Exam MS-101: Microsoft 365 Mobility and Security | Practice Test / Quiz / MCQs

1. You create a new Microsoft 365 subscription and assign Microsoft 365 E3 licenses to 100 users. From the Security & Compliance admin center, you enable auditing. You are planning the auditing strategy. Which activities will be audited by default?

A user purges messages from their mailbox.An administrator creates a new Microsoft SharePoint site collection. An administrator creates a new mail flow rule. A user shares a Microsoft SharePoint folder with an external user.NoneA user delegates permissions to their mailbox.

2. Your company has a Microsoft 365 E5 subscription. Users in the research department work with sensitive data. You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted. What should you do from the Security & Compliance admin center?

Modify the default safe links policy.Create a data loss prevention (DLP) policy that has a Content contains condition.Create a new safe links policy.Create a data loss prevention (DLP) policy that has a Content is shared condition.

3. You have computers that run Windows 10 Enterprise and are joined to the domain. You plan to delay the installation of new Windows builds so that the IT department can test application compatibility. You need to prevent Windows from being updated for the next 30 days. Which Group Policy settings should you configure?

Select when Quality Updates are receivedAutomatic updates detection frequencyTurn off auto-restart for updates during active hoursSelect when Preview Builds and Feature Updates are received - Manage preview builds

4. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. You need to provide a user with the ability to sign up for Microsoft Store for Business for contoso.com. The solution must use the principle of least privilege. Which role should you assign to the user?

Global administratorService administratorCloud application administratorApplication administrator

5. You have a Microsoft 365 tenant. You have a line-of-business application named App1 that users access by using the My Apps portal. After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control. You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only. What should you do?

From Microsoft Cloud App Security, modify the impossible travel alert policy.From the Azure Active Directory admin center, modify the conditional access policy.From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.From Microsoft Cloud App Security, create an app discovery policy.

6. You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.) The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.) Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office. You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege. What should you do?

From the Azure Active Directory admin center, create a named location.From the conditional access policy, configure the device state.From the Intune admin center, create a device compliance policy.From the Azure Active Directory admin center, create a custom control.

7. You are deploying Microsoft Intune. You successfully enroll Windows 10 devices in Intune. When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You add your user account as a device enrollment manager. Does this meet the goal?

NoneYesNoDon't know

8. You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. You have a Microsoft 365 subscription. You need to ensure that users can manage the configuration settings for all the Windows 10 devices in your organization. What should you configure?

the Enrollment restrictionsthe mobile device management (MDM) authoritythe Exchange on-premises access settingsthe Windows enrollment settings

9. You are deploying Microsoft Intune. You successfully enroll Windows 10 devices in Intune. When you try to enroll an iOS device in Intune, you get an error. You need to ensure that you can enroll the iOS device in Intune. Solution: You configure the Apple MDM Push certificate. Does this meet the goal?

NoneNoDon't knowYes

10. You have Windows 10 Pro devices that are joined to an Active Directory domain. You plan to create a Microsoft 365 tenant and to upgrade the devices to Windows 10 Enterprise. You are evaluating whether to deploy Windows Hello for Business for SSO to Microsoft 365 services. What are the prerequisites of the deployment?

computers that have biometric hardware featuressmartcardsMicrosoft Intune enrollment - Microsoft Azure Active Directory (Azure AD)TPM-enabled devices

11. You have a Microsoft 365 subscription. You need to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity during the past month. The solution must minimize administrative effort. Which admin center should you use?

Cloud App SecurityFlowSecurity & ComplianceAzure ATP

12. You have a Microsoft 365 subscription. You need to view the IP address from which a user synced a Microsoft SharePoint library. What should you do?

From the SharePoint admin center, view the usage reports.From the Security & Compliance admin center, perform an audit log search.From the Microsoft 365 admin center, view the properties of the user?s user account.From the Microsoft 365 admin center, view the usage reports.

13. You have a Microsoft 365 subscription. You configure a data loss prevention (DLP) policy. You discover that users are incorrectly marking content as false positive and bypassing the DLP policy. You need to prevent the users from bypassing the DLP policy. What should you configure?

exceptionsincident reportsactionsuser overrides

14. In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments. Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.) You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com. What should you configure?

a conditionan actiona groupan exception

15. You need to recommend a solution for the security administrator. The solution must meet the technical requirements. What should you include in the recommendation?

Microsoft Azure Active Directory (Azure AD) Identity ProtectionMicrosoft Azure Active Directory (Azure AD) authentication methodsMicrosoft Azure Active Directory (Azure AD) Privileged Identity ManagementMicrosoft Azure Active Directory (Azure AD) conditional access policies

16. You use Microsoft System Center Configuration Manager (Current Branch) to manage devices. Your company uses the following types of devices: Windows 10 Windows 8.1 Android iOS Which devices can be managed by using co-management?

Windows 10 and Windows 8.1 onlyWindows 10, Android, and iOS onlyWindows 10 onlyWindows 10, Windows 8.1, Android, and iOS

17. You need to meet the technical requirement for large-volume document retrieval. What should you create?

an activity policy from Microsoft Cloud App Securitya file policy from Microsoft Cloud App Securityan alert policy from the Security & Compliance admin centera data loss prevention (DLP) policy from the Security & Compliance admin center

18. From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.) What will be excluded from the export?

a 5-KB RTF filea 5-MB MP3 filea 10-MB XLSX filea 60-MB DOCX file

19. Your company uses Microsoft Azure Advanced Threat Protection (ATP) and Windows Defender ATP. You need to integrate Windows Defender ATP and Azure ATP. What should you do?

From Windows Defender Security Center, configure the Machine management settings.From Windows Defender Security Center, configure the General settings.From Azure ATP, configure the notifications and reports.From Azure ATP, configure the data sources.

20. You need to meet the technical requirement for the EU PII data. What should you create?

a retention policy from the Exchange admin centera retention policy from the Security & Compliance admin centera data loss prevention (DLP) policy from the Security & Compliance admin centera data loss prevention (DLP) policy from the Exchange admin center

21. Your company has a Microsoft 365 tenant. The company sells products online and processes credit card information. You need to be notified if a file stored in Microsoft SharePoint Online contains credit card information. The file must be removed automatically from its current location until an administrator can review its contents. What should you use?

a Microsoft Cloud App Security access policya Microsoft Cloud App Security file policya Security & Compliance data loss prevention (DLP) policya Security & Compliance retention policy

22. Your company has a Microsoft 365 subscription. You implement Microsoft Azure Information Protection. You need to automatically protect email messages that contain the word Confidential in the subject line. What should you create?

a sharing policy from the Exchange admin centera supervision policy from the Security & Compliance admin centera message trace from the Security & Compliance admin centera mail flow rule from the Exchange admin center

23. Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices. You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States. You plan to onboard all the devices to Windows Defender ATP. You need to store the Windows Defender ATP data in Europe. What should you first?

Delete the workspace.Create a workspace.Onboard a new device.Offboard the test devices.

24. You have a Microsoft 365 tenant. All users are assigned the Enterprise Mobility + Security license. You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Intune automatically. What should you configure?

device enrollment managers from the Intune admin centerMDM User scope from the Azure Active Directory admin centerMAM User scope from the Azure Active Directory admin centerEnrollment restrictions from the Intune admin center

25. You need to protect the U.S. PII data to meet the technical requirements. What should you create?

a data loss prevention (DLP) policy that contains a user overridea data loss prevention (DLP) policy that contains a domain exceptiona Security & Compliance retention policy that detects content containing sensitive dataa Security & Compliance alert policy that contains an activity

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

25 Questions

❤ If you liked Fatskills, consider supporting us by checking out The Life Manuals You Never Got.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know? Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson© 2026 Fatskills.com

All trademarks, logos and brand names are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, trademarks and brands does not imply endorsement.

About | Explore | User Guide | Topics | Subjects | Doubt Solver | Career Aptitude Test | Answers | Free Tools | What Should We Know?
Privacy | Terms |

Without work one finishes nothing. - Ralph Waldo Emerson
© 2026 Fatskills.com