MS-102 Mock Test Free – 50 Realistic Questions to Prepare with Confidence.
Getting ready for your MS-102 certification exam? Start your preparation the smart way with our MS-102 Mock Test Free – a carefully crafted set of 50 realistic, exam-style questions to help you practice effectively and boost your confidence.
Using a mock test free for MS-102 exam is one of the best ways to:
- Familiarize yourself with the actual exam format and question style
- Identify areas where you need more review
- Strengthen your time management and test-taking strategy
Below, you will find 50 free questions from our MS-102 Mock Test Free resource. These questions are structured to reflect the real exam’s difficulty and content areas, helping you assess your readiness accurately.
You have a new Microsoft 365 E5 tenant. You need to enable an alert policy that will be triggered when an elevation of Microsoft Exchange Online administrative privileges is detected. What should you do first?
A. Enable auditing.
B. Enable Microsoft 365 usage analytics.
C. Create an Insider risk management policy.
D. Create a communication compliance policy.
You have a Microsoft 365 E5 subscription. You need to create a mail-enabled contact. Which portal should you use?
A. the Microsoft 365 admin center
B. the SharePoint admin center
C. the Microsoft Entra admin center
D. the Microsoft Purview compliance portal
HOTSPOT - You have a Microsoft 365 E5 subscription that contains the users shown in the following table.You are implementing Microsoft Defender for Endpoint. You need to enable role-based access control (RBAC) to restrict access to the Microsoft 365 Defender portal. Which users can enable RBAC, and which users will no longer have access to the Microsoft 365 Defender portal after RBAC is enabled? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains a user named User1. User1 exceeds the default daily limit of allowed email messages and is on the Restricted entities list. You need to remove User1 from the Restricted entities list. What should you use?
A. the Exchange admin center
B. the Microsoft Purview compliance portal
C. the Microsoft 365 admin center
D. the Microsoft 365 Defender portal
E. the Microsoft Entra admin center
HOTSPOT - Your company uses a legacy on-premises LDAP directory that contains 100 users. The company purchases a Microsoft 365 subscription. You need to import the 100 users into Microsoft 365 by using the Microsoft 365 admin center. Which type of file should you use and which properties are required? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have a Microsoft 365 subscription. You deploy the anti-phishing policy shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.You plan to create an Endpoint security policy by using the Defender Update controls template. To which devices can you apply the policy?
A. Device1 only
B. Device1 and Device2 only
C. Device1 and Device3 only
D. Device1, Device2, and Device3
HOTSPOT - You have a Microsoft 365 subscription that contains the users shown in the following table.You create a new administrative unit named AU1 and configure the following AU1 dynamic membership rule. (user.department -eq "Engineering") and (user.jobTitle -notContains "Executive") The subscription contains the role assignments shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Your network contains an Active Directory domain named adatum.com that is synced to Azure AD. The domain contains 100 user accounts. The city attribute for all the users is set to the city where the user resides. You need to modify the value of the city attribute to the three-letter airport code of each city. What should you do?
A. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
B. From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets.
C. From Windows PowerShell on a domain controller, run the Get-MgUser and Update-MgUser cmdlets.
D. From Azure Cloud Shell, run the Get-MgUser and Update-MgUser cmdlets.
You have a Microsoft 365 E5 tenant. Users store data in the following locations: Microsoft Teams - Microsoft OneDrive - Microsoft Exchange Online - Microsoft SharePoint - You need to retain Microsoft 365 data for two years. What is the minimum number of retention policies that you should create?
A. 1
B. 2
C. 3
D. 4
HOTSPOT - Overview - Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle. Litware collaborates with a third-party company named A. Datum Corporation. Environment - On-Premises Environment - The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019. Cloud Environment - Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure AD Premium P2 licenses. The subscription contains a verified DNS domain named litware.com. Azure AD Connect is installed and has the following configurations: • Password hash synchronization is enabled. • Synchronization is enabled for the LitwareAdmins OU only. Users are assigned the roles shown in the following table.
Self-service password reset (SSPR) is enabled. The Azure AD tenant has Security defaults enabled. Problem Statements - Litware identifies the following issues: • Admin1 cannot create conditional access policies. • Admin4 receives an error when attempting to use SSPR. • Users access new Office 365 service and feature updates before the updates are reviewed by Admin2. Requirements - Planned Changes - Litware plans to implement the following changes: • Implement Microsoft Intune. • Implement Microsoft Teams. • Implement Microsoft Defender for Office 365. • Ensure that users can install Office 365 apps on their device. • Convert all the Windows 10 Pro devices to Windows 10 Enterprise ES. • Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU. Technical Requirements - Litware identifies the following technical requirements: • Administrators must be able to specify which version of an Office 365 desktop app will be available to users and to roll back to previous versions. • Only Admin2 must have access to new Office 365 service and feature updates before they are released to the company. • Litware users must be able to invite A. Datum users to participate in the following activities: • Join Microsoft Teams channels. • Join Microsoft Teams chats. • Access shared files. • Just in time access to critical administrative roles must be required. • Microsoft 365 incidents and advisories must be reviewed monthly. • Office 365 service status notifications must be sent to Admin2. • The principle of least privilege must be used. You need to ensure that Admin4 can use SSPR. Which tool should you use, and which action should you perform? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - Your company uses Microsoft Defender for Endpoint. The devices onboarded to Microsoft Defender for Endpoint are shown in the following table.The alerts visible in the Microsoft Defender for Endpoint alerts queue are shown in the following table.
You create a suppression rule that has the following settings: • Triggering IOC: Any IOC • Action: Hide alert • Suppression scope: Alerts on ATP1 device group For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.The domain syncs to an Azure AD tenant named contoso.com as shown in the exhibit. (Click the Exhibit tab.)
User2 fails to authenticate to Azure AD when signing in as user2@fabrikam.com . You need to ensure that User2 can access the resources in Azure AD. Solution: From the Microsoft Entra admin center, you add fabrikam.com as a custom domain. You instruct User2 to sign in as user2@fabrikam.com . Does this meet the goal?
A. Yes
B. No
HOTSPOT - You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint Online site named Site1 and the users shown in the following table.The devices are configured as shown in the following table.
You have a Conditional Access policy named CAPolicy1 that has the following settings: Assignments - Users or workload identities: Group1 Cloud apps or actions: Office 365 SharePoint Online Conditions - Filter for devices: Exclude filtered devices from the policy Rule syntax: device.displayName -startsWith "Device" Access controls - Grant - Grant: Block access - Session: 0 controls selected - Enable policy: On - For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
HOTSPOT - You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com. All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker). You plan to create a user named Admin1 that will perform following tasks: • View BitLocker recovery keys. • Configure the usage location for the users in contoso.com. You need to assign roles to Admin to meet the requirements. The solution must use the principle of least privilege. Which two roles should you assign? To answer, select the appropriate options in the answer area.
Overview - Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in Seattle. Litware collaborates with a third-party company named A. Datum Corporation. Environment - On-Premises Environment - The network of Litware contains an Active Directory domain named litware.com. The domain contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle Users and the users shown in the following table.The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server 2019. Cloud Environment - Litware has a pilot Microsoft 365 subscription that includes Microsoft Office 365 Enterprise E3 licenses and Azure AD Premium P2 licenses. The subscription contains a verified DNS domain named litware.com. Azure AD Connect is installed and has the following configurations: • Password hash synchronization is enabled. • Synchronization is enabled for the LitwareAdmins OU only. Users are assigned the roles shown in the following table.
Self-service password reset (SSPR) is enabled. The Azure AD tenant has Security defaults enabled. Problem Statements - Litware identifies the following issues: • Admin1 cannot create conditional access policies. • Admin4 receives an error when attempting to use SSPR. • Users access new Office 365 service and feature updates before the updates are reviewed by Admin2. Requirements - Planned Changes - Litware plans to implement the following changes: • Implement Microsoft Intune. • Implement Microsoft Teams. • Implement Microsoft Defender for Office 365. • Ensure that users can install Office 365 apps on their device. • Convert all the Windows 10 Pro devices to Windows 10 Enterprise ES. • Configure Azure AD Connect to sync the Montreal Users OU and the Seattle Users OU. Technical Requirements - Litware identifies the following technical requirements: • Administrators must be able to specify which version of an Office 365 desktop app will be available to users and to roll back to previous versions. • Only Admin2 must have access to new Office 365 service and feature updates before they are released to the company. • Litware users must be able to invite A. Datum users to participate in the following activities: • Join Microsoft Teams channels. • Join Microsoft Teams chats. • Access shared files. • Just in time access to critical administrative roles must be required. • Microsoft 365 incidents and advisories must be reviewed monthly. • Office 365 service status notifications must be sent to Admin2. • The principle of least privilege must be used. You need to configure Azure AD Connect to support the planned changes for the Montreal Users and Seattle Users OUs. What should you do?
A. From PowerShell, run the Add-ADSyncConnectorAttributeInclusion cmdlet.
B. From the Microsoft Azure AD Connect wizard, select Manage federation.
C. From the Microsoft Azure AD Connect wizard, select Customize synchronization options.
D. From PowerShell, run the Start-ADSyncSyncCycle cmdlet.
You have a Microsoft 365 E5 subscription. You create a Conditional Access policy that blocks access to an app named App1 when users trigger a high-risk sign-in event. You need to reduce false positives for impossible travel when the users sign in from the corporate network. What should you configure?
A. exclusion groups
B. multi-factor authentication (MFA)
C. named locations
D. user risk policies
HOTSPOT - You have a Microsoft 365 tenant. You plan to create a retention policy as shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains users in the United States, Europe, and Asia. You use Azure AD Identity Protection. You have a virtual desktop infrastructure (VDI). All VDI servers are located in the United States. Users connect to Microsoft 365 from laptops and the VDI. Some VDI users report that they are blocked from signing in to Microsoft 365 due to a high sign-in risk. You need to reduce the likelihood that the VDI users will be erroneously blocked from signing in to Microsoft 365. The solution must ensure that sign-ins from the VDI environment are protected by using Identity Protection. What should you configure?
A. ExpressRoute for Microsoft 365
B. a trusted location
C. a Satellite Geography location
D. a Conditional Access policy
Overview - Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide. Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States. Existing Environment - Active Directory Environment - The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication. Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts. All users authenticate to on-premises applications by signing in to their device by using a UPN format of username@fabrikam.com . Fabrikam does NOT plan to implement identity federation. Network Infrastructure - Each office has a high-speed connection to the Internet. Each office contains two domain controllers. All domain controllers are configured as DNS servers. The public zone for fabrikam.com is managed by an external DNS server. All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed. All shared company documents are stored on a Microsoft SharePoint Server farm. Requirements - Planned Changes - Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription. Fabrikam plans to implement two pilot projects: Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365. Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales department users. Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses. Technical Requirements - Fabrikam identifies the following technical requirements: All users must be able to exchange email messages successfully during Project1 by using their current email address. Users must be able to authenticate to cloud services if Active Directory becomes unavailable. A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal. Microsoft 365 Apps for enterprise applications must be installed from a network share only. Disruptions to email access must be minimized. Application Requirements - Fabrikam identifies the following application requirements: An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal. The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized. Security Requirements - Fabrikam identifies the following security requirements: After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN. The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed from the group automatically. After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically. The principle of least privilege must be used. You are evaluating the required processes for Project1. You need to recommend which DNS record must be created while adding a domain name for the project. Which DNS record should you recommend?
A. host (A)
B. host information (HINFO)
C. text (TXT)
D. pointer (PTR)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. You have a Microsoft 365 E5 subscription. You create an account for a new security administrator named SecAdmin1. You need to ensure that SecAdmin1 can manage Microsoft Defender for Office 365 settings and policies for Microsoft Teams, SharePoint, and OneDrive. Solution: From the Microsoft 365 admin center, you assign SecAdmin1 the Exchange Administrator role. Does this meet the goal?
A. Yes
B. No
Overview - Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide. Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States. Existing Environment - Active Directory Environment - The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication. Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts. All users authenticate to on-premises applications by signing in to their device by using a UPN format of username@fabrikam.com . Fabrikam does NOT plan to implement identity federation. Network Infrastructure - Each office has a high-speed connection to the Internet. Each office contains two domain controllers. All domain controllers are configured as DNS servers. The public zone for fabrikam.com is managed by an external DNS server. All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed. All shared company documents are stored on a Microsoft SharePoint Server farm. Requirements - Planned Changes - Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription. Fabrikam plans to implement two pilot projects: Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365. Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales department users. Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses. Technical Requirements - Fabrikam identifies the following technical requirements: All users must be able to exchange email messages successfully during Project1 by using their current email address. Users must be able to authenticate to cloud services if Active Directory becomes unavailable. A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal. Microsoft 365 Apps for enterprise applications must be installed from a network share only. Disruptions to email access must be minimized. Application Requirements - Fabrikam identifies the following application requirements: An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal. The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized. Security Requirements - Fabrikam identifies the following security requirements: After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN. The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed from the group automatically. After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically. The principle of least privilege must be used. You need to ensure that all the sales department users can authenticate successfully during Project1 and Project2. Which authentication strategy should you implement for the pilot projects?
A. pass-through authentication
B. pass-through authentication and seamless SSO
C. password hash synchronization and seamless SSO
D. password hash synchronization
You have a Microsoft 365 E5 subscription that contains the groups shown in the following exhibit.To which groups can you assign Microsoft 365 E5 licenses?
A. Group1 and Group2 only
B. Group2 and Group3 only
C. Group3 and Group4 only
D. Group1, Group2, and Group3 only
E. Group2, Group3, and Group4 only
You have a Microsoft 365 E5 subscription. Conditional Access is configured to block high-risk sign-ins for all users. All users are in France and are registered for multi-factor authentication (MFA). Users in the media department will travel to various countries during the next month. You need to ensure that if the media department users are blocked from signing in while traveling, the users can remediate the issue without administrator intervention. What should you configure?
A. an exclusion group
B. the MFA registration policy
C. named locations
D. self-service password reset (SSPR)
DRAG DROP - You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365. You need to configure policies to meet the following requirements: Customize the common attachments filter. Enable impersonation protection for sender domains. Which type of policy should you configure for each requirement? To answer, drag the appropriate policy types to the correct requirements. Each policy type may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that contains the alerts shown in the following table.Which properties of the alerts can you modify?
A. Status only
B. Status and Comment only
C. Status and Severity only
D. Status, Severity, and Comment only
E. Status, Severity, Comment and Category
HOTSPOT - You have a Microsoft 365 subscription. You need to configure an auto-apply policy for sensitivity labels that will protect corporate data. The solution must meet the following requirements: • Documents containing content that matches a custom regular expression must be classified automatically. • Contract documents in a standard format must be classified automatically. What should you configure for each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have a Microsoft 365 subscription. You need to review metrics for the following: The daily active users in Microsoft Teams Recent Microsoft service issues - What should you use? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
HOTSPOT - You have a Microsoft 365 E3 subscription. You plan to launch Attack simulation training for all users. Which social engineering technique and training experience will be available? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription. The subscription contains users that have the following types of devices: • Windows 10 • Android • iOS On which devices can you configure the Endpoint DLP policies?
A. Windows 10 only
B. Windows 10 and Android only
C. Windows 10 and iOS only
D. Windows 10, Android, and iOS
You have a Microsoft 365 subscription that contains a user named User1. User1 requires admin access to perform the following tasks: Manage Microsoft Exchange Online settings. Create Microsoft 365 groups. You need to ensure that User1 only has admin access for eight hours and requires approval before the role assignment takes place. What should you use?
A. Azure AD Identity Protection
B. Microsoft Entra Verified ID
C. Conditional Access
D. Azure AD Privileged Identity Management (PIM)
HOTSPOT - You have an Azure AD tenant named contoso.com that contains the users shown in the following table.Multi-factor authentication (MFA) is configured to use 131.107.5.0/24 as trusted IPs. The tenant contains the named locations shown in the following table.
You create a conditional access policy that has the following configurations: Users or workload identities assignments: All users Cloud apps or actions assignment: App1 Conditions: Include all trusted locations Grant access: Require multi-factor authentication For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription. Users have Android or iOS devices and access Microsoft 365 resources from computers that run Windows 11 or MacOS. You need to implement passwordless authentication. The solution must support all the devices. Which authentication method should you use?
A. Windows Hello
B. FIDO2 compliant security keys
C. Microsoft Authenticator app
HOTSPOT - You have a Microsoft 365 E5 tenant. You have a sensitivity label configured as shown in the Sensitivity label exhibit.You have an auto-labeling policy as shown in the Auto-labeling policy exhibit.
A user sends an email that contains the components shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
You have a Microsoft 365 subscription that contains more than 2,000 guest users. You need to ensure that when guest users are added to Microsoft 365 groups in the subscription, their membership is validated by the group owner every 30 days. What should you configure?
A. group expiration policies
B. retention policies
C. access reviews
D. Conditional Access policies
You have a Microsoft 365 subscription. You need to create a data loss prevention (DLP) policy that is configured to use the Set headers action. To which location can the policy be applied?
A. Exchange email
B. OneDrive accounts
C. SharePoint sites
D. Teams chat and channel messages
You need to notify the manager of the human resources department when a user in the department shares a file or folder from the department's Microsoft SharePoint site. What should you do?
A. From the SharePoint admin center, modify the sharing settings.
B. From the SharePoint site, create an alert.
C. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
D. From the Microsoft 365 Defender portal, create an alert policy.
You have a Microsoft 365 E5 tenant. The Microsoft Secure Score for the tenant is shown in the following exhibit.You plan to enable Security defaults for Azure AD. Which three improvement actions will this affect? NOTE: Each correct selection is worth one point.
A. Require MFA for administrative roles
B. Ensure all users can complete multi-factor authentication for secure access
C. Enable policy to block legacy authentication
D. Enable self-service password reset
E. Use limited administrative roles
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
A. Yes
B. No
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an Active Directory forest. You deploy Microsoft 365. You plan to implement directory synchronization. You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements: • Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. • User passwords must be 10 characters or more. Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory. Does this meet the goal?
A. Yes
B. No
Your network contains an on-premises Active Directory domain named contoso.com. For all user accounts, the Logon Hours settings are configured to prevent sign-ins outside of business hours. You plan to sync contoso.com to an Azure AD tenant You need to recommend a solution to ensure that the logon hour restrictions apply when synced users sign in to Azure AD. What should you include in the recommendation?
A. pass-through authentication
B. conditional access policies
C. password synchronization
D. Azure AD Identity Protection policies
You have a Microsoft 365 subscription. You register two applications named App1 and App2 to Azure AD. You need to ensure that users who connect to App1 require multi-factor authentication (MFA). MFA is required only for App1. What should you do?
A. From the Microsoft Entra admin center, create a conditional access policy.
B. From the Microsoft 365 admin center, configure the Modem authentication settings.
C. From the Enterprise applications blade of the Microsoft Entra admin center, configure the Users settings.
D. From Multi-Factor Authentication, configure the service settings.
You have a Microsoft 365 subscription. You need to add additional onmicrosoft.com domains to the subscription. The additional domains must be assignable as email addresses for users. What is the maximum number of onmicrosoft.com domains the subscription can contain?
A. 1
B. 2
C. 5
D. 10
HOTSPOT - Your company has a Microsoft 365 subscription that contains the domains shown in the following exhibit.Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.
HOTSPOT - You have a Microsoft 365 E5 subscription. You create a Conditional Access policy named Policy1 and assign Policy1 to all users. You need to configure Policy1 to enforce multi-factor authentication (MFA) if the user risk level is high. Which two settings should you configure in Policy1? To answer, select the appropriate settings in the answer area. NOTE: Each correct selection is worth one point.
Your company has on-premises servers and an Azure AD tenant. Several months ago, the Azure AD Connect Health agent was installed on all the servers. You review the health status of all the servers regularly. Recently, you attempted to view the health status of a server named Server1 and discovered that the server is NOT listed on the Azure AD Connect Servers list. You suspect that another administrator removed Server1 from the list. You need to ensure that you can view the health status of Server1. What are two possible ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.
A. From Windows PowerShell, run the Register-AzureADConnectHealthSyncAgent cmdlet.
B. From Azure Cloud shell, run the Connect-AzureAD cmdlet.
C. From Server1, reinstall the Azure AD Connect Health agent.
D. From Server1, change the Azure AD Connect Health services Startup type to Automatic.
E. From Server1, change the Azure AD Connect Health services Startup type to Automatic (Delayed Start).
HOTSPOT - You have a Microsoft 365 subscription that uses an Azure AD tenant named contoso.com. The tenant contains the users shown in the following table.From the Sign-ins blade of the Microsoft Entra admin center, for which users can User1 and User2 view the sign-ins? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
You are reviewing alerts in the Microsoft 365 Defender portal. How long are the alerts retained in the portal?
A. 30 days
B. 60 days
C. 3 months
D. 6 months
E. 12 months
Overview - Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide. Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States. Existing Environment - Active Directory Environment - The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication. Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts. All users authenticate to on-premises applications by signing in to their device by using a UPN format of username@fabrikam.com . Fabrikam does NOT plan to implement identity federation. Network Infrastructure - Each office has a high-speed connection to the Internet. Each office contains two domain controllers. All domain controllers are configured as DNS servers. The public zone for fabrikam.com is managed by an external DNS server. All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed. All shared company documents are stored on a Microsoft SharePoint Server farm. Requirements - Planned Changes - Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription. Fabrikam plans to implement two pilot projects: Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365. Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales department users. Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses. Technical Requirements - Fabrikam identifies the following technical requirements: All users must be able to exchange email messages successfully during Project1 by using their current email address. Users must be able to authenticate to cloud services if Active Directory becomes unavailable. A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal. Microsoft 365 Apps for enterprise applications must be installed from a network share only. Disruptions to email access must be minimized. Application Requirements - Fabrikam identifies the following application requirements: An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal. The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized. Security Requirements - Fabrikam identifies the following security requirements: After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN. The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed from the group automatically. After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically. The principle of least privilege must be used. Which role should you assign to User1?
A. Hygiene Management
B. Security Reader
C. Security Administrator
D. Records Management
HOTSPOT - You have a Microsoft 365 E5 subscription that contains the groups shown in the following table.All the groups are deleted. Which groups can be restored, and what is the retention period? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Access Full MS-102 Mock Test Free
Want a full-length mock test experience? Click here to unlock the complete MS-102 Mock Test Free set and get access to hundreds of additional practice questions covering all key topics.
We regularly update our question sets to stay aligned with the latest exam objectives—so check back often for fresh content!
Start practicing with our MS-102 mock test free today—and take a major step toward exam success!