Microsoft MS-102 Exam Practice Test Instant Access

Question 1

You have a Microsoft 365 ES subscription.

From the Microsoft 365 Defender portal, you review your company's Microsoft Secure Score.

You discover a large number of recommended actions.

You need to ensure that the actions can be filtered based on specific department names.

What should you create first?

Aa dynamic security group

Ba tag

Can administrative unit

Da custom detection rule

Answer : C

Question 2

You have a Microsoft 365 E5 subscription.

You need to assign a Microsoft Defender for Endpoint baseline.

Which portal should you use?

Athe Microsoft 365 admin center

Bthe Microsoft Purview portal

Cthe Microsoft Defender portal

Dthe Microsoft Intune admin center

Answer : D

Question 3

: 231

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription.

You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.

Solution: From the Endpoint Management admin center, you create a device configuration profile.

Does this meet the goal?

AYes

BNo

Answer : B

You need to create a trusted location and a conditional access policy.

Question 4

: 241

You have a Microsoft 365 tenant that contains 1,000 iOS devices enrolled in Microsoft Intune. You plan to purchase volume-purchased apps and deploy the apps to the devices. You need to track used licenses and manage the apps by using Intune. What should you use to purchase the apps?

AMicrosoft Store for Business

BApple Business Manager

CApple iTunes Store

DApple Configurator

Answer : B

https://docs.microsoft.com/en-us/mem/intune/apps/vpp-apps-ios

Question 5

You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated with Microsoft Endpoint Manager.

Devices are onboarded by using Microsoft Defender for Endpoint.

You plan to block devices based on the results of the machine risk score calculated by Microsoft Defender for Endpoint.

What should you create first?

Aa device configuration policy

Ba device compliance policy

Ca conditional access policy

Dan endpoint detection and response policy

Answer : B

https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure

Question 6

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.

Your company purchases Microsoft 365 and creates an Azure AD tenant named contoso.onmicrosoft.com.

You plan to install Azure AD Connect on a member server and implement pass-through authentication.

You need to prepare the environment for the planned implementation of pass-through authentication.

Which three actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

AFrom a domain controller install an Authentication Agent

BFrom the Microsoft Entra admin center, confiqure an authentication method.

CFrom Active Director,' Domains and Trusts add a UPN suffix

DModify the email address attribute for each user account.

EFrom the Microsoft Entra admin center, add a custom domain name.

FModify the User logon name for each user account.

Answer : A, B, E

Deploy Azure AD Pass-through Authentication

Step 1: Check the prerequisites

Ensure that the following prerequisites are in place.

In the Entra admin center

1. Create a cloud-only Hybrid Identity Administrator account or a Hybrid Identity administrator account on your Azure AD tenant. This way, you can manage the configuration of your tenant should your on-premises services fail or become unavailable.

(E) 2. Add one or more custom domain names to your Azure AD tenant. Your users can sign in with one of these domain names.

(A) In your on-premises environment

1. Identify a server running Windows Server 2016 or later to run Azure AD Connect. If not enabled already, enable TLS 1.2 on the server. Add the server to the same Active Directory forest as the users whose passwords you need to validate. It should be noted that installation of Pass-Through Authentication agent on Windows Server Core versions is not supported.

2. Install the latest version of Azure AD Connect on the server identified in the preceding step. If you already have Azure AD Connect running, ensure that the version is supported.

3. Identify one or more additional servers (running Windows Server 2016 or later, with TLS 1.2 enabled) where you can run standalone Authentication Agents. These additional servers are needed to ensure the high availability of requests to sign in. Add the servers to the same Active Directory forest as the users whose passwords you need to validate.

4. Etc.

(B) Step 2: Enable the feature

Enable Pass-through Authentication through Azure AD Connect.

If you're installing Azure AD Connect for the first time, choose the custom installation path. At the User sign-in page, choose Pass-through Authentication as the Sign On method. On successful completion, a Pass-through Authentication Agent is installed on the same server as Azure AD Connect. In addition, the Pass-through Authentication feature is enabled on your tenant.

Incorrect:

Not C: From Active Directory Domains and Trusts, add a UPN suffix

Not D. Modify the email address attribute for each user account.

Not F. Modify the User logon name for each user account.

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-pta-quick-start

Question 7

You have a Microsoft 365 E5 subscription.

You plan to implement Microsoft Purview policies to meet the following requirements:

Identify documents that are stored in Microsoft Teams and SharePoint that contain Personally Identifiable Information (PII).

Report on shared documents that contain PII.

What should you create?

Aa data loss prevention (DLP) policy

Ba retention policy

Can alert policy

Da Microsoft Defender for Cloud Apps policy

Answer : A

Demonstrate data protection

Protection of personal information in Microsoft 365 includes using data loss prevention (DLP) capabilities. With DLP policies, you can automatically protect sensitive information across Microsoft 365.

There are multiple ways you can apply the protection. Educating and raising awareness to where EU resident data is stored in your environment and how your employees are permitted to handle it represents one level of information protection using Office 365 DLP.

In this phase, you create a new DLP policy and demonstrate how it gets applied to the IBANs.docx file you stored in SharePoint Online in Phase 2 and when you attempt to send an email containing IBANs.

From the Security & Compliance tab of your browser, click Home.

Click Data loss prevention > Policy.

Click + Create a policy.

In Start with a template or create a custom policy, click Custom > Custom policy > Next.

In Name your policy, provide the following details and then click Next: a. Name: EU Citizen PII Policy b. Description: Protect the personally identifiable information of European citizens

Etc.

https://learn.microsoft.com/en-us/compliance/regulatory/gdpr-discovery-protection-reporting-in-office365-dev-test-environment

Microsoft 365 Administrator MS-102 Exam Practice Test