Back

Practice Free MS-102 Exam Online Questions

Question #41

DRAG DROP

You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.

You need to onboard the devices to Microsoft Defender for Endpoint. The solution must minimize administrative effort.

What should you use to onboard each type of device? To answer, drag the appropriate onboarding methods to the correct device types. Each onboarding method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:


Question #42

You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.

You create a Microsoft Defender for identity instance Contoso.

The tenant contains the users shown in the following table.

You need to modify the configuration of the Defender for identify sensors.

Solutions: You instruct User3 to modify the Defender for identity sensor configuration.

Does this meet the goal?

  • A . Yes
  • B . No

Reveal Solution Hide Solution

Correct Answer: A
Question #43

You have a Microsoft 365 tenant that contains devices registered for mobile device management.

The devices are configured as shown in the following table.

You plan to enable VPN access for the devices.

What is the minimum number of configuration policies required?

  • A . 3
  • B . 5
  • C . 4
  • D . 1

Reveal Solution Hide Solution

Correct Answer: D
Question #44

HOTSPOT

You have a Microsoft 365 E5 tenant that connects to Microsoft Defender for Endpoint.

You have devices enrolled in Microsoft Intune as shown in the following table.

You plan to use risk levels in Microsoft Defender for Endpoint to identify whether a device is compliant. Noncompliant devices must be blocked from accessing corporate resources.

You need to identify which devices can be onboarded to Microsoft Defender for Endpoint, and which Endpoint security policies must be configured.

What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:


Question #45

Your network contains an Active Directory forest named contoso.local.

You purchase a Microsoft 365 subscription.

You plan to move to Microsoft 365 and to implement a hybrid deployment solution for the next 12 months.

You need to prepare for the planned move to Microsoft 365.

What is the best action to perform before you implement directory synchronization? More than one answer choice may achieve the goal. Select the BEST answer.

  • A . Purchase a third-party X.509 certificate.
  • B . Create an external forest trust.
  • C . Rename the Active Directory forest.
  • D . Purchase a custom domain name.

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

The first thing you need to do before you implement directory synchronization is to purchase a custom domain name. This could be the domain name that you use in your on-premise Active Directory if it’s a routable domain name, for example, contoso.com.

If you use a non-routable domain name in your Active Directory, for example contoso.local, you’ll need to add the routable domain name as a UPN suffix in Active Directory.

Incorrect:

Not C: No need to rename the Active Directory forest. As we use a non-routable domain name contoso.local, we just need to add the routable domain name as a UPN suffix in Active Directory.

Reference: https://docs.microsoft.com/en-us/office365/enterprise/set-up-directory-synchronization
Question #46

Your network contains an on-premises Active Directory domain named contoso.com.

The domain contains the objects shown in the following table.

You configure Azure AD Connect to sync contoso.com to Azure AD.

Which objects will sync to Azure AD?

  • A . Group1 only
  • B . User1 and User2 only
  • C . Group1 and User1 only
  • D . Group1, User1, and User2

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Disabled accounts

Disabled accounts are synchronized as well to Azure AD. Disabled accounts are common to represent resources in Exchange, for example conference rooms. The exception is users with a linked mailbox; as previously mentioned, these will never provision an account to Azure AD.

The assumption is that if a disabled user account is found, then we won’t find another active account later and the object is provisioned to Azure AD with the userPrincipalName and sourceAnchor found. In case another active account will join to the same metaverse object, then its userPrincipalName and sourceAnchor will be used.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/concept-azure-ad-connect-sync-user-and-contacts
Question #46

Your network contains an on-premises Active Directory domain named contoso.com.

The domain contains the objects shown in the following table.

You configure Azure AD Connect to sync contoso.com to Azure AD.

Which objects will sync to Azure AD?

  • A . Group1 only
  • B . User1 and User2 only
  • C . Group1 and User1 only
  • D . Group1, User1, and User2

Reveal Solution Hide Solution

Correct Answer: D
D

Explanation:

Disabled accounts

Disabled accounts are synchronized as well to Azure AD. Disabled accounts are common to represent resources in Exchange, for example conference rooms. The exception is users with a linked mailbox; as previously mentioned, these will never provision an account to Azure AD.

The assumption is that if a disabled user account is found, then we won’t find another active account later and the object is provisioned to Azure AD with the userPrincipalName and sourceAnchor found. In case another active account will join to the same metaverse object, then its userPrincipalName and sourceAnchor will be used.

Reference: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/concept-azure-ad-connect-sync-user-and-contacts
Question #48

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer that runs Windows 10.

You need to verify which version of Windows 10 is installed.

Solution: From Device Manager, you view the computer properties.

Does this meet the goal?

  • A . Yes
  • B . No

Reveal Solution Hide Solution

Correct Answer: B
B

Explanation:

Reference: https://support.microsoft.com/en-us/windows/which-version-of-windows-operating-system-am-i-running-628bec99-476a-2c13-5296-9dd081cdd808
Question #49

HOTSPOT

You have a Microsoft 365 tenant.

You need to create a custom Compliance Manager assessment template.

Which application should you use to create the template, and in which file format should the template be saved? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Reveal Solution Hide Solution

Correct Answer:

Explanation:

Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/compliance-manager-templates-create?view=o365-worldwide

Question #50

You have a Microsoft 365 E5 tenant that contains the devices shown in the following table.

You plan to review device startup performance issues by using Endpoint analytics.

Which devices can you monitor by using Endpoint analytics?

  • A . Device1 only
  • B . Device1 and Device2 only
  • C . Device1, Device2, and Device3 only
  • D . Device1, Device2, and Device4 only
  • E . Device1, Device2, Device3, and Device4

Reveal Solution Hide Solution

Correct Answer: A
A

Explanation:

Reference: https://docs.microsoft.com/en-us/mem/analytics/overview