Practice Free MS-102 Exam Online Questions
You have a Microsoft 365 subscription that contains the domains shown in the following exhibit.
Which domain name suffixes can you use when you create users?
- A . only Sub1.contoso221018.onmicrosoft.com
- B . onlycontoso.com and Sub2.contoso221018.onmicrosoft.com
- C . onlvcontoso221018.onmicrosoft.com, Sub.contoso221018.onmicrosoft.com, and Sub2.contoso221018.onmicrosoft.com
- D . all the domains in the subscription
You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com.
The tenant contains the users shown in the following table.
You create and assign a data loss prevention (DLP) policy named Policy1. Policy1 is configured to prevent documents that contain Personally Identifiable Information (Pll) from being emailed to users outside your organization.
To which users can User! send documents that contain Pll?
- A . User2only
- B . User2and User3only
- C . User2, User3, and User4 only
- D . User2, User3, User4, and User5
You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com.
The tenant contains the users shown in the following table.
You create and assign a data loss prevention (DLP) policy named Policy1. Policy1 is configured to prevent documents that contain Personally Identifiable Information (Pll) from being emailed to users outside your organization.
To which users can User! send documents that contain Pll?
- A . User2only
- B . User2and User3only
- C . User2, User3, and User4 only
- D . User2, User3, User4, and User5
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy an Azure AD tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD.
All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: You run idfix.exe and export the 10 user accounts.
Does this meet the goal?
- A . Yes
- B . No
B
Explanation:
The question states that “all the user account synchronizations completed successfully”. If there were problems with the 10 accounts that needed fixing with idfix.exe, there would have been synchronization errors in Azure AD Connect Health.
It is likely that the 10 user accounts are being excluded from the synchronization cycle by a filtering rule.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering
HOTSPOT
You have a Microsoft 365 subscription.
From Microsoft Entra Privileged Identity Management (PIM), you configure Role settings for the Global Administrator role as shown in the following exhibit.
You make a user named [email protected] eligible for the Global Administrator role.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the
Explanation:
To use the Global Administrator role, [email protected] must provide: Azure Multi-Factor Authentication (MFA)
The role settings indicate that "Require Azure Multi-Factor Authentication" is set to "Yes" for active assignments. Therefore, [email protected] must provide Azure MFA to use the Global Administrator role.
To make a new user eligible for the Global Administrator role, a PIM administrator must configure:
an assignment that expires after 15 day(s)
The settings show that eligible assignments expire after 15 days. Therefore, to make a new user eligible, a PIM administrator must configure an assignment with this expiration period.
You have a Microsoft 365 tenant that contains a Windows 10 device. The device is onboarded to Microsoft Defender for Endpoint.
From Microsoft Defender Security Center, you perform a security investigation.
You need to run a PowerShell script on the device to collect forensic information.
Which action should you select on the device page?
- A . Initiate Live Response Session
- B . Initiate Automated Investigation
- C . Collect investigation package
- D . Go hunt
A
Explanation:
Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/live-response?view=o365-worldwide
HOTSPOT
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365.
The subscription has the default inbound anti-spam policy and a custom Safe Attachments policy.
You need to identify the following information:
• The number of email messages quarantined by zero-hour auto purge (ZAP)
• The number of times users clicked a malicious link in an email message
Which Email & collaboration report should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT
Your company has a Microsoft 365 subscription that uses an Azure AD tenant named contoso.com.
The tenant contains the users shown in the following table.
You create a retention label named Label 1 that has the following configurations:
• Retains content for five years
• Automatically deletes all content that is older than five years
You turn on Auto labeling for Label1 by using a policy named Policy1.
Policy1 has the following configurations:
• Applies to content that contains the word Merger
• Specifies the OneDrive accounts and SharePoint sites locations You run the following command.
Set-RetentionConpliancePolicy Policy1 -RestrictiveRetention Strue -Force
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT
You have a Microsoft 365 E5 subscription.
From Azure AD Identity Protection on August 1, you configure a Multifactor authentication registration policy that has the following settings:
Assignments: All users
Controls: Require Azure AD multifactor authentication registration
Enforce Policy: On
On August 3, you create two users named User1 and User2.
Users authenticate by using Azure Multi-Factor Authentication (MFA) for the first time on the dates shown in the following table.
By which dates will User1 and User2 be forced to complete their Azure MFA registration? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: August 19
Note: Security defaults will trigger a 14 day grace period for registration after a user’s first login and security defaults being enabled. After 14 days users will be required to register for MFA and will not be able to skip.
Conditional Access by itself without Azure Identity Protection does not allow for the 14 day grace period. Identity Protection includes the registration policy that allows registration on its own with no apps assigned to the policy. If a Conditional Access policy requires Multi-Factor Authentication, then the user must be able to pass that MFA request.
Box 2: August 21
Reference: https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection
Your network contains an Active Directory forest named Contoso. Local.
You have a Microsoft 365 subscription.
You plan to implement a directory synchronization solution that will use password hash
synchronization.
From the Microsoft 365 admin center, you successfully verify the contoso.com domain name.
You need to prepare the environment for the planned directory synchronization solution.
What should you do first?
- A . From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.
- B . From the Microsoft 365 admin center verify the Contoso. Local domain name.
- C . From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.
- D . From Active Directory Users and Computers, modify the UPN suffix for all users.