Microsoft MS-102 Exam Practice Test Instant Access

Question 1

You have a Microsoft 365 E5 tenant that contains four devices enrolled in Microsoft Intune as shown in the following table.

You plan to deploy Microsoft 365 Apps for enterprise by using Microsoft Endpoint Manager.

To which devices can you deploy Microsoft 365 Apps for enterprise?

ADevice1 only

BDevice1 and Device3 only

CDevice2 and Device4 only

DDevice1, Device2. and Device3 only

EDevice1, Device2, Device3, and Device4

Answer : B

https://docs.microsoft.com/en-us/mem/intune/apps/apps-add

Question 2

You have a hybrid Azure Active Directory (Azure AD) tenant and a Microsoft Endpoint Configuration Manager deployment.

You have the devices shown in the following table.

You plan to enable co-management.

You need to identify which devices support co-management without requiring the installation of additional software.

Which devices should you identify?

ADevice1 only

BDevice2 only

CDevice3 only

DDevice2 and Device3 only

EDevice1, Device2, and Device3

Answer : D

Question 3

You have a new Microsoft 365 E5 tenant.

You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected.

What should you do first?

AEnable auditing.

BEnable Microsoft 365 usage analytics.

CCreate an Insider risk management policy.

DCreate a communication compliance policy.

Answer : A

Microsoft Purview auditing solutions provide an integrated solution to help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in your organization's unified audit log. Audit records for these events are searchable by security ops, IT admins, insider risk teams, and compliance and legal investigators in your organization. This capability provides visibility into the activities performed across your Microsoft 365 organization.

Note: Permissions alert policies

Example: Elevation of Exchange admin privilege

Generates an alert when someone is assigned administrative permissions in your Exchange Online organization. For example, when a user is added to the Organization Management role group in Exchange Online.

https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-solutions-overview

https://learn.microsoft.com/en-us/microsoft-365/compliance/alert-policies

Question 4

You have a Microsoft 365 subscription.

You configure a new Azure AD enterprise application named App1. App1 requires that a user be assigned the Reports Reader role.

Which type of group should you use to assign the Reports Reader role and to access App1?

Aa Microsoft 365 group that has assigned membership

Ba Microsoft 365 group that has dynamic user membership

Ca security group that has assigned membership

Da security group that has dynamic user membership

Answer : C

To grant permissions to assignees to manage users and group access for a specific enterprise app, go to that app in Azure AD and open in the Roles and Administrators list for that app. Select the new custom role and complete the user or group assignment. The assignees can manage users and group access only for the specific app.

Note: You can add the following types of groups:

Assigned groups - Manually add users or devices into a static group.

Dynamic groups (Requires Azure AD Premium) - Automatically add users or devices to user groups or device groups based on an expression you create.

Note:

Security groups

Security groups are used for granting access to Microsoft 365 resources, such as SharePoint. They can make administration easier because you need only administer the group rather than adding users to each resource individually.

Security groups can contain users or devices. Creating a security group for devices can be used with mobile device management services, such as Intune.

Security groups can be configured for dynamic membership in Azure Active Directory, allowing group members or devices to be added or removed automatically based on user attributes such as department, location, or title; or device attributes such as operating system version.

Security groups can be added to a team.

Microsoft 365 Groups can't be members of security groups.

Microsoft 365 Groups

Microsoft 365 Groups are used for collaboration between users, both inside and outside your company. With each Microsoft 365 Group, members get a group email and shared workspace for conversations, files, and calendar events, Stream, and a Planner.

https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-apps

https://learn.microsoft.com/en-us/microsoft-365/admin/create-groups/compare-groups?

https://learn.microsoft.com/en-us/mem/intune/apps/apps-deploy

Question 5

You need to notify the manager of the human resources department when a user in the department shares a file or folder from the departments Microsoft SharePoint Online site. What should you do?

AFrom the SharePoint Online site, create an alert.

BFrom the SharePoint Online admin center, modify the sharing settings.

CFrom the Microsoft 365 Defender portal, create an alert policy.

DFrom the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.

Answer : D

Question 6

You have a Microsoft 365 subscription that uses an Azure AD tenant named contoso.com. The tenant contains the users shown in the following table.

You add another user named User5 to the User Administrator role.

You need to identify which two management tasks User5 can perform.

Which two tasks should you identify? Each correct answer presents a complete solution.

NOTE: Each correct selection is worth one point.

ADelete User2 and User4 only.

BReset the password of User4 only

CReset the password of any user in Azure AD.

DDelete User1, User2, and User4 only.

EReset the password of User2 and User4 only.

FDelete any user in Azure AD.

Answer : A, E

Users with the User Administrator role can create users and manage all aspects of users with some restrictions (see below).

Only on users who are non-admins or in any of the following limited admin roles:

* Directory Readers

* Guest Inviter

* Helpdesk Administrator

* Message Center Reader

* Reports Reader

* User Administrator

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles

Question 7

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.

You perform a proof of concept (PoC) deployment of Microsoft Defender for Endpoint for 10 test devices. During the onboarding process, you configure Microsoft Defender for Endpoint-related data to be stored in the United States.

You plan to onboard all the devices to Microsoft Defender for Endpoint.

You need to store the Microsoft Defender for Endpoint data in Europe.

What should you do first?

ADelete the workspace.

BCreate a workspace.

COnboard a new device.

DOffboard the test devices.

Answer : B

Storage locations

Understand where Defender for Cloud stores data and how you can work with your data:

* Machine information

- Stored in a Log Analytics workspace.

- You can use either the default Defender for Cloud workspace or a custom workspace. Data is stored in accordance with the workspace location.

https://learn.microsoft.com/en-us/azure/defender-for-cloud/plan-defender-for-servers-data-workspace

Microsoft MS-102 Microsoft 365 Administrator Exam Practice Test