Medium MS-102 practice questions
Applied — put a concept to work in a realistic situation. 113 medium questions available — no sign-up, always free.
Contoso has a large Microsoft 365 tenant. The IT director wants regional help desk staff in the Berlin office to reset passwords and manage only the user accounts belonging to the Berlin region, without granting them the ability to manage users in any other region. All Berlin users share a common department attribute value. What should you implement to meet this requirement with the least administrative effort?
A security analyst at Contoso wrote a KQL query in Microsoft Defender XDR advanced hunting that identifies devices where a suspicious PowerShell command downloads content from a known-bad domain. The query returns accurate results when run manually. The analyst wants Defender XDR to automatically run this query on a recurring schedule and generate an alert (and optionally take response actions) whenever the pattern is detected. What should the analyst do?
You are a Microsoft 365 administrator using Attack Simulation Training in Microsoft Defender for Office 365. After running a credential-harvest phishing simulation, leadership asks you to identify users who have been compromised in multiple past simulations so you can automatically assign them additional training. Which feature within Attack Simulation Training should you use to identify these users based on their history across simulations?
You are the Microsoft 365 administrator for Contoso. HR provides a CSV file containing 350 new employees with their display names, user principal names, department, and job titles. You need to create all 350 accounts in Microsoft Entra ID efficiently while ensuring each account is enabled and requires a password change at first sign-in. Which approach should you use?
Your organization uses Microsoft Entra Cloud Sync (not Connect Sync) to synchronize users from a single on-premises Active Directory forest. Users report that their on-premises passwords do not work when signing in to Microsoft 365, although the user accounts themselves appear correctly in Entra ID. You confirm the sync agent is healthy and objects are provisioning successfully. What is the MOST likely cause?
Contoso has three separate Active Directory forests with no trust relationships between them, all needing to synchronize users to a single Microsoft Entra tenant. The identity team wants a lightweight, agent-based solution that supports multiple disconnected forests, requires minimal on-premises footprint, and is managed from the cloud. They do NOT require synchronization of devices, pass-through authentication, or writeback of passwords beyond SSPR. Which synchronization option should you implement?
Your organization requires that members of the Finance department use only phishing-resistant methods (such as FIDO2 security keys or Windows Hello for Business) when accessing a sensitive payroll application, while other users may continue using standard MFA. You want to enforce this through Conditional Access with the least administrative effort. What should you configure in the Conditional Access policy that targets the Finance group and the payroll application?
Contoso's security team reports that sign-in attempts are originating from a country where the company has no employees or business operations. Legitimate users only sign in from the United States and Canada. You need to prevent all authentication from the unauthorized country while allowing normal operations to continue, using the least administrative effort. What should you do?
Your organization wants to block legacy authentication protocols (such as POP, IMAP, and older Office clients) because they cannot enforce MFA. Before enforcing the block for all users, security management requires evidence of how many sign-ins would be affected, without impacting productivity. What is the recommended approach to gather this evidence using Conditional Access?
You are deploying a Conditional Access policy that requires multifactor authentication for all users when accessing any cloud app. Your security team is concerned that a misconfiguration or MFA service outage could lock all administrators out of the tenant. Following Microsoft's recommended practices, what should you do before enabling the policy?
Your organization uses Conditional Access to require MFA for all users. The finance team frequently complains about being prompted for MFA while working from the corporate headquarters, which uses a single fixed public IP address (203.0.113.10). Management wants to reduce MFA prompts for users physically located in the headquarters office while keeping MFA enforced everywhere else. What should you configure to achieve this with the least administrative effort?
Your organization allows users to access Microsoft 365 from unmanaged personal devices via a web browser. Security requires that when users on unmanaged devices close their browser, they must re-authenticate, and their session must not persist. Managed devices should retain their normal session behavior. Which Conditional Access session control should you configure to meet the requirement for unmanaged devices?
You have created a new Conditional Access policy that will require MFA for all users accessing Microsoft 365 applications. Before enforcing it, leadership asks you to determine how many sign-ins would be blocked or challenged without actually affecting users. What should you do?
Your organization uses Microsoft Entra ID P2 and Microsoft Intune. Finance department users access a sensitive payroll web app that is registered in Entra ID. Security requires that these users can only reach the app from Intune-managed devices that are marked compliant, and that they must re-authenticate every 4 hours regardless of persistent browser sessions. You need to enforce both requirements with the least administrative effort. What should you configure?
You are the Microsoft 365 administrator at Contoso. Recent sign-in logs show several successful sign-ins to privileged accounts from unfamiliar locations without any second-factor prompt. Management wants to ensure that all users assigned directory administrator roles (such as Global Administrator and User Administrator) must complete multifactor authentication every time they sign in, regardless of location or device. You want to enforce this with the least administrative effort while keeping the control targeted. What should you do?
Contoso wants every external guest user to explicitly accept a corporate acceptable-use agreement before they can access any SharePoint Online or Teams content shared with them. The agreement is a PDF that must be re-accepted every 12 months, and acceptance must be auditable. As the Microsoft 365 administrator, what should you configure to enforce this?
Your organization's security team requires that administrators who leave their sessions idle in the Microsoft 365 admin center and other web apps are automatically signed out after 3 hours to reduce the risk of unattended sessions on shared workstations. You need to enforce this behavior tenant-wide with the least administrative effort. What should you configure?
Your organization's legal team requires that every employee sees a link to the company's internal privacy statement whenever they view their account settings or profile in Microsoft 365. As the Global Administrator, where in the Microsoft 365 admin center do you configure the URL for this privacy statement so it appears in users' account and profile experiences?
Your organization has deployed sensitivity labels across Microsoft 365. The compliance officer asks you to produce a point-in-time inventory of every SharePoint document and Exchange email that currently carries the 'Highly Confidential' sensitivity label, including the ability to open and view the actual items to verify their contents. Which Microsoft Purview tool should you use?
An employee at Contoso is leaving the company. Their manager needs continued access to the departing employee's emails and wants to keep the mailbox available for reference without consuming an Exchange Online license. As the Microsoft 365 administrator, what should you do?
Contoso's marketing team requests a collaboration space that includes a shared mailbox, a shared calendar, and a SharePoint site for files. They also require that partners at an outside agency can email the group directly using its address. As the Microsoft 365 administrator, which single action best meets all these requirements with the least administrative effort?
Your organization uses a proprietary employee-ID format consisting of the letters 'EMP' followed by exactly six digits (for example, EMP482915). You need to create a custom sensitive information type (SIT) in Microsoft Purview that detects this pattern with high accuracy and minimizes false positives when the ID appears near the keyword 'employee'. Which configuration should you use for the primary element and supporting evidence?
Your organization uses Microsoft Defender for Cloud Apps. The security team suspects employees are using unsanctioned cloud storage services. You need to generate a report that identifies which cloud apps are being used across the organization based on firewall and proxy traffic logs, and assess each discovered app's risk score. Which Defender for Cloud Apps capability should you use?
Your organization uses Microsoft Defender for Cloud Apps with the Microsoft 365 app connector enabled. The security team wants to be automatically alerted whenever a single user account signs in from two geographically distant locations within a time frame that makes physical travel between them impossible, which may indicate compromised credentials. You need to implement this detection with the least administrative effort. What should you configure?
Your organization uses Microsoft 365 with Defender for Cloud Apps. Security requires the ability to detect and revoke risky OAuth application grants in Exchange Online, SharePoint, and Teams, and to suspend a specific user account directly from a Cloud Apps alert. Currently, only Cloud App Discovery is configured using firewall log uploads. What must you do first to enable these governance actions on Microsoft 365 data?