microsoft ms-101 practice test
Microsoft 365 Mobility and Security (beta)
Note: This exam has case studies
Question 1 Topic 5, Mixed Questions
You need to meet the compliance requirements for the Windows 10 devices.
What should you create from the Endpoint Management admin center?
- A. a device compliance policy
- B. a device configuration profile
- C. an app protection policy
- D. an app configuration policy
Answer:
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-
using-intune-azure
Question 2 Topic 5, Mixed Questions
HOTSPOT
You have a Microsoft 365 E5 subscription that includes the following active eDiscovery case:
Name: Case1
Included content: Group1, User1, Site1
Hold location: Exchange mailboxes, SharePoint sites, Exchange public folders
The investigation for Case1 completes, and you close the case.
What occurs after you close Case1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/close-or-delete-case?view=o365-worldwide
Question 3 Topic 5, Mixed Questions
HOTSPOT
You have a Microsoft 365 E5 tenant that uses Microsoft Intune.
You need to configure Intune to meet the following requirements:
Prevent users from enrolling personal devices.
Ensure that users can enroll a maximum of 10 devices.
What should you use for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set#blocking-personal-windows-
devices
Question 4 Topic 5, Mixed Questions
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a
unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in
the review screen.
You have a Microsoft 365 subscription.
From the Microsoft 365 Defender, you create a role group named US eDiscovery Managers by copying the eDiscovery
Manager role group.
You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in
the United States.
Solution: From the Microsoft 365 Defender, you modify the roles of the US eDiscovery Managers role group.
Does this meet the goal?
- A. Yes
- B. No
Answer:
B
Question 5 Topic 5, Mixed Questions
You have a Microsoft 365 E5 subscription.
You plan to implement records management and enable users to designate documents as regulatory records.
You need to ensure that the option to mark content as a regulatory record is visible when you create retention labels.
What should you do first?
- A. Configure custom detection rules.
- B. Create an Exact Data Match (EDM) schema.
- C. Run the Set-RegulatoryComplianceUI cmdlet.
- D. Run the Set-LabelPolicy cmdlet.
Answer:
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/declare-records?view=o365-worldwide
Question 6 Topic 5, Mixed Questions
HOTSPOT
You have a Microsoft 365 tenant that contains the compliance policies shown in the following table.
The tenant contains the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Hot Area:
Answer:
Question 7 Topic 5, Mixed Questions
DRAG DROP
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.
You need to automatically label the documents on Site1 that contain credit card numbers.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the
answer area and arrange them in the correct order.
Select and Place:
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide#what-label-policies-can-
do https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide
Question 8 Topic 5, Mixed Questions
You have a Microsoft 365 E5 tenant.
You need to ensure that when a document containing a credit card number is added to the tenant, the document is
encrypted.
Which policy should you use?
- A. a retention policy
- B. a retention label policy
- C. an auto-labeling policy
- D. an insider risk policy
Answer:
C
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide
Question 9 Topic 5, Mixed Questions
You have a Microsoft 365 tenant.
Company policy requires that all Windows 10 devices meet the following minimum requirements:
Require complex passwords.
Require the encryption of data storage devices.
Have Microsoft Defender Antivirus real-time protection enabled.
You need to prevent devices that do not meet the requirements from accessing resources in the tenant.
Which two components should you create? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. a configuration policy
- B. a compliance policy
- C. a security baseline profile
- D. a conditional access policy
- E. a configuration profile
Answer:
B D
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started
Question 10 Topic 5, Mixed Questions
HOTSPOT
You have a Microsoft 365 tenant that has Enable Security defaults set to No in Azure Active Directory (Azure AD).
The tenant has two Compliance Manager assessments as shown in the following table.
The SP800 assessment has the improvement actions shown in the following table.
You perform the following actions:
For the Data Protection Baseline assessment, change the Test status of Establish a threat intelligence program to
Implemented. Enable multi-factor authentication (MFA) for all users.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Answer:
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-assessments?view=o365-
worldwide#create-assessments https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-score-
calculation?view=o365-worldwide#action-types-and-points