MS-102試験無料問題集「Microsoft 365 Administrator 認定」
Your on-premises network contains an Active Directory domain.
You have a Microsoft 365 subscription.
You need to sync the domain with the subscription. The solution must meet the following requirements:
* On-premises Active Directory password complexity policies must be enforced.
* Users must be able to use Microsoft Entra Self-Service Password Reset (SSPR).
What should you use?
You have a Microsoft 365 subscription.
You need to sync the domain with the subscription. The solution must meet the following requirements:
* On-premises Active Directory password complexity policies must be enforced.
* Users must be able to use Microsoft Entra Self-Service Password Reset (SSPR).
What should you use?
正解:C
解答を投票する
You have a Microsoft 365 E5 subscription that contains two security groups named Group1 and Group2.
You need to enable multi-factor authentication (MFA) for the members of Group1 and Group2. The solution must meet the following requirements:
* The Group1 members must be prompted for MFA only when authenticating to Microsoft Entra ID from Android devices.
* The Group2 members must be prompted for MFA only when accessing Microsoft Exchange Online from outside the corporate network.
* Administrative effort must be minimized.
What should you configure for each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You need to enable multi-factor authentication (MFA) for the members of Group1 and Group2. The solution must meet the following requirements:
* The Group1 members must be prompted for MFA only when authenticating to Microsoft Entra ID from Android devices.
* The Group2 members must be prompted for MFA only when accessing Microsoft Exchange Online from outside the corporate network.
* Administrative effort must be minimized.
What should you configure for each group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.
The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.
You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.
You install the Group Policy Management Console (GPMC) on Server1.
You need to configure the Windows Update for Business Group Policy settings on Server1.
Solution: You upgrade Server1 to Windows Server 2019.
Does this meet the goal?
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an on-premises Active Directory domain. The domain contains domain controllers that run Windows Server 2019. The functional level of the forest and the domain is Windows Server 2012 R2.
The domain contains 100 computers that run Windows 10 and a member server named Server1 that runs Windows Server 2012 R2.
You plan to use Server1 to manage the domain and to configure Windows 10 Group Policy settings.
You install the Group Policy Management Console (GPMC) on Server1.
You need to configure the Windows Update for Business Group Policy settings on Server1.
Solution: You upgrade Server1 to Windows Server 2019.
Does this meet the goal?
正解:B
解答を投票する
HOTSPOT
Your company uses a legacy on-premises LDAP directory that contains 100 users.
The company purchases a Microsoft 365 subscription.
You need to import the 100 users into Microsoft 365 by using the Microsoft 365 admin center.
Which type of file should you use and which properties are required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your company uses a legacy on-premises LDAP directory that contains 100 users.
The company purchases a Microsoft 365 subscription.
You need to import the 100 users into Microsoft 365 by using the Microsoft 365 admin center.
Which type of file should you use and which properties are required? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: CSV
Add multiple users in the Microsoft 365 admin center
* Sign in to Microsoft 365 with your work or school account.
* In the admin center, choose Users > Active users.
* Select Add multiple users.
* On the Import multiple users panel, you can optionally download a sample CSV file with or without sample data filled in.
* Etc.
Note: More information about how to add users to Microsoft 365
Not sure what CSV format is?
A CSV file is a file with comma separated values. You can create or edit a file like this with any text editor or spreadsheet program, such as Excel.
Box 2: User Name and Display Name
What if I don't have all the information required for each user? The user name and display name are required, and you cannot add a new user without this information. If you don't have some of the other information, such as the fax, you can use a space plus a comma to indicate that the field should remain blank.
Reference:
https://learn.microsoft.com/en-us/microsoft-365/enterprise/add-several-users-at-the-same-time
You have a Microsoft 365 subscription.
Your company has a customer ID associated to each customer. The customer IDs contain 10 numbers followed by 10 characters. The following is a sample customer ID: 12-456-7890-abc-de-fghij.
You plan to create a data loss prevention (DLP) policy that will detect messages containing customer IDs.
D18912E1457D5D1DDCBD40AB3BF70D5D
What should you create to ensure that the DLP policy can detect the customer IDs?
Your company has a customer ID associated to each customer. The customer IDs contain 10 numbers followed by 10 characters. The following is a sample customer ID: 12-456-7890-abc-de-fghij.
You plan to create a data loss prevention (DLP) policy that will detect messages containing customer IDs.
D18912E1457D5D1DDCBD40AB3BF70D5D
What should you create to ensure that the DLP policy can detect the customer IDs?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
You have a Microsoft 365 E5 tenant.
You need to be notified when emails with attachments that contain sensitive personal data are sent to external recipients.
Which two policies can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
You need to be notified when emails with attachments that contain sensitive personal data are sent to external recipients.
Which two policies can you use? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
正解:D,E
解答を投票する
HOTSPOT
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains a group named Group1 and the users shown in the following table:
The tenant has a conditional access policy that has the following configurations:
Name: Policy1
Assignments:
- Users and groups: Group1
- Cloud aps or actions: All cloud apps
* Access controls:
* Grant, require multi-factor authentication
* Enable policy: Report-only
You set Enabled Security defaults to Yes for the tenant.
For each of the following settings select Yes, if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription linked to an Azure Active Directory (Azure AD) tenant. The tenant contains a group named Group1 and the users shown in the following table:
The tenant has a conditional access policy that has the following configurations:
Name: Policy1
Assignments:
- Users and groups: Group1
- Cloud aps or actions: All cloud apps
* Access controls:
* Grant, require multi-factor authentication
* Enable policy: Report-only
You set Enabled Security defaults to Yes for the tenant.
For each of the following settings select Yes, if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Report-only mode is a new Conditional Access policy state that allows administrators to evaluate the impact of Conditional Access policies before enabling them in their environment. With the release of report-only mode:
* Conditional Access policies can be enabled in report-only mode.
* During sign-in, policies in report-only mode are evaluated but not enforced.
* Results are logged in the Conditional Access and Report-only tabs of the Sign-in log details.
* Customers with an Azure Monitor subscription can monitor the impact of their Conditional Access policies using the Conditional Access insights workbook.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-report- only
HOTSPOT
You have a Microsoft 365 E5 subscription.
You need to implement identity protection. The solution must meet the following requirements:
* Identify when a user's credentials are compromised and shared on the dark web.
* Provide users that have compromised credentials with the ability to self-remediate.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
You have a Microsoft 365 E5 subscription.
You need to implement identity protection. The solution must meet the following requirements:
* Identify when a user's credentials are compromised and shared on the dark web.
* Provide users that have compromised credentials with the ability to self-remediate.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: A user risk policy
Identify when a user's credentials are compromised and shared on the dark web.
User risk-based Conditional Access policy
Identity Protection analyzes signals about user accounts and calculates a risk score based on the probability that the user has been compromised. If a user has risky sign-in behavior, or their credentials have been leaked, Identity Protection will use these signals to calculate the user risk level. Administrators can configure user risk-based Conditional Access policies to enforce access controls based on user risk, including requirements such as:
Block access
Allow access but require a secure password change.
A secure password change will remediate the user risk and close the risky user event to prevent unnecessary noise for administrators.
Box 2: Require password change
Provide users that have compromised credentials with the ability to self-remediate.
A secure password change will remediate the user risk and close the risky user event to prevent unnecessary noise for administrators Reference:
https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection- policies#user-risk-based-conditional-access-policy
You have a Microsoft 365 E5 subscription.
You plan to configure multi-factor authentication (MFA).
You need to select an authentication method for users. The solution must ensure that each time a user is prompted for MFA, the application name that requires MFA is provided.
What should you select?
You plan to configure multi-factor authentication (MFA).
You need to select an authentication method for users. The solution must ensure that each time a user is prompted for MFA, the application name that requires MFA is provided.
What should you select?
正解:D
解答を投票する
You have a Microsoft 365 E5 tenant that contains 500 Windows 10 devices and a Windows 10 compliance policy.
You deploy a third-party antivirus solution to the devices.
You need to ensure that the devices are marked as compliant.
Which three settings should you modify in the compliance policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
You deploy a third-party antivirus solution to the devices.
You need to ensure that the devices are marked as compliant.
Which three settings should you modify in the compliance policy? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Reference:
https://docs.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows
You have a Microsoft 365 subscription that includes Microsoft Defender XDR.
From the Microsoft Defender portal, you review the Microsoft Secure Score improvement actions shown in the following table.
You plan to update the status of the improvement actions as shown in the following table.
How many points will the Secure Score increase after the update?
From the Microsoft Defender portal, you review the Microsoft Secure Score improvement actions shown in the following table.
You plan to update the status of the improvement actions as shown in the following table.
How many points will the Secure Score increase after the update?
正解:E
解答を投票する
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.
You create an administrative unit named AU1 that contains the members shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
You create an administrative unit named AU1 that contains the members shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE; Each correct selection is worth one point.
正解:
Explanation:
You have a Microsoft 365 E5 subscription.
You need to recommend a solution for monitoring and reporting application access. The solution must meet the following requirements:
* Support KQL for querying data.
* Retain report data for at least one year.
What should you include in the recommendation?
You need to recommend a solution for monitoring and reporting application access. The solution must meet the following requirements:
* Support KQL for querying data.
* Retain report data for at least one year.
What should you include in the recommendation?
正解:A
解答を投票する
HOTSPOT
Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table.
You purchase a Microsoft 365 E5 subscription.
You need to implement Azure AD Connect cloud sync.
What should you install first and on which server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Your network contains an on-premises Active Directory domain. The domain contains the servers shown in the following table.
You purchase a Microsoft 365 E5 subscription.
You need to implement Azure AD Connect cloud sync.
What should you install first and on which server? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
正解:
Explanation:
Box 1: The Azure AD Connect provisioning agent
Install the Azure AD Connect provisioning agent
How is Azure AD Connect cloud sync different from Azure AD Connect sync?
With Azure AD Connect cloud sync, provisioning from AD to Azure AD is orchestrated in Microsoft Online Services. An organization only needs to deploy, in their on-premises or IaaS-hosted environment, a light- weight agent that acts as a bridge between Azure AD and AD. The provisioning configuration is stored in Azure AD and managed as part of the service.
Box 2: Server1 or Server2 only.
Cloud provisioning agent requirements include:
* An on-premises server for the provisioning agent with Windows 2016 or later.
This server should be a tier 0 server based on the Active Directory administrative tier model. Installing the agent on a domain controller is supported.
Note: Windows Server Core is a minimal installation option for the Windows Server operating system (OS) that has no GUI and only includes the components required to perform server roles and run applications.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-install
https://docs.microsoft.com/en-us/azure/active-directory/cloud-sync/how-to-prerequisites
You have a Microsoft 365 E5 subscription.
Users access Microsoft 365 from both their laptop and a corporate Virtual Desktop Infrastructure (VDI) solution.
From Azure AD Identity Protection, you enable a sign-in risk policy.
Users report that when they use the VDI solution, they are regularly blocked when they attempt to access Microsoft 365.
What should you configure?
Users access Microsoft 365 from both their laptop and a corporate Virtual Desktop Infrastructure (VDI) solution.
From Azure AD Identity Protection, you enable a sign-in risk policy.
Users report that when they use the VDI solution, they are regularly blocked when they attempt to access Microsoft 365.
What should you configure?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)