ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 3 discussion

Actual exam question from Microsoft's MS-102
Question #: 3
Topic #: 1
[All MS-102 Questions]

Overview -
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.

Existing Environment -

Active Directory Environment -
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication. Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected].
Fabrikam does NOT plan to implement identity federation.

Network Infrastructure -
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as DNS servers.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.

Requirements -

Planned Changes -
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
Project2: After the successful completion of Project1, Microsoft Teams will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.

Technical Requirements -
Fabrikam identifies the following technical requirements:
All users must be able to exchange email messages successfully during Project1 by using their current email address.
Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal.
Microsoft 365 Apps for enterprise applications must be installed from a network share only.
Disruptions to email access must be minimized.

Application Requirements -
Fabrikam identifies the following application requirements:
An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.
The installation of feature updates for Microsoft 365 Apps for enterprise must be minimized.

Security Requirements -
Fabrikam identifies the following security requirements:
After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
The membership of the UserLicenses group must be validated monthly. Unused user accounts must be removed from the group automatically.
After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloud-based applications automatically.
The principle of least privilege must be used.
Which role should you assign to User1?

  • A. Hygiene Management
  • B. Security Reader
  • C. Security Administrator
  • D. Records Management
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by osxzvkwpfcfxobqjby at Aug. 10, 2023, 8:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Nilz76
Highly Voted 1 year, 8 months ago
Selected Answer: B
The Security Reader role in Microsoft 365 provides permissions to read security information and reports. The main task for User1 as per the scenario is to view DLP reports, and this role provides the necessary permissions for that task without granting extra, potentially unnecessary, permissions.
upvoted 9 times
...
osxzvkwpfcfxobqjby
Highly Voted 1 year, 10 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/purview/microsoft-365-compliance-center-permissions
upvoted 9 times
...
Gordons_baba
Most Recent 1 month, 2 weeks ago
Selected Answer: B
Security Reader https://learn.microsoft.com/en-us/defender-office-365/scc-permissions
upvoted 1 times
...
EubertT
2 months, 2 weeks ago
Selected Answer: D
The correct answer is: ✅ D. Records Management 🧠 Explanation: The requirement states: "A user named User1 must be able to view all DLP reports from the Microsoft Purview compliance portal." To view and manage Data Loss Prevention (DLP) reports, the appropriate role is: 🔹 Records Management This role grants viewing and management rights over DLP policies and reports within the Microsoft Purview compliance portal. It aligns with Data Lifecycle Management and DLP-related tasks, including access to DLP reports and analytics. ❌ Why the other roles are incorrect: A. Hygiene Management → Related to anti-malware and spam policies in Exchange, not DLP. B. Security Reader → Can view security-related reports, but does not grant access to DLP reports in Purview Compliance Portal. C. Security Administrator → Grants broad permissions across Microsoft Defender and Security Center, exceeding the least privilege requirement for just viewing DLP reports.
upvoted 2 times
...
njagh57Hb
5 months ago
Selected Answer: B
Answer is Security Reader - see https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#security-reader
upvoted 1 times
...
MR_Eliot
10 months ago
Selected Answer: B
B is correct.
upvoted 1 times
...
iamchoy
1 year ago
Selected Answer: B
OBVIOUSLY B
upvoted 1 times
...
Kaybee2022
1 year, 3 months ago
Least privilege should be security administrator because it is stating that User1 should be able to review only. Answer C https://learn.microsoft.com/en-us/purview/purview-compliance-portal-permissions
upvoted 2 times
...
Charard
1 year, 5 months ago
Selected Answer: B
Security reader is the correct answer.
upvoted 1 times
...
AvoKikinha
1 year, 7 months ago
The role you should assign to User1 is Security Reader. This role in Microsoft 365 compliance center would allow User1 to view all DLP reports from the Microsoft Purview compliance portal, as required by the technical requirements. So, the correct answer is B. Security Reader.
upvoted 3 times
...
Nocho
1 year, 7 months ago
B. Security Reader is the correct answer: Microsoft Documentation: Security Reader - View and investigate active threats to your Microsoft 365 users, devices, and content,
upvoted 4 times
...
dede321
1 year, 7 months ago
To allow User1 to view all Data Loss Prevention (DLP) reports from the Microsoft Purview compliance portal, you should assign the Security Administrator role. The Security Administrator role in Microsoft 365 is responsible for configuring and managing security-related settings, including DLP policies and reports. So, the correct answer is: C. Security Administrator
upvoted 1 times
...
imlearningstuffagain
1 year, 8 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/answers/questions/1297022/view-the-reports-for-dlp-on-the-compliance-center
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel