Microsoft MS-101 Microsoft 365 Mobility and Security Online Training
Microsoft MS-101 Online Training
The questions for MS-101 were last updated at Dec 20,2024.
- Exam Code: MS-101
- Exam Name: Microsoft 365 Mobility and Security
- Certification Provider: Microsoft
- Latest update: Dec 20,2024
Topic 3, Litware Inc.
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overviews
Litware, Inc. is a technology research company. The company has a main office in Montreal and a branch office in Seattle.
Environment
Existing Environment
The network contains an on-premises Active Directory domain named litware.com.
The domain contains the users shown in the following table.
Microsoft Cloud Environment
Litware has a Microsoft 365 subscription that contains a verified domain named litware.com. The subscription syncs to the on-premises domain.
Litware uses Microsoft Intune for device management and has the enrolled devices shown in the following table.
Litware.com contains the security groups shown in the following table.
Litware uses Microsoft SharePoint Online and Microsoft Teams for collaboration.
The verified domain is linked to an Azure Active Directory (Azure AD) tenant named litware.com. Audit log search is turned on for the litware.com tenant.
Problem Statements
Litware identifies the following issues:
✑ Users open email attachments that contain malicious content.
✑ Devices without an assigned compliance policy show a status of Compliant.
✑ User1 reports that the Sensitivity option in Microsoft Office for the web fails to appear.
✑ Internal product codes and confidential supplier ID numbers are often shared during Microsoft Teams meetings and chat sessions that include guest users and external users.
Requirements
Planned Changes
Litware plans to implement the following changes:
✑ Implement device configuration profiles that will configure the endpoint protection template settings for supported devices.
✑ Configure information governance for Microsoft OneDrive, SharePoint Online, and Microsoft Teams.
✑ Implement data loss prevention (DLP) policies to protect confidential information.
✑ Grant User2 permissions to review the audit logs of he litware.com tenant.
✑ Deploy new devices to the Seattle office as shown in the following table.
✑ Implement a notification system for when DLP policies are triggered.
✑ Configure a Safe Attachments policy for the litware.com tenant.
Technical Requirements
Litware identifies the following technical requirements:
✑ Retention settings must be applied automatically to all the data stored in SharePoint Online sites, OneDrive accounts, and Microsoft Teams channel messages, and the data must be retained for five years.
✑ Emails messages that contain attachments must be delivered immediately, and placeholder must be provided for the attachments until scanning is complete.
✑ All the Windows 10 devices in the Seattle office must be enrolled in Intune automatically when the devices are joined to or registered with Azure AD.
✑ Devices without an assigned compliance policy must show a status of Not Compliant in the Microsoft Endpoint Manager admin center.
A notification must appear in the Microsoft 365 compliance center when a DLP policy is triggered.
User2 must be granted the permissions to review audit logs for the following activities:
– Admin activities in Microsoft Exchange Online
– Admin activities in SharePoint Online
– Admin activities in Azure AD
Users must be able to apply sensitivity labels to documents by using Office for the web.
Windows Autopilot must be used for device provisioning, whenever possible.
A DLP policy must be created to meet the following requirements:
– Confidential information must not be shared in Microsoft Teams chat sessions, meetings, or channel messages.
– Messages that contain internal product codes or supplier ID numbers must be blocked and deleted.
The principle of least privilege must be used.
HOTSPOT
You need to ensure that User2 can review the audit logs. The solutions must meet the technical requirements.
To which role group should you add User2, and what should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to create the DLP policy to meet the technical requirements.
What should you configure first?
- A . sensitive info types
- B . the Insider risk management settings
- C . the event types
- D . the sensitivity labels
HOTSPOT
You need to configure automatic enrollment in Intune. The solution must meet the technical requirements.
What should you configure, and to which group should you assign the configurations? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You plan to implement the endpoint protection device configuration profiles to support the planned changes.
You need to identify which devices will be supported, and how many profiles you should implement.
What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You need to create the Safe Attachments policy to meet the technical requirements.
Which option should you select?
- A . Replace
- B . Enable redirect
- C . Block
- D . Dynamic Delivery
You need to configure the compliance settings to meet the technical requirements.
What should you do in the Microsoft Endpoint Manager admin center?
- A . From Compliance policies, modify the Notifications settings.
- B . From Locations, create a new location for noncompliant devices.
- C . From Retire Noncompliant Devices, select Clear All Devices Retire State.
- D . Modify the Compliance policy settings.
You need to configure Office on the web to meet the technical requirements.
What should you do?
- A . Assign the Global reader role to User1.
- B . Enable sensitivity labels for Office files in SharePoint Online and OneDrive.
- C . Configure an auto-labeling policy to apply the sensitivity labels.
- D . Assign the Office apps admin role to User1.
You create the planned DLP policies.
You need to configure notifications to meet the technical requirements.
What should you do?
- A . From the Microsoft 365 security center, configure an alert policy.
- B . From the Microsoft Endpoint Manager admin center, configure a custom notification.
- C . From the Microsoft 365 admin center, configure a Briefing email.
- D . From the Microsoft 365 compliance center, configure the Endpoint DLP settings.
Topic 4, Misc. Questions
HOTSPOT
You have a new Microsoft 365 subscription.
A user named User1 has a mailbox in Microsoft Exchange Online.
You need to log any changes to the mailbox folder permissions of User1.
Which command should you run? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
You have three devices enrolled in Microsoft Intune as shown in the following table.
The device compliance policies in Intune are configured as shown in the following table.
The device compliance policies have the assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.