Valid MS-102 Dumps shared by PassLeader for Helping Passing MS-102 Exam! PassLeader now offer the newest MS-102 VCE dumps and MS-102 PDF dumps, the PassLeader MS-102 exam questions have been updated and ANSWERS have been corrected, get the newest PassLeader MS-102 dumps with VCE and PDF here: https://www.passleader.com/ms-102.html (392 Q&As Dumps)
BTW, DOWNLOAD part of PassLeader MS-102 dumps from Cloud Storage: https://drive.google.com/drive/folders/1EgG1HXOLli3rw4OX-3NpXshMm5dHpomY
NEW QUESTION 355
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365. You need to implement a threat policy that will apply a balanced baseline protection profile to protect against spam, phishing, and malware.
Solution: You create a Strict preset security policy.
Does this meet the goal?
A. Yes
B. No
Answer: B
Explanation:
https://learn.microsoft.com/en-us/defender-office-365/preset-security-policies#profiles-in-preset-security-policies
NEW QUESTION 356
You have a Microsoft 365 E5 subscription. You integrate Microsoft Defender for Endpoint with Microsoft Intune. You need to ensure that devices automatically onboard to Defender for Endpoint when they are enrolled in Intune.
Solution: You create an endpoint detection and response (EDR) policy.
Does this meet the goal?
A. Yes
B. No
Answer: A
Explanation:
After Defender and Intune are connected you can use both: EDR or configuration policy.
https://learn.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection-configure#onboard-windows-devices
NEW QUESTION 357
You have a Microsoft 365 E5 subscription. You are implementing Microsoft Defender for Cloud Apps. You need to ensure that you can create OAuth app policies.
Solution: You configure Cloud Discovery.
Does this meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 358
You have a Microsoft 365 subscription. You need to implement a passwordless authentication solution that supports the following device types:
– Windows
– Android
– iOS
The solution must use the same authentication method for all devices. Which authentication method should you use?
A. the Microsoft Authentication app
B. Voice call
C. multi-factor authentication (MFA)
D. Windows Hello for Business
Answer: A
NEW QUESTION 359
You have a Microsoft 365 E5 subscription that contains a domain named contoso.com. You deploy a new Microsoft Defender for Office 365 anti-phishing policy named Policy1 that has user impersonation protection enabled for a user named [email protected]. You discover that Policy1 blocks email messages from a regular contact named [email protected]. You need to ensure that the messages are delivered successfully. What should you do for Policy1?
A. Select Enable domains to protect.
B. Configure the Phishing email threshold setting.
C. Configure which users to protect.
D. Select Enable mailbox intelligence.
Answer: D
NEW QUESTION 360
You have a Microsoft 365 E5 subscription. You plan to implement an authentication policy that will user FIDO2 security key as a user authentication method. You need to ensure that during enrollment, each FIDO2 security key is verified by using the FIDO Alliance Metadata Service. Which setting should you enable?
A. Allow self-service setup.
B. Restrict specific keys.
C. Enforce attestation.
D. Enforce key restrictions.
Answer: C
Explanation:
Set Enforce attestation to Yes if your organization wants to be assured that a FIDO2 security key model or passkey provider is genuine and comes from the legitimate vendor:
– For FIDO2 security keys, we require security key metadata to be published and verified with the FIDO Alliance Metadata Service, and also pass Microsoft’s another set of validation testing.
– Passkeys in Microsoft Authenticator also support attestation.
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-enable-passkey-fido2
NEW QUESTION 361
You have a Microsoft 365 E5 subscription. You create a user named Admin1. You need to ensure that Admin1 can view Endpoint security policies from the Microsoft Defender portal. The solution must follow the principle of least privilege. Which Microsoft Entra role should you assign to Admin1?
A. Cloud Device Administrator
B. Security Reader
C. Global Reader
D. Security Administrator
E. Security Operator
Answer: B
Explanation:
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#security-reader
NEW QUESTION 362
You have a Microsoft 365 E5 subscription. You plan to configure multi-factor authentication (MFA). You need to select an authentication method for users. The solution must ensure that each time a user is prompted for MFA, the application name that requires MFA is provided. What should you select?
A. SMS
B. Microsoft Authenticator
C. a voice call
D. email OTP
E. a FIDO2 security key
Answer: B
Explanation:
On the Configure tab, for Show application name in push and passwordless notifications, change Status to Enabled, choose who to include or exclude from the policy, and click Save.
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-mfa-additional-context#enable-additional-context-in-the-microsoft-entra-admin-center
NEW QUESTION 363
You have a Microsoft 365 E5 subscription. You plan to ingest syslog data from a supported firewall device to Microsoft Defender for Cloud Apps. You need to configure automatic log upload. Which two components should you configure for the log collector? (Each correct answer presents a complete solution. Choose two.)
A. the receiver type
B. the data source
C. the username and password
D. a connection string
E. the host IP address or FQDN
Answer: BE
Explanation:
Step 1&2 (Data Source): Receiver type is inside Data Source (answer B) in step 2e.
Step 3&4 (Log Collector): You need to add a log collector that requires a host IP address (answer E) in step 4b.
https://learn.microsoft.com/en-us/defender-cloud-apps/discovery-docker-windows
NEW QUESTION 364
You have a Microsoft 365 E5 subscription that contains devices onboarded to Microsoft Defender for Endpoint. You integrate Microsoft Defender for Cloud Apps with Defender for Endpoint. You need identify which cloud apps and services were used most during the last 30 days. What should you do?
A. Generate a monthly security summary report.
B. Generate a Cloud Discovery snapshot report.
C. Create a threat analytics alert notification.
D. Generate a Cloud Discovery executive report.
Answer: B
Explanation:
This report provides ad-hoc visibility on a specific set of traffic logs that you manually upload from your network. It allows you to analyze your organization’s cloud app usage against Microsoft’s catalog of cloud apps, which can give insights into usage patterns and potential security risks.
https://learn.microsoft.com/en-us/defender-cloud-apps/create-snapshot-cloud-discovery-reports
NEW QUESTION 365
You have a Microsoft 365 E5 subscription. You plan to use a third-party protection service to scan email messages before they are delivered to Microsoft 365. You configure a mail flow rule to bypass spam filtering for incoming messages. Which two messages will still be scanned by Microsoft 365 and cannot be bypassed by the mail flow rule? (Each correct answer presents part of the solution. Choose two.)
A. a message that contains malware
B. a high-confidence phishing message
C. an encrypted message
D. a message that includes HTML code
E. a messages that includes URL links
Answer: AB
Explanation:
https://learn.microsoft.com/en-us/defender-office-365/secure-by-default
NEW QUESTION 366
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365. You need to implement a social engineering awareness solution that meets the following requirements:
– To reset a user’s password, emulate an email message that contains a link.
– Track any user that selects the email message link.
– Suggest further social engineering training.
What should you use in the Microsoft Defender portal?
A. Attack simulation training.
B. Learning hub.
C. Exposure insights.
D. Threat tracker.
Answer: A
Explanation:
https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-get-started
NEW QUESTION 367
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps. You register a cloud app named App1 in Microsoft Entra ID. You need to create an access policy for App1. What should you do first?
A. Deploy Conditional Access App Control to App1.
B. Create an app tag for App1.
C. Add a security information and event management (SIEM) agent to Defender for Cloud Apps.
D. Configure an app connector to Defender for Cloud Apps.
Answer: D
Explanation:
https://learn.microsoft.com/en-us/defender-cloud-apps/get-started
NEW QUESTION 368
You have a Microsoft 365 E5 subscription. You plan to create an anti-malware policy named Policy1. You need to ensure that Policy1 can detect malicious email messages that were already delivered to a user’s mailbox. What should you do in the Microsoft Defender portal?
A. Enable zero-hour auto purge (ZAP).
B. Enable enhanced filtering.
C. Configure a quarantine policy.
D. Modify the common attachments filter.
Answer: A
Explanation:
https://learn.microsoft.com/en-us/defender-office-365/zero-hour-auto-purge
NEW QUESTION 369
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365. You are configuring Attack simulation training that will target all users and use the Credential Harvest social engineering technique. You need to ensure that the simulation sends an email message that contains a custom phishing link and company-based terminology and branding. How should you configure the simulation?
A. Create a Tenant payload.
B. Select a Global payload.
C. Select custom end-user notifications.
D. Create a tenant landing page.
Answer: A
Explanation:
https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-payloads
NEW QUESTION 370
You have a Microsoft 365 subscription that contains a Microsoft Entra tenant named contoso.com. The tenant includes a user named User1. You enable Microsoft Entra ID Protection. You need to ensure that User1 can review the list in Microsoft Entra ID Protection of users flagged for risk. The solution must use the principle of least privilege. To which role should you add User1?
A. Security Reader
B. Reports Reader
C. Compliance Administrator
D. Owner
Answer: A
Explanation:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection#permissions
NEW QUESTION 371
You have a Microsoft 365 E5 subscription. You need to create a mail-enabled contact. Which portal should you use?
A. the Microsoft Entra admin center
B. the Intune admin center
C. the Microsoft Purview compliance portal
D. the Exchange admin center
Answer: D
Explanation:
https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-mail-users
NEW QUESTION 372
You have a Microsoft 365 E5 subscription that contains a user named User1. You have a Conditional Access policy applied to a cloud-based app named App1. App1 has Conditional Access App Control deployed. You need to create a Microsoft Defender for Cloud Apps policy to block User1 from printing from App1. Which type of policy should you create?
A. activity policy
B. session policy
C. OAuth app policy
D. Cloud Discovery anomaly detection policy
Answer: B
Explanation:
Designed to control user sessions for cloud applications. It allows you to enforce restrictions based on user actions during a session, including blocking specific activities like printing. Since App1 has Conditional Access App Control deployed, you can leverage session policies to monitor and control user activities in real-time.
https://learn.microsoft.com/en-us/defender-cloud-apps/session-policy-aad
NEW QUESTION 373
You use Microsoft Defender for Office 365. You plan to automate an attack simulation campaign. Any users that fail the simulation must take additional training based on the simulation results. What is the maximum number of days the training will be available to the users after the simulation?
A. 7
B. 15
C. 30
D. 45
Answer: C
Explanation:
https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-simulations
NEW QUESTION 374
You have a Microsoft 365 subscription that uses Microsoft Defender for Endpoint. All the devices in your organization are onboarded to Microsoft Defender for Endpoint. You need to ensure that an alert is generated if malicious activity was detected on a device during the last 24 hours. What should you do?
A. From the Microsoft Purview compliance portal, create a data loss prevention (DLP) policy.
B. From the Microsoft Defender portal, create an alert suppression rule and assign an alert.
C. From Advanced hunting, create a query and a detection rule.
D. From the Microsoft Defender portal, create an Advanced hunting query and a detection rule.
Answer: D
NEW QUESTION 375
You have a Microsoft 365 E5 subscription that uses Microsoft Defender for Endpoint and Microsoft Intune. All devices run Windows 11 and are Microsoft Entra joined. You are alerted to a zero-day attack. You need to identify which devices were affected by the attack and send a request to Intune administrators to update the affected devices. Which two actions should you perform in the Microsoft Defender portal? (Each correct answer presents part of the solution. Choose two.)
A. From Threat analytics, view the list of vulnerable devices.
B. From Incidents & alerts, select the latest incident.
C. From Vulnerability management, open the security recommendation.
D. Select the affected devices and request remediation.
Answer: AD
NEW QUESTION 376
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps. You are reviewing the activity log of the subscription. You need to ensure that events originating from the on-premises network are categorized automatically as Administrative. What should you create?
A. a critical asset classification
B. an indicator for IP addresses
C. an IP address range
D. a named location
Answer: D
Explanation:
In Microsoft Defender for Cloud Apps, a “named location” is used to define trusted or untrusted IP address ranges. This can be applied to categorize activity originating from specific networks, such as your on-premises network, as “Administrative” based on IP address. By defining a named location for your on-premises network, you can automatically classify activities originating from that network.
NEW QUESTION 377
You have an on-premises server named Server1 that runs Windows Server. You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps. You plan to configure Cloud Discovery and enable automatic log upload. You need to ensure that you can run the log collector on Server1. What should you install on Server1?
A. the Microsoft Graph PowerShell SDK
B. .NET Framework 4.8
C. Docker
D. the Azure Connected Machine agent
Answer: C
Explanation:
To run the log collector for Cloud Discovery in Microsoft Defender for Cloud Apps, you need to ensure that the required dependencies, such as .NET Framework 4.8, are installed on the server. The log collector requires .NET Framework 4.8 to function properly.
https://learn.microsoft.com/en-us/defender-cloud-apps/discovery-docker
NEW QUESTION 378
You have a Microsoft 365 E5 subscription. The subscription contains users that have Windows 11 devices. You plan to onboard the devices to Microsoft Defender for Endpoint. The devices will connect to Defender for Endpoint through a proxy service. You need to ensure that the devices use consolidated URLs and static IP ranges when connecting to Defender for Endpoint. What should you do?
A. Use the standard connectivity type.
B. Use the streamlined connectivity type.
C. Configure a device group.
D. Enable device discovery.
Answer: B
Explanation:
In Microsoft Defender for Endpoint, the streamlined connectivity type is specifically designed for scenarios where devices need to connect to Defender for Endpoint through a proxy service. This option helps ensure that devices use consolidated URLs and static IP ranges when making the connection, which aligns with your requirement. So, by choosing streamlined connectivity, you’ll be ensuring that the devices connect to Defender for Endpoint via the appropriate URLs and IP ranges in a manner that’s optimized for proxy scenarios.
NEW QUESTION 379
You have a Microsoft 365 subscription and use Microsoft Defender for Office 365. You need to recommend a solution to educate users on topics that relate to social engineering risks. The users must receive a weekly reminder to complete a learning task. What should you use in the Microsoft Defender portal?
A. Learning hub.
B. Campaigns.
C. Threat tracker.
D. Attack simulation training.
Answer: D
Explanation:
In Microsoft Defender for Office 365, Attack simulation training is a feature designed to educate users about social engineering risks, such as phishing attacks. This tool allows you to simulate real-world attacks and assess how users respond to them, providing an effective way to train them on recognizing and handling such threats.
NEW QUESTION 380
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Office 365. You need to create a policy that will quarantine messages containing attachments that match .apk and .appx extensions. Which type of policy should you configure?
A. anti-malware
B. anti-phishing
C. Safe Attachments
D. anti-spam
Answer: A
Explanation:
To quarantine messages containing attachments with specific file extensions (e.g., .apk and .appx), you need to configure an anti-malware policy in Microsoft Defender for Office 365.
NEW QUESTION 381
HotSpot
You have a Microsoft 365 E5 subscription that contains two groups named Group1 and Group2. You plan to configure a data loss prevention (DLP) strategy that meets the following requirements:
– Members of Group1 must be prevented from sharing documents that contain credit card numbers.
– Members of Group2 must be prevented from sharing documents that are classified as internal by Microsoft Purview Information Protection.
– The solution must minimize administrative effort.
You need to create a DLP policy for each group. Which condition should you add to each DIP policy rule for each group? (To answer, select the appropriate options in the answer area.)
Answer:
NEW QUESTION 382
HotSpot
You have a Microsoft 365 E5 subscription. You are investigating a suspicious email message that generated alerts in the Microsoft Defender portal. You need to examine the email message header and submit the message to Microsoft for review. Which two settings should you use? (To answer, select the appropriate settings in the answer area.)
Answer:
Explanation:
https://learn.microsoft.com/en-us/defender-office-365/submissions-admin
NEW QUESTION 383
HotSpot
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps. You need to create a file policy to generate an alert when a file is shared with a domain named fabrikam.com. How should you complete the filter for the policy? (To answer, select the appropriate options in the answer area.)
Answer:
NEW QUESTION 384
Drag and Drop
You have a Microsoft 365 E5 subscription and use Microsoft Defender for Cloud Apps. You need to configure Cloud Discovery to generate a report that identifies top potential risks and provides a workflow to mitigate and manage the risks. Which three actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Answer:
NEW QUESTION 385
Drag and Drop
You have a Microsoft 365 E5 subscription that contains two security groups named Group1 and Group2. You need to recommend an authentication solution that meets the following requirements:
– Members of Group1 must be able to authenticate by using a hardware token.
– Members of Group2 must be able to authenticate by using a public key infrastructure (PKI).
Which authentication method should you recommend for each group? (To answer, drag the appropriate methods to the correct groups. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
NEW QUESTION 386
Drag and Drop
You have a Microsoft 365 E5 subscription that contains two security groups named Group1 and Group2. You need to recommend an authentication solution to meet the following requirements:
– Administrators must be able to generate a time-limited code to allow the members of Group1 to authenticate without using their password.
– The members of Group2 must be able to authenticate by confirming a two-digit code on their mobile device.
Which authentication method should you recommend for each group? (To answer, drag the appropriate methods to the correct groups. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.)
Answer:
NEW QUESTION 387
……
Get the newest PassLeader MS-102 VCE dumps here: https://www.passleader.com/ms-102.html (392 Q&As Dumps)
And, DOWNLOAD the newest PassLeader MS-102 PDF dumps from Cloud Storage for free: https://drive.google.com/drive/folders/1EgG1HXOLli3rw4OX-3NpXshMm5dHpomY