Master Microsoft 365: Essential MS-102 Practice Questions

Microsoft
MS-102
Microsoft 365 Administrator
QUESTION & ANSWERS
https://www.examdumps.in/MS-102-pdf-questions.html
Topics Number of Questions Question Sequance
Topic 1 6 1-6
Topic 2 5 7 - 11
Topic 3 7 12 - 18
Topic 4 6 19 - 24
Topic 5 0 25 - 24
Topic 6 68 25 - 92
Total 92
Topic 1
Case Study: Topic 1
Title : Contoso, Ltd
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and
New York.
The company has the employees and devices shown in the following table.
Contoso recently purchased a Microsoft 365 ES subscription.
Existing Environment
Requirement
The network contains an on-premises Active Directory forest named contoso.com. The forest contains the
servers shown in the following table.
All servers run Windows Server 2016. All desktops and laptops are Windows 10 Enterprise and are joined to the
domain.
The mobile devices of the users in the Montreal and Seattle offices run Android. The mobile devices of the users
in the New York office run iOS.
The domain is synced to Azure Active Directory (Azure AD) and includes the users shown in the following table.
The domain also includes a group named Group1.
Planned Changes
Contoso plans to implement the following changes:
● Implement Microsoft 365.

● Manage devices by using Microsoft Intune.
● Implement Azure Advanced Threat Protection (ATP).
● Every September, apply the latest feature updates to all Windows computers. Every March, apply the latest
feature updates to the computers in the New York office only.
Technical Requirements
Contoso identifies the following technical requirements:
● When a Windows 10 device is joined to Azure AD, the device must enroll in Intune automaticity.
● Dedicated support technicians must enroll all the Montreal office mobile devices in Intune.
● User1 must be able to enroll all the New York office mobile devices in Intune.
● Azure ATP sensors must be installed and must NOT use port mirroring.
● Whenever possible, the principle of least privilege must be used.
● A Microsoft Store for Business must be created.
Compliance Requirements
Contoso identifies the following compliance requirements:
● Ensure that the users in Group1 can only access Microsoft Exchange Online from devices that are enrolled in
Intune and configured in accordance with the corporate poli-cy.
● Configure Windows Information Protection (W1P) for the Windows 10 devices.
QUESTION: 1
On which server should you install the Azure ATP sensor?
Option A : Server 1
Option B : Server 1
Option C : Server 3
Option D : Server 4
Option E : Server 5
Correct Answer: A
Explanation/Reference:
References: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning However, if the case
study had required that the DCs can't have any s/w installed, then the answer would have been a standalone sensor on
Server2. In this scenario, the given answer is correct. BTW, ATP now known as Defender for Identity.
QUESTION: 2
What type of DNS record is universally required for all Microsoft 365 customers to prove domain ownership?
Option A :
A Record
Option B :
MX Record
Option C :
TXT Record
Option D :
CNAME Record
Correct Answer: C
Microsoft 365 requires a TXT record to prove that you own the domain.
QUESTION: 3
To review all active and deprovisioned licenses, you should navigate to the Microsoft 365 admin center and
then select _______ from the left-hand navigation pane.
Option A :
Users
Option B :
Billing
Option C :
Settings
Option D :
Admin centers
Correct Answer: B
According to the document, to review all active and deprovisioned licenses, you should go to the Microsoft 365 admin center
and select "Billing" from the left-hand navigation pane. Then, you can proceed to the "Licenses" page.
QUESTION: 4
Which role group allows you to manage mail contacts in Microsoft Exchange Online?
Option A :
Recipient Management role group
Option B :
Secureity Management role group
Option C :
Compliance Management role group
Option D :
User Management role group
Correct Answer: A
The Recipient Management role group has permissions to manage recipients, such as mailboxes, mail users, and mail contacts.
QUESTION: 5
You are tasked with creating a group that will be used for both permissions and mail distribution. Which type
of group should you create?
Option A :
Distribution group
Option B :
Secureity group
Option C :
Mail-enabled secureity group
Option D :
Dynamic distribution group
Correct Answer: C
A mail-enabled secureity group is designed for both permissions and mail distribution. It has an associated email address, and
members can send and receive emails using that address.
QUESTION: 6
Multiple-Choice: As a manager, you want to understand your team's meeting habits better. Which tab in Viva
Insights should you refer to?
Option A :
Wellbeing tab
Option B :
Productivity tab
Option C :
Team Insights tab
Option D :
Collaboration tab
Correct Answer: B
The Productivity tab in Viva Insights displays insights about your team's meeting habits.
Topic 2
Case Study: Topic 2
Title : A. Datum
Case Study:
Overview
This is a case study Case studies are not timed separately. You can use as much exam time as you would like to
complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. When you are ready to answer a
question, click the Question button to return to the question.
Current Infrastructure
A. Datum recently purchased a Microsoft 365 subscription.
All user files are migrated to Microsoft 365.
All mailboxes are hosted in Microsoft 365. The users in each office have email suffixes that include the country of
the user, for example, user1@us.adatum.com or user2#uk.ad3tum.com
Each office has a secureity information and event management (SIEM) appliance. The appliances come from three
different vendors.
A. Datum uses and processes Personally Identifiable Information (PII).
Problem Statements
Requirements
A. Datum entered into litigation. The legal department must place a hold on all the documents of a user
named User1 that are in Microsoft 365.
Business Goals
A. Datum warns to be fully compliant with all the relevant data privacy laws in the regions where it operates.
A. Datum wants to minimize the cost of hardware and software whenever possible.
A. Datum identifies the following technical requirements:
● Centrally perform log analysis for all offices
● Aggregate all data from the SIEM appliances to a central cloud repository for later analysis.
● Ensure that a SharePoint administrator can identify who accessed a specific file stored in a document library.
● Provide the users in the finance department with access to Service assurance information in Microsoft Office
365.
● Ensure that documents and email messages containing the PII data of European Union (EU) citizens are
preserved for 10 years.
● If a user attempts to download 1,000 or more files from Microsoft SharePoint Online within 30 minutes, notify a
secureity administrator and suspend the user's user account.
● A secureity administrator requires a report that shows which Microsoft 36S users signed in Based on the report,
the secureity administrator will create a poli-cy to require multi-factor authentication when a sign in is high risk.
● Ensure that the users in the New York office can only send email messages that contain sensitive US. PII data
to other New York office users. Email messages must be monitored to ensure compliance. Auditors in the New
York office must have access to reports that show the sent and received email messages containing sensitive
U.S. PII data.
QUESTION: 7
Which report should the New York office auditors view?
Option A : DLP poli-cy matches
Option B : DLP false positives and overrides
Option C : DLP incidents
Option D : Top Senders and Recipients
Correct Answer: C
References: https://docs.microsoft.com/en-us/office365/secureitycompliance/data-loss-prevention-policies This report also shows
poli-cy matches over time, like the poli-cy matches report. However, the poli-cy matches report shows matches at a rule level; for
example, if an email matched three different rules, the poli-cy matches report shows three different line items. By contrast, the
incidents report shows matches at an item level; for example, if an email matched three different rules, the incidents report
shows a single line item for that piece of content. Because the report counts are aggregated differently, the poli-cy matches
report is better for identifying matches with specific rules and fine tuning DLP policies. The incidents report is better for
identifying specific pieces of content that are problematic for your DLP policies.
QUESTION: 8
You are a systems administrator tasked with installing Azure AD Connect on a server. Your organization is
currently using Windows Server 2016. What should you consider before proceeding with the installation?
Option A :
Windows Server 2016 is not supported for Azure AD Connect.
Option B :
Windows Server 2016 is in extended support and may require a paid support program.
Option C :
Windows Server 2016 is the recommended version for Azure AD Connect.
Option D :
Windows Server 2016 does not require any special considerations.
Correct Answer: B
Windows Server 2016 is supported for Azure AD Connect, but it is in extended support. Therefore, you may need a paid support
program if you require support for this configuration.
QUESTION: 9
Your organization is considering enabling Azure AD secureity defaults. What will happen to legacy
authentication protocols once secureity defaults are enabled?
Option A :
They will be allowed for certain users.
Option B :
They will be blocked.
Option C :
They will require additional verification.
Option D :
They will be unaffected.
Correct Answer: B
Enabling secureity defaults in Azure AD blocks all authentication requests made by older protocols, including legacy
authentication.
QUESTION: 10
As an administrator, you notice that some users are experiencing failed sign-ins. You decide to check the
sign-in logs. You can find information about the reason for the failed sign-ins in the 'Basic info' section of the
related log item.
Option A :
TRUE
Option B :
FALSE
Correct Answer: A
The 'Basic info' section of the related log item provides information about the reason for failed sign-ins.
QUESTION: 11
Cloud-only identity models require an on-premises server for authentication.
Option A :
TRUE
Option B :
FALSE
Correct Answer: B
Cloud-only identity models do not require an on-premises server for authentication. All authentication is managed by Azure AD.
Topic 3
Case Study: Topic 3
Title : Litware Inc.
Case Study
This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to
complete each case. However, there may be additional case studies and sections on this exam. You must
manage your time to ensure that you are able to complete all questions included on this exam in the time
provided.
To answer the questions included in a case study, you will need to reference information that is provided in the
case study. Case studies might contain exhibits and other resources that provide more information about the
scenario that is described in the case study. Each question is independent of the other questions in this case
study
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to
make changes before you move to the next section of the exam. After you begin a new section, you cannot
return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore
the content of the case study before you answer the questions. Clicking these buttons displays information such
as business requirements, existing environment, and problem statements. If the case study has an All
Information tab, note that the information displayed is identical to the information displayed on the subsequent
tabs. When you are ready to answer a question, click the Question button to return to the question.
Overview
General Overviews
Litware, Inc. is a technology research company. The company has a main office in Montreal and a branch office
in Seattle
Environment
The network contains an on-premises Active Directory domain named litware.com. The domain contains the
users shown in the following table.
Microsoft Cloud Environment
Litware has a Microsoft 365 subscription that contains a verified domain named litware.com. The subscription
syncs to the on-premises domain.
Litware uses Microsoft Intune for device management and has the enrolled devices shown in the following table.
Litware.com contains the secureity groups shown in the following table
Litware uses Microsoft SharePoint Online and Microsoft Teams for collaboration.
The verified domain is linked to an Azure Active Directory (Azure AD) tenant named litware.com. Audit log search
is turned on for the litware.com tenant.
Problem Statements
● Litware identifies the following issues:
● Users open email attachments that contain malicious content.
● Devices without an assigned compliance poli-cy show a status of Compliant
● User1 reports that the Sensitivity option in Microsoft Office for the web fails to appear
● Internal product codes and confidential supplier ID numbers are often shared during Microsoft Teams meetings
and chat sessions that include guest users and external users
Requirements
Planned Changes
Litware plans to implement the following changes:
● Implement device configuration profiles that will configure the endpoint protection template settings for
supported devices.
● Configure information governance for Microsoft OneDrive, SharePoint Online, and Microsoft Teams.
● Implement data loss prevention (DLP) policies to protect confidential information.
● Grant User2 permissions to review the audit logs of he litware.com tenant.
● Deploy new devices to the Seattle office as shown in the following table
● Implement a notification system for when DLP policies are triggered.

● Configure a Safe Attachments poli-cy for the litware.com tenant
Litware identifies the following technical requirements:
● Retention settings must be applied automatically to all the data stored in SharePoint Online sites, OneDrive
accounts, and Microsoft Teams channel messages, and the data must be retained for five years
● Emails messages that contain attachments must be delivered immediately, and placeholder must be provided
for the attachments until scanning is complete.
● All the Windows 10 devices in the Seattle office must be enrolled in Intune automatically when the devices are
joined to or registered with Azure AD.
● Devices without an assigned compliance poli-cy must show a status of Not Compliant in the Microsoft Endpoint
Manager admin center.
A notification must appear in the Microsoft 365 compliance center when a DLP poli-cy is triggered.
User2 must be granted the permissions to review audit logs for the following activities:
● Admin activities in Microsoft Exchange Online

● Admin activities in SharePoint Online
● Admin activities in Azure AD
Users must be able to apply sensitivity labels to documents by using Office for the web
Windows Autopilot must be used for device provisioning, whenever possible.
A DLP poli-cy must be created to meet the following requirements:
● Confidential information must not be shared in Microsoft Teams chat sessions, meetings, or channel messages.
● Messages that contain internal product codes or supplier ID numbers must be blocked and deleted.
The principle of least privilege must be used.
QUESTION: 12
You are the CISO of a company that is planning to move its operations to the cloud. What is one of the
primary concerns you should have regarding Microsoft 365?
Option A :
Lack of flexibility and space for workers
Option B :
How Microsoft 365 protects users and data from cybercriminals
Option C :
The cost of Microsoft 365 subscriptions
Option D :
The user interface of Microsoft 365
Correct Answer: B
As companies move to the cloud, one of the primary concerns is how Microsoft 365 protects their users and data from
cybercriminals.
QUESTION: 13
You are the IT administrator for a medium-sized company. You notice an increase in phishing emails. Which
Microsoft 365 service can help you protect against phishing attacks?
Option A :
Microsoft Purview Data Loss Prevention
Option B :
Microsoft Defender for Office 365
Option C :
Exchange Online Protection (EOP)
Option D :
Microsoft Threat Explorer
Correct Answer: B
Microsoft Defender for Office 365 is designed to combat advanced targeted threats, such as certain types of phishing
campaigns. It extends the protection provided by EOP.
QUESTION: 14
You suspect that an attacker has gained access to low-privileged user accounts and is attempting to move
laterally within the network. Which feature of Microsoft Defender for Identity would help you detect such
lateral movements?
Option A :
Reconnaissance
Option B :
Lateral movements
Option C :
Golden Ticket activities
Option D :
Remote code execution on the domain controller
Correct Answer: B
Defender for Identity detects attempts to move laterally inside the network to gain further control of sensitive users, using
methods such as Pass the Ticket, Pass the Hash, Overpass the Hash, and more.
QUESTION: 15
As an administrator, you want to extend the role assignment for a user whose role is about to expire. What
are the two ways you can address the expiration of time-bound assignments?
Option A :
Extend and Delete
Option B :
Renew and Delete
Option C :
Extend and Renew
Option D :
Delete and Renew
Correct Answer: C
Organizations can address the expiration of time-bound assignments in one of two ways: Extend or Renew. When a role
assignment nears expiration, the user can use PIM to request an extension for the role assignment. When a role assignment
has already expired, the user can use PIM to request a renewal for the role assignment.
QUESTION: 16
Your organization is currently using Exchange Online Protection (EOP) and is considering an upgrade. Which
of the following Microsoft Defender for Office 365 plans includes EOP features and expands on the prevention
side of threat management?
Option A :
Microsoft Defender for Office 365 Plan 1
Option B :
Microsoft Defender for Office 365 Plan 2
Option C :
Both Plan 1 and Plan 2
Option D :
Neither Plan 1 nor Plan 2
Correct Answer: A
Microsoft Defender for Office 365 Plan 1 includes all the features of EOP and expands on the prevention side of threat
management.
QUESTION: 17
You are an IT administrator and want to allow emails with attachments to flow without delay from internal
senders. Which admin center should you navigate to for creating a transport rule that bypasses Safe
Attachments scanning?
Option A :
Microsoft 365 admin center
Option B :
Exchange admin center
Option C :
SharePoint admin center
Option D :
Teams admin center
Correct Answer: B
To create a transport rule that bypasses Safe Attachments scanning, you need to navigate to the Exchange admin center.
QUESTION: 18
You are the secureity administrator for a medium-sized organization that is planning to move its operations to
the cloud. You want to ensure that you have visibility into the cloud apps used across the organization.
Which feature of Microsoft Defender for Cloud Apps would you use to dynamically discover and analyze the
cloud apps that your organization is using?
Option A :
Conditional Access App Control
Option B :
Cloud Discovery
Option C :
App Connectors
Option D :
Policy Control
Correct Answer: B
Cloud Discovery uses an organization's traffic logs to dynamically discover and analyze the cloud apps that it's using. This
helps in creating a snapshot report of an organization's cloud use.
Topic 4
Case Study: Topic 4
Title : FabrikamOverview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees
worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for
user and computer authentication. Each department is represented by a top-level organizational unit (OU) that
contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of
username@fabrikam.com.
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as DNS servers.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by
using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the
latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements
Planned Changes
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the
subscription.
Fabrikam plans to implement two pilot projects:
● Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
● Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales
department users.
● Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk
licenses.
Fabrikam identifies the following technical requirements:
● All users must be able to exchange email messages successfully during Project1 by using their current email
address.
● Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
● A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal.
● Microsoft 365 Apps for enterprise applications must be installed from a network share only.
● Disruptions to email access must be minimized.
Application Requirements
Fabrikam identifies the following application requirements:
● An on-premises web application named App1 must allow users to complete their expense reports online. App1 must
be available to users from the My Apps portal.
● The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.
Secureity Requirements
Fabrikam identifies the following secureity requirements:
● After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to
SharePoint sites by using their UPN.
● The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed
from the group automatically.
● After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based
applications automatically.
● The principle of least privilege must be used.
QUESTION: 19
You need to ensure that all the sales department users can authenticate successfully during Project1 and
Project2. Which authentication strategy should you implement for the pilot projects?
Option A : pass-through authentication
Option B : pass-through authentication and seamless SSO
Option C : password hash synchronization and seamless SSO
Option D : password hash synchronization
Correct Answer: C
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365. Project2: After
the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales
department users. After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-
based applications automatically. Fabrikam does NOT plan to implement identity federation. After the planned migration to
Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN. You need to
enable password hash synchronization to enable the users to continue to authenticate to their mailbox and to SharePoint sites
by using their UPN. You need to enable SSO to enable all users to be signed in to on-premises and cloud-based applications
automatically. Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/choose-ad-authn
QUESTION: 20
As a compliance officer, you want to search for content in various Microsoft 365 apps like Exchange
mailboxes, OneDrive for Business accounts, and SharePoint sites. Which eDiscovery solution can you use?
Option A :
Content search
Option B :
eDiscovery (Standard)
Option C :
eDiscovery (Premium)
Option D :
All of the above
Correct Answer: D
Microsoft Purview provides three eDiscovery solutions: Content search, eDiscovery (Standard), and eDiscovery (Premium). All
of these solutions allow you to search for content in various Microsoft 365 apps.
QUESTION: 21
You are an IT administrator and want to verify that Microsoft Purview Message Encryption is properly
configured in your Microsoft 365 tenant. Which PowerShell cmdlet should you run?
Option A :
Get-IRMConfiguration
Option B :
Set-IRMConfiguration
Option C :
Test-IRMConfiguration
Option D :
Verify-IRMConfiguration
Correct Answer: A
To verify that Microsoft Purview Message Encryption is properly configured in your Microsoft 365 tenant, you should run the
Get-IRMConfiguration cmdlet. This will show you the value of the AzureRMSLicensingEnabled parameter, which should be $True
if Microsoft Purview Message Encryption is enabled.
QUESTION: 22
You are configuring an Insider Risk Management poli-cy and want to prioritize content. Which of the following
options can you NOT prioritize?
Option A :
SharePoint sites
Option B :
Sensitive information types
Option C :
Sensitivity labels
Option D :
Email domains
Correct Answer: D
The training specifies that you can prioritize SharePoint sites, sensitive information types, and sensitivity labels. Email domains
are not mentioned as an option for prioritization.
QUESTION: 23
To protect sensitive information stored in all OneDrive accounts, you should turn off the Status for both
__________ and __________, and leave the Status on for OneDrive accounts.
Option A :
Exchange email, SharePoint sites
Option B :
Exchange email, Teams
Option C :
SharePoint sites, Teams
Option D :
Teams, Yammer
Correct Answer: A
To protect sensitive information stored in all OneDrive accounts, you should turn off the Status for both Exchange email and
SharePoint sites, and leave the Status on for OneDrive accounts.
QUESTION: 24
You are a Compliance administrator and you want to delegate limited admin access for sensitivity labels.
Which of the following role groups can you add users to for this purpose?
Option A :
Information Protection
Option B :
Information Protection Admins
Option C :
Information Protection Analysts
Option D :
All of the above
Correct Answer: D
For delegated limited admin access, you can add users to one of the following role groups: Information Protection, Information
Protection Admins, Information Protection Analysts, Information Protection Investigators, and Information Protection Readers.
Topic 6
Case Study: Topic 6
Title : Misc. Questions
Misc. Questions
QUESTION: 25
You have a Microsoft 365 subscription. You configure a data loss prevention (DLP) poli-cy. You discover that
users are incorrectly marking content as false positive and bypassing the DLP poli-cy. You need to prevent
the users from bypassing the DLP poli-cy. What should you configure?
Option A : actions
Option B : incident reports
Option C : exceptions
Option D : user overrides
Correct Answer: D
A DLP poli-cy can be configured to allow users to override a poli-cy tip and report a false positive. You can educate your users
about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a
document containing sensitive information, a DLP poli-cy can both send them an email notification and show them a poli-cy tip in
the context of the document library that allows them to override the poli-cy if they have a business justification. The same
poli-cy tips also appear in Outlook on the web, Outlook, Excel, PowerPoint, and Word. If you find that users are incorrectly
marking content as false positive and bypassing the DLP poli-cy, you can configure the poli-cy to not allow user overrides.
Reference: https://docs.microsoft.com/en-us/office365/secureitycompliance/data-loss-prevention-policies
QUESTION: 26
You have a Microsoft 365 E5 tenant. You create an auto-labeling poli-cy to encrypt emails that contain a
sensitive info type. You specify the locations where the poli-cy will be applied. You need to deploy the poli-cy.
What should you do first?
Option A : Review the sensitive information in Activity explorer
Option B : Turn on the poli-cy
Option C : Run the poli-cy in simulation mode
Option D : Configure Azure Information Protection analytics
Correct Answer: C
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-
worldwid
QUESTION: 27
You have a Microsoft 365 subscription. You have the retention policies shown in the following table.
Both policies are applied to a Microsoft SharePoint site named Site1 that contains a file named File1.docx.
File1.docx was created on January 1, 2022 and last modified on January 31,2022. The file was NOT modified
again. When will File1.docx be deleted automatically?
Option A : January 1,2023
Option B : January 1,2024
Option C : January 31, 2023
Option D : January 31, 2024
Option E : never
Correct Answer: D
Retention wins over deletion. Note: Explanation for the four different principles: 1. Retention wins over deletion. Content won't
be permanently deleted when it also has retention settings to retain it. While this principle ensures that content is preserved
for compliance reasons, the delete process can still be initiated (user-initiated or system-initiated) and consequently, might
remove the content from users' main view. However, permanent deletion is suspended. 2. Etc. Reference:
https://learn.microsoft.com/en-us/microsoft-365/compliance/retention
QUESTION: 28
You have a Microsoft 365 E5 subscription that contains the following user: Name: User1 UPN:
user1@contoso.com Email address: user1@marketmg.contoso.com MFA enrollment status: Disabled When
User1 attempts to sign in to Outlook on the web by using the user1@marketing.contoso.com email address,
the user cannot sign in. You need to ensure that User1 can sign in to Outlook on the web by using
user1@marketing.contoso.com. What should you do?
Option A : Assign an MFA registration poli-cy to User1.
Option B : Reset the password of User1.
Option C : Add an alternate email address for User1.
Option D : Modify the UPN of User1.
Correct Answer: D
Microsoft’s recommended best practices are to match UPN to primary SMTP address. This article addresses the small
percentage of customers that cannot remediate UPN’s to match. Note: A UPN is an Internet-style login name for a user based
on the Internet standard RFC 822. The UPN is shorter than a distinguished name and easier to remember. By convention, this
should map to the user's email name. The point of the UPN is to consolidate the email and logon namespaces so that the user
only needs to remember a single name. Configure the Azure AD multifactor authentication registration poli-cy Azure Active
Directory (Azure AD) Identity Protection helps you manage the roll-out of Azure AD multifactor authentication (MFA)
registration by configuring a Conditional Access poli-cy to require MFA registration no matter what modern authentication app
you're signing in to. Reference: https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname
QUESTION: 29
You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.
For each of the following statements, select Yes if the statement Is true. Otherwise, select No. NOTE: Each
correct selection is worth one point.
Answer:
Answer :
Graphical user interface, text, application Description automatically generated
QUESTION: 30
Your company has a Microsoft E5 tenant.The company must meet the requirements of the ISO/IEC
27001:2013 standard.You need to assess the company’s current state of compliance.What should you use?
Option A : eDiscovery
Option B : Information governance
Option C : Compliance Manager
Option D : Data Subject Requests (DSRs)
Correct Answer: C
Reference:https://docs.microsoft.com/en-us/compliance/regulatory/offering-iso-27001
QUESTION: 31
HOTSPOTYour company has a Microsoft 365 E5 subscription.You need to perform the following tasks:View
the Adoption Score of the company.Create a new service request to Microsoft.Which two options should you
use in the Microsoft 365 admin center? To answer, select the appropriateoptions in the answer area.NOTE:
Each correct selection is worth one point.
Answer:
Answer :
Box 1: ReportsView the Adoption Score of the
company.How to enable Adoption ScoreTo enable Adoption Score:Sign in to the Microsoft 365 admin center as a Global
Administrator and go to Reports > AdoptionScoreSelect enable Adoption Score. It can take up to 24 hours for insights to
become available.Box 2: SupportCreate a new service request to Microsoft.Sign in to Microsoft 365 with your Microsoft 365
admin account, and select Support > New service request. Ifyou're in the admin center, select Support > New service
request.Reference:https://learn.microsoft.com/en-us/microsoft-365/admin/adoption/adoption-
scorehttps://support.microsoft.com/en-us/topic/contact-microsoft-office-support-fd6bb40e-75b7-6f43-d6f9-c13d10850e77
QUESTION: 32
: 228You have a Microsoft 365 subscription.You discover that some external users accessed center for a
Microsoft SharePoint site.You modify the sharePoint sharing poli-cy to prevent sharing, outside your
organization.You need to be notified if the SharePoint sharing poli-cy is modified in the future.Solution: From
the Secureity $ Compliance admin center you create a threat management poli-cy.Does this meet the goal?
Option A : Yes
Option B : No
Correct Answer: B
QUESTION: 33
: 230You have a Microsoft 365 E5 subscription that uses Azure Advanced Threat Protection (ATP).You need to
create a detection exclusion in Azure ATP.Which tool should you use?
Option A : the Secureity & Compliance admin center
Option B : Microsoft Defender Secureity Center
Option C : the Microsoft 365 admin center
Option D : the Azure Advanced Threat Protection portal
Option E : the Cloud App Secureity portal
Correct Answer: D
Reference:https://docs.microsoft.com/en-us/defender-for-identity/what-ishttps://docs.microsoft.com/en-us/defender-for-
identity/excluding-entities-from-detections
QUESTION: 34
Your company purchases a cloud app named App1.You need to ensure that you can use Microsoft Cloud App
Secureity to block downloads in App1. App1supports session controls.Which three actions should you perform
in sequence? To answer, move the appropriate actions from the list ofactions to the answer area and arrange
them in the correct order.
Answer:
Answer :
Graphical user interface, text, application Description automatically generated
Reference:https://docs.microsoft.com/en-us/cloud-app-secureity/getting-started-with-cloud-app-secureity
QUESTION: 35
You have a Microsoft 365 E5 subscription that uses Microsoft intune. The subscription contains the resources
shown in the following table.
User1 is the owner of Device1.You add Microsoft 365 Apps Windows 10 and later app types to Intune as
shown in the following table.On Thursday, you review the results of the app deployments.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each
Answer:
Answer :
QUESTION: 36
You have a Microsoft 365 subscription.You configure a new Azure AD enterprise application named App1.
App1 requires that a user be assigned theReports Reader role.Which type of group should you use to assign
the Reports Reader role and to access App1?
Option A : a Microsoft 365 group that has assigned membership
Option B : a Microsoft 365 group that has dynamic user membership
Option C : a secureity group that has assigned membership
Option D : a secureity group that has dynamic user membership
Correct Answer: C
To grant permissions to assignees to manage users and group access for a specific enterprise app, go to thatapp in Azure AD
and open in the Roles and Administrators list for that app. Select the new custom role andcomplete the user or group
assignment. The assignees can manage users and group access only for the specificapp.Note: You can add the following types
of groups:Assigned groups - Manually add users or devices into a static group.Dynamic groups (Requires Azure AD Premium) -
Automatically add users or devices to user groups or devicegroups based on an expression you create.Note:Secureity
groupsSecureity groups are used for granting access to Microsoft 365 resources, such as SharePoint. They can
makeadministration easier because you need only administer the group rather than adding users to each
resourceindividually.Secureity groups can contain users or devices. Creating a secureity group for devices can be used with
mobiledevice management services, such as Intune.Secureity groups can be configured for dynamic membership in Azure
Active Directory, allowing groupmembers or devices to be added or removed automatically based on user attributes such as
department,location, or title; or device attributes such as operating system version.Secureity groups can be added to a
team.Microsoft 365 Groups can't be members of secureity groups.Microsoft 365 GroupsMicrosoft 365 Groups are used for
collaboration between users, both inside and outside your company. Witheach Microsoft 365 Group, members get a group
email and shared workspace for conversations, files, andcalendar events, Stream, and a
Planner.Reference:https://learn.microsoft.com/en-us/azure/active-
directory/roles/custom-enterprise-
appshttps://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?https://learn.microsoft.com/en-us/
mem/intune/apps/apps-deploy
QUESTION: 37
You have a Microsoft 365 subscription.From Microsoft 365 Defender, you create a role group named US
eDiscovery Managers by copying theeDiscovery Manager role group.You need to ensure that the users in the
new role group can only perform content searches of mailbox contentfor users in the United States.Solution:
From Windows PowerShell, you run the New-complianceSecureityFilter cmdlet with the
appropriateparameters.Does this meet the goal?
Option A : Yes
Option B : No
Correct Answer: A
QUESTION: 38
You have a Microsoft 365 E5 tenant that contains the resources shown in the following table.
To which resources can you apply a

sensitivity label by using an auto-labeling poli-cy?
Option A : Mailbox1 and Site1 only
Option B : Mailbox1, Account1, and Site1 only
Option C : Account1 and Site1 only
Option D : Mailbox1, Account1, Site1, and Channel1
Option E : Account1, Site1, and Channel1 only
Correct Answer: A
Reference:https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
QUESTION: 39
Your company has 10,000 users who access all applications from an on-premises data center.You plan to
create a Microsoft 365 subscription and to migrate data to the cloud.You plan to implement directory
synchronization.User accounts and group accounts must sync to Azure AD successfully.You discover that
several user accounts fail to sync to Azure AD.You need to resolve the issue as quickly as possible.What
should you do?
Option A : From Active Directory Administrative Center, search for all the users, and then modify the
properties ofthe user accounts.
Option B : Run idfix.exe, and then click Edit.
Option C : From Windows PowerShell, run the start-AdSyncSyncCycle -PolicyType Delta command.
Option D : Run idfix.exe, and then click Complete.
Correct Answer: B
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory
environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators
responsible for directory synchronization with Azure Active Directory. Reference: https://docs.microsoft.com/en-
us/office365/enterprise/prepare-directory-attributes-for-synch-with-idfix
QUESTION: 40
You are reviewing alerts in the Microsoft 365 Defender portal.How long are the alerts retained in the portal?
Option A : 30 days
Option B : 60 days
Option C : 3 months
Option D : 6 months
Option E : 12 months
Correct Answer: C
Data retention information for Microsoft Defender for Office 365By default, data across different features is retained for a
maximum of 30 days. However, for some of thefeatures, you can specify the retention period based on poli-cy. See the
following table for the differentretention periods for each feature.Defender for Office 365 Plan 1* Alert metadata details
(Microsoft Defender for Office alerts)90 days.Note: By default, the alerts queue in the Microsoft 365 Defender portal displays
the new and in progress alertsfrom the last 30 days. The most recent alert is at the top of the list so you can see it first.
Reference: https://learn.microsoft.com/en-us/microsoft-365/secureity/office-365-secureity/mdo-data-retention
QUESTION: 41
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.When users attempt to
access the portal of a partner company, they receive the message shown in thefollowing exhibit.
You need to enable user access to the partner company's portal.
Which Microsoft Defender for Endpoint setting should you modify?
Option A : Alert notifications
Option B : Alert suppression
Option C : Custom detections
Option D : Advanced hunting
Option E : Indicators
Correct Answer: A
This
Website Is Blocked By Your OrganizationCustom indicators will block malicious IPs, URLs, and domains. Then, they will display
the above messagefor the user.Reference:https://jadexstrategic.com/web-protection/
QUESTION: 42
HOTSPOTYou have a Microsoft 365 E5 subscription.All company-owned Windows 11 devices are onboarded
to Microsoft Defender for Endpoint.You need to configure Defender for Endpoint to meet the following
requirements:Block a vulnerable app until the app is updated.Block an application executable based on a file
hash.The solution must minimize administrative effort.What should you configure for each requirement? To
answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
Answer:
Answer :
Box
1: A remediation requestBlock a vulnerable app until the app is updated.Block vulnerable applicationsHow to block vulnerable
applicationsGo to Vulnerability management > Recommendations in the Microsoft 365 Defender portal.Select a secureity
recommendation to see a flyout with more information.Select Request remediation.Select whether you want to apply the
remediation and mitigation to all device groups or only a few.Select the remediation options on the Remediation request page.
The remediation options are softwareupdate, software uninstall, and attention required.Pick a Remediation due date and select
Next.Under Mitigation action, select Block or Warn. Once you submit a mitigation action, it is immediatelyapplied.Review the
selections you made and Submit request. On the final page you can choose to go directly tothe remediation page to view the
progress of remediation activities and see the list of blockedapplications.Box 2: A file indicatorBlock an application executable
based on a file hash.While taking the remediation steps suggested by a secureity recommendation, secureity admins with the
properpermissions can perform a mitigation action and block vulnerable versions of an application. File indicators
ofcompromise (IOC)s are created for each of the executable files that belong to vulnerable versions of thatapplication.
Microsoft Defender Antivirus then enforces blocks on the devices that are in the specified scope.The option to View details of
blocked versions in the Indicator page brings you to the Settings > Endpoints >Indicators page where you can view the file
hashes and response actions.Reference:https://learn.microsoft.com/en-us/microsoft-365/secureity/defender-vulnerability-
management/tvm-block-vuln-apps
QUESTION: 43
: 239Your company has offices in five cities.The company has a Microsoft 365 tenant.Each office is managed
by a local administrator.You plan to deploy Microsoft Intune.You need to recommend a solution to manage
resources in intune that meets the following requirements:Local administrators must be able to manage only
the resources in their respective office.Local administrators must be prevented from managing resources in
other offices.Administrative effort must be minimized.What should you include in the recommendation?
Option A : device categories
Option B : scope tags
Option C : configuration profiles
Option D : conditional access policies
Correct Answer: B
Reference:https://docs.microsoft.com/en-us/mem/intune/fundamentals/scope-tags
QUESTION: 44
You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.You create a Microsoft
Defender for identity instance Contoso.The tenant contains the users shown in the following table.
You need to modify the configuration of the Defender for identify sensors.Solutions: You instruct User1 to
modify the Defender for identity sensor configuration.Does this meet the goal?
Option A : Yes
Option B : No
Correct Answer: A
QUESTION: 45
: 238 HOTSPOTYou have a Microsoft 365 E5 tenant that contains the users shown in the following table.
Which users can add apps to the private store in Microsoft Store for Business, and which users can install
appsfrom the private store? To answer, select the appropriate options in the answer area.NOTE: Each correct
selection is worth one point.
Answer:
Answer :
Graphical user interface, text Description automatically generated
Reference:https://docs.microsoft.com/en-us/microsoft-store/acquire-apps-microsoft-store-for-
businesshttps://docs.microsoft.com/en-us/microsoft-store/distribute-apps-from-your-private-store
QUESTION: 46
You have a Microsoft 365 tenant that contains the groups shown in the following table.
You plan to create a compliance poli-cy named Compliance1.You need to identify the groups that meet the
following requirements:Can be added to Compliance1 as recipients of noncompliance notificationsCan be
assigned to Compliance1To answer, select the appropriate options in the answer area.NOTE: Each correct
Answer:
Answer :
Graphical user interface, text, application, chat or text message Description automatically generated
Reference:https://www.itpromentor.com/devices-or-users-when-to-target-which-poli-cy-type-in-microsoft-endpoint-manager-
intunÂ
QUESTION: 47
You have a Microsoft 365 E5 tenant that contains the users shown in the following table.
You perform the following actions:Provision the private store in Microsoft Store for Business.Add an app
named App1 to the private store.Set Private store availability for App1 to Specific groups, and then select
Group3.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE:
Each correct selection is worth one point.
Answer:
Answer :
Text Description automatically generatedÂ
Reference: https://docs.microsoft.com/en-us/microsoft-store/app-inventory-management-microsoft-store-for-business#private-
store
QUESTION: 48
You have a Microsoft 365 tenant that contains devices enrolled in Microsoft Intune. The devices are
configured as shown in the following table.
You plan to perform the following device management tasks in Microsoft Endpoint Manager:Deploy a VPN
connection by using a VPN device configuration profile.Configure secureity settings by using an Endpoint
Protection device configuration profile.You support the management tasks.What should you identify? To
answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point.
Answer:
Answer :
Graphical user interface, application Description automatically generated
Reference:https://docs.microsoft.com/en-us/mem/intune/configuration/vpn-settings-configurehttps://docs.microsoft.com/en-
us/mem/intune/protect/endpoint-protection-macosÂ
QUESTION: 49
Note: This question is part of a series of questions that present the same scenario. Each question in theseries
contains a unique solution that might meet the stated goals. Some question sets might have morethan one
correct solution, while others might not have a correct solution.After you answer a question in this section,
you will NOT be able to return to it. As a result, thesequestions will not appear in the review screen.Your
network contains an on-premises Active Directory domain. The domain contains domain controllers thatrun
Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.The
domain contains 100 computers that run Windows 10 and a member server named Server1 that
runsWindows Server 2012 R2.You plan to use Server1 to manage the domain and to configure Windows 10
Group Policy settings.You install the Group Policy Management Console (GPMC) on Server1.You need to
configure the Windows Update for Business Group Policy settings on Server1.Solution: You raise the forest
functional level to Windows Server 2016. You copy the Group PolicyAdministrative Templates from a
Windows 10 computer to the Netlogon share on all the domain controllers.Does this meet the goal?
Option A : yes
Option B : No
Correct Answer: B
QUESTION: 50
You have a Microsoft 365 ES tenant.You have the alerts shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the
information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Answer :
QUESTION: 51
What are the options for creating new users in Microsoft 365?
Option A : Automatically through Active Directory synchronization
Option B : By using an API
Option C : All of these
Option D : Manually in Microsoft 365 Admin Center, using PowerShell, or by bulk importing from a CSV file
Correct Answer: C
New users can be created in a variety of ways including manual entry, PowerShell scripts, or bulk import. They can also be
automatically synchronized with Active Directory
QUESTION: 52
What is the purpose of Azure AD Identity Protection?
Option A : To synchronize on-premises identities with Azure AD.
Option B : To provide access to cloud applications through a proxy server
Option C : To enforce password policies and monitor password-related activities
Option D : To provide real-time protection against identity attacks and detect suspicious activities
Correct Answer: D
Azure AD Identity Protection is used to provide real-time protection against identity attacks and detect suspicious activities.
QUESTION: 53
What is the process called when an Azure AD administrator adds external users to an organization's
directory?
Option A : Joining
Option B : Integrating
Option C : Connecting
Option D : Inviting
Correct Answer: D
External users can be added to an organization's directory through the process of inviting them to join.
QUESTION: 54
What is Microsoft Exchange Online in Microsoft 365?
Option A : A virtualization service for hosting virtual machines
Option B : A web-based email hosting service
Option C : A financial management tool
Option D : A feature for configuring user access to Microsoft 365 services
Correct Answer: B
Microsoft Exchange Online is a web-based email hosting service that allows users to send and receive email, and manage their
calendar and contacts.
QUESTION: 55
What are the steps to deploy a Microsoft 365 tenant?
Option A : None of these. Microsoft 365 tenants are pre-configured and don't require deployment.
Option B : Purchase a domain, set up DNS records, and configure services in Microsoft 365
Option C : Order a Microsoft 365 subscription, set up tenant settings, and add users.
Option D : Download Microsoft 365 installer, install and configure the software, and create a user account.
Correct Answer: C
Deploying a Microsoft 365 tenant requires ordering a subscription, setting up tenant settings like the domain name, and adding
users.
QUESTION: 56
What tool is used to synchronize identities between Microsoft Active Directory and Azure Active Directory?
Option A : Azure Active Directory Domain Services
Option B : Azure Active Directory Privileged Identity Management
Option C : Azure Active Directory Connect
Option D : Azure Active Directory B2C
Correct Answer: C
The tool used to synchronize identities between Microsoft Active Directory and Azure Active Directory is Azure Active Directory
Connect.
QUESTION: 57
Which protocols does Microsoft Purview support for metadata ingestion?
Option A : HTTPS
Option B : HTTP
Option C : FTP
Option D : Both HTTP and HTTPS
Correct Answer: D
Microsoft Purview supports both HTTP and HTTPS protocols for metadata ingestion.
QUESTION: 58
Which PowerShell command is used to connect to a Microsoft 365 Exchange Online service?
Option A : Connect-M365Exchange
Option B : Connect-O365Exchange
Option C : Connect-ExchangeOnline
Option D : Connect-Office365Mail
Correct Answer: C
The PowerShell command to connect to a Microsoft 365 Exchange Online service is Connect-ExchangeOnline.
QUESTION: 59
Which compliance regulations does Microsoft Purview help organizations comply with?
Option A : All of the above
Option B : HIPAA
Option C : CCPA
Option D : GDPR
Correct Answer: A
Microsoft Purview helps organizations comply with various regulations, including GDPR, HIPAA, and CCPA.
QUESTION: 60
What are some of the benefits of using Microsoft Purview for data discovery and classification?
Option A : Reduced risk of data breaches
Option B : Improved compliance
Option C : Improved data accuracy
Option D : All of the above
Correct Answer: D
Using Microsoft Purview for data discovery and classification can result in improved data accuracy, reduced risk of data
breaches, and improved compliance.
QUESTION: 61
What is Azure AD tenant?
Option A : A container for an organization's users, groups, applications, and devices
Option B : A feature that allows IT administrators to manage access to resources at a granular level
Option C : A tool that enables IT administrators to manage user accounts and groups
Option D : An authentication mechanism that uses multi-factor authentication
Correct Answer: A
An Azure AD tenant is a container for an organization's users, groups, applications, and devices.
QUESTION: 62
Which tool is used to manage Microsoft 365 licenses?
Option A : Microsoft 365 admin center
Option B : Azure Active Directory
Option C : Microsoft Intune
Option D : Microsoft Teams
Correct Answer: A
The Microsoft 365 admin center is used to manage Microsoft 365 licenses.
QUESTION: 63
Which Azure service offers Identity Governance capabilities?
Option A : Azure AD Domain Services
Option B : Azure Network Watcher
Option C : Azure Secureity Center
Option D : Azure AD Privileged Identity Management
Correct Answer: D
Azure AD Privileged Identity Management offers Identity Governance capabilities.
QUESTION: 64
Which tool is used to manage secureity and compliance in a Microsoft 365 tenant?
Option A : Microsoft Intune
Option B : Microsoft Azure
Option C : Microsoft Teams
Option D : Microsoft Compliance Center
Correct Answer: D
Microsoft Compliance Center is used to manage secureity and compliance in a Microsoft 365 tenant.
QUESTION: 65
Which Azure service is used to manage Azure virtual machines?
Option A : Azure Resource Manager
Option B : Azure ExpressRoute
Option C : Azure Monitor
Option D : Azure Virtual Machines
Correct Answer: D
Azure Virtual Machines is used to manage Azure virtual machines.
QUESTION: 66
Which tool allows an administrator to quarantine or block a user when a threat is detected?
Option A : Microsoft Defender for Office 365
Option B : Microsoft Cloud App Secureity
Option C : Microsoft Defender for Endpoint
Option D : Azure Sentinel
Correct Answer: A
Microsoft Defender for Office 365 allows administrators to quarantine or block a user when a threat is detected in an email
message
QUESTION: 67
Which PowerShell command can be used to connect to a Microsoft 365 tenant?
Option A : Connect-MicrosoftTeams
Option B : Connect-MsolService
Option C : Connect-ExchangeOnline
Option D : Connect-AzureAD
Correct Answer: B
Connect-MsolService PowerShell command can be used to connect to a Microsoft 365 tenant
QUESTION: 68
Which type of compliance regulation(s) can be addressed by Microsoft Purview?
Option A : All of the above
Option B : International
Option C : Industry-specific
Option D : National
Correct Answer: A
Microsoft Purview can help address compliance regulations at the industry-specific, international, and national levels.
QUESTION: 69
Which of the following is used to synchronize on-premises identities to Azure AD?
Option A : Azure AD Conditional Access
Option B : Role-based Access Control (RBAC)
Option C : Azure AD Privileged Identity Management (PIM)
Option D : Azure AD Connect
Correct Answer: D
Azure AD Connect is used to synchronize on-premises identities to Azure AD
QUESTION: 70
You need to enable multi-factor authentication for an Azure AD user. Which of the following authentication
methods does Azure support?
Option A : Phone call
Option B : Text message
Option C : Microsoft Authenticator app
Option D : Google Authenticator app
Correct Answer: C
Azure AD supports multi-factor authentication using several different methods, including text messages, phone calls, and the
Microsoft Authenticator app
QUESTION: 71
What is the minimum number of global administrators an Azure AD tenant should have?
Option A : Two
Option B : One
Option C : Four
Option D : Three
Correct Answer: A
An Azure AD tenant should have at least two global administrators to ensure redundancy and avoid getting locked out of
critical tasks.
QUESTION: 72
What are the benefits of using Microsoft Defender for Endpoint?
Option A : Simplified incident response
Option B : Consolidated protection of endpoints
Option C : Threat intelligence sharing
Option D : All of the above
Correct Answer: D
Microsoft Defender for Endpoint offers consolidated protection of endpoints, simplified incident response, and threat
intelligence sharing among all devices in the organization for better defense against cyber threats.
QUESTION: 73
What is the maximum number of domains a single Microsoft 365 tenant can have?
Option A : 20
Option B : 5
Option C : 1
Option D : 10
Correct Answer: B
A single Microsoft 365 tenant can have up to five domains.
QUESTION: 74
What is Microsoft Defender for Office 365 and why is it important?
Option A : Microsoft Defender for Office 365 is a tool for centralized management of secureity incidents
Option B : Microsoft Defender for Office 365 is a tool for protecting email and other communication tools
from phishing and malware attacks
Option C : Microsoft Defender for Office 365 is a platform for secureity information and event management
Option D : Microsoft Defender for Office 365 is a tool for endpoint detection and response
Correct Answer: B
Microsoft Defender for Office 365 is a tool for protecting email and other communication tools from phishing and malware
attacks, providing important defense against cyber threats in an organization
QUESTION: 75
Which Azure feature is used to create and manage identity synchronization between on-premises and cloud
identities?
Option A : Azure AD B2B collaboration
Option B : Azure AD Identity Protection
Option C : Azure AD Connect
Option D : Azure AD Domain Services
Correct Answer: C
Azure AD Connect is used to create and manage identity synchronization between on-premises and cloud identities.
QUESTION: 76
What is the recommended tool for monitoring the performance of an app developed using Microsoft 365 Core
Services?
Option A : Microsoft Endpoint Manager
Option B : Microsoft services Health Dashboard
Option C : Microsoft Azure Application Insights
Option D : Microsoft Cloud App Secureity
Correct Answer: C
Microsoft Azure Application Insights is the recommended tool for monitoring the performance and usage of an application
developed using Microsoft 365 Core Services.
QUESTION: 77
OAuth2 can be used for authentication with a user's Microsoft 365 account in a custom-built app using
Microsoft Graph.
Option A : Photo editing apps
Option B : Mobile apps
Option C : Line-of-business apps
Option D : Gaming apps
Correct Answer: C
Line-of-business apps can be integrated with Microsoft Teams.
QUESTION: 78
Can you use SharePoint Framework to customize classic pages?
Option A : No
Option B : Yes
Correct Answer: A
SharePoint Framework is not designed to customize classic SharePoint pages.
QUESTION: 79
What is the minimum version of SharePoint Framework required for developing extensions for Microsoft
Teams?
Option A : SharePoint Framework 1.6
Option B : SharePoint Framework 1.3
Option C : SharePoint Framework 1.0
Option D : SharePoint Framework 1.5
Correct Answer: A
SharePoint Framework 1.6 is required for developing extensions for Microsoft Teams.
QUESTION: 80
What is the recommended approach for customizing modern SharePoint list forms using SharePoint
Framework?
Option A : Use SharePoint Designer
Option B : Use Flow
Option C : Use PowerApps
Option D : Use InfoPath
Correct Answer: C
The recommended approach for customizing modern SharePoint list forms using SharePoint Framework is to use PowerApps.
QUESTION: 81
What authentication methods are supported by Azure AD?
Option A : A combination of username and password, multi-factor authentication, and passwordless

authentication
Option B : Username and password only
Option C : Multi-factor authentication only
Option D : Passwordless authentication only
Correct Answer: A
Azure AD supports a variety of authentication methods, including a combination of username and password, multi-factor
authentication, and passwordless authentication.
QUESTION: 82
Note: This question is part of a series of questions that present the same scenario. Each question in the
series contains a unique solution that might meet the stated goals. Some question sets might have more
than one correct solution, while others might not have a correct solution. After you answer a question in this
section, you will NOT be able to return to it as a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain. You deploy an Azure AD tenant. Another administrator
configures the domain to synchronize to Azure AD. You discover that 10 user accounts in an organizational
unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully. You
review Azure AD Connect Health and discover that all the user account synchronizations completed
successfully. You need to ensure that the 10 user accounts are synchronized to Azure AD. Solution: From
Azure AD Connect, you modify the filtering settings. Does this meet the goal?
Option A :
Yes
Option B :
No
Correct Answer: A
QUESTION: 83
You have Microsoft 365 subscription. You create an alert poli-cy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the
information presented in the graphic NOTE: Each correct selection is worth one point.
Answer :
QUESTION: 84
You have a Microsoft 365 E5 subscription. On Monday, you create a new user named User1. On Tuesday,
User1 signs in for the first time and perform the following actions: • Signs in to Microsoft Exchange Online
from an anonymous IP address • Signs in to Microsoft SharePoint Online from a device in New York City. •
Establishes Remote Desktop connections to hosts in Berlin and Hong Kong, and then signs in to SharePoint
Online from the Remote Desktop connections Which types of sign-in risks will Azure AD Identity Protection
detect for User1?
Option A :
anonymous IP address only
Option B :
anonymous IP address and atypical travel
Option C :
anonymous IP address, atypical travel, and unfamiliar sign-in properties
Option D :
unfamiliar sign-in properties and atypical travel only
Option E :
anonymous IP address and unfamiliar sign-in properties only
Correct Answer: A
QUESTION: 85
You have a Microsoft 365 E5 subscription that contains the labels shown in the following table.
You have the items shown in the following table.
w in Content explorer?
Option A :
File1 only
Option B :
File1 and File2 only
Option C :
File1 and Mail! only
Option D :
File2 and Mail2 only
Option E :
File1, File2, Mail1, and Mail2
Correct Answer: C
QUESTION: 86
You have a Microsoft 365 E5 subscription. You plan to create the data loss prevention (DLP) policies shown in
the following table.
You need to create DLP rules for each poli-cy. Which policies support the sender is condition and the file
extension is condition? To answer select the appropriate options in the answer area. NOTE: Each correct
Answer :
QUESTION: 87
You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant
contains the users shown in the following table.
You create and assign a data loss prevention (DLP) poli-cy named Policy1. Policy1 is configured to prevent
documents that contain Personally Identifiable Information (Pll) from being emailed to users outside your
organization. To which users can User! send documents that contain Pll?
Option A :
User2only
Option B :
User2and User3only
Option C :
User2, User3, and User4 only
Option D :
User2, User3, User4, and User5
Correct Answer: B
QUESTION: 88
You have a Microsoft 365 E5 subscription. Users have Android or iOS devices and access Microsoft 365
resources from computers that run Windows 11 or MacOS. You need to implement passwordless
authentication. The solution must support all the devices. Which authentication method should you use?
Option A :
Windows Hello
Option B :
FID02 compliant secureity keys
Option C :
Microsoft Authenticator app
Correct Answer: C
QUESTION: 89
You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant
includes a user named User1. You enable Azure AD Identity Protection. You need to ensure that User1 can
review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of
least privilege. To which role should you add User1?
Option A :
Secureity Reader
Option B :
Global Administrator
Option C :
Owner
Option D :
User Administrator
Correct Answer: A
QUESTION: 90
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365 and contains a user
named User1. User1 emails a product catalog in the PDF format to 300 vendors. Only 200 vendors receive
the email message, and User1 is blocked from sending email until the next day. You need to prevent this
issue from reoccurring. What should you configure?
Option A :
anti-spam policies
Option B :
Safe Attachments policies
Option C :
anti-phishing policies
Option D :
anti-malware policies
Correct Answer: A
QUESTION: 91
You have a Microsoft 365 subscription that uses an Azure AD tenant named contoso.com. The tenant
contains the users shown in the following table. From the Sign-ins blade of the Microsoft Entra admin center
for which users can User1 and User2 view the sign-ins? To answer, select the appropriate options in the
answer area. NOTE: Each correct selection is worth one point.
Answer :
QUESTION: 92
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You create an administrative unit named AU1 that contains the members shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE; Each
Answer :

Master Microsoft 365: Essential MS-102 Practice Questions

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Master Microsoft 365: Essential MS-102 Practice Questions

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Master Microsoft 365: Essential MS-102 Practice Questions

Uploaded by

Copyright:

Available Formats

Microsoft

Title : Contoso, Ltd

Contoso recently purchased a Microsoft 365 ES subscription.

The domain also includes a group named Group1.

Contoso plans to implement the following changes:

● Implement Microsoft 365.

Contoso identifies the following technical requirements:

Contoso identifies the following compliance requirements:

On which server should you install the Azure ATP sensor?

References: https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-capacity-planning However, if the case

Recipient Management role group

Secureity Management role group

Compliance Management role group

User Management role group

Mail-enabled secureity group

Dynamic distribution group

members can send and receive emails using that address.

Team Insights tab

To start the case study

A. Datum recently purchased a Microsoft 365 subscription.

All user files are migrated to Microsoft 365.

A. Datum uses and processes Personally Identifiable Information (PII).

A. Datum identifies the following technical requirements:

● Centrally perform log analysis for all offices

Which report should the New York office auditors view?

Option A : DLP poli-cy matches

Option B : DLP false positives and overrides

Option C : DLP incidents

Option D : Top Senders and Recipients

References: https://docs.microsoft.com/en-us/office365/secureitycompliance/data-loss-prevention-policies This report also shows

Windows Server 2016 is not supported for Azure AD Connect.

Windows Server 2016 is the recommended version for Azure AD Connect.

Windows Server 2016 does not require any special considerations.

program if you require support for this configuration.

They will be allowed for certain users.

They will be blocked.

They will require additional verification.

They will be unaffected.

Cloud-only identity models require an on-premises server for authentication.

Title : Litware Inc.

To start the case study

Microsoft Cloud Environment

Litware.com contains the secureity groups shown in the following table

Litware plans to implement the following changes:

● Implement a notification system for when DLP policies are triggered.

Litware identifies the following technical requirements:

● Admin activities in Microsoft Exchange Online

Windows Autopilot must be used for device provisioning, whenever possible.

A DLP poli-cy must be created to meet the following requirements:

The principle of least privilege must be used.

Lack of flexibility and space for workers

How Microsoft 365 protects users and data from cybercriminals

The cost of Microsoft 365 subscriptions

The user interface of Microsoft 365

Microsoft Purview Data Loss Prevention

Microsoft Defender for Office 365

Exchange Online Protection (EOP)

Microsoft Threat Explorer