ExamGecko
Login
Home / Microsoft / MS-102 / List of questions
Ask Question

Microsoft MS-102 Practice Test - Questions Answers, Page 25

List of questions

Question 241

Report
Export
Collapse

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.

You perform a proof of concept (PoC) deployment of Microsoft Defender for Endpoint for 10 test devices. During the onboarding process, you configure Microsoft Defender for Endpoint-related data to be stored in the United States.

You plan to onboard all the devices to Microsoft Defender for Endpoint.

You need to store the Microsoft Defender for Endpoint data in Europe.

What should you do first?

Delete the workspace.

Delete the workspace.

Create a workspace.

Create a workspace.

Onboard a new device.

Onboard a new device.

Offboard the test devices.

Offboard the test devices.
Suggested answer: B

Explanation:

Storage locations

Understand where Defender for Cloud stores data and how you can work with your data:

* Machine information

- Stored in a Log Analytics workspace.

- You can use either the default Defender for Cloud workspace or a custom workspace. Data is stored in accordance with the workspace location.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-data-workspace

asked 05/10/2024
Alois Braid
39 questions

Question 242

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that contains a user named User1.

User1 exceeds the default daily limit of allowed email messages and is on the Restricted entities list.

You need to remove User1 from the Restricted entities list.

What should you use?

the Exchange admin center

the Exchange admin center

the Microsoft Purview compliance portal

the Microsoft Purview compliance portal

the Microsoft 365 admin center

the Microsoft 365 admin center

the Microsoft 365 Defender portal

the Microsoft 365 Defender portal

the Microsoft Entra admin center

the Microsoft Entra admin center
Suggested answer: D

Explanation:

Admins can remove user accounts from the Restricted entities page in the Microsoft 365 Defender portal or in Exchange Online PowerShell.

Remove a user from the Restricted entities page in the Microsoft 365 Defender portal

In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & collaboration > Review > Restricted entities. Or, to go directly to the Restricted entities page, use https://security.microsoft.com/restrictedentities.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam

asked 05/10/2024
D Chauhan
38 questions

Question 243

Report
Export
Collapse

Your company has a Microsoft 365 E5 subscription.

Users in the research department work with sensitive data.

You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted.

What should you do?

Create a data loss prevention (DLP) policy that has a Content is shared condition.

Create a data loss prevention (DLP) policy that has a Content is shared condition.

Modify the safe links policy Global settings.

Modify the safe links policy Global settings.

Create a data loss prevention (DLP) policy that has a Content contains condition.

Create a data loss prevention (DLP) policy that has a Content contains condition.

Create a new safe links policy.

Create a new safe links policy.
Suggested answer: D

Explanation:

Use the Microsoft 365 Defender portal to create Safe Links policies

In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & Collaboration > Policies & Rules > Threat policies > Safe Links in the Policies section. Or, to go directly to the Safe Links page, use https://security.microsoft.com/safelinksv2.

1. On the Safe Links page, select Create to start the new Safe Links policy wizard.

2. On the Name your policy page, configure the following settings:

Name: Enter a unique, descriptive name for the policy.

Description: Enter an optional description for the policy.

3. When you're finished on the Name your policy page, select Next.

4. On the Users and domains page, identify the internal recipients that the policy applies to (recipient conditions):

Users: The specified mailboxes, mail users, or mail contacts.

*-> Groups:

Members of the specified distribution groups (including non-mail-enabled security groups within distribution groups) or mail-enabled security groups (dynamic distribution groups aren't supported).

The specified Microsoft 365 Groups.

Domains: All recipients in the specified accepted domains in your organization.

Etc.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-policies-configure

asked 05/10/2024
Inkisar Malik
36 questions

Question 244

Report
Export
Collapse

You have a Microsoft 365 E5 subscription.

You need to compare the current Safe Links configuration to the Microsoft recommended configurations.

What should you use?

Microsoft Purview

Microsoft Purview

Azure AD Identity Protection

Azure AD Identity Protection

Microsoft Secure Score

Microsoft Secure Score

the configuration analyzer

the configuration analyzer
Suggested answer: C
asked 05/10/2024
Bamidele Ariwodola
38 questions

Question 245

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.

Microsoft MS-102 image Question 206 104142 10052024010458000000

You need to enable user access to the partner company's portal.

Which Microsoft Defender for Endpoint setting should you modify?

Alert notifications

Alert notifications

Alert suppression

Alert suppression

Custom detections

Custom detections

Advanced hunting

Advanced hunting

Indicators

Indicators
Suggested answer: E

Explanation:

Microsoft MS-102 image Question 206 explanation 104142 10052024010458000000

This Website Is Blocked By Your Organization

Custom indicators will block malicious IPs, URLs, and domains. Then, they will display the above message for the user.

https://jadexstrategic.com/web-protection/

asked 05/10/2024
Arnab Gupta
39 questions

Question 246

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 E3 subscription.

You plan to launch Attack simulation training for all users.

Which social engineering technique and training experience will be available? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Microsoft MS-102 image Question 246 104143 10052024010458000
Correct answer: Microsoft MS-102 image answer Question 246 104143 10052024010458000

Explanation:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started

asked 05/10/2024
Kyle Norton
37 questions

Question 247

Report
Export
Collapse

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

You need to ensure that users are prevented from opening or downloading malicious files from Microsoft Teams, OneDrive, or SharePoint Online.

What should you do?

Create a newAnti-malware policy

Create a newAnti-malware policy

Configure the Safe Links global settings.

Configure the Safe Links global settings.

Create a new Anti-phishing policy

Create a new Anti-phishing policy

Configure the Safe Attachments global settings.

Configure the Safe Attachments global settings.
Suggested answer: D

Explanation:

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams

In organizations with Microsoft Defender for Office 365, Safe Attachments for SharePoint, OneDrive, and Microsoft Teams provides an additional layer of protection against malware. After files are asynchronously scanned by the common virus detection engine in Microsoft 365, Safe Attachments opens files in a virtual environment to see what happens (a process known as detonation). Safe Attachments for SharePoint, OneDrive, and Microsoft Teams also helps detect and block existing files that are identified as malicious in team sites and document libraries.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about

asked 05/10/2024
jateen chibabhai
41 questions

Question 248

Report
Export
Collapse

HOTSPOT

Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint includes the device groups shown in the following table.

Microsoft MS-102 image Question 209 104145 10052024010458000000

You onboard a computer named computer1 to Microsoft Defender for Endpoint as shown in the following exhibit.

Microsoft MS-102 image Question 209 104145 10052024010458000000

Use the drop-down menus to select the answer choice that completes each statement.

NOTE: Each correct selection is worth one point.


Microsoft MS-102 image Question 248 104145 10052024010458000
Correct answer: Microsoft MS-102 image answer Question 248 104145 10052024010458000
asked 05/10/2024
Roberto Recine
50 questions

Question 249

Report
Export
Collapse

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.

Your company purchases Microsoft 365 and creates an Azure AD tenant named contoso.onmicrosoft.com.

You plan to install Azure AD Connect on a member server and implement pass-through authentication.

You need to prepare the environment for the planned implementation of pass-through authentication.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

From a domain controller install an Authentication Agent

From a domain controller install an Authentication Agent

From the Microsoft Entra admin center, confiqure an authentication method.

From the Microsoft Entra admin center, confiqure an authentication method.

From Active Director,' Domains and Trusts add a UPN suffix

From Active Director,' Domains and Trusts add a UPN suffix

Modify the email address attribute for each user account.

Modify the email address attribute for each user account.

From the Microsoft Entra admin center, add a custom domain name.

From the Microsoft Entra admin center, add a custom domain name.

Modify the User logon name for each user account.

Modify the User logon name for each user account.
Suggested answer: A, B, E

Explanation:

Deploy Azure AD Pass-through Authentication

Step 1: Check the prerequisites

Ensure that the following prerequisites are in place.

In the Entra admin center

1. Create a cloud-only Hybrid Identity Administrator account or a Hybrid Identity administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable.

(E) 2. Add one or more custom domain names to your Azure AD tenant. Your users can sign in with one of these domain names.

(A) In your on-premises environment

1. Identify a server running Windows Server 2016 or later to run Azure AD Connect. If not enabled already, enable TLS 1.2 on the server. Add the server to the same Active Directory forest as the users whose passwords you need to validate. It should be noted that installation of Pass-Through Authentication agent on Windows Server Core versions is not supported.

2. Install the latest version of Azure AD Connect on the server identified in the preceding step. If you already have Azure AD Connect running, ensure that the version is supported.

3. Identify one or more additional servers (running Windows Server 2016 or later, with TLS 1.2 enabled) where you can run standalone Authentication Agents. These additional servers are needed to ensure the high availability of requests to sign in. Add the servers to the same Active Directory forest as the users whose passwords you need to validate.

4. Etc.

(B) Step 2: Enable the feature

Enable Pass-through Authentication through Azure AD Connect.

If you're installing Azure AD Connect for the first time, choose the custom installation path. At the User sign-in page, choose Pass-through Authentication as the Sign On method. On successful completion, a Pass-through Authentication Agent is installed on the same server as Azure AD Connect. In addition, the Pass-through Authentication feature is enabled on your tenant.

Incorrect:

Not C: From Active Directory Domains and Trusts, add a UPN suffix

Not D. Modify the email address attribute for each user account.

Not F. Modify the User logon name for each user account.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta-quick-start

asked 05/10/2024
ADAMA DAO
39 questions

Question 250

Report
Export
Collapse

HOTSPOT

You have a new Microsoft 365 E5 tenant.

Enable Security defaults is set to Yes.

A user signs in to the tenant for the first time.

Which multi-factor authentication (MFA) method can the user use, and how many days does the user have to register for MFA? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Microsoft MS-102 image Question 250 104147 10052024010458000
Correct answer: Microsoft MS-102 image answer Question 250 104147 10052024010458000

Explanation:

https://learn.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in

https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy

asked 05/10/2024
Renats Fasulins
41 questions
Total 467 questions
Go to page: of 47
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

You have a Microsoft 365 E5 subscription that contains the labels shown in the following table. You have the items shown in the following table. Which items can you view in Content explorer?
HOTSPOT You have a Microsoft 365 E5 subscription. You have an Azure AD tenant named contoso.com that contains the following users: * Admin1 * Admin2 * User1 Contoso.com contains an administrative unit named AIM that has no role assignments. User1 is a member of AU1. You create an administrative unit named AU2 that does NOT have any members or role assignments. For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT Your company has a Microsoft 365 subscription that contains the users shown in the following table. External collaboration settings have default configuration. You need to identify which users can perform the following administrative tasks: * Modify the password protection policy. * Create guest user accounts. Which users should you identify for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 E5 subscription that contains 200 Android devices enrolled in Microsoft Intune. You create an Android app protection policy named Policy! that is targeted to all Microsoft apps and assigned to all users. Policy! has the Data protection settings shown in the following exhibit. Use the drop-down menus to select 'he answer choice that completes each statement based on the information presented in the graphic.
You have an Azure AD tenant. You have 1,000 computers that run Windows 10 Pro and are joined to Azure AD. You purchase a Microsoft 365 E3 subscription. You need to deploy Windows 10 Enterprise to the computers. The solution must minimize administrative effort. What should you do?
You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2. Which authentication strategy should you implement for the pilot projects?
You are evaluating the required processes for Project1. You need to recommend which DNS record must be created while adding a domain name for the project. Which DNS record should you recommend?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 E5 subscription. You create an account for a new security administrator named SecAdmin1. You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive. Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the Exchange Administrator role. Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365. You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements: * Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. * User passwords must be 10 characters or more. Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant. Does this meet the goal?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD). You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure a pilot for co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1. You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the collection. Does this meet the goal?