Microsoft Microsoft Certifications MS-100 Questions & Answers

• Question 181:

  HOTSPOT

  You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. A user named User1 has files on a Windows 10 device as shown in the following table.

  

  In Azure Information Protection, you create a label named Label1 that is configured to apply automatically. Label1 is configured as shown in the following exhibit.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  The phrase to match is "im" and it is case sensitive. The phrase must also appear at least twice.

  Box 1: No

  File1.docx contain the word "import" once only

  Box 2: Yes

  File2.docx contains two occurrences of the word "import" as well as the word "imported"

  Box 3: No

  File3.docx contains "IM" but his is not the correct letter case.

  References:

  https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification

• Question 182:

  HOTSPOT

  You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.

  

  The domain contains the devices shown in the following table.

  

  The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Yes.

  User1 is in a group named Compliant. All the conditional access policies apply to Group1 so they don't apply to User1.

  As there is no conditional access policy blocking access for the group named Compliant, User1 is able to access App1 using any device.

  Box 2: Yes.

  User2 is in Group1 so Policy1 applies first. Policy1 excludes compliant devices and Device1 is compliant. Therefore, Policy1 does not apply so we move on to Policy2.

  User2 is also in Group2. Policy2 excludes Group2. Therefore, Policy2 does not apply so we move on to Policy3.

  Policy3 applies to Group1 so Policy3 applies to User2. Policy3 applies to ‘All device states’ so Policy3 applies to Device1. Policy3 grants access. Therefore, User2 can access App1 using Device1.

  Box 3: No.

  User2 is in Group1 so Policy1 applies. Policy1 excludes compliant devices but Devices is non-compliant. Therefore, User2 cannot access App1 from Device2.

  References:

  https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access

• Question 183:

  HOTSPOT

  You have a Microsoft 365 subscription that uses a default named contoso.com. Three files were created on February 1, 2019, as shown in the following table.

  

  On March 1, 2019, you create two retention labels named Label1 and label2.

  The settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.) Label 1

  

  The settings for Label2 are configured as shown in the Label1 exhibit. (Click the Label2 tab.) Label 2

  

  You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: No Retention overrides deletion.

  Box 2: No Content in a document library will be moved to the first-stage Recycle Bin within 7 days of disposition, and then permanently deleted another 93 days after that. Thus 100 days in total. Box 3: No

  Items in an Exchange mailbox will be permanently deleted within 14 days of disposition.

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/labels https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews

• Question 184:

  HOTSPOT

  You have retention policies in Microsoft 365 as shown in the following table.

  

  Policy1 is configured as shown in the Policy1 exhibit. (Click the Policy1 tab.) Policy1

  

  Policy1 is configured as shown in the Policy2 exhibit. (Click the Policy2 tab.) Policy2

  

  For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  1.

  Retention wins over deletion. Suppose that one retention policy says to delete Exchange email after three years, but another retention policy says to retain Exchange email for five years and then delete it. Any content that reaches three years old will be deleted and hidden from the users' view, but still retained in the Recoverable Items folder until the content reaches five years old, when it is permanently deleted.

  2.

  The longest retention period wins. If content is subject to multiple policies that retain content, it will be retained until the end of the longest retention period.

  Box 1: No.

  The file will be deleted and hidden from the users' view, but still retained in the Recoverable Items folder. An administrator would need to recover the file.

  Box 2: Yes.

  The file will be deleted and hidden from the users' view, but still retained in the Recoverable Items folder. An administrator will be able to recover the file.

  Box 3: Yes.

  2018 to 2023 is five years. Policy2 has a retention period of four years. However, Policy2 is configured to not delete the files after the four-year retention period.

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies#the-principles-of-retention-or-what-takes-precedence

• Question 185:

  HOTSPOT

  You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit.

  

  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1:

  If you copy the file from OneDrive to your internet connected computer, you can open the document for up to 30 days. This is because the “Number of days the content is valid” setting is set to 30 days.

  Box 2:

  If you email the document to a user outside your organization, the user cannot open the document. To open the document, the user would need to be added to the Users list and assigned permission. With the configuration in the exhibit, only

  the user listed in the Users list and the creator of the document can open the document.

  References:

  https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection

• Question 186:

  HOTSPOT

  You have a Microsoft 365 subscription.

  You have a group named Support. Users in the Support group frequently send email messages to external users.

  The manager of the Support group wants to randomly review messages that contain attachments.

  You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Supervision policies in Office 365 allow you to capture employee communications for examination by designated reviewers. You can define specific policies that capture internal and external email, Microsoft Teams, or 3rd-party communications in your organization.

  You create supervision policies in the Compliance center. These policies define which communications and users are subject to review in your organization and specify who should perform reviews.

  If you want to reduce the amount of content to review, you can specify a percentage of all the communications governed by a supervision policy. A real-time, random sample of content is selected from the total percentage of content that matches chosen policy conditions.

  References: https://docs.microsoft.com/en-us/office365/securitycompliance/supervision-policies

• Question 187:

  HOTSPOT

  Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in the following table.

  

  A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1, App2, and App3 all open files that have the .abc file extension. You implement Windows Information Protection (WIP) by using the following configurations:

  1.

  Exempt apps: App2

  2.

  Protected apps: App1

  3.

  Windows Information Protection mode: Block

  4.

  Network boundary: IPv4 range of 192.168.1.1-192.168.1.255

  You need to identify the apps from which you can open File1.abc

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Yes.

  App1 is a protect app in the Windows Information Protection policy. File1 is stored on Server1 which is in the Network Boundary defined in the policy. Therefore, you can open File1 in App1.

  Box 2: Yes.

  App2 is exempt in the Windows Information Protection policy. The protection mode in the policy is block so all apps that are not included in the policy cannot be used to open the file… except for exempt apps. Therefore, you can open File1 in

  App2.

  Box 3: No.

  The protection mode in the policy is block so all apps that are not included in the policy as protected apps or listed as exempt from the policy cannot be used to open the file. Therefore, you cannot open File from in App3.

  References:

  https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure

• Question 188:

  HOTSPOT

  You have a data loss prevention (DLP) policy.

  You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM). The solution must minimize the number of false positives.

  Which two settings should you modify? To answer, select the appropriate settings in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  You can tune your rules by adjusting the instance count and match accuracy to make it harder or easier for content to match the rules. Each sensitive information type used in a rule has both an instance count and match accuracy.

  To make the rule easier to match, decrease the min count and/or increase the max count. You can also set max to any by deleting the numerical value.

  To minimize the number of false positives, we need to increase the minimum match accuracy.

  A sensitive information type is defined and detected by using a combination of different types of evidence. Commonly, a sensitive information type is defined by multiple such combinations, called patterns. A pattern that requires less evidence

  has a lower match accuracy (or confidence level), while a pattern that requires more evidence has a higher match accuracy (or confidence level).

  References:

  https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

  https://docs.microsoft.com/en-us/office365/securitycompliance/what-the-sensitive-information-types-look-for#international-classification-of-diseases-icd-9-cm

• Question 189:

  HOTSPOT

  

  You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

  Multi-factor authentication (MFA) is configured to use 131.107.50/24 for trusted IPs. The tenant contains the named locations shown in the following table.

  

  You create a conditional access policy that has the following configurations:

  1.

  Users and groups assignment: All users

  2.

  Cloud apps assignment: App1

  3.

  Conditions: Include all trusted locations

  4.

  Grant access: require multi-factor authentication

  For each of the following statements, select Yes if the statement is true. otherwise, select No.

  NOTE: Each correct selection is worth one point.

  You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.

  Hot Area:

  

  Correct Answer:

  

  Box 1: Yes

  131.107.50.10 is in a Trusted Location so the conditional access policy applies. The policy requires MFA. However, User1's MFA status is disabled. The MFA requirement in the conditional access policy will override the user's MFA status of disabled. Therefore, User1 must use MFA.

  Box 2: Yes.

  131.107.20.15 is in a Trusted Location so the conditional access policy applies. The policy requires MFA so User2 must use MFA.

  Box 3: Yes.

  131.107.5.5 is an MFA Trusted IP so that counts as a Trusted Location in the conditional access policy. The “All Trusted Locations” setting includes MFA Trusted IPs. Therefore, the conditional access policy applies so User2 must use MFA.

• Question 190:

  HOTSPOT

  You have a Microsoft 365 subscription.

  You need to provide an administrator named Admin1 with the ability to place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.

  What should you do? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  The Office 365 Security and Compliance Center lets you grant permissions to people who perform compliance tasks like device management, data loss prevention, eDiscovery, retention, and so on.

  Users assigned to the eDiscovery Manager role can perform searches and place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations.

  Reference:

  https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-center