Microsoft MS-102 today updated questions - Verified by Microsoft Experts

Microsoft 365 Administrator Exam Questions and Answers

Question 1

HOTSPOT

Your network contains an on-premises Active Directory domain and a Microsoft 365 subscription.

The domain contains the users shown in the following table.

The domain contains the groups shown in the following table.

You are deploying Azure AD Connect.

You configure Domain and OU filtering as shown in the following exhibit.

You configure Filter users and devices as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 2

HOTSPOT

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named Site1 and a data loss prevention (DLP) policy named DLP1. DLP1 contains the rules shown in the following table.

Site1 contains the files shown in the following table.

Which policy tips are shown for each file? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 3

You have a Microsoft 365 tenant that contains the groups shown in the following table.

You plan to create a compliance policy named Compliance1.

You need to identify the groups that meet the following requirements:

Can be added to Compliance1 as recipients of noncompliance notifications

Can be assigned to Compliance1

To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 4

You have several devices enrolled in Microsoft Endpoint Manager.

You have a Microsoft Azure Active Directory (Azure AD) tenant that includes the users shown in the following table.

The device type restrictions in Endpoint Manager are configured as shown in the following table.

Options:

Question 5

You have a Microsoft 365 E5 tenant.

You create a retention label named Retention1 as shown in the following exhibit.

When users attempt to apply Retention1, the label is unavailable.

You need to ensure that Retention1 is available to all the users.

What should you do?

Options:

Create a new label policy

Modify the Authority type setting for Retention!

Modify the Business function/department setting for Retention 1.

Use a file plan CSV template to import Retention1.

Question 6

HOTSPOT

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.

The devices are configured as shown in the following table.

You have a Conditional Access policy named CAPolicy1 that has the following settings:

1.Assignments

Users or workload identities: Group1

Cloud apps or actions: Office 365 SharePoint Online

Conditions

- Filter for devices: Exclude filtered devices from the policy

- Rule syntax: device.displayName -startsWith "Device"

2.Access controls

Grant

- Grant: Block access

Session: 0 controls selected

3.Enable policy: On

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 7

You have a Microsoft 365 tenant.

You plan to implement Endpoint Protection device configuration profiles.

Which platform can you manage by using the profile?

Options:

Android

CentOS Linux

iOS

Window 10

Question 8

You have a Microsoft 365 E5 subscription.

You onboard all devices to Microsoft Defender for Endpoint

You need to use Defender for Endpoint to block access to a malicious website at www.contoso.com.

Which two actions should you perform? Each correct answer presents part of the solution.

NOTE: Each correct answer is worth one point.

Options:

Create a web content filtering policy.

Configure an enforcement scope.

Enable Custom network indicators.

Create an indicator.

Enable automated investigation.

Question 9

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.

The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.

You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.

You install the Group Policy Management Console (GPMC) on Server1.

You need to configure the Windows Update for Business Group Policy settings on Server1.

Solution: You upgrade Server1 to Windows Server 2019.

Does this meet the goal?

Options:

yes

Question 10

You have an Azure AD tenant.

You have 1,000 computers that run Windows 10 Pro and are joined to Azure AD.

You purchase a Microsoft 365 E3 subscription.

You need to deploy Windows 10 Enterprise to the computers. The solution must minimize administrative effort.

What should you do?

Options:

From the Microsoft Endpoinf Manager admin center, create a Windows Autopilot deployment profile. Assign the profile to all the computers. Instruct users to restart their computer and perform a network restart.

Enroll the computers in Microsoft Intune. Create a configuration profile by using the Edition upgrade and mode switch template. From the Microsoft Endpoint Manager admin center, assign the profile to all the computers and instruct users to restart their computer.

From Windows Configuration Designer, create a provisioning package that has an EditionUpgrade configuration and upload the package to a Microsoft SharePoint Online site. Instruct users to run the provisioning package from SharePoint Online.

From the Azure Active Directory admin center, create a security group that has dynamic device membership. Assign licenses to the group and instruct users to sign in to their computer.

Question 11

You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.

When users attempt to access the portal of a partner company, they receive the message shown in the following exhibit.

You need to enable user access to the partner company's portal.

Which Microsoft Defender for Endpoint setting should you modify?

Options:

Alert notifications

Alert suppression

Custom detections

Advanced hunting

Indicators

Question 12

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.

You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.

You install the Group Policy Management Console (GPMC) on Server1.

You need to configure the Windows Update for Business Group Policy settings on Server1.

Solution: You raise the forest functional level to Windows Server 2016. You copy the Group Policy Administrative Templates from a Windows 10 computer to the Netlogon share on all the domain controllers.

Does this meet the goal?

Options:

yes

Question 13

You have a Microsoft 365 tenant.

You plan to manage incidents in the tenant by using the Microsoft 365 security center.

Which Microsoft service source will appear on the Incidents page of the Microsoft 365 security center?

Options:

Microsoft Cloud App Security

Azure Sentinel

Azure Web Application Firewall

Azure Defender

Question 14

You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.

You plan to publish a sensitivity label named Label1.

To which groups can you publish Label1?

Options:

Group1 only

Group1 and Group2 only

Group1 and Group4 only

Group1, Group2, and Group3 only

Group1 Group2, Group3, and Group4

Question 15

HOTSPOT

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 is configured as shown in the following exhibit.

An external user named User1 has an email address of user1@outlook.com.

You need to add User1 to Group1.

What should you do first, and which portal should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Answer:

Explanation:

Box 1: Invite User1 to collaborate with your organization as a guest.

To manage guest users of a Microsoft 365 tenant via the Admin Center portal, go through the following steps.

Navigate with your Web browser to https://admin.microsoft.com.

On the left pane, click on “Users”, then click “Guest Users”.

On the “Guest Users” page, to create a new guest user, click on either the “Add a guest user” link on the top of the page or click on “Go to Azure Active Directory to add guest users” link at the bottom of the page. Both of these links will take you to the Azure Active Directory portal, which is located at https://aad.portal.azure.com.

On the “New user” page in the Microsoft Azure portal, you must choose to either “Create user” or “Invite user”. If you choose the “Create user” option, this will create a new user in your organization, which will have a login address with format username@tenantdomain,dot,com. If you choose the “Invite user” option, this will invite a new guest user to collaborate with your organization. The user will be emailed an email invitation which they can accept in order to begin collaborating. For the purpose of creating a guest user, you must choose the “Invite user” option.

Box 2: The Microsoft Entra admin center

Microsoft Entra admin center unites Azure AD with family of identity and access products

Microsoft Entra admin center gives customers an entire toolset to secure access for everyone and everything in multicloud and multiplatform environments. The entire Microsoft Entra product family is available at this new admin center, including Azure Active Directory (Azure AD) and Microsoft Entra Permissions Management, formerly known as CloudKnox.

Starting this month, waves of customers will begin to be automatically directed to entra.microsoft.com from Microsoft 365 in place of the Azure AD admin center (aad.portal.azure.com).

[Reference:, https://stefanos.cloud/kb/how-to-manage-microsoft-365-guest-users, https://m365admin.handsontek.net/microsoft-entra-admin-center-unites-azure-ad-with-family-of-identity-and-access-products, ]

Question 16

You need to notify the manager of the human resources department when a user in the department shares a file or folder from the departments Microsoft SharePoint Online site. What should you do?

Options:

From the SharePoint Online site, create an alert.

From the SharePoint Online admin center, modify the sharing settings.

From the Microsoft 365 Defender portal, create an alert policy.

From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.

Question 17

You have a Microsoft 365 tenant.

You plan to implement Endpoint Protection device configuration profiles.

Which platform can you manage by using the profile?

Options:

Ubuntu Linux

macOS

iOS

Android

Question 18

Your network contains an Active Directory domain named adatum.com that is synced to Azure AD.

The domain contains 100 user accounts.

The city attribute for all the users is set to the city where the user resides.

You need to modify the value of the city attribute to the three-letter airport code of each city.

What should you do?

Options:

From Windows PowerShell on a domain controller, run the Gec-ADUser and Sec-ADUser cmdlets.

From Azure Cloud Shell, run the Gec-ADUser and Sec-ADUser cmdlets.

From Windows PowerShell on a domain controller, run the Gec-MgUser and Updace-MgUser cmdlets.

From Azure Cloud Shell, run the Gec-MgUser and Update-MgUser cmdlets.

Question 19

You have a Microsoft 365 E5 tenant

You create a data toss prevention (DLP) policy to prevent users from using Microsoft Teams to share internal documents with external users.

To which two locations should you apply the policy? To answer, select the appropriate locations in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 20

From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)

What will be excluded from the export?

Options:

a 10-MB XLSX file

a 5-MB MP3 file

a 5-KB RTF file

an 80-MB PPTX file

Question 21

You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Options:

Question 22

You have 2,500 Windows 10 devices and a Microsoft 365 E5 tenant that contains two users named User1 and User2. The devices are not enrollment in Microsoft Intune.

In Microsoft Endpoint Manager, the Device limit restrictions are configured as shown in the following exhibit.

In Azure Active Directory (Azure AD), the Device settings are configured as shown in the following exhibit.

From Microsoft Endpoint Manager, you add User2 as a device enrollment manager (DEM).

For each of the following statement, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 23

You need to configure the information governance settings to meet the technical requirements.

Which type of policy should you configure, and how many policies should you configure? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 24

You need to configure Office on the web to meet the technical requirements.

What should you do?

Options:

Assign the Global reader role to User1.

Enable sensitivity labels for Office files in SharePoint Online and OneDrive.

Configure an auto-labeling policy to apply the sensitivity labels.

Assign the Office apps admin role to User1.

Question 25

You create the planned DLP policies.

You need to configure notifications to meet the technical requirements.

What should you do?

Options:

From the Microsoft 365 security center, configure an alert policy.

From the Microsoft Endpoint Manager admin center, configure a custom notification.

From the Microsoft 365 admin center, configure a Briefing email.

From the Microsoft 365 compliance center, configure the Endpoint DLP settings.

Question 26

You need to configure the compliance settings to meet the technical requirements.

What should you do in the Microsoft Endpoint Manager admin center?

Options:

From Compliance policies, modify the Notifications settings.

From Locations, create a new location for noncompliant devices.

From Retire Noncompliant Devices, select Clear All Devices Retire State.

Modify the Compliance policy settings.

Question 27

You plan to implement the endpoint protection device configuration profiles to support the planned changes.

You need to identify which devices will be supported, and how many profiles you should implement.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 28

You need to configure automatic enrollment in Intune. The solution must meet the technical requirements.

What should you configure, and to which group should you assign the configurations? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 29

You need to create the DLP policy to meet the technical requirements.

What should you configure first?

Options:

sensitive info types

the Insider risk management settings

the event types

the sensitivity labels

Question 30

You need to create the Safe Attachments policy to meet the technical requirements.

Which option should you select?

Options:

Replace

Enable redirect

Block

Dynamic Delivery

Question 31

You need to ensure that User2 can review the audit logs. The solutions must meet the technical requirements.

To which role group should you add User2, and what should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 32

You need to ensure that User1 can enroll the devices to meet the technical requirements. What should you do?

Options:

From the Azure Active Directory admin center, assign User1 the Cloud device administrator rote.

From the Azure Active Directory admin center, configure the Maximum number of devices per user setting.

From the Intune admin center, add User1 as a device enrollment manager.

From the Intune admin center, configure the Enrollment restrictions.

Question 33

ON NO: 2

You need to ensure that the support technicians can meet the technical requirement for the Montreal office mobile devices.

What is the minimum of dedicated support technicians required?

Options:

Question 34

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure a pilot for co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: Define a Configuration Manager device collection as the pilot collection. Add Device1 to the collection.

Does this meet the goal?

Options:

Yes

Question 35

You need to meet the Intune requirements for the Windows 10 devices.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 36

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).

You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).

You configure a pilot for co-management.

You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.

You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.

Solution: You create a device configuration profile from the Device Management admin center.

Does this meet the goal?

Options:

Yes

Question 37

You need to create the Microsoft Store for Business. Which user can create the store?

Options:

User2

User3

User4

User5

Question 38

On which server should you install the Azure ATP sensor?

Options:

Server 1

Server 2

Server 3

Server 4

Server 5

Question 39

You need to meet the compliance requirements for the Windows 10 devices.

What should you create from the Intune admin center?

Options:

a device compliance policy

a device configuration profile

an application policy

an app configuration policy

Question 40

As of March, how long will the computers in each office remain supported by Microsoft? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 41

On which server should you use the Defender for identity sensor?

Options:

Server1

Server2

Server3

Server4

Servers5

Question 42

You need to meet the technical requirements and planned changes for Intune.

What should you do? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 43

You need to configure a conditional access policy to meet the compliance requirements.

You add Exchange Online as a cloud app.

Which two additional settings should you configure in Policy1? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 44

You need to meet the technical requirement for the EU PII data.

What should you create?

Options:

a retention policy from the Security & Compliance admin center.

a retention policy from the Exchange admin center

a data loss prevention (DLP) policy from the Exchange admin center

a data loss prevention (DLP) policy from the Security & Compliance admin center

Question 45

You need to ensure that Admin4 can use SSPR.

Which tool should you use. and which action should you perform? To answer, select the appropriate options m the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 46

You need to ensure that the Microsoft 365 incidents and advisories are reviewed monthly.

Which users can review the incidents and advisories, and which blade should the users use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 47

You need to configure Azure AD Connect to support the planned changes for the Montreal Users and Seattle Users OUs.

What should you do?

Options:

From the Microsoft Azure AD Connect wizard, select Customize synchronization options.

From PowerShell, run the Add-ADSyncConnectorAttnbuteinclusion cmdlet.

From PowerShell, run the start-ADSyncSyncCycle cmdlet.

From the Microsoft Azure AD Connect wizard, select Manage federation.

Question 48

You are evaluating the use of multi-factor authentication (MFA).

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Options:

Question 49

You need to configure just in time access to meet the technical requirements.

What should you use?

Options:

entitlement management

Azure AD Privileged Identity Management (PIM)

access reviews

Azure AD Identity Protection

Question 50

You need to configure the Office 365 service status notifications and limit access to the service and feature updates. The solution must meet the technical requirements.

What should you configure in the Microsoft 365 admin center? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Options:

Question 51

You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2.

Which authentication strategy should you implement for the pilot projects?

Options:

pass-through authentication

pass-through authentication and seamless SSO

password hash synchronization and seamless SSO

password hash synchronization

Question 52

Which role should you assign to User1?

Available Choices (select all choices that are correct)

Options:

Hygiene Management

Security Reader

Security Administrator

Records Management

Question 53

HOTSPOT

You create the Microsoft 365 tenant.

You implement Azure AD Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Options:

Question 54

You are evaluating the required processes for Project1.

You need to recommend which DNS record must be created while adding a domain name for the project.

Which DNS record should you recommend?

Options:

host (A)

host information

text (TXT)

alias (CNAME)

Load More MS-102 Questions

Special Summer Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Microsoft MS-102 Microsoft 365 Administrator Exam Exam Practice Test

Microsoft 365 Administrator Exam Questions and Answers

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Options:

Answer:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation: