MS-101 Free Practice Test

- (Exam Topic 4)
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Solution:
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/quickstart-configure-named-location

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have a Microsoft 365 E5 tenant.
The Microsoft Secure Score for the tenant is shown in the following exhibit.

You plan to enable Security defaults for Azure Active Directory (Azure AD). Which three improvement actions will this affect?

1. A. Require MFA for administrative roles.
2. B. Ensure all users can complete multi-factor authentication for secure access
3. C. Enable policy to block legacy authentication
4. D. Enable self-service password reset
5. E. Use limited administrative roles

Correct Answer: ABC
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults

- (Exam Topic 4)
You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)

The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)

Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.
You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.
What should you do?

1. A. From the conditional access policy, configure the device state.
2. B. From the Azure Active Directory admin center, create a custom control.
3. C. From the Intune admin center, create a device compliance policy.
4. D. From the Azure Active Directory admin center, create a named location.

Correct Answer: D

References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

- (Exam Topic 4)
HOTSPOT
You have a Microsoft 365 subscription.
Your network uses an IP address space of 51.40.15.0/24.
An Exchange Online administrator recently created a role named Role1 from a computer on the network. You need to identify the name of the administrator by using an audit log search.
For which activities should you search and by which field should you filter in the audit log search? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:


Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 4)
You have a Microsoft 365 E5 subscription.
You configure a new alert policy as shown in the following exhibit.

You need to identify the following:
How many days it will take to establish a baseline for unusual activity.
Whether alerts will be triggered during the establishment of the baseline.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Solution:
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A