[Jul 25, 2024] MS-102 Free Exam Questions with Quality Guaranteed
MS-102 Free Exam Files Downloaded Instantly
Microsoft MS-102 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 97
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You enable self-service password reset (SSPR) for Group1. You configure security questions as the only authentication method for SSPR.
Which users can use SSPR, and which users must answer security questions to reset their password? To answer, select the appropriate options in the answer area.
NOTE; Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 98
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You add the following assignment for the User Administrator role:
Scope type: Directory
Selected members: Group1
Assignment type: Active
Assignment starts: Mar 15, 2023
Assignment ends: Aug 15, 2023
You add the following assignment for the Exchange Administrator role:
Scope type: Directory
Selected members: Group2
Assignment type: Eligible
Assignment starts: Jun 15, 2023
Assignment ends: Oct 15, 2023
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Yes
Admin1 is member of Group1.
The User Administrator role assignment has Group1 as a member.
The assignment type: Active
July 15, 2023 is with the assignment period.
A User Administrator can manage all aspects of users and groups, including resetting passwords for limited admins.
Box 2: No
Admin2 is member of Group2.
The Exchange Administrator role assignment has Group2 as a member.
The assignment type: Eligible
June 20, 2023 is with the assignment period.
The assignment must be approved.
Note: Eligible assignment requires member or owner to perform an activation to use the role. Activations may also require providing a multi-factor authentication (MFA), providing a business justification, or requesting approval from designated approvers.
Box 3: Yes
Admin3 is member of Gropu1 and Group2.
The User Administrator role assignment has Group1 as a member.
The assignment type: Active
May 1, 2023 is with the assignment period.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-assign-member-
NEW QUESTION # 99
HOTSPOT
You have a Microsoft 365 subscription.
You deploy the anti-phishing policy shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Enable users to protect
Anti-phishing policies in Defender for Office 365 also have impersonation settings where you can specify individual sender email addresses or sender domains that will receive impersonation protection.
User impersonation protection
User impersonation protection prevents specific internal or external email addresses from being impersonated as message senders. For example, you receive an email message from the Vice President of your company asking you to send her some internal company information. Would you do it? Many people would send the reply without thinking.
You can use protected users to add internal and external sender email addresses to protect from impersonation.
This list of senders that are protected from user impersonation is different from the list of recipients that the policy applies to (all recipients for the default policy; specific recipients as configured in the Users, groups, and domains setting in the Common policy settings section).
When you add internal or external email addresses to the Users to protect list, messages from those senders are subject to impersonation protection checks. The message is checked for impersonation if the message is sent to a recipient that the policy applies to (all recipients for the default policy; Users, groups, and domains recipients in custom policies). If impersonation is detected in the sender's email address, the action for impersonated users is applied to the message.
Box 2: Add trusted senders and domains
Trusted senders and domains
Trusted senders and domain are exceptions to the impersonation protection settings. Messages from the specified senders and sender domains are never classified as impersonation-based attacks by the policy. In other words, the action for protected senders, protected domains, or mailbox intelligence protection aren't applied to these trusted senders or sender domains. The maximum limit for these lists is 1024 entries.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about
NEW QUESTION # 100
From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)
What will be excluded from the export?
- A. a 5-MB MP3 file
- B. a 10-MB XLSX file
- C. a 5-KB RTF file
- D. an 80-MB PPTX file
Answer: A
Explanation:
Unrecognized file formats are excluded from the search.
Certain types of files, such as Bitmap or MP3 files, don't contain content that can be indexed. As a result, the search indexing servers in Exchange and SharePoint don't perform full-text indexing on these types of files.
These types of files are considered to be unsupported file types.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/partially-indexed-items-in-content-search?view=o36
https://docs.microsoft.com/en-us/office365/securitycompliance/export-a-content-search-report
NEW QUESTION # 101
You have a Microsoft 365 E3 subscription that uses Microsoft Defender for Endpoint Plan 1.
Which two Defender for Endpoint features are available to the subscription? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
- A. advanced hunting
- B. attack surface reduction (ASR)
- C. security reports
- D. device discovery
- E. digital certificate assessment
Answer: B,C
Explanation:
Explanation
B: Overview of Microsoft Defender for Endpoint Plan 1, Reporting
The Microsoft 365 Defender portal (https://security.microsoft.com) provides easy access to information about detected threats and actions to address those threats.
The Home page includes cards to show at a glance which users or devices are at risk, how many threats were detected, and what alerts/incidents were created.
The Incidents & alerts section lists any incidents that were created as a result of triggered alerts. Alerts and incidents are generated as threats are detected across devices.
The Action center lists remediation actions that were taken. For example, if a file is sent to quarantine, or a URL is blocked, each action is listed in the Action center on the History tab.
The Reports section includes reports that show threats detected and their status.
E: What can you expect from Microsoft Defender for Endpoint P1?
Microsoft Defender for Endpoint P1 is focused on prevention/EPP including:
Next-generation antimalware that is cloud-based with built-in AI that helps to stop ransomware, known and unknown malware, and other threats in their tracks.
(E) Attack surface reduction capabilities that harden the device, prevent zero days, and offer granular control over access and behaviors on the endpoint.
Device based conditional access that offers an additional layer of data protection and breach prevention and enables a Zero Trust approach.
The below table offers a comparison of capabilities are offered in Plan 1 versus Plan 2.
Incorrect:
Not A: P2 is by far the best fit for enterprises that need an EDR solution including automated investigation and remediation tools, advanced threat prevention and threat and vulnerability management (TVM), and hunting capabilities.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-plan-1
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-plan-
NEW QUESTION # 102
You have an Azure AD tenant that contains the users shown in the following table
You need to compare the permissions of each role. The solution must minimize administrative effort.
Which portal should you use?
- A. the Microsoft 365 admin center
- B. the Microsoft Purview compliance portal
- C. the Microsoft 365 Defender portt1
- D. the Microsoft Entra admin center
Answer: B
NEW QUESTION # 103
HOTSPOT
You have a Microsoft 365 E5 subscription.
From Azure AD Identity Protection on August 1, you configure a Multifactor authentication registration policy that has the following settings:
Assignments: All users
Controls: Require Azure AD multifactor authentication registration
Enforce Policy: On
On August 3, you create two users named User1 and User2.
Users authenticate by using Azure Multi-Factor Authentication (MFA) for the first time on the dates shown in the following table.
By which dates will User1 and User2 be forced to complete their Azure MFA registration? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: August 19
Note: Security defaults will trigger a 14 day grace period for registration after a user's first login and security defaults being enabled. After 14 days users will be required to register for MFA and will not be able to skip.
Conditional Access by itself without Azure Identity Protection does not allow for the 14 day grace period.
Identity Protection includes the registration policy that allows registration on its own with no apps assigned to the policy. If a Conditional Access policy requires Multi-Factor Authentication, then the user must be able to pass that MFA request.
Box 2: August 21
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
NEW QUESTION # 104
You have a Microsoft 365 E5 tenant
You create a data toss prevention (DLP) policy to prevent users from using Microsoft Teams to share internal documents with external users.
To which two locations should you apply the policy? To answer, select the appropriate locations in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 105
You have a Microsoft 365 tenant.
You plan to implement Endpoint Protection device configuration profiles.
Which platform can you manage by using the profile?
- A. iOS
- B. Android
- C. macOS
- D. Ubuntu Linux
Answer: C
Explanation:
Intune device configuration profiles can be applied to Windows 10 devices and macOS devices Note:
There are several versions of this question in the exam. The question has two possible correct answers:
Windows 10
macOS
Other incorrect answer options you may see on the exam include the following:
Android Enterprise
Windows 8.1
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-configure
NEW QUESTION # 106
HOTSPOT
Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table.
You purchase a Microsoft 365 E5 subscription.
You need to implement Azure AD Connect cloud sync.
What should you install first and on which server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: The Azure AD Connect provisioning agent
Install the Azure AD Connect provisioning agent
How is Azure AD Connect cloud sync different from Azure AD Connect sync?
With Azure AD Connect cloud sync, provisioning from AD to Azure AD is orchestrated in Microsoft Online Services. An organization only needs to deploy, in their on-premises or IaaS-hosted environment, a light-weight agent that acts as a bridge between Azure AD and AD. The provisioning configuration is stored in Azure AD and managed as part of the service.
Box 2: Server1 or Server2 only.
Cloud provisioning agent requirements include:
* An on-premises server for the provisioning agent with Windows 2016 or later.
This server should be a tier 0 server based on the Active Directory administrative tier model. Installing the agent on a domain controller is supported.
Note: Windows Server Core is a minimal installation option for the Windows Server operating system (OS) that has no GUI and only includes the components required to perform server roles and run applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-install
https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-prerequisites
NEW QUESTION # 107
You have a Microsoft 365 E5 subscription.
You plan to implement Microsoft 365 compliance policies to meet the following requirements:
Identify documents that are stored in Microsoft Teams and SharePoint Online that contain Personally Identifiable Information (PII).
Report on shared documents that contain PII.
What should you create?
- A. a data loss prevention (DLP) policy
- B. an alert policy
- C. a retention policy
- D. a Microsoft Cloud App Security policy
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-learn-about-dlp?view=o365-worldwide
NEW QUESTION # 108
You have a Microsoft 365 subscription.
You create a retention label named Retention1 as shown in the following exhibit.
You apply Retention! to all the Microsoft OneDrive content.
On January 1, 2020, a user stores a file named File1 in OneDrive.
On January 10, 2020, the user modifies File1.
On February 1, 2020, the user deletes File1.
When will File1 be removed permanently and unrecoverable from OneDrive?
- A. February 1, 2020
- B. August 1, 2020
- C. July 1.2020
- D. July 10, 2020
Answer: C
NEW QUESTION # 109
Your network contains three Active Directory forests. There are forests trust relationships between the forests.
You create an Azure AD tenant.
You plan to sync the on-premises Active Directory to Azure AD.
You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails.
What should you include in the recommendation?
- A. three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode
- B. three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
- C. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
- D. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode
Answer: D
Explanation:
Explanation
Azure AD Connect can be active on only one server. You can install Azure AD Connect on another server for redundancy but the additional installation would need to be in Staging mode. An Azure AD connect installation in Staging mode is configured and ready to go but it needs to be manually switched to Active to perform directory synchronization.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
NEW QUESTION # 110
You have several devices enrolled in Microsoft Endpoint Manager.
You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.
The device type restrictions in Endpoint Manager are configured as shown in the following table.
Answer:
Explanation:
Explanation
NEW QUESTION # 111
HOTSPOT
You have a Microsoft 365 E5 subscription.
From Azure AD Privileged Identity Management (PIM), you configure Role settings for the Global Administrator role as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: will lose the role after eight hours
From exhibit: Activation, Activation maximum duration (hours): 8 hour(s) Box 2: for up to three months We see from exhibit: Assignment, Expire eligible assignment after: 3 month(s)
NEW QUESTION # 112
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You ate implementing Microsoft Defender for Endpoint
You need to enable role-based access control (RBAQ to restrict access to the Microsoft 365 Defender portal.
Which users can enable RBAC, and winch users will no longer have access to the Microsoft 365 Defender portal after RBAC is enabled? To answer, select the appropriate options in the answer area.
NOTE Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 113
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
In Microsoft Endpoint Manager, you have the Policies for Office apps settings shown in the following table.
The policies use the settings shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text, application Description automatically generated
Reference:
https://docs.microsoft.com/en-us/deployoffice/overview-office-cloud-policy-service
NEW QUESTION # 114
Your company has a Microsoft 365 E5 tenant.
Users at the company use the following versions of Microsoft Office:
* Microsoft 365 Apps for enterprise
* Office for the web
* Office 2016
* Office 2019
The company currently uses the following Office file types:
* .docx
* .xlsx
* .doc
* xls
You plan to use sensitivity labels. You need to identify the following:
* Which versions of Office require an add-in to support the sensitivity labels.
* Which file types support the sensitivity labels.
What should you identify? To answer, select the appropriate options in the answer area, NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 115
You have a Microsoft 365 E5 tenant that contains a Microsoft SharePoint Online site named Site1. Site1 contains the files shown in the following table.
You create a sensitivity label named Sensitivity1 and an auto-label policy that has the following configurations:
Name: AutoLabel1
Label to auto-apply: Sensitivity1
Rules for SharePoint Online sites: Rule1-SPO
Choose locations where you want to apply the label: Site1
Rule1-SPO is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-wo
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
NEW QUESTION # 116
You have a Microsoft 365 subscription.
You need to create a data loss prevention (DLP) policy that is configured to use the Set headers action.
To which location can the policy be applied?
- A. SharePoint sites
- B. Teams chat and channel messages
- C. OneDrive accounts
- D. Exchange email
Answer: D
NEW QUESTION # 117
Your network contains an Active Directory domain and an Azure AD tenant.
You implement directory synchronization for all 10.000 users in the organization.
You automate the creation of 100 new user accounts.
You need to ensure that the new user accounts synchronize to Azure AD as quickly as possible.
Which command should you run? To answer, select the appropriate options in the answer area.
Answer:
Explanation:
Explanation
NEW QUESTION # 118
HOTSPOT
You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 is configured as shown in the following exhibit.
An external user named User1 has an email address of [email protected].
You need to add User1 to Group1.
What should you do first, and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Invite User1 to collaborate with your organization as a guest.
To manage guest users of a Microsoft 365 tenant via the Admin Center portal, go through the following steps.
Navigate with your Web browser to https://admin.microsoft.com.
On the left pane, click on "Users", then click "Guest Users".
On the "Guest Users" page, to create a new guest user, click on either the "Add a guest user" link on the top of the page or click on "Go to Azure Active Directory to add guest users" link at the bottom of the page. Both of these links will take you to the Azure Active Directory portal, which is located at https://aad.portal.azure.com.
On the "New user" page in the Microsoft Azure portal, you must choose to either "Create user" or "Invite user". If you choose the "Create user" option, this will create a new user in your organization, which will have a login address with format username@tenantdomain,dot,com. If you choose the "Invite user" option, this will invite a new guest user to collaborate with your organization. The user will be emailed an email invitation which they can accept in order to begin collaborating. For the purpose of creating a guest user, you must choose the "Invite user" option.
Box 2: The Microsoft Entra admin center
Microsoft Entra admin center unites Azure AD with family of identity and access products Microsoft Entra admin center gives customers an entire toolset to secure access for everyone and everything in multicloud and multiplatform environments. The entire Microsoft Entra product family is available at this new admin center, including Azure Active Directory (Azure AD) and Microsoft Entra Permissions Management, formerly known as CloudKnox.
Starting this month, waves of customers will begin to be automatically directed to entra.microsoft.com from Microsoft 365 in place of the Azure AD admin center (aad.portal.azure.com).
Reference:
https://stefanos.cloud/kb/how-to-manage-microsoft-365-guest-users
https://m365admin.handsontek.net/microsoft-entra-admin-center-unites-azure-ad-with-family-of-identity-and-acc
NEW QUESTION # 119
You have a Microsoft 365 E5 subscription.
You have an Azure AD tenant named contoso.com that contains the following users:
* Admin1
* Admin2
* User1
Contoso.com contains an administrative unit named AIM that has no role assignments. User1 is a member of AU1. You create an administrative unit named AU2 that does NOT have any members or role assignments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 120
You have a Microsoft 365 subscription.
You need to meet the following requirements:
* Report a Microsoft 365 service issue.
* Request help on how to add a new user to an Azure AD tenant.
What should you use in the Microsoft 365 admin center? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 121
......
Q&As with Explanations Verified & Correct Answers: https://testking.itexamdownload.com/MS-102-valid-questions.html