Certification Topics of MS-102 Exam PDF Recently Updated Questions [Q219-Q242]

Share

Certification Topics of MS-102 Exam PDF Recently Updated Questions

MS-102 Exam Prep Guide: Prep guide for the MS-102 Exam


Microsoft MS-102 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Implement and manage Microsoft Entra identity and access: In this topic, questions about Microsoft Entra tenant appear. Moreover, it delves into implementation and management of authentication and secure access.
Topic 2
  • Deploy and manage a Microsoft 365 tenant: Management of roles in Microsoft 365 and management of users and groups are discussion points of this topic. It also focuses on implementing and managing a Microsoft 365 tenant.
Topic 3
  • Manage security and threats by using Microsoft Defender XDR: This topic discusses how to use Microsoft Defender portal to manage security reports and alerts. It also focuses on usage of Microsoft Defender for Office 365 to implement and manage email and collaboration protection. Lastly, it discusses the usage of Microsoft Defender for Endpoint for the implementation and management of endpoint protection.
Topic 4
  • Manage compliance by using Microsoft Purview: Implementation of Microsoft Purview information protection and data lifecycle management is discussed in this topic. Moreover, questions about implementing Microsoft Purview data loss prevention (DLP) also appear.

 

NEW QUESTION # 219
Which role should you assign to User1?
Available Choices (select all choices that are correct)

  • A. Hygiene Management
  • B. Security Administrator
  • C. Security Reader
  • D. Records Management

Answer: B

Explanation:
A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
Users with the Security Reader role have global read-only access on security-related features, including all information in Microsoft 365 security center, Azure Active Directory, Identity Protection, Privileged Identity Management, as well as the ability to read Azure Active Directory sign-in reports and audit logs, and in Office 365 Security & Compliance Center.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles


NEW QUESTION # 220
You need to configure a conditional access policy to meet the compliance requirements.
You add Exchange Online as a cloud app.
Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
References:https://docs.microsoft.com/en-us/intune/create-conditional-access-intune


NEW QUESTION # 221
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)

User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Microsoft Entra admin center, you assign User2 the Security Reader role. You instruct User2 to sign in as [email protected].
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
This is not a permissions issue so you do not need to assign the Security Reader role.
The on-premises Active Directory domain is named contoso.com. User2 could sign on as [email protected] but you would first need to change the UPN of User2 to [email protected].


NEW QUESTION # 222
You have a Microsoft 365 E5 tenant that connects to Microsoft Defender for Endpoint.
You have devices enrolled in Microsoft Intune as shown in the following table.

You plan to use risk levels in Microsoft Defender for Endpoint to identify whether a device is compliant.
Noncompliant devices must be blocked from accessing corporate resources.
You need to identify which devices can be onboarded to Microsoft Defender for Endpoint, and which Endpoint security policies must be configured.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-machines-onboarding?view


NEW QUESTION # 223
HOTSPOT
You have a Microsoft 365 subscription that contains the users shown in the following table.

You need to configure a dynamic user group that will include the guest users in any department that contains the word Support.
How should you complete the membership rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Box 1: -eq "Guest"
Dynamic membership rules for groups in Azure Active Directory
Supported expression operators
The following table lists all the supported operators and their syntax for a single expression. Operators can be used with or without the hyphen (-) prefix. The Contains operator does partial string matches but not item in a collection matches.
* Equals
-eq
* Contains
-contains
* Etc.
Box 2: -contains "Support"
Incorrect:
* -in
If you want to compare the value of a user attribute against multiple values, you can use the -in or -notIn operators.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership


NEW QUESTION # 224
You need to meet the Intune requirements for the Windows 10 devices.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/intune/windows-enroll


NEW QUESTION # 225
HOTSPOT
You create the Microsoft 365 tenant.
You implement Azure AD Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Box 1: only on-premises
In the exhibit, seamless single sign-on (SSO) is disabled. Therefore, as SSO is disabled in the cloud, the Sales department users can access only on-premises applications by using SSO.
In the exhibit, directory synchronization is enabled and active. This means that the on-premises Active Directory user accounts are synchronized to Azure Active Directory user accounts. If the on-premises Active Directory becomes unavailable, the users can access resources in the cloud by authenticating to Azure Active Directory. They will not be able to access resources on-premises if the on-premises Active Directory becomes unavailable as they will not be able to authenticate to the on-premises Active Directory.
Box 2: in the cloud only


NEW QUESTION # 226
You have a Microsoft 365 tenant.
You need to create a custom Compliance Manager assessment template.
Which application should you use to create the template, and in which file format should the template be saved? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-templates-create?
view=o365-worldwide


NEW QUESTION # 227
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)

User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Microsoft Entra admin center, you assign User2 the Security Reader role. You instruct User2 to sign in as [email protected].
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
This is not a permissions issue so you do not need to assign the Security Reader role.
The on-premises Active Directory domain is named contoso.com. User2 could sign on as [email protected] but you would first need to change the UPN of User2 to [email protected].


NEW QUESTION # 228
You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.

You add custom apps to the private store in Microsoft Store Business.
You plan to create a policy to show only the private store in Microsoft Store for Business.
To which devices can the policy be applied?

  • A. Device2, Device3, and Device5 only
  • B. Device2 and Device4 only
  • C. Device2 only
  • D. Device1 and Device3 only
  • E. Device1, Device2, Device3, Device4, and Device5

Answer: B


NEW QUESTION # 229
You have a Microsoft 365 subscription that contains three groups named All users, Sales team, and Office users, and two users shown in the following table.

In Microsoft Endpoint Manager, you have the Policies for Office apps settings shown in the following exhibit.

The policies use the settings shown in the following table.

What is the default share folder location for User1 and the default Office theme for User2? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Table Description automatically generated

Reference:
https://docs.microsoft.com/en-us/deployoffice/overview-office-cloud-policy-service


NEW QUESTION # 230
You have a Microsoft 365 E5 tenant that contains 100 Windows 10 devices.
You plan to attack surface reduction (ASR) rules for the Windows 10 devices.
You configure the ASR rules in audit mode and collect audit data in a Log Analytics workspace.
You need to find the ASR rules that match the activities on the devices.
How should you complete the Kusto query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation
Graphical user interface, application Description automatically generated

Reference:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface-reduction-


NEW QUESTION # 231
You have a Microsoft 365 E5 subscription that contains two users named Admin1 and Admin2.
All users are assigned a Microsoft 365 Enterprise E5 license and auditing is turned on.
You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)

After Policy1 is created, the following actions are performed:
Admin1 creates a user named User1.
Admin2 creates a user named User2.
How long will the audit events for the creation of User1 and User2 be retained? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365- worldwide


NEW QUESTION # 232
You have a Microsoft 365 E5 subscription that contains two Microsoft SharePoint Online sites named Site1 and Site2.
You have the documents shown in the following table.

You DLP1 that has the advanced DLP rule as shown in the exhibit. (Click the Exhibit tab.) You apply DLP1 to Site1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 233
You have a Microsoft 365 tenant and a LinkedIn company page.
You plan to archive data from the LinkedIn page to Microsoft 365 by using the LinkedIn connector.
Where can you store data from the LinkedIn connector?

  • A. a Microsoft 365 mailbox
  • B. a Microsoft OneDrive for Business folder
  • C. a Microsoft SharePoint Online document library
  • D. Azure Files

Answer: A

Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/archive-linkedin-data?view=o365-worldwide


NEW QUESTION # 234
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You have a Microsoft Office 365 retention label named Retention1 that is published to Exchange email.
You have a Microsoft Exchange Online retention policy that is applied to all mailboxes. The retention policy contains a retention tag named Retention2.
Which users can assign Retention1 and Retention2 to their emails? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies-exchange?view=o365-worldwide


NEW QUESTION # 235
You have a Microsoft E5 subscription.
You need to ensure that administrators who need to manage Microsoft Exchange Online are assigned the Exchange Administrator role for five hours at a time.
What should you implement?

  • A. groups that have dynamic membership
  • B. Azure AD Identity Protection
  • C. a communication compliance policy)
  • D. a conditional access policy
  • E. Azure AD Privileged Identity Management (PIM)

Answer: E

Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings


NEW QUESTION # 236
You have a Microsoft 365 tenant that contains a Windows 10 device named Device1 and the Microsoft Endpoint Manager policies shown in the following table.

  • A. only the settings of Policy2
  • B. only the settings of Policy!
  • C. only the settings of Policy3
  • D. no settings

Answer: C


NEW QUESTION # 237
You have a Microsoft 365 E5 subscription.
You plan to implement identity protection by configuring a sign-in risk policy and a user risk policy. Which type of risk is detected by each policy? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 238
You have a Microsoft 365 subscription.
From Microsoft Entra Privileged Identity Management (PIM), you configure Role settings for the Global Administrator role as shown in the following exhibit.

You make a user named [email protected] eligible for the Global Administrator role.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the

Answer:

Explanation:

Explanation:
To use the Global Administrator role, [email protected] must provide: Azure Multi-Factor Authentication (MFA) The role settings indicate that "Require Azure Multi-Factor Authentication" is set to "Yes" for active assignments. Therefore, [email protected] must provide Azure MFA to use the Global Administrator role.
To make a new user eligible for the Global Administrator role, a PIM administrator must configure: an assignment that expires after 15 day(s) The settings show that eligible assignments expire after 15 days. Therefore, to make a new user eligible, a PIM administrator must configure an assignment with this expiration period.


NEW QUESTION # 239
Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Azure AD.
Azure AD Connect is configured as shown in the following exhibit

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:


NEW QUESTION # 240
Your on-premises network contains an Active Directory domain.
You have a Microsoft 365 subscription.
You need to sync the domain with the subscription. The solution must meet the following requirements:
* On-premises Active Directory password complexity policies must be enforced.
* Users must be able to use Microsoft Entra Self-Service Password Reset (SSPR).
What should you use?

  • A. pass-through authentication
  • B. Microsoft Entra Seamless Single Sign-On (Microsoft Entra Seamless SSO)
  • C. password hash synchronization
  • D. Microsoft Entra ID Protection

Answer: A


NEW QUESTION # 241
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

Each user has a device with the Microsoft Authenticator app installed.
From Microsoft Authenticator settings for the subscription, the Enable and Target settings are configured as shown in the exhibit. (Click the Exhibit tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation


NEW QUESTION # 242
......

2025 New Preparation Guide of Microsoft MS-102 Exam: https://torrentvce.certkingdompdf.com/MS-102-latest-certkingdom-dumps.html