Microsoft - MS-102: Microsoft 365 Administrator
Sample Questions
Question: 333
Measured Skill: Manage security and threats by using Microsoft 365 Defender (25–30%)
You have a Microsoft 365 E5 subscription.
You create a data loss prevention (DLP) policy named DLP1.
You need to ensure that endpoint rule actions are available in the advanced DLP rules for DLP1.
To which location should you apply DLP1?| A | Instances |
| B | OneDrive accounts |
| C | On-premises repositories |
| D | Devices |
Correct answer: DExplanation:
Endpoint data loss prevention (Endpoint DLP) extends the activity monitoring and protection capabilities of DLP to sensitive items that are physically stored on Windows 10/11 and macOS (the three latest released major versions) devices. Once devices are onboarded into the Microsoft Purview solutions, the information about what users are doing with sensitive items is made visible in activity explorer. You can then enforce protective actions on those items via DLP policies.
Endpoint rule actions such as copy to clipboard or paste to supported browsers apply to devices.
References:
Learn about Endpoint data loss prevention
Use Endpoint data loss prevention
Question: 334
Measured Skill: Manage security and threats by using Microsoft 365 Defender (25–30%)
You have a Microsoft 365 E5 subscription that contains a domain named contoso.com.
You deploy a new Microsoft Defender for Office 365 anti-phishing policy named Policy1 that has user impersonation protection enabled for a user named user1@contoso.com.
You discover that Policy1 blocks email messages from a regular contact named user1@fabrikam.com.
You need to ensure that the messages are delivered successfully.
What should you do for Policy1?| A | Configure the domains to protect. |
| B | Configure the Phishing email threshold setting. |
| C | Configure which users to protect. |
| D | Enable the Mailbox Intelligence protection setting. |
Correct answer: DExplanation:
Mailbox intelligence uses artificial intelligence (AI) to determine user email patterns with their frequent contacts.
For example, Gabriela Laureano (glaureano@contoso.com) is the CEO of your company, so you add her as a protected sender in the Enable users to protect settings of the policy. But, some of the recipients in the policy communicate regularly with a vendor who is also named Gabriela Laureano (glaureano@fabrikam.com). Because those recipients have a communication history with glaureano@fabrikam.com, mailbox intelligence doesn't identify messages from glaureano@fabrikam.com as an impersonation attempt of glaureano@contoso.com for those recipients.
Mailbox intelligence has two specific settings:
Enable mailbox intelligence: Turn mailbox intelligence on or off. This setting helps the AI distinguish between messages from legitimate and impersonated senders. By default, this setting is turned on.
Enable intelligence for impersonation protection: By default, this setting is turned off. Use the contact history learned from mailbox intelligence (both frequent contacts and no contact) to help protect users from impersonation attacks. For mailbox intelligence to take action on detected messages, this setting and the Enable mailbox intelligence setting both need to be turned on.
Reference: Anti-phishing policies in Microsoft 365
Question: 335
Measured Skill: Manage security and threats by using Microsoft 365 Defender (25–30%)
You have a Microsoft 365 E5 subscription.
You have devices onboarded to Microsoft Defender for Endpoint as shown in the following table.
You create the device groups shown in the following table.
IP address indicators are defined as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
(NOTE: Each correct selection is worth one point.)
| A | Defender for Endpoint blocks access to IP address 20.30.40.50 from Device1: Yes
Defender for Endpoint blocks access to IP address 2.23.10.15 from Computer2: Yes
Defender for Endpoint blocks access to IP address 131.107.10.50 from Device3: Yes |
| B | Defender for Endpoint blocks access to IP address 20.30.40.50 from Device1: Yes
Defender for Endpoint blocks access to IP address 2.23.10.15 from Computer2: Yes
Defender for Endpoint blocks access to IP address 131.107.10.50 from Device3: No |
| C | Defender for Endpoint blocks access to IP address 20.30.40.50 from Device1: Yes
Defender for Endpoint blocks access to IP address 2.23.10.15 from Computer2: No
Defender for Endpoint blocks access to IP address 131.107.10.50 from Device3: No |
| D | Defender for Endpoint blocks access to IP address 20.30.40.50 from Device1: Yes
Defender for Endpoint blocks access to IP address 2.23.10.15 from Computer2: No
Defender for Endpoint blocks access to IP address 131.107.10.50 from Device3: Yes |
| E | Defender for Endpoint blocks access to IP address 20.30.40.50 from Device1: No
Defender for Endpoint blocks access to IP address 2.23.10.15 from Computer2: Yes
Defender for Endpoint blocks access to IP address 131.107.10.50 from Device3: Yes |
| F | Defender for Endpoint blocks access to IP address 20.30.40.50 from Device1: No
Defender for Endpoint blocks access to IP address 2.23.10.15 from Computer2: No
Defender for Endpoint blocks access to IP address 131.107.10.50 from Device3: No |
Correct answer: CExplanation:
If a device is matches multiple matching rules, the device is added only to the highest ranked device group.
Device1 is a member of Group1. Access to IP address 20.30.40.50 is blocked from Device1.
Computer2 is a member of Group2. Access to IP address 2.23.10.15 is blocked only for members of the UnassignedGroup group.
Device3 is a member of Group1. Access to IP address 131.107.10.50 is blocked only for members of Group2.
Reference: Create and manage device groups
Question: 336
Measured Skill: Manage security and threats by using Microsoft 365 Defender (25–30%)
You have a Microsoft 365 E5 subscription that contains the devices shown in the following table.
You plan to create an Endpoint security policy by using the Defender Update controls template.
To which devices can you apply the policy?| A | Device1 only |
| B | Device1 and Device2 only |
| C | Device1 and Device3 only |
| D | Device1, Device2, and Device3 |
Correct answer: AExplanation:
The Endpoint security policy template "Defender Update controls" is available only for Windows 10, Windows 11, and Windows Server.
Question: 337
Measured Skill: Manage compliance by using Microsoft Purview (15–20%)
You have a Microsoft 365 E5 subscription.
You are creating a data loss prevention (DLP) policy applied to the locations as shown in the following exhibit.
Which condition can you use in the DLP rules of the policy?| A | Sensitive info types |
| B | Sensitivity labels |
| C | Keywords |
| D | Content search queries |
Correct answer: AExplanation:
Conditions in Microsoft Purview Data Loss Prevention (DLP) policies identify sensitive items that the policy is applied to. Actions define what happens as a consequence of a condition of exception being met.
- Conditions define what to include
- Actions define what happens as a consequence of condition being met
Most conditions have one property that supports one or more values. For example, if the DLP policy is being applied to Exchange emails, the The sender is condition requires the sender of the message. Some conditions have two properties. For example, the A message header includes any of these words condition requires one property to specify the message header field, and a second property to specify the text to look for in the header field. Some conditions or exceptions don't have any properties. For example, the Attachment is password protected condition simply looks for attachments in messages that are password protected.
Actions typically require additional properties. For example, when the DLP policy rule redirects a message, you need to specify where the message is redirected to.
A DLP policy that applies to all available locations, allows to use the content contains sensitive info types only.
Reference: Data loss prevention Exchange conditions and actions reference