Microsoft Microsoft Certifications MS-102 Questions & Answers

• Question 41:

  You have a Microsoft 365 tenant that contains devices registered for mobile device management. The devices are configured as shown in the following table.

  

  You plan to enable VPN access for the devices.

  What is the minimum number of configuration policies required?

  A. 3

  B. 5

  C. 4

  D. 1

  Correct Answer: D

• Question 42:

  Your network contains an Active Directory forest named contoso.local.

  You purchase a Microsoft 365 subscription.

  You plan to move to Microsoft 365 and to implement a hybrid deployment solution for the next 12 months.

  You need to prepare for the planned move to Microsoft 365.

  What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer.

  A. Purchase a third-party X.509 certificate.

  B. Create an external forest trust.

  C. Rename the Active Directory forest.

  D. Purchase a custom domain name.

  Correct Answer: D

  The first thing you need to do before you implement directory synchronization is to purchase a custom domain name. This could be the domain name that you use in your on- premise Active Directory if it's a routable domain name, for

  example, contoso.com. If you use a non-routable domain name in your Active Directory, for example contoso.local, you'll need to add the routable domain name as a UPN suffix in Active Directory.

  Incorrect:

  Not C: No need to rename the Active Directory forest. As we use a non-routable domain name contoso.local, we just need to add the routable domain name as a UPN suffix in Active Directory.

  Reference:

  https://docs.microsoft.com/en-us/office365/enterprise/set-up-directory-synchronization

• Question 43:

  You have a Microsoft 365 E5 subscription.

  You create an account tor a new security administrator named SecAdmin1.

  You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint and OneDrive.

  Solution: From the Azure Active Directory admin center, you assign SecAdmin1 the Teams Administrator role.

  Does this meet the goal?

  A. Yes

  B. no

  Correct Answer: B

• Question 44:

  You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated with Microsoft Endpoint Manager.

  Devices are onboarded by using Microsoft Defender for Endpoint.

  You plan to block devices based on the results of the machine risk score calculated by Microsoft Defender for Endpoint.

  What should you create first?

  A. a device configuration policy

  B. a device compliance policy

  C. a conditional access policy

  D. an endpoint detection and response policy

  Correct Answer: B

  Reference: https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure

• Question 45:

  Your network contains three Active Directory forests. There are forests trust relationships between the forests.

  You create an Azure AD tenant.

  You plan to sync the on-premises Active Directory to Azure AD.

  You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails.

  What should you include in the recommendation?

  A. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode

  B. three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode

  C. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode

  D. three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode

  Correct Answer: A

  Azure AD Connect can be active on only one server. You can install Azure AD Connect on another server for redundancy but the additional installation would need to be in Staging mode. An Azure AD connect installation in Staging mode is

  configured and ready to go but it needs to be manually switched to Active to perform directory synchronization.

  Reference:

  https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install- custom

• Question 46:

  You have a Microsoft 365 E5 subscription.

  You create an account for a new security administrator named SecAdmin1.

  You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.

  Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the Exchange admin role.

  Does this meet the goal?

  A. Yes

  B. No

  Correct Answer: B

  You need to assign the Security Administrator role.

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365- atp?view=o365-worldwide

• Question 47:

  You have a Microsoft 365 tenant.

  You plan to implement device configuration profiles in Microsoft Intune.

  Which platform can you manage by using the profiles?

  A. Ubuntu Linux

  B. macOS

  C. Android Enterprise

  D. Windows 8.1

  Correct Answer: D

• Question 48:

  You have an Azure AD tenant and a Microsoft 365 E5 subscription. The tenant contains the users shown in the following table.

  

  You plan to implement Microsoft Defender for Endpoint.

  You verify that role-based access control (RBAC) is turned on in Microsoft Defender for Endpoint.

  You need to identify which user can view security incidents from the Microsoft 365 Defender portal.

  Which user should you identify?

  A. User1

  B. User2

  C. User3

  D. User4

  Correct Answer: A

• Question 49:

  You have a Microsoft 365 subscription.

  You register two applications named App1 and App2 to Azure AD.

  You need to ensure that users who connect to App1 require multi-factor authentication (MFA). MFA is required only for App1. What should you do?

  A. From the Microsoft Entra admin center, create a conditional access policy

  B. From the Microsoft 365 admin center, configure the Modem authentication settings.

  C. From the Enterprise applications blade of the Microsoft Entra admin center, configure the Users settings.

  D. From Multi-Factor Authentication, configure the service settings.

  Correct Answer: A

  Use Conditional Access policies If your organization has more granular sign-in security needs, Conditional Access policies can offer you more control. Conditional Access lets you create and define policies that react to sign in events and request additional actions before a user is granted access to an application or service.

  Reference:

  https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up- multi-factor-authentication

• Question 50:

  You have a Microsoft 365 E5 tenant.

  You plan to create a custom Compliance Manager assessment template based on the ISO 27001:2013 template.

  You need to export the existing template.

  Which file format should you use for the exported template?

  A. CSV

  B. XLSX

  C. JSON

  D. XML

  Correct Answer: B

  Reference:

  https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager- templates?view=o365-worldwide#export-a-template