최신 MS-102 무료덤프 - Microsoft 365 Administrator
You have a Microsoft 365 E5 subscription.
You plan to create a data loss prevention (DLP) policy that will be applied to all available locations.
Which conditions can you use in the DLP rules of the policy?
You plan to create a data loss prevention (DLP) policy that will be applied to all available locations.
Which conditions can you use in the DLP rules of the policy?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)
Your company has a Microsoft 365 E5 tenant.
Users access resources in the tenant by using both personal and company-owned Android devices. Company policies requires that the devices have a threat level of medium or lower to access Microsoft Exchange Online mailboxes.
You need to recommend a solution to identify the threat level of the devices and to control access of the devices to the resources.
What should you include in the solution for each device type? To answer, drag the appropriate components to the correct devices. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
Users access resources in the tenant by using both personal and company-owned Android devices. Company policies requires that the devices have a threat level of medium or lower to access Microsoft Exchange Online mailboxes.
You need to recommend a solution to identify the threat level of the devices and to control access of the devices to the resources.
What should you include in the solution for each device type? To answer, drag the appropriate components to the correct devices. Each component may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You configure a Multifactor authentication registration policy that has the following settings:
* Assignments:
* Include: Group1
* Exclude: Group2
* Controls: Requite Microsoft Entra ID multifactor authentication registration
* Policy enforcement: Enabled
You create a conditional access policy that has the following settings:
* Name: Policy1
* Assignments:
* Include: Group1
* Exclude; Group1
* Grant: Require multifactor authentication
* Enable policy. On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each coned selection is one point.
You configure a Multifactor authentication registration policy that has the following settings:
* Assignments:
* Include: Group1
* Exclude: Group2
* Controls: Requite Microsoft Entra ID multifactor authentication registration
* Policy enforcement: Enabled
You create a conditional access policy that has the following settings:
* Name: Policy1
* Assignments:
* Include: Group1
* Exclude; Group1
* Grant: Require multifactor authentication
* Enable policy. On
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each coned selection is one point.
정답:
Explanation:
User1 will be required to register for MFA on the next sign-in: YesUser1 is a member of Group1, which is included in the MFA registration policy. Since User1 is not excluded, they will be required to register for MFA on the next sign-in.
User2 will be required to register for MFA on the next sign-in: NoUser2 is a member of both Group1 and Group2. Since Group2 is excluded from the MFA registration policy, User2 will not be required to register for MFA.
User3 will be required to register for MFA on the next sign-in: NoUser3 is a member of Group2, which is excluded from the MFA registration policy. Therefore, User3 will not be required to register for MFA.
You have a Microsoft 365 subscription.
You need to be notified to your personal email address when a Microsoft Exchange Online service issue occurs. What should you do?
You need to be notified to your personal email address when a Microsoft Exchange Online service issue occurs. What should you do?
정답: B
You have an Azure AD tenant that contains the users shown in the following table
You need to compare the permissions of each role. The solution must minimize administrative effort.
Which portal should you use?
You need to compare the permissions of each role. The solution must minimize administrative effort.
Which portal should you use?
정답: D
You have a Microsoft 365 E5 tenant that connects to Microsoft Defender for Endpoint.
You have devices enrolled in Microsoft Intune as shown in the following table.
You plan to use risk levels in Microsoft Defender for Endpoint to identify whether a device is compliant.
Noncompliant devices must be blocked from accessing corporate resources.
You need to identify which devices can be onboarded to Microsoft Defender for Endpoint, and which Endpoint security policies must be configured.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have devices enrolled in Microsoft Intune as shown in the following table.
You plan to use risk levels in Microsoft Defender for Endpoint to identify whether a device is compliant.
Noncompliant devices must be blocked from accessing corporate resources.
You need to identify which devices can be onboarded to Microsoft Defender for Endpoint, and which Endpoint security policies must be configured.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-machines-onboarding?
view=o365-worldwide
You have a Microsoft 365 subscription that uses Microsoft Defender XDR
From Automatic remediation in the Microsoft Defender portal, you set Automation level to Semi - require approval for non-temp folders for the endpoints.
You need to identify the impact of the Automation level setting on the endpoints.
Which two actions will occur based on the remediation settings? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
From Automatic remediation in the Microsoft Defender portal, you set Automation level to Semi - require approval for non-temp folders for the endpoints.
You need to identify the impact of the Automation level setting on the endpoints.
Which two actions will occur based on the remediation settings? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
정답: B,C
You have an Azure AD tenant that contains the users shown in the following table.
You enable self-service password reset for all users. You set Number of methods required to reset to 1, and you set Methods available to users to Security questions only.
What information must be configured for each user before the user can perform a self-service password reset?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You enable self-service password reset for all users. You set Number of methods required to reset to 1, and you set Methods available to users to Security questions only.
What information must be configured for each user before the user can perform a self-service password reset?
To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
You need to configure automatic enrollment in Intune. The solution must meet the technical requirements.
What should you configure, and to which group should you assign the configurations? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
What should you configure, and to which group should you assign the configurations? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/windows-enroll
You have a Microsoft 365 E5 subscription.
All corporate Windows 11 devices are managed by using Microsoft Intune and onboarded to Microsoft Defender for Endpoint.
You need to meet the following requirements:
* View an assessment of the device configurations against the Center for Internet Security (CIS) vl.0.0 benchmark.
* Protect a folder named C:\Folder1 from being accessed by untrusted applications on the devices.
What should you do? To answer, select the appropriate options in the answer area.
All corporate Windows 11 devices are managed by using Microsoft Intune and onboarded to Microsoft Defender for Endpoint.
You need to meet the following requirements:
* View an assessment of the device configurations against the Center for Internet Security (CIS) vl.0.0 benchmark.
* Protect a folder named C:\Folder1 from being accessed by untrusted applications on the devices.
What should you do? To answer, select the appropriate options in the answer area.
정답:
Explanation:
You have 2,500 Windows 10 devices and a Microsoft 365 E5 tenant that contains two users named User1 and User2. The devices are not enrollment in Microsoft Intune.
In Microsoft Endpoint Manager, the Device limit restrictions are configured as shown in the following exhibit.
In Azure Active Directory (Azure AD), the Device settings are configured as shown in the following exhibit.
From Microsoft Endpoint Manager, you add User2 as a device enrollment manager (DEM).
For each of the following statement, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
In Microsoft Endpoint Manager, the Device limit restrictions are configured as shown in the following exhibit.
In Azure Active Directory (Azure AD), the Device settings are configured as shown in the following exhibit.
From Microsoft Endpoint Manager, you add User2 as a device enrollment manager (DEM).
For each of the following statement, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
HOTSPOT
You have a Microsoft 365 E5 subscription that contains a user named User1.
Azure AD Password Protection is configured as shown in the following exhibit.
User1 attempts to update their password to the following passwords:
* F@lcon
* Project22
* T4il$pin45dg4
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription that contains a user named User1.
Azure AD Password Protection is configured as shown in the following exhibit.
User1 attempts to update their password to the following passwords:
* F@lcon
* Project22
* T4il$pin45dg4
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Box 1: Only T4il$pin45dg4
Box 2: can attempt to sign in immediately
Note: Manage Azure AD smart lockout values
Based on your organizational requirements, you can customize the Azure AD smart lockout values.
Customization of the smart lockout settings, with values specific to your organization, requires Azure AD Premium P1 or higher licenses for your users. Customization of the smart lockout settings is not available for Azure China 21Vianet tenants.
To check or modify the smart lockout values for your organization, complete the following steps:
* Sign in to the Entra portal.
* Search for and select Azure Active Directory, then select Security > Authentication methods > Password protection.
* Set the Lockout threshold, based on how many failed sign-ins are allowed on an account before its first lockout.
* The default is 10 for Azure Public tenants and 3 for Azure US Government tenants.
* Set the Lockout duration in seconds, to the length in seconds of each lockout.
* The default is 60 seconds (one minute).
If the first sign-in after a lockout period has expired also fails, the account locks out again. If an account locks repeatedly, the lockout duration increases.
Reference:
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout
You have a Microsoft 365 subscription that uses Microsoft Defender for Cloud Apps.
You configure a session control policy to block downloads from SharePoint Online sites.
Users report that they can still download files from SharePoint Online sites.
You need to ensure that file download is blocked while still allowing users to browse SharePoint Online sites.
What should you configure?
You configure a session control policy to block downloads from SharePoint Online sites.
Users report that they can still download files from SharePoint Online sites.
You need to ensure that file download is blocked while still allowing users to browse SharePoint Online sites.
What should you configure?
정답: D
You have a Microsoft 365 E5 subscription that contains the resources shown in the following table.
You create a sensitivity label named Label1.
To which resource can you apply Label1?
You create a sensitivity label named Label1.
To which resource can you apply Label1?
정답: E
설명: (DumpTOP 회원만 볼 수 있음)
You have a Microsoft 365 E5 tenant that contains 100 Windows 10 devices.
You plan to attack surface reduction (ASR) rules for the Windows 10 devices.
You configure the ASR rules in audit mode and collect audit data in a Log Analytics workspace.
You need to find the ASR rules that match the activities on the devices.
How should you complete the Kusto query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You plan to attack surface reduction (ASR) rules for the Windows 10 devices.
You configure the ASR rules in audit mode and collect audit data in a Log Analytics workspace.
You need to find the ASR rules that match the activities on the devices.
How should you complete the Kusto query? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
정답:
Explanation:
Reference:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/demystifying-attack-surface- reduction-rules-part-3/ba-p/1360968
You have Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE: Each correct selection is worth one point.
You create an alert policy as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic NOTE: Each correct selection is worth one point.
정답:
Explanation:
DRAG DROP
You have a Microsoft 365 E5 subscription.
Several users have iOS devices.
You plan to enroll the iOS devices in Microsoft Endpoint Manager.
You need to ensure that you can create an iOS/iPadOS enrollment profile in Microsoft Endpoint Manager.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
You have a Microsoft 365 E5 subscription.
Several users have iOS devices.
You plan to enroll the iOS devices in Microsoft Endpoint Manager.
You need to ensure that you can create an iOS/iPadOS enrollment profile in Microsoft Endpoint Manager.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
정답:
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/enrollment/apple-mdm-push-certificate-get
You have a Microsoft 365 E5 subscription.
You need to recommend a solution for monitoring and reporting application access. The solution must meet the following requirements:
* Support KQL for querying data.
* Retain report data for at least one year.
What should you include in the recommendation?
You need to recommend a solution for monitoring and reporting application access. The solution must meet the following requirements:
* Support KQL for querying data.
* Retain report data for at least one year.
What should you include in the recommendation?
정답: C
You have a Microsoft 365 subscription.
You configure a data loss prevention (DLP) policy.
You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.
You need to prevent the users from bypassing the DLP policy.
What should you configure?
You configure a data loss prevention (DLP) policy.
You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.
You need to prevent the users from bypassing the DLP policy.
What should you configure?
정답: B
설명: (DumpTOP 회원만 볼 수 있음)