User Account Shopping Cart
Practice Exams:
View All

MS-102 Microsoft Practice Test Questions and Exam Dumps

Question No 1:

Fabrikam, Inc., a global electronics manufacturer with 10,000 employees, has decided to begin transitioning its on-premises infrastructure to Microsoft 365. The organization currently operates an Active Directory forest named with users authenticating using the UPN format Their infrastructure includes Exchange Server 2016, SharePoint Server, and DNS hosted both internally and externally.

As part of the transition, Fabrikam plans to perform a two-phase pilot:

  • Project1 will involve migrating 100 sales department users' mailboxes to Microsoft 365.

  • Project2, contingent on Project1’s success, will enable Microsoft Teams for the same users.

To support this migration, Fabrikam must add and verify their custom domain within Microsoft 365. This is essential for ensuring mail flow continuity, service availability, and domain ownership verification.

During this domain onboarding process, the IT team is tasked with verifying the ownership of using DNS. You are asked to recommend the correct DNS record type that must be created in the public DNS zone to validate the domain name with Microsoft 365 during.

Which type of DNS record should you recommend to support the domain verification process in Microsoft 365?

A. Host (A)
B. Host Information (HINFO)
C. Text (TXT)
D. Pointer (PTR)

Correct Answer: C. Text (TXT)

Explanation:

When adding a custom domain such as to Microsoft 365, the first step is verifying domain ownership. This ensures that the organization attempting to configure services for a domain actually controls it. Microsoft provides two methods to perform this verification: adding either a TXT or MX record to the public DNS zone.

The TXT (text) record is the recommended and most commonly used method. Microsoft generates a unique string that needs to be published as a TXT record in the DNS zone for the root domain. This record doesn't interfere with existing mail flow or services and is simple to manage. Once Microsoft detects the correct TXT record in DNS, the domain is verified and can be used for services like Exchange Online, SharePoint Online, and Teams.

Other options in the question are incorrect:

  • A (Host A record): Used to map a domain name to an IP address, but not used for domain verification.

  • B (HINFO record): Provides host hardware information, which is rarely used and not part of domain verification.

  • D (PTR record): Used for reverse DNS lookups (IP to hostname mapping), which is not related to verifying domain ownership.

Microsoft 365 domain verification is a critical step before enabling services like Exchange Online. Without proper verification, features such as mailbox migration, email delivery, and UPN-based authentication will fail.

By adding the TXT record, Fabrikam ensures that Microsoft 365 recognizes them as the legitimate owner of allowing email addresses such as to function seamlessly during and after the transition. This step also supports their goal of minimizing email disruption during Project1 and ensures future cloud service authentication compatibility.

Question No 2: 

Fabrikam is implementing a pilot project to migrate 100 users in the sales department to Microsoft 365. These users will be using Microsoft Exchange and Microsoft Teams once the migration is complete. The company has identified that authentication to both on-premises and cloud-based applications needs to remain seamless, especially during the pilot projects. The authentication mechanism must ensure that users can sign in automatically to both cloud and on-premises applications, even if the on-premises Active Directory becomes temporarily unavailable.

Which authentication strategy should you implement for the pilot projects to ensure all sales department users can authenticate successfully during Project1 and Project2?

A. pass-through authentication
B. pass-through authentication and seamless SSO
C. password hash synchronization and seamless SSO
D. password hash synchronization

Answer: B. pass-through authentication and seamless SSO

Explanation:

For seamless authentication across both on-premises and cloud applications, pass-through authentication (PTA) combined with seamless single sign-on (SSO) is the ideal solution. Here's why:

  • Pass-through authentication (PTA) allows users to authenticate directly against the on-premises Active Directory, even when their email and other resources are migrated to Microsoft 365. This ensures that authentication remains consistent and secure across both environments. It helps avoid issues when the on-premises Active Directory is temporarily unavailable, as PTA still allows authentication without requiring the user to store passwords in the cloud.

  • Seamless SSO complements PTA by automatically signing users in to Microsoft 365 and other cloud services using their on-premises credentials. This feature ensures that users don’t need to manually enter their credentials every time they access a cloud service like Microsoft Teams or Exchange Online.

This combined solution is particularly beneficial during the migration phase, as it ensures that users can access both cloud and on-premises resources seamlessly without interruptions. It minimizes the need for additional user intervention and reduces the risk of authentication issues during the transition to the cloud.

In contrast, password hash synchronization alone would not meet the requirement for continuous, seamless access across both environments, as it would require syncing password hashes to the cloud, which might not be the most optimal solution for all users in the migration phase.

By using pass-through authentication and seamless SSO, Fabrikam can meet the authentication requirements for both the on-premises and cloud environments while minimizing disruptions to user access.

Question No 3: 

Fabrikam, Inc., a global electronics company with 10,000 employees, is planning to migrate its email and shared document services to Microsoft 365. They are implementing two pilot projects: moving the mailboxes of 100 users from the sales department to Microsoft 365, followed by enabling Microsoft Teams. They also plan to create a group, UserLicenses, to manage the allocation of Microsoft 365 licenses.

The company requires all users to continue accessing their email with their current credentials, with seamless authentication to cloud services. Additionally, a user named User1 needs to have full access to view all Data Loss Prevention (DLP) reports in the Microsoft Purview compliance portal.

The environment includes Active Directory for authentication, on-premises Exchange Server for email, SharePoint Server for document management, and Microsoft 365 services for new cloud-based applications. The user experience must be as uninterrupted as possible during the migration, with specific security, application, and operational requirements.

Requirements:

  • Users must continue authenticating to email and SharePoint using their UPN after migration.

  • User1 must be able to view DLP reports from Microsoft Purview.

  • Automatic sign-in for both on-premises and cloud applications.

  • The UserLicenses group must have its membership validated monthly with the removal of unused accounts.

  • The principle of least privilege should be implemented.

Which role should you assign to User1 to meet the requirements outlined for Fabrikam?

A. Hygiene Management
B. Security Reader
C. Security Administrator
D. Records Management

Answer: B. Security Reader

Explanation:

In this scenario, User1 needs to view all Data Loss Prevention (DLP) reports in the Microsoft Purview compliance portal. Based on the requirements, the best fit for User1’s role is the Security Reader role. This role provides access to security-related reports and insights without giving administrative permissions. The role ensures that User1 can view DLP reports and monitor security-related information within the compliance portal, which is critical for Fabrikam as it transitions to Microsoft 365.

Let’s break down the roles:

  1. Hygiene Management: This role is associated with managing basic security hygiene tasks like security health and threat protection policies. It doesn't provide sufficient access for viewing detailed reports in the Microsoft Purview compliance portal.

  2. Security Reader: This is the most appropriate role in this case because it grants read-only access to the security-related sections of Microsoft 365, including DLP reports, compliance center, and security insights. Since User1 is required to view DLP reports specifically, the Security Reader role ensures they can access the necessary information without allowing modification or administrative privileges.

  3. Security Administrator: This role provides broader permissions than needed for User1. Security Administrators can manage security policies, configure security settings, and take action on alerts, which goes beyond the requirement of simply viewing DLP reports.

  4. Records Management: This role is focused on managing records and retention policies, not DLP reports or security insights. It is not relevant to the task at hand, which is viewing security reports.

In summary, Security Reader is the most appropriate role for User1 because it allows the user to view the necessary reports from Microsoft Purview while maintaining the principle of least privilege, ensuring they don't have unnecessary administrative capabilities.

Question No 4: 

Your company uses Microsoft 365, and you need to identify all the users who are licensed for Office 365 through group membership. Additionally, you need to retrieve the names of the groups that are used to assign these licenses.

What tool or feature should you use to find all users in your Microsoft 365 subscription who are licensed for Office 365 through a group membership, along with the name of the group that assigned the license?

A. Active users in the Microsoft 365 admin center
B. Reports in Microsoft Purview compliance portal
C. The Licenses blade in the Microsoft Entra admin center
D. Reports in the Microsoft 365 admin center

Answer: D. Reports in the Microsoft 365 admin center

Explanation:

To identify users who are licensed for Office 365 through group membership, along with the name of the group that is used to assign these licenses, the Microsoft 365 admin center is the most appropriate tool to use. Specifically, you would use the Reports section within the admin center.

Here's why each option plays a role:

  1. Active users in the Microsoft 365 admin center: While this section allows you to view all active users, it does not provide detailed information about how licenses are assigned to users, especially when it comes to group memberships. You can see individual license assignments, but not the group details directly.

  2. Reports in Microsoft Purview compliance portal: The Purview compliance portal is primarily used for compliance, security, and data governance tasks, such as managing data loss prevention (DLP), retention, and other compliance policies. It does not provide licensing-related reports, making it unsuitable for identifying group-based licensing.

  3. The Licenses blade in the Microsoft Entra admin center: Microsoft Entra is used for managing identities and access. The Licenses blade in this portal allows you to view and assign licenses, but it does not offer specific reports on how those licenses were assigned (e.g., through group membership).

  4. Reports in the Microsoft 365 admin center: This is the best choice for this task. The Microsoft 365 admin center provides built-in reporting features that can show how licenses are assigned to users, including group-based assignments. You can filter the report to show only those users licensed via group memberships and see the names of the groups responsible for these assignments. This ensures a comprehensive view of your organization’s license distribution and group associations.

Thus, Reports in the Microsoft 365 admin center provides the specific information needed to identify group-based license assignments, making it the most effective tool for this task.

Question No 5:

You have a Microsoft 365 subscription with multiple users in different departments. The goal is to configure group-based licensing to meet the following requirements:

  • Deploy an Office 365 E3 license to all users without the Power Automate license option.

  • Deploy an Enterprise Mobility + Security E5 license to all users.

  • Deploy a Power BI Pro license to users in the research department only.

  • Deploy a Visio Plan 2 license to users in the marketing department only.

What is the minimum number of deployment groups required to meet these requirements?

A. 1
B. 2
C. 3
D. 4
E. 5

Answer: D. 4

Explanation:

In a Microsoft 365 environment with users across different departments, group-based licensing is an efficient way to manage license assignments. It allows administrators to assign licenses to users automatically based on their membership in Azure Active Directory (Azure AD) groups. In this scenario, the organization has specific licensing requirements for different groups of users, which makes it essential to create separate deployment groups for precise license control.

The first requirement is to assign the Office 365 E3 license to all users, but without the Power Automate service. Although this license is for the entire organization, the exclusion of Power Automate means a customized license configuration is needed. Azure AD allows disabling specific services within a license when assigning it to a group, so a separate group must be created to deploy Office 365 E3 with Power Automate turned off.

The second requirement is to assign the Enterprise Mobility + Security (EMS) E5 license to all users. Even though the same users are involved, this is a separate license and should be managed through its own group to maintain clarity and ease of management.

The third requirement involves assigning the Power BI Pro license only to users in the research department. Since this license is not needed organization-wide, creating a dedicated group for the research department ensures that only the right users receive this service, reducing unnecessary costs.

The final requirement is to assign Visio Plan 2 only to the marketing department. Like the research department, the marketing team will need a separate group to ensure that only they get access to Visio Plan 2.

Therefore, to meet all these needs efficiently and accurately, a total of four groups are required, making the correct answer D. 4. This setup ensures proper license allocation without overspending or mismanagement.

Question No 6: 

You are managing a Microsoft 365 subscription and you are reviewing the Service Health Overview, as shown in the provided exhibit. Your goal is to grant a user named User1 the ability to view advisories related to service health in order to investigate any potential service issues within your Microsoft 365 environment.

What role should you assign to User1 in order to allow them to view service health advisories and investigate related issues?

A. Message Center Reader
B. Reports Reader
C. Service Support Administrator
D. Compliance Administrator

Correct Answer: C. Service Support Administrator

Explanation:

The Service Support Administrator role in Microsoft 365 is specifically designed for users who need to monitor the health of Microsoft services, including viewing advisories, alerts, and incidents that could affect service availability. This role allows users to investigate service health issues, ensuring they have the necessary permissions to handle or escalate incidents related to Microsoft 365 services.

Here’s a breakdown of each role and why it’s not appropriate for this task:

  • A. Message Center Reader: This role gives users access to messages in the Message Center, where updates and changes to Microsoft 365 services are posted. However, it does not provide access to the service health information that is needed to investigate specific incidents or issues with service performance.

  • B. Reports Reader: The Reports Reader role allows users to access usage data and other reports within Microsoft 365, but it does not grant access to service health information or advisories, making it unsuitable for investigating service-related issues.

  • C. Service Support Administrator: This role is the most appropriate choice, as it specifically allows users to view service health advisories and investigate incidents and service issues. It gives users the necessary permissions to monitor service status and support resolution activities.

  • D. Compliance Administrator: This role is focused on compliance-related tasks, such as managing data loss prevention policies and overseeing regulatory compliance features within Microsoft 365. It does not have access to service health data or advisories.

Therefore, the Service Support Administrator role is the correct choice to ensure User1 can investigate service health advisories.

Question No 8:

You have a Microsoft 365 E5 subscription that contains various users, including Group1 and Group2, as outlined in the table below. You assign the User Administrator role to Group1 with the following details:

  • Scope Type: Directory

  • Selected Members: Group1

  • Assignment Type: Active

  • Assignment Starts: Mar 15, 2023

  • Assignment Ends: Aug 15, 2023

You also assign the Exchange Administrator role to Group2 with the following details:

  • Scope Type: Directory

  • Selected Members: Group2

  • Assignment Type: Eligible

  • Assignment Starts: Jun 15, 2023

  • Assignment Ends: Oct 15, 2023

You are tasked with determining whether the following statements are true or false based on the user role assignments.

Statements:

  1. Group1 will be able to manage all users within the directory during the assignment period.

  2. Group2 will be able to manage Exchange-related settings immediately after the assignment starts.

  3. Group2 will retain Exchange Administrator permissions after the assignment ends.

  • Yes

  • No

Correct Answers:

  1. Yes

  2. No

  3. No

Explanation:

  • Statement 1: Group1 is assigned the User Administrator role with an Active assignment, which means they will have full permissions to manage users and their settings within the Microsoft 365 directory during the assignment period (March 15, 2023 – August 15, 2023). This includes creating, managing, and deleting user accounts, making this statement True.

  • Statement 2: Group2 is assigned the Exchange Administrator role with an Eligible assignment. The Eligible assignment type means that members of Group2 have the potential to take on the role but must activate it first. Since the assignment starts on June 15, 2023, but the assignment type is Eligible, they will not have immediate access to Exchange-related settings until they manually activate the role. This makes the statement False.

  • Statement 3: After the assignment period ends on October 15, 2023, Group2 will no longer have the Exchange Administrator role, as their assignment type is Eligible, which means they only have temporary permissions. Once the assignment ends, their access will be revoked, making the statement False.

Avanset - #1 VCE Player & Designer
How to Open VCE Files

Use VCE Exam Simulator to open VCE files

VCE Player for MAC
Sign UpSign Up Learn MoreLearn More Full VersionFull Version
UP

LIMITED OFFER: GET 30% Discount

This is ONE TIME OFFER

ExamSnap Discount Offer
Enter Your Email Address to Receive Your 30% Discount Code

A confirmation link will be sent to this email address to verify your login. *We value your privacy. We will not rent or sell your email address.

Download Free Demo of VCE Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.

Simply submit your e-mail address below to get started with our interactive software demo of your free trial.

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.