exam questions

Exam MS-101 All Questions

View all questions & answers for the MS-101 exam

Exam MS-101 topic 3 question 28 discussion

Actual exam question from Microsoft's MS-101
Question #: 28
Topic #: 3
[All MS-101 Questions]

You have a Microsoft 365 subscription.
You need to investigate user activity in Microsoft 365, including from where users signed in, which applications were used, and increases in activity during the past month. The solution must minimize administrative effort.
Which admin center should you use?

  • A. Azure ATP
  • B. Security & Compliance
  • C. Defender for Cloud Apps
  • D. Flow
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Yetii
Highly Voted 5 years, 7 months ago
Shouldn't this be C. Cloud App Security?
upvoted 30 times
DJHASH786
5 years, 2 months ago
Cloud app security, Investigate. Just checked https://**.portal.cloudappsecurity.com/#/audits
upvoted 10 times
...
...
AlexanderSaad
Highly Voted 5 years, 3 months ago
It's C. In the security and compliance you cannot see neither sign-ins, nor increase in per-user activity.
upvoted 13 times
...
Jakub2023
Most Recent 2 years, 1 month ago
Selected Answer: B
Likely an outdated question - Defender for Cloud Apps by now is accessible via the Security & Compliance portal...
upvoted 2 times
...
emanresu
2 years, 5 months ago
Selected Answer: C
https://security.microsoft.com/cloudapps/ Access from Microsoft Defender portal - Cloud apps - Activity Log - You will see Activity/User/App/IP address/Location/Device/Date
upvoted 2 times
...
Jonna_1
2 years, 11 months ago
Selected Answer: C
CAS provides for sign in location as well as apps used logging mechanism
upvoted 1 times
...
JamesM9
3 years, 3 months ago
I have just tested the CAS and S&C portals. In terms of administrative effort, the Cloud App Security (now called Microsoft Defender for Cloud Apps) portal definitely is by far the quickest and easiest to use. When selecting a user, I was immediately shown all activity specified in this question (in particular, increases in user activity which was my concern) which can be exported. The information shown within the Security and Compliance logs requires a little bit more effort to locate, and although this can be exported it requires more investigation. The answer here is C - Cloud App Security (Microsoft Defender for Cloud Apps).
upvoted 4 times
ServerBrain
2 years, 7 months ago
But you do not know the user yet, the question states investigate user activity; sure you are not going to be selecting each user to see activity.. Answer is B
upvoted 1 times
...
...
JamesM9
3 years, 3 months ago
I have just tested the CAS and S&C portals. In terms of administrative effort, the Cloud App Security (now called Microsoft Defender for Cloud Apps) portal definitely is by far the quickest and easiest to use. When selecting a user, I was immediately shown all activity specified in this question (in particular, increases in user activity which was my concern) which can be exported. The information shown within the Security and Compliance logs requires a little bit more effort to locate, and although this can be exported it requires more investigation. The answer here is C - Cloud App Security (Microsoft Defender for Cloud Apps).
upvoted 1 times
...
tagada
3 years, 4 months ago
Selected Answer: B
minimize administrative effort = B
upvoted 2 times
...
us3r
3 years, 7 months ago
Selected Answer: C
C A Sec
upvoted 4 times
...
jkklim
3 years, 7 months ago
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide#audited-activities above link shows the list of activities. Answer is B
upvoted 6 times
...
scottims
4 years, 1 month ago
Least administrative effort = B https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide
upvoted 2 times
JT19760106
3 years, 5 months ago
Yes it's the least effort, but doesn't address the requirement. Searching the audit logs, or the reports in the security & compliance center, do not show details about sign-ins and application usage/trends that I can find.
upvoted 3 times
...
...
itmp
4 years, 5 months ago
I think the key here is - "..and increases in activity during the past month". Like a graph, statistics, trends - for this, SCC would be optimal.
upvoted 2 times
...
mkoprivnj
4 years, 5 months ago
B is correct!
upvoted 3 times
...
TonySuccess
4 years, 11 months ago
The question states minimising administrative effort, which would mean simply opening up S&C and checking the logs. Having to configure CAS is not something that takes minimal effort. Nor is it readily available. That is why I think the answer given is correct. Digg
upvoted 4 times
TonySuccess
4 years, 11 months ago
Following up on this, you can see 'User Logged in' in S&C for the people stating this was not a capability. You can use the reports tab to see increased activity and yes you can use the Audit log search to see things like IP Address, Application etc. CAS Is an additional feature, not something that is ready to go.
upvoted 11 times
...
...
wagni
4 years, 11 months ago
The activity log in Cloud App Security (Investigate > Activity Log) provides filtering for logins (successfull, failed), user and date range. It super easy to click through. Don't know about similiar functions in Security & Compliance center.
upvoted 2 times
Myko
4 years, 10 months ago
It has to be Cloud App Security. Don't see similar functions in S&C audit log search. https://docs.microsoft.com/en-us/cloud-app-security/activity-filters
upvoted 2 times
...
...
Sonia33
5 years, 1 month ago
Perhaps the key is "the solution must minimize administrative effort". You can search all those things at Security & Compliance center and at Cloud App Security, but the second one needs configuration (connect CAS to Microsoft cloud apps) . From Security and compliance you can search for specific activities and appears the IP address of the device. https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide If this is a correct assumption, it would be B, as requires less effort.
upvoted 8 times
Sonia33
5 years ago
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/reports-and-insights-in-security-and-compliance?view=o365-worldwide "Monitoring capabilities available in the Security & Compliance Center include smart reports and insights that enable your security and compliance administrators to focus on high-priority issues, such as security attacks or increased suspicious activity. In a dashboard, smart reports and insights resemble the following image: (...)"
upvoted 3 times
...
...
MCSA11
5 years, 2 months ago
B. Security & Compliance
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...