Microsoft 365 Mobility and Security v1.0 (MS-101)

Page:    1 / 17   
Total 256 questions

HOTSPOT -
You have a Microsoft 365 E5 tenant that contains two users named User1 and User2 and the groups shown in the following table.


You have a Microsoft Intune enrollment policy that has the following settings:
✑ MDM user scope: Some
- Groups: Group1
✑ MAM user scope: Some
- Groups: Group2
You purchase the devices shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll https://docs.microsoft.com/en-us/mem/intune/enrollment/android-enroll-device-administrator

HOTSPOT -
You have a Microsoft 365 tenant that contains devices enrolled in Microsoft Intune. The devices are configured as shown in the following table.


You plan to perform the following device management tasks in Microsoft Endpoint Manager:
Deploy a VPN connection by using a VPN device configuration profile.

✑ Configure security settings by using an Endpoint Protection device configuration profile.
You need to identify which devices will support the management tasks.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configure https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-macos

DRAG DROP -
You have a Microsoft 365 E5 tenant that contains 500 Android devices enrolled in Microsoft Intune.
You need to use Microsoft Endpoint Manager to deploy a managed Google Play app to the devices.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Select and Place:




Answer :

Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-android-for-work#assign-a-managed-google-play-app-to-android-enterprise-fully-managed-devices

You have a Microsoft 365 E5 tenant that contains four devices enrolled in Microsoft Intune as shown in the following table.


You plan to deploy Microsoft 365 Apps for enterprise by using Microsoft Endpoint Manager.
To which devices can you deploy Microsoft 365 Apps for enterprise?

  • A. Device1 only
  • B. Device1 and Device3 only
  • C. Device2 and Device4 only
  • D. Device1, Device2, and Device3 only
  • E. Device1, Device2, Device3, and Device4


Answer : B

Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add

You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.


You plan to review device startup performance issues by using Endpoint analytics.
Which devices can you monitor by using Endpoint analytics?

  • A. Device1 only
  • B. Device1 and Device2 only
  • C. Device1, Device2, and Device3 only
  • D. Device1, Device2, and Device4 only
  • E. Device1, Device2, Device3, and Device4


Answer : A

Reference:
https://docs.microsoft.com/en-us/mem/analytics/overview

You have a Microsoft 365 E5 tenant that contains 100 Windows 10 devices.
You plan to deploy a Windows 10 Security Baseline profile that will protect secrets stored in memory.
What should you configure in the profile?

  • A. Microsoft Defender Credential Guard
  • B. BitLocker Drive Encryption (BitLocker)
  • C. Microsoft Defender
  • D. Microsoft Defender Exploit Guard


Answer : A

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10.
You need to verify which version of Windows 10 is installed.
Solution: From Device Manager, you view the computer properties.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Reference:
https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628bec99-476a-2c13-5296-9dd081cdd808

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10.
You need to verify which version of Windows 10 is installed.
Solution: At a command prompt, you run the winver.exe command.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : A

Reference:
https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628bec99-476a-2c13-5296-9dd081cdd808

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10.
You need to verify which version of Windows 10 is installed.
Solution: From the Settings app, you select Update & Security to view the update history.
Does this meet the goal?

  • A. Yes
  • B. No


Answer : B

Reference:
https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628bec99-476a-2c13-5296-9dd081cdd808

Case Study -

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.


Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment -
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

The domain also includes a group named Group1.

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Implement Microsoft 365.
Manage devices by using Endpoint Manager.
Implement Azure Advanced Threat Protection (ATP).
Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
Update computers in the New York office with the spring Semi-Annual Channel feature update.

Technical Requirements -
Contoso identifies the following technical requirements:
When a Windows 10 device is joined to Azure AD, the device must enroll to Endpoint Manager automatically.
Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
User1 must be able to enroll all the New York office mobile devices in Endpoint Manager.
Azure ATP sensors must be installed and must NOT use port mirroring.
Whenever possible, the principle of least privilege must be used.
A Microsoft Store for Business must be created.


Compliance Requirements -
Contoso identifies the following compliance requirements:
Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Endpoint Manager and configured in accordance with the corporate policy.
Configure Windows Information Protection (WIP) for the Windows 10 devices.

You need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices.
What is the minimum of dedicated support technicians required?

  • A. 1
  • B. 4
  • C. 7
  • D. 31


Answer : B

Contoso identifies the following technical requirements:
✑ Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
✑ Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
You can enroll up to 1,000 mobile devices with a single Azure Active Directory account by using a device enrollment manager (DEM) account. We have 3,100 devices; hence we will need 4 DEMs at a minimum.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/device-enrollment-manager-enroll https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager

Case Study -

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.


Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment -
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

The domain also includes a group named Group1.

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Implement Microsoft 365.
Manage devices by using Endpoint Manager.
Implement Azure Advanced Threat Protection (ATP).
Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
Update computers in the New York office with the spring Semi-Annual Channel feature update.

Technical Requirements -
Contoso identifies the following technical requirements:
When a Windows 10 device is joined to Azure AD, the device must enroll to Endpoint Manager automatically.
Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
User1 must be able to enroll all the New York office mobile devices in Endpoint Manager.
Azure ATP sensors must be installed and must NOT use port mirroring.
Whenever possible, the principle of least privilege must be used.
A Microsoft Store for Business must be created.


Compliance Requirements -
Contoso identifies the following compliance requirements:
Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Endpoint Manager and configured in accordance with the corporate policy.
Configure Windows Information Protection (WIP) for the Windows 10 devices.

You need to create the Microsoft Store for Business.
Which user can create the store?

  • A. User2
  • B. User3
  • C. User4
  • D. User5


Answer : C

References:
https://docs.microsoft.com/en-us/microsoft-store/roles-and-permissions-microsoft-store-for-business

Case Study -

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.


Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment -
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

The domain also includes a group named Group1.

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Implement Microsoft 365.
Manage devices by using Endpoint Manager.
Implement Azure Advanced Threat Protection (ATP).
Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
Update computers in the New York office with the spring Semi-Annual Channel feature update.

Technical Requirements -
Contoso identifies the following technical requirements:
When a Windows 10 device is joined to Azure AD, the device must enroll to Endpoint Manager automatically.
Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
User1 must be able to enroll all the New York office mobile devices in Endpoint Manager.
Azure ATP sensors must be installed and must NOT use port mirroring.
Whenever possible, the principle of least privilege must be used.
A Microsoft Store for Business must be created.


Compliance Requirements -
Contoso identifies the following compliance requirements:
Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Endpoint Manager and configured in accordance with the corporate policy.
Configure Windows Information Protection (WIP) for the Windows 10 devices.


HOTSPOT -
You need to meet the Intune requirements for the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

References:
https://docs.microsoft.com/en-us/intune/windows-enroll

Case Study -

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.


Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment -
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

The domain also includes a group named Group1.

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Implement Microsoft 365.
Manage devices by using Endpoint Manager.
Implement Azure Advanced Threat Protection (ATP).
Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
Update computers in the New York office with the spring Semi-Annual Channel feature update.

Technical Requirements -
Contoso identifies the following technical requirements:
When a Windows 10 device is joined to Azure AD, the device must enroll to Endpoint Manager automatically.
Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
User1 must be able to enroll all the New York office mobile devices in Endpoint Manager.
Azure ATP sensors must be installed and must NOT use port mirroring.
Whenever possible, the principle of least privilege must be used.
A Microsoft Store for Business must be created.


Compliance Requirements -
Contoso identifies the following compliance requirements:
Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Endpoint Manager and configured in accordance with the corporate policy.
Configure Windows Information Protection (WIP) for the Windows 10 devices.


HOTSPOT -
You need to configure a conditional access policy to meet the compliance requirements.
You add Exchange Online as a cloud app.
Which two additional settings should you configure in Policy1? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

References:
https://docs.microsoft.com/en-us/intune/create-conditional-access-intune

Case Study -

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.


Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment -
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

The domain also includes a group named Group1.

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Implement Microsoft 365.
Manage devices by using Endpoint Manager.
Implement Azure Advanced Threat Protection (ATP).
Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
Update computers in the New York office with the spring Semi-Annual Channel feature update.

Technical Requirements -
Contoso identifies the following technical requirements:
When a Windows 10 device is joined to Azure AD, the device must enroll to Endpoint Manager automatically.
Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
User1 must be able to enroll all the New York office mobile devices in Endpoint Manager.
Azure ATP sensors must be installed and must NOT use port mirroring.
Whenever possible, the principle of least privilege must be used.
A Microsoft Store for Business must be created.


Compliance Requirements -
Contoso identifies the following compliance requirements:
Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Endpoint Manager and configured in accordance with the corporate policy.
Configure Windows Information Protection (WIP) for the Windows 10 devices.


HOTSPOT -
As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:



Answer :

Explanation:
Contoso plans to implement the following changes:
✑ Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
✑ Update computers in the New York office with the spring Semi-Annual Channel feature update.

Box 1: 24 months -
September Feature Updates (fall Semi-Annual Channel feature updates) are serviced for 30 months from release date but by March, 6 of those 30 months have lapsed; hence, 24 months remains

Box 2: 18 months -
March Feature Updates (spring Semi-Annual Channel feature updates) are serviced for 18 months from release date
Reference:
https://docs.microsoft.com/en-us/lifecycle/announcements/windows-10-servicing-support-updates

Case Study -

Overview -
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The company has the employees and devices shown in the following table.


Contoso recently purchased a Microsoft 365 E5 subscription.

Existing Environment -
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the servers shown in the following table.

All servers run Windows Server 2016. All desktops and laptops run Windows 10 Enterprise and are joined to the domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.

The domain also includes a group named Group1.

Requirements -

Planned Changes -
Contoso plans to implement the following changes:
Implement Microsoft 365.
Manage devices by using Endpoint Manager.
Implement Azure Advanced Threat Protection (ATP).
Update computers in Seattle and Montreal with the fall Semi-Annual Channel feature update.
Update computers in the New York office with the spring Semi-Annual Channel feature update.

Technical Requirements -
Contoso identifies the following technical requirements:
When a Windows 10 device is joined to Azure AD, the device must enroll to Endpoint Manager automatically.
Dedicated support technicians must enroll all the Montreal office mobile devices in Endpoint Manager.
Each dedicated support technician must be assigned only a single Device Enrollment Manager (DEM) account.
User1 must be able to enroll all the New York office mobile devices in Endpoint Manager.
Azure ATP sensors must be installed and must NOT use port mirroring.
Whenever possible, the principle of least privilege must be used.
A Microsoft Store for Business must be created.


Compliance Requirements -
Contoso identifies the following compliance requirements:
Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in Endpoint Manager and configured in accordance with the corporate policy.
Configure Windows Information Protection (WIP) for the Windows 10 devices.

You need to ensure that User1 can enroll the devices to meet the technical requirements.
What should you do?

  • A. From the Azure Active Directory admin center, assign User1 the Cloud device administrator role.
  • B. From the Azure Active Directory admin center, configure the Maximum number of devices per user setting.
  • C. From the Endpoint Management admin center, add User1 as a device enrollment manager.
  • D. From the Endpoint Management admin center, configure the Enrollment restrictions.


Answer : C

References:
https://docs.microsoft.com/en-us/sccm/mdm/deploy-use/enroll-devices-with-device-enrollment-manager

Page:    1 / 17   
Total 256 questions