Practice Free MS-102 Exam Online Questions
You have a Microsoft 365 E5 tenant.
You need to ensure that when a document containing a credit card number is added to the tenant, the document is encrypted.
Which policy should you use?
- A . a retention policy
- B . a retention label policy
- C . an auto-labeling policy
- D . an insider risk policy
C
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide
HOTSPOT
You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.
The subscription contains the users shown in the following table.
In Azure AD, you configure the External collaboration settings as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

HOTSPOT
You have a Microsoft 365 E5 subscription.
You plan to create a Conditional Access policy named Policy.
You need to ensure that only Passwordless MFA authentication methods are used when administrators attempt to access the Azure portal. Azure PowerShell. or Azure Command-Line Interlace (CU).
How should you configure Policy1? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

You have Windows 10 devices that are managed by using Microsoft Endpoint Manager.
You need to configure the security settings in Microsoft Edge.
What should you create in Microsoft Endpoint Manager?
- A . an app configuration policy
- B . an app
- C . a device configuration profile
- D . a device compliance policy
C
Explanation:
Reference: https://docs.microsoft.com/en-us/deployedge/configure-edge-with-intune
You have a Microsoft 365 IS subscription and use Microsoft Defender for Cloud Apps. You register a cloud app named App1 in Microsoft Entra 10. You need to create an access policy for Appl.
What should you do first?
- A . Configure an app connector to Defender for Cloud Apps.
- B . Add a security Information and event management (SlEM) agent to Defender for Cloud Apps.
- C . Create an app tag for App 1.
- D . Deploy Conditional Access AppControl toApp 1.
Your company has a Microsoft 365 E5 tenant that contains a user named User1.
You review the company’s compliance score.
You need to assign the following improvement action to User1: Enable self-service password reset.
What should you do first?
- A . From Compliance Manager, turn off automated testing.
- B . From the Azure Active Directory admin center, enable self-service password reset (SSPR).
- C . From the Microsoft 365 admin center, modify the self-service password reset (SSPR) settings.
- D . From the Azure Active Directory admin center, add User1 to the Compliance administrator role.
D
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-improvement-actions?view=o365-worldwide
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection (ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the SharePoint admin role.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
You need to assign the Security Administrator role.
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/office-365-atp?view=o365-worldwide
HOTSPOT
You have a Microsoft 365 ES subscription that has three auto retention policies as show in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE Each correct selection is worth one point.

You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.
You create a Microsoft Defender for identity instance Contoso.
The tenant contains the users shown in the following table.
You need to modify the configuration of the Defender for identify sensors.
Solutions: You instruct User4 to modify the Defender for identity sensor configuration.
Does this meet the goal?
- A . Yes
- B . No
You have a Microsoft 365 E5 subscription.
You define a retention label that has the following settings:
• Retention period 7 years
• Start the retention period bated on: When items were created
You need to prevent the removal of the label once the label K applied to a lie.
What should you select in the retention label settings?
- A . Retain items even If users delete
- B . Mark items as a record
- C . Mark items as a regulatory record
- D . Retain items forever