microsoft ms-102 practice test

HOTSPOT

Your company has an Azure AD tenant that contains the users shown in the following table.



The tenant includes a security group named Admin1. Admin1 will be used to manage administrative accounts. External collaboration settings have default configuration.

You need to identify which users can perform the following administrative tasks:

Create guest user accounts.
Add User3 to Admin1.

Which users should you identify for each task? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates an Azure AD tenant named contoso.onmicrosoft.com.
You plan to install Azure AD Connect on a member server and implement pass-through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. From a domain controller, install an Authentication Agent.
• B. From the Microsoft Entra admin center, configure an authentication method.
• C. From Active Directory Domains and Trusts, add a UPN suffix.
• D. Modify the email address attribute for each user account.
• E. From the Microsoft Entra admin center, add a custom domain name.
• F. Modify the User logon name for each user account.

You have a Microsoft 365 E5 subscription.
You need to create Conditional Access policies to meet the following requirements:
All users must use multi-factor authentication (MFA) when they sign in from outside the corporate network.
Users must only be able to sign in from outside the corporate network if the sign-in originates from a compliant device.
All users must be blocked from signing in from outside the United States and Canada.
Only users in the R&D department must be blocked from signing in from both Android and iOS devices.
Only users in the finance department must be able to sign in to an Azure AD enterprise application named App1. All other users must be blocked from signing in to App1.
What is the minimum number of Conditional Access policies you should create?

• A. 3
• B. 4
• C. 5
• D. 6
• E. 7
• F. 8

HOTSPOT

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.



At 08:00, you create an incident notification rule that has the following configurations:

Name: Notification1
Notification settings
Notify on alert severity: Low
Device group scope: All (3)
Details: First notification per incident
Recipients: [email protected]

At 08:02, you create an incident notification rule that has the following configurations:

Name: Notification2
Notification settings
Notify on alert severity: Low, Medium
Device group scope: DeviceGroup1, DeviceGroup2
Recipients: [email protected]

In Microsoft 365 Defender, alerts are logged as shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

HOTSPOT

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named Site1.

You need to perform the following tasks:

Create a sensitive info type named SIT1 based on a regular expression.
Add a watermark to all new documents that are matched by SIT1.

Which two settings should you use in the Microsoft Purview compliance portal? To answer, select the appropriate settings in the answer area.

NOTE: Each correct selection is worth one point.

HOTSPOT You have a Microsoft 365 subscription that contains the users shown in the following table.

You need to configure a dynamic user group that will include the guest users in any department that contains the word Support.
How should you complete the membership rule? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

HOTSPOT

You have a Microsoft 365 E5 subscription.

You have an Azure AD tenant named contoso.com that contains the following users:

Admin1
Admin2
User1

Contoso.com contains an administrative unit named AU1 that has no role assignments. User1 is a member of AU1.

You create an administrative unit named AU2 that does NOT have any members or role assignments.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Your on-premises network contains an Active Directory domain.
You have a Microsoft 365 subscription.
You need to sync the domain with the subscription. The solution must meet the following requirements:
On-premises Active Directory password complexity policies must be enforced.
Users must be able to use self-service password reset (SSPR) in Azure AD.
What should you use?

• A. password hash synchronization
• B. Azure AD Identity Protection
• C. Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)
• D. pass-through authentication

You have a Microsoft 365 subscription.
You register two applications named App1 and App2 to Azure AD.
You need to ensure that users who connect to App1 require multi-factor authentication (MFA). MFA is required only for App1. What should you do?

• A. From the Microsoft Entra admin center, create a conditional access policy.
• B. From the Microsoft 365 admin center, configure the Modem authentication settings.
• C. From the Enterprise applications blade of the Microsoft Entra admin center, configure the Users settings.
• D. From Multi-Factor Authentication, configure the service settings.

You need to notify the manager of the human resources department when a user in the department shares a file or folder from the department's Microsoft SharePoint site.

What should you do?

• A. From the SharePoint admin center, modify the sharing settings.
• B. From the SharePoint site, create an alert.
• C. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
• D. From the Microsoft 365 Defender portal, create an alert policy.