Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

MS-102Free trialFree trial

By microsoft
Aug, 2025

Verified

25Q per page

Question 51

HOTSPOT

You have a Microsoft 365 E5 subscription.

You have an Azure AD tenant named contoso.com that contains the following users:

• Admin1
• Admin2
• User1

Contoso.com contains an administrative unit named AU1 that has no role assignments. User1 is a member of AU1.

You create an administrative unit named AU2 that does NOT have any members or role assignments.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Image 1

Question 52

HOTSPOT

Your company has a Microsoft 365 subscription that contains the users shown in the following table.

Image 1

External collaboration settings have default configuration.

You need to identify which users can perform the following administrative tasks:

• Modify the password protection policy.
• Create guest user accounts.

Which users should you identify for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Image 2

Question 53

You have a Microsoft 365 subscription that contains the users shown in the following table.

Image 1

You plan to use Exchange Online to manage email for a DNS domain.

An administrator adds the DNS domain to the subscription.

The DNS domain has a status of Incomplete setup.

You need to identify which user can complete the setup of the DNS domain. The solution must use the principle of least privilege.

Which user should you identify?

  • A: User1
  • B: User2
  • C: User3
  • D: User4

Question 54

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

Image 1

You plan to create a Conditional Access policy that will use GPS-based named locations.

Which users can the policy protect?

  • A: User2 and User4 only
  • B: User1, User2, User3, and User4
  • C: User1 only
  • D: User1 and User3 only

Question 55

HOTSPOT

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

Image 1

You enable self-service password reset (SSPR) for Group1. You configure security questions as the only authentication method for SSPR.

Which users can use SSPR, and which users must answer security questions to reset their password? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Image 2

Question 56

Your network contains an Active Directory forest named contoso.local.

You have a Microsoft 365 subscription.

You plan to implement a directory synchronization solution that will use password hash synchronization.

From the Microsoft 365 admin center, you successfully verify the contoso.com domain name.

You need to prepare the environment for the planned directory synchronization solution.

What should you do first?

  • A: From the Microsoft 365 admin center, verify the contoso.local domain name.
  • B: From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.
  • C: From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.
  • D: From Active Directory Users and Computers, modify the UPN suffix for all users.

Question 57

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Microsoft Defender for Endpoint for 10 test devices. During the onboarding process, you configure Microsoft Defender for Endpoint-related data to be stored in the United States.
You plan to onboard all the devices to Microsoft Defender for Endpoint.
You need to store the Microsoft Defender for Endpoint data in Europe.
What should you do first?

  • A: Delete the workspace.
  • B: Create a workspace.
  • C: Onboard a new device.
  • D: Offboard the test devices.

Question 58

You have a Microsoft 365 ES subscription.

On Monday, you create a new user named User1.

On Tuesday, User1 signs in for the first time and perform the following actions:

• Signs in to Microsoft Exchange Online from an anonymous IP address.
• Signs in to Microsoft SharePoint Online from a device in New York City.
• Establishes Remote Desktop connections to hosts in Berlin and Hong Kong, and then signs in to SharePoint Online from the Remote Desktop connections.

Which types of sign-in risks will Azure AD Identity Protection detect for User1?

  • A: anonymous IP address and atypical travel only
  • B: anonymous IP address only
  • C: unfamiliar sign-in properties and atypical travel only
  • D: anonymous IP address and unfamiliar sign-in properties only
  • E: anonymous IP address, atypical travel, and unfamiliar sign-in properties

Question 59

HOTSPOT

You have a Microsoft 365 subscription that contains the users shown in the following table.

Image 1

You have the named locations shown in the following table.

Image 2

You create a conditional access policy that has the following configurations:

• Users or workload identities:
• Include: Group1
• Exclude: Group2
• Cloud apps or actions: Include all cloud apps
• Conditions:
• Include: Any location
• Exclude: Montreal
• Access control: Grant access, Require multi-factor authentication

User1 is on the multi-factor authentication (MFA) blocked users list.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Image 3

Question 60

HOTSPOT

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

Image 1

Each user has an Android device with the Microsoft Authenticator app installed and has set up phone sign-in.

The subscription has the following Conditional Access policy:

• Name: Policy1
• Assignments
• Users and groups: Group1, Group2
• Cloud apps or actions: All cloud apps
• Access controls
• Grant: Require multi-factor authentication
• Enable policy: On

From Microsoft Authenticator settings for the subscription, the Enable and Target settings are configured as shown in the exhibit. (Click the Exhibit tab.)

Image 2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Image 3

Question 61

HOTSPOT

You have a Microsoft 365 subscription that uses an Azure AD tenant named contoso.com. The tenant contains the users shown in the following table.

Image 1

From the Sign-ins blade of the Microsoft Entra admin center, for which users can User1 and User2 view the sign-ins? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Image 2

Question 62

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com.

Corporate policy states that user passwords must not include the word Contoso.

What should you do to implement the corporate policy?

  • A: From the Microsoft Entra admin center, create a conditional access policy.
  • B: From the Microsoft Entra admin center, configure the Password protection settings.
  • C: From the Microsoft 365 admin center, configure the Password policy settings.
  • D: From Azure AD Identity Protection, configure a sign-in risk policy.

Question 63

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
• User passwords must be 10 characters or more.

Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.

Does this meet the goal?

  • A: Yes
  • B: No

Question 64

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
• User passwords must be 10 characters or more.

Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.

Does this meet the goal?

  • A: Yes
  • B: No

Question 65

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
• User passwords must be 10 characters or more.

Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.

Does this meet the goal?

  • A: Yes
  • B: No

Question 66

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory forest.

You deploy Microsoft 365.

You plan to implement directory synchronization.

You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

• Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
• User passwords must be 10 characters or more.

Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.

Does this meet the goal?

  • A: Yes
  • B: No

Question 67

You have a Microsoft 365 E5 subscription. The subscription contains users that have the following types of devices:

• Windows 11
• Android
• iOS

To which devices can you apply Endpoint DLP policies?

  • A: Windows 11 only
  • B: Windows 11 and Android only
  • C: Windows 11 and iOS only
  • D: Windows 11, Android, and iOS

Question 68

You have a Microsoft 365 E5 subscription that contains a user named User1.
User1 exceeds the default daily limit of allowed email messages and is on the Restricted entities list.
You need to remove User1 from the Restricted entities list.
What should you use?

  • A: the Exchange admin center
  • B: the Microsoft Purview compliance portal
  • C: the Microsoft 365 admin center
  • D: the Microsoft 365 Defender portal
  • E: the Microsoft Entra admin center

Question 69

Your company has three main offices and one branch office. The branch office is used for research.

The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication.

You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office.

What should you include in the recommendation?

  • A: Azure AD password protection
  • B: a Microsoft Intune device configuration profile
  • C: a Microsoft Intune device compliance policy
  • D: Azure AD conditional access

Question 70

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain.

You deploy an Azure AD tenant.

Another administrator configures the domain to synchronize to Azure AD.

You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.

You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.

You need to ensure that the 10 user accounts are synchronized to Azure AD.

Solution: From Azure AD Connect, you modify the filtering settings.

Does this meet the goal?

  • A: Yes
  • B: No

Question 71

HOTSPOT

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

Image 1

You create an administrative unit named AU1 that contains the members shown in the following exhibit.

Image 2

The User Administrator role has the assignments shown in the following exhibit.

Image 3

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Image 4

Question 72

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

  • A: Security Reader
  • B: Global Administrator
  • C: Owner
  • D: User Administrator

Question 73

HOTSPOT

Your company has an Azure AD tenant named contoso.onmicrosoft.com that contains the users shown in the following table.

Image 1

You need to identify which users can perform the following administrative tasks:

• Reset the password of User4.
• Modify the value for the manager attribute of User4.

Which users should you identify for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Image 2

Question 74

You have a Microsoft 365 E5 subscription.

Users have Android or iOS devices and access Microsoft 365 resources from computers that run Windows 11 or MacOS.

You need to implement passwordless authentication. The solution must support all the devices.

Which authentication method should you use?

  • A: Windows Hello
  • B: FIDO2 compliant security keys
  • C: Microsoft Authenticator app

Question 75

HOTSPOT

Your company has a hybrid deployment of Microsoft 365.

An on-premises user named User1 is synced to Azure AD.

Azure AD Connect is configured as shown in the following exhibit.

Image 1

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Image 2
Page 3 of 16 • Questions 51-75 of 396
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!