Spring Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Microsoft 365 Certified: Enterprise Administrator Expert MS-102 Questions and answers with Dumpstech

Home
Microsoft
Microsoft 365 Certified: Enterprise Administrator Expert
MS-102
MS-102 Questions and Answers

Exam MS-102 Premium Access

View all detail and faqs for the MS-102 exam

Go to Exam

Practice at least 50% of the questions to maximize your chances of passing.

Viewing page 5 out of 6 pages

Viewing questions 41-50 out of questions

Questions # 41:

You have a Microsoft 365 E5 tenant.

industry regulations require that the tenant comply with the ISO 27001 standard.

You need to evaluate the tenant based on the standard

Options:

From Policy in the Azure portal, select Compliance, and then assign a pokey

From Compliance Manager, create an assessment

From the Microsoft J6i compliance center, create an audit retention policy.

From the Microsoft 365 admin center enable the Productivity Score.

Answer

Questions # 42:

You have a Microsoft 365 subscription.

You need to receive a notification each time a user in the service desk department grants Full Access permissions for a user mailbox.

What should you configure?

Options:

a data loss prevention (DLP) policy

an alert policy

an audit search

an insider risk management policy

Answer

Questions # 43:

You enable the Azure AD Identity Protection weekly digest email.

You create the users shown in the following table.

Question # 43

Which users will receive the weekly digest email automatically?

Options:

Admin2, Admin3, and Admin4 only

Admin1, Admin2, Admin3, and Admin4

Admin2 and Admin3 only

Admin3 only

Admin1 and Admin3 only

Answer

Explanation

By default, all Global Admins receive the email. Any newly created Global Admins, Security Readers or

Security Administrators will automatically be added to the recipients list.

Questions # 44:

You have a Microsoft Entra tenant that contains the groups shown in the following exhibit.

Question # 44

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each cont ' d selection is worth one point.

Question # 44

Options:

Answer

Answer:

Explanation

 You can add a Microsoft Entra cloud user to: Group1, Group3, and Group4 only

Group1: Microsoft 365 group with assigned membership type and security enabled.

Group3: Security group with assigned membership type and security enabled.

Group4: Security group with dynamic membership type and security enabled.

Group2 is not security enabled, so it cannot have security-related tasks assigned.

Group5 is sourced from Windows Server AD, which may limit direct cloud user additions.

 You can add Group5 to: Group1, Group2, Group3, and Group4

Group5 can be added to other groups regardless of the membership type or source, as long as those groups (Group1, Group2, Group3, and Group4) are security-enabled and support such additions.

Questions # 45:

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goats. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription.

You create an account for a new security administrator named SecAdmin1.

You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint. and OneDrive.

Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the SharePoint Administrator role.

Does this meet the goal?

Options:

Yes

Answer

Questions # 46:

HOTSPOT

You have an Azure AD tenant named contoso.com that contains the users shown in the following table.

Question # 46

Multi-factor authentication (MFA) is configured to use 131.107.5.0/24 as trusted IPs.

The tenant contains the named locations shown in the following table.

Question # 46

You create a conditional access policy that has the following configurations:

Users or workload identities assignments: All users

Cloud apps or actions assignment: App1

Conditions: Include all trusted locations

Grant access: Require multi-factor authentication

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Question # 46

Options:

Answer

Answer:

Explanation

Box 1: Yes

131.107.50.10 is in a Trusted Location so the conditional access policy applies. The policy requires MFA. However, User1’s MFA status is disabled. The MFA requirement in the conditional access policy will override the user’s MFA status of disabled. Therefore, User1 must use MFA.

Box 2: Yes.

131.107.20.15 is in a Trusted Location so the conditional access policy applies. The policy requires MFA so User2 must use MFA.

Box 3: No.

IP not from Trusted Location so Policy does not apply, Subnet 131.107.5.5 is not in the range of 131.107.50.0/24

[Reference:, https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition, , , , ]

Questions # 47:

You have a Microsoft 365 E5 subscription.

You plan to create an anti-malware policy named Policy1.

You need to ensure that Policy1 can detect malicious email messages that were already delivered to a user ' s mailbox.

What should you do in the Microsoft Defender portal?

Options:

Enable zero-hour auto purge (ZAP).

Modify the common attachments filter.

Configure a quarantine policy.

Enable enhanced filtering.

Answer

Questions # 48:

You have a Microsoft 365 E5 subscription. You are implementing Microsoft Defender for Cloud Apps. You need to ensure that you can create OAuth app policies.

Solution: You connect Microsoft 365 to Defender for Cloud Apps.

Does this meet the goal?

Options:

Yes

Answer

Questions # 49:

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

Question # 49

You need to configure an incident email notification rule that will be triggered when an alert occurs only on a Windows 10 device. The solution must minimize administrative effort.

What should you do first?

Options:

From the Microsoft 365 admin center, create a mail-enabled security group.

From the Microsoft 365 Defender portal, create a device group.

From the Microsoft Endpoint Manager admin center, create a device category.

From the Azure Active Directory admin center, create a dynamic device group.

Answer

Explanation

[Reference:, https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-worldwide, , https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-email-notifications?view=o365-worldwide, , , , , ]

Questions # 50:

You have a Microsoft 365 subscription.

You need to add additional domains with the onmicrosoft.com suffix to the subscription. The additional domains must be assignable as email addresses for users.

What is the maximum number of onmicrosoft.com domains the subscription can contain?

Options:

Answer

Viewing page 5 out of 6 pages

Viewing questions 41-50 out of questions

Modal title

Registered Required

In order to participate in the comments you need to be logged-in.
You can sign-up or login (it's free).