MS-102 · topic practice

Scenario practice questions

Practise Microsoft 365 Administrator MS-102 Scenario practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
13 questionsDomain: Scenario

What the exam tests

What to know about Scenario

Scenario questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Scenario exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Scenario questions

13 questions · select your answer, then reveal the explanation

Question 1hardmultiple choice
Read the full Scenario explanation →

A development team builds a background service that needs to read all users' calendars via Microsoft Graph without a signed-in user. The service will run on a server with a client secret. Which OAuth 2.0 grant flow should the application use?

Question 2mediummultiple choice
Read the full Scenario explanation →

An administrator has configured group-based licensing in Azure AD. After adding users to the group, some users do not receive licenses. The users are in the group and have an assigned usage location. What is a possible reason?

Question 3hardmultiple choice
Read the full Scenario explanation →

A security administrator needs to block outbound network connections from a compromised Windows device to command-and-control servers. The solution must work at the network layer and be centrally managed via Microsoft 365 Defender. Which feature should the administrator enable?

Match each Microsoft 365 threat scenario to the appropriate protection.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Anti-phishing policy in Defender for Office 365

Safe Attachments policy

Safe Links policy

Identity Protection and Conditional Access

Data Loss Prevention policy

Question 5easymultiple choice
Read the full Scenario explanation →

A company uses hybrid identity with Azure AD Connect and password hash synchronization. They want to enable Self-Service Password Reset (SSPR) with password writeback so that users can reset their on-premises Active Directory passwords. Which Azure AD license is required?

Question 6mediummultiple choice
Read the full Scenario explanation →

A company uses Microsoft Entra ID P2 licenses. They want to block all authentication attempts from an internal app that uses legacy authentication protocols (POP3, IMAP, SMTP) because these protocols cannot enforce multi-factor authentication. Which Conditional Access policy setting should be used?

Question 7hardmultiple choice
Read the full Scenario explanation →

A security analyst is investigating a suspected credential theft attack where an attacker attempts to dump credentials from LSASS. Which Attack Surface Reduction (ASR) rule should the administrator enable to block this activity from untrusted processes?

Question 8mediummultiple choice
Read the full Scenario explanation →

An organization uses Microsoft Entra ID P2 licenses. They need to require multi-factor authentication (MFA) for all users accessing a critical financial application, but they must exclude a set of service accounts that are members of the 'Service Accounts' group. Which policy should they create?

Question 9hardmulti select
Read the full Scenario explanation →

You are planning a Microsoft 365 tenant migration from another tenant. You need to migrate email, OneDrive, and SharePoint content. Which THREE tools or methods can you use to migrate data?

Question 10hardmultiple choice
Read the full Scenario explanation →

Your organization uses Microsoft Defender for Cloud Apps. You need to create a policy that automatically blocks downloads of files containing sensitive information from SharePoint Online to unmanaged devices. What type of policy should you create?

Question 11hardmultiple choice
Read the full Scenario explanation →

You create a custom detection rule in Microsoft Defender XDR using the KQL query shown in the exhibit. The rule is intended to detect lateral movement via SMB. After deploying the rule, you notice that it generates many false positives from legitimate administrative activity. What is the most effective way to reduce false positives?

Exhibit

Refer to the exhibit.
```json
{
  "displayName": "Custom Detection - Lateral Movement via SMB",
  "queryText": "DeviceNetworkEvents | where RemotePort == 445 and ActionType == 'ConnectionSuccess' | join kind=inner (DeviceProcessEvents | where FileName == 'powershell.exe') on DeviceId | project Timestamp, DeviceName, AccountName, RemoteIP"
}
```
Question 12hardmultiple choice
Read the full Scenario explanation →

You are reviewing a Conditional Access policy JSON for your Microsoft Entra ID tenant. The first policy blocks access from high-risk IP addresses. The second policy requires MFA for all users from trusted locations. You notice that users from high-risk IP addresses are still prompted for MFA instead of being blocked. What is the most likely cause?

Exhibit

Refer to the exhibit.

{
  "rules": [
    {
      "name": "Block High Risk IP",
      "id": "12345678-1234-1234-1234-123456789012",
      "priority": "1",
      "action": "BlockAccess",
      "conditions": {
        "applications": ["All"],
        "clientType": "All",
        "devicePlatforms": ["All"],
        "locations": ["HighRiskIP"]
      },
      "grantControls": null
    },
    {
      "name": "Require MFA for External Users",
      "id": "87654321-4321-4321-4321-210987654321",
      "priority": "2",
      "action": "GrantAccess",
      "conditions": {
        "applications": ["All"],
        "clientType": "All",
        "devicePlatforms": ["All"],
        "locations": ["AllTrusted"]
      },
      "grantControls": {
        "builtInControls": ["mfa"]
      }
    }
  ]
}
Question 13mediummulti select
Read the full Scenario explanation →

Your organization is deploying Microsoft Purview Data Lifecycle Management to manage data retention and deletion. You need to design a retention policy for SharePoint Online sites that automatically deletes documents after 7 years, but allows users to manually delete documents earlier if needed. Which THREE actions should you take? (Select THREE.)

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Scenario sessions

Start a Scenario only practice session

Every question in these sessions is drawn from the Scenario domain — nothing else.

Related practice questions

Related MS-102 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the MS-102 exam test about Scenario?
Scenario questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Scenario questions in a focused session?
Yes — the session launcher on this page draws every question from the Scenario domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other MS-102 topics?
Use the topic links above to move to related areas, or go back to the MS-102 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the MS-102 exam covers. They are not copied from any real exam or dump site.