ExamGecko
Search Search Login
Home Home / Microsoft / MS-102

Microsoft MS-102 Practice Test - Questions Answers, Page 25

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

HOTSPOT Your company has a Microsoft 365 subscription that contains the users shown in the following table. External collaboration settings have default configuration. You need to identify which users can perform the following administrative tasks: * Modify the password protection policy. * Create guest user accounts. Which users should you identify for each task? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains the labels shown in the following table. You have the items shown in the following table. Which items can you view in Content explorer?
HOTSPOT You have a Microsoft 365 E5 subscription that contains 200 Android devices enrolled in Microsoft Intune. You create an Android app protection policy named Policy! that is targeted to all Microsoft apps and assigned to all users. Policy! has the Data protection settings shown in the following exhibit. Use the drop-down menus to select 'he answer choice that completes each statement based on the information presented in the graphic.
You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2. Which authentication strategy should you implement for the pilot projects?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD). You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch). You configure a pilot for co-management. You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1. You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager. Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the collection. Does this meet the goal?
You have a Microsoft 365 subscription that contains the users shown in the following table. You plan to use Exchange Online to manage email for a DNS domain. An administrator adds the DNS domain to the subscription. The DNS domain has a status of Incomplete setup. You need to identify which user can complete the setup of the DNS domain. The solution must use the principle of least privilege. Which user should you identify?
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365. You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements: * Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. * User passwords must be 10 characters or more. Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant. Does this meet the goal?
HOTSPOT You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365. You need to identify the settings that are below the Standard protection profile settings in the preset security policies. What should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT You have a Microsoft 365 E5 subscription that contains the devices shown in the following table. All the devices are onboarded To Microsoft Defender for Endpoint You plan to use Microsoft Defender Vulnerability Management to meet the following requirements: * Detect operating system vulnerabilities.
You have an Azure AD tenant. You have 1,000 computers that run Windows 10 Pro and are joined to Azure AD. You purchase a Microsoft 365 E3 subscription. You need to deploy Windows 10 Enterprise to the computers. The solution must minimize administrative effort. What should you do?

Question 241

Report
Export
Collapse

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.

You perform a proof of concept (PoC) deployment of Microsoft Defender for Endpoint for 10 test devices. During the onboarding process, you configure Microsoft Defender for Endpoint-related data to be stored in the United States.

You plan to onboard all the devices to Microsoft Defender for Endpoint.

You need to store the Microsoft Defender for Endpoint data in Europe.

What should you do first?

A.

Delete the workspace.

A.

Delete the workspace.

Answers
B.

Create a workspace.

B.

Create a workspace.

Answers
C.

Onboard a new device.

C.

Onboard a new device.

Answers
D.

Offboard the test devices.

D.

Offboard the test devices.

Answers
Suggested answer: B

Explanation:

Storage locations

Understand where Defender for Cloud stores data and how you can work with your data:

* Machine information

- Stored in a Log Analytics workspace.

- You can use either the default Defender for Cloud workspace or a custom workspace. Data is stored in accordance with the workspace location.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-data-workspace

Question 242

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that contains a user named User1.

User1 exceeds the default daily limit of allowed email messages and is on the Restricted entities list.

You need to remove User1 from the Restricted entities list.

What should you use?

A.

the Exchange admin center

A.

the Exchange admin center

Answers
B.

the Microsoft Purview compliance portal

B.

the Microsoft Purview compliance portal

Answers
C.

the Microsoft 365 admin center

C.

the Microsoft 365 admin center

Answers
D.

the Microsoft 365 Defender portal

D.

the Microsoft 365 Defender portal

Answers
E.

the Microsoft Entra admin center

E.

the Microsoft Entra admin center

Answers
Suggested answer: D

Explanation:

Admins can remove user accounts from the Restricted entities page in the Microsoft 365 Defender portal or in Exchange Online PowerShell.

Remove a user from the Restricted entities page in the Microsoft 365 Defender portal

In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & collaboration > Review > Restricted entities. Or, to go directly to the Restricted entities page, use https://security.microsoft.com/restrictedentities.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/removing-user-from-restricted-users-portal-after-spam

Question 243

Report
Export
Collapse

Your company has a Microsoft 365 E5 subscription.

Users in the research department work with sensitive data.

You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted.

What should you do?

A.

Create a data loss prevention (DLP) policy that has a Content is shared condition.

A.

Create a data loss prevention (DLP) policy that has a Content is shared condition.

Answers
B.

Modify the safe links policy Global settings.

B.

Modify the safe links policy Global settings.

Answers
C.

Create a data loss prevention (DLP) policy that has a Content contains condition.

C.

Create a data loss prevention (DLP) policy that has a Content contains condition.

Answers
D.

Create a new safe links policy.

D.

Create a new safe links policy.

Answers
Suggested answer: D

Explanation:

Use the Microsoft 365 Defender portal to create Safe Links policies

In the Microsoft 365 Defender portal at https://security.microsoft.com, go to Email & Collaboration > Policies & Rules > Threat policies > Safe Links in the Policies section. Or, to go directly to the Safe Links page, use https://security.microsoft.com/safelinksv2.

1. On the Safe Links page, select Create to start the new Safe Links policy wizard.

2. On the Name your policy page, configure the following settings:

Name: Enter a unique, descriptive name for the policy.

Description: Enter an optional description for the policy.

3. When you're finished on the Name your policy page, select Next.

4. On the Users and domains page, identify the internal recipients that the policy applies to (recipient conditions):

Users: The specified mailboxes, mail users, or mail contacts.

*-> Groups:

Members of the specified distribution groups (including non-mail-enabled security groups within distribution groups) or mail-enabled security groups (dynamic distribution groups aren't supported).

The specified Microsoft 365 Groups.

Domains: All recipients in the specified accepted domains in your organization.

Etc.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-policies-configure

Question 244

Report
Export
Collapse

You have a Microsoft 365 E5 subscription.

You need to compare the current Safe Links configuration to the Microsoft recommended configurations.

What should you use?

A.

Microsoft Purview

A.

Microsoft Purview

Answers
B.

Azure AD Identity Protection

B.

Azure AD Identity Protection

Answers
C.

Microsoft Secure Score

C.

Microsoft Secure Score

Answers
D.

the configuration analyzer

D.

the configuration analyzer

Answers
Suggested answer: C

Question 245

Report
Export
Collapse

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.

You need to enable user access to the partner company's portal.

Which Microsoft Defender for Endpoint setting should you modify?

A.

Alert notifications

A.

Alert notifications

Answers
B.

Alert suppression

B.

Alert suppression

Answers
C.

Custom detections

C.

Custom detections

Answers
D.

Advanced hunting

D.

Advanced hunting

Answers
E.

Indicators

E.

Indicators

Answers
Suggested answer: E

Explanation:

This Website Is Blocked By Your Organization

Custom indicators will block malicious IPs, URLs, and domains. Then, they will display the above message for the user.

https://jadexstrategic.com/web-protection/

Question 246

Report
Export
Collapse

HOTSPOT

You have a Microsoft 365 E3 subscription.

You plan to launch Attack simulation training for all users.

Which social engineering technique and training experience will be available? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 246
Correct answer: Question 246

Explanation:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started

Question 247

Report
Export
Collapse

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

You need to ensure that users are prevented from opening or downloading malicious files from Microsoft Teams, OneDrive, or SharePoint Online.

What should you do?

A.

Create a newAnti-malware policy

A.

Create a newAnti-malware policy

Answers
B.

Configure the Safe Links global settings.

B.

Configure the Safe Links global settings.

Answers
C.

Create a new Anti-phishing policy

C.

Create a new Anti-phishing policy

Answers
D.

Configure the Safe Attachments global settings.

D.

Configure the Safe Attachments global settings.

Answers
Suggested answer: D

Explanation:

Safe Attachments for SharePoint, OneDrive, and Microsoft Teams

In organizations with Microsoft Defender for Office 365, Safe Attachments for SharePoint, OneDrive, and Microsoft Teams provides an additional layer of protection against malware. After files are asynchronously scanned by the common virus detection engine in Microsoft 365, Safe Attachments opens files in a virtual environment to see what happens (a process known as detonation). Safe Attachments for SharePoint, OneDrive, and Microsoft Teams also helps detect and block existing files that are identified as malicious in team sites and document libraries.

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-attachments-for-spo-odfb-teams-about

Question 248

Report
Export
Collapse

HOTSPOT

Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint includes the device groups shown in the following table.

You onboard a computer named computer1 to Microsoft Defender for Endpoint as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement.

NOTE: Each correct selection is worth one point.


Question 248
Correct answer: Question 248

Question 249

Report
Export
Collapse

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.

Your company purchases Microsoft 365 and creates an Azure AD tenant named contoso.onmicrosoft.com.

You plan to install Azure AD Connect on a member server and implement pass-through authentication.

You need to prepare the environment for the planned implementation of pass-through authentication.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

A.

From a domain controller install an Authentication Agent

A.

From a domain controller install an Authentication Agent

Answers
B.

From the Microsoft Entra admin center, confiqure an authentication method.

B.

From the Microsoft Entra admin center, confiqure an authentication method.

Answers
C.

From Active Director,' Domains and Trusts add a UPN suffix

C.

From Active Director,' Domains and Trusts add a UPN suffix

Answers
D.

Modify the email address attribute for each user account.

D.

Modify the email address attribute for each user account.

Answers
E.

From the Microsoft Entra admin center, add a custom domain name.

E.

From the Microsoft Entra admin center, add a custom domain name.

Answers
F.

Modify the User logon name for each user account.

F.

Modify the User logon name for each user account.

Answers
Suggested answer: A, B, E

Explanation:

Deploy Azure AD Pass-through Authentication

Step 1: Check the prerequisites

Ensure that the following prerequisites are in place.

In the Entra admin center

1. Create a cloud-only Hybrid Identity Administrator account or a Hybrid Identity administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable.

(E) 2. Add one or more custom domain names to your Azure AD tenant. Your users can sign in with one of these domain names.

(A) In your on-premises environment

1. Identify a server running Windows Server 2016 or later to run Azure AD Connect. If not enabled already, enable TLS 1.2 on the server. Add the server to the same Active Directory forest as the users whose passwords you need to validate. It should be noted that installation of Pass-Through Authentication agent on Windows Server Core versions is not supported.

2. Install the latest version of Azure AD Connect on the server identified in the preceding step. If you already have Azure AD Connect running, ensure that the version is supported.

3. Identify one or more additional servers (running Windows Server 2016 or later, with TLS 1.2 enabled) where you can run standalone Authentication Agents. These additional servers are needed to ensure the high availability of requests to sign in. Add the servers to the same Active Directory forest as the users whose passwords you need to validate.

4. Etc.

(B) Step 2: Enable the feature

Enable Pass-through Authentication through Azure AD Connect.

If you're installing Azure AD Connect for the first time, choose the custom installation path. At the User sign-in page, choose Pass-through Authentication as the Sign On method. On successful completion, a Pass-through Authentication Agent is installed on the same server as Azure AD Connect. In addition, the Pass-through Authentication feature is enabled on your tenant.

Incorrect:

Not C: From Active Directory Domains and Trusts, add a UPN suffix

Not D. Modify the email address attribute for each user account.

Not F. Modify the User logon name for each user account.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta-quick-start

Question 250

Report
Export
Collapse

HOTSPOT

You have a new Microsoft 365 E5 tenant.

Enable Security defaults is set to Yes.

A user signs in to the tenant for the first time.

Which multi-factor authentication (MFA) method can the user use, and how many days does the user have to register for MFA? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Question 250
Correct answer: Question 250

Explanation:

https://learn.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in

https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy

Total 467 questions
Go to page: of 47
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms