Download Free Microsoft MS-101 Practice Exam Questions To Access Yourself

1. You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.

You create a Microsoft Defender for identity instance Contoso.

The tenant contains the users shown in the following table.





You need to modify the configuration of the Defender for identify sensors.

Solutions: You instruct User3 to modify the Defender for identity sensor configuration.

Does this meet the goal?

2. HOTSPOT

You have a Microsoft 365 subscription that contains three groups named.

All users, Sales team, and Office users, and two users shown in the following table.





In Microsoft Endpoint Manager, you have the Policies for Office apps settings shown in the following exhibit.





The policies use the settings shown in the following table.





What is the default share folder location for User1 and the default Office theme for User2? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

3. You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.

You need to prevent the members or Group1 from communicating with the members of Group2 by using Microsoft Teams. The solution must comply with regulatory requirements and must not affect other user in the tenant.

What should you use?

4. HOTSPOT

Your company has a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The company stores 2 TBs of data in SharePoint Online document libraries.

The tenant has the labels shown in the following table.

5. HOTSPOT

You have three devices enrolled in Microsoft Intune as shown in the following table.





The device compliance policies in Intune are configured as shown in the following table.





The device compliance policies have the assignments shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

6. You need to configure Office on the web to meet the technical requirements.

What should you do?

7. DRAG DROP

Your company has a Microsoft 365 E5 tenant.

Users access resources in the tenant by using both personal and company-owned Android devices. Company policies requires that the devices have a threat level of medium or lower to access Microsoft Exchange Online mailboxes.

You need to recommend a solution to identify the threat level of the devices and to control access of the devices to the resources.

What should you include in the solution for each device type? To answer, drag the appropriate components to the correct devices. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

8. You have a Microsoft 365 E5 tenant that contains four devices enrolled in Microsoft Intune as shown in the following table.





You plan to deploy Microsoft 365 Apps for enterprise by using Microsoft Endpoint Manager.

To which devices can you deploy Microsoft 365 Apps for enterprise?

9. You enable the Azure AD Identity Protection weekly digest email.

You create the users shown in the following table.





Which users will receive the weekly digest email automatically?

10. HOTSPOT

You have a Microsoft 365 subscription.

You are planning a threat management solution for your organization.

You need to minimize the likelihood that users will be affected by the following threats:

✑ Opening files in Microsoft SharePoint that contain malicious content

✑ Impersonation and spoofing attacks in email messages

Which policies should you create in the Security & Compliance admin center? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

11. HOTSPOT

Your company uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

The devices onboarded to Microsoft Defender ATP are shown in the following table.





The alerts visible in the Microsoft Defender ATP alerts queue are shown in the following table.





You create a suppression rule that has the following settings:

✑ Triggering IOC: Any IOC

✑ Action: Hide alert

✑ Suppression scope: Alerts on ATP1 machine group

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

12. You have a Microsoft 365 subscription.

You configure a data loss prevention (DIP) policy.

You discover that users are incorrectly marking content as false positive and bypassing the OLP policy.

You need to prevent the users from bypassing the DLP policy.

What should you configure?

13. You have a Microsoft 365 subscription.

You need to be notified if users receive email containing a file that has a virus.

What should you do?

14. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it As a result these questions will not appear In the review screen.

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You create an Azure Advanced Threat Protection (ATP) workspace named Workspace1.

The tenant contains users shown in the following table.





You need to modify the configuration of the Azure ATP sensors.

Solution: You instruct User1 to modify the Azure ATP sensor configuration.

Does this meet the goal?

15. HOTSPOT

You have a Microsoft 365 tenant that contains the groups shown in the following table.





You plan to create a compliance policy named Compliance1.

You need to identify the groups that meet the following requirements:

✑ Can be added to Compliance1 as recipients of noncompliance notifications

✑ Can be assigned to Compliance1

To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

16. HOTSPOT

You purchase a new Microsoft 365 subscription.

You create 100 users who are assigned Microsoft 365 E3 licenses.

From the Security & Compliance admin center, you enable auditing.

Six months later, a manager sends you an email message asking the following questions:

✑ Question1: Who created a team named Team1 14 days ago?

✑ Question2: Who signed in to the mailbox of User1 30 days ago?

✑ Question3: Who changed the site collection administrators of a site 60 days ago?

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

17. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to enable User1 to create Compliance Manager assessments.

Solution: From the Microsoft 365 compliance center, you add User1 to the Compliance Manager Assessors role group.

Does this meet the goal?

18. You have a Microsoft 365 subscription

All users are assigned a Microsoft 365 E3 License.

You enable auditing for your organization.

What is the maximum amount of time data will be retained in the Microsoft 365 audit log?

19. Your company uses Microsoft Azure Advanced Threat Protection (ATP) and Windows Defender ATP.

You need to integrate Windows Defender ATP and Azure ATP.

What should you do?

20. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

From the Security & Compliance admin center, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.

You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.

Solution: From Windows PowerShell, you run the New-AzureRmRoleAssignment cmdlet with the appropriate parameters.

Does this meet the goal?

21. HOTSPOT

You have a data loss prevention (DIP) policy.

You need to increase the likelihood that the DLP policy will apply to data that contains medical terms from the International Classification of Diseases (ICD-9-CM). The solution must minimize the number of false positives.

Which two settings should you modify? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.

22. HOTSPOT

You have a Microsoft 365 subscription that contains all the user data.

You plan to create the retention policy shown in the Locations exhibit. (Click the Locations tab.)





You configure the Advanced retention settings as shown in the Retention exhibit. (Click the Retention tab.)





The locations specified in the policy include the groups shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

23. You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.

You create a Microsoft Defender for identity instance Contoso.

The tenant contains the users shown in the following table.





You need to modify the configuration of the Defender for identify sensors.

Solutions: You instruct User4 to modify the Defender for identity sensor configuration.

Does this meet the goal?

24. HOTSPOT

You have a Microsoft 365 E5 tenant that contains the users shown in the following table.





You purchase the devices shown in the following table.





In Microsoft Endpoint Manager, you create an enrollment status page profile that has the following settings:

✑ Show app and profile configuration progress: Yes

✑ Allow users to collect logs about installation errors: Yes

✑ Only show page to devices provisioned by out-of-box experience (OOBE): No

✑ Assignments: Group2

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

25. Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You sign up for Microsoft Store for Business.

The tenant contains the users shown in the following table.





Microsoft Store for Business has the following Shopping behavior settings:

✑ Make everyone a Basic Purchaser is set to Off.

✑ Allow app requests is set to On.

You need to identify which users can add apps to the Microsoft Store for Business private

store.

Which users should you identify?

26. You have a Microsoft 365 subscription and an on-premises Active Directory domain named contoso.com. All client computers run Windows 10 Enterprise and are joined to the domain.

You need to enable Windows Defender Credential Guard on all the computers.

What should you do?

27. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection

(ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.

Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Security administrator role.

Does this meet the goal?

28. You need to ensure that User1 can enroll the devices to meet the technical requirements.

What should you do?

29. You have a Microsoft 365 subscription. You have a user named User1.

You need to ensure that Used can place a hold on all mailbox content.

What permission should you assign to User1?

30. You have a Microsoft 365 E5 subscription that uses Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

From Microsoft Defender ATP, you turn on the Allow or block file advanced feature.

You need to block users from downloading a file named File1.exe.

What should you use?

31. HOTSPOT

You have a Microsoft 365 ES subscription that has three auto retention policies as show in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE Each correct selection is worth one point.

32. DRAG DROP

You have a Microsoft 365 subscription.

You have the devices shown in the following table.





You plan to join the devices to Azure Active Directory (Azure AD)

What should you do on each device to support Azure AU join? To answer, drag the appropriate actions to the collect devices, Each action may be used once, more than once, of not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

33. Your company has a Microsoft 365 subscription. The subscription contains 500 devices that run Windows 10 and 100 devices that run iOS.

You need to create Microsoft Intune device configuration profiles to meet the following requirements:

* Configure Wi-Fi connectivity to a secured network named ContosoNet.

* Require passwords of at least six characters to lock the devices.

What is the minimum number of device configuration profiles that you should create?

34. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.

Solution: From the Endpoint Management admin center, you create a device configuration profile.

Does this meet the goal?

35. HOTSPOT

You have a Microsoft 365 ES tenant.

You have the alerts shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

36. You use Microsoft System Center Configuration Manager (Current Branch) to manage devices.

Your company uses the following types of devices:

• Windows 10

• Windows 8.1

• Android

• iOS

Which devices can be managed by using co-management?

37. You have a Microsoft 365 subscription.

From the Security & Compliance admin center, you create a content search of all the mailboxes that contain the word Project X.

You need to export the results of the content search.

What do you need to download the report?

38. You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.onmicrost.com.

You have a Microsoft 365 subscription.

You need to ensure that administrations in your organization can manage the configuration settings for the Windows 10 device in your organization.

What should you configure?

39. HOTSPOT

You have a Microsoft 365 subscription.

You need to implement Windows Defender Advanced Threat Protection (ATP) for all the supported devices enrolled in mobile device management (MDM).

What should you include in the device configuration profile? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

40. Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You sign for Microsoft Store for Business.

The tenant contains the users shown in the following table.





Microsoft Store for Business has the following Shopping behavior settings:

✑ Allow users to shop is set to On

✑ Make everyone a Basic Purchaser is set to Off

You need to identify which users can install apps from the Microsoft for Business private store.

Which users should you identify?

41. You have a Microsoft 365 tenant that contains 1,000 iOS devices enrolled in Microsoft Intune. You plan to purchase volume-purchased apps and deploy the apps to the devices. You need to track used licenses and manage the apps by using Intune.

What should you use to purchase the apps?

42. HOTSPOT

You have a Microsoft Azure Active Directory (Azure AD) tenant named sk180818.onmicrosoft.com.

The tenant contains the users shown in the following table.





In Azure Information Protection, you create a label named Label1 as shown in the following exhibit.





Label1 is applied to a file named File1.

You send File1 as an email attachment to User1, User2, User3, and User4.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

43. HOTSPOT

You have a Microsoft 365 tenant named contoso.com.

The tenant contains the users shown in the following table.





You have the eDiscovery cases shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

44. You have a Microsoft 365 E5 tenant that contains the resources shown in the following table.





To which resources can you apply a sensitivity label by using an auto-labeling policy?

45. You have a Microsoft 365 E5 subscription.

You run an eDiscovery search that returns the following Azure Rights Management (Azure RMS) C encrypted content:

✑ Microsoft Exchange emails

✑ Microsoft OneDrive documents

✑ Microsoft SharePoint documents

Which content can be decrypted when you export the eDiscovery search results?

46. You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

In the tenant, you create a user named User1.

You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege.

To which role group should you add User1?

47. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure pilot co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: You add Device1 to an Active Directory group.

Does this meet the goal?

48. HOTSPOT

You need to meet the technical requirement for the SharePoint administrator.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

49. You have a Microsoft 365 tenant that contains two users named User1 and User2. You create the alert policy shown in the following exhibit.





User2 runs a script that modifies a file in a Microsoft SharePoint Online library once every four minutes and runs for a period of two hours.

How many alerts will User1 receive?

50. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to enable User1 to create Compliance Manager assessments.

Solution: From the Microsoft 365 admin center, you assign User1 the Compliance admin role.

Does this meet the goal?

51. HOTSPOT

You have a Microsoft 365 subscription that uses a default domain named contoso.com.

The domain contains the users shown in the following table.





The domain contains the devices shown in the following table.





The domain contains conditional access policies that control access to a cloud app named App1.

The policies are configured as shown in the following table.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

52. HOTSPOT

You have a Microsoft 365 E5 subscription.

You configure a new alert policy as shown in the following exhibit.





You need to identify the following:

✑ How many days it will take to establish a baseline for unusual activity.

✑ Whether alerts will be triggered during the establishment of the baseline.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

53. You have a Microsoft 365 E5 subscription.

You plan to implement records management and enable users to designate documents as regulatory records.

You need to ensure that the option to mark content as a regulatory record is visible when you create retention labels.

What should you do first?

54. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection (ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.

Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the SharePoint admin role.

Does this meet the goal?

55. HOTSPOT

You have a Microsoft 365 E5 tenant that contains a Microsoft SharePoint Online site named Site1.

Site1 contains the files shown in the following table.





You create a sensitivity label named Sensitivity1 and an auto-label policy that has the following configurations:

✑ Name: AutoLabel1

✑ Label to auto-apply: Sensitivity1

✑ Rules for SharePoint Online sites: Rule1-SPO

✑ Choose locations where you want to apply the label: Site1

Rule1-SPO is configured as shown in the following exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

56. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure a pilot for co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: You create a device configuration profile from the Device Management admin center.

Does this meet the goal?

57. HOTSPOT

You have a Microsoft 365 subscription.

All users are assigned Microsoft Azure Active Directory Premium licenses.

From the Device Management admin center, you set Microsoft Intune as the MDM authority.

You need to ensure that when the members of a group named Marketing join a device to Azure Active Directory (Azure AD), the device is enrolled automatically in Intune. The Marketing group members must be limited to five devices enrolled in Intune.

Which two options should you use to perform the configurations? To answer, select the appropriate blades in the answer area. NOTE: Each correct selection is worth one point.

58. HOTSPOT

As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

59. You have a Microsoft 365 subscription that uses a default domain named contoso.com.

You have two users named User 1 and User2.

From the Security & Compliance admin center, you add User1 to the ediscovery Manager role group.

From the Security & Compliance admin center, User1 creates a case named Case1

You need to ensure that User1 can add User2 as a case member. The solution must use the principle of least privilege.

To which role group should you add User2?

60. HOTSPOT

You have a Microsoft 365 tenant that contains devices enrolled in Microsoft Intune.

The devices are configured as shown in the following table.





You plan to perform the following device management tasks in Microsoft Endpoint Manager:

✑ Deploy a VPN connection by using a VPN device configuration profile.

✑ Configure security settings by using an Endpoint Protection device configuration profile.

You support the management tasks.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

61. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection (ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.

Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Teams Service Administrator role.

Does this meet the goal?

62. HOTSPOT

You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1.

Site1 has he files in the following table.





The Site1 users are assigned the roles shown in the following table.





You create a data less prevention (DLP) policy names Policy1 as shown in the following exhibit.





How many files will be visible to user1 and User2 after Policy' is applied to answer, selected select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

63. Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD).

The domain contains two servers named Server1 and Server2 that run Windows Server 2016. Server1 has the File Server Resource Manager role service installed.

You need to configure Server1 to use the Azure Rights Management (Azure RMS) connector.

You install the Microsoft Management connector on Server1.

What should you do next on Server1?

64. HOTSPOT

You have 2,500 Windows 10 devices and a Microsoft 365 E5 tenant that contains two users named User1 and User2. The devices are not enrollment in Microsoft Intune.

In Microsoft Endpoint Manager, the Device limit restrictions are configured as shown in the following exhibit.





In Azure Active Directory (Azure AD), the Device settings are configured as shown in the following exhibit.





From Microsoft Endpoint Manager, you add User2 as a device enrollment manager (DEM).

For each of the following statement, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

65. You have a Microsoft 365 E5 tenant.

You plan to deploy a monitoring solution that meets the following requirements:

✑ Captures Microsoft Teams channel messages that contain threatening or violent language.

✑ Alerts a reviewer when a threatening or violent message is identified.

What should you include in the solution?

66. HOTSPOT

Your company is based in the United Kingdom (UK).

Users frequently handle data that contains Personally Identifiable Information (PII).

You create a data loss prevention (DLP) policy that applies to users inside and outside the company.

The policy is configured as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

67. DRAG DROP

You have a Microsoft 365 subscription.

You have the devices shown in the following table.





You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP).

The solution must avoid installing software on the devices whenever possible.

Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

68. : 243

You have a Microsoft 365 tenant that uses Microsoft Endpoint Manager for device management. You need to add the phone number of the help desk to the Company Portal app.

What should you do?

69. You have a hybrid Azure Active Directory (Azure AD) tenant and a Microsoft Endpoint Configuration Manager deployment.

You have the devices shown in the following table.





You plan to enable co-management.

You need to identify which devices support co-management without requiring the installation of additional software.

Which devices should you identify?

70. HOTSPOT

You have a Microsoft 365 subscription.

Your network uses an IP address space of 51.40.15.0/24.

An Exchange Online administrator recently created a role named Role1 from a computer on the network.

You need to identify the name of the administrator by using an audit log search.

For which activities should you search and by which field should you filter in the audit log search? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

71. HOTSPOT

You have a Microsoft 365 E5 tenant.

You configure a device compliance policy as shown in the following exhibit.





Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

72. HOTSPOT

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

A user named User1 has files on a Windows 10 device as shown in the following table.





In Azure Information Protection, you create a label named Label1 that is configured to apply automatically. Label1 is configured as shown in the following exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

73. You need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices.

What is the minimum of dedicated support technicians required?

74. HOTSPOT

You have 100 computers that run Windows 8.1 and are enrolled in Upgrade Readiness.

Two of the computers are configured as shown in the following table.





From Upgrade Readiness, you view the applications shown in the following table.





You enroll a computer named Computer3 in Upgrade Readiness.

Computer3 has the following configurations:

✑ 8 GB of memory

✑ 64-bit architecture

✑ An application named App3 installed

App3 is installed on Computer3 only.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

75. Which report should the New York office auditors view?

76. You have an Azure Active Directory (Azure AD) tenant and a Microsoft 365 E5 subscription.

The tenant contains the users shown in the following table.





You plan to implement Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).

You verify that role-based access control (RBAC) is turned on in Microsoft Defender ATP.

You need to identify which user can view security incidents from the Microsoft Defender Security Center.

Which user should you identify?

77. HOTSPOT

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.

Your company implements Windows Information Protection (WIP).

You need to modify which users and applications are affected by WIP.

What should you do? To answer, select the appropriate options m the answer area. NOTE: Each correct selection is worth one point.

78. HOTSPOT

You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.





The device compliance policies in Endpoint Manager are configured as shown in the following table.





The device compliance policies have the assignments shown in the following table.





For each of the following statements, select Yes if the statement Is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

79. HOTSPOT

Your network contains an Active Directory forest named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You use Microsoft System Center Configuration Manager (Current Branch) for device management.

You have the Windows 10 devices shown in the following table.





You configure Configuration Manager co-management as follows:

✑ Automatic enrollment in Intune: Pilot

✑ Pilot collection: Collection2

You configure co-management workloads as shown in the following exhibit.





For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

80. You have a Microsoft 365 E5 tenant that has sensitivity label support enabled for Microsoft and SharePoint Online.

You need to enable unified labeling for Microsoft 365 groups.

Which cmdlet should you run?

81. DRAG DROP

You have a Microsoft 365 E5 subscription.

Several users have iOS devices.

You plan to enroll the iOS devices in Microsoft Endpoint Manager.

You need to ensure that you can create an iOS/iPadOS enrollment profile in Microsoft Endpoint Manager.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

82. Your company has 10 offices.

The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.

You discover that one of the offices has the following:

✑ Computers that have several preinstalled applications

✑ Computers that use nonstandard computer names

✑ Computers that have Windows 10 preinstalled

✑ Computers that are in a workgroup

You must configure the computers to meet the following corporate requirements:

✑ All the computers must be joined to the domain.

✑ All the computers must have computer names that use a prefix of CONTOSO.

✑ All the computers must only have approved corporate applications installed.

You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time.

What should you recommend?

83. 1. Topic 1, Contoso, Ltd



Overview

Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.

The company has the employees and devices shown in the following table.





Contoso recently purchased a Microsoft 365 E5 subscription.



Existing Environment

The network contains an on-premises Active Directory forest named contoso.com.

The forest contains the servers shown in the following table.





All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.

The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.

The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.





The domain also includes a group named Group1.



Requirements

Planned Changes

Contoso plans to implement the following changes:

• Implement Microsoft 365.

• Manage devices by using Microsoft Intune.

• Implement Azure Advanced Threat Protection (ATP).

• Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest feature updates to the computers in the New York office only.



Technical Requirements

Contoso identifies the following technical requirements:

• When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automaticaiy.

• Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.

• User1 must be able to enroll all the New York office mobile devices in Intune.

• Azure ATP sensors must be installed and must NOT use port mirroring.

• Whenever possible, the principle of least privilege must be used.

• A Microsoft Store for Business must be created.



Compliance Requirements

Contoso identifies the following compliance requirements:

• Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Intune and configured in accordance with the corporate policy.

• Configure Windows Information Protection (W1P) for the Windows 10 devices.



HOTSPOT

You need to configure a conditional access policy to meet the compliance requirements.

You add Exchange Online as a cloud app.

Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

84. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You discover that some external users accessed content on a Microsoft SharePoint site.

You modify the SharePoint shoring policy to prevent sharing outside your organization.

You need to be notified if the SharePoint sharing policy is modified m the future.

Solution: From the SharePoint admin center, you modify the sharing settings.

Does this meet the goal?

85. You need to configure the compliance settings to meet the technical requirements.

What should you do in the Microsoft Endpoint Manager admin center?

86. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

From the Microsoft 365 Defender, you create a role group named US eDiscovery Managers by copying the eDiscovery Manager role group.

You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States.

Solution: From the Microsoft 365 Defender, you modify the roles of the US eDiscovery Managers role group.

Does this meet the goal?

87. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.

You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege.

Which role should you assign to the user?

88. You have a Microsoft 365 subscription.

You discover that some external users accessed center for a Microsoft SharePoint site.

You modify the share Point sharing policy to prevent sharing, outside your organization.

You need to be notified if the SharePoint sharing policy is modified in the future.

Solution: From the Security $ Compliance admin center you create a threat management policy.

Does this meet the goal?

89. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure pilot co-management

You add a new device named Device 1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: You create a device configuration profile from the Intune admin center.

Does this meet the goal?

90. HOTSPOT

You have a Microsoft 365 subscription.

You are configuring permissions for Security & Compliance.

You need to ensure that the users can perform the tasks shown in the following table.





The solution must use the principle of least privilege.

To which role should you assign each user? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

91. HOTSPOT

You need to meet the Intune requirements for the Windows 10 devices.

What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.