Q1. You use a centralized identity management system as a source of authority for user account information. You export a list of new user accounts to a file on a daily basis. Your company uses a local Active Directory for storing user accounts for on-premises solutions. You are configuring the Windows Azure Active Directory Sync tool.
New user accounts must be created in both the local Active Directory and Office 365. You must import user account data into Office 365 daily.
You need to import the new users. What should you do?
A. Use the Office 365 admin center to import the file.
B. Create a Windows PowerShell script to import account data from the file into Active Directory.
C. Use the Windows Azure Management Portal to import the file.
D. Create a Windows PowerShell script that uses the MSOnline module to import account data from the file.
Answer: B
Q2. HOTSPOT
You are the Office 365 administrator for your company.
User1 leaves the company. You must delete the account for User1.
In the table below, identify when each type of data will be deleted. Make only one selection
in each column. Each correct selection is worth one point.
Answer:
Q3. You are the Office 365 administrator for your company. The company has a single office.
You have the following requirements:
You must configure a redundant Active Directory Federation Services (AD FS)
implementation.
You must use a Windows Internal Database to store AD FS configuration data.
The solution must use a custom login page for external users.
The solution must use single sign-on for internal users.
You need to deploy the minimum number of servers.
How many servers should you deploy?
A. 2
B. 4
C. 6
D. 16
Answer: B
Q4. DRAG DROP
A company has 50 employees that use Office 365.
You need to enforce password complexity requirements for all accounts.
How should you complete the relevant Windows PowerShell command? To answer, drag the appropriate Windows PowerShell segment to the correct location or locations. Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q5. Contoso, Ltd., has an Office 365 tenant. You configure Office 365 to use the domain contoso.com, and you verify the domain. You deploy and configure Active Directory Federation Services (AD FS) and Active Directory Synchronization Services (AAD Sync) with password synchronization. You connect to Azure Active Directory by using a Remote PowerShell session.
You need to switch from using password-synced passwords to using AD FS on the Office 365 verified domain.
Which Windows PowerShell command should you run?
A. Convert-MsolDomainToFederated –DomainName contoso.com
B. Convert-MsolDomainToStandard –DomainName contoso.com
C. Convert-MsolFederatedUser
D. Set-MsolDomainAuthentication –DomainName contoso.com
Answer: A
Explanation: The Convert-MSOLDomainToFederated cmdlet converts the specified domain from standard authentication to single sign-on (also known as identity federation), including configuring the relying party trust settings between the Active Directory Federation Services (AD FS) server and the Microsoft Online Services. As part of converting a domain from standard authentication to single sign-on, each user must also be converted. This conversion happens automatically the next time a user signs in; no action is required by the administrator.
Incorrect:
Not B: This is the opposite to what is required. The Convert-MsolDomainToStandard cmdlet converts the specified domain from single sign-on (also known as identity federation) to standard authentication. This process also removes the relying party trust settings in the AD FS server and online service. After the conversion, this cmdlet will convert all existing users from single sign-on to standard authentication. Not C: The Convert-MsolFederatedUser cmdlet is used to update a user in a domain that was recently converted from single sign-on (also known as identity federation) to standard authentication type. A new password must be provided for the user. Not D: The Set-MsolDomainAuthentication cmdlet is used to change the domain authentication between standard identity and single-sign on. This cmdlet will only update the settings in Microsoft Online Services; typically the Convert-MsolDomainToStandard or Convert-MsolDomainToFederated should be used instead.
Reference: Convert-MsolDomainToFederated
https://msdn.microsoft.com/en-us/library/azure/dn194092.aspx
Q6. An organization implements single sign-on (SSO) for use with Office 365 services. You install an Active Directory Federation Services (AD FS) proxy server.
Users report that they are unable to authenticate. You launch the Event Viewer and view the event information shown in the following screen shot:
You need to ensure that users can authenticate to Office 365.
What should you do?
A. Re-enter the credentials used to establish the trust.
B. Verify the federation server proxy is trusted by the federation service.
C. Re-install the Secure Sockets Layer (SSL) certificate for the federation service.
D. Verify network connectivity between the Federation Service Proxy and federation server.
Answer: A
Q7. Your company subscribes to an Office 365 Plan E3. A user named User1 installs Office Professional Plus for Office 365 on a client computer. From the Microsoft Online Services portal, you assign User1 an Office Professional Plus license. One month after installing Office, User1 can no longer save and edit Office documents on the client computer. User1 can open and view Office documents.
You need to ensure that User1 can save and edit documents on the client computer by using office.
What should you do?
A. Install the Office Customization Tool.
B. Reinstall Office Professional Plus.
C. Install the Microsoft Online Services Sign-in Assistant.
D. Upgrade the subscription to Plan E4.
Answer: C
Explanation:
Reference: http://technet.microsoft.com/en-us/library/gg702619(v=office.15).aspx
Q8. Your company deploys an Office 365 tenant.
You need to ensure that you can view service health and maintenance reports for the past seven days.
What are two possible ways to achieve this goal? Each correct answer presents a complete solution.
A. View the service health current status page of the Office 365 admin center.
B. Subscribe to the Office 365 Service Health RSS Notifications feed.
C. View the service settings page of the Office 365 admin center.
D. Run the Microsoft OnRamp Readiness Tool.
Answer: A,B
Explanation:
As an Office 365 admin, you can see whether there has been a service interruption or outage in your service on the Office 365 service health page. The Service health page shows status information for today, the past six days, and 30 days of history.
Reference: View the status of your services
https://support.office.com/en-us/article/View-the-status-of-your-services-932ad3ad-533c418a-b938-6e44e8bc33b0
Q9. DRAG DROP
Litware Inc. has an Office 365 Enterprise El plan. Employees have access to all Office 365 services.
Employees in the human resources (HR) department must continue to use the on-premises SharePoint 2013 deployment due to legal requirements.
You need to disable access to SharePoint Online for all HR department employees.
How should you complete the relevant Windows PowerShell commands? To answer, drag the appropriate Windows PowerShell segment to the correct location or locations in the answer area. Each Windows PowerShell segment may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
Answer:
Q10. A company plans to deploy an Office 365 tenant. You have two servers named FS1 and FS2 that have the Federation Service Proxy role service installed.
You must deploy Active Directory Federation Services (AD FS) on Windows Server 2012.
You need to configure name resolution for FS1 and FS2.
What should you do?
A. On FS1 and FS2, add the cluster DNS name and IP address of the federation server farm to the hosts file.
B. On FS1 only, add the cluster DNS name and IP address of the federation server farm to the hosts file.
C. On FS1 only, add the cluster NetBIOS name and IP address of the federation server farm to the LMHOSTS file.
D. On FS1 and FS2, add the cluster NetBIOS name and IP address of the federation server farm to the LMHOSTS file.
Answer: A