Microsoft Microsoft Certifications MS-100 Questions & Answers

• Question 361:

  Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.

  You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United

  States.

  You plan to onboard all the devices to Windows Defender ATP data in Europe.

  What should you do first?

  A. Create a workspace

  B. Offboard the test devices

  C. Delete the workspace

  D. Onboard a new device

  Correct Answer: B

  When onboarding Windows Defender ATP for the first time, you can choose to store your data in Microsoft Azure datacenters in the European Union, the United Kingdom, or the United States. Once configured, you cannot change the location

  where your data is stored.

  The only way to change the location is to offboard the test devices then onboard them again with the new location.

  Reference:

  https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy#do-i-have-the-flexibility-to-select-where-to-store-my-data

• Question 362:

  Your network contains an on-premises Active Directory domain.

  Your company has a security policy that prevents additional software from being installed on domain controllers.

  You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).

  What should you do? More than once choice may achieve the goal. Select the BEST answer.

  A. Deploy an Azure ATP standalone sensor, and then configure port mirroring.

  B. Deploy an Azure ATP standalone sensor, and then configure detections.

  C. Deploy an Azure ATP sensor, and then configure detections.

  D. Deploy an Azure ATP sensor, and then configure port mirroring.

  Correct Answer: C

  If you're installing on a domain controller, you don't need a standalone ATP sensor. You need to configure the detections to detect application installations. With an ATP sensor (non-standalone), you don't need to configure port mirroring.

  Reference: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5 https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning#choosing-the-right-sensor-type-for-your-deployment

• Question 363:

  You have a Microsoft 365 tenant.

  You have a line-of-business application named App1 that users access by using the My Apps portal.

  After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.

  You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.

  What should you do?

  A. From Microsoft Cloud App Security, modify the impossible travel alert policy.

  B. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.

  C. From the Azure Active Directory admin center, modify the conditional access policy.

  D. From Microsoft Cloud App Security, create an app discovery policy.

  Correct Answer: A

  Impossible travel detection identifies two user activities (is a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to

  the second.

  We need to modify the policy so that it applies to App1 only.

  Reference:

  https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy

• Question 364:

  From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.)

  

  You need to reduce the likelihood that the sign-ins are identified as risky. What should you do?

  A. From the Security and Compliance admin center, add the users to the Security Readers role group.

  B. From the Conditional access blade in the Azure Active Directory admin center, create named locations.

  C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.

  D. From the Security and Compliance admin center, create a classification label.

  Correct Answer: B

  A named location can be configured as a trusted location. Typically, trusted locations are network areas that are controlled by your IT department. In addition to Conditional Access, trusted named locations are also used by Azure Identity Protection and Azure AD security reports to reduce false positives for risky sign-ins.

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

• Question 365:

  You have a Microsoft 365 subscription.

  You recently configured a Microsoft SharePoint Online tenant in the subscription.

  You plan to create an alert policy.

  You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes.

  What should you do first?

  A. Enable Microsoft Office 365 Cloud App Security.

  B. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).

  C. Enable Microsoft Office 365 Analytics.

  Correct Answer: B

  An alert policy consists of a set of rules and conditions that define the user or admin activity that generates an alert, a list of users who trigger the alert if they perform the activity, and a threshold that defines how many times the activity has to

  occur before an alert is triggered.

  In this question, we would use the "Malware detected in file" activity in the alert settings then configure the threshold (5 detections) and the time window (10 minutes).

  The ability to configure alert policies based on a threshold or based on unusual activity requires Advanced Threat Protection (ATP).

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies

• Question 366:

  Your company has 10 offices.

  The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.

  You discover that one of the offices has the following:

  1.

  Computers that have several preinstalled applications

  2.

  Computers that use nonstandard computer names

  3.

  Computers that have Windows 10 preinstalled

  4.

  Computers that are in a workgroup

  You must configure the computers to meet the following corporate requirements:

  1.

  All the computers must be joined to the domain.

  2.

  All the computers must have computer names that use a prefix of CONTOSO.

  3.

  All the computers must only have approved corporate applications installed.

  You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time.

  A. a provisioning package

  B. wipe and load refresh

  C. Windows Autopilot

  D. an in-place upgrade

  Correct Answer: A

  By using a provisioning package, IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a device. Incorrect Answers:

  C: With Windows Autopilot the user can set up pre-configured devices without the need consult their IT administrator.

  D: Use the In-Place Upgrade option when you want to keep all (or at least most) existing applications.

  Reference: https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot

• Question 367:

  You have a Microsoft 365 subscription.

  You configure a data loss prevention (DLP) policy.

  You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.

  You need to prevent the users from bypassing the DLP policy.

  What should you configure?

  A. actions

  B. exceptions

  C. incident reports

  D. user overrides

  Correct Answer: D

  A DLP policy can be configured to allow users to override a policy tip and report a false positive.

  You can educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an email

  notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. The same policy tips also appear in Outlook on the web, Outlook, Excel, PowerPoint, and

  Word.

  If you find that users are incorrectly marking content as false positive and bypassing the DLP policy, you can configure the policy to not allow user overrides.

  Reference:

  https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

• Question 368:

  In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments. Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.)

  

  You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com. What should you configure?

  A. an action

  B. a group

  C. a condition

  D. an exception

  Correct Answer: D

  You need to add an exception. In the Advanced Settings of the DLP policy, you can add a rule to configure the Conditions and Actions. There is also an `Add Exception' button. This gives you several options that you can select as the exception. One of the options is `except when recipient domain is'. You need to select that option and enter the domain name contoso.com.

  Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies#how-dlp-policies-work

• Question 369:

  Your company uses on-premises Windows Server File Classification Infrastructure 9FCI). Some documents on the on-premises file servers are classifies as Confidential.

  You migrate the files from the on-premises file servers to Microsoft SharePoint Online.

  You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification.

  What should you do first?

  A. From the SharePoint admin center, create a managed property.

  B. From the SharePoint admin center, configure hybrid search.

  C. From the Security and Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet.

  D. From the Security and Compliance Center PowerShell, run the New-DataClassification cmdlet.

  Correct Answer: A

  Your organization might use Windows Server FCI to identify documents with personally identifiable information (PII) such as social security numbers, and then classify the document by setting the Personally Identifiable Information property to High, Moderate, Low, Public, or Not PII based on the type and number of occurrences of PII found in the document. In Office 365, you can create a DLP policy that identifies documents that have that property set to specific values, such as High and Medium, and then takes an action such as blocking access to those files.

  Before you can use a Windows Server FCI property or other property in a DLP policy, you need to create a managed property in the SharePoint admin center.

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties

• Question 370:

  Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while

  others might not have a correct solution.

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

  You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

  You configure a pilot for co-management.

  You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

  You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

  Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the collection.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  Device1 has the Configuration Manager client installed so you can manage Device1 by using Configuration Manager.

  To manage Device1 by using Microsoft Intune, the device has to be enrolled in Microsoft Intune. In the Co-management Pilot configuration, you configure a Configuration Manager Device Collection that determines which devices are auto-

  enrolled in Microsoft Intune. You need to add Device1 to the Device Collection so that it auto-enrols in Microsoft Intune. You will then be able to manage Device1 using Microsoft Intune.

  Reference:

  https://docs.microsoft.com/en-us/configmgr/comanage/how-to-enable