Vendor: Microsoft

Exam Code: MS-102

Exam Name: Microsoft 365 Administrator

Version: DEMO
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

QUESTION 1
Case Study 1 - Fabrikam, Inc

Overview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000
employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the
United States.

Existing Environment
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the
identities used for user and computer authentication. Each department is represented by a top-
level organizational unit (OU) that contains several child OUs for user accounts and computer
accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN
format of [email protected].
Fabrikam does NOT plan to implement identity federation.

Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as DNS
servers.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users
access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app
for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.

Question
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created while adding a domain name for the
project.
Which DNS record should you recommend?

A. host (A)
B. host information (HINFO)
C. text (TXT)
D. pointer (PTR)

Answer: C
Explanation:
Before you start you have to verify your custom domain with a TXT record.
https://learn.microsoft.com/en-us/microsoft-365/admin/setup/add-domain?view=o365-worldwide

QUESTION 2
Case Study 2 - Litware, Inc

Overview
Litware, Inc. is a consulting company that has a main office in Montreal and a branch office in
Seattle.
Litware collaborates with a third-party company named A. Datum Corporation.

Environment

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 2
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

On-Premises Environment
The network of Litware contains an Active Directory domain named litware.com. The domain
contains three organizational units (OUs) named LitwareAdmins, Montreal Users, and Seattle
Users and the users shown in the following table.

The domain contains 2,000 Windows 10 Pro devices and 100 servers that run Windows Server
2019.

Question
You need to configure Azure AD Connect to support the planned changes for the Montreal Users
and Seattle Users OUs.

What should you do?

A. From PowerShell, run the Add-ADSyncConnectorAttributeInclusion cmdlet.

B. From the Microsoft Azure AD Connect wizard, select Manage federation.
C. From the Microsoft Azure AD Connect wizard, select Customize synchronization options.
D. From PowerShell, run the Start-ADSyncSyncCycle cmdlet.

Answer: C
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-
filtering#organizational-unitbased-filtering

QUESTION 3
Your network contains an on-premises Active Directory domain. The domain contains 2,000
computers that run Windows 10.

You purchase a Microsoft 365 subscription.

You implement password hash synchronization and Azure AD Seamless Single Sign-On
(Seamless SSO).

You need to ensure that users can use Seamless SSO from the Windows 10 computers.

What should you do?

A. Join the computers to Azure AD.

B. Create a conditional access policy in Azure AD.
C. Modify the Intranet zone settings by using Group Policy.
D. Deploy an Azure AD Connect staging server.

Answer: C
Explanation:
Why do you need to modify users' Intranet zone settings?

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 3
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

By default, the browser automatically calculates the correct zone, either Internet or Intranet, from
a specific URL. For example, http://contoso/ maps to the Intranet zone, whereas
http://intranet.contoso.com/ maps to the Internet zone (because the URL contains a period).
Browsers will not send Kerberos tickets to a cloud endpoint, like the Azure AD URL, unless you
explicitly add the URL to the browser's Intranet zone.
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-
start#why-do-you-need-to-modify-users-intranet-zone-settings

QUESTION 4
Your network contains an Active Directory domain named adatum.com that is synced to Azure
AD.

The domain contains 100 user accounts.

The city attribute for all the users is set to the city where the user resides.

You need to modify the value of the city attribute to the three-letter airport code of each city.

What should you do?

A. From Azure Cloud Shell, run the Get-MsolUser and Set-MsolUser cmdlets.
B. From Windows PowerShell on a domain controller, run the Get-MgUser and Update-MgUser
cmdlets.
C. From Active Directory Administrative Center, select the Active Directory users, and then modify
the Properties settings.
D. From Azure Cloud Shell, run the Get-MgUser and Update-MgUser cmdlets.

Answer: C
Explanation:
The user accounts are synced from the on-premise Active Directory to the Microsoft Azure Active
Directory (Azure AD). Therefore, the city attribute must be changed in the on-premise Active
Directory.
You can modify certain attributes of multiple user accounts simultaneously by selecting them in
Active Directory Administrative Center or Active Directory Users and Computers, right clicking
then selecting Properties.
The other three options all suggest modifying the city attribute of the users in the Azure Active
Directory which is incorrect.
Reference:
https://blogs.technet.microsoft.com/canitpro/2015/11/25/step-by-step-managing-multiple-
useraccounts-via-activ

QUESTION 5
You have a Microsoft 365 E5 tenant.

The Microsoft Secure Score for the tenant is shown in the following exhibit.

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 4
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

You plan to enable Security defaults for Azure AD.

Which three improvement actions will this affect?

NOTE: Each correct selection is worth one point.

A. Require MFA for administrative roles

B. Ensure all users can complete multi-factor authentication for secure access
C. Enable policy to block legacy authentication
D. Enable self-service password reset
E. Use limited administrative roles

Answer: ABC
Explanation:
These basic controls include:
Requiring all users to register for multifactor authentication
Requiring administrators to do multifactor authentication
Requiring users to do multifactor authentication when necessary

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 5
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Blocking legacy authentication protocols

Protecting privileged activities like access to the Azure portal
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-
security-defaults

QUESTION 6
You have a Microsoft 365 E5 subscription that has Microsoft Defender for Endpoint integrated
with Microsoft Intune.

Devices are enrolled to Microsoft Intune and onboarded by using Microsoft Defender for
Endpoint.

You plan to block devices based on the results of the machine risk score calculated by Microsoft
Defender for Endpoint.

What should you create first?

A. a device configuration policy

B. an endpoint detection and response policy
C. a device compliance policy

Answer: C
Explanation:
Configure a Device compliance policy that takes into consideration the Defender for endpoint to
define if device is compliant or not compliant.
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-
windows#microsoft-defender-for-endpoint-rules

QUESTION 7
Your network contains an Active Directory domain named adatum.com that is synced to Azure
AD.

The domain contains 100 user accounts.

The city attribute for all the users is set to the city where the user resides.

You need to modify the value of the city attribute to the three-letter airport code of each city.

What should you do?

A. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
B. From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets.
C. From Windows PowerShell on a domain controller, run the Get-MgUser and Update-MgUser
cmdlets.
D. From the Azure portal, select all the Azure AD users, and then use the User settings blade.

Answer: A
Explanation:
From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
The Get-ADUser and Set-ADUser cmdlets are used to retrieve and modify user accounts in
Active Directory.
You can use these cmdlets to bulk update the city attribute for all the users in the domain by
using a CSV file that contains the mapping of the city names to the airport codes.

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 6
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

The user accounts are synced from the on-premise Active Directory to the Microsoft Azure Active
Directory (Azure AD). Therefore, the city attribute must be changed in the on-premise Active
Directory.

QUESTION 8
You have a Microsoft 365 subscription.

You create a retention label named Retention1 as shown in the following exhibit.

You apply Retention1 to all the Microsoft OneDrive content.

On January 1, 2020, a user stores a file named File1 in OneDrive.

On January 10, 2020, the user modifies File1.
On February 1, 2020, the user deletes File1.

When will File1 be removed permanently and unrecoverable from OneDrive?

A. February 1, 2020
B. July 1, 2020
C. July 10, 2020
D. August 1, 2020

Answer: B

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 7
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

QUESTION 9
You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com.
The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged
for risk. The solution must use the principle of least privilege.

To which role should you add User1?

A. Global Administrator
B. Service Administrator
C. Security Administrator
D. Reports Reader

Answer: C
Explanation:
The risky sign-ins reports are available to users in the following roles:
- Security Administrator
- Global Administrator
- Security Reader
Of the three roles listed above, the Security Reader role has the least privilege.
Note:
There are several versions of this question in the exam. The question has three possible correct
answers:
1. Security Reader
2. Security Administrator
3. Global Administrator
Other incorrect answer options you may see on the exam include the following:
1. Service Administrator.
2. Reports Reader
3. Compliance Administrator
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-risky-sign-ins

QUESTION 10
You have a Microsoft 365 subscription.

You need to implement a passwordless authentication solution that supports the following device
types:

- Windows
- Android
- iOS

The solution must use the same authentication method for all devices.

Which authentication method should you use?

A. the Microsoft Authentication app

B. FIDO2-compliant security keys

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 8
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

C. multi-factor authentication (MFA)

D. Windows Hello for Business

Answer: A
Explanation:
Android or iOS devices --> Microsoft Authenticator app.
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-
passwordless-deployment

QUESTION 11
Your company has a Microsoft Entra tenant named contoso.com and a Microsoft 365
subscription.

All users use Windows 10 devices to access Microsoft Office 365 apps.

All the devices are in a workgroup.

You plan to implement password less sign-in to contoso.com.

You need to recommend changes to the infrastructure for the planned implementation.

What should you include in the recommendation?

A. Join all the devices to contoso.com.

B. Deploy Microsoft Entra Application Proxy.
C. Deploy X.509.3 certificates to all the users.
D. Deploy the Microsoft Authenticator app.

Answer: D

QUESTION 12
You have a Microsoft 365 E5 subscription.

You need to create a mail-enabled contact.

Which portal should you use?

A. the Microsoft 365 admin center

B. the Microsoft Teams admin center
C. the Intune admin center
D. the Microsoft Purview compliance portal

Answer: A
Explanation:
https://admin.microsoft.com/Adminportal/Home#/Contact

QUESTION 13
Hotspot Question

Your network contains an on-premises Active Directory domain. The domain contains the servers
shown in the following table.

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 9
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

You purchase a Microsoft 365 E5 subscription.

You need to implement Azure AD Connect cloud sync.

What should you install first and on which server? To answer, select the appropriate options in
the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 10
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Explanation:
You need to install a small agent on an On-Premises server. This server must run Windows
Server 2016 ou later. Agent installation on DC is supporter. Agent installation on Windows Server
Core is not supported.

QUESTION 14
Hotspot Question

You have a Microsoft 365 E5 subscription.

From Azure AD Identity Protection on August 1, you configure a Multifactor authentication
registration policy that has the following settings:

Assignments: All users

Controls: Require Azure AD multifactor authentication registration

Enforce Policy: On
On August 3, you create two users named User1 and User2.
Users authenticate by using Azure Multi-Factor Authentication (MFA) for the first time on the
dates shown in the following table.

By which dates will User1 and User2 be forced to complete their Azure MFA registration? To
answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 11
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Answer:

Explanation:
Azure AD Identity Protection will prompt your users to register the next time they sign in
interactively and they'll have 14 days to complete registration.
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-
protection-configure-mfa-policy

QUESTION 15
Hotspot Question

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 12
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

You have a Microsoft 365 E5 subscription that contains a Microsoft SharePoint site named Site1
and a data loss prevention (DLP) policy named DLP1. DLP1 contains the rules shown in the
following table.

Site1 contains the files shown in the following table.

Which policy tips are shown for each file? To answer, select the appropriate options in the answer
area.
NOTE: Each correct selection is worth one point.

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 13
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Answer:

Explanation:
When content is evaluated against rules, the rules are processed in priority order. If content
matches multiple rules, the first rule evaluated that has the most restrictive action is enforced. For
example, if content matches all of the following rules, Rule 3 is enforced because it's the highest
priority, most restrictive rule:
https://learn.microsoft.com/en-us/purview/dlp-policy-reference

QUESTION 16
Hotspot Question

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 14
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

You have a Microsoft 365 subscription that contains the users shown in the following table.

You create a new administrative unit named AU1 and configure the following AU1 dynamic
membership rule.

(user.departmenteq "Engineering") and (user.jobTitlenotContains "Executive")

The subscription contains the role assignments shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Answer:

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 15
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Explanation:
-equal means that the exact name must match, -contain The Contains operator does partial string
matches but not item in a collection matches
Note the agument and (must match the 2)
User 1 and user 2 do not belong as the 2 conditions do not match
Therefore user 1 and user 2 do not belong to AU1 and are outside the scope of Admin 1

QUESTION 17
Hotspot Question

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You are implementing Microsoft Defender for Endpoint.

You need to enable role-based access control (RBAC) to restrict access to the Microsoft 365
Defender portal.

Which users can enable RBAC, and which users will no longer have access to the Microsoft 365
Defender portal after RBAC is enabled? To answer, select the appropriate options in the answer
area.

NOTE: Each correct selection is worth one point.

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 16
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Answer:

Explanation:
Turning on role-based access control will cause users with read-only permissions (for example,
users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-
worldwide#before-you-begin

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 17
https://www.lead2pass.com
 ★ Instant Download ★ PDF And VCE ★ 100% Passing Guarantee ★ 100% Money Back Guarantee

Thank You for Trying Our Product

Lead2pass Certification Exam Features:

★ More than 99,900 Satisfied Customers Worldwide.

★ Average 99.9% Success Rate.

★ Free Update to match latest and real exam scenarios.

★ Instant Download Access! No Setup required.

★ Questions & Answers are downloadable in PDF format and

VCE test engine format.

★ Multi-Platform capabilities - Windows, Laptop, Mac, Android, iPhone, iPod, iPad.

★ 100% Guaranteed Success or 100% Money Back Guarantee.

★ Fast, helpful support 24x7.

View list of all certification exams: http://www.lead2pass.com/all-products.html

10% Discount Coupon Code: ASTR14

Get Latest & Actual MS-102 Exam's Question and Answers from Lead2pass. 18
https://www.lead2pass.com