{"id":85679,"date":"2022-11-13T23:09:48","date_gmt":"2022-11-14T04:39:48","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=85679"},"modified":"2023-09-27T00:46:46","modified_gmt":"2023-09-27T06:16:46","slug":"ms-101-exam-questions","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/","title":{"rendered":"25 Free Questions on MS-101: Microsoft 365 Mobility and Security"},"content":{"rendered":"<p>Are you studying for the <a href=\"https:\/\/www.whizlabs.com\/ms-101-microsoft-365-mobility-and-security\/\" target=\"_blank\" rel=\"noopener\">MS-101: Microsoft 365 Mobility and Security<\/a> certification exam? If so, you may need to practice on MS-101 exam questions about some of the topics covered on the exam. With this MS-101 exam, you can demonstrate your knowledge of Microsoft 365 security and compliance features, and show that you&#8217;re ready to implement these features in your organization.<\/p>\n<p>Here we have the updated list of MS-101 practice questions on Microsoft 365 Mobility and security which are very relevant\u00a0 to the real exam as well.<\/p>\n<p><em>Latest Updates\u00a0 : <\/em><b>MS-101<\/b><b> will retire on September 30, 2023. A replacement exam, <\/b><a href=\"https:\/\/www.whizlabs.com\/ms-102-exam-microsoft-365-administrator\/\" target=\"_blank\" rel=\"noopener\"><b>MS-102: Microsoft 365 Administrator(beta)<\/b><\/a><b>, is available.<\/b><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Why_do_we_provide_Microsoft_365_Mobility_and_Security_exam_questions_for_free\" >Why do we provide Microsoft 365 Mobility and Security exam questions for free?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#What_skills_will_you_gain_by_obtaining_MS-101_Microsoft_365_Mobility_and_Security_exam\" >What skills will you gain by obtaining MS-101 Microsoft 365 Mobility and Security exam?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#MS-101_Exam_Questions_on_Microsoft_365_Mobility_and_Security\" >MS-101 Exam Questions on Microsoft 365 Mobility and Security\u00a0<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services\" >Domain : Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_security_and_threat_management\" >Domain : Manage Microsoft 365 security and threat management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services-2\" >Domain : Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_security_and_threat_management-2\" >Domain : Manage Microsoft 365 security and threat management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services-3\" >Domain : Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-2\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-3\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services-4\" >Domain : Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Case_Study_Q10_to_Q12\" >Case Study (Q.10 to Q.12)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-4\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-5\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-6\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-7\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_Microsoft_365_security_and_threat_management\" >Domain : Implement Microsoft 365 security and threat management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_Microsoft_365_security_and_threat_management-2\" >Domain : Implement Microsoft 365 security and threat management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services-5\" >Domain : Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_Microsoft_365_security_and_threat_management-3\" >Domain : Implement Microsoft 365 security and threat management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-8\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services-6\" >Domain : Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-9\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services-7\" >Domain : Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_Microsoft_365_security_and_threat_management-4\" >Domain: Implement Microsoft 365 security and threat management<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Manage_Microsoft_365_governance_and_compliance-10\" >Domain : Manage Microsoft 365 governance and compliance<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Domain_Implement_modern_device_services-8\" >Domain: Implement modern device services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.whizlabs.com\/blog\/ms-101-exam-questions\/#Summary\" >Summary<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Why_do_we_provide_Microsoft_365_Mobility_and_Security_exam_questions_for_free\"><\/span>Why do we provide Microsoft 365 Mobility and Security exam questions for free?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>There are a few reasons why we offer MS-101: Microsoft 365 Mobility and Security exam questions for free.<\/p>\n<p>First, we want to make sure that everyone has access to the latest and greatest information on Microsoft 365. By providing the MS-101 exam questions for free, we can help keep everyone up-to-date on the latest changes and news.<\/p>\n<p>Second, we want to help people prepare for the certification exam. By providing the questions for free, we can help people get a head start on studying for the exam. Third, we want to show our support for the Microsoft 365 community. By providing the questions for free, we can help people who are using Microsoft 365 in their businesses or organizations.<\/p>\n<p>We hope that these reasons why we offer MS-101: Microsoft 365 Mobility and Security questions for free will help you understand our motivations. We believe that by providing the MS-101 exam questions for free, we can help make Microsoft 365 a success for everyone.<\/p>\n<blockquote><p>Know About: <a href=\"https:\/\/www.whizlabs.com\/blog\/microsoft-365-certifications\/\" target=\"_blank\" rel=\"noopener\">Microsoft 365 Certification Path<\/a><\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"What_skills_will_you_gain_by_obtaining_MS-101_Microsoft_365_Mobility_and_Security_exam\"><\/span>What skills will you gain by obtaining MS-101 Microsoft 365 Mobility and Security exam?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>One of the most important skills for the MS-101 certification exam is knowing how to configure and manage Microsoft 365 security settings. This includes understanding how to configure <a href=\"https:\/\/www.whizlabs.com\/blog\/what-is-azure-active-directory-all-that-you-should-know\/\" target=\"_blank\" rel=\"noopener\">Azure Active Directory<\/a>, Intune, and other security services. You can learn more about this by reading Microsoft 365 documentation, or by taking a free course on Microsoft Learn.<\/p>\n<p>Another important skill for the MS-101 exam is knowing how to troubleshoot Microsoft 365 issues. This includes being able to troubleshoot issues with Exchange Online, SharePoint Online, and other Microsoft 365 services. You can learn more about this by reading Microsoft 365 documentation, or by taking a free course on Microsoft Learn.<\/p>\n<p>Finally, it is also important to have a good understanding of Microsoft 365 licensing. This includes understanding the different types of licenses available, and how to configure them. You can learn more about this by reading Microsoft 365 documentation, or by taking a free course on Microsoft Learn.<\/p>\n<p>By learning the skills we mentioned above, you will be well on your way to passing the MS-101 exam. And remember, you can always find more help and resources for studying for the exam on the Microsoft 365 Community website.<\/p>\n<p><em>Let\u2019s get started!<\/em><\/p>\n<h3 style=\"text-align: center;\"><span class=\"ez-toc-section\" id=\"MS-101_Exam_Questions_on_Microsoft_365_Mobility_and_Security\"><\/span><span style=\"color: #ff6600;\">MS-101 <\/span><span style=\"color: #ff6600;\">Exam Questions on <\/span><span style=\"color: #ff6600;\">Microsoft 365 Mobility and Security\u00a0<\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services\"><\/span>Domain : Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 1 : <\/b><span style=\"font-weight: 400;\">Whizlabs Inc has a Microsoft 365 tenant. You plan to allow users that are members of a group named Group_Hr Team to enroll their device in mobile device management (MDM).\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\">The device limit restrictions are configured as shown in the following table.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Priority<\/b><\/td>\n<td><b>Name<\/b><\/td>\n<td><b>Device limit<\/b><\/td>\n<td><b>Assigned to<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">1<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Group_HrTeam<\/span><\/td>\n<td><span style=\"font-weight: 400;\">10<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Group_HrTeam<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">2<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Head Office<\/span><\/td>\n<td><span style=\"font-weight: 400;\">15<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Group_HrTeam<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">3<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Mum_India<\/span><\/td>\n<td><span style=\"font-weight: 400;\">20<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Test_Team<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Default<\/span><\/td>\n<td><span style=\"font-weight: 400;\">All Users<\/span><\/td>\n<td><span style=\"font-weight: 400;\">50<\/span><\/td>\n<td><span style=\"font-weight: 400;\">All Users<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">What is the device limit for the members of the Group_HrTeam group?\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>10<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>15<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>20<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>50<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation: <\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The device limit set based on highest priority for Group_HrTeam is 10.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Device limit 15 is incorrect because it has a lower priority.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Device limit 20 is incorrect because Group_HrTeam is not part of this priority.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The default device limit does not implicitly assign to Group_HrTeam.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/enrollment-restrictions-set#create-a-device-platform-restriction\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/enrollment-restrictions-set#create-a-device-platform-restriction<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_security_and_threat_management\"><\/span>Domain : Manage Microsoft 365 security and threat management<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drag &amp; Drop &#8211; Matching<\/span><\/p>\n<p><b>Question 2 : <\/b><span style=\"font-weight: 400;\">Whizlabs Inc. has a Microsoft 365 subscription. You are a global administrator in Microsoft 365, and you are given a responsibility to grant appropriate permissions to newly joined employees. Details of roles and the responsibility are as below:\u00a0<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400;\">Responsibility\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Roles<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">View and manage user&#8217;s email mailboxes, Microsoft 365 groups, and Exchange Online<\/span><\/td>\n<td><span style=\"font-weight: 400;\">A. Office Apps admin<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Use the Office cloud policy service to create and manage cloud-based policies<\/span><\/td>\n<td><span style=\"font-weight: 400;\">B. Security administrator<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Control organization&#8217;s overall security by managing security policies, reviewing security analytics and reports across Microsoft 365 products, and staying up-to-speed on the threat landscape.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">C. Compliance administrator<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Help organizations stay compliant with any regulatory requirements, manage eDiscovery cases, and maintain data governance policies across Microsoft 365 locations, identities, and apps.<\/span><\/td>\n<td><span style=\"font-weight: 400;\">D. Exchange admin<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Please match the correct role to each responsibility. The solution must use the principle of least privilege:<\/span><\/p>\n<p><b>Correct Answer:<\/b><\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>Responsibility<\/strong><\/td>\n<td><strong>Roles<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>View and manage user&#8217;s email mailboxes, Microsoft 365 groups, and Exchange Online<\/strong><\/td>\n<td><strong>D. Exchange admin\u00a0<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Use the Office cloud policy service to create and manage cloud-based policies<\/strong><\/td>\n<td><strong>A. Office Apps admin\u00a0<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Control organization&#8217;s overall security by managing security policies, reviewing security analytics and reports across Microsoft 365 products, and staying up-to-speed on the threat landscape.<\/strong><\/td>\n<td><strong>B. Security administrator<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Help organizations stay compliant with any regulatory requirements, manage eDiscovery cases, and maintain data governance policies across Microsoft 365 locations, identities, and apps.<\/strong><\/td>\n<td><strong>C. Compliance administrator<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Exchange admin \u2013<\/b><span style=\"font-weight: 400;\"> With exchange admin permissions users can view and manage mailboxes, Microsoft 365 groups, and Exchange Online.\u00a0<\/span><\/p>\n<p><b>Office Apps admin \u2013<\/b><span style=\"font-weight: 400;\"> With this permission, one can configure an office cloud policy service to create and manage cloud-based policies<\/span><\/p>\n<p><b>Security administrator \u2013<\/b><span style=\"font-weight: 400;\"> Security Administrator permission allows you to control an organization&#8217;s overall security by managing security policies, reviewing security analytics, and reports across Microsoft 365 products, and staying up-to-speed on the threat landscape.<\/span><\/p>\n<p><b>Compliance administrator \u2013<\/b><span style=\"font-weight: 400;\"> Compliant administrator permission helps organizations stay compliant with any regulatory requirements, manage eDiscovery cases, and maintain data governance policies across Microsoft 365 locations, identities, and apps.<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/admin\/add-users\/about-admin-roles?view=o365-worldwide\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/admin\/add-users\/about-admin-roles?view=o365-worldwide<\/span><\/a>,<span style=\"font-weight: 400;\">\u00a0<\/span><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/permissions-microsoft-365-security-center?view=o365-worldwide\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/permissions-microsoft-365-security-center?view=o365-worldwide<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services-2\"><\/span>Domain : Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 3 : <\/b><span style=\"font-weight: 400;\">Whizlabs Inc. has a Microsoft 365 E5 subscription that uses an Azure AD tenant named Whizlabs.Inc. Every time a user registers their device in Intune, they have to enter the address of Intune servers. Which of the following two DNS records will solve this issue?\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>A CNAME record for AutoDiscover.whizlabs.inc<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>A CNAME record for EnterpriseEnrollment.whizlabs.inc<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>A SRV record for _SIPfederationTLS.whizlabs.inc\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>A CNAME record for EnterpriseRegistration.whizlabs.inc<\/span><\/p>\n<p><b>Correct Answers: B and D<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">To simplify enrollment, create a domain name server (DNS) alias (CNAME record type) that redirects enrollment requests to Intune servers. Otherwise, users trying to connect to Intune must enter the Intune server name during enrollment.\u00a0<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-85680\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-3.png\" alt=\"\" width=\"882\" height=\"141\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-3.png 882w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-3-300x48.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-3-768x123.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-3-640x102.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-3-681x109.png 681w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-3-150x24.png 150w\" sizes=\"(max-width: 882px) 100vw, 882px\" \/><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\"> because this CNAME record is used for auto-configuring outlook.<\/span><\/p>\n<p><b>Option B is correct<\/b><span style=\"font-weight: 400;\"> because this enables automatic enrollment without entering the address of Intune.<\/span><\/p>\n<p><b>Option C is incorrect<\/b><span style=\"font-weight: 400;\"> because this SRV record is used for publishing and will help to \u201cdiscover\u201d federation<\/span><\/p>\n<p><b>Option D is correct<\/b><span style=\"font-weight: 400;\"> because this enables automatic enrollment without entering the address of Intune.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/windows-enroll#step-1-create-cname-optional\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/windows-enroll#step-1-create-cname-optional<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_security_and_threat_management-2\"><\/span>Domain : Manage Microsoft 365 security and threat management<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drag &amp; Drop &#8211; Matching<\/span><\/p>\n<p><b>Question 4 :\u00a0 <\/b><span style=\"font-weight: 400;\">Whizlabs has a Microsoft 365 subscription. You have the devices shown in the following table.\u00a0<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Operating Systems\u00a0<\/b><\/td>\n<td><b>Quantity<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 11<\/span><\/td>\n<td><span style=\"font-weight: 400;\">50<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows Server 2008 R2<\/span><\/td>\n<td><span style=\"font-weight: 400;\">5<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows Server 2016<\/span><\/td>\n<td><span style=\"font-weight: 400;\">2<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 8.1<\/span><\/td>\n<td><span style=\"font-weight: 400;\">4<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">You need to onboard the devices to Microsoft Defender for Endpoint. The solution must avoid installing any specific software on the devices whenever possible. Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems.\u00a0<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 11<\/span><\/td>\n<td><span style=\"font-weight: 400;\">A. Local Script<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows Server 2008 R2<\/span><\/td>\n<td><span style=\"font-weight: 400;\">B. Intune<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows Server 2016<\/span><\/td>\n<td><span style=\"font-weight: 400;\">C. Microsoft Monitoring Agent (MMA)<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 8.1<\/span><\/td>\n<td><span style=\"font-weight: 400;\">D. Azure Log Analytics agent<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Correct Answer: B, D, A and C<\/b><\/p>\n<table>\n<tbody>\n<tr>\n<td><strong>Windows 11<\/strong><\/td>\n<td><strong>B. Intune<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2008 R2<\/strong><\/td>\n<td><strong>D. Azure Log Analytics agent<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows Server 2016<\/strong><\/td>\n<td><strong>A. Local Script<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Windows 8.1<\/strong><\/td>\n<td><strong>C. Microsoft Monitoring Agent (MMA)<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Windows 11 \u2013 Since there are 50 devices it is desirable to configure it using Intune.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Windows Server 2008 R2 \u2013 For onboarding older operating systems, we need Azure Log Analytics Agent.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Windows Server 2016 \u2013 Since there are only two devices, the Local script is most appropriate for this deployment.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Windows 8.1 &#8211; Microsoft Monitoring agent is used on devices that are older than Windows 10.\u00a0<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/configure-endpoints?view=o365-worldwide#endpoint-onboarding-tools\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/configure-endpoints?view=o365-worldwide#endpoint-onboarding-tools<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services-3\"><\/span>Domain : Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 5 :<\/b><span style=\"font-weight: 400;\"> Whizlabs Inc. has a Microsoft 365 E5 subscription. The company has 100 Windows 8.1 devices and 50 Windows 10 Pro devices, and they are joined to Azure Active Directory. You are asked to change the edition of Windows 10 Pro to Enterprise the next time a user logs into their devices. This change should not allow devices to reboot.\u00a0 Which of the following is the best solution suited for the given requirement?\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>An in-place upgrade<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Windows Update<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Subscription Activation\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Provisioning a package<\/span><\/p>\n<p><b>Correct Answer: C<\/b><\/p>\n<p><b>Explanation: <\/b><span style=\"font-weight: 400;\">Deploying Windows 10 Enterprise or Windows 11 Enterprise in your organization can now be accomplished with no keys and no reboots. Devices with a current Windows 10 Pro license or Windows 11 Pro license can be seamlessly upgraded to Windows 10 Enterprise or Windows 11 Enterprise, respectively.<\/span><\/p>\n<p><b>Option A is incorrect<\/b><span style=\"font-weight: 400;\"> because the option requires a reboot.<\/span><\/p>\n<p><b>Option B is incorrect<\/b><span style=\"font-weight: 400;\"> because the option requires a reboot.<\/span><\/p>\n<p><b>Option C is correct<\/b><span style=\"font-weight: 400;\"> because devices with a current Windows 10 Pro license can be seamlessly upgraded to Windows 10 Enterprise.<\/span><\/p>\n<p><b>Option D is incorrect<\/b><span style=\"font-weight: 400;\"> because this would not help in activating the enterprise license.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/deployment\/windows-10-subscription-activation#subscription-activation-for-windows-1011-enterprise\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/windows\/deployment\/windows-10-subscription-activation#subscription-activation-for-windows-1011-enterprise<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 6 : <\/b><span style=\"font-weight: 400;\">This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.<\/span><\/p>\n<p><b>(same series &#8211; Q.6 to Q.8)<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Whizlabs Inc has Microsoft 365 subscription. Company policy does not want users to send email messages that contain Social Security Numbers.\u00a0<\/span><\/p>\n<p><b>Solution: <\/b><span style=\"font-weight: 400;\">From the Microsoft Purview center, you create a data loss prevention (DLP) policy. State Yes if correct or No.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Yes<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>No<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation: <\/b><span style=\"font-weight: 400;\">You can use either Exchange mail flow rules or Microsoft Purview data loss prevention (DLP) to create a sensitive information type policy with Office 365 Message Encryption.\u00a0<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/ome-sensitive-info-types?view=o365-worldwide#to-create-the-policy-by-using-mail-flow-rules-in-the-eac\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/ome-sensitive-info-types?view=o365-worldwide#to-create-the-policy-by-using-mail-flow-rules-in-the-eac<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-2\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 7 :<\/b><span style=\"font-weight: 400;\"> This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Whizlabs Inc has Microsoft 365 subscription. Company policy does not want users to send email messages that contain Social Security Numbers.\u00a0<\/span><\/p>\n<p><b>Solution: <\/b><span style=\"font-weight: 400;\">From the Azure portal, you create a Microsoft Azure Information Protection label and an Azure Information Protection policy. State Yes if correct or No.<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Yes<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>No<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation: <\/b><span style=\"font-weight: 400;\">You can use either Exchange mail flow rules or Microsoft Purview data loss prevention (DLP) to create a sensitive information type policy with Office 365 Message Encryption.\u00a0<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/ome-sensitive-info-types?view=o365-worldwide#to-create-the-policy-by-using-mail-flow-rules-in-the-eac\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/ome-sensitive-info-types?view=o365-worldwide#to-create-the-policy-by-using-mail-flow-rules-in-the-eac<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-3\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 8 :<\/b><span style=\"font-weight: 400;\"> This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Whizlabs Inc has Microsoft 365 subscription. Company policy does not allow users to send email messages that contain Social Security Numbers.\u00a0<\/span><\/p>\n<p><b>Solution: <\/b><span style=\"font-weight: 400;\">From the Microsoft Defender for Cloud Apps admin center, you create an access policy. Does this meet the goal?\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A.<\/strong> <\/span><strong><span style=\"font-weight: 400;\">Yes<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B.<\/strong> No<\/span><\/strong><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation: <\/b><span style=\"font-weight: 400;\">You can use either Exchange mail flow rules or Microsoft Purview data loss prevention (DLP) to create a sensitive information type policy with Office 365 Message Encryption.\u00a0<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/ome-sensitive-info-types?view=o365-worldwide#to-create-the-policy-by-using-mail-flow-rules-in-the-eac\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/ome-sensitive-info-types?view=o365-worldwide#to-create-the-policy-by-using-mail-flow-rules-in-the-eac<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services-4\"><\/span>Domain : Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drag &amp; Drop &#8211; Arranging<\/span><\/p>\n<p><b>Question 9 : <\/b><span style=\"font-weight: 400;\">\u00a0Whizlabs Inc. has 100 Windows 10 devices. The company wants to utilize Windows 10 features to reduce attack surfaces. After going through rigorous auditing of the feature, they are now moving towards the final phase of the implementation plan.\u00a0 What is the correct order of implementation steps for enabling attack surface reduction rules?\u00a0<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Review Microsoft 365 Defender Reporting<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Set Rules to \u201cBlock\u201d<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Assess impact, create, or refine exclusions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Revert Problematic rules to \u201cAudit\u201d or disable<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>1, 2, 3, 4\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>2, 1, 3, 4<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>3, 2, 1, 4<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>2, 4, 3, 1<\/span><\/p>\n<p><b>Correct Answer: B\u00a0<\/b><\/p>\n<p><b>Explanation: <\/b><span style=\"font-weight: 400;\">Microsoft recommends the below steps to the successful implementation of attack surface reduction for Windows 10 devices:<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-85681\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-9.png\" alt=\"\" width=\"774\" height=\"164\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-9.png 774w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-9-300x64.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-9-768x163.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-9-640x136.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-9-681x144.png 681w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-9-150x32.png 150w\" sizes=\"(max-width: 774px) 100vw, 774px\" \/><\/p>\n<p><span style=\"font-weight: 400;\"><strong>2.<\/strong> Set Rules to \u201cBlock\u201d<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>1. <\/strong>Review Microsoft 365 Defender Reporting<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>3. <\/strong>Assess impact, create, or refine exclusions<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>4. <\/strong>Revert Problematic rules to \u201cAudit\u201d or disable<\/span><\/p>\n<p><b>Option B is correct<\/b><span style=\"font-weight: 400;\"> because this option lists the correct order.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/attack-surface-reduction-rules-deployment-implement?view=o365-worldwide<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3 style=\"text-align: center;\"><span class=\"ez-toc-section\" id=\"Case_Study_Q10_to_Q12\"><\/span><b>Case Study (Q.10 to Q.12)<\/b><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Overview<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Whizlabs.io is a new startup based in India.\u00a0 The company is in the fintech business with 25 employees.\u00a0 The company is fully online, and all employees work remotely from their homes. The company processes the credit card data of the users and retains the user&#8217;s personally identifiable information such as name, age, address, and photos for a limited time.\u00a0<\/span><\/p>\n<p><b>Existing Environment\u00a0<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Microsoft Azure Active Directory is used for identity management.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Three apps are hosted using Microsoft Web Apps.<\/span>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Dev.whizlabs.io<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Prod.whizlabs.io<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Support.whizlabs.io<\/span><\/li>\n<\/ol>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Two virtual machines for File and Print Services<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Azure Firewall<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Microsoft 365 E3 Subscription<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Three Azure Active Directory (Azure AD) groups<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Gr-Support-Team <\/span> <span style=\"font-weight: 400;\"> &#8211; All support services employees are part of this group<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Gr-Management-Team<\/span> <span style=\"font-weight: 400;\">&#8211; All managers are part of this group<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Gr-Sales-Team<\/span> <span style=\"font-weight: 400;\">&#8211; All sales team employees are part of this group<\/span><\/p>\n<p><b>User Devices:\u00a0<\/b><\/p>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400;\">Operating Systems<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Number of Devices<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 7<\/span><\/td>\n<td><span style=\"font-weight: 400;\">2<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 8.1<\/span><\/td>\n<td><span style=\"font-weight: 400;\">3<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 10<\/span><\/td>\n<td><span style=\"font-weight: 400;\">5<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Windows 11<\/span><\/td>\n<td><span style=\"font-weight: 400;\">10<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">MacOS<\/span><\/td>\n<td><span style=\"font-weight: 400;\">5<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Planned Changes<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Deploy Microsoft 365 voice calling services<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Implement a log collection solution based on Microsoft Services<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Manage, protect, and collect system logs of all user\u2019s devices centrally\u00a0<\/span><\/li>\n<\/ol>\n<p><b>Technical Requirements<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Prevent leakage of any user\u2019s credit card information<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mark any documents or emails which contain credit card information as confidential and restrict its usage to the owner and management team group only.<\/span><\/li>\n<\/ol>\n<p><b>Security Requirements<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Protect all the user devices against ransomware<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All user\u2019s device drives should be encrypted<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Identify high-risk individuals in the company<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Retain User data for 7 years<\/span><\/li>\n<\/ol>\n<p><b>Compliance Requirements<\/b><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All user\u2019s data should be purged after 30 days of termination of account<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">User data of the Gr-Management-Team group should be retained for 90 days after the account is terminated.<\/span><\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-4\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 10 : <\/b><span style=\"font-weight: 400;\">To deploy a phone calling solution, which of the following options is most feasible, cost-effective, and easy to implement?\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Purchase Microsoft Teams Phone Standard Plan<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Upgrade your Microsoft 365 E3 plan to E5<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Microsoft 365 E3 comes with calling solutions<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Upgrade your Microsoft 365 E3 plan to A5<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Microsoft 365 E5 includes a phone system that enables PBX capabilities such as call control in the cloud with Teams. Audio conferencing which conducts or calls in to meetings from your phone allows up to 300 phone attendees.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Microsoft 365 E5 is a premium purchasing option that includes best-in-class productivity apps and advanced security, compliance, and analytical capabilities for your enterprise. Current E1 and E3 customers can upgrade to E5 for a reduced price.<\/span><\/p>\n<p><b>Option A is incorrect <\/b><span style=\"font-weight: 400;\">because a separate plan needs to be purchased.<\/span><\/p>\n<p><b>Option B is correct <\/b><span style=\"font-weight: 400;\">because<\/span> <span style=\"font-weight: 400;\">it is most feasible and easy to implement in a given scenario and there is reduced pricing for existing E3 subscribers.<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because it is incorrect as E3 does not have a calling facility.<\/span><\/p>\n<p><b>Option D is incorrect <\/b><span style=\"font-weight: 400;\">because plan A5 is for academic organizations.<\/span><\/p>\n<p><b>Reference:\u00a0<\/b><a href=\"https:\/\/www.microsoft.com\/en-in\/microsoft-teams\/microsoft-teams-phone#coreui-banner-4zt270o\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/www.microsoft.com\/en-in\/microsoft-teams\/microsoft-teams-phone#coreui-banner-4zt270o<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-5\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drg &amp; Drop &#8211; Aligning<\/span><\/p>\n<p><b>Question 11 : <\/b><span style=\"font-weight: 400;\">To meet the given compliance requirements, please match the best available option:<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>All user\u2019s data should be purged after 30 days of termination of the account.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Emails of the Gr-Management-Team group should be retained for 90 days after the account is terminated.<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Deletion of user account<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Create a data loss prevention policy\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Create a data retention policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>F. <\/strong>Create a service endpoint policies<\/span><\/p>\n<p><b>Correct Answer: A and C<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Deletion of user account<\/b><span style=\"font-weight: 400;\"> \u2013 When you delete a user, the account becomes inactive for approximately 30 days. You&#8217;ve until then to restore the account before it&#8217;s permanently deleted.<\/span><\/p>\n<p><b>Create a data retention policy<\/b><span style=\"font-weight: 400;\"> \u2013 If a Microsoft 365 retention policy is applied to a mailbox, or one or more email items in a mailbox have a retention label applied, and then the Microsoft 365 user account is deleted, the mailbox will be converted into an inactive mailbox. If the retention settings are configured to retain and then delete content, items will be moved to the Recoverable Items folder when the retention duration expires, and then eventually purged from the inactive mailbox.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Service endpoint policies enable to filter virtual network traffic to specific Azure resources, over service endpoints. This is not suitable for any of the two requirements.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With DLP policies, you can identify, monitor, and automatically protect sensitive information across Office 365. This is not suitable for any of the two requirements.<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/admin\/add-users\/remove-former-employee-step-7?view=o365-worldwide\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/admin\/add-users\/remove-former-employee-step-7?view=o365-worldwide<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/inactive-mailboxes-in-office-365?view=o365-worldwide#inactive-mailboxes-and-microsoft-365-retention\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/inactive-mailboxes-in-office-365?view=o365-worldwide#inactive-mailboxes-and-microsoft-365-retention<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/security\/compass\/information-protection-and-storage-capabilities\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/security\/compass\/information-protection-and-storage-capabilities<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-network\/virtual-network-service-endpoint-policies-portal\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/virtual-network\/virtual-network-service-endpoint-policies-portal<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-6\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drag &amp; Drop &#8211; Arranging (keeping 4th option as \u2018No order\u2019\u2019)<\/span><\/p>\n<p><b>Question 12 : <\/b><span style=\"font-weight: 400;\">To meet security requirements, please drag the correct Microsoft solution with respect to the requirements.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Requirements<\/b><\/td>\n<td><b>Microsoft Solution<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Protect all the user devices against ransomware\u00a0<\/span><\/td>\n<td><span style=\"font-weight: 400;\">A. Microsoft Azure Identity Protection<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">All user\u2019s devices drive should be encrypted<\/span><\/td>\n<td><span style=\"font-weight: 400;\">B. Microsoft Defender for Endpoint<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Identify high-risk individuals in the company<\/span><\/td>\n<td><span style=\"font-weight: 400;\">C. Microsoft Intune<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Retain User data for 7 years<\/span><\/td>\n<td><span style=\"font-weight: 400;\">D. Microsoft Purview<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Correct Answer: B, D, A and C<\/b><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Requirements<\/b><\/td>\n<td><b>Microsoft Solution<\/b><\/td>\n<\/tr>\n<tr>\n<td><strong>Protect all the user devices against ransomware\u00a0<\/strong><\/td>\n<td><strong>B. Microsoft Defender for Endpoint<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>All user\u2019s devices drive should be encrypted<\/strong><\/td>\n<td><strong>D. Microsoft Purview<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Identify high-risk individuals in company<\/strong><\/td>\n<td><strong>A. Microsoft Azure Identity Protection<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Retain User data for 7 years<\/strong><\/td>\n<td><strong>C. Microsoft Intune<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><b>Explanation:<\/b><\/p>\n<p><b>Microsoft Defender for Endpoint<\/b><span style=\"font-weight: 400;\"> &#8211; Controlled folder access is a useful feature in helping to protect your documents and information from ransomware. In a ransomware attack, your files can get encrypted and held hostage. With controlled folder access in place, a notification appears on the computer where an app attempts to make changes to a file in a protected folder.<\/span><\/p>\n<p><b>Microsoft Intune<\/b><span style=\"font-weight: 400;\"> \u2013 Endpoint security Disk encryption profiles focus on only the settings that are relevant for a device&#8217;s built-in encryption method, like Filevault or BitLocker. This focus makes it easy for security admins to manage disk encryption settings without having to navigate a host of unrelated settings.<\/span><\/p>\n<p><b>Microsoft Azure Identity Protection<\/b><span style=\"font-weight: 400;\"> &#8211; Risk detections in Azure AD Identity Protection include any identified suspicious actions related to user accounts in the directory. Risk detections (both user and sign-in linked) contribute to the overall user risk score that is found in the Risky Users report.<\/span><\/p>\n<p><b>Microsoft Purview &#8211; <\/b><span style=\"font-weight: 400;\">One can leverage the Data Lifecycle Management feature of Microsoft Purview and create retention policy based on requirement. Data lifecycle management provides you with tools and capabilities to retain the content that you need to keep, and delete the content that you don&#8217;t.\u00a0<\/span><\/p>\n<p><b>References:\u00a0<\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/identity-protection\/concept-identity-protection-risks\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/identity-protection\/concept-identity-protection-risks<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/protect\/endpoint-security-disk-encryption-policy\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/protect\/endpoint-security-disk-encryption-policy<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/controlled-folders?view=o365-worldwide#why-controlled-folder-access-is-important\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/controlled-folders?view=o365-worldwide#why-controlled-folder-access-is-important<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-7\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drag &amp; Drop &#8211; Arranging<\/span><\/p>\n<p><b>Question 13 :\u00a0 <\/b><span style=\"font-weight: 400;\">To achieve technical requirements of preventing leakage of any user\u2019s personally identifiable and credit card information, you need to create a policy in Microsoft Purview. What are the correct steps for achieving it?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Data loss prevention<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Create Policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Policies<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Choose the information to protect<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Name your policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>F. <\/strong>Locations to apply the policy<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>G. <\/strong>Policy Settings<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>H. <\/strong>Review your settings<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>I. <\/strong>Test or turn on policy<\/span><\/p>\n<p><b>Correct Answer: A, C, B, D, E, F, G, I and H<\/b><b>\u00a0<\/b><\/p>\n<p><strong>A. Data loss prevention<\/strong><br \/>\n<strong>C. Policies<\/strong><br \/>\n<strong>B. Create Policy<\/strong><br \/>\n<strong>D. Choose the information to protect<\/strong><br \/>\n<strong>E. Name your policy<\/strong><br \/>\n<strong>F. Locations to apply the policy<\/strong><br \/>\n<strong>G. Policy Settings<\/strong><br \/>\n<strong>I. Test or turn on policy<\/strong><br \/>\n<strong>H. Review your settings<\/strong><\/p>\n<p><b>Explanation:<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The easiest, most common way to get started with DLP policies is to use one of the templates included in the Microsoft Purview compliance portal.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You can use one of these templates as is or customize the rules to meet your organization&#8217;s specific compliance requirements.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To configure the policy, you can navigate through the Microsoft Purview compliance portal &gt; Solutions &gt; Data loss prevention &gt; Policies &gt; Create Policy &gt; Choose the information to protect &gt; Name your policy &gt; Locations to apply the policy &gt; Policy Settings &gt; Test or turn on the policy &gt; Review your settings.<\/span><\/p>\n<p><b>Option B is correct<\/b><span style=\"font-weight: 400;\"> because it reflects the correct sequence.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/create-a-dlp-policy-from-a-template?view=o365-worldwide#create-the-dlp-policy-from-a-template\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/create-a-dlp-policy-from-a-template?view=o365-worldwide#create-the-dlp-policy-from-a-template<\/span><\/a><b>\u00a0<\/b><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_Microsoft_365_security_and_threat_management\"><\/span>Domain : Implement Microsoft 365 security and threat management<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drag &amp; Drop &#8211; Aligning<\/span><\/p>\n<p><b>Question 14 :<\/b><span style=\"font-weight: 400;\"> Whizlabs Inc. has Microsoft 365 subscription. The company is utilizing\u00a0 Microsoft 365 Defender for Cloud Apps which provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyber threats across all your Microsoft and third-party cloud services.\u00a0 Their endpoints are managed using Microsoft defender endpoints. The company wants to integrate Microsoft Defender for Cloud Apps with Microsoft Defender for Endpoint. Which of the following are the prerequisites for this implementation plan? [CHOOSE THREE]<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Microsoft Defender for Endpoint Plan 2 license<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Microsoft Azure Sentinel<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Microsoft Defender Antivirus<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Windows 10 or above\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>E. <\/strong>Cloud Access Security Broker (CASB)<\/span><\/p>\n<p><b>Correct Answers: A, C and D<\/b><\/p>\n<p><b>Explanation:<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Microsoft Defender for Cloud Apps integrates with Microsoft Defender for Endpoint natively. The integration simplifies roll out of Cloud Discovery, extends Cloud Discovery capabilities beyond your corporate network, and enables device-based investigation, however, there are a few prerequisites for it as below:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Microsoft Defender for Cloud Apps license<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Microsoft Defender for Endpoint\u00a0Plan 2 license<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Windows 10 version 1709 (OS Build 16299.1085 with KB4493441), Windows 10 version 1803 (OS Build 17134.704 with KB4493464), Windows 10 version 1809 (OS Build 17763.379 with KB4489899) or later Windows 10 and Windows 11 versions<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Microsoft Defender Antivirus<\/span>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Real-time protection enabled<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Cloud-delivered protection enabled<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Network protection enabled and configured to block mode<\/span><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<p><b>Option A is correct <\/b><span style=\"font-weight: 400;\">because for this integration the license for Microsoft Defender for Cloud Apps is required.<\/span><\/p>\n<p><b>Option B is incorrect <\/b><span style=\"font-weight: 400;\">because Azure Sentinel is a separate security information and event management (SIEM) solution and is not needed for this implementation.<\/span><\/p>\n<p><b>Option C is correct <\/b><span style=\"font-weight: 400;\">because<\/span> <span style=\"font-weight: 400;\">for this integration the license for Microsoft Defender for Endpoint Plan 2 license is required.<\/span><\/p>\n<p><b>Option D is correct <\/b><span style=\"font-weight: 400;\">because only devices windows 10 or above are supported.<\/span><\/p>\n<p><b>Option E is incorrect <\/b><span style=\"font-weight: 400;\">because Microsoft Defender for Cloud Apps itself is a Cloud Access Security Broker (CASB) that supports various deployment modes including log collection, API connectors, and reverse proxy.<\/span><\/p>\n<p><b>Reference:\u00a0<\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/defender-cloud-apps\/mde-integration#prerequisites\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/defender-cloud-apps\/mde-integration#prerequisites<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_Microsoft_365_security_and_threat_management-2\"><\/span>Domain : Implement Microsoft 365 security and threat management<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 15 : <\/b><span style=\"font-weight: 400;\">\u00a0Whizlabs Inc. has a Microsoft 365 subscription. The company wants to ensure that all email senders to the organization are verified.\u00a0 Which of the following Microsoft 365 Defender threat policies do you need to configure?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Safe Links<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Anti-phishing<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Safe Attachments<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Anti-spam<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Phishing is an email attack that tries to steal sensitive information in messages that appear to be from legitimate or trusted senders. In Microsoft 365 Defender you can configure impersonation protection settings for specific message senders and sender domains, mailbox intelligence settings, and adjustable advanced phishing thresholds.<\/span><\/p>\n<p><b>Option A is incorrect <\/b><span style=\"font-weight: 400;\">because it protects users from opening and sharing malicious links in email messages and Office apps.<\/span><\/p>\n<p><b>Option B is correct <\/b><span style=\"font-weight: 400;\">because under this policy you can configure impersonation protection settings for specific message senders and sender domains, mailbox intelligence settings, and adjustable advanced phishing thresholds.<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because it protects organizations from malicious content in email attachments and files in SharePoint, OneDrive, and Teams.<\/span><\/p>\n<p><b>Option D is incorrect <\/b><span style=\"font-weight: 400;\">because it protects an organization&#8217;s email from spam, including what actions to take if spam is detected.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/anti-phishing-protection?view=o365-worldwide#additional-anti-phishing-protection-in-microsoft-defender-for-office-365\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/office-365-security\/anti-phishing-protection?view=o365-worldwide#additional-anti-phishing-protection-in-microsoft-defender-for-office-365<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services-5\"><\/span>Domain : Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 16 :<\/b><span style=\"font-weight: 400;\"> Whizlabs Inc. has a Microsoft 365 tenant. Company is planning to allow users that are members of a group \u2018Group_Hr Team\u2019 to enroll their device in mobile device management (MDM). The device type restrictions are configured as shown in the following tables. Which of the following platforms, Group_HrTeam is able to enroll?\u00a0 To answer, select the appropriate options in the answer area.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Priority<\/b><\/td>\n<td><b>Name<\/b><\/td>\n<td><b>Allowed Devices<\/b><\/td>\n<td><b>Assigned to<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">1<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Windows<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Windows<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Sales<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">2<\/span><\/td>\n<td><span style=\"font-weight: 400;\">iOS<\/span><\/td>\n<td><span style=\"font-weight: 400;\">iOS<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Group_HrTeam<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Default<\/span><\/td>\n<td><span style=\"font-weight: 400;\">All Users<\/span><\/td>\n<td><span style=\"font-weight: 400;\">All Platforms<\/span><\/td>\n<td><span style=\"font-weight: 400;\">All Users<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Windows<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>iOS<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>All Platform<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>None of them<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">The allowed device type for Group_HrTeam is iOS, based on the priority set in device type restriction mentioned in the table.<\/span><\/p>\n<p><b>Reference:<\/b> <a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/enrollment-restrictions-set#create-a-device-platform-restriction\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/enrollment-restrictions-set#create-a-device-platform-restriction<\/span><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_Microsoft_365_security_and_threat_management-3\"><\/span>Domain : Implement Microsoft 365 security and threat management<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 17 : <\/b><span style=\"font-weight: 400;\">A software development company based in Germany has 1,000 Windows 11 devices. During the initial setup, by default, all log data were kept in the United States. You plan to onboard all the devices to Microsoft Endpoint Defender. To ensure GDPR compliance, you need to ensure data is stored in Europe. What should be the correct order to tackle the situation?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Create a workspace.\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Onboard a new device.\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Delete the workspace.\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Offboard the test devices.<\/span><\/p>\n<p><b>Correct Answer:\u00a0 D<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Once the devices are onboarded, the storage location cannot be changed. In order to change the location, you first need to offboard the devices.<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter size-full wp-image-85682\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17.png\" alt=\"\" width=\"1299\" height=\"441\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17.png 1299w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17-300x102.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17-1024x348.png 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17-768x261.png 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17-1237x420.png 1237w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17-640x217.png 640w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17-681x231.png 681w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/365-17-150x51.png 150w\" sizes=\"(max-width: 1299px) 100vw, 1299px\" \/><\/p>\n<p><b>Option A is incorrect <\/b><span style=\"font-weight: 400;\">because creating a new workspace wouldn\u2019t allow you to onboard existing devices.<\/span><\/p>\n<p><b>Option B is incorrect <\/b><span style=\"font-weight: 400;\">because if you are onboarding new devices, they will still be stored in the same location which is currently configured.<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because you can\u2019t delete workspace until you have offboarded the devices residing in it presently.\u00a0<\/span><\/p>\n<p><b>Option D is correct <\/b><span style=\"font-weight: 400;\">because you need to offboard all the devices in the existing workspace to change the location of the data to be stored.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/production-deployment?view=o365-worldwide#data-center-location\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/security\/defender-endpoint\/production-deployment?view=o365-worldwide#data-center-location<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-8\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 18 :<\/b><span style=\"font-weight: 400;\"> Whizlabs Inc. has a Microsoft 365 subscription. All users are assigned a Microsoft 365 E3 license. The company has Standard Audit enabled. What is the maximum number of days the audit log data will be retained in Microsoft 365?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>30 days\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>90 days<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>180 days<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>365 days\u00a0<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><b>Option B is correct <\/b><span style=\"font-weight: 400;\">because when an audited activity is performed by a user or admin, an audit record is generated and stored in the audit log for your organization. In Audit (Standard), records are retained for 90 days.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">All other options are <\/span><b>incorrect<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/auditing-solutions-overview?view=o365-worldwide#audit-standard\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/auditing-solutions-overview?view=o365-worldwide#audit-standard<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services-6\"><\/span>Domain : Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 19 : <\/b><span style=\"font-weight: 400;\">An Organization has a Microsoft 365 subscription and manages all the devices using Microsoft Endpoint Manager. The company has 50 Windows 11 devices and 50 iOS devices.\u00a0 To meet the following requirements:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Devices should be able to connect to a secured Wi-Fi network named WhizNet.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Eight-character password is needed to lock the devices.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">What is the minimum number of device configuration profiles you need to create in Microsoft Endpoint Manager?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>1<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>2<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>3<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>4<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">You would require 4 profiles to achieve the requirements.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">2 x Wi-Fi configuration profiles (One for iOS. one for Win 10).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">2 x Device restrictions for password requirements (One for iOS. one for Win 10).<\/span><\/p>\n<p><b>Option A is incorrect <\/b><span style=\"font-weight: 400;\">because all requirements cannot be bundled into one policy.<\/span><\/p>\n<p><b>Option B is incorrect <\/b><span style=\"font-weight: 400;\">because 2 profiles are not sufficient for two different types of devices and their two different requirements.\u00a0<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because 3 profiles would not meet all the requirements.<\/span><\/p>\n<p><b>Option D is correct <\/b><span style=\"font-weight: 400;\">because 4 profiles are required to achieve the requirements.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">2 x Wi-Fi configuration profiles (One for iOS. one for Win 10).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">and 2 x Device restrictions for password requirements (One for iOS. one for Win 10).<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/configuration\/device-restrictions-ios#password\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/configuration\/device-restrictions-ios#password<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/configuration\/device-restrictions-windows-10#password\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/configuration\/device-restrictions-windows-10#password<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/configuration\/wi-fi-settings-configure\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/configuration\/wi-fi-settings-configure<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-9\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 20 :<\/b><span style=\"font-weight: 400;\"> An Organization has Microsoft 365 subscription. The compliance officer has requested to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity in the past month. Which of the following Microsoft solution can provide you with the requested information?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Microsoft Defender for Identity<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Microsoft Purview<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Microsoft Defender for Cloud Apps<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Flow Checker<\/span><\/p>\n<p><b>Correct Answer: B<\/b><\/p>\n<p><b>Explanation:\u00a0\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Microsoft Purview Communication Compliance is an insider risk solution that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization. You can generate and review the activities by users and apps used by them.<\/span><\/p>\n<p><b>Option A is incorrect <\/b><span style=\"font-weight: 400;\">because Microsoft Defender for Identity is a cloud-based security solution that leverages your on-premises Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.<\/span><\/p>\n<p><b>Option B is correct <\/b><span style=\"font-weight: 400;\">because Microsoft Purview Communication Compliance is an insider risk solution that helps minimize communication risks by helping you detect, capture, and act on inappropriate messages in your organization.<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because Microsoft Defender for Cloud Apps is used for protecting your apps.\u00a0<\/span><\/p>\n<p><b>Option D is incorrect <\/b><span style=\"font-weight: 400;\">because Flow Checker in Power Automate promotes higher quality flows by ensuring you follow best practices when you design flows. When you run the checker, you get insights into questions like &#8220;which areas of my flow&#8217;s implementation pose a performance or reliability risk?&#8221;.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/search-the-audit-log-in-security-and-compliance?view=o365-worldwide#search-the-audit-log\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/search-the-audit-log-in-security-and-compliance?view=o365-worldwide#search-the-audit-log<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4>Domain : Implement Microsoft 365 security and threat management<\/h4>\n<p><b>Question 21 : <\/b><span style=\"font-weight: 400;\">An Organization has Microsoft 365 E5 tenant containing 50 Windows 10 devices. You need to configure a Windows 10 security baseline to protect the device from memory leakage.\u00a0 What should you configure in the profile?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Microsoft Defender Credential Guard<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Windows Sandbox<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Windows Defender Application Control<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Microsoft Defender Exploit Guard<\/span><\/p>\n<p><b>Correct Answer:\u00a0 A<\/b><\/p>\n<p><b>Explanation:\u00a0\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Windows Defender Credential Guard helps protects your systems from credential theft attack techniques (pass-the-hash or pass-the-ticket) as well as helping prevent malware from accessing system secrets even if the process is running with admin privileges.<\/span><\/p>\n<p><b>Option A is correct <\/b><span style=\"font-weight: 400;\">because Windows Defender Credential Guard helps protects your systems from credential theft attack techniques as well as helping prevent malware from accessing system secrets.<\/span><\/p>\n<p><b>Option B is incorrect <\/b><span style=\"font-weight: 400;\">because Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains &#8220;sandboxed&#8221; and runs separately from the host machine. A sandbox is temporary. When it&#8217;s closed, all the software and files and the state are deleted.<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run.\u00a0<\/span><\/p>\n<p><b>Option D is incorrect <\/b><span style=\"font-weight: 400;\">because exploit protection automatically applies several exploit mitigation techniques to operating system processes and apps. Exploit protection gives organizations detailed reporting into exploit protection events and blocks as part of typical alert investigation scenarios.\u00a0<\/span><\/p>\n<p><b>Reference:\u00a0<\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/security\/identity\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/windows\/security\/identity<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services-7\"><\/span>Domain : Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 22 :<\/b><span style=\"font-weight: 400;\">\u00a0 An Organization has a Microsoft Azure Active Directory (Azure AD) tenant named Whiz.inc and a Microsoft 365 subscription.\u00a0 The company has four new users who have the devices shown in the following table.<\/span><\/p>\n<table>\n<tbody>\n<tr>\n<td><b>Users<\/b><\/td>\n<td><b>Operating Systems<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">WhizU1<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Windows 8.1<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">WhizU2<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Windows 11<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">WhizU3<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Android 11<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">WhizU4<\/span><\/td>\n<td><span style=\"font-weight: 400;\">iOS 15<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-weight: 400;\">Microsoft 365 subscription is configured to ensure that the new devices enroll in Microsoft Endpoint Manager automatically.\u00a0 Which user\u2019s device can be enrolled in Microsoft Endpoint Manager automatically?<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>WhizU2 only<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>WhizU2 and WhizU3 only<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>WhizU2, WhizU3, and WhizU4 only\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>WhizU1, WhizU2, WhizU3, WhizU4<\/span><\/p>\n<p><b>Correct Answer: A<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Only Windows 10 and 11 are eligible for automatic enrollment in Endpoint Manager.<\/span><\/p>\n<p><b>Option A is correct <\/b><span style=\"font-weight: 400;\">because users with Windows 10 or later are eligible for automatic enrollment in Microsoft Endpoint Manager.<\/span><\/p>\n<p><b>Option B is incorrect <\/b><span style=\"font-weight: 400;\">because any earlier version than Windows 10 requires manual intervention for registering in Endpoint Manager.<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because users with Windows 10 or later devices are entitled to automatically enroll their devices.<\/span><\/p>\n<p><b>Option D is incorrect <\/b><span style=\"font-weight: 400;\">because users with iOS devices cannot automatically enroll their devices.<\/span><\/p>\n<p><b>Reference:\u00a0<\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/windows-enroll\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/enrollment\/windows-enroll<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_Microsoft_365_security_and_threat_management-4\"><\/span>Domain: Implement Microsoft 365 security and threat management<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 23 : <\/b><span style=\"font-weight: 400;\">A Company uses Microsoft Defender for Cloud Apps, and has planned to integrate Defender for Cloud Apps and security information and event management (SIEM). What do you need to perform to deploy a SIEM agent on a server running Windows Server 2016? [SELECT TWO]<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Install Java 8<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Install Microsoft .Net Framework 3.5<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Run the Java command and specify the -jar parameter.\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Run the Set-MMAgent cmdlet<\/span><\/p>\n<p><b>Correct Answers: A and C<\/b><\/p>\n<p><b>Explanation:\u00a0\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">To install the agent, you would require a SIEM agent that is written in .jar format. To run .jar file you would require Java.\u00a0 For this particular file, you would require at least Java 8 or above.\u00a0 Extract the .jar file and run the below command to install the agent on the Windows Server 2016.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">java -jar mcas-siemagent-0.87.20-signed.jar [&#8211;logsDirectory DIRNAME] [&#8211;proxy ADDRESS[:PORT]] &#8211;token TOKEN<\/span><\/p>\n<p><b>Option A is correct <\/b><span style=\"font-weight: 400;\">because since the setup file is in a jar format, you would need Java 8 or later.<\/span><\/p>\n<p><b>Option B is incorrect <\/b><span style=\"font-weight: 400;\">because it would require an application that is based on .exe or .msi format or agent is written in .net code.\u00a0<\/span><\/p>\n<p><b>Option C is correct <\/b><span style=\"font-weight: 400;\">because you need the SIEM agent based on jar format. Extract the file and run the command to install the agent.<\/span><\/p>\n<p><b>Option D is incorrect <\/b><span style=\"font-weight: 400;\">because set-mmagent cmdlet will install Microsoft Monitoring Agent.\u00a0<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/defender-cloud-apps\/siem#step-2-download-the-jar-file-and-run-it-on-your-server\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/defender-cloud-apps\/siem#step-2-download-the-jar-file-and-run-it-on-your-server<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Manage_Microsoft_365_governance_and_compliance-10\"><\/span>Domain : Manage Microsoft 365 governance and compliance<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Question 24 :<\/b><span style=\"font-weight: 400;\"> A Company has a Microsoft 365 subscription linked to an Azure Active Directory (Azure AD) tenant named whizlabs.onmicrosoft.com. Johannah (username: jgarratte) stores her documents in Microsoft OneDrive. The legal department wants to place her OneDrive data on an eDiscovery hold. Which URL should be set to use for the eDiscovery hold?\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>https:\/\/onedrive.live.com\/jgarratte\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>https:\/\/whizlabs.onmicrosoft.com\/Sites\/jgarratte\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>https:\/\/whizlabs.sharepoint.com\/whizlabs_onmicrosoft_com\/jgarratte\u00a0<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>https:\/\/whizlabs-my.sharepoint.com\/personal\/jgarratte_whizlabs_onmicrosoft_com<\/span><\/p>\n<p><b>Correct Answer: D<\/b><\/p>\n<p><b>Explanation:\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">When you want to search for a OneDrive, this domain <\/span><a href=\"https:\/\/contoso-my.sharepoint.com\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/contoso-my.sharepoint.com<\/span><\/a><span style=\"font-weight: 400;\"> contains all your OneDrive data; so if you want to put a user\u2019s drive on eDiscovery hold, you can use URL for <\/span><a href=\"https:\/\/contoso-my.sharepoint.com\/personal\/username_contoso_onmicrosoft.com\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/contoso-my.sharepoint.com\/personal\/username_contoso_onmicrosoft.com<\/span><\/a><span style=\"font-weight: 400;\"> a user&#8217;s OneDrive site.<\/span><\/p>\n<p><b>Option A is incorrect <\/b><span style=\"font-weight: 400;\">because the link is for a public user account not related to Microsoft 365 service.<\/span><\/p>\n<p><b>Option B is incorrect <\/b><span style=\"font-weight: 400;\">because the given site does not hold any OneDrive user\u2019s URLs.<\/span><\/p>\n<p><b>Option C is incorrect <\/b><span style=\"font-weight: 400;\">because the URL does not point to any personal folder of the user.<\/span><\/p>\n<p><b>Option D is correct <\/b><span style=\"font-weight: 400;\">because the given link stores personal user\u2019s data that can be used to put eDiscovery on hold for the user\u2019s OneDrive Data.<\/span><\/p>\n<p><b>Reference: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/create-ediscovery-holds?view=o365-worldwide#preserve-content-in-onedrive-accounts\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/microsoft-365\/compliance\/create-ediscovery-holds?view=o365-worldwide#preserve-content-in-onedrive-accounts<\/span><\/a><b>\u00a0<\/b><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Domain_Implement_modern_device_services-8\"><\/span>Domain: Implement modern device services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Type: Drag and Drop &#8211; Arranging<\/span><\/p>\n<p><b>Question 25 :<\/b><span style=\"font-weight: 400;\"> A Company has a Microsoft 365 E5 tenant that contains 100 Android devices enrolled in Microsoft Intune.\u00a0 The company wants to deploy a Google Play app to the devices using Microsoft Endpoint Manager. The steps are given below, please put the steps in the correct order.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\"><strong>A. <\/strong>Add the app<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>B. <\/strong>Assign the app<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>C. <\/strong>Create a Google account<\/span><br \/>\n<span style=\"font-weight: 400;\"><strong>D. <\/strong>Link the account to Intune<\/span><\/p>\n<p><b>Correct Answer: C, D, A and B\u00a0<\/b><\/p>\n<p><strong>C. Create a Google account<\/strong><br \/>\n<strong>D. Link the account to Intune<\/strong><br \/>\n<strong>A. Add the app<\/strong><br \/>\n<strong>B. Assign the app<\/strong><\/p>\n<p><b>Explanation:\u00a0\u00a0<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Before you assign an app to a device or a group of users, you must first add the app to Microsoft Intune. To add an app in Microsoft Intune you must have a google account to link it with Intune.<\/span><\/p>\n<p><b>References: <\/b><a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/apps\/apps-add#before-you-add-apps\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/apps\/apps-add#before-you-add-apps<\/span><\/a>,\u00a0<a href=\"https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/apps\/store-apps-android\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">https:\/\/docs.microsoft.com\/en-us\/mem\/intune\/apps\/store-apps-android<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Summary\"><\/span>Summary<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>We hope the above list of MS-101 exam questions are helpful for your preparation journey. However the MS-101 exam covers a wide range of topics, including Azure Information Protection, Azure Active Directory, and Microsoft Intune. So, you can expect to see questions on topics such as configuring and managing Azure Information Protection, implementing and managing Azure Active Directory, and configuring and managing Microsoft Intune.<\/p>\n<p>The enterprise administrator serves as the connecting point for all Microsoft 365 workloads. This position coordinates different <strong>Microsoft 365 workloads<\/strong> and provides advice to architects and workload administrators.<\/p>\n<p>If you have any doubts on MS-101 exam questions preparation, please feel free to contact us!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Are you studying for the MS-101: Microsoft 365 Mobility and Security certification exam? If so, you may need to practice on MS-101 exam questions about some of the topics covered on the exam. With this MS-101 exam, you can demonstrate your knowledge of Microsoft 365 security and compliance features, and show that you&#8217;re ready to implement these features in your organization. Here we have the updated list of MS-101 practice questions on Microsoft 365 Mobility and security which are very relevant\u00a0 to the real exam as well. Latest Updates\u00a0 : MS-101 will retire on September 30, 2023. A replacement exam, [&hellip;]<\/p>\n","protected":false},"author":371,"featured_media":85724,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[15],"tags":[4944],"class_list":["post-85679","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-azure","tag-ms-101-exam-questions"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",1280,720,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-150x150.webp",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-300x169.webp",300,169,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-768x432.webp",768,432,true],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-1024x576.webp",1024,576,true],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",1280,720,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",1280,720,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",24,14,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",48,27,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",96,54,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",150,84,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions.webp",300,169,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-250x250.webp",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-640x720.webp",640,720,true],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-96x96.webp",96,96,true],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2022\/11\/MS-101-exam-questions-150x84.webp",150,84,true]},"uagb_author_info":{"display_name":"Sweta Singhal","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/sweta\/"},"uagb_comment_info":7,"uagb_excerpt":"Are you studying for the MS-101: Microsoft 365 Mobility and Security certification exam? If so, you may need to practice on MS-101 exam questions about some of the topics covered on the exam. With this MS-101 exam, you can demonstrate your knowledge of Microsoft 365 security and compliance features, and show that you&#8217;re ready to&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/85679","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/371"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=85679"}],"version-history":[{"count":9,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/85679\/revisions"}],"predecessor-version":[{"id":91205,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/85679\/revisions\/91205"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/85724"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=85679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=85679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=85679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}