ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 150 discussion

Actual exam question from Microsoft's MS-102
Question #: 150
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 ES subscription.

On Monday, you create a new user named User1.

On Tuesday, User1 signs in for the first time and perform the following actions:

• Signs in to Microsoft Exchange Online from an anonymous IP address.
• Signs in to Microsoft SharePoint Online from a device in New York City.
• Establishes Remote Desktop connections to hosts in Berlin and Hong Kong, and then signs in to SharePoint Online from the Remote Desktop connections.

Which types of sign-in risks will Azure AD Identity Protection detect for User1?

  • A. anonymous IP address and atypical travel only
  • B. anonymous IP address only
  • C. unfamiliar sign-in properties and atypical travel only
  • D. anonymous IP address and unfamiliar sign-in properties only
  • E. anonymous IP address, atypical travel, and unfamiliar sign-in properties
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vercracked_007 at Sept. 12, 2023, 6:58 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Demonster
Highly Voted 1 year, 9 months ago
Selected Answer: B
Correct answer. Atypical travel and Unfamiliar sign-in properties have learning period. The system has an initial learning period of the earliest of 14 days or 10 logins, during which it learns a new user's sign-in behavior.
upvoted 22 times
Krayzr
5 months, 2 weeks ago
https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks#atypical-travel
upvoted 2 times
...
BigO76
6 months, 2 weeks ago
Correct B. Atypical Travel and Unfamiliar Sign-In Properties rely on an established baseline
upvoted 2 times
...
...
NrdAlrt
Highly Voted 1 year, 7 months ago
Selected Answer: B
Just looking at this, the only thing the system should care about is the anonymous login since the user is new. Microsoft likes to paint their security products as being useful, not generating false positives for normal behavior. NYC login isn't bad by itself and remote desktop connections almost certainly have some sort of reputation/trust associated with them established by the IT department. The fact that they call out the the recent user creation date lends further credence they want you to demonstrate we know what detections require time to learn a new user.
upvoted 5 times
...
Frank9020
Most Recent 7 months, 1 week ago
Selected Answer: E
E. anonymous IP address, atypical travel, and unfamiliar sign-in properties
upvoted 3 times
...
Amir1909
1 year, 4 months ago
- anonymous IP adress and atypical travel only
upvoted 2 times
...
benpatto
1 year, 6 months ago
Agree with NrdAlrt, for atypical travel etc, it would make a difference if the user wasn't connecting over an RDP. Seeing as there's a RDP connection setup by the IT team, these would have to be trusted locations in the network to be able to access Sharepoint in the first place.
upvoted 1 times
...
poesklap
1 year, 7 months ago
Selected Answer: E
Anonymous IP address: User1 signed in from an anonymous IP address. Atypical travel: User1 established Remote Desktop connections to hosts in Berlin and Hong Kong, indicating atypical travel from New York City. Unfamiliar sign-in properties: The sign-in from an anonymous IP address and the sign-in from the Remote Desktop connections could be considered unfamiliar sign-in properties, as they deviate from the usual patterns of sign-ins.
upvoted 3 times
...
JensV
1 year, 9 months ago
B is correct as the other two indicators are still in learning mode for a newly created user https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#atypical-travel he system has an initial learning period of the earliest of 14 days or 10 logins, during which it learns a new user's sign-in behavior. https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#unfamiliar-sign-in-properties Newly created users are in "learning mode" period where the unfamiliar sign-in properties risk detection is turned off while our algorithms learn the user's behavior.
upvoted 2 times
poesklap
1 year, 7 months ago
In the scenario described, actions like signing in from an anonymous IP address, atypical travel, and establishing remote desktop connections to locations like Berlin and Hong Kong could be considered unusual and may trigger risk assessments, even during the learning period. The learning period allows the system to better understand the user's typical behavior and adapt its risk assessments accordingly.
upvoted 1 times
NrdAlrt
1 year, 7 months ago
Good point, but tough question still. I question why they include the info about when the user was created. That seems to be an intentional callout. Also remote desktops in a corporation would likely be excluded from those policies if they are allowing people to login from wherever.
upvoted 1 times
...
...
...
vercracked_007
1 year, 9 months ago
should be E https://learn.microsoft.com/en-us/azure/active-directory/identity-protection/concept-identity-protection-risks#risk-types-and-detection
upvoted 3 times
...
vercracked_007
1 year, 9 months ago
Should be A i think
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel