Microsoft Microsoft Certifications MS-101 Questions & Answers

• Question 381:

  HOTSPOT

  You have a Microsoft 365 subscription.

  You are planning a threat management solution for your organization.

  You need to minimize the likelihood that users will be affected by the following threats:

  1.

  Opening files in Microsoft SharePoint that contain malicious content

  2.

  Impersonation and spoofing attacks in email messages

  Which policies should you create in the Security and Compliance admin center? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Box 1: ATP Safe Attachments

  ATP Safe Attachments provides zero-day protection to safeguard your messaging system, by checking email attachments for malicious content. It routes all messages and attachments that do not have a virus/malware signature to a special

  environment, and then uses machine learning and analysis techniques to detect malicious intent. If no suspicious activity is found, the message is forwarded to the mailbox.

  Box 2: ATP anti-phishing

  ATP anti-phishing protection detects attempts to impersonate your users and custom domains. It applies machine learning models and advanced impersonation-detection algorithms to avert phishing attacks.

  ATP Safe Links provides time-of-click verification of URLs, for example, in emails messages and Office files. Protection is ongoing and applies across your messaging and Office environment. Links are scanned for each click: safe links

  remain accessible and malicious links are dynamically blocked.

  References:

  https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp#configure-atp-policies

• Question 382:

  HOTSPOT You have a Microsoft 365 subscription.

  All users are assigned Microsoft Azure Active Directory Premium licenses.

  From the Device Management admin center, you set Microsoft Intune as the MDM authority.

  You need to ensure that when the members of a group named Marketing join a device to Azure Active Directory (Azure AD), the device is enrolled automatically in Intune. The Marketing group members must be limited to five devices enrolled

  in Intune.

  Which two options should you use to perform the configurations? To answer, select the appropriate blades in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Device enrollment manager (DEM) is an Intune permission that can be applied to an Azure AD user account and lets the user enroll up to 1,000 devices You can create and manage enrollment restrictions that define what devices can enroll into management with Intune, including the:

  1.

  Number of devices.

  2.

  Operating systems and versions.

  The Marketing group members must be limited to five devices enrolled in Intune

  References:

  https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment-manager-enroll

  https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set

• Question 383:

  HOTSPOT

  Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the users shown in the following table.

  

  You create a retention label named Label1 that has the following configurations:

  1.

  Retains content for five years

  2.

  Automatically deletes all content that is older than five years

  You turn on Auto labeling for Label1 by using a policy named Policy1. Policy1 has the following configurations:

  1.

  Applies to content that contains the word Merger

  2.

  Specifies the OneDrive accounts and SharePoint sites locations

  You run the following command.

  Set-RetentionCompliancePolicy Policy1 estrictiveRetention $true -Force

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/policy-and-compliance-retention/set-retentioncompliancepolicy?view=exchange-ps

• Question 384:

  HOTSPOT

  You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2.

  On September 5, 2019, you create and enforce a terms of use (ToU) in the tenant. The ToU has the following settings:

  1.

  Name: Terms1

  2.

  Display name: Terms1 name

  3.

  Require users to expand the terms of use: Off

  4.

  Require users to consent on every device: Off

  5.

  Expire consents: On

  6.

  Expire starting on: October 10, 2019

  7.

  Frequency: Monthly

  User1 accepts Terms1 on September 5, 2019. User2 accepts Terms1 on October 5, 2019.

  When will Terms1 expire for the first time for each user? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/terms-of-use

• Question 385:

  HOTSPOT

  Your company uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

  The devices onboarded to Microsoft Defender ATP are shown in the following table.

  

  The alerts visible in the Microsoft Defender ATP alerts queue are shown in the following table.

  

  You create a suppression rule that has the following settings:

  1.

  Triggering IOC: Any IOC

  2.

  Action: Hide alert

  3.

  Suppression scope: Alerts on ATP1 machine group

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  A suppression rule will not affect alerts that are already in the alerts queue. Only new alerts will be suppressed.

• Question 386:

  HOTSPOT

  Your company has a Microsoft 365 subscription.

  You need to configure Microsoft 365 to meet the following requirements:

  1.

  Malware found in email attachments must be quarantined for 20 days.

  2.

  The email address of senders to your company must be verified.

  Which two options should you configure in the Security and Compliance admin center? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 387:

  HOTSPOT

  A user named User1 has files in Microsoft OneDrive as shown in the following table.

  

  On February 1, 2019, you apply a retention policy named Policy1 as shown in the following exhibit.

  

  On February 5, 2019, User1 edits File2.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

• Question 388:

  HOTSPOT

  You have a Microsoft 365 subscription that contains the users shown in the following table.

  

  You run the following cmdlet.

  Set-MailboxAuditBypassAssociation -Identity User2-AuditByPassEnabled $true

  The users perform the following actions:

  1.

  User1 accesses an item in the mailbox of User2.

  2.

  User2 modifies a mailbox item in the mailbox of User3.

  3.

  User3 signs in to her mailbox.

  For each of the following statements, select Yes if the statement is true. Otherwise, select No.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Reference: https://docs.microsoft.com/en-us/powershell/module/exchange/set-mailboxauditbypassassociation?view=exchange-ps

• Question 389:

  HOTSPOT

  You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.

  

  Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer:

  

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide

• Question 390:

  HOTSPOT

  You have a Microsoft 365 subscription.

  Your network uses an IP address space of 51.40.15.0/24.

  An Exchange Online administrator recently created a role named Role1 from a computer on the network.

  You need to identify the name of the administrator by using an audit log search.

  For which activities should you search and by which field should you filter in the audit log search? To answer, select the appropriate options in the answer area.

  NOTE: Each correct selection is worth one point.

  Hot Area:

  

  Correct Answer: