[May 25, 2024] Free Microsoft MS-102 Exam Questions and Answer
Verified MS-102 dumps Q&As Latest MS-102 Download
Microsoft MS-102 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
| Topic 9 |
|
| Topic 10 |
|
| Topic 11 |
|
| Topic 12 |
|
| Topic 13 |
|
NEW QUESTION # 89
HOTSPOT
You have a Microsoft 365 subscription.
You deploy the anti-phishing policy shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Enable users to protect
Anti-phishing policies in Defender for Office 365 also have impersonation settings where you can specify individual sender email addresses or sender domains that will receive impersonation protection.
User impersonation protection
User impersonation protection prevents specific internal or external email addresses from being impersonated as message senders. For example, you receive an email message from the Vice President of your company asking you to send her some internal company information. Would you do it? Many people would send the reply without thinking.
You can use protected users to add internal and external sender email addresses to protect from impersonation.
This list of senders that are protected from user impersonation is different from the list of recipients that the policy applies to (all recipients for the default policy; specific recipients as configured in the Users, groups, and domains setting in the Common policy settings section).
When you add internal or external email addresses to the Users to protect list, messages from those senders are subject to impersonation protection checks. The message is checked for impersonation if the message is sent to a recipient that the policy applies to (all recipients for the default policy; Users, groups, and domains recipients in custom policies). If impersonation is detected in the sender's email address, the action for impersonated users is applied to the message.
Box 2: Add trusted senders and domains
Trusted senders and domains
Trusted senders and domain are exceptions to the impersonation protection settings. Messages from the specified senders and sender domains are never classified as impersonation-based attacks by the policy. In other words, the action for protected senders, protected domains, or mailbox intelligence protection aren't applied to these trusted senders or sender domains. The maximum limit for these lists is 1024 entries.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about
NEW QUESTION # 90
HOTSPOT
You have a Microsoft 365 subscription.
You deploy the anti-phishing policy shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Enable users to protect
Anti-phishing policies in Defender for Office 365 also have impersonation settings where you can specify individual sender email addresses or sender domains that will receive impersonation protection.
User impersonation protection
User impersonation protection prevents specific internal or external email addresses from being impersonated as message senders. For example, you receive an email message from the Vice President of your company asking you to send her some internal company information. Would you do it? Many people would send the reply without thinking.
You can use protected users to add internal and external sender email addresses to protect from impersonation.
This list of senders that are protected from user impersonation is different from the list of recipients that the policy applies to (all recipients for the default policy; specific recipients as configured in the Users, groups, and domains setting in the Common policy settings section).
When you add internal or external email addresses to the Users to protect list, messages from those senders are subject to impersonation protection checks. The message is checked for impersonation if the message is sent to a recipient that the policy applies to (all recipients for the default policy; Users, groups, and domains recipients in custom policies). If impersonation is detected in the sender's email address, the action for impersonated users is applied to the message.
Box 2: Add trusted senders and domains
Trusted senders and domains
Trusted senders and domain are exceptions to the impersonation protection settings. Messages from the specified senders and sender domains are never classified as impersonation-based attacks by the policy. In other words, the action for protected senders, protected domains, or mailbox intelligence protection aren't applied to these trusted senders or sender domains. The maximum limit for these lists is 1024 entries.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/anti-phishing-policies-about
NEW QUESTION # 91
HOTSPOT
You have an Azure AD tenant that contains the administrative units shown in the following table.
You have the following users:
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
- A. A user named User3 that is assigned the User Administrator for the tenant.
- B. A user named User2 that is assigned the User Administrator for AU1.
- C. A user named User1 that is assigned the Password Administrator for AU1 and AU2.
Answer: C
Explanation:
Explanation
Box 1: No
User1 is assigned the Password Administrator for AU1 and AU2.
User3 is in AU2. User3 is User Adminstrator.
Password administrators cannot reset User Administrators passwords.
Note: Password Administrator
Users with this role have limited ability to manage passwords. This role does not grant the ability to manage service requests or monitor service health. Whether a Password Administrator can reset a user's password depends on the role the user is assigned.
Box 2: Yes
Box 3: No
User1 is assigned the Password Administrator for AU1 and AU2.
User2 is in AU1. User2 is User Adminstrator.
Password administrators cannot reset User Administrators passwords.
Note: User Administrator
Can manage all aspects of users and groups, including resetting passwords for limited admins.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#who-can-reset-passwords
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
NEW QUESTION # 92
You have a Microsoft 365 E5 subscription.
Al users have Mac computers. ATI the computers are enrolled in Microsoft Endpoint Manager and onboarded to Microsoft Defender for Endpoint.
You need to configure Microsoft Defender for Endpoint on the computers.
What should you create from the Endpoint Management admin center?
- A. an update policy for iOS
- B. a device configuration profile
- C. a Microsoft Defender for Endpoint baseline profile
- D. a mobile device management (MDM) security baseline profile
Answer: D
NEW QUESTION # 93
You have a Microsoft 365 E5 subscription that contains 200 Android devices enrolled in Microsoft Intune.
You create an Android app protection policy named Policy! that is targeted to all Microsoft apps and assigned to all users.
Policy! has the Data protection settings shown in the following exhibit.
Use the drop-down menus to select 'he answer choice that completes each statement based on the information presented in the graphic.
Answer:
Explanation:
NEW QUESTION # 94
You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365 and contains a mailbox named Mailbox1.
You plan to use Mailbox1 to collect and analyze unfiltered email messages.
You need to ensure that Defender for Office 365 takes no action on any inbound emails delivered to Mailbox1.
What should you do?
- A. Configure Mailbox! as a SecOps mailbox.
- B. Configure a retention policy for Mailbox1.
- C. Place a litigation hold on Mailbox1.
- D. Create a mail flow rule.
Answer: C
NEW QUESTION # 95
HOTSPOT
You have a Microsoft 365 subscription.
A user named [email protected] was recently provisioned.
You need to use PowerShell to assign a Microsoft Office 365 E3 license to User1. Microsoft Bookings must NOT be enabled.
How should you complete the command? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Connect-MgGraph
Assign Microsoft 365 licenses to user accounts with PowerShell
Use the Microsoft Graph PowerShell SDK
First, connect to your Microsoft 365 tenant.
Assigning and removing licenses for a user requires the User.ReadWrite.All permission scope or one of the other permissions listed in the 'Assign license' Microsoft Graph API reference page.
The Organization.Read.All permission scope is required to read the licenses available in the tenant.
Connect-MgGraph -Scopes User.ReadWrite.All, Organization.Read.All
Box 2: Get-MgSubscribedSku
Run the Get-MgSubscribedSku command to view the available licensing plans and the number of available licenses in each plan in your organization. The number of available licenses in each plan is ActiveUnits - WarningUnits - ConsumedUnits.
Box 3: Set-MgUserLicense
Assigning licenses to user accounts
To assign a license to a user, use the following command in PowerShell.
Set-MgUserLicense -UserId $userUPN -AddLicenses @{SkuId = "<SkuId>"} -RemoveLicenses @() This example assigns a license from the SPE_E5 (Microsoft 365 E5) licensing plan to the unlicensed user [email protected]:
$e5Sku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'SPE_E5'
Set-MgUserLicense -UserId "[email protected]" -AddLicenses @{SkuId = $e5Sku.SkuId}
-RemoveLicenses @()
Reference:
https://learn.microsoft.com/en-us/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-
NEW QUESTION # 96
HOTSPOT
You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 is configured as shown in the following exhibit.
An external user named User1 has an email address of [email protected].
You need to add User1 to Group1.
What should you do first, and which portal should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Invite User1 to collaborate with your organization as a guest.
To manage guest users of a Microsoft 365 tenant via the Admin Center portal, go through the following steps.
Navigate with your Web browser to https://admin.microsoft.com.
On the left pane, click on "Users", then click "Guest Users".
On the "Guest Users" page, to create a new guest user, click on either the "Add a guest user" link on the top of the page or click on "Go to Azure Active Directory to add guest users" link at the bottom of the page. Both of these links will take you to the Azure Active Directory portal, which is located at https://aad.portal.azure.com.
On the "New user" page in the Microsoft Azure portal, you must choose to either "Create user" or "Invite user". If you choose the "Create user" option, this will create a new user in your organization, which will have a login address with format username@tenantdomain,dot,com. If you choose the "Invite user" option, this will invite a new guest user to collaborate with your organization. The user will be emailed an email invitation which they can accept in order to begin collaborating. For the purpose of creating a guest user, you must choose the "Invite user" option.
Box 2: The Microsoft Entra admin center
Microsoft Entra admin center unites Azure AD with family of identity and access products Microsoft Entra admin center gives customers an entire toolset to secure access for everyone and everything in multicloud and multiplatform environments. The entire Microsoft Entra product family is available at this new admin center, including Azure Active Directory (Azure AD) and Microsoft Entra Permissions Management, formerly known as CloudKnox.
Starting this month, waves of customers will begin to be automatically directed to entra.microsoft.com from Microsoft 365 in place of the Azure AD admin center (aad.portal.azure.com).
Reference:
https://stefanos.cloud/kb/how-to-manage-microsoft-365-guest-users
https://m365admin.handsontek.net/microsoft-entra-admin-center-unites-azure-ad-with-family-of-identity-and-acc
NEW QUESTION # 97
You have the sensitivity labels shown in the following exhibit.
Which labels can users apply to content?
- A. Label3, Label4, and Label6 only
- B. Label1, Label2, and Label5 only
- C. Label1, Label2. Label3. Label4. Label5. and Label6
- D. Label1, Label3, Label4, and Label6 only
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
NEW QUESTION # 98
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy an Azure AD tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: From Azure AD Connect, you modify the Azure AD credentials.
Does this meet the goal?
- A. Yes
- B. No
Answer: B
Explanation:
The question states that "all the user account synchronizations completed successfully". Therefore, the Azure AD credentials are configured correctly in Azure AD Connect. It is likely that the 10 user accounts are being excluded from the synchronization cycle by a filtering rule.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering
NEW QUESTION # 99
Your company has an Azure AD tenant named contoso.onmicrosoft.com.
You purchase a domain named contoso.com from a registrar and add all the required DNS records.
You create a user account named User1. User1 is configured to sign in as [email protected].
You need to configure User1 to sign in as [email protected].
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
1 - Add a custom domain name.
2 - Verify the custom domain.
3 - Modify the username of User1.
NEW QUESTION # 100
Your on-premises network contains an Active Directory domain named Contoso.com and 500 devices that run either macOS, Windows 8.1. Windows 10, or Windows 11. All the devices are managed by using Microsoft Endpoint Configuration Manager. The domain syncs with Azure Active Directory (Azure AD).
You plan to implement a Microsoft 365 E5 subscription and enable co-management. Which devices can be co-managed after the implementation?
- A. Windows 11, Windows 10-Windows8.1.andmacOS
- B. Windows 11 and Windows 10 only
- C. Windows 11 only
- D. Windows 11. Windows 10, and Windows8.1 only
- E. Windows 11 and macOS only
Answer: E
NEW QUESTION # 101
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You configure the Microsoft Authenticator authentication method policy to enable passwordless authentication as shown in the following exhibit.
Both User1 and User2 report that they are NOT prompted for passwordless sign-in in the Microsoft Authenticator app.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Box 1: Yes
User1 is member of Group1.
User1 has MFA registered method of Microsoft Authenticater app (push notification) The Microsoft Authenticator authentication method policy is configured for Group1, registration is optional, authentication method is any.
Note: Microsoft Authenticator can be used to sign in to any Azure AD account without using a password.
Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device, where the device uses a PIN or biometric. Windows Hello for Business uses a similar technology.
This authentication technology can be used on any device platform, including mobile. This technology can also be used with any app or website that integrates with Microsoft Authentication Libraries.
Box 2: No
User2 is member of Group2.
The Microsoft Authenticator authentication method policy is configured for Group1, not for Group2.
Box 3: No
User3 is member of Group1.
User3 has no MFA method registered.
User3 must choose an authentication method.
Note: Enable passwordless phone sign-in authentication methods
Azure AD lets you choose which authentication methods can be used during the sign-in process. Users then register for the methods they'd like to use.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone
NEW QUESTION # 102
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365. You have the policies shown in the following table.
All the policies are configured to send malicious email messages to quarantine. Which policies support a customized quarantine retention period?
- A. Policy1 and Policy3only
- B. Policy3 and Policy4 only
- C. Policy1 and Policy2 only
- D. Policy2 and Policy4 only
Answer: C
NEW QUESTION # 103
You have a Microsoft 365 E5 subscription that uses Azure Advanced Threat Protection (ATP).
You need to create a detection exclusion in Azure ATP.
Which tool should you use?
- A. the Cloud App Security portal
- B. Microsoft Defender Security Center
- C. the Security & Compliance admin center
- D. the Microsoft 365 admin center
- E. the Azure Advanced Threat Protection portal
Answer: E
Explanation:
Reference:
https://docs.microsoft.com/en-us/defender-for-identity/what-is
https://docs.microsoft.com/en-us/defender-for-identity/excluding-entities-from-detections
NEW QUESTION # 104
Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Azure AD.
Azure AD Connect is configured as shown in the following exhibit
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 105
You have a Microsoft 365 E5 tenant that contains five devices enrolled in Microsoft Intune as shown in the following table.
All the devices have an app named App1 installed.
You need to prevent users from copying data from App1 and pasting the data into other apps.
Which policy should you create in Microsoft Endpoint Manager, and what is the minimum number of required policies? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, application, table Description automatically generated
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy
NEW QUESTION # 106
HOTSPOT
You have an Azure AD tenant named contoso.com that contains the users shown in the following table.
Multi-factor authentication (MFA) is configured to use 131.107.5.0/24 as trusted IPs.
The tenant contains the named locations shown in the following table.
You create a conditional access policy that has the following configurations:
Users or workload identities assignments: All users
Cloud apps or actions assignment: App1
Conditions: Include all trusted locations
Grant access: Require multi-factor authentication
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Yes
131.107.50.10 is in a Trusted Location so the conditional access policy applies. The policy requires MFA.
However, User1's MFA status is disabled. The MFA requirement in the conditional access policy will override the user's MFA status of disabled. Therefore, User1 must use MFA.
Box 2: Yes.
131.107.20.15 is in a Trusted Location so the conditional access policy applies. The policy requires MFA so User2 must use MFA.
Box 3: No.
IP not from Trusted Location so Policy does not apply, Subnet 131.107.5.5 is not in the range of
131.107.50.0/24
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
NEW QUESTION # 107
You have a Microsoft 365 E5 tenant.
You need to ensure that when a document containing a credit card number is added to the tenant, the document is encrypted.
Which policy should you use?
- A. an auto-labeling policy
- B. a retention label policy
- C. a retention policy
- D. an insider risk policy
Answer: A
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide
NEW QUESTION # 108
You have a Microsoft 365 E5 subscription.
You have an Azure AD tenant named contoso.com that contains the following users:
* Admin1
* Admin2
* User1
Contoso.com contains an administrative unit named AIM that has no role assignments. User1 is a member of AU1. You create an administrative unit named AU2 that does NOT have any members or role assignments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 109
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Microsoft Entra admin center, you add fabrikam.com as a custom domain. You instruct User2 to sign in as [email protected].
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Explanation
The on-premises Active Directory domain is named contoso.com. To enable users to sign on using a different UPN (different domain), you need to add the domain to Microsoft 365 as a custom domain.
NEW QUESTION # 110
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named Sitel. You need to perform the following tasks:
* Create a sensitive info type named SIT1 based on a regular expression.
* Add a watermark to all new documents that are matched by SIT1.
Which two settings should you use in the Microsoft Purview compliance portal? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 111
You have a Microsoft 365 E5 tenant.
You plan to create a custom Compliance Manager assessment template based on the ISO 27001:2013 template.
You need to export the existing template.
Which file format should you use for the exported template?
- A. JSON
- B. XML
- C. CSV
- D. XLSX
Answer: D
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-templates?view=o365-worldwide#export-a-template
NEW QUESTION # 112
As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
https://support.microsoft.com/en-gb/help/13853/windows-lifecycle-fact-sheet March Feature Updates:
Serviced for 18 months from release date September Feature Updates: Serviced for 30 months from release date References:
https://www.windowscentral.com/whats-difference-between-quality-updates-and-feature-updates-windows-10
NEW QUESTION # 113
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a computer that runs Windows 10.
You need to verify which version of Windows 10 is installed.
Solution: At a command prompt, you run the winver.exe command.
Does this meet the goal?
- A. No
- B. Yes
Answer: B
Explanation:
Reference:
https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628bec99-476a-2c13-5296-9dd081cdd808
NEW QUESTION # 114
......
Use Real Dumps - 100% Free MS-102 Exam Dumps: https://www.lead1pass.com/Microsoft/MS-102-practice-exam-dumps.html
Updated 100% Cover Real MS-102 Exam Questions - 100% Pass Guarantee: https://drive.google.com/open?id=1hpWKuqR4HZmyC1lb9q8sI5vpv6OK7SRL