Actual MS-102 Exam Recently Updated Questions with Free Demo
Free Microsoft MS-102 Exam Questions Self-Assess Preparation
NEW QUESTION # 163
You need to ensure that User2 can review the audit logs. The solutions must meet the technical requirements.
To which role group should you add User2, and what should you use? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface, text Description automatically generated
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?vie
NEW QUESTION # 164
You have three devices enrolled in Microsoft Endpoint Manager as shown in the following table.
The device compliance policies in Endpoint Manager are configured as shown in the following table.
The device compliance policies have the assignments shown in the following table.
For each of the following statements, select Yes if the statement Is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
NEW QUESTION # 165
You have an Azure AD tenant.
You have 1,000 computers that run Windows 10 Pro and are joined to Azure AD.
You purchase a Microsoft 365 E3 subscription.
You need to deploy Windows 10 Enterprise to the computers. The solution must minimize administrative effort.
What should you do?
- A. From the Azure Active Directory admin center, create a security group that has dynamic device membership. Assign licenses to the group and instruct users to sign in to their computer.
- B. Enroll the computers in Microsoft Intune. Create a configuration profile by using the Edition upgrade and mode switch template. From the Microsoft Endpoint Manager admin center, assign the profile to all the computers and instruct users to restart their computer.
- C. From Windows Configuration Designer, create a provisioning package that has an EditionUpgrade configuration and upload the package to a Microsoft SharePoint Online site. Instruct users to run the provisioning package from SharePoint Online.
- D. From the Microsoft Endpoinf Manager admin center, create a Windows Autopilot deployment profile. Assign the profile to all the computers. Instruct users to restart their computer and perform a network restart.
Answer: B
NEW QUESTION # 166
You have a Microsoft 365 E5 tenant that contains 500 Windows 10 devices and a Windows 10 compliance policy.
You deploy a third-party antivirus solution to the devices.
You need to ensure that the devices are marked as compliant.
Which three settings should you modify in the compliance policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Graphical user interface Description automatically generated
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows
NEW QUESTION # 167
You have a Microsoft 365 subscription that contains the administrative units shown in the following table.
The groups contain the members shown in the following table.
The users are assigned the roles shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 168
You have a Microsoft 365 subscription.
You have the devices shown in the following table.
You plan to join the devices to Azure Active Directory (Azure AD)
What should you do on each device to support Azure AU join? To answer, drag the appropriate actions to the collect devices, Each action may be used once, more than once, of not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 169
You have a Microsoft 365 subscription.
You are planning a threat management solution for your organization.
You need to minimize the likelihood that users will be affected by the following threats:
Opening files in Microsoft SharePoint that contain malicious content
Impersonation and spoofing attacks in email messages
Which policies should you create in Microsoft 365 Defender? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 170
You have a new Microsoft 365 E5 tenant.
You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected.
What should you do first?
- A. Create a communication compliance policy.
- B. Enable auditing.
- C. Create an Insider risk management policy.
- D. Enable Microsoft 365 usage analytics.
Answer: B
Explanation:
Microsoft Purview auditing solutions provide an integrated solution to help organizations effectively respond to security events, forensic investigations, internal investigations, and compliance obligations. Thousands of user and admin operations performed in dozens of Microsoft 365 services and solutions are captured, recorded, and retained in your organization's unified audit log. Audit records for these events are searchable by security ops, IT admins, insider risk teams, and compliance and legal investigators in your organization. This capability provides visibility into the activities performed across your Microsoft 365 organization.
Note: Permissions alert policies
Example: Elevation of Exchange admin privilege
Generates an alert when someone is assigned administrative permissions in your Exchange Online organization. For example, when a user is added to the Organization Management role group in Exchange Online.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-solutions-overview
https://learn.microsoft.com/en-us/microsoft-365/compliance/alert-policies
NEW QUESTION # 171
HOTSPOT
Your company has a Microsoft 365 E5 subscription.
You need to perform the following tasks:
View the Adoption Score of the company.
Create a new service request to Microsoft.
Which two options should you use in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1: Reports
View the Adoption Score of the company.
How to enable Adoption Score
To enable Adoption Score:
* Sign in to the Microsoft 365 admin center as a Global Administrator and go to Reports > Adoption Score
* Select enable Adoption Score. It can take up to 24 hours for insights to become available.
Box 2: Support
Create a new service request to Microsoft.
Sign in to Microsoft 365 with your Microsoft 365 admin account, and select Support > New service request. If you're in the admin center, select Support > New service request.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/admin/adoption/adoption-score
https://support.microsoft.com/en-us/topic/contact-microsoft-office-support-fd6bb40e-75b7-6f43-d6f9-c13d10850
NEW QUESTION # 172
You have a Microsoft 365 E5 tenant.
industry regulations require that the tenant comply with the ISO 27001 standard.
You need to evaluate the tenant based on the standard
- A. From the Microsoft J6i compliance center, create an audit retention policy.
- B. From Compliance Manager, create an assessment
- C. From the Microsoft 365 admin center enable the Productivity Score.
- D. From Policy in the Azure portal, select Compliance, and then assign a pokey
Answer: B
NEW QUESTION # 173
HOTSPOT
You have a Microsoft 365 E5 subscription.
You need to meet the following requirements:
Automatically encrypt documents stored in Microsoft OneDrive and SharePoint.
Enable co-authoring for Microsoft Office documents encrypted by using a sensitivity label.
Which two settings should you use in the Microsoft Purview compliance portal? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Information protection
Automatically encrypt documents stored in Microsoft OneDrive and SharePoint.
How to integrate Microsoft Purview Information Protection with Defender for Cloud Apps Enable Microsoft Purview Information Protection All you have to do to integrate Microsoft Purview Information Protection with Defender for Cloud Apps is select a single checkbox. By enabling automatic scan, you enable searching for sensitivity labels from Microsoft Purview Information Protection on your Office 365 files without the need to create a policy. After you enable it, if you have files in your cloud environment that are labeled with sensitivity labels from Microsoft Purview Information Protection, you'll see them in Defender for Cloud Apps.
To enable Defender for Cloud Apps to scan files with content inspection enabled for sensitivity labels:
In the Microsoft 365 Defender portal, select Settings. Then choose Cloud Apps. Then go to Information Protection -> Microsoft Information Protection.
Note: Encryption of data at rest
Encryption at rest includes two components: BitLocker disk-level encryption and per-file encryption of customer content.
BitLocker is deployed for OneDrive for Business and SharePoint Online across the service. Per-file encryption is also in OneDrive for Business and SharePoint Online in Microsoft 365 multi-tenant and new dedicated environments that are built on multi-tenant technology.
Box 2: Settings
Enable co-authoring for Microsoft Office documents encrypted by using a sensitivity label.
1. Sign in to the Microsoft Purview compliance portal as a global admin for your tenant.
2. From the navigation pane, select Settings > Co-authoring for files with sensitivity files.
3. On the Co-authoring for files with sensitivity labels page, read the summary description, prerequisites, and what to expect.
4. Then select Turn on co-authoring for files with sensitivity labels, and Apply.
5. Wait 24 hours for this setting to replicate across your environment before you use this new feature for co-authoring.
Reference:
https://learn.microsoft.com/en-us/defender-cloud-apps/azip-integration
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-coauthoring
NEW QUESTION # 174
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
You need to configure an incident email notification rule that will be triggered when an alert occurs only on a Windows 10 device. The solution must minimize administrative effort.
What should you do first?
- A. From the Microsoft Endpoint Manager admin center, create a device category.
- B. From the Microsoft 365 Defender portal, create a device group.
- C. From the Azure Active Directory admin center, create a dynamic device group.
- D. From the Microsoft 365 admin center, create a mail-enabled security group.
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldw
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-email-notifications?view=
NEW QUESTION # 175
Your company uses Microsoft Defender for Endpoint. Microsoft Defender for Endpoint contains the device groups shown in the following table.
You onboard computers to Microsoft Defender for Endpoint as shown in the following table.
Of which groups are Computer! and Computed members? To answer, select the appropriate options in The answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
NEW QUESTION # 176
HOTSPOT
You have a new Microsoft 365 E5 tenant.
Enable Security defaults is set to Yes.
A user signs in to the tenant for the first time.
Which multi-factor authentication (MFA) method can the user use, and how many days does the user have to register for MFA? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: Notification to Microsoft Authenticator app
Do users have 14 days to register for Azure AD Multi-Factor Authentication?
Users have 14 days to register for MFA with the Microsoft Authenticator app from their smart phones, which begins from the first time they sign in after security defaults has been enabled. After 14 days have passed, the user won't be able to sign in until MFA registration is completed.
Box 2: 14
Azure AD Identity Protection will prompt your users to register the next time they sign in interactively and they'll have 14 days to complete registration. During this 14-day period, they can bypass registration if MFA isn't required as a condition, but at the end of the period they'll be required to register before they can complete the sign-in process.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/solutions/empower-people-to-work-remotely-secure-sign-in
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-
NEW QUESTION # 177
You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.
You plan to implement attack surface reduction (ASR) rules. Which devices will support the ASR rules?
- A. Device 1, Device2, and Device3 only
- B. Device3 only
- C. Device2 and Device3 only
- D. Device1, Device2, Devices and Device4
Answer: C
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view
NEW QUESTION # 178
You plan to implement the endpoint protection device configuration profiles to support the planned changes.
You need to identify which devices will be supported, and how many profiles you should implement.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/configuration/device-profile-create
NEW QUESTION # 179
You have a Microsoft 365 E5 subscription that contains two users named Admin1 and Admin2.
All users are assigned a Microsoft 365 Enterprise E5 license and auditing is turned on.
You create the audit retention policy shown in the exhibit. (Click the Exhibit tab.)
After Policy1 is created, the following actions are performed:
* Admin1 creates a user named User1.
* Admin2 creates a user named User2.
How long will the audit events for the creation of User1 and User2 be retained? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/audit-log-retention-policies?view=o365-worldwide
NEW QUESTION # 180
You have a Microsoft 365 E5 subscription that contains the resources shown in the following table.
You create a sensitivity label named Label1.
To which resource can you apply Label1?
- A. Group1 only
- B. Groupl and Group2 only
- C. Group1, Group2, and Sitel
- D. Sitel only
- E. Group2 only
Answer: C
Explanation:
Assign sensitivity labels to Microsoft 365 groups in Azure Active Directory Azure Active Directory (Azure AD), part of Microsoft Entra, supports applying sensitivity labels published by the Microsoft Purview compliance portal to Microsoft 365 groups.
In addition to using sensitivity labels to protect documents and emails, you can also use sensitivity labels to protect content in the following containers: Microsoft Teams sites, Microsoft 365 groups (formerly Office 365 groups), and SharePoint sites.
When you configure a label policy, you can:
Choose which users and groups see the labels. Labels can be published to any specific user or email-enabled security group, distribution group, or Microsoft 365 group (which can have dynamic membership) in Azure AD.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels-teams-groups-sites
https://learn.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide
NEW QUESTION # 181
You have a Microsoft 365 E5 tenant that contains two users named User1 and User2 and the groups shown in the following table.
You have a Microsoft Intune enrollment policy that has the following settings:
* MDM user scope: Some
* Groups: Group1
* MAM user scope: Some
* Groups: Group2
You purchase the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll
https://docs.microsoft.com/en-us/mem/intune/enrollment/android-enroll-device-administrator
NEW QUESTION # 182
You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.
All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).
You plan to create a user named Admin1 that will perform following tasks:
* View BitLocker recovery keys.
* Configure the usage location for the users in contoso.com.
You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege. Which two roles should you assign? To answer, select the appropriate roles in the answer area.
NOTE: Each correct selection is worth one point
Answer:
Explanation:
NEW QUESTION # 183
HOTSPOT
You have a Microsoft 365 E5 subscription.
From Azure AD Privileged Identity Management (PIM), you configure Role settings for the Global Administrator role as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: will lose the role after eight hours
From exhibit: Activation, Activation maximum duration (hours): 8 hour(s) Box 2: for up to three months We see from exhibit: Assignment, Expire eligible assignment after: 3 month(s)
NEW QUESTION # 184
......
MS-102 Free Sample Questions to Practice One Year Update: https://passleader.free4dump.com/MS-102-real-dump.html