Skip Navigation Links
 

Microsoft - MS-102: Microsoft 365 Administrator

Sample Questions

Question: 298
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)

Your network contains an Active Directory domain and a Microsoft Entra ID tenant.

The network uses a firewall that contains a list of allowed outbound domains.

You begin to implement directory synchronization.

You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
  • *.microsoft.com
  • *.office.com
Directory synchronization fails.

You need to ensure that directory synchronization completes successfully.

What is the best approach to achieve the goal?

(More than one answer choice may achieve the goal. Select the BEST answer.)

AFrom the firewall, modify the list of allowed outbound domains.
B From Microsoft Entra Connect, modify the Customize synchronization options task.
C From the firewall, create a list of allowed inbound domains.
D Deploy a Microsoft Entra Connect sync server in staging mode.
E From the firewall, allow the IP address range of the Azure data center for outbound communication.

Correct answer: A

Explanation:

Of these URLs, the URLs listed in the following table are the absolute bare minimum to be able to connect to Microsoft Entra ID at all. This list doesn't include any optional features, such as password writeback or Microsoft Entra Connect Health. The information is provided here to help with troubleshooting for the initial configuration.

Reference: Troubleshoot connectivity issues with Azure AD Connect



Question: 299
Measured Skill: Implement and manage identity and access in Azure AD (25–30%)

You have a Microsoft 365 E5 subscription that contains users in the United States, Europe, and Asia.

You use Microsoft Entra ID Protection.

You have a virtual desktop infrastructure (VDI). All VDI servers are located in the United States.

Users connect to Microsoft 365 from laptops and the VDI.

Some VDI users report that they are blocked from signing in to Microsoft 365 due to a high sign-in risk.

You need to reduce the likelihood that the VDI users will be erroneously blocked from signing in to Microsoft 365. The solution must ensure that sign-ins from the VDI environment are protected by using Identity Protection.

What should you configure?

AExpressRoute for Microsoft 365
B A trusted location
C A Satellite Geography location
D A Conditional Access policy

Correct answer: B

Explanation:

Configured trusted network locations are used by Identity Protection in some risk detections to reduce false positives. Sign-ins from trusted named locations improve the accuracy of Microsoft Entra ID Protection's risk calculation, lowering a user's sign-in risk when they authenticate from a location marked as trusted.

References:

Configure and enable risk policies

Using the location condition in a Conditional Access policy



Question: 300
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)

Your network contains an on-premises Active Directory domain named adatum.com that is synced to Microsoft Entra ID.

The domain contains 100 user accounts.

The city attribute for all the users is set to the city where the user resides.

You need to modify the value of the city attribute to the three letter airport code of each city.

What should you do?

AFrom Azure Cloud Shell, run the Get-MsolUser and Set-MsolUser cmdlets.
B From Windows PowerShell on a domain controller, run the Get-MgUser and Update-MgUser cmdlets.
C From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.
D From Azure Cloud Shell, run the Get-MgUser and Update-MgUser cmdlets.

Correct answer: C

Explanation:

The identities are synched from on premises Active Directory to Microsoft Entra ID. The account properties must be changed in on premises AD.



Question: 301
Measured Skill: Deploy and manage a Microsoft 365 tenant (25–30%)

Your network contains an on-premises Active Directory domain named adatum.com that is synced to Microsoft Entra ID.

The domain contains 100 user accounts.

The city attribute for all the users is set to the city where the user resides.

You need to modify the value of the city attribute to the three letter airport code of each city.

What should you do?

AFrom Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
B From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets.
C From Windows PowerShell on a domain controller, run the Get-MgUser and Update-MgUser cmdlets.
D From the Azure portal, select all the Microsoft Entra ID users, and then use the User settings blade.

Correct answer: A

Explanation:

The identities are synched from on premises Active Directory to Microsoft Entra ID. The account properties must be changed in on premises AD.



Question: 302
Measured Skill: Manage security and threats by using Microsoft 365 Defender (25–30%)

You have a Microsoft 365 subscription that uses Microsoft Defender for Office 365.

You need to identify the settings that are below the Standard protection profile settings in the preset security policies.

What should you use?

(To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.)

www.cert2brain.com

APortal: Microsoft 365 admin center
Feature: Preset security policies
B Portal: Microsoft 365 admin center
Feature: Configuration analyzer
C Portal: Microsoft 365 Defender portal
Feature: Threat tracker
D Portal: Microsoft 365 Defender portal
Feature: Configuration analyzer
E Portal: Microsoft Purview compliance portal
Feature: Preset security policies
F Portal: Microsoft Purview compliance portal
Feature: Threat tracker

Correct answer: D

Explanation:

Configuration analyzer in the Microsoft 365 Defender portal provides a central location to find and fix security policies where the settings are below the Standard protection and Strict protection profile settings in preset security policies.

The following types of policies are analyzed by the configuration analyzer:

  • Exchange Online Protection (EOP) policies: Includes Microsoft 365 organizations with Exchange Online mailboxes and standalone EOP organizations without Exchange Online mailboxes:

    • Anti-spam policies.
    • Anti-malware policies.
    • EOP anti-phishing policies.
  • Microsoft Defender for Office 365 policies: Includes organizations with Microsoft 365 E5 or Defender for Office 365 add-on subscriptions:

    • Anti-phishing policies in Microsoft Defender for Office 365, which include:
      • The same spoof settings that are available in the EOP anti-phishing policies.
      • Impersonation settings
      • Advanced phishing thresholds
    • Safe Links policies.
    • Safe Attachments policies.

Der folgende Microsoft Learn-Artikel enthält weitere Informationen zum Thema:

Configuration analyzer for protection policies in EOP and Microsoft Defender for Office 365





 
Tags: exam, examcollection, exam simulation, exam questions, questions & answers, training course, study guide, vce, braindumps, practice test
 
 

© Copyright 2014 - 2024 by cert2brain.com