Microsoft Microsoft Certifications MS-101 Questions & Answers

• Question 21:

  You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.

  

  You create a Policies for Office apps configuration named Policy1.

  You need to deploy Policy1.

  To which groups can you deploy the configuration?

  A. Group3 only

  B. Group4 only

  C. Group1 and Group2 only

  D. Group1 and Group4 only

  E. Group1, Group2, Group3, and Group4

  Correct Answer: C

• Question 22:

  You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365 and contains a mailbox name Mailbox1.

  You plan to use Mailbox 1 to collect and analyze unfiltered email messages.

  You need to ensure that Defender for Office 365 takes no action on any inbound emails delivered to Mailbox1.

  What should you do?

  A. Create a mail flow.rule.

  B. Configure a retention policy for Mailbox1.

  C. Place a litigation hold on Mailbox1.

  D. Configure Mailbox1 as a SecOps mailbox.

  Correct Answer: B

  Explanation:

  Place a mailbox on Litigation Hold to preserve all mailbox content, including deleted items and original versions of modified items. When you place a mailbox on Litigation Hold, the user's archive mailbox (if it's enabled) is also placed on hold.

  Deleted and modified items are preserved for a specified period or until you remove the mailbox from Litigation Hold.

  Incorrect:

  Not A: Mail flow rules are similar to the Inbox rules that are available in Outlook and Outlook on the web (formerly known as Outlook Web App). The main difference is mail flow rules take action on messages while they're in transit, not after

  the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.

  Not B: Although a retention policy can support multiple services that are identified as "locations" in the retention policy, you can't create a single retention policy that includes all the supported locations:

  Exchange email

  SharePoint site

  OneDrive accounts

  Microsoft 365 groups

  Skype for Business

  Exchange public folders

  Teams channel messages

  Teams chats

  Teams private channel messages

  Yammer community messages

  Yammer user messages

  Not D: Security operations (SecOps) mailboxes: Dedicated mailboxes that are used by security teams to collect and analyze unfiltered messages (both good and bad).

  Reference: https://learn.microsoft.com/en-us/exchange/policy-and-compliance/holds/litigation-holds

• Question 23:

  You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

  You plan to perform device discovery and authenticated scans of network devices.

  You install and register the network scanner on a device named Device1.

  What should you do next?

  A. Download and run an onboarding package.

  B. Connect Defender for Endpoint to Microsoft Intune.

  C. Apply for Microsoft Threat Experts – Targeted Attack Notifications.

  D. Create an assessment job.

  Correct Answer: D

• Question 24:

  You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

  

  You need to implement Windows Information Protection (WIP). The solution must meet the following requirements:

  Ensure that users on enrolled devices can override the WIP policy settings. Prevent users on unenrolled devices from overriding the WIP policy settings. What is the minimum number of app protection policies required?

  A. 1

  B. 2

  C. 3

  D. 4

  Correct Answer: B

  Explanation:

  One policy that allows overrides, and one policy that blocks.

  Note: What are the protection modes?

  Block

  WIP looks for inappropriate data sharing practices and stops the user from completing the action. Blocked actions can include sharing info across non-corporate-protected apps, and sharing corporate data between other people and devices

  outside of your organization.

  Allow Overrides

  WIP looks for inappropriate data sharing, warning users when they do something deemed potentially unsafe. However, this mode lets the user override the policy and share the data, logging the action to your audit log.

  Silent

  WIP runs silently, logging inappropriate data sharing, without blocking anything that would have been prompted for employee interaction while in Allow Override mode. Unallowed actions, like apps inappropriately trying to access a network

  resource or WIP-protected data, are still stopped.

  Reference: https://docs.microsoft.com/en-us/mem/intune/apps/windows-information-protection-policy-create

• Question 25:

  You have a Microsoft SharePoint Online site named Site1.

  On March 1, you delete a document named Document1.docx from Site1.

  On April 1, you empty the Recycle Bin of Site1.

  You need to identify the latest date a user who has the SharePoint admin role can recover Document1.docx.

  Which date should you identify?

  A. April 1

  B. May 1

  C. June 1

  D. September 1

  E. December 1

  Correct Answer: C

  Explanation:

  March 1 + 93 days is around June 1.

  How long are deleted items kept in the Recycle Bin?

  In SharePoint in Microsoft 365, items are retained for 93 days from the time you delete them from their original location. They stay in the site Recycle Bin the entire time, unless someone deletes them from there or empties that Recycle Bin. In

  that case, the items go to the site collection Recycle Bin, where they stay for the remainder of the 93 days.

  SharePoint Online retains backups of all content for 14 additional days beyond actual deletion. If content cannot be restored via the Recycle Bin or Files Restore, an administrator can contact Microsoft Support to request a restore any time

  inside the 14 day window.

  Note: Restore e deleted items from the site collection recycle bin.

  When you delete items (including OneDrive files) from a SharePoint site, they're sent to the site Recycle Bin (also called the first-stage Recycle Bin), where you can restore them if you need to. When you delete items from a site Recycle Bin,

  they're sent to the site collection Recycle Bin (also called the second-stage Recycle Bin).

  A SharePoint site collection administrator can view and restore deleted items from the site collection Recycle Bin to their original locations. If an item is deleted from the site collection Recycle Bin, or it exceeds the retention time, it is

  permanently deleted.

  Reference: https://support.microsoft.com/en-us/office/restore-deleted-items-from-the-site-collection-recycle-bin-5fa924ee-16d7-487b-9a0a-021b9062d14b

• Question 26:

  You have a new Microsoft 365 E5 tenant.

  You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected.

  What should you do first?

  A. Enable Microsoft 365 usage analytics.

  B. Create a communication compliance policy.

  C. Enable auditing.

  D. Create an Insider risk management policy.

  Correct Answer: C

  Explanation:

  Manage auditing and alert policies, Alert policies in Microsoft 365.

  Default alert policy includes:

  Elevation of Exchange admin privilege - Generates an alert when someone is assigned administrative permissions in your Exchange Online organization. For example, when a user is added to the Organization Management role group in

  Exchange Online. This policy has a Low severity setting.

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies

• Question 27:

  You have a Microsoft 365 subscription that contains 500 Windows 11 devices enrolled in Microsoft Intune.

  You deploy a new Win32 app named App1 to all the devices and verify that users can install App1 manually by using the Company Portal app.

  You need to configure App1 to ensure that all future deployments of the app install automatically without user intervention. The solution must minimize administrative effort.

  What should you do?

  A. Modify the detection rules for App1.

  B. Delete App1, and then redeploy App1.

  C. Modify the assignments for App1.

  D. Modify the install command for App1.

  Correct Answer: A

• Question 28:

  From the Microsoft 365 compliance center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)

  

  What will be excluded from the export?

  A. a 75-MB PDF file

  B. a 5-KB RTF file

  C. an 80-MB PPTX file

  D. a 12-MB BMP file

  Correct Answer: D

• Question 29:

  You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

  You need to ensure that users are prevented from opening or downloading malicious files from Microsoft Teams, OneDrive, or SharePoint Online.

  What should you do?

  A. Configure the Safe Links global settings.

  B. Create a new Anti-malware policy.

  C. Configure the Safe Attachments global settings.

  D. Create a new Anti-phishing policy.

  Correct Answer: C

  Explanation:

  Safe Attachments in Microsoft Defender for Office 365 provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection in Exchange Online Protection (EOP). Specifically, Safe

  Attachments uses a virtual environment to check attachments in email messages before they're delivered to recipients (a process known as detonation).

  Safe Attachments protection for email messages is controlled by Safe Attachments policies. Although there's no default Safe Attachments policy, the Built-in protection preset security policy provides Safe Attachments protection to all

  recipients (users who aren't defined in the Standard or Strict preset security policies or in custom Safe Attachments policies).

  Note

  The following features are located in the global settings of Safe Attachments policies in the Microsoft 365 Defender portal. But, these settings are enabled or disabled globally, and don't require Safe Attachments policies:

  Safe Attachments for SharePoint, OneDrive, and Microsoft Teams.

  Safe Documents in Microsoft 365 E5

  Reference: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments

• Question 30:

  You have a Microsoft 365 E5 subscription.

  You need to ensure that administrators receive an email when Microsoft 365 Defender detects a sign-in from a risky IP address.

  What should you create?

  A. an incident assignment filter

  B. a vulnerability notification rule

  C. an incident notification rule

  D. an alert

  Correct Answer: D

  Explanation:

  In Microsoft 365 Defender, you can add recipients for email notifications of detected alerts.

  Note: Anomalies are detected by scanning user activity. The risk is evaluated by looking at over 30 different risk indicators, grouped into risk factors, as follows:

  Risky IP address

  Login failures

  Admin activity

  Inactive accounts

  Location

  Impossible travel

  Device and user agent

  Activity rate

  Based on the policy results, security alerts are triggered. Defender for Cloud Apps looks at every user session on your cloud and alerts you when something happens that is different from the baseline of your organization or from the user's

  regular activity.

  Reference:

  https://learn.microsoft.com/en-us/microsoft-365/security/defender-identity/notifications

  https://learn.microsoft.com/en-us/defender-cloud-apps/anomaly-detection-policy