Back to Microsoft 365 Administrator MS-102 questions

Scenario-based practice

Troubleshooting Scenario Questions

Practise Microsoft 365 Administrator MS-102 practice questions — original exam-style scenarios covering every exam domain, with detailed explanations, wrong-answer analysis, and common exam traps.

15
scenario questions
MS-102
exam code
Microsoft
vendor

Scenario guide

How to approach troubleshooting scenario questions

These questions describe a network symptom and ask you to identify the root cause or the correct fix. They appear across all certification exams and reward systematic thinking over memorisation. The best candidates follow a consistent troubleshooting framework even under time pressure.

Quick answer

Troubleshooting Scenario Questions questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Related practice questions

Related MS-102 topic practice pages

Scenario questions usually connect to one or more exam topics. Use these links to review the underlying concepts behind the scenario.

Practice set

Practice scenarios

Question 1easymultiple choice
Read the full DNS explanation →

An administrator has added a custom domain 'contoso.com' to their Microsoft 365 tenant and verified ownership. However, users are unable to receive emails sent to their custom domain. Which type of DNS record must the administrator add in the public DNS zone to route emails to Exchange Online?

Question 2hardmultiple choice
Full question →

A user with an E5 license is unable to use Azure Information Protection (AIP). The admin confirms the license is assigned. What is the most likely cause?

Question 3hardmultiple choice
Full question →

You are troubleshooting a user who reports that they cannot access Microsoft Teams. The user has an E3 license assigned, but Teams is grayed out in the app launcher. You verify that the user is assigned the correct license and that the service plan for Teams is enabled. What is the most likely cause?

Question 4mediummultiple choice
Full question →

A security analyst investigates a potential data exfiltration incident. The analyst identifies that a user's device has made multiple connections to an unknown external IP address using a custom port. Which Microsoft Defender XDR data source would provide the most detailed network communication logs for this investigation?

Question 5hardmultiple choice
Full question →

You are troubleshooting an issue where users from a partner organization cannot access a shared app in your Microsoft Entra ID tenant. The partner uses Microsoft Entra ID with a custom domain. You have configured cross-tenant access settings. Which setting is most likely misconfigured?

Question 6hardmultiple choice
Full question →

You are troubleshooting why a user cannot access a SharePoint Online site. The user is assigned a Conditional Access policy that requires compliant device, and the device is enrolled in Microsoft Intune but shows as non-compliant. What is the most likely cause?

Question 7easymultiple choice
Full question →

You are troubleshooting a user who cannot sign in to Microsoft Teams. Sign-in logs show error code 53003 with additional details 'Blocked by Conditional Access'. The user is a member of a group that is excluded from the Conditional Access policy. What is the most likely cause?

Question 8mediummultiple choice
Full question →

Your organization uses Microsoft Defender for Identity. You receive an alert about a potential DCSync attack. What should you do to investigate this alert in Microsoft Defender XDR?

Question 9mediummultiple choice
Full question →

Your organization uses Microsoft Defender for Identity. You receive an alert about a suspicious Kerberos ticket request. You need to investigate which user account is potentially compromised. Which tool should you use to correlate the alert with user activity?

Question 10easymultiple choice
Full question →

Your organization uses Microsoft Defender for Endpoint (MDE). A security analyst needs to investigate a file that was detected as malicious on several devices. The analyst wants to see the file's prevalence across the organization and other related events. Which feature in MDE should the analyst use?

Question 11easymultiple choice
Full question →

Your company uses Microsoft Defender XDR. You need to review the list of incidents that were investigated automatically by the system. Where should you navigate in the Microsoft Defender portal?

Question 12hardmultiple choice
Full question →

Your organization uses Microsoft Defender for Identity. You need to investigate an alert indicating a suspected lateral movement using pass-the-hash from a compromised workstation. Which entity should you prioritize examining in the investigation timeline?

Question 13mediummultiple choice
Full question →

A company's security team needs to investigate a suspicious email that was reported by a user. The email was not blocked by Exchange Online Protection (EOP) and was delivered to the user's inbox. The security team wants to use Microsoft Defender XDR to analyze the email and its attachments. Which feature should they use to submit the email for automated investigation?

Question 14mediummultiple choice
Full question →

A user reports that they are unable to access a file in SharePoint Online. You check the audit log and see that the file was quarantined by Microsoft Defender for Office 365. What is the most likely reason?

Question 15easymultiple choice
Full question →

A company wants to use Microsoft Defender XDR to automatically investigate and remediate threats across email, endpoints, and identities. Which role is required to configure automation settings in the Microsoft 365 Defender portal?

These MS-102 practice questions are part of Courseiva's free Microsoft certification practice question bank. Courseiva provides original exam-style MS-102 questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.