The latest Microsoft 365 Identity and Services MS-100 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft 365 Identity and Services MS-100 exam and earn Microsoft 365 Identity and Services MS-100 certification.
Table of Contents
Question 101
Question
You have a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
Contoso.com is configured as shown in the following exhibit.
You need to ensure that guest users can be created in the tenant.
Which setting should you modify?
A. Guests can invite.
B. Guest users permissions are limited.
C. Members can invite.
D. Admins and users in the guest inviter role can invite.
E. Deny invitations to the specified domains.
Answer
D. Admins and users in the guest inviter role can invite.
Question 102
Question
Your company recently purchased a Microsoft 365 subscription.
You enable Microsoft Azure Multi-Factor Authentication (MFA) for all 500 users in the Azure Active Directory (Azure AD) tenant.
You need to generate a report that lists all the users who completed the Azure MFA registration process.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. From Azure Cloud Shell, run the Get-AzureADUser cmdlet.
B. From Azure Cloud Shell, run the Get-MsolUser cmdlet.
C. From the Azure Active Directory admin center, use the Usage & insights blade.
D. From the Azure Active Directory admin center, use the Risky sign-ins blade.
Answer
B. From Azure Cloud Shell, run the Get-MsolUser cmdlet.
Question 103
Question
You have a Microsoft 365 Enterprise subscription.
You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device.
You need to view which users authenticated by using multi-factor authentication. What should you do?
A. From the Microsoft 365 admin center, view the Security & Compliance reports.
B. From the Azure Active Directory admin center, view the user sign-ins.
C. From the Microsoft 365 admin center, view the Usage reports.
D. From the Azure Active Directory admin center, view the audit logs.
Answer
B. From the Azure Active Directory admin center, view the user sign-ins.
Question 104
Question
You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?
A. Create a sign-in risk policy.
B. Create a new app registration.
C. Assign an Enterprise Mobility + Security E5 license to the finance department users.
D. Configure the sign-in status for the user accounts of the finance department users.
Answer
A. Create a sign-in risk policy.
Question 105
Question
Your network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You plan to implement pass-through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Modify the email address attribute for each user account.
B. From the Azure portal, add a custom domain name.
C. From Active Directory Domains and Trusts, add a UPN suffix.
D. Modify the User logon name for each user account.
E. From the Azure portal, configure an authentication method.
F. From a domain controller, install an Authentication Agent.
Answer
B. From the Azure portal, add a custom domain name.
C. From Active Directory Domains and Trusts, add a UPN suffix.
F. From a domain controller, install an Authentication Agent.
Question 106
Question
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
- Users must be able to authenticate during business hours only.
- Authentication requests must be processed successfully if a single server fails.
- When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
- Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that contains a pass-through authentication model. The solution contains two servers that have an Authentication Agent installed and password hash synchronization configured.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Question 107
Question
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
- Users must be able to authenticate during business hours only.
- Authentication requests must be processed successfully if a single server fails.
- When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
- Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that contains a pass-through authentication model. You install an Authentication Agent on three servers and configure seamless SSO.
Does this meet the goal?
A. Yes
B. No
Answer
A. Yes
Question 108
Question
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:
- Users must be able to authenticate during business hours only.
- Authentication requests must be processed successfully if a single server fails.
- When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
- Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.
Solution: You design an authentication strategy that uses password hash synchronization and seamless SSO. The solution contains two servers that have an Authentication Agent installed.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Question 109
Question
You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?
A. Create an activity policy.
B. Create a new app registration.
C. Create a conditional access policy.
D. Create a session policy.
Answer
C. Create a conditional access policy.
Question 110
Question
You have a Microsoft 365 subscription.
Your company deploys an Active Directory Federation Services (AD FS) solution.
You need to configure the environment to audit AD FS user authentication.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From all the AD FS servers, run auditpol.exe.
B. From all the domain controllers, run the Set-AdminAuditLogConfig cmdlet and specify the – LogLevel parameter.
C. On a domain controller, install Azure AD Connect Health for AD DS.
D. From the Azure AD Connect server, run the Register-AzureADConnectHealthSyncAgent cmdlet.
E. On an AD FS server, install Azure AD Connect Health for AD FS.
Answer
D. From the Azure AD Connect server, run the Register-AzureADConnectHealthSyncAgent cmdlet.
E. On an AD FS server, install Azure AD Connect Health for AD FS.