Microsoft MS-102 Administrator Exam Topics
Despite the title of this article, this is not a MS-102 exam braindump in the traditional sense.
I do not believe in cheating.
Traditionally, the term braindump referred to someone taking an exam, memorizing the questions, and sharing them online for others to use.
That practice is unethical and violates the certification agreement. It offers no integrity, no genuine learning, and no professional growth.
This is not a Microsoft 365 certification exam dump. All of these questions come from my MS-102 study materials and from the certificationexams.pro website, which offers hundreds of free MS-102 practice questions.
Real MS-102 Sample Questions
Each question has been carefully written to align with the official MS-102 Microsoft 365 Administrator exam objectives. They reflect the tone, logic, and technical depth of real Microsoft 365 administration scenarios, but none are copied from the actual test.
MS-102 Administrator Practice Questions
If you can answer these questions and understand why the incorrect options are wrong, you will not only pass the real MS-102 exam but also gain the foundational knowledge needed to manage Microsoft 365 environments with confidence.
You can call this your MS-102 exam dump if you like, but every question here is designed to teach the MS-102 exam objectives, not to cheat.
| Git, GitHub & GitHub Copilot Certification Made Easy |
|---|
| Want to get certified on the most popular AI, ML & DevOps technologies of the day? These five resources will help you get GitHub certified in a hurry.
Get certified in the latest AI, ML and DevOps technologies. Advance your career today. |
MS-102 365 Expert Exam Questions
MS-102 Certification Question 1
A regional consulting firm named Blue Ridge Tech plans to install Microsoft 365 Apps for Enterprise to endpoints from a local file server rather than downloading from the internet. Which tool is primarily used to carry out that installation locally?
-
❏ A. Microsoft Intune
-
❏ B. PowerShell
-
❏ C. Azure DevOps
-
❏ D. Office Deployment Tool (ODT)
MS-102 Certification Question 2
Your operations team at MapleTech is creating a Log Analytics workspace in Microsoft Azure and needs to decide on a retention period for collected logs. What is the longest retention interval you can configure for logs in that workspace?
-
❏ A. 550 days
-
❏ B. 365 days
-
❏ C. 180 days
-
❏ D. 730 days
MS-102 Certification Question 3
NovaWorks uses Microsoft 365 and a staff member named AdminUser requires temporary elevated access. AdminUser must be able to adjust Microsoft Teams policy settings and update Microsoft 365 user accounts. The elevated access must be granted only for 12 hours and must require approval before activation. Which solution should you implement?
-
❏ A. Azure Information Protection
-
❏ B. Azure AD Conditional Access
-
❏ C. Azure AD Privileged Identity Management (PIM)
-
❏ D. Microsoft Entra Identity Governance
MS-102 Certification Question 4
A regional retail chain wants to measure its cyber defense readiness by running exercises that emulate real attacker tactics and behaviors. Which Microsoft 365 Defender capability should the security team deploy to conduct those realistic tests?
-
❏ A. Proactive threat hunting
-
❏ B. Attack simulation training
-
❏ C. Vulnerability assessment and risk analysis
-
❏ D. Security performance dashboards
-
❏ E. Threat surface reduction measures
MS-102 Certification Question 5
You oversee IT for a regional consultancy that uses Microsoft 365 and the internal DNS domain differs from the public DNS domain. How should the organization’s internal DNS servers treat Autodiscover lookup requests from users on the corporate LAN?
-
❏ A. Prevent Autodiscover lookups at the DNS layer
-
❏ B. Forward Autodiscover queries to public DNS resolvers
-
❏ C. Use a managed public DNS service such as Cloud DNS to resolve the names
-
❏ D. Create internal Autodiscover records that resolve to internal endpoints
MS-102 Certification Question 6
At FinTrust Bank the compliance team documents information barriers as only supporting reciprocal blocks so that members of Group Alpha cannot initiate communication with members of Group Beta and members of Group Beta cannot initiate communication with members of Group Alpha. Is that statement correct?
MS-102 Certification Question 7
You manage Microsoft 365 for a multinational consulting firm called Meridian Tech and you will run a small Azure Active Directory pilot for a handful of teams. You want to synchronize only a specific subset of employees to Azure AD for the pilot. Which synchronization filtering method should you choose?
-
❏ A. Attribute based filtering
-
❏ B. Domain based filtering
-
❏ C. Filtering by group membership
-
❏ D. Organizational unit filtering
MS-102 Certification Question 8
The security team at BlueWave Solutions wants to evaluate defenses and identify areas for improvement. In the Microsoft Defender portal which component ranks remediation recommendations by their likely impact?
-
❏ A. Threat analytics
-
❏ B. Advanced Hunting
-
❏ C. Secure Score
-
❏ D. Incident dashboard
-
❏ E. Reports
MS-102 Certification Question 9
Horizon Capital has recently moved its workforce to Microsoft 365 and you must design a data protection approach that detects confidential material using predefined patterns and that prevents identified confidential data from being sent in Microsoft Teams messages or shared from OneDrive. Which features should you implement to satisfy these requirements? (Choose 2)
-
❏ A. Communication compliance
-
❏ B. Sensitivity labels
-
❏ C. Trainable classifier
-
❏ D. Information barriers
-
❏ E. Data Loss Prevention policy
MS-102 Certification Question 10
You are configuring Azure AD Connect using the Express configuration for a company named Meridian Retail and you want the on-premises Active Directory to stay synchronized with the cloud. What does the Express configuration synchronize with Azure Active Directory?
-
❏ A. Additional user attributes
-
❏ B. User accounts passwords and other attributes
-
❏ C. User accounts
-
❏ D. Passwords and credential hashes
MS-102 Certification Question 11
You are the compliance administrator at BlueRiver Solutions and you removed a sensitivity label from the enterprise labeling policy that applies to all user accounts and services. How long should you wait for the change to replicate across services and users?
-
❏ A. 12 hours
-
❏ B. 48 hours
-
❏ C. 1 hour
-
❏ D. 24 hours
MS-102 Certification Question 12
You are the systems administrator for a growing nonprofit called HarborTech Solutions and you have been asked to roll out Microsoft Purview Privileged Access Management to strengthen control over elevated accounts. What is the first action you should take to begin using PAM?
-
❏ A. Enable Azure AD Privileged Identity Management
-
❏ B. Approve incoming privileged access requests
-
❏ C. Create an approver group
-
❏ D. Create an access policy in Purview
MS-102 Certification Question 13
Riverton Institute is a large university made up of independent colleges and schools. The IT department plans to use administrative units so each college IT team can be delegated specific directory permissions limited to their college. The College of Engineering requires its IT staff to manage user accounts, perform password resets, and control group membership only for users who belong to that college. Which directory role should be assigned to the College of Engineering IT staff with its scope constrained to their administrative unit?
-
❏ A. Groups Administrator
-
❏ B. Authentication Administrator
-
❏ C. User Administrator
-
❏ D. Global Administrator
MS-102 Certification Question 14
You are a tenant administrator at Northbridge Systems and you need to add a large batch of employee accounts at once. What initial step should you take in the Azure Active Directory admin center to start bulk user creation?
-
❏ A. Users > Active users
-
❏ B. Users > Deleted users
-
❏ C. Users > Bulk delete
-
❏ D. Users > Bulk create
MS-102 Certification Question 15
Which statements about confidence thresholds for sensitive information types in Aegis Compliance are correct? (Choose 4)
-
❏ A. A medium confidence threshold is associated with a numeric value of 85
-
❏ B. A high confidence threshold will only return matches that are classified as high confidence
-
❏ C. A low confidence threshold will return matches at low medium and high confidence levels
-
❏ D. Using a high confidence threshold reduces false positives but may increase false negatives
MS-102 Certification Question 16
A security team at a healthcare technology firm named NovaHealth has detected a widescale malware campaign affecting peer organizations and they need a Microsoft 365 Defender capability that provides detailed threat actor profiles their tactics and recommended mitigation steps. Which capability should they use?
-
❏ A. Advanced hunting
-
❏ B. Incidents and alerts
-
❏ C. Threat explorer
-
❏ D. Secure Score
-
❏ E. Threat analytics
MS-102 Certification Question 17
A regional consultancy is preparing to synchronize its on-premises Active Directory with Microsoft 365 and the identity team plans to use IdFix to find and fix synchronization issues. What combination of steps should the team perform to use IdFix effectively and ensure a reliable synchronization process?
-
❏ A. Use IdFix and apply the “Accept all suggested updates” option together with manually reviewing each error and exporting the findings to a CSV file for offline bulk edits
-
❏ B. Run IdFix from a workstation that has read and write access to the on-premises directory then manually review each detected issue and export results to CSV for offline editing and reimport
-
❏ C. Run IdFix on a machine with read and write access and use the “Accept all suggested updates” button to apply fixes immediately
-
❏ D. Execute IdFix with read and write permissions use the “Accept all suggested updates” option manually verify each correction and export the list for CSV based bulk updates
MS-102 Certification Question 18
When onboarding a custom domain for ContosoCloud what DNS record do administrators most commonly add to validate ownership of the domain?
-
❏ A. MX record
-
❏ B. TXT or CNAME record
-
❏ C. Cloud DNS
-
❏ D. A record
MS-102 Certification Question 19
A regional retailer runs a Microsoft 365 tenant and has an employee named Dana. Dana uses four endpoints in her job. The first endpoint is a desktop with Windows 11 and the second endpoint runs Windows 10. The third endpoint is an Android phone and the fourth endpoint is an iPad. The tenant creates a sensitivity label named ConfidentialHeader that inserts a custom header and applies it to a document named InvoiceA. When Dana opens InvoiceA which endpoints will show the custom header?
-
❏ A. Windows 11, Windows 10, Android and iPad
-
❏ B. Windows 11 host only
-
❏ C. Windows 11 and Windows 10 machines
-
❏ D. Windows 11 Windows 10 and Android device
MS-102 Certification Question 20
A digital services company in Sweden manages about 850 endpoints that run Windows 11. During the initial configuration the telemetry was sent to data centers in the United States and the company now needs to keep logs in Europe to meet GDPR requirements. The organization plans to enroll all endpoints into Microsoft Defender for Endpoint. What step should the IT team take to satisfy the data residency requirement?
-
❏ A. Delete the existing United States workspace
-
❏ B. Use Google Cloud Storage location controls to redirect telemetry to Europe
-
❏ C. Offboard endpoints from the current workspace and then enroll them into a European workspace
-
❏ D. Create a new Microsoft Defender for Endpoint workspace in Europe
MS-102 Certification Question 21
Which of these tasks cannot be completed directly in the Contoso Identity admin portal when managing external users?
-
❏ A. Send an invitation to add an external guest account
-
❏ B. Automatically provision guest accounts from a third party identity provider
-
❏ C. Enable multifactor authentication for external guest accounts
-
❏ D. Promote a guest account to a regular member account
MS-102 Certification Question 22
A small consulting firm called Harborpoint has about 12 to 15 employees and plans to use Microsoft Intune, and they need to register their Windows workstations with Entra ID so management policies can be applied; what is the minimum Windows release they must run to ensure Intune can push all device policies?
-
❏ A. Windows 8.1
-
❏ B. Windows 11
-
❏ C. Windows 10
-
❏ D. Windows 8
MS-102 Certification Question 23
A corporate counsel team at Meridian Advisory has deployed sensitivity labels in Microsoft 365. The firm needs to make a “Top Tier Confidential” label visible only to members of the Legal team while keeping it hidden from other departments. What should the administrator do?
-
❏ A. Edit the existing sensitivity label and add the Legal team to its scope
-
❏ B. Create a new sensitivity label called “Top Tier Confidential” and publish it to the entire organization
-
❏ C. Create a separate label publishing policy that contains the “Top Tier Confidential” label and target it exclusively to the Legal team
-
❏ D. Modify the current label publishing policy to distribute the “Top Tier Confidential” label to every user in the tenant
MS-102 Certification Question 24
BrightLearn uses Microsoft 365 and wants to verify that all incoming email senders are authenticated before messages reach employees. Which Microsoft 365 Defender policy should they configure?
-
❏ A. Safe Attachments
-
❏ B. Anti-spam
-
❏ C. Anti-phishing
-
❏ D. Safe Links
MS-102 Certification Question 25
Fill in the blank with the appropriate term. Contoso Directory Connect __ is a capability that lets you synchronize on premises Active Directory objects to Contoso Entra ID and it provides attribute mapping scoping filters and on demand provisioning for validating configuration changes?
-
❏ A. staging mode
-
❏ B. password hash synchronization
-
❏ C. cloud sync
-
❏ D. pass through authentication
MS-102 Certification Question 26
Your IT team at Northbridge Systems is preparing to deploy Microsoft Defender for Endpoint and must decide how long to keep telemetry and event logs. What is the maximum retention period that should be configured for Microsoft Defender for Endpoint?
-
❏ A. 52 weeks
-
❏ B. 4 weeks
-
❏ C. 26 weeks
-
❏ D. 13 weeks
MS-102 Certification Question 27
You are a systems engineer at Nova Systems and you must set an expiration for encrypted messages sent to external recipients. Which PowerShell cmdlet should you run to create a custom OME configuration that specifies the message expiry?
-
❏ A. Set-OMEConfiguration
-
❏ B. Cloud KMS
-
❏ C. New-OMEConfiguration
-
❏ D. Set-TransportRule
MS-102 Certification Question 28
A staff member at a regional agency had trouble activating their Microsoft 365 apps and asked the IT administrator to open a support request with Microsoft. From which administrator console should the administrator file the support request?
-
❏ A. Microsoft Entra ID
-
❏ B. Azure portal
-
❏ C. Microsoft 365 Admin Center
-
❏ D. Endpoint Manager admin center
MS-102 Certification Question 29
A regional bank is preparing to connect its on-premises Active Directory to Azure AD. Which synchronization tool does the platform vendor recommend for keeping user identities synchronized?
-
❏ A. Azure DevOps
-
❏ B. Google Cloud Directory Sync
-
❏ C. Azure AD Connect
-
❏ D. Azure Logic Apps
MS-102 Certification Question 30
Your company has adopted a Zero Trust security approach and you are responsible for configuring access policies that consider the user device location and session risk for every access attempt, which Azure capability should you use to make those dynamic access decisions?
-
❏ A. Azure Blob Storage
-
❏ B. Azure Active Directory conditional access
-
❏ C. Azure Kubernetes Service
-
❏ D. Azure Virtual Machines
MS-102 Certification Question 31
You are the data protection lead at Apex Insurance and you must prevent unauthorized sharing and movement of confidential information across productivity apps and cloud services. Which Microsoft Purview feature should you implement?
-
❏ A. Microsoft Purview Content Explorer
-
❏ B. Microsoft Purview Activity Explorer
-
❏ C. Microsoft Purview Data Classification
-
❏ D. Microsoft Purview Data Loss Prevention (DLP)
MS-102 Certification Question 32
Lena is an identity administrator at Fabrikam Solutions and the company plans to synchronize their on site Active Directory with Microsoft Entra ID by using Microsoft Entra Connect cloud sync. Lena has applied the initial configuration and she wants to trial some changes on a single account before rolling them out to the entire tenant. Which feature should Lena use to validate her configuration changes on one user without impacting the full directory?
-
❏ A. Attribute mapping
-
❏ B. Accidental deletion safeguards
-
❏ C. Scoping filters
-
❏ D. On demand provisioning
MS-102 Certification Question 33
You are the IT lead for a global company named Aurora Dynamics and the organization has chosen Microsoft 365 Backup to protect business operations. You must configure backups for the company OneDrive SharePoint and Exchange environments. What is the correct order of steps to configure Microsoft 365 Backup?
-
❏ A. Create backup policies first then enable pay as you go billing and finally turn on Microsoft 365 Backup
-
❏ B. Enable pay as you go billing in Azure then turn on Microsoft 365 Backup and then create backup policies for OneDrive SharePoint and Exchange
-
❏ C. Turn on Microsoft 365 Backup then enable pay as you go billing and then create backup policies
-
❏ D. Activate Microsoft 365 Backup then define backup policies and lastly enable pay as you go billing
MS-102 Certification Question 34
You are the security administrator for a regional finance company and you need to update an existing “Safe Links” policy in the Contoso Security Console. Which area of the console should you open to modify that policy?
-
❏ A. Policies and rules
-
❏ B. Security and compliance
-
❏ C. Threat policies
-
❏ D. User management
MS-102 Certification Question 35
NovelTech Solutions has just provisioned a Microsoft 365 E5 tenant and the security defaults are active. A newly added employee is signing into the tenant for the first time. Under Microsoft’s default configuration which multi factor authentication method will be presented to the user and how many days do they have to complete the MFA registration?
-
❏ A. Call to the registered phone, 75 days
-
❏ B. Temporary Access Pass issued by an admin, 36 days
-
❏ C. Notification sent to the Microsoft Authenticator app, 11 days
-
❏ D. Text message to a mobile number, 9 days
MS-102 Certification Question 36
When your security team creates information barrier rules for a company such as Meridian Analytics how should those rules be left until the team is prepared to enforce them?
-
❏ A. Pending review
-
❏ B. Active
-
❏ C. Draft
-
❏ D. Inactive
MS-102 Certification Question 37
When delegating administration to an external IT provider for the Microsoft 365 tenant owned by NorthWave Inc which configuration allows the provider to assign administrative roles to the organization users while preventing the provider from managing the tenant multi factor authentication settings to meet strict compliance requirements?
-
❏ A. Create a custom role in Microsoft Entra ID that grants user management and role assignment but explicitly excludes permissions for security settings and MFA policies
-
❏ B. Authorize the provider as a “Delegated Admin” in the Microsoft 365 admin center and assign the “Global Administrator” role
-
❏ C. Authorize the provider as a “Delegated Admin” in the Microsoft 365 admin center and assign the “Admin Agent” role
-
❏ D. Grant the provider the read oriented “Helpdesk Agent” role and require escalation through the Microsoft Entra admin center for role assignment tasks
MS-102 Certification Question 38
You work as an IT security engineer at GreenField Technologies and you are using PowerShell to add a new Safe Links policy for your organization. Which PowerShell cmdlet should you run to create the Safe Links policy?
-
❏ A. Set-SafeLinksPolicy
-
❏ B. New-SafeLinksRule
-
❏ C. New-SafeLinksPolicy
-
❏ D. Set-SafeLinksRule
MS-102 Certification Question 39
A system administrator must grant a staff member named Alex the ability to view and investigate service health advisories for SummitCloud Workplace services while following the principle of least privilege. Which role should be assigned to Alex?
-
❏ A. Message Board Reader
-
❏ B. Compliance Manager
-
❏ C. Support Services Administrator
-
❏ D. Analytics Reports Reader
MS-102 Certification Question 40
Which two terms correctly fill the blanks in this sentence A retention blank can be applied to multiple locations including Exchange mailboxes SharePoint sites OneDrive accounts and Microsoft 365 Groups while a retention blank can be applied to individual items such as emails or documents?
-
❏ A. label and policy
-
❏ B. policy and label
-
❏ C. rule and setting
-
❏ D. policy and tag
MS-102 Certification Question 41
You need to determine how many times Exchange Online was unavailable during the past 45 days for Cascadia Financial. You intend to check the Reports area of the Microsoft 365 admin portal to retrieve those outage counts. Is that the right approach?
MS-102 Certification Question 42
Complete the sentence with the correct term. Contoso Identity Password Protection uses two banned password lists. One is the global banned password list which is enforced automatically for every account in a Contoso directory and the other is the __ banned password list that lets administrators add organization specific entries?
-
❏ A. directory
-
❏ B. custom
-
❏ C. tenant
-
❏ D. organization
MS-102 Certification Question 43
You are the systems administrator for Aurora Health Systems and you suspect that an employee mailbox has been compromised and is sending outbound spam messages. Which pool does Exchange Online Protection route such suspicious outgoing mail through to preserve the service reputation?
-
❏ A. No risk delivery pool
-
❏ B. Moderate risk delivery pool
-
❏ C. Elevated risk delivery pool
-
❏ D. Low risk delivery pool
MS-102 Certification Question 44
A regional firm called Northstar Financial needs to preserve documents and email messages that contain the personal data of European Union residents for nine years. Which configuration should be applied to fulfill this retention requirement?
-
❏ A. A data loss prevention policy in the Exchange admin center
-
❏ B. A retention policy configured in the Exchange admin center
-
❏ C. A retention rule created in the Microsoft Purview compliance portal
-
❏ D. A data loss prevention policy in the Microsoft Purview compliance portal
MS-102 Certification Question 45
In the Contoso 365 administration portal which page lets administrators buy new subscriptions and handle license assignments?
-
❏ A. Billing
-
❏ B. Purchase services
-
❏ C. Tenant settings
-
❏ D. Products and subscriptions
MS-102 Certification Question 46
Maya is the office coordinator at a small design studio and she must create and maintain shared contacts that every employee can access using Microsoft 365. The directory includes clients vendors and freelance partners. What actions can Maya perform in the Microsoft 365 admin center to manage these shared contacts?
-
❏ A. Import multiple contacts from a CSV file
-
❏ B. Modify existing contact details
-
❏ C. Perform all of these tasks in the Microsoft 365 admin center
-
❏ D. Create individual mail contacts with email addresses and phone numbers
MS-102 Certification Question 47
When evaluating findings from Cloud App Discovery what steps should administrators take to address identified issues? (Choose 3)
-
❏ A. Produce audit and usage reports to support compliance and operational decisions
-
❏ B. Investigate applications that receive high risk or suspicious scores
-
❏ C. Immediately block every unsanctioned application without assessment
-
❏ D. Implement conditional access rules to control app access based on risk signals
MS-102 Certification Question 48
A regional advisory firm has rolled out Microsoft 365 and needs to keep every email in the CEO mailbox for 8 years while emails in other executive mailboxes must be kept for 6 years. Which approach meets these retention requirements while keeping administrative work to a minimum?
-
❏ A. Place the CEO mailbox on litigation hold and rely on the standard retention configuration for the other executive mailboxes
-
❏ B. Create one 6 year organization retention policy for all executive mailboxes and apply an 8 year retention label specifically to the CEO mailbox
-
❏ C. Create two distinct retention policies with one set to 8 years targeting the CEO mailbox and another set to 6 years targeting the other executive mailboxes
-
❏ D. Apply a single 8 year retention policy to all executive mailboxes and then create 6 year retention labels for the remaining executives
MS-102 Certification Question 49
Which implementation phase concentrates on bringing in user accounts enabling directory synchronization and preparing guest access procedures?
-
❏ A. Set Identity and Access Management Policies
-
❏ B. Configure and Maintain Applications
-
❏ C. Audit Elevated Privileges Conduct an Access Review and Handle User Lifecycle
-
❏ D. Import Accounts Enable Directory Synchronization and Manage Devices
MS-102 Certification Question 50
Contoso Service Health provides tailored alerts and support when platform components affect your workloads and it includes three parts which are Global Status Service Health and Resource Health. Where in the Contoso portal do Service Health notifications appear?
-
❏ A. Settings > Service health
-
❏ B. Resources > Service health
-
❏ C. Monitor > Service health
-
❏ D. Services > Service health
-
❏ E. Management > Service health
MS-102 Certification Questions Answered
MS-102 Certification Question 1
A regional consulting firm named Blue Ridge Tech plans to install Microsoft 365 Apps for Enterprise to endpoints from a local file server rather than downloading from the internet. Which tool is primarily used to carry out that installation locally?
-
✓ D. Office Deployment Tool (ODT)
Office Deployment Tool (ODT) is correct.
The Office Deployment Tool is a Microsoft command line utility that administrators use to download Microsoft 365 Apps source files and to create a configuration file that controls what is installed and how. You can use the ODT to download installation files one time to a local network share and then run the setup on endpoints so installations occur from the local file server rather than from the internet.
The ODT supports offline deployments by letting you specify product selection, update channel, languages, and install behavior in the configuration XML. Administrators run the tool to create the source files and then invoke setup.exe with the configuration file on client machines to perform the local installation.
Microsoft Intune is not the primary tool for creating an offline Office package. Intune can deploy apps and manage devices from the cloud and it can deploy packages that were prepared with other tools, but it does not itself produce the local installation source and configuration that ODT provides.
PowerShell can automate many deployment tasks and it can call the ODT or run the Office setup, but PowerShell is a scripting environment rather than the package creation and configuration tool that you use to build the offline install files.
Azure DevOps is a CI CD and build service that can orchestrate pipelines and store artifacts, but it is not the standard Microsoft tool for preparing Microsoft 365 Apps installation packages for local network deployment.
Cameron’s Microsoft 365 Certification Exam Tip
When the question asks about installing Microsoft 365 Apps from a local share think of the tool that creates the install files and configuration file. Practice creating a configuration.xml and downloading sources with the Office Deployment Tool on a test share before you deploy broadly.
MS-102 Certification Question 2
Your operations team at MapleTech is creating a Log Analytics workspace in Microsoft Azure and needs to decide on a retention period for collected logs. What is the longest retention interval you can configure for logs in that workspace?
The correct answer is 730 days.
Azure Log Analytics workspaces support setting a retention period for collected log data and the maximum configurable retention is two years which is expressed as 730 days. You set this value in the workspace retention settings and data older than the configured retention is removed unless you use archive or export options.
550 days is incorrect because it is below the supported maximum and does not reflect the two year limit.
365 days is incorrect because one year is a common retention choice but it is not the maximum allowed value.
180 days is incorrect because it is a shorter retention period and well under the platform maximum.
Cameron’s Microsoft 365 Certification Exam Tip
When a question asks for the longest allowed retention look for the maximum platform limit and do not confuse common defaults with the maximum. Remember that the maximum for Log Analytics retention is 730 days.
MS-102 Certification Question 3
NovaWorks uses Microsoft 365 and a staff member named AdminUser requires temporary elevated access. AdminUser must be able to adjust Microsoft Teams policy settings and update Microsoft 365 user accounts. The elevated access must be granted only for 12 hours and must require approval before activation. Which solution should you implement?
-
✓ C. Azure AD Privileged Identity Management (PIM)
Azure AD Privileged Identity Management (PIM) is the correct solution for this scenario.
PIM enables just in time elevation of administrative roles and it supports eligible assignments that require activation for a limited duration. You can configure approval workflows and set the maximum activation time so AdminUser can request elevation that only lasts the required 12 hours and that requires an approver before activation.
Azure Information Protection is incorrect because it is focused on labeling and protecting documents and email and it does not provide mechanisms to grant temporary administrative privileges.
Azure AD Conditional Access is incorrect because it is used to enforce access controls and risk based policies and not to provide time bound role elevation with approval workflows.
Microsoft Entra Identity Governance is incorrect because it describes a broad set of governance capabilities such as entitlement management and access reviews and it does not itself implement the just in time privileged activation and approval experience that PIM provides.
MS-102 Certification Question 4
A regional retail chain wants to measure its cyber defense readiness by running exercises that emulate real attacker tactics and behaviors. Which Microsoft 365 Defender capability should the security team deploy to conduct those realistic tests?
-
✓ B. Attack simulation training
Attack simulation training is the correct option.
This capability in Microsoft 365 Defender lets security teams build and run realistic simulations of attacker tactics and behaviors so they can test user susceptibility, measure detection and response, and improve defensive controls through repeatable exercises. The feature includes templates for phishing and credential harvest simulations and reporting that shows how users and systems responded during the scenarios.
Proactive threat hunting is incorrect because hunting is an active investigative process to find threats in your environment rather than a controlled service for emulating attacker behavior and training defenses.
Vulnerability assessment and risk analysis is incorrect because those capabilities focus on finding and prioritizing software and configuration issues rather than executing attacker-style simulations against users and controls.
Security performance dashboards is incorrect because dashboards provide metrics and visibility about security posture and incidents rather than running realistic attack simulations for testing readiness.
Threat surface reduction measures is incorrect because those controls aim to reduce exposure and block malicious behavior proactively rather than to emulate attacker tactics in order to run training exercises.
Cameron’s Microsoft 365 Certification Exam Tip
When a question asks about running realistic attacker exercises look for the option that explicitly mentions “simulation” or “training” and not the options that focus on monitoring, metrics, or vulnerability scanning. Picking the feature that runs controlled attacks will usually be the right choice.
