MS-102 Microsoft 365 Administrator Exam Question and Answers

On which server should you install the Azure ATP sensor?

You need to recommend a solution for the security administrator. The solution must meet the technical requirements.

What should you include in the recommendation?

You need to create the Microsoft Store for Business. Which user can create the store?

You need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices.

What is the minimum of dedicated support technicians required?

You need to meet the compliance requirements for the Windows 10 devices.

What should you create from the Intune admin center?

You are evaluating the use of multi-factor authentication (MFA).

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You need to configure Microsoft Entra Connect Sync to support the planned changes for the Montreal Users and Seattle Users OUs.

What should you do?

You need to ensure that the Microsoft 365 incidents and advisories are reviewed monthly.

Which users can review the incidents and advisories, and which blade should the users use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to create the Safe Attachments policy to meet the technical requirements.

Which option should you select?

On which server should you use the Defender for identity sensor?

You need to meet the Intune requirements for the Windows 10 devices.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure the information governance settings to meet the technical requirements.

Which type of policy should you configure, and how many policies should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Microsoft Entra ID (Microsoft Entra ID).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure a pilot for co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: You create a device configuration profile from the Device Management admin center.

Does this meet the goal?

You need to meet the technical requirements and planned changes for Intune.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to ensure that Admin4 can use SSPR.

Which tool should you use. and which action should you perform? To answer, select the appropriate options m the answer area.

NOTE: Each correct selection is worth one point.

You need to configure the Office 365 service status notifications and limit access to the service and feature updates. The solution must meet the technical requirements.

What should you configure in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure Office on the web to meet the technical requirements.

What should you do?

You create the planned DLP policies.

You need to configure notifications to meet the technical requirements.

What should you do?

You need to create the DLP policy to meet the technical requirements.

What should you configure first?

You need to configure just in time access to meet the technical requirements.

What should you use?

You need to configure the compliance settings to meet the technical requirements.

What should you do in the Microsoft Endpoint Manager admin center?

You need to ensure that User2 can review the audit logs. The solutions must meet the technical requirements.

To which role group should you add User2, and what should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure automatic enrollment in Intune. The solution must meet the technical requirements.

What should you configure, and to which group should you assign the configurations? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You plan to implement the endpoint protection device configuration profiles to support the planned changes.

You need to identify which devices will be supported, and how many profiles you should implement.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

: 226 HOTSPOT

You have a Microsoft 365 subscription that contains a Microsoft SharePoint Online site named Site1. Site1 has he files in the following table.

The Site1 users are assigned the roles shown in the following table.

You create a data less prevention (DLP) policy names Policy1 as shown in the following exhibit.

How many files will be visible to user1 and User2 after Policy ' is applied to answer, selected select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription. You have a user named User1.

You need to ensure that Used can place a hold on all mailbox content.

What permission should you assign to User1?

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.

Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the Exchange Administrator role.

Does this meet the goal?

You have a Microsoft 365 E5 tenant.

The Microsoft Secure Score for the tenant is shown in the following exhibit.

You plan to enable Security defaults for Microsoft Entra ID (Microsoft Entra ID).

Which three improvement actions will this affect?

You need to configure a conditional access policy to meet the compliance requirements.

You add Exchange Online as a cloud app.

Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You need to configure Microsoft Entra Connect Sync to support the planned changes for the Montreal Users and Seattle Users OUs.

What should you do?

You have a Microsoft 365 E5 subscription that uses Microsoft Intune.

You need to access service health alerts from a mobile phone.

What should you use?

Your on-premises network contains an Active Directory domain and a Microsoft Endpoint Configuration Manager site.

You have a Microsoft 365 E5 subscription that uses Microsoft Intune.

You use Microsoft Entra Connect Sync to sync user objects and group objects to Azure Directory (Microsoft Entra ID) Password hash synchronization is disabled.

You plan to implement co-management.

You need to configure Microsoft Entra Connect Sync and the domain to support co-management.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription.

You are creating a data loss prevention (DLP) policy applied to the locations as shown in the following exhibit.

Which condition can you use in the DIP rules of the policy?

You have a Microsoft Entra tenant named contoso.com that contains the users shown in the following table.

Per-user multifactor authentication is configured to use 131.107.5.0/24 as trusted IPs.

The tenant contains the named locations shown in the following table.

You create a conditional access policy that has the following configurations:

• Users: All users

• Target resources assignment: App1

• Conditions: Include all trusted locations

• Grant access: Require multi-factor authentication

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Your network contains an on-premises Active Directory domain that is synced to Microsoft Entra ID as shown in the following exhibit.

An on-premises Active Directory user account named Allan You is synchronized to Microsoft Entra ID. You view Allan ' s account from Microsoft 365 and notice that his username is set to Allan @ > ddatum.onmicrosoft.com.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription.

You create a Conditional Access policy that blocks access to an app named App1 when users trigger a high-risk sign-in event.

You need to reduce false positives for impossible travel when the users sign in from the corporate network.

What should you configure?

: 221

You have a Microsoft 365 E5 subscription.

Users have the devices shown in the following table.

On which devices can you manage apps by using app configuration policies in Microsoft Endpoint Manager?

Your network contains an Active Directory forest named contoso.local.

You purchase a Microsoft 365 subscription.

You plan to move to Microsoft 365 and to implement a hybrid deployment solution for the next 12 months.

You need to prepare for the planned move to Microsoft 365.

What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer.

You have a Microsoft 365 E5 subscription.

Users access Microsoft 365 from both their laptop and a corporate Virtual Desktop Infrastructure (VDI) solution.

From Microsoft Entra ID Protection, you enable a sign-in risk policy.

Users report that when they use the VDI solution, they are regularly blocked when they attempt to access Microsoft 365.

What should you configure?

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You ate implementing Microsoft Defender for Endpoint

You need to enable role-based access control (RBAQ to restrict access to the Microsoft Defender XDR portal.

Which users can enable RBAC, and winch users will no longer have access to the Microsoft Defender XDR portal after RBAC is enabled? To answer, select the appropriate options in the answer area.

NOTE Each correct selection is worth one point.

You have an Microsoft Entra ID (Microsoft Entra ID) tenant named contoso.com that contains the users shown in the following table.

You integrate Microsoft Intune and contoso.com as shown in the following exhibit.

You purchase a Windows 10 device named Device1.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named site1. You need to ensure that site1 meets the following requirements:

• Retains all data for 10 years

• Prevents the sharing of data outside the organization

Which two items should you create and apply to site1? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

You have a Microsoft 365 tenant that contains 1,000 Windows 10 devices. The devices are enrolled in Microsoft Intune.

Company policy requires that the devices have the following configurations:

Require complex passwords.

Require the encryption of removable data storage devices.

Have Microsoft Defender Antivirus real-time protection enabled.

You need to configure the devices to meet the requirements.

What should you use?

Your network contains three Active Directory forests. There are forests trust relationships between the forests.

You create a Microsoft Entra tenant

You plan to sync the on-premises Active Directory to the Microsoft Entra tenant.

You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete and as quickly as possible if a single server fails.

What should you include in the recommendation?

You have a Microsoft 365 tenant that has Enable Security defaults set to No in Microsoft Entra ID (Microsoft Entra ID).

The tenant has two Compliance Manager assessments as shown in the following table.

The SP800 assessment has the improvement actions shown in the following table.

You perform the following actions:

For the Data Protection Baseline assessment, change the Test status of Establish a threat intelligence program to Implemented.

Enable multi-factor authentication (MFA) for all users.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1.

You need to automatically label the documents on Site1 that contain credit card numbers.

Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.

After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.

You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.

You need to implement a threat policy that will apply a balanced baseline protection profile to protect against spam, phishing, and malware.

Solution: You create a Strict preset security policy.

Does this meet the goal?

You have a Microsoft 365 E5 subscription.

You plan to create the data loss prevention (DLP) policies shown in the following table.

You need to create DLP rules for each policy.

Which policies support the sender is condition and the file extension is condition? To answer select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT

Your network contains an Active Directory domain named fabrikam.com. The domain contains the objects shown in the following table.

The groups have the members shown in the following table.

You are configuring synchronization between fabrikam.com and an Microsoft Entra tenant.

You configure the Domain/OU Filtering settings in Microsoft Entra Connect Sync as shown in the Domain/OU Filtering exhibit (Click the Domain/OU Filtering tab.)

You configure the Filtering settings in Microsoft Entra Connect Sync as shown in the Filtering exhibit. (Click the Filtering tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

You are evaluating the required processes for Project1.

You need to recommend which DNS record must be created while adding a domain name for the project.

Which DNS record should you recommend?

Your company has three main offices and one branch office. The branch office is used for research.

The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication.

You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office.

What should you include in the recommendation?

HOTSPOT

You create the Microsoft 365 tenant.

You implement Microsoft Entra Connect Sync as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2.

Which authentication strategy should you implement for the pilot projects?

Which role should you assign to User1?

Available Choices (select all choices that are correct)