Skip Navigation Links
 

Microsoft - MS-102: Microsoft 365 Administrator

Sample Questions

Question: 327
Measured Skill: Implement and manage identity and access in Azure AD (25–30%)

You have a Microsoft 365 E5 subscription.

You need to configure Privileged Identity Management (PIM) for the User Administrator role in Microsoft Entra. Eligible users must meet the following requirements:
  • Always be able to request the User Administrator role.
  • Must provide a reason when requesting the User Administrator role.
  • Must require multi-factor authentication (MFA) when activating the User Administrator role.
The solution must minimize administrative effort.

How should you configure the Role settings for each requirement?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

AAlways be able to request the User Administrator role: Set Require approval to activate to yes.
Must provide a reason when requesting the User Administrator role: Set Require ticket information on activation to yes.
Must require MFA when activating the User Administrator role: Set Require Azure Multi-Factor Authentication on active assignment to yes.
B Always be able to request the User Administrator role: Set Require approval to activate to yes.
Must provide a reason when requesting the User Administrator role: Set Require justification on active assignment to yes.
Must require MFA when activating the User Administrator role: Set On activation, require to Azure MFA.
C Always be able to request the User Administrator role: Set Allow permanent active assignment to yes.
Must provide a reason when requesting the User Administrator role: Set Require justification on activation to yes.
Must require MFA when activating the User Administrator role: Set On activation, require to Microsoft Entra Conditional Access authentication context.
D Always be able to request the User Administrator role: Set Allow permanent active assignment to yes.
Must provide a reason when requesting the User Administrator role: Set Require justification on active assignment to yes.
Must require MFA when activating the User Administrator role: Set Require Azure Multi-Factor Authentication on active assignment to yes.
E Always be able to request the User Administrator role: Set Allow permanent eligible assignment to yes.
Must provide a reason when requesting the User Administrator role: Set Require justification on activation to yes.
Must require MFA when activating the User Administrator role: Set On activation, require to Azure MFA.
F Always be able to request the User Administrator role: Set Allow permanent eligible assignment to yes.
Must provide a reason when requesting the User Administrator role: Set Require ticket information on activation to yes.
Must require MFA when activating the User Administrator role: Set On activation, require to Microsoft Entra Conditional Access authentication context.

Correct answer: E

Explanation:

When you configure settings for a role, you can choose from two assignment duration options for each assignment type: eligible and active. These options become the default maximum duration when a user is assigned to the role in Privileged Identity Management. To ensure that users are always be able to request the User Administrator role we must set Allow permanent eligible assignment to yes.

To require users to enter a business justification when they activate the eligible assignment, we need to set Require justification on activation to yes.

To require eligible users to perform multi-factor authentication (MFA) when activating the User Administrator role, we must set On activation, require to Azure MFA.

Reference: Configure Microsoft Entra role settings in Privileged Identity Management



Question: 328
Measured Skill: Implement and manage identity and access in Azure AD (25–30%)

You have a Microsoft 365 subscription that contains a Microsoft Entra ID tenant named contoso.com. The tenant includes a user named User1.

You enable Microsoft Entra ID Protection.

You need to ensure that User1 can review the list of users flagged for risk in Microsoft Entra ID Protection. The solution must use the principle of least privilege.

To which role should you add User1?

AGlobal Administrator
B Service Support Administrator
C Security Administrator
D Reports Reader

Correct answer: C

Explanation:

Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks. These identity-based risks can be further fed into tools like Conditional Access to make access decisions or fed back to a security information and event management (SIEM) tool for further investigation and correlation.

Identity Protection requires users be a Security Reader, Security Operator, Security Administrator, Global Reader, or Global Administrator in order to access.

Reference: What is Identity Protection?



Question: 329
Measured Skill: Implement and manage identity and access in Azure AD (25–30%)

You have a Microsoft 365 subscription.

You need to implement a passwordless authentication solution that supports the following device types:
  • Windows
  • Android
  • iOS
The solution must use the same authentication method for all devices.

Which authentication method should you use?

AThe Microsoft Authenticator app
B FIDO2-compliant security keys
C Multi-factor authentication (MFA)
D Windows Hello for Business

Correct answer: A

Explanation:

Microsoft Authenticator can be used to sign in to any Microsoft Entra account without using a password. Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device, where the device uses a PIN or biometric. Windows Hello for Business uses a similar technology.

This authentication technology can be used on any device platform, including mobile. This technology can also be used with any app or website that integrates with Microsoft Authentication Libraries.

People who enabled phone sign-in from Microsoft Authenticator see a message that asks them to tap a number in their app. No username or password is asked for. To complete the sign-in process in the app, a user must next take the following actions:

  1. Enter the number they see on the login screen into Microsoft Authenticator dialog.
  2. Choose Approve.
  3. Provide their PIN or biometric.

Reference: Enable passwordless sign-in with Microsoft Authenticator



Question: 330
Measured Skill: Implement and manage identity and access in Azure AD (25–30%)

Your company has a Microsoft Entra tenant named contoso.com and a Microsoft 365 subscription.

All users use Windows 10 devices to access Microsoft Office 365 apps.

All the devices are in a workgroup.

You plan to implement password less sign-in to contoso.com.

You need to recommend changes to the infrastructure for the planned implementation.

What should you include in the recommendation?

AJoin all the devices to contoso.com.
B Deploy Microsoft Entra Application Proxy.
C Deploy X.509.3 certificates to all the users.
D Deploy the Microsoft Authenticator app.

Correct answer: A

Explanation:

Features like multifactor authentication (MFA) are a great way to secure your organization, but users often get frustrated with the extra security layer on top of having to remember their passwords. Passwordless authentication methods are more convenient because the password is removed and replaced with something you have or something you are or know.

Each organization has different needs when it comes to authentication. Microsoft Azure and Azure Government offer the following five passwordless authentication options that integrate with Microsoft Entra ID:

  • Windows Hello for Business
  • Platform Credential for macOS
  • Platform single sign-on (PSSO) for macOS with smart card authentication
  • Microsoft Authenticator
  • Passkeys (FIDO2)
  • Certificate-based authentication

Since we don't have a public key infrastructure (PKI) in place, we should make use of the Microsoft Authenticator app to enable password less sign-ins. As a prerequisite we need to register or join the devices to the Entra ID tenant.

References:

Passwordless authentication options for Microsoft Entra ID

Enable passwordless sign-in with Microsoft Authenticator



Question: 331
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)

You have a Microsoft 365 E5 subscription.

You need to create a mail-enabled contact.

Which portal should you use?

AThe Microsoft 365 admin center
B The Microsoft Teams admin center
C The Intune admin center
D The Microsoft Purview compliance portal

Correct answer: A

Explanation:

We should use the Microsoft 365 admin center to create the mail-enabled contact as shown below.





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2024 by cert2brain.com