Microsoft Microsoft Certifications MS-101 Questions & Answers

• Question 61:

  You have a Microsoft 365 E5 tenant.

  You need to ensure that when a document containing a credit card number is added to the tenant, the document is encrypted.

  Which policy should you use?

  A. a retention policy

  B. a retention label policy

  C. an auto-labeling policy

  D. an insider risk policy

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide

• Question 62:

  You have a Microsoft 365 tenant.

  Company policy requires that all Windows 10 devices meet the following minimum requirements:

  1.

  Require complex passwords.

  2.

  Require the encryption of data storage devices.

  3.

  Have Microsoft Defender Antivirus real-time protection enabled.

  You need to prevent devices that do not meet the requirements from accessing resources in the tenant.

  Which two components should you create? Each correct answer presents part of the solution.

  NOTE: Each correct selection is worth one point.

  A. a configuration policy

  B. a compliance policy

  C. a security baseline profile

  D. a conditional access policy

  E. a configuration profile

  Correct Answer: BD

  Reference: https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

• Question 63:

  Your company has a Microsoft 365 E5 tenant that contains a user named User1.

  You review the company's compliance score.

  You need to assign the following improvement action to User1:Enable self-service password reset.

  What should you do first?

  A. From Compliance Manager, turn off automated testing.

  B. From the Azure Active Directory admin center, enable self-service password reset (SSPR).

  C. From the Microsoft 365 admin center, modify the self-service password reset (SSPR) settings.

  D. From the Azure Active Directory admin center, add User1to the Compliance administrator role.

  Correct Answer: D

  Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-improvement-actions?view=o365-worldwide https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal

• Question 64:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

  You create a Microsoft Defender for Identity instance named Contoso.

  The tenant contains the users shown in the following table.

  

  You need to modify the configuration of the Defender for Identity sensors.

  Solution: You instruct User3 to modify the Defender for Identity sensor configuration.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  Only Azure ATP administrators can modify the sensors.

  Any global administrator or security administrator on the tenant's Azure Active Directory is automatically an Azure ATP administrator.

  Reference:

  https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-role-groups

• Question 65:

  You have a Microsoft 365 E5 subscription.

  You need to identify which users accessed Microsoft Office 365 from anonymous IP addresses during the last seven days.

  What should you do?

  A. From the Cloud App Security admin center, select Users and accounts.

  B. From the Microsoft 365 security center, view the Threat tracker.

  C. From the Microsoft 365 admin center, view the Security and compliance report.

  D. From the Azure Active Directory admin center, view the Risky sign-ins report.

  Correct Answer: A

• Question 66:

  After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

  You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

  You create a Microsoft Defender for Identity instance named Contoso.

  The tenant contains the users shown in the following table.

  

  You need to modify the configuration of the Defender for Identity sensors.

  Solution: You instruct User4 to modify the Defender for Identity sensor configuration.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

  Only Azure ATP administrators can modify the sensors.

  Any global administrator or security administrator on the tenant's Azure Active Directory is automatically an Azure ATP administrator.

  References:

  https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-role-groups

• Question 67:

  You have a Microsoft 365 E5 tenant.

  The Microsoft Secure Score for the tenant is shown in the following exhibit.

  

  You plan to enable Security defaults for Azure Active Directory (Azure AD). Which three improvement actions will this affect?

  A. Require MFA for administrative roles.

  B. Ensure all users can complete multi-factor authentication for secure access

  C. Enable policy to block legacy authentication

  D. Enable self-service password reset

  E. Use limited administrative roles

  Correct Answer: ABC

  Reference: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

• Question 68:

  You have a Microsoft 365 E5 subscription that contains a user named User1.

  The subscription has a single anti-malware policy as shown in the following exhibit.

  

  An email message that contains text and two attachments is sent to User1. One attachment is infected with malware. How will the email message and the attachments be processed?

  A. Both attachments will be removed. The email message will be quarantined, and User1 will receive an email message without any attachments and an email message that includes the following text: “Malware was removed.”

  B. The email message will be quarantined, and the message will remain undelivered.

  C. Both attachments will be removed. The email message will be quarantined, and User1 will receive a copy of the message containing the original text and a new attachment that includes the following text: “Malware was removed.”

  D. The malware-infected attachment will be removed. The email message will be quarantined, and User1 will receive a copy of the message containing only the uninfected attachment.

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-malware-protection?view=o365-worldwide#anti-malware-policies

• Question 69:

  You have a Microsoft 365 tenant that contains the groups shown in the following table.

  

  You plan to create a new Windows 10 Security Baseline profile. To which groups can you assign to the profile?

  A. Group3 only

  B. Group1 and Group3 only

  C. Group2 and Group3 only

  D. Group1, Group2, and Group3

  Correct Answer: A

  Reference: https://docs.microsoft.com/en-us/mem/intune/protect/security-baselines-configure#create-the-profile https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?view=o365-worldwide

• Question 70:

  You have a Microsoft 365 tenant that contains a Windows 10 device named Device1 and the Microsoft Endpoint Manager policies shown in the following table.

  

  The policies are assigned to Device1.

  Which policy settings will be applied to Device1?

  A. only the settings of Policy1

  B. only the settings of Policy2

  C. only the settings of Policy3

  D. no settings

  Correct Answer: D

  Attack surface reduction rules support a merger of settings from different policies, to create a superset of policy for each device. Only the settings that are not in conflict are merged, while those that are in conflict are not added to the superset of rules.

  https://docs.microsoft.com/en-us/mem/intune/protect/security-baseline-settings-defender-atp?pivots=atp-december-2020#attack-surface-reduction-rules