Microsoft Microsoft Certifications MS-102 Questions & Answers

• Question 131:

  You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.

  

  The devices are managed by using Microsoft Intune.

  You plan to use a configuration profile to assign the Delivery Optimization settings.

  Which devices will support the settings?

  A. Device1 only

  B. Device1 and Device4

  C. Device1, Device3, and Device4

  D. Device1, Device2, Device3, and Device4

  Correct Answer: A

• Question 132:

  You have a Microsoft 365 E5 subscription that contains the following user:

  Name: User1 UPN: [email protected] Email address: [email protected] MFA enrollment status: Disabled When User1 attempts to sign in to Outlook on the web by using the [email protected] email address, the user cannot sign in.

  You need to ensure that User1 can sign in to Outlook on the web by using [email protected]. What should you do?

  A. Assign an MFA registration policy to User1.

  B. Reset the password of User1.

  C. Add an alternate email address for User1.

  D. Modify the UPN of User1.

  Correct Answer: D

  Microsoft's recommended best practices are to match UPN to primary SMTP address. This article addresses the small percentage of customers that cannot remediate UPN's to match.

  Note: A UPN is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than a distinguished name and easier to remember. By convention, this should map to the user's email name. The point of

  the UPN is to consolidate the email and logon namespaces so that the user only needs to remember a single name.

  Configure the Azure AD multifactor authentication registration policy Azure Active Directory (Azure AD) Identity Protection helps you manage the roll-out of Azure AD multifactor authentication (MFA) registration by configuring a Conditional

  Access policy to require MFA registration no matter what modern authentication app you're signing in to.

  Reference:

  https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname

• Question 133:

  Your company has a Microsoft 365 E5 subscription.

  Users in the research department work with sensitive data.

  You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted.

  What should you do?

  A. Create a data loss prevention (DLP) policy that has a Content is shared condition.

  B. Modify the safe links policy Global settings.

  C. Create a data loss prevention (DLP) policy that has a Content contains condition.

  D. Create a new safe links policy.

  Correct Answer: D

  Use the Microsoft 365 Defender portal to create Safe Links policies In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email and Collaboration > Policies and Rules > Threat policies > Safe Links in the Policies section. Or, to go directly to the Safe Links page, use https://security.microsoft.com/safelinksv2.

  1.

  On the Safe Links page, select Create to start the new Safe Links policy wizard.

  2.

  On the Name your policy page, configure the following settings:

  Name: Enter a unique, descriptive name for the policy. Description: Enter an optional description for the policy.

  3.

  When you're finished on the Name your policy page, select Next.

  4.

  On the Users and domains page, identify the internal recipients that the policy applies to (recipient conditions):

  Users: The specified mailboxes, mail users, or mail contacts.

  *-> Groups:

  Members of the specified distribution groups (including non-mail-enabled security groups within distribution groups) or mail-enabled security groups (dynamic distribution groups aren't supported).

  The specified Microsoft 365 Groups.

  Domains: All recipients in the specified accepted domains in your organization.

  Etc.

  Reference:

  https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links- policies-configure

• Question 134:

  You have a Microsoft 365 subscription.

  All users have their email stored in Microsoft Exchange Online.

  In the mailbox of a user named User1. you need to preserve a copy of all the email messages that contain the word ProjectX.

  What should you do first?

  A. From the Exchange admin center create a mail flow rule.

  B. From Microsoft 365 Defender, start a message trace.

  C. From Microsoft Defender for Cloud Apps, create an activity policy.

  D. From the Microsoft Purview compliance portal, create a label and a label policy.

  Correct Answer: D

• Question 135:

  You have a Microsoft 365 tenant that is signed up for Microsoft Store for Business and contains a user named User1. You need to ensure that User1 can perform the following tasks in Microsoft Store for Business:

  Assign licenses to users.

  Procure apps from Microsoft Store.

  Manage private store availability for all items.

  The solution must use the principle of least privilege.

  Which Microsoft Store for Business role should you assign to User1?

  A. Basic Purchaser

  B. Device Guard signer

  C. Admin

  D. Purchaser

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/microsoft-store/microsoft-store-for-business-overview

• Question 136:

  You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.

  You create a Microsoft Defender for identity instance Contoso.

  The tenant contains the users shown in the following table.

  

  You need to modify the configuration of the Defender for identify sensors.

  Solutions: You instruct User3 to modify the Defender for identity sensor configuration.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: A

• Question 137:

  Your company has a Microsoft E5 tenant.

  The company must meet the requirements of the ISO/IEC 27001:2013 standard.

  You need to assess the company's current state of compliance.

  What should you use?

  A. eDiscovery

  B. Information governance

  C. Compliance Manager

  D. Data Subject Requests (DSRs)

  Correct Answer: C

  Reference: https://docs.microsoft.com/en-us/compliance/regulatory/offering-iso-27001

• Question 138:

  You have a Microsoft 365 subscription that contains a user named User1.

  You need to ensure that User1 can search the Microsoft 365 audit logs from the Security and Compliance admin center.

  Which role should you assign to User1?

  A. View-Only Audit Logs in the Security and Compliance admin center

  B. View-Only Audit Logs in the Exchange admin center

  C. Security reader in the Azure Active Directory admin center

  D. Security Reader in the Security and Compliance admin center

  Correct Answer: B

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in- security-and-compliance?view=o365-worldwide

• Question 139:

  Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

  

  The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)

  

  User2 fails to authenticate to Azure AD when signing in as [email protected].

  You need to ensure that User2 can access the resources in Azure AD.

  Solution: From the Microsoft Entra admin center, you assign User2 the Security Reader role. You instruct User2 to sign in as [email protected].

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  This is not a permissions issue so you do not need to assign the Security Reader role. The on-premises Active Directory domain is named contoso.com. User2 could sign on as [email protected] but you would first need to change the UPN of User2 to [email protected].

• Question 140:

  You have a Microsoft 365 E5 subscription that uses Microsoft intune.

  in the Microsoft Endpoint Manager admin center, you discover many stale and inactive devices,

  You enable device clean-up rules

  What can you configure as the minimum number of days before a device a removed automatically?

  A. 10

  B. 30

  C. 45

  D. 90

  Correct Answer: D