This page was exported from Free valid test braindumps [ http://free.validbraindumps.com ] Export date:Fri Apr 4 21:35:26 2025 / +0000 GMT ___________________________________________________ Title: 416 Q&As in UPDATED MS-102 Exam Questions Certification Test Engine to PDF [Q224-Q243] --------------------------------------------------- 416 Q&As in UPDATED MS-102 Exam Questions Certification Test Engine to PDF Get The Important Preparation Guide With MS-102 Dumps Q224. You have a Microsoft 365 E5 subscription.All users have Mac computers. All the computers are enrolled in Microsoft Endpoint Manager and onboarded to Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP).You need to configure Microsoft Defender ATP on the computers.What should you create from the Endpoint Management admin center?  a device configuration profile  an update policy for iOS  a Microsoft Defender ATP baseline profile  a mobile device management (MDM) security baseline profile Reference:https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configureQ225. You have a Microsoft 365 subscription that contains three groups named All users, Sales team, and Office users, and two users shown in the following table.In Microsoft Endpoint Manager, you have the Policies for Office apps settings shown in the following exhibit.The policies use the settings shown in the following table.What is the default share folder location for User1 and the default Office theme for User2? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationTable Description automatically generatedReference:https://docs.microsoft.com/en-us/deployoffice/overview-office-cloud-policy-serviceQ226. You have a Microsoft 365 tenant that contains the groups shown in the following table.You plan to create a compliance policy named Compliance1.You need to identify the groups that meet the following requirements:* Can be added to Compliance1 as recipients of noncompliance notifications* Can be assigned to Compliance1To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationGraphical user interface, text, application, chat or text message Description automatically generatedReference:https://www.itpromentor.com/devices-or-users-when-to-target-which-policy-type-in-microsoft-endpoint-manageQ227. You need to meet the Intune requirements for the Windows 10 devices.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationReferences:https://docs.microsoft.com/en-us/intune/windows-enrollQ228. HOTSPOTYou have an Azure AD tenant named contoso.com that contains the users shown in the following table.Multi-factor authentication (MFA) is configured to use 131.107.5.0/24 as trusted IPs.The tenant contains the named locations shown in the following table.You create a conditional access policy that has the following configurations:Users or workload identities assignments: All usersCloud apps or actions assignment: App1Conditions: Include all trusted locationsGrant access: Require multi-factor authenticationFor each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. ExplanationBox 1: Yes131.107.50.10 is in a Trusted Location so the conditional access policy applies. The policy requires MFA.However, User1’s MFA status is disabled. The MFA requirement in the conditional access policy will override the user’s MFA status of disabled. Therefore, User1 must use MFA.Box 2: Yes.131.107.20.15 is in a Trusted Location so the conditional access policy applies. The policy requires MFA so User2 must use MFA.Box 3: No.IP not from Trusted Location so Policy does not apply, Subnet 131.107.5.5 is not in the range of131.107.50.0/24Reference:https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-conditionQ229. Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)User2 fails to authenticate to Azure AD when signing in as user2@fabrikam.com.You need to ensure that User2 can access the resources in Azure AD.Solution: From the on-premises Active Directory domain, you set the UPN suffix for User2 to @contoso.com.You instruct User2 to sign in as user2@contoso.com.Does this meet the goal?  Yes  No ExplanationThe on-premises Active Directory domain is named contoso.com. You can enable users to sign on using a different UPN (different domain), by adding the domain to Microsoft 365 as a custom domain. Alternatively, you can configure the user account to use the existing domain (contoso.com).Q230. You have a Microsoft 365 E5 tenant.You need to implement compliance solutions that meet the following requirements:* Use a file plan to manage retention labels.* Identify, monitor, and automatically protect sensitive information.* Capture employee communications for examination by designated reviewers.Which solution should you use for each requirement? To answer, drag the appropriate solutions to the correct requirements. Each solution may be used once, more than once, or not at all. You may need to drag the split bat between panes or scroll to view content.NOTE: Each correct selection is worth one point. Explanation:Graphical user interface, text, application Description automatically generatedQ231. You have a Microsoft 365 ES tenant.You have the alerts shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.NOTE: Each correct selection is worth one point. ExplanationQ232. You have a Microsoft 365 E5 subscription.You need to compare the current Safe Links configuration to the Microsoft recommended configurations.What should you use?  Microsoft Purview  Azure AD Identity Protection  Microsoft Secure Score  the configuration analyzer Q233. You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365. You have the policies shown in the following table.All the policies are configured to send malicious email messages to quarantine. Which policies support a customized quarantine retention period?  Policy1 and Policy2 only  Policy2 and Policy4 only  Policy3 and Policy4 only  Policy1 and Policy3only Q234. You have a Microsoft 365 E5 tenant.You have a sensitivity label configured as shown in the Sensitivity label exhibit. (Click the Sensitivity label tab.)You have an auto-labeling policy as shown in the Auto-labeling policy exhibit. (Click the Auto-labeling policy tab.)A user sends an email that contains the components shown in the following table.For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. ExplanationGraphical user interface, text, application Description automatically generatedReference:https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-woQ235. Your company has a Microsoft 365 subscription that uses an Azure AD tenant named contoso.com. The tenant contains the users shown in the following table.You create a retention label named Label 1 that has the following configurations:* Retains content for five years* Automatically deletes all content that is older than five yearsYou turn on Auto labeling for Label1 by using a policy named Policy1. Policy1 has the following configurations:* Applies to content that contains the word Merger* Specifies the OneDrive accounts and SharePoint sites locationsYou run the following command.Set-RetentionConpliancePolicy Policy1 -RestrictiveRetention Strue -Force For each of the following statements, select Yes if the statement is true. Otherwise, select No.NOTE: Each correct selection is worth one point. Q236. You have a Microsoft 365 subscription.You view the Service health Overview as shown in the following exhibit.You need to ensure that a user named User1 can view the advisories to investigate service health issues.Which role should you assign to User1?  Message Center Reader  Reports Reader  Service Support Administrator  Compliance Administrator ExplanationService Support adminAssign the Service Support admin role as an additional role to admins or users who need to do the following in addition to their usual admin role:– Open and manage service requests– View and share message center posts– Monitor service healthIncorrect:* Message center readerAssign the Message center reader role to users who need to do the following:– Monitor message center notifications– Get weekly email digests of message center posts and updates– Share message center posts– Have read-only access to Azure AD services, such as users and groups* Reports readerAssign the Reports reader role to users who need to do the following:– View usage data and the activity reports in the Microsoft 365 admin center– Get access to the Power BI adoption content pack– Get access to sign-in reports and activity in Azure AD– View data returned by Microsoft Graph reporting APIReference:https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwideQ237. You need to meet the technical requirements and planned changes for Intune.What should you do? To answer, select the appropriate options in the answer area.NOTE: Each correct selection is worth one point. ExplanationReference:https://docs.microsoft.com/en-us/intune/windows-enrollTopic 3, Litware Inc.Case StudyThis is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.To start the case studyTo display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. If the case study has an All Information tab, note that the information displayed is identical to the information displayed on the subsequent tabs. When you are ready to answer a question, click the Question button to return to the question.OverviewGeneral OverviewsLitware, Inc. is a technology research company. The company has a main office in Montreal and a branch office in Seattle.EnvironmentExisting EnvironmentThe network contains an on-premises Active Directory domain named litware.com. The domain contains the users shown in the following table.Microsoft Cloud EnvironmentLitware has a Microsoft 365 subscription that contains a verified domain named litware.com. The subscription syncs to the on-premises domain.Litware uses Microsoft Intune for device management and has the enrolled devices shown in the following table.Litware.com contains the security groups shown in the following table.Litware uses Microsoft SharePoint Online and Microsoft Teams for collaboration.The verified domain is linked to an Azure Active Directory (Azure AD) tenant named litware.com. Audit log search is turned on for the litware.com tenant.Problem StatementsLitware identifies the following issues:Users open email attachments that contain malicious content.Devices without an assigned compliance policy show a status of Compliant.User1 reports that the Sensitivity option in Microsoft Office for the web fails to appear.Internal product codes and confidential supplier ID numbers are often shared during Microsoft Teams meetings and chat sessions that include guest users and external users.RequirementsPlanned ChangesLitware plans to implement the following changes:Implement device configuration profiles that will configure the endpoint protection template settings for supported devices.Configure information governance for Microsoft OneDrive, SharePoint Online, and Microsoft Teams.Implement data loss prevention (DLP) policies to protect confidential information.Grant User2 permissions to review the audit logs of he litware.com tenant.Deploy new devices to the Seattle office as shown in the following table.Implement a notification system for when DLP policies are triggered.Configure a Safe Attachments policy for the litware.com tenant.Technical RequirementsLitware identifies the following technical requirements:Retention settings must be applied automatically to all the data stored in SharePoint Online sites, OneDrive accounts, and Microsoft Teams channel messages, and the data must be retained for five years.Emails messages that contain attachments must be delivered immediately, and placeholder must be provided for the attachments until scanning is complete.All the Windows 10 devices in the Seattle office must be enrolled in Intune automatically when the devices are joined to or registered with Azure AD.Devices without an assigned compliance policy must show a status of Not Compliant in the Microsoft Endpoint Manager admin center.A notification must appear in the Microsoft 365 compliance center when a DLP policy is triggered.User2 must be granted the permissions to review audit logs for the following activities:– Admin activities in Microsoft Exchange Online– Admin activities in SharePoint Online– Admin activities in Azure ADUsers must be able to apply sensitivity labels to documents by using Office for the web.Windows Autopilot must be used for device provisioning, whenever possible.A DLP policy must be created to meet the following requirements:– Confidential information must not be shared in Microsoft Teams chat sessions, meetings, or channel messages.– Messages that contain internal product codes or supplier ID numbers must be blocked and deleted.The principle of least privilege must be used.Q238. You have a Microsoft 365 E5 subscription.Al users have Mac computers. ATI the computers are enrolled in Microsoft Endpoint Manager and onboarded to Microsoft Defender for Endpoint.You need to configure Microsoft Defender for Endpoint on the computers.What should you create from the Endpoint Management admin center?  a Microsoft Defender for Endpoint baseline profile  an update policy for iOS  a device configuration profile  a mobile device management (MDM) security baseline profile Q239. You need to configure the compliance settings to meet the technical requirements.What should you do in the Microsoft Endpoint Manager admin center?  From Compliance policies, modify the Notifications settings.  From Locations, create a new location for noncompliant devices.  From Retire Noncompliant Devices, select Clear All Devices Retire State.  Modify the Compliance policy settings. Reference:https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-startedQ240. You have a Microsoft 365 E5 tenant.You plan to create a custom Compliance Manager assessment template based on the ISO 27001:2013 template.You need to export the existing template.Which file format should you use for the exported template?  CSV  XLSX  JSON  XML Reference:https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-templates?view=o365-worldwide#export-a-templateQ241. You create the planned DLP policies.You need to configure notifications to meet the technical requirements.What should you do?  From the Microsoft 365 security center, configure an alert policy.  From the Microsoft Endpoint Manager admin center, configure a custom notification.  From the Microsoft 365 admin center, configure a Briefing email.  From the Microsoft 365 compliance center, configure the Endpoint DLP settings. Reference:https://docs.microsoft.com/en-us/microsoft-365/compliance/dlp-configure-view-alerts-policies?view=o365-worlTopic 4, FabrikamOverviewFabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.Existing EnvironmentActive Directory EnvironmentThe network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication. Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.All users authenticate to on-premises applications by signing in to their device by using a UPN format of username@fabrikam.com.Fabrikam does NOT plan to implement identity federation.Network InfrastructureEach office has a high-speed connection to the Internet.Each office contains two domain controllers. All domain controllers are configured as DNS servers.The public zone for fabrikam.com is managed by an external DNS server.All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.All shared company documents are stored on a Microsoft SharePoint Server farm.RequirementsPlanned ChangesFabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.Fabrikam plans to implement two pilot projects:Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales department users.Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft365 bulk licenses.Technical RequirementsFabrikam identifies the following technical requirements:All users must be able to exchange email messages successfully during Project1 by using their current email address.Users must be able to authenticate to cloud services if Active Directory becomes unavailable.A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal.Microsoft 365 Apps for enterprise applications must be installed from a network share only.Disruptions to email access must be minimized.Application RequirementsFabrikam identifies the following application requirements:An on-premises web application named App1 must allow users to complete their expense reports online.App1 must be available to users from the My Apps portal.The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.Security RequirementsFabrikam identifies the following security requirements:After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed from the group automatically.After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.The principle of least privilege must be used.Q242. You have a Microsoft 365 tenant that contains a Windows 10 device named Device1 and the Microsoft Endpoint Manager policies shown in the following table.  only the settings of Policy!  only the settings of Policy2  only the settings of Policy3  no settings Q243. You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.You create a Microsoft Defender for identity instance Contoso.The tenant contains the users shown in the following table.You need to modify the configuration of the Defender for identify sensors.Solutions: You instruct User3 to modify the Defender for identity sensor configuration.Does this meet the goal?  Yes  No  Loading … Prepare With Top Rated High-quality MS-102 Dumps For Success in Exam: https://www.validbraindumps.com/MS-102-exam-prep.html --------------------------------------------------- Images: https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif https://free.validbraindumps.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2024-07-13 12:32:48 Post date GMT: 2024-07-13 12:32:48 Post modified date: 2024-07-13 12:32:48 Post modified date GMT: 2024-07-13 12:32:48