have a Microsoft 365 subscription.

    All users have their email stored in Microsoft Exchange Online.

    In the mailbox of a user named User1, you need to preserve a copy of all the email messages that contain the word ProjectX.

    What should you do?

    • From Microsoft Cloud App Security, create an activity policy.
    • From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
    • From the Exchange admin center, start a mail flow message trace.
    • From the Security & Compliance admin center, create an eDiscovery case.

15. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

    After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

    You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

    You create an Azure Advanced Threat Protection (ATP) workspace named Workspace1.

    The tenant contains the users shown in the following table.

    

    You need to modify the configuration of the Azure ATP sensors.

    Solution: You instruct User3 to modify the Azure ATP sensor configuration.

    Does this meet the goal?

    • Yes
    • No
    Explanation:

    Only Azure ATP administrators can modify the sensors.

    Any global administrator or security administrator on the tenant’s Azure Active Directory is automatically an Azure ATP administrator.

16. HOTSPOT

    You have a Microsoft Azure Active Directory (Azure AD) tenant named sk180818.onmicrosoft.com. The tenant contains the users shown in the following table.

    

    In Azure Information Protection, you create a label named Label1 as shown in the following exhibit.

    

    Label1 is applied to a file named File1.

    You send File1 as an email attachment to User1, User2, User3, and User4.

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

17. HOTSPOT

    Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.

    The company stores 2 TBs of data in SharePoint Online document libraries.

    The tenant has the labels shown in the following table.

    

    For each of the following statements, select Yes if the statement is true. Otherwise, select No.

    NOTE: Each correct selection is worth one point.

    

    

18. HOTSPOT

    You create a Microsoft 365 subscription.

    Your company’s privacy policy states that user activities must NOT be audited.

    You need to disable audit logging in Microsoft 365.

    How should you complete the command? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.

    

    

19. You have a Microsoft 365 E5 tenant that contains the resources shown in the following table.

    

    To which resources can you apply a sensitivity label by using an auto-labeling policy?

    • Mailbox1 and Site1 only
    • Mailbox1, Account1, and Site1 only
    • Account1 and Site1 only
    • Mailbox1, Account1, Site1, and Channel1
    • Account1, Site1, and Channel1 only

20. HOTSPOT

    You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

    

    You have a Microsoft Office 365 retention label named Retention1 that is published to Exchange email.

    You have a Microsoft Exchange Online retention policy that is applied to all mailboxes. The retention policy contains a retention tag named Retention2.

    Which users can assign Retention1 and Retention2 to their emails? To answer, select the appropriate options in the answer area.

    NOTE: Each correct selection is worth one point.