100% Guarantee MS-101 Training Materials 2021

NEW QUESTION 1
HOTSPOT
Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).
You have Windows 10 and Windows 8.1 devices.
You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/windows/deployment/upgrade/upgrade-readiness-get-started https://docs.microsoft.com/en-us/windows/deployment/update/update-compliance-get-started

NEW QUESTION 2
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP- related data to be stored in the United States.
You plan to onboard all the devices to Windows Defender ATP. You need to store the Windows Defender ATP data in Europe. What should you first?

• A. Create a workspace.
• B. Onboard a new device.
• C. Delete the workspace.
• D. Offboard the test devices.

Answer: D

NEW QUESTION 3
You need to protect the U.S. PII data to meet the technical requirements. What should you create?

• A. a data loss prevention (DLP) policy that contains a domain exception
• B. a Security & Compliance retention policy that detects content containing sensitive data
• C. a Security & Compliance alert policy that contains an activity
• D. a data loss prevention (DLP) policy that contains a user override

Answer: C

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/create-activity-alerts

NEW QUESTION 4
HOTSPOT
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. Your company implements Windows Information Protection (WIP).
You need to modify which users and applications are affected by WIP.
What should you do? To answer, select the appropriate options m the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protectHYPERLINK "https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure"ion/create-wip- policy-using-intune-azure

NEW QUESTION 5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).
You configure pilot co-management.
You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.
You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.
Solution: You add Device1 to an Active Directory group. Does this meet the goal?

• A. Yes
• B. No

Answer: A

Explanation:
References:
https://www.scconfigmgr.com/2021/11/30/how-to-setup-co-management-part-6/

NEW QUESTION 6
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are deploying Microsoft Intune.
You successfully enroll Windows 10 devices in Intune.
When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intuen. Solution: You configure the Mobility (MDM and MAM) settings. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 7
Your company has five security information and event management (SIEM) appliances. The traffic logs from each appliance are saved to a file share named Logs.
You need to analyze the traffic logs.
What should you do from Microsoft Cloud App Security?

• A. Click Investigate, and then click Activity log.
• B. Click Control, and then click Policie
• C. Create a file policy.
• D. Click Discover, and then click Create snapshot report.
• E. Click Investigate, and then click Files.

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/investigate-an-activity-in-office- 365-cas

NEW QUESTION 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 subscription.
You discover that some external users accessed content on a Microsoft SharePoint site. You modify the SharePoint shoring policy to prevent sharing outside your organization.
You need to be notified if the SharePoint sharing policy is modified m the future. Solution: From the SharePoint admin center, you modify the sharing settings. Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 9
You use Microsoft System Center Configuration Manager (Current Branch) to manage devices. Your company uses the following types of devices:
•Windows 10
•Windows 8.1
•Android
• iOS
Which devices can be managed by using co-management?

• A. Windows 10 and Windows 8.1 only
• B. Windows 10, Android, and iOS only
• C. Windows 10 only
• D. Windows 10, Windows 8.1, Android, and iOS

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/sccm/core/plan-design/choose-a-device-management-solution#bkmk_intune

NEW QUESTION 10
HOTSPOT
You have a Microsoft 365 subscription that uses a default domain named contoso.com. The domain contains the users shown in the following table.

The domain contains the devices shown in the following table.

The domain contains conditional access policies that control access to a cloud app named App1. The policies are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/plan-conditional-access

NEW QUESTION 11
HOTSPOT
You need to meet the technical requirement for log analysis.
What is the minimum number of data sources and log collectors you should create from Microsoft Cloud App Security? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/cloud-app-security/discovery-docker

NEW QUESTION 12
You need to meet the compliance requirements for the Windows 10 devices. What should you create from the Intune admin center?

• A. a device compliance policy
• B. a device configuration profile
• C. an application policy
• D. an app configuration policy

Answer: D

NEW QUESTION 13
HOTSPOT
You have a Microsoft 365 subscription.
You have a group named Support. Users in the Support group frequently send email messages to external users.
The manager of the Support group wants to randomly review messages that contain attachments. You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/supervision-policies

NEW QUESTION 14
DRAG DROP
You have a Microsoft 365 subscription.
You have the devices shown in the following table.

You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible.
Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
hHYPERLINK "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection"ttps://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-windows-defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-endpoints-windows-defender-advanced-threat-protection https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-HYPERLINK "https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-endpoints-windows-defender-advanced-threat-protection"windows-defender-advanced-threat-protection

NEW QUESTION 15
Your company has a Microsoft 365 tenant.
The company sells products online and processes credit card information.
You need to be notified if a file stored in Microsoft SharePoint Online contains credit card information. The file must be removed automatically from its current location until an administrator can review its contents.
What should you use?

• A. a Security & Compliance data loss prevention (DLP) policy
• B. a Microsoft Cloud App Security access policy
• C. a Security & Compliance retention policy
• D. a Microsoft Cloud App Security file policy

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies

NEW QUESTION 16
HOTSPOT
You have a Microsoft 365 subscription.
You are configuring permissions for Security & Compliance.
You need to ensure that the users can perform the tasks shown in the following table.

The solution must use the principle of least privilege.
To which role should you assign each user? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-center#mapping-of-role-groups-tHYPERLINK "https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-center#mapping-of- role-groups-to-assigned-roles"o-assigned-roles

NEW QUESTION 17
HOTSPOT
You have Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the
information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
Note: The Aggregation settings has a 120 minute window

NEW QUESTION 18
HOTSPOT
You have a document in Microsoft OneDrive that is encrypted by using Microsoft Azure Information Protection as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection

NEW QUESTION 19
HOTSPOT
You create two device compliance policies for Android devices as shown in the following table.

The users belong to the groups shown in the following table.

The users enroll their device in Microsoft Intune.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android

NEW QUESTION 20
You have a Microsoft 365 tenant.
All users are assigned the Enterprise Mobility + Security license.
You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the
device is enrolled in Microsoft Intune automatically.
What should you configure?

• A. Enrollment restrictions from the Intune admin center
• B. device enrollment managers from the Intune admin center
• C. MAM User scope from the Azure Active Directory admin center
• D. MDM User scope from the Azure Active Directory admin center

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/intune/windows-enroll

NEW QUESTION 21
A user receives the following message when attempting to sign in to https://myapps.microsoft.com: "Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location device, or app. Before you can continue, we need to verity your identity. Please contact your admin.”
Which configuration prevents the users from signing in?

• A. Microsoft Azure Active Directory (Azure AD) Identity Protection policies
• B. Microsoft Azure Active Directory (Azure AD) conditional access policies
• C. Security & Compliance supervision policies
• D. Security & Compliance data loss prevention (DIP) policies

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

NEW QUESTION 22
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.)

You need to reduce the likelihood that the sign-ins are identified at risky. What should you do?

• A. From the Security & Compliance admin center, create a classification label.
• B. From the Security & Compliance admin center, add the users to the Security Readers role group.
• C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.
• D. From the Conditional access blade in the Azure Active Directory admin center, create named locations.

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

NEW QUESTION 23
HOTSPOT
As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://www.windowscentral.com/whats-difference-HYPERLINK "https://www.windowscentral.com/whats-difference-between-quality-updates-and-feature-updates-windows-10"between-quality-updates-and-feature-updates-windows-10

NEW QUESTION 24
......