Practice Free MS-102 Exam Online Questions
HOTSPOT
You have a Microsoft 365 subscription.
A user named [email protected] was recently provisioned.
You need to use PowerShell to assign a Microsoft Office 365 E3 license to User1. Microsoft Bookings must NOT be enabled.
How should you complete the command? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Explanation:
Box 1: Connect-MgGraph
Assign Microsoft 365 licenses to user accounts with PowerShell
Use the Microsoft Graph PowerShell SDK
First, connect to your Microsoft 365 tenant.
Assigning and removing licenses for a user requires the User.ReadWrite.All permission scope or one of the other permissions listed in the ‘Assign license’ Microsoft Graph API reference page.
The Organization.Read.All permission scope is required to read the licenses available in the tenant.
Connect-MgGraph -Scopes User.ReadWrite.All, Organization.Read.All
Box 2: Get-MgSubscribedSku
Run the Get-MgSubscribedSku command to view the available licensing plans and the number of available licenses in each plan in your organization. The number of available licenses in each plan is ActiveUnits – WarningUnits – ConsumedUnits.
Box 3: Set-MgUserLicense
Assigning licenses to user accounts
To assign a license to a user, use the following command in PowerShell.
Set-MgUserLicense -UserId $userUPN -AddLicenses @{SkuId = "<SkuId>"} -RemoveLicenses @()
This example assigns a license from the SPE_E5 (Microsoft 365 E5) licensing plan to the unlicensed user [email protected]:
$e5Sku = Get-MgSubscribedSku -All | Where SkuPartNumber -eq ‘SPE_E5’
Set-MgUserLicense -UserId "[email protected]" -AddLicenses @{SkuId = $e5Sku.SkuId} – RemoveLicenses @()
Reference: https://learn.microsoft.com/en-us/microsoft-365/enterprise/assign-licenses-to-user-accounts-with-microsoft-365-powershell
HOTSPOT
Your company has a Microsoft 365 subscription that uses an Azure AD tenant named contoso.com.
The tenant contains the users shown in the following table.
You create a retention label named Label 1 that has the following configurations:
• Retains content for five years
• Automatically deletes all content that is older than five years
You turn on Auto labeling for Label1 by using a policy named Policy1.
Policy1 has the following configurations:
• Applies to content that contains the word Merger
• Specifies the OneDrive accounts and SharePoint sites locations You run the following command.
Set-RetentionConpliancePolicy Policy1 -RestrictiveRetention Strue -Force
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint.
From Microsoft Defender for Endpoint you turn on the Allow or block file advanced feature.
You need to block users from downloading a file named File1.exe.
What should you use?
- A . an indicator
- B . a suppression rule
- C . a device configuration profile
You have a Microsoft 365 tenant.
Company policy requires that all Windows 10 devices meet the following minimum requirements:
Require complex passwords.
Require the encryption of data storage devices.
Have Microsoft Defender Antivirus real-time protection enabled.
You need to prevent devices that do not meet the requirements from accessing resources in the tenant.
Which two components should you create? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
- A . a configuration policy
- B . a compliance policy
- C . a security baseline profile
- D . a conditional access policy
- E . a configuration profile
BD
Explanation:
Reference: https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started
HOTSPOT
You have a Microsoft 365 E5 tenant that contains the users shown in the following table.
The tenant contains the devices shown in the following table.
You have the apps shown in the following table.
You plan to use Microsoft Endpoint Manager to manage the apps for the users.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-deploy
https://docs.microsoft.com/en-us/mem/intune/apps/apps-windows-10-app-deploy
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.
All the devices in your organization are onboarded to Microsoft Defender for Endpoint.
You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.
What should you do?
- A . From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
- B . From Alerts queue, create a suppression rule and assign an alert.
- C . From Advanced hunting, create a query and a detection rule.
- D . From the Microsoft Purview compliance portal, create an audit log search.
HOTSPOT
You configure a data loss prevention (DLP) policy named DLP1 as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
Explanation:
Using a retention label in a policy is only supported for items in SharePoint Online and OneDrive for Business.
Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide#using-a-retention-label-as-a-condition-in-a-dlp-policy
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Office 365 and contains a user named User1.
User1 emails a product catalog in the PDF format to 300 vendors. Only 200 vendors receive the email message, and User1 is blocked from sending email until the next day.
You need to prevent this issue from reoccurring.
What should you configure?
- A . anti-spam policies
- B . Safe Attachments policies
- C . anti-phishing policies
- D . anti-malware policies
You have a Microsoft 365 tenant that contains 1,000 Windows 10 devices. The devices are enrolled in Microsoft Intune.
Company policy requires that the devices have the following configurations:
– Require complex passwords.
– Require the encryption of removable data storage devices.
– Have Microsoft Defender Antivirus real-time protection enabled.
You need to configure the devices to meet the requirements.
What should you use?
- A . an app configuration policy
- B . a compliance policy
C a security baseline profile
D a conditional access policy
You have a Microsoft 365 subscription.
You configure a data loss prevention (DLP) policy.
You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.
You need to prevent the users from bypassing the DLP policy.
What should you configure?
- A . actions
- B . incident reports
- C . exceptions
- D . user overrides
D
Explanation:
A DLP policy can be configured to allow users to override a policy tip and report a false positive.
You can educate your users about DLP policies and help them remain compliant without blocking their work. For example, if a user tries to share a document containing sensitive information, a DLP policy can both send them an email notification and show them a policy tip in the context of the document library that allows them to override the policy if they have a business justification. The same policy tips also appear in Outlook on the web, Outlook, Excel, PowerPoint, and Word.
If you find that users are incorrectly marking content as false positive and bypassing the DLP policy, you can configure the policy to not allow user overrides.
Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/data-loss-prevention-policies