MS-100 Exam - Microsoft 365 Identity and Services

NEW QUESTION 1
You have a Microsoft 365 subscription that contains a guest user named User1. User1 is assigned the User administrator role.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions

NEW QUESTION 2
You create the Microsoft 365 tenant.
You implement Azure AD Connect as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 3
You need to meet the application requirements for the Office 365 ProPlus applications. You create an XML files that contains the following settings.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION 4
You have an on premises web application that is published by using a URL of https://app.contoso.local. You purchase a Microsoft 36S subscription.
Several external users must be able to connect to the web application
You need to recommend a solution for external access to the application. The solution must support multi-factor authentication.
Which two actions should you recommend? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. From an on-premises server, install a connector, and then publish the app.
• B. From the Azure Active Directory admin center, enable an Application Proxy.
• C. From the Azure Active Directory admin center, treate a conditional access policy.
• D. From an on premises server, install an Authentication Agent.
• E. Republish the web-application by using http//app.contoso.com

Answer: AB

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-add-on-premises-applic

NEW QUESTION 5
Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants.
You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users.
You need to recommend a solution for the planned directory synchronization. What should you include in the recommendation?

• A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.
• B. Deploy one server that runs Azure AD Connect, and then specify two sync groups.
• C. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by usingorganizational unit (OU)-based filtering.
• D. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using domainbased filtering.

Answer: A

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-adtenant

NEW QUESTION 6
You have a Microsoft 365 subscription. All users have client computers that run Windows 10 and have Microsoft Office 365 ProPlus installed.
Some users in the research department work for extended periods of time without an Internet connection. How many days can the research department users remain offline before they are prevented from editing Office documents?

• A. 10
• B. 30
• C. 90
• D. 120

Answer: B

NEW QUESTION 7
Your network contains an Active Directory domain named contoso.com. You have a Microsoft 365 subscription.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. You implement directory synchronization.
The developers at your company plan to build an app named App1. App1 will connect to the Microsoft Graph API to provide access to several Microsoft Office 365 services.
You need to provide the URI for the authorization endpoint that App1 must use. What should you provide?

• A. https://login.microsoftonline.com/
• B. https://contoso.com/contoso.onmicrosoft.com/app1
• C. https://login.microsoftonline.com/contoso.onmicrosoft.com/
• D. https://myapps.microsoft.com

Answer: C

NEW QUESTION 8
Your network contains an on-premises Active Directory domain. You have a Microsoft 365 subscription.
You implement a directory synchronization solution that uses pass-through authentication.
You configure Microsoft Azure Active Directory (Azure AD) smart lockout as shown in the following exhibit.

You discover that Active Directory users can use the passwords in the custom banned passwords list. You need to ensure that banned passwords are effective for all users.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. From a domain controller, install the Azure AD Password Protection Proxy.
• B. From a domain controller, install the Microsoft AAD Application Proxy connector.
• C. From Custom banned passwords, modify the Enforce custom list setting.
• D. From Password protection for Windows Server Active Directory, modify the Mode setting.
• E. From all the domain controllers, install the Azure AD Password Protection DC Agent.
• F. From Active Directory, modify the Default Domain Policy.

Answer: ACE

NEW QUESTION 9
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. An external user has a Microsoft account that uses an email address of user1@outlook.com.
An administrator named Admin1 attempts to create a user account for the external user and receives the error message shown in the following exhibit.

You need to ensure that Admin1 can add the user.
What should you do from the Azure Active Directory admin center?

• A. Add a custom domain name named outlook.com.
• B. Modify the Authentication methods.
• C. Modify the External collaboration settings.
• D. Assign Admin1 the Security administrator role.

Answer: C

NEW QUESTION 10
Your network contains an on premises Active Directory domain named contoso.com. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You plan to establish federation authentication between on premises Active Directory and the Azure AD tenant by using Active Directory Federation Services (AD FS).
You need to establish the federation.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

Answer:

Explanation:

NEW QUESTION 11
You need to meet the application requirement for App1.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. From the Azure Active Directory admin center, configure the application URL settings.
• B. From the Azure Active Directory admin center, add an enterprise application.
• C. On an on-premises server, download and install the Microsoft AAD Application Proxy connector.
• D. On an on-premises server, install the Hybrid Configuration wizard.
• E. From the Microsoft 365 admin center, configure the Software download settings.

Answer: ABC

Explanation: References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy#how-application-proxy-

NEW QUESTION 12
Your company has a Microsoft Azure Active Directory (Azure AD) directory tenant named contoso.onmicrosoft.com.
All users have client computers that run Windows 10 Pro and are joined to Azure AD. The company purchases a Microsoft 365 E3 subscription.
You need to upgrade all the computers to Windows 10 Enterprise. The solution must minimize administrative effort.
You assign licenses from the Microsoft 365 admin center. What should you do next?

• A. Add a custom domain name to the subscription.
• B. Deploy Windows 10 Enterprise by using Windows Autopilot.
• C. Create provisioning package, and then deploy the package to all the computers.
• D. Instruct all the users to log off of their computer, and then to log in again.

Answer: B

NEW QUESTION 13
Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
The network uses a firewall that contains a list of allowed outbound domains. You began to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
• *.microsof.com
• *.office.com
Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

• A. From the firewall, allow the IP address range of the Azure data center for outbound communication.
• B. From Azure AD Connect, modify the Customize synchronization options task
• C. Deploy an Azure AD Connect sync server in staging mode.
• D. From the firewall, create a list of allowed inbound domains.
• E. From the firewall, modify the list of allowed outbound domains.

Answer: E

NEW QUESTION 14
Your company has a Microsoft 365 subscription.
You plan to move several archived PST files to Microsoft Exchange Online mailboxes. You need to create an import job for the PST files.
Which three actions should you perform before you create the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

• A. Create a Microsoft Azure Storage account.
• B. From Security & Compliance, retrieve the SAS key.
• C. Run azcopy.exe to copy the PST files to Microsoft Azure Storage
• D. Use Microsoft Azure Storage Explorer to copy the PST files to Azure Storage.
• E. Create a PST import mapping file.

Answer: BCE

Explanation: References:
https://docs.microsoft.com/en-us/office365/securitycompliance/use-network-upload-to-import-pst-files

NEW QUESTION 15
Your company has a Microsoft 365 subscription.
You upload several archive PST files to Microsoft 365 by using the Security & Compliance admin center. A month later, you attempt to run an import job for the PST files.
You discover that the PST files were deleted from Microsoft 365.
What is the most likely cause of the files being deleted? More than one answer choice may achieve the goal. Select the BEST answer.

• A. The PST files were corrupted and deleted by Microsoft 365 security features.
• B. PST files are deleted automatically from Microsoft 365 after 30 days.
• C. The size of the PST files exceeded a storage quota and caused the files to be deleted.
• D. Another administrator deleted the PST files.

Answer: B

Explanation: References:
https://docs.microsoft.com/en-us/office365/securitycompliance/faqimporting-pst-files-to-office-365

NEW QUESTION 16
You need to Add the custom domain name* to Office 36S K> support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?

• A. three alias (CNAME) record
• B. one text (TXT) record
• C. one alias (CNAME) record
• D. three text (TXT) record

Answer: D