MS-102: Microsoft 365 Administrator (beta) Part 4
Question #: 313
Topic #: 1
You have a Microsoft 365 E5 subscription.
You plan to use a third-party protection service to scan email messages before they are delivered to Microsoft 365.
You configure a mail flow rule to bypass spam filtering for incoming messages.
Which two messages will still be scanned by Microsoft 365 and cannot be bypassed by the mail flow rule? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. a message that contains malware
B. a high-confidence phishing message
C. an encrypted message
D. a message that includes HTML code
E. a messages that includes URL links
Selected Answer: C
Question #: 314
Topic #: 1
You have a Microsoft 365 E5 subscription.
Administrators are issued FIDO2 security keys.
You need to create a Conditional Access policy that will use a FIDO2 security key as an authentication method.
Which Access controls option should you select for the policy?
A. Require approved client app
B. Require token protection for sign-in sessions
C. Require multifactor authentication
D. Require authentication strength
Selected Answer: D
Question #: 315
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You need to implement a social engineering awareness solution that meets the following requirements:
• To reset a user’s password, emulate an email message that contains a link.
• Track any user that selects the email message link.
• Suggest further social engineering training.
What should you use in the Microsoft Defender portal?
A. Attack simulation training
B. Learning hub
C. Exposure insights
D. Threat tracker
Selected Answer: A
Question #: 317
Topic #: 1
You have a Microsoft 365 E5 subscription that includes Microsoft Intune.
You manage all iOS devices by using Intune.
You plan to protect corporate-owned iOS devices by using Microsoft Defender for Endpoint. You configure a connection between Intune and Defender for Endpoint.
You need to onboard the devices to Defender for Endpoint.
What should you do?
A. Download an onboarding package.
B. Create an app protection policy.
C. Enable Microsoft Defender for Cloud.
D. Add an app to Intune.
Selected Answer: A
Question #: 318
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.
You register a cloud app named App1 in Microsoft Entra ID.
You need to create an access policy for App1.
What should you do first?
A. Deploy Conditional Access App Control to App1.
B. Create an app tag for App1.
C. Add a security information and event management (SIEM) agent to Defender for Cloud Apps.
D. Configure an app connector to Defender for Cloud Apps.
Selected Answer: D
Question #: 319
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.
From Policy management, you open Information protection as shown in the following exhibit.
Which type of policy can you create?
A. session policy
B. activity policy
C. OAuth app policy
D. access policy
E. file policy
Selected Answer: E
Question #: 321
Topic #: 1
You have a Microsoft 365 E5 subscription.
You plan to implement a data loss prevention (DLP) strategy by using Microsoft Purview.
You need to recommend a classification method for a DLP condition. The classification method must automatically recognize document types based on existing documents in Microsoft SharePoint Online.
What should you recommend?
A. sensitive information types (SITs)
B. sensitivity labels
C. trainable classifiers
D. exact data match (EDM) classifiers
Selected Answer: C
Question #: 322
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Endpoint.
You integrate Microsoft Defender for Endpoint with Microsoft Intune.
From Microsoft Defender Vulnerability Management, you review the top security recommendations and discover a recommendation to update Microsoft Edge (Chromium) to a later version.
You need to ensure that a security task is added to Intune to address the recommendation.
What should you do?
A. From the Microsoft Intune admin center, configure Windows Autopatch.
B. From the Microsoft Intune admin center, configure a security baseline.
C. From the Microsoft Defender portal, select Request remediation.
D. From the Microsoft Defender portal add an incident notification rule.
Selected Answer: C
Question #: 324
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.
The subscription contains users that have Windows 11 devices.
You need to use the Cloud Discovery snapshot report to analyze cloud app usage on the devices.
What should you do before generating a report?
A. Create an activity policy.
B. Deploy the Azure Monitor Agent on the devices.
C. Export traffic logs from firewalls and proxies.
D. Create an app discovery policy.
Selected Answer: C
Question #: 327
Topic #: 1
You have a Microsoft 365 E5 subscription.
You plan to create an anti-malware policy named Policy1.
You need to ensure that Policy1 can detect malicious email messages that were already delivered to a user’s mailbox.
What should you do in the Microsoft Defender portal?
A. Enable zero-hour auto purge (ZAP).
B. Enable enhanced filtering.
C. Configure a quarantine policy.
D. Modify the common attachments filter.
Selected Answer: A
Question #: 328
Topic #: 1
You have a Microsoft 365 E5 subscription.
You need to use Microsoft Defender for Cloud Apps to monitor user mailbox activities.
What should you do?
A. Create an activity policy.
B. Create an access policy.
C. Enable mailbox audit logging.
D. Create an app connector for Microsoft 365.
Selected Answer: A
Question #: 330
Topic #: 1
You have a Microsoft 365 subscription that includes Microsoft Intune and Microsoft Defender XDR.
All users have devices that run Windows 11.
From the Microsoft Defender portal, you review the Microsoft Secure Score recommendations. One of the top recommendations is to block all Microsoft Office applications from creating child processes.
You need to increase the secure score by addressing the recommendation.
What should you do?
A. Select Safe Documents for Office clients.
B. Create a policy for Office applications.
C. Configure an endpoint detection and response (EDR) policy.
D. Create an attack surface reduction (ASR) policy.
Selected Answer: D
Question #: 331
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You need to implement a social engineering awareness solution that meets the following requirements:
• To reset a user’s password, emulate an email message that contains a link.
• Track any users that selects the email message link.
• Suggest further social engineering training.
What should you use in the Microsoft Defender portal?
A. Exposure insights
B. Learning hub
C. Attack simulation training
D. Threat tracker
Selected Answer: C
Question #: 332
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You are configuring Attack simulation training that will target all users and use the Credential Harvest social engineering technique.
You need to ensure that the simulation sends an email message that contains a custom phishing link and company-based terminology and branding.
How should you configure the simulation?
A. Create a Tenant payload.
B. Select a Global payload.
C. Select custom end-user notifications.
D. Create a tenant landing page.
Selected Answer: A
Question #: 334
Topic #: 1
You have a Microsoft 365 E5 subscription that contains Windows 11 devices.
All the devices are onboarded to Microsoft Defender for Endpoint.
You need to compare the configuration of the devices against industry standard benchmarks.
What should you use?
A. Initiatives
B. Events
C. Security baselines assessment
D. Attack surface map
Selected Answer: C
Question #: 335
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Endpoint.
Defender for Endpoint has tamper protection enabled.
You have a device named Device1 that is onboarded to Defender for Endpoint.
You need to configure antivirus and real-time protection for Device1.
What should you do in the Microsoft Defender portal?
A. Initiate a live response session.
B. Create a device group.
C. Enable troubleshooting mode.
D. Isolate Device1.
Selected Answer: C
Question #: 336
Topic #: 1
You have a Microsoft 365 E5 subscription.
You plan to configure Privileged Identity Management (PIM) for the User Administrator role in Microsoft Entra.
You need to ensure that a user can make a role assignment request for the User Administrator role only during the next six months.
How should you configure the assignment?
A. Set Assignment type to Eligible.
B. Set Assignment type to Active.
C. Set Allow permanent active to assignment Yes.
D. Set Allow permanent eligible assignment to Yes.
Selected Answer: A
Question #: 340
Topic #: 1
You have a Microsoft 365 subscription that contains a Microsoft Entra tenant named contoso.com. The tenant includes a user named User1.
You enable Microsoft Entra ID Protection.
You need to ensure that User1 can review the list in Microsoft Entra ID Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?
A. Security Reader
B. Reports Reader
C. Compliance Administrator
D. Owner
Selected Answer: A
Question #: 341
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You need to implement a threat policy that will apply a balanced baseline protection profile to protect against spam, phishing, and malware.
Solution: You create a Strict preset security policy.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 342
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You need to implement a threat policy that will apply a balanced baseline protection profile to protect against spam, phishing, and malware.
Solution: You create an anti-malware policy.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 343
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You need to implement a threat policy that will apply a balanced baseline protection profile to protect against spam, phishing, and malware.
Solution: You create a Standard preset security policy.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 347
Topic #: 1
You have a Microsoft 365 tenant.
You plan to manage incidents in the tenant by using the Microsoft Defender XDR.
Which Microsoft service source will appear on the Incidents page of the Microsoft Defender portal?
A. Microsoft Purview
B. Azure Arc
C. Microsoft Defender for Cloud
D. Microsoft Defender for Identity
Selected Answer: D
Question #: 348
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription.
You integrate Microsoft Defender for Endpoint with Microsoft Intune.
You need to ensure that devices automatically onboard to Defender for Endpoint when they are enrolled in Intune.
Solution: You create an endpoint detection and response (EDR) policy.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 349
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription.
You integrate Microsoft Defender for Endpoint with Microsoft Intune.
You need to ensure that devices automatically onboard to Defender for Endpoint when they are enrolled in Intune.
Solution: You enable co-management.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 350
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription.
You integrate Microsoft Defender for Endpoint with Microsoft Intune.
You need to ensure that devices automatically onboard to Defender for Endpoint when they are enrolled in Intune.
Solution: You configure a device configuration profile.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 351
Topic #: 1
You have a Microsoft 365 E5 subscription that contains a user named User1.
You have a Conditional Access policy applied to a cloud-based app named App1. App1 has Conditional Access App Control deployed.
You need to create a Microsoft Defender for Cloud Apps policy to block User1 from printing from App1.
Which type of policy should you create?
A. activity policy
B. session policy
C. OAuth app policy
D. Cloud Discovery anomaly detection policy
Selected Answer: B
Question #: 352
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.
You plan to perform a security audit of all the apps detected by Cloud Discovery.
You need to track which apps were audited. The solution must ensure that the list of audited apps can be displayed in the cloud app catalog.
What should you do?
A. Define each app as a critical asset.
B. Deploy Conditional Access App Control.
C. Enable app governance.
D. Generate a Cloud Discovery snapshot report.
E. Apply a custom app tag to each app.
Selected Answer: E
Question #: 353
Topic #: 1
You use Microsoft Defender for Office 365.
You plan to automate an attack simulation campaign.
Any users that fail the simulation must take additional training based on the simulation results.
What is the maximum number of days the training will be available to the users after the simulation?
A. 7
B. 15
C. 30
D. 45
Selected Answer: C
Question #: 355
Topic #: 1
You have a Microsoft 365 E5 subscription.
You need to assign a Microsoft Defender for Endpoint baseline.
Which portal should you use?
A. the Microsoft Intune admin center
B. the Microsoft Purview compliance portal
C. the Microsoft Defender portal
D. the Microsoft 365 admin center
Selected Answer: A
Question #: 356
Topic #: 1
You have a Microsoft 365 E5 subscription.
You need to create a mail-enabled contact.
Which portal should you use?
A. the Microsoft Entra admin center
B. the Exchange admin center
C. the Intune admin center
D. the SharePoint admin center
Selected Answer: B
Question #: 357
Topic #: 1
You have a Microsoft 365 E5 subscription.
You need to be alerted when Microsoft Defender XDR detects high-severity incidents.
What should you use?
A. a custom detection rule
B. a threat policy
C. a notification rule
Selected Answer: C
Question #: 359
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription.
You integrate Microsoft Defender for Endpoint with Microsoft Intune.
You need to ensure that devices automatically onboard to Defender for Endpoint when they are enrolled in Intune.
Solution: You configure a compliance policy.
Does this meet the goal?
A. Yes
B. No
Selected Answer: A
Question #: 360
Topic #: 1
You have a Microsoft 365 subscription and use Microsoft Defender for Office 365.
You need to create a policy to ensure that any email messages containing an attachment that has the .extl extension is quarantined for inspection.
Which type of policy should you create?
A. anti-phishing
B. quarantine
C. anti-spam
D. anti-malware
Selected Answer: D
Question #: 367
Topic #: 1
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint.
All the devices in your organization are onboarded to Microsoft Defender for Endpoint.
You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours.
What should you do?
A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
B. From the Microsoft Defender portal, create an alert suppression rule and assign an alert.
C. From Advanced hunting, create a query and a detection rule.
D. From the Microsoft Defender portal, create an Advanced hunting query and a detection rule.
Selected Answer: D
Question #: 368
Topic #: 1
You have a Microsoft 365 subscription that includes Microsoft Defender XDR.
From the Microsoft Defender portal, you review the Microsoft Secure Score improvement actions shown in the following table.
You plan to update the status of the improvement actions as shown in the following table.
How many points will the Secure Score increase after the update?
A. 0
B. 4
C. 7
D. 13
E. 16
Selected Answer: B
Question #: 369
Topic #: 1
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and Microsoft Intune.
All devices run Windows 11 and are Microsoft Entra joined.
You are alerted to a zero-day attack.
You need to identify which devices were affected by the attack and send a request to Intune administrators to update the affected devices.
Which two actions should you perform in the Microsoft Defender portal? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From Threat analytics, view the list of vulnerable devices.
B. From Incidents & alerts, select the latest incident.
C. From Vulnerability management, open the security recommendation.
D. Select the affected devices and request remediation.
Selected Answer: AD
Question #: 370
Topic #: 1
Note: This section contains one or more sets of questions with the same scenario and problem. Each question presents a unique solution to the problem. You must determine whether the solution meets the stated goals. More than one solution in the set might solve the problem. It is also possible that none of the solutions in the set solve the problem.
After you answer a question in this section, you will NOT be able to return. As a result, these questions do not appear on the Review Screen.
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You need to implement a threat policy that will apply a balanced baseline protection profile to protect against spam, phishing, and malware.
Solution: You create an anti-phishing policy.
Does this meet the goal?
A. Yes
B. No
Selected Answer: B
Question #: 372
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.
You are reviewing the activity log of the subscription.
You need to ensure that events originating from the on-premises network are categorized automatically as Administrative.
What should you create?
A. a critical asset classification
B. an indicator for IP addresses
C. an IP address range
D. a named location
Selected Answer: C
Question #: 373
Topic #: 1
You have an on-premises server named Server1 that runs Windows Server.
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps.
You plan to configure Cloud Discovery and enable automatic log upload.
You need to ensure that you can run the log collector on Server1.
What should you install on Server1?
A. the Microsoft Graph PowerShell SDK
B. .NET Framework 4.8
C. Docker
D. the Azure Connected Machine agent
Selected Answer: C
Question #: 374
Topic #: 1
You have a Microsoft 365 E5 subscription. The subscription contains users that have Windows 11 devices.
You plan to onboard the devices to Microsoft Defender for Endpoint. The devices will connect to Defender for Endpoint through a proxy service.
You need to ensure that the devices use consolidated URLs and static IP ranges when connecting to Defender for Endpoint.
What should you do?
A. Use the standard connectivity type.
B. Use the streamlined connectivity type.
C. Configure a device group.
D. Enable device discovery.
Selected Answer: B
Question #: 375
Topic #: 1
You have a Microsoft 365 subscription that contains a Microsoft Entra tenant named contoso.com. The tenant includes a user named User1.
You plan to use Microsoft Entra ID Protection.
You need to ensure that User1 can review the list in Microsoft Entra ID Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?
A. Security Reader
B. Reports Reader
C. Service Administrator
D. User Administrator
Selected Answer: D
Question #: 376
Topic #: 1
You have a Microsoft 365 subscription and use Microsoft Defender for Office 365.
You need to recommend a solution to educate users on topics that relate to social engineering risks. The users must receive a weekly reminder to complete a learning task.
What should you use in the Microsoft Defender portal?
A. Learning hub
B. Campaigns
C. Threat tracker
D. Attack simulation training
Selected Answer: D
Question #: 377
Topic #: 1
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365.
You need to create a policy that will quarantine messages containing attachments that match .apk and .appx extensions.
Which type of policy should you configure?
A. anti-malware
B. anti-phishing
C. Safe Attachments
D. anti-spam
Selected Answer: A
