Start preparing for your Next Exam | Use coupon – TOGETHER | Avail 30% discount

Microsoft 365 Mobility and Security (MS-101) Sample Questions

  1. Home
  3. Microsoft 365 Mobility and Security (MS-101) Sample Questions
Microsoft 365 Mobility and Security (MS-101) Sample Questions

Enterprise Administrators who participate in assessing, planning, migrating, installing, and administering Microsoft 365 services should take the MS-101: Microsoft 365 Mobility and Security exam. These enterprise administrators are in charge of managing a business’s Microsoft 365 tenants, including their identities, security, compliance, and enabling technologies. The article provides a list of Microsoft 365 Mobility and Security (MS-101) Sample Questions that cover core exam topics including –

  • Implement Modern Device Services
  • Implement Microsoft 365 Security and Threat Management
  • Manage Microsoft 365 Governance and Compliance

Q1)You have Active Directory domain-joined Windows 10 Pro devices. You intend to update the devices to Windows 10 Enterprise and create a Microsoft 365 tenant. Windows Hello for Business deployment is something you’re considering. What are the deployment’s two requirements? Each accurate response offers an entire resolution. NOTE: A point is awarded for each choice that is correct.

  • A. Microsoft Endpoint Manager enrollment
  • B. Microsoft Azure Active Directory (Azure AD)
  • C. smartcards
  • D. TPM-enabled devices

Correct Answer: A and B

Refer: Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business

Q2) You are a tenant of Microsoft 365. The Enterprise Mobility + Security licence is given to each user. You must make sure that when users add a device to Microsoft Azure Active Directory (Azure AD), Microsoft Endpoint Manager is automatically registered on that device. What settings should you make?

  • A. Enrollment restrictions from the Endpoint Manager admin center
  • B. device enrollment managers from the Endpoint Manager admin center
  • C. MAM User scope from the Azure Active Directory admin center
  • D. MDM User scope from the Azure Active Directory admin center

Correct Answer: D

Refer: Set up enrollment for Windows devices

Q3) Microsoft Endpoint Manager and Microsoft Endpoint Configuration Manager are used by your organisation to jointly manage devices. Which two operations are restricted to Endpoint Manager? Each accurate response offers an entire resolution. NOTE: A point is awarded for each choice that is correct.

  • A. Deploy applications to Windows 10 devices.
  • B. Deploy VPN profiles to iOS devices.
  • C. Deploy VPN profiles to Windows 10 devices.
  • D. Publish applications to Android devices.

Correct Answer: B and D

Refer: What is co-management?

Q4) Microsoft Azure Active Directory (Azure AD) tenant contoso.onmicrosoft.com is what you have. You are a subscriber to Microsoft 365. Ensure that administrators have access to all Windows 10 devices in your organization’s setup settings. What settings should you make?

  • A. the Enrollment restrictions
  • B. the mobile device management (MDM) authority 
  • C. the Exchange on-premises access settings
  • D. the Windows enrollment settings

Correct Answer:  the mobile device management (MDM) authority

Refer: Set the mobile device management authority

Q5) You have Windows 10 Enterprise-powered devices that are domain-joined. To allow the IT department to assess application compatibility, you intend to postpone the installation of new Windows releases. For the following 30 days, you must stop Windows from receiving updates. What are the two Group Policy settings that you should set up? Each right response offers a piece of the answer. NOTE: A point is awarded for each choice that is correct.

  • A. Select when Quality Updates are received
  • B. Select when Preview Builds and Feature Updates are received
  • C. Turn off auto-restart for updates during active hours
  • D. Manage preview builds
  • E. Automatic updates detection frequency

Correct Answer: B and D

Q6) You have a tenant called contoso.com in Microsoft Azure Active Directory (Azure AD). For contoso.com, you must enable users to register for Microsoft Store for Business. The least privilege principle must be applied to the solution. Which role ought to you give the user?

  • A. Cloud application administrator
  • B. Application administrator
  • C. Global administrator 
  • D. Service administrator

Correct Answer: Global administrator 

Refer: Roles and permissions in Microsoft Store for Business and Education

Q7) Your business is a subscriber to Microsoft 365 E5. Users who work with sensitive data in the research division. Use hyperlinks included in email messages and documents to restrict access to potentially dangerous websites for the research department’s users. There should be no restrictions on users in other departments. What ought you to do?

  • A. Create a data loss prevention (DLP) policy that has a Content is shared condition.
  • B. Modify the default safe links policy.
  • C. Create a data loss prevention (DLP) policy that has a Content contains condition.
  • D. Create a new safe links policy.

Correct Answer: D

Refer: Set up Safe Links policies in Microsoft Defender for Office 365

Q8) You are a tenant of Microsoft 365. Users can access App1, a line-of-business application, using the My Apps site. You develop a conditional access policy for App1 using Conditional Access App Control in response to recent security breaches. If an App1 user’s impossible journey is discovered, you must be notified by email. The answer must make sure that only App1 receives alerts. What ought you to do?

  • A. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy. 
  • B. From Microsoft Cloud App Security, modify the impossible travel alert policy.
  • C. From Microsoft Cloud App Security, create an app discovery policy.
  • D. From the Azure Active Directory admin center, modify the conditional access policy.

Correct Answer: A

Refer: Cloud Discovery anomaly detection policy

Q9) An Active Directory domain with the name contoso.com is present on your network. There are 100 Windows 8.1 devices in the domain. The Windows 8.1 devices will receive a customised Windows 10 Enterprise image from you. You must suggest a strategy for deploying Windows 10. What ought to you suggest?

  • A. a provisioning package
  • B. an in-place upgrade
  • C. wipe and load refresh 
  • D. Windows Autopilot

Correct Answer: B

Refer: Windows client deployment resources and documentation

Q10)The domain contoso.com in Active Directory is present on your network. 100 Windows 8.1 devices are part of the domain. To the Windows 8.1 devices, you intend to distribute a customised Windows 10 Enterprise image. You must suggest a Windows 10 rollout strategy. What should you suggest?

  • A. a provisioning package
  • B. an in-place upgrade
  • C. wipe and load refresh
  • D. Windows Autopilot

Correct Answer: B

Refer: Windows client deployment resources and documentation

Q11) Your business is a subscriber to Microsoft 365 E3. All devices are connected to Microsoft Azure Active Directory and run Windows 10 Pro (Azure AD). The next time users log in to their computer, you must switch Windows 10’s edition to Enterprise. Users’ downtime must be kept to a minimum by the solution. Which should you employ?

  • A. Windows Autopilot
  • B. Windows Update
  • C. Subscription Activation
  • D. an in-place upgrade

Correct Answer: C

Refer: Windows 10/11 Subscription Activation

Q12) An on-premises Active Directory domain on your network is synced with Azure Active Directory (Azure AD). Windows Server 2016 is installed on two servers in the domain called Server1 and Server2. The File Server Resource Manager role service is installed on Server1. To use the Azure Rights Management (Azure RMS) connectivity, Server1 must be configured. You set up Server1 with the Microsoft Management connection. What should you do on Server 1 after that?

  • A. Run the GenConnectorConfig.ps1 script.
  • B. Configure the URL of the AIPMigrated group.
  • C. Enable BitLocker Drive Encryption (BitLocker).
  • D. Install a certification authority (CA).

Correct Answer: A

Explanation: Download and run the GenConnectorConfig.ps1 script if you want to automate the configuration of registry settings on your on-premises servers using the server configuration tool for the RMS connector.

Refer: Installing the RMS connector

Q13)You have a Microsoft 365 E5 subscription that makes use of the tenant contoso.com in Azure Active Directory (Azure AD). Make sure users may enrol devices in Microsoft Endpoint Manager without having to explicitly enter the website’s location. Which two DNS records ought to be set up? Each right response offers a piece of the answer. NOTE: A point is awarded for each choice that is correct.

  • A. a CNAME record for AutoDiscover.contoso.com
  • B. a CNAME record for EnterpriseEnrollment.contoso.com
  • C. a TXT record for EnterpriseRegistration.contoso.com
  • D. an SRV record for _SIP._TLS.contoso.com
  • E. an SRV record for _SIPfederationTLS.contoso.com
  • F. a CNAME record for EnterpriseRegistration.contoso.com
  • G. a TXT record for EnterpriseEnrollment.contoso.com

Correct Answer: B and F

Refer: Simplify Windows enrollment without Azure AD Premium

Q14) You intend to roll out a Windows 10 Security Baseline profile to safeguard any secrets that are temporarily kept in memory. What settings ought to be made in the profile?

  • A. Firstly, Microsoft Defender Credential Guard
  • B. Secondly, BitLocker Drive Encryption (BitLocker)
  • C. Microsoft Defender
  • D. Microsoft Defender Exploit Guard

Correct Answer: A

Q15) You have a tenancy for Microsoft 365 that makes use of Microsoft Endpoint Manager to manage devices. The Company Portal app needs to include the assistance desk’s phone number. What ought you to do?

  • A. From the Microsoft 365 admin center, modify Organization information.
  • B. From the Microsoft Endpoint Manager admin center, create an app configuration policy.
  • C. From Customization in the Microsoft Endpoint Manager admin center, modify the support information for the tenant.
  • D. From the Microsoft 365 admin center, modify Help desk information.

Correct Answer: C

Q16) 1,000 iOS devices that are signed up for Microsoft Intune are part of your Microsoft 365 tenant. You intend to buy apps in bulk and install them on the devices. Utilizing Intune, you must keep track of used licences and control the apps. What payment method should you use to buy the apps?

  • A. Firstly, Microsoft Store for Business
  • B. Secondly, Apple Configurator
  • C. Apple Business Manager
  • D. Apple iTunes Store

Correct Answer: C

Refer: How to manage iOS and macOS apps purchased through Apple Business Manager with Microsoft Intune

Q17) You use Microsoft Intune as part of your Microsoft 365 E5 tenant. Users must be able to choose a department when enrolling their device in Intune, therefore make sure this is possible. What ought you to produce?

  • A. Firstly, scope tags
  • B. Seconly, device configuration profiles
  • C. Further, device categories
  • D. device compliance policies

Correct Answer: C

Refer: Categorize devices into groups

Q18) Your business has several locations. You have a Microsoft 365 E5 tenant that manages devices with Microsoft Intune. There is a local administrator in each office. You must make sure that local administrators are limited to managing devices in their own offices. Which should you employ?

  • A. Firstly, scope tags
  • B. Secondly, configuration profiles
  • C. device categories
  • D. conditional access policies

Correct Answer: A

Refer: Use role-based access control (RBAC) and scope tags for distributed IT

Q19) You are a subscriber to Microsoft 365. If users get emails with files that are infected with viruses, you need to be made aware of it. What ought you to do?

  • A. From the Exchange admin center, create an in-place eDiscovery & hold.
  • B. From the Security & Compliance admin center, create a safe attachments policy.
  • C. From the Security & Compliance admin center, create a data loss prevention (DLP) policy.
  • D. From the Security & Compliance admin center, create an alert policy.

Correct Answer: D

Refer: Alert policies in Microsoft 365

Q20) You are a tenant of Microsoft Azure Active Directory. The business must register for Microsoft Store for Business. The least privilege principle must be applied to the solution. Which role ought to you give the user?

  • A. Global administrator
  • B. Cloud application administrator
  • C. Application administrator
  • D. Service administrator

Correct Answer: A

Refer: Sign up for Microsoft Store for Business or Microsoft Store for Education

Microsoft 365 Mobility and Security (MS-101) free practice test
Menu