live chatMcAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Pass4Test 10%OFF Discount Code

Microsoft 365 Administrator - MS-102 Exam Questions

QUESTION NO: 1
You have a Microsoft 365 subscription and use Microsoft Defender for Office 365.
You need to recommend a solution to educate users on topics that relate to social engineering risks. The users must receive a weekly reminder to complete a learning task.
What should you use in the Microsoft Defender portal?
Correct Answer: D
QUESTION NO: 2
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.

The domain syncs to an Microsoft Entra tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)

User2 fails to authenticate to Microsoft Entra ID when signing in as [email protected].
You need to ensure that User2 can access the resources in Microsoft Entra ID.
Solution: From the on-premises Active Directory domain, you assign User2 the Allow logon locally user right. You instruct User2 to sign in as [email protected].
Does this meet the goal?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
HOTSPOT
You have a Microsoft 365 E3 subscription.
You plan to launch Attack simulation training for all users.
Which social engineering technique and training experience will be available? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:

Box 1: Credential Harvest
Attack simulation training offers a subset of capabilities to E3 customers as a trial. The trial offering contains the ability to use a Credential Harvest payload and the ability to select ' ISA Phishing ' or ' Mass Market Phishing ' training experiences. No other capabilities are part of the E3 trial offering.
Note: In Attack simulation training, multiple types of social engineering techniques are available:
Credential Harvest
Malware Attachment
Link to Malware
Etc.
Box 2: Mass Market Phishing
Reference:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulation-training-get-started
QUESTION NO: 4
You have a Microsoft 365 subscription.
From Microsoft Entra Privileged Identity Management (PIM), you configure Role settings for the Global Administrator role as shown in the following exhibit.

You make a user named [email protected] eligible for the Global Administrator role.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the
Correct Answer:

Explanation:
To use the Global Administrator role, [email protected] must provide: Azure Multi-Factor Authentication (MFA) The role settings indicate that " Require Azure Multi-Factor Authentication " is set to " Yes " for active assignments. Therefore, [email protected] must provide Azure MFA to use the Global Administrator role.
To make a new user eligible for the Global Administrator role, a PIM administrator must configure: an assignment that expires after 15 day(s) The settings show that eligible assignments expire after 15 days. Therefore, to make a new user eligible, a PIM administrator must configure an assignment with this expiration period.
QUESTION NO: 5
Your company has offices in Seattle and Denver.
You have a Microsoft 365 subscription.
You plan to create a Conditional Access policy named Policy1 that will enforce multifactor authentication (MFA).
You need to ensure that users at the Seattle office are excluded from MFA. Users at the Denver office must always be prompted for MFA.
What should you configure for Policy1?
Correct Answer: A
QUESTION NO: 6
You have a Microsoft 365 subscription that links to an Microsoft Entra ID (Microsoft Entra ID) tenant named contoso.onmicrosoft.com.
A user named User1 stores documents in Microsoft OneDrive.
You need to place the contents of User1's OneDrive account on an eDiscovery hold.
Which URL should you use for the eDiscovery hold? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-ediscovery-holds
QUESTION NO: 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft Entra admin center, you assign SecAdmin1 the Security Administrator role.
Does this meet the goal?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 8
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.
The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.
You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.
You install the Group Policy Management Console (GPMC) on Server1.
You need to configure the Windows Update for Business Group Policy settings on Server1.
Solution: You copy the Group Policy Administrative Templates from a Windows 10 computer to Server1.
Does this meet the goal?
Correct Answer: B
QUESTION NO: 9
You have a Microsoft 365 E5 tenant that contains a user named User1.
You plan to implement insider risk management.
You need to ensure that User1 can perform the following tasks:
Review alerts.
Manage cases.
Create notice templates.
Review user emails by using Content explorer.
The solution must use the principle of least privilege.
To which role group should you add User1?
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 10
You have a Microsoft 365 E5 subscription.
You need to assign a Microsoft Defender for Endpoint baseline.
Which portal should you use?
Correct Answer: A
QUESTION NO: 11
HOTSPOT
You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.

The devices are configured as shown in the following table.

You have a Conditional Access policy named CAPolicy1 that has the following settings:
1.Assignments
Users or workload identities: Group1
Cloud apps or actions: Office 365 SharePoint Online
Conditions
- Filter for devices: Exclude filtered devices from the policy
- Rule syntax: device.displayName -startsWith " Device "
2.Access controls
Grant
- Grant: Block access
Session: 0 controls selected
3.Enable policy: On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Correct Answer:

Explanation:

Box 1: No
User1 is member of Group1 and has Device1.
Device1 is not Microsoft Entra ID joined.
Note: Requiring a hybrid Microsoft Entra ID joined device is dependent on your devices already being hybrid Microsoft Entra ID joined.
Box 2: Yes
User2 is member of Group1 and has devices Device2 and Device3.
Device2 is Microsoft Entra ID joined.
Device2 is excluded from CAPolicy1 (which would block access to Site1).
Box 3: Yes
User2 is member of Group1 and has devices Device2 and Device3.
Device3 is Android and is Microsoft Entra ID registered.
Device3 is excluded from CAPolicy1 (which would block access to Site1).
Note: On Windows 7, iOS, Android, macOS, and some third-party web browsers, Microsoft Entra ID identifies the device using a client certificate that is provisioned when the device is registered with Microsoft Entra ID. When a user first signs in through the browser the user is prompted to select the certificate. The end user must select this certificate before they can continue to use the browser.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-policy-compliant-device
QUESTION NO: 12
You have a Microsoft 365 E5 subscription.
You need to create a mail-enabled contact.
Which portal should you use?
Correct Answer: C
QUESTION NO: 13
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create an account for a new security administrator named SecAdmin1.
You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive.
Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the Exchange Administrator role.
Does this meet the goal?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).