MS-102 Free Practice Test

- (Exam Topic 5)
You have a Microsoft Azure Active Directory (Azure AD) tenant named Contoso.com.
You create a Microsoft Defender for identity instance Contoso. The tenant contains the users shown in the following table.

You need to modify the configuration of the Defender for identify sensors.
Solutions: You instruct User3 to modify the Defender for identity sensor configuration. Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A

- (Exam Topic 3)
You need to configure the compliance settings to meet the technical requirements. What should you do in the Microsoft Endpoint Manager admin center?

1. A. From Compliance policies, modify the Notifications settings.
2. B. From Locations, create a new location for noncompliant devices.
3. C. From Retire Noncompliant Devices, select Clear All Devices Retire State.
4. D. Modify the Compliance policy settings.

Correct Answer: D
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started

- (Exam Topic 5)
You have a Microsoft 365 subscription.
You register two applications named App1 and App2 to Azure AD.
You need to ensure that users who connect to App1 require multi-factor authentication (MFA). MFA is required only for App1. What should you do?

1. A. From the Microsoft Entra admin center, create a conditional access policy
2. B. From the Microsoft 365 admin center, configure the Modem authentication settings.
3. C. From the Enterprise applications blade of the Microsoft Entra admin center, configure the Users settings.
4. D. From Multi-Factor Authentication, configure the service settings.

Correct Answer: A
Use Conditional Access policies
If your organization has more granular sign-in security needs, Conditional Access policies can offer you more control. Conditional Access lets you create and define policies that react to sign in events and request additional actions before a user is granted access to an application or service.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authenticati

- (Exam Topic 5)
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription that contains a user named User1. You need to enable User1 to create Compliance Manager assessments.
Solution: From the Microsoft 365 compliance center, you add User1 to the Compliance Manager Assessors role group.
Does this meet the goal?

1. A. Yes
2. B. No

Correct Answer: A
Reference:
https://github.com/MicrosoftDocs/microsoft-365-docs/blob/public/microsoft-365/security/office-365-security/pe

- (Exam Topic 5)
Your network contains an on-premises Active Directory domain named contoso.com.
For all user accounts, the Logon Hours settings are configured to prevent sign-ins outside of business hours. You plan to sync contoso.com to an Azure AD tenant.
You need to recommend a solution to ensure that the logon hour restrictions apply when synced users sign in to Azure AD.
What should you include in the recommendation?

1. A. pass-through authentication
2. B. conditional access policies
3. C. password synchronization
4. D. Azure AD Identity Protection policies

Correct Answer: A
Reference:
https://nickblog.azurewebsites.net/2016/10/17/azure-ad-pass-through-authentication/