Microsoft MS-102 Exam Dumps

You have a Microsoft 365 E5 subscription that uses Microsoft intune.in the Microsoft Endpoint Manager admin center, you discover many stale and inactivedevices,You enable device clean-up rulesWhat can you configure as the minimum number of days before a device a removedautomatically?

A. 10  
B. 30  
C. 45  
D. 90  

Answer: D

You have a Microsoft 365 subscription. You need to identify which administrative users performed eDiscovery searches during the past week. What should you do from the Security & Compliance admin center?

A. Perform a content search  
B. Create a supervision policy  
C. Create an eDiscovery case  
D. Perform an audit log search  

Answer: D

You have a Microsoft 365 subscription.You configure a new Azure AD enterprise application named App1. App1 requires that auser be assigned the Reports Reader role.Which type of group should you use to assign the Reports Reader role and to accessApp1?

A. a Microsoft 365 group that has assigned membership  
B. a Microsoft 365 group that has dynamic user membership  
C. a security group that has assigned membership  
D. a security group that has dynamic user membership  

Answer: C

Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while othersmight not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.You have a Microsoft 365 E5 subscription.You create an account for a new security administrator named SecAdmin1.You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365settings and policies for Microsoft Teams, SharePoint, and OneDrive.Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the ExchangeAdministrator role.Does this meet the goal?

A. Yes  
B. No  

Answer: B

Your network contains an on-premises Active Directory domain named contoso.local. Thedomain contains five domain controllers.Your company purchases Microsoft 365 and creates an Azure AD tenant namedcontoso.onmicrosoft.com.You plan to install Azure AD Connect on a member server and implement pass-throughauthentication.You need to prepare the environment for the planned implementation of pass-throughauthentication.Which three actions should you perform? Each correct answer presents part of thesolution.NOTE: Each correct selection is worth one point.

A. From a domain controller install an Authentication Agent  
B. From the Microsoft Entra admin center, confiqure an authentication method.  
C. From Active Director,' Domains and Trusts add a UPN suffix  
D. Modify the email address attribute for each user account.  
E. From the Microsoft Entra admin center, add a custom domain name.  
F. Modify the User logon name for each user account.  

Answer: A,B,E

You have a Microsoft 365 subscription that uses Security & Compliance retention policies.You implement a preservation lock on a retention policy that is assigned to all executiveusers.Which two actions can you perform on the retention policy? Each correct answer presentsa complete solution.NOTE: Each correct selection is worth one point?

A. Add locations to the policy  
B. Reduce the duration of policy  
C. Remove locations from the policy  
D. Extend the duration of the policy  
E. Disable the policy  

Answer: A,D

You have a Microsoft 365 E5 subscription. From the Microsoft 365 Defender portal, you plan to export a detailed report ofcompromised users.What is the longest time range that can be included in the report? 

A. 1 day  
B. 7 days  
C. 30 days  
D. 90 days  
Answer: C 

Answer: .

Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while othersmight not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.You have a Microsoft 365 subscription.From the Microsoft 365 Defender, you create a role group named US eDiscoveryManagers by copying the eDiscovery Manager role group.You need to ensure that the users in the new role group can only perform content searches of mailbox content for users in the United States. Solution: From the Microsoft 365 Defender, you modify the roles of the US eDiscovery Managers role group. Does this meet the goal?

A. Yes  
B. No  

Answer: B

You have a Microsoft 365 tenant that contains 1,000 Windows 10 devices. The devices areenrolled in Microsoft Intune.Company policy requires that the devices have the following configurations:Require complex passwords.Require the encryption of removable data storage devices.Have Microsoft Defender Antivirus real-time protection enabled.You need to configure the devices to meet the requirements.What should you use?

A. an app configuration policy  
B. a compliance policy  
C a security baseline profile  
D a conditional access policy  

Answer: B

You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpointintegrated with Microsoft Endpoint Manager.Devices are onboarded by using Microsoft Defender for Endpoint.You plan to block devices based on the results of the machine risk score calculated byMicrosoft Defender for Endpoint.What should you create first?

A. a device configuration policy  
B. a device compliance policy  
C. a conditional access policy  
D. an endpoint detection and response policy  

Answer: .

You have a Microsoft 365 E5 subscription. Users access Microsoft 365 from both their laptop and a corporate Virtual DesktopInfrastructure (VDI) solution.From Azure AD Identity Protection, you enable a sign-in risk policy.Users report that when they use the VDI solution, they are regularly blocked when theyattempt to access Microsoft 365.What should you configure?

A. the Tenant restrictions settings in Azure AD  
B. a trusted location  
C. a Conditional Access policy exclusion  
D. the Microsoft 365 network connectivity settings  

Answer: B

You have a Microsoft 365 E5 tenant.You need to be notified when emails with attachments that contain sensitive personal dataare sent to external recipients.Which two policies can you use? Each correct answer presents a complete solution.NOTE: Each correct selection is worth one point.

A. a data loss prevention (DLP) policy  
B. a sensitivity label policy  
C. a Microsoft Cloud App Security file policy  
D. a communication compliance policy  
E. a retention label policy  

Answer: A,D

You have a Microsoft 365 E5 tenant that uses Microsoft Intune. You need to ensure that users can select a department when they enroll their device in Intune. What should you create?

A. scope tags  
B. device configuration profiles  
C. device categories  
D. device compliance policies  

Answer: C

You purchase a new computer that has Windows 10, version 21H1 preinstalled. You need to ensure that the computer is up-to-date. The solution must minimize the number of updates installed. What should you do on the computer? 

A. Install all the feature updates released since version 21H1 and the latest quality update only. 
B. Install the latest feature update and all the quality updates released since version 21H1.  
C. Install the latest feature update and the latest quality update only.  
D. Install all the feature updates released since version 21H1 and all the quality updates released since version 21H1 only. 

Answer: C

You have a Microsoft 365 subscription. You plan to implement Microsoft Purview Privileged Access Management. Which Microsoft Office 365 workloads support privileged access?

A. Microsoft Exchange Online only  
B. Microsoft Teams only  
C. Microsoft Exchanqe Online and SharePoint Online only  
D. Microsoft Teams and SharePoint Online only  
E. Microsoft Teams, Exchanqe Online, and SharePoint Online  

Answer: A

: 250You have Windows 10 devices that are managed by using Microsoft Endpoint Manager.You need to configure the security settings in Microsoft Edge.What should you create in Microsoft Endpoint Manager?

A. an app configuration policy  
B. an app  
C. a device configuration profile  
D. a device compliance policy  

Answer: C

You have a Microsoft 365 E5 tenant.industry regulations require that the tenant comply with the ISO 27001 standard. You need to evaluate the tenant based on the standard 

A. From Policy in the Azure portal, select Compliance, and then assign a pokey  
B. From Compliance Manager, create an assessment  
C. From the Microsoft J6i compliance center, create an audit retention policy.  
D. From the Microsoft 365 admin center enable the Productivity Score.  

Answer: B

: 227You have a Microsoft 365 F5 subscription.You plan to deploy 100 new Windows 10 devices.You need to order the appropriate version of Windows 10 for the new devices. The versionmustMeet the following requirements.Be serviced for a minimum of 24 moths.Support Microsoft Application Virtualization (App-V)Which version should you identify?

A. Window 10 Pro, version 1909  
B. Window 10 Pro, version 2004  
C. Window 10 Pro, version 1909  
D. Window 10 Enterprise, version 2004  

Answer: D

You have a Microsoft 365 E5 tenant that contains 100 Windows 10 devices. You plan to deploy a Windows 10 Security Baseline profile that will protect secrets stored in memory. What should you configure in the profile?

A. Microsoft Defender Credential Guard  
B. BitLocker Drive Encryption (BitLocker)  
C. Microsoft Defender  
D. Microsoft Defender Exploit Guard  

Answer: A

You have a Microsoft 365 tenant that contains two groups named Group1 and Group2.You need to prevent the members or Group1 from communicating with the members ofGroup2 by using Microsoft Teams. The solution must comply with regulatory requirementsand must not affect other user in the tenant.What should you use?

A. information barriers  
B. communication compliance policies  
C. moderated distribution groups  
D. administrator units in Azure Active Directory (Azure AD)  

Answer: A

You have a Microsoft 365 subscription.You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.Solution: From the Endpoint Management admin center, you create a device configuration profile.Does this meet the goal?

A. Yes
B. No 

Answer: B

You purchase a new computer that has Windows 10, version 2004 preinstalled.You need to ensure that the computer is up-to-date. The solution must minimize the number of updates installed.What should you do on the computer?

A. Install all the feature updates released since version 2004 and all the quality updates released since version 2004 only.
B. install the West feature update and the latest quality update only.
C. install all the feature updates released since version 2004 and the latest quality update only.
D. install the latest feature update and all the quality updates released since version 2004. 

Answer: B

Your network contains three Active Directory forests. There are forests trust relationships between the forests.You create an Azure AD tenant.You plan to sync the on-premises Active Directory to Azure AD.You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails.What should you include in the recommendation?

A. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode
B. three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode
C. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
D. three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode 

Answer: A

You have a Microsoft 365 tenant.You plan to implement device configuration profiles in Microsoft Intune.Which platform can you manage by using the profiles?

A. Ubuntu Linux
B. macOS
C. Android Enterprise
D. Windows 8.1 

Answer: D

You have a Microsoft 365 subscription. You need to create a data loss prevention (DLP) policy that is configured to use the Set headers action. To which location can the policy be applied?

A. OneDrive accounts
B. Exchange email
C. Teams chat and channel messages
D. SharePoint sites

Answer: B

Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while othersmight not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.Your network contains an Active Directory domain.You deploy an Azure AD tenant.Another administrator configures the domain to synchronize to Azure AD.You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized toAzure AD. All the other user accounts synchronized successfully.You review Azure AD Connect Health and discover that all the user accountsynchronizations completed successfully. You need to ensure that the 10 user accounts are synchronized to Azure AD.Solution: From Azure AD Connect, you modify the Azure AD credentials.Does this meet the goal?

A. Yes
B. No

Answer: B

You have a Microsoft 365 tenant that contains 500 Windows 10 devices and a MicrosoftEndpoint Manager device compliance policy.You need to ensure that only devices marked as compliant can access Microsoft Office 365apps.Which policy type should you configure?

A. conditional access
B. account protection
C. attack surface reduction (ASR)
D. Endpoint detection and response

Answer: A

You have a Microsoft 365 subscription. All users have their email stored in Microsoft Exchange Online. In the mailbox of a user named User1. you need to preserve a copy of all the emailmessages that contain the word ProjectX.What should you do first?

A. From the Exchange admin center create a mail flow rule.
B. From Microsoft 365 Defender, start a message trace.
C. From Microsoft Defender for Cloud Apps, create an activity policy.
D. From the Microsoft Purview compliance portal, create a label and a label policy.

Answer: D

Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while othersmight not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.You have a Microsoft 365 E5 subscription that contains a user named User1.You need to enable User1 to create Compliance Manager assessments.Solution: From the Microsoft 365 admin center, you assign User1 the Compliance adminrole.Does this meet the goal?

A. Yes
B. No

Answer: B

Note: This question is part of a series of questions that present the same scenario.Each question in the series contains a unique solution that might meet the statedgoals. Some question sets might have more than one correct solution, while othersmight not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As aresult, these questions will not appear in the review screen.You have a Microsoft 365 E5 subscription.You create an account for a new security administrator named SecAdmin1.You need to ensure that SecAdmin1 can manage Office 365 Advanced Threat Protection(ATP) settings and policies for Microsoft Teams, SharePoint, and OneDrive.Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the SharePointadmin role.Does this meet the goal?

A. Yes
B. No

Answer: B