MS-102 Exam Questions

Total 310 Questions

Last Updated Exam : 16-Dec-2024

Topic 5, Misc. Questions

Your company has a Microsoft 365 E5 tenant that contains a user named User1.
You review the company’s compliance score.
You need to assign the following improvement action to User1:Enable self-service password reset.
What should you do first?


A.

From Compliance Manager, turn off automated testing.


B.

From the Azure Active Directory admin center, enable self-service password reset (SSPR).


C.

From the Microsoft 365 admin center, modify the self-service password reset (SSPR) settings.


D.

From the Azure Active Directory admin center, add User1 to the Compliance administrator role.





D.
  

From the Azure Active Directory admin center, add User1 to the Compliance administrator role.



Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-managerimprovement-actions?view=o365-worldwide

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directoryusers-assign-role-azure-portal

Your network contains an Active Directory domain named adatum.com that is synced to Azure AD.
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?


A.

From Windows PowerShell on a domain controller, run the Gec-ADUser and Sec- ADUser cmdlets.


B.

From Azure Cloud Shell, run the Gec-ADUser and Sec-ADUser cmdlets.


C.

From Windows PowerShell on a domain controller, run the Gec-MgUser and Updace-MgUser cmdlets.


D.

From Azure Cloud Shell, run the Gec-MgUser and Update-MgUser cmdlets.





A.
  

From Windows PowerShell on a domain controller, run the Gec-ADUser and Sec- ADUser cmdlets.



The user accounts are synced from the on-premise Active Directory to the Microsoft Azure 

Active Directory (Azure AD). Therefore, the city attribute must be changed in the onpremise Active Directory.
You can use Windows PowerShell on a domain controller and run the Get-ADUser cmdlet to get the required users and pipe the results into Set-ADUser cmdlet to modify the city attribute.

Note:
There are several versions of this question in the exam. The question has two possible correct answers:
1. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
2. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.

Other incorrect answer options you may see on the exam include the following:
1. From the Azure portal, select all the Azure AD users, and then use the User settings blade.
2. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.
3. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.
4. From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets.

You have a Microsoft 365 E5 tenant.
You need to create a policy that will trigger an alert when unusual Microsoft Office 365 usage patterns are detected.
What should you use to create the policy?


A.

the Microsoft 365 admin center


B.

the Microsoft Purview compliance portal


C.

the Microsoft Defender for Cloud Apps portal


D.

the Microsoft Apps admin center





C.
  

the Microsoft Defender for Cloud Apps portal



You have a Microsoft 365 E5 tenant.
You need to evaluate compliance with European Union privacy regulations for customer data.
What should you do in the Microsoft 365 compliance center?


A.

Create a Data Subject Request (DSR)


B.

Create a data loss prevention (DLP) policy for General Data Protection Regulation (GDPR) data


C.

Create an assessment based on the EU GDPR assessment template


D.

Create an assessment based on the Data Protection Baseline assessment template





C.
  

Create an assessment based on the EU GDPR assessment template



Reference:
https://docs.microsoft.com/en-us/compliance/regulatory/gdpr-action-plan

Your on-premises network contains an Active Directory domain.
You have a Microsoft 365 subscription.
You need to sync the domain with the subscription. The solution must meet the following requirements:
On-premises Active Directory password complexity policies must be enforced.
Users must be able to use self-service password reset (SSPR) in Azure AD.
What should you use?


A.

password hash synchronization


B.

Azure AD Identity Protection


C.

Azure AD Seamless Single Sign-On (Azure AD Seamless SSO)


D.

pass-through authentication





D.
  

pass-through authentication



Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in to both on-premises and cloud-based applications using the same passwords. This feature is an alternative to Azure AD Password Hash Synchronization, which provides the same benefit of cloud authentication to organizations. However, certain organizations wanting to enforce their on-premises Active Directory security and password policies, can choose to use Pass-through Authentication instead.

Note: Azure Active Directory (Azure AD) self-service password reset (SSPR) lets users reset their passwords in the cloud, but most companies also have an on-premises Active Directory Domain Services (AD DS) environment for users. Password writeback allows password changes in the cloud to be written back to an on-premises directory in real time by using either Azure AD Connect or Azure AD Connect cloud sync. When users change or reset their passwords using SSPR in the cloud, the updated passwords also written back to the on-premises AD DS environment.

Password writeback is supported in environments that use the following hybrid identity models:
Password hash synchronization
Pass-through authentication
Active Directory Federation Services

You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.

You add custom apps to the private store in Microsoft Store Business.
You plan to create a policy to show only the private store in Microsoft Store for Business.
To which devices can the policy be applied?


A.

Device2 only


B.

Device1 and Device3 only


C.

Device2 and Device4 only


D.

Device2, Device3, and Device5 only


E.

Device1, Device2, Device3, Device4, and Device5





C.
  

Device2 and Device4 only



From the Security & Compliance admin center, you create a content export as shown in the exhibit. (Click the Exhibit tab.)

What will be excluded from the export?


A.

a 10-MB XLSX file


B.

a 5-MB MP3 file


C.

a 5-KB RTF file


D.

an 80-MB PPTX file





B.
  

a 5-MB MP3 file



Explanation:
Unrecognized file formats are excluded from the search.
Certain types of files, such as Bitmap or MP3 files, don't contain content that can be indexed. As a result, the search indexing servers in Exchange and SharePoint don't perform full-text indexing on these types of files. These types of files are considered to be unsupported file types.

Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/partially-indexed-items-incontent-search?view=o365-worldwide
https://docs.microsoft.com/en-us/office365/securitycompliance/export-a-content-searchreport

You have a Microsoft 365 subscription.
You view the Service health Overview as shown in the following exhibit.

You need to ensure that a user named User1 can view the advisories to investigate service health issues.
Which role should you assign to User1?


A.

Message Center Reader


B.

Reports Reader


C.

Service Support Administrator


D.

Compliance Administrator





C.
  

Service Support Administrator



Explanation:

Service Support admin

Assign the Service Support admin role as an additional role to admins or users who need to do the following in addition to their usual admin role:
- Open and manage service requests
- View and share message center posts
- Monitor service health
Incorrect:
* Message center reader

Assign the Message center reader role to users who need to do the following:
- Monitor message center notifications
- Get weekly email digests of message center posts and updates
- Share message center posts
- Have read-only access to Azure AD services, such as users and groups
* Reports reader

Assign the Reports reader role to users who need to do the following:
- View usage data and the activity reports in the Microsoft 365 admin center
- Get access to the Power BI adoption content pack
- Get access to sign-in reports and activity in Azure AD
- View data returned by Microsoft Graph reporting API

Reference:
https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-adminroles?view=o365-worldwide

You have a Microsoft 365 E5 subscription.
From Azure AD Identity Protection on August 1, you configure a Multifactor authentication registration policy that has the following settings:

Assignments: All users
Controls: Require Azure AD multifactor authentication registration

Enforce Policy: On
On August 3, you create two users named User1 and User2.

Users authenticate by using Azure Multi-Factor Authentication (MFA) for the first time on the dates shown in the following table.






You have a Microsoft 365 E5 subscription that contains the users shown in the following table.







Page 6 out of 31 Pages
Previous