Is this exam completely free?

ExamCademy offers a free preview for every exam, covering around 20% of the total questions. Full access to all questions is available for free by signing up for an account. Optional supporters unlock AstroTutor (AI tutor) and advanced study modes.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! ExamCademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our practice questions are community-created and moderator-reviewed to align with realistic exam objectives, style, and difficulty.

MS-101 by Microsoft - Page 1 | ExamCademy

Mode Selection

Question 1

Question 2

Question 3

You have a Microsoft 365 E5 subscription. The subscription contains users that have the following types of devices:

• Windows 10
• Android
• iOS

On which devices can you configure the Endpoint DLP policies?

A Windows 10 only
B Windows 10 and Android only
C Windows 10 and iOS only
D Windows 10, Android, and iOS

Question 4

DRAG DROP

You have a Microsoft 365 E5 subscription and an on-premises server named Server1.

You plan to configure automatic log upload for continuous reports in Microsoft Defender for Cloud Apps.

You download a Docker log collector image to Server1.

You need integrate Defender for Cloud Apps with the log collector.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Question 5

HOTSPOT

You have a Microsoft 365 subscription that contains an Endpoint data loss prevention (Endpoint DLP) policy named Policy1 and the devices shown in the following table.

Question 6

You have an on-premises network that has several legacy applications. The applications perform LDAP queries against an existing directory service.

You are migrating the on-premises infrastructure to a cloud-only infrastructure.

You need to recommend an identity solution for the infrastructure that supports the legacy applications. The solution must minimize the administrative effort to maintain the infrastructure.

Which identity service should you include in the recommendation?

A Azure Active Directory (Azure AD) B2C
B Active Directory Domain Services (AD DS)
C Azure Active Directory (Azure AD)
D Azure Active Directory Domain Services (Azure AD DS)

Question 7

HOTSPOT

You have a hybrid cloud infrastructure.

You plan to deploy the Azure applications shown in the following table.

Question 8

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft Intune.

You have the Azure AD security groups shown in the following table.

Question 9

You have an Azure AD tenant.

You have 1,000 computers that run Windows 10 Pro and are joined to Azure AD.

You purchase a Microsoft 365 E3 subscription.

You need to deploy Windows 10 Enterprise to the computers. The solution must minimize administrative effort.

What should you do?

A From the Microsoft Endpoint Manager admin center, create a Windows Autopilot deployment profile. Assign the profile to all the computers. Instruct users to restart their computer and perform a network restart.
B Enroll the computers in Microsoft Intune. Create a configuration profile by using the Edition upgrade and mode switch template. From the Microsoft Endpoint Manager admin center, assign the profile to all the computers and instruct users to restart their computer.
C From Windows Configuration Designer, create a provisioning package that has an EditionUpgrade configuration and upload the package to a Microsoft SharePoint Online site. Instruct users to run the provisioning package from SharePoint Online.
D From the Azure Active Directory admin center, create a security group that has dynamic device membership. Assign licenses to the group and instruct users to sign in to their computer.

Question 10

You have a Microsoft 365 E5 subscription that contains 500 users. Two hundred users have personal devices that run either Android, Windows 10, or macOS. Three hundred users have corporate-owned devices that run either Windows 10 or macOS.

You plan to configure device enrollment.

You need to ensure that you can apply separate policies to the corporate-owned devices and the personal devices. The solution must minimize administrative effort.

What should you create first?

A a dynamic device group
B a dynamic user group
C a deployment package
D a Microsoft 365 group

Question 11

HOTSPOT

You have a Microsoft 365 E5 subscription that uses Microsoft Intune. The subscription contains the resources shown in the following table.

Question 12

You have a Microsoft 365 tenant.

You plan to implement device configuration profiles in Microsoft Intune.

Which platform can you manage by using the profiles?

A Windows 8.1
B CentOS Linux
C Windows 10
D Android Enterprise

Question 13

HOTSPOT -
You have several devices enrolled in Microsoft Endpoint Manager.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

Question 14

You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.

Question 15

HOTSPOT

You have a Microsoft 365 E5 subscription that uses device management in Microsoft Endpoint Manager.

You purchase five new Android devices and five new macOS devices.

You need to enroll the new devices in Microsoft Intune.

What should you use to enroll each device type? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Question 16

HOTSPOT

You use Microsoft Endpoint Configuration Manager for device management.

The domain contains the Windows 11 devices shown in the following table.

Question 17

DRAG DROP

You have a Microsoft 365 subscription that contains the devices shown in the following table.

Question 18

HOTSPOT -
You create two device compliance policies for Android devices as shown in the following table.

Question 19

HOTSPOT -
Your network contains an Active Directory domain named contoso.com. All client devices run Windows 10 and are joined to the domain.
You update the Windows 10 devices by using Windows Update for Business.
What is the maximum amount of time you can defer Windows 10 updates? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Question 20

Your company uses Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to co-manage devices.
Which two actions can be performed only from Endpoint Manager? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A Deploy applications to Windows 10 devices.
B Deploy VPN profiles to iOS devices.
C Deploy VPN profiles to Windows 10 devices.
D Publish applications to Android devices.

Question 21

HOTSPOT -
Your network contains an Active Directory domain named contoso.com that uses Microsoft System Center Configuration Manager (Current Branch).
You have Windows 10 and Windows 8.1 devices.
You need to ensure that you can analyze the upgrade readiness of all the Windows 8.1 devices and analyze the update compliance of all the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Question 22

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You have a Microsoft 365 subscription.
You need to ensure that administrators can manage the configuration settings for all the Windows 10 devices in your organization.
What should you configure?

A the Enrollment restrictions
B the mobile device management (MDM) authority
C the Exchange on-premises access settings
D the Windows enrollment settings

Question 23

You configure a conditional access policy. The locations settings are configured as shown in the Locations exhibit. (Click the Locations tab.)

Question 24

You have computers that run Windows 10 Enterprise and are joined to the domain.
You plan to delay the installation of new Windows builds so that the IT department can test application compatibility.
You need to prevent Windows from being updated for the next 30 days.
Which two Group Policy settings should you configure? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

A Select when Quality Updates are received
B Select when Preview Builds and Feature Updates are received
C Turn off auto-restart for updates during active hours
D Manage preview builds
E Automatic updates detection frequency

Question 25

HOTSPOT -
You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.

Page 1 of 18 • Questions 1-25 of 449

1 2 3 4 5

→

Know a question that should be here? Contribute to this exam

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You are deploying Microsoft Endpoint Manager.
You successfully enroll Windows 10 devices in Endpoint Manager.
When you try to enroll an iOS device in Endpoint Manager, you get an error.
You need to ensure that you can enroll the iOS device in Endpoint Manager.
Solution: You add your user account as a device enrollment manager.
Does this meet the goal?

A Yes
B No

You have a Microsoft 365 tenant.
All users are assigned the Enterprise Mobility + Security license.
You need to ensure that when users join their device to Microsoft Azure Active Directory (Azure AD), the device is enrolled in Microsoft Endpoint Manager automatically.
What should you configure?

A Enrollment restrictions from the Endpoint Manager admin center
B device enrollment managers from the Endpoint Manager admin center
C MAM User scope from the Azure Active Directory admin center
D MDM User scope from the Azure Active Directory admin center

For Policy1, the Audit or restrict activities on devices settings are configured as shown in the Activities exhibit. (Click the Activities tab.)

For Policy1, the Allow override from Endpoint devices settings are configured as shown in the Devices exhibit. (Click the Devices tab.)

Test users discover that they cannot copy data to their network shares while working remotely.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

What should you use to meet the requirement of each app? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have the Windows 10 devices shown in the following table.

You deploy Microsoft 365 Apps for enterprise as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

User1 is the owner of Device1.

You add Microsoft 365 Apps Windows 10 and later app types to Intune as shown in the following table.

On Thursday, you review the results of the app deployments.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

The device type restrictions in Endpoint Manager are configured as shown in the following table.

You add User3 as a device enrollment manager in Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

The devices are managed by using Microsoft Intune.

You plan to use a configuration profile to assign the Delivery Optimization settings.

Which devices will support the settings?

A Device1 only
B Device1 and Device4
C Device1, Device3, and Device4
D Device1, Device2, Device3, and Device4

You enable co-management in Configuration Manager as shown in the Enablement exhibit. (Click the Enablement tab.)

You configure the Workloads settings for co-management as shown in the Workloads exhibit. (Click the Workloads tab.)

You configure the Staging settings for co-management as shown in the Staging exhibit. (Click the Staging tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You install Microsoft Word on all the devices.

You plan to configure policies to meet the following requirements:

• Word files created by using Windows devices must be encrypted automatically.
• If an Android device becomes jailbroken, access to corporate data must be blocked from Word.
• For iOS devices, users must be prevented from using native or third-party mail clients to connect to Microsoft 365.

Which type of policy should you configure for each device? To answer, drag the appropriate policy types to the correct devices. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

You have the Android devices shown in the following table.

The users belong to the groups shown in the following table.

The users enroll their device in Microsoft Endpoint Manager.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

The users and groups settings are configured as shown in the Users and Groups exhibit. (Click Users and Groups tab.)

Members of the Security reader group report that they cannot sign in to Microsoft Active Directory (Azure AD) on their device while they are in the office.
You need to ensure that the members of the Security reader group can sign in in to Azure AD on their device while they are in the office. The solution must use the principle of least privilege.
What should you do?

A From the conditional access policy, configure the device state.
B From the Azure Active Directory admin center, create a custom control.
C From the Endpoint Manager admin center, create a device compliance policy.
D From the Azure Active Directory admin center, create a named location.

The device compliance policies in Endpoint Manager are configured as shown in the following table.

The device compliance policies have the assignments shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

MS-101Preview

Mode Selection

Question 1

Question 2

Question 3

Question 4

DRAG DROP

Question 5

HOTSPOT

Question 6

Question 7

HOTSPOT

Question 8

HOTSPOT

Question 9

Question 10

Question 11

HOTSPOT

Question 12

Question 13

Question 14

Question 15

HOTSPOT

Question 16

HOTSPOT

Question 17

DRAG DROP

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25