Microsoft 365 Identity and Services MS-100 Exam Questions and Answers - 2 - Page 2 of 7

The latest Microsoft 365 Identity and Services MS-100 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft 365 Identity and Services MS-100 exam and earn Microsoft 365 Identity and Services MS-100 certification.

Question 111

Question

Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:

Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
User passwords must be 10 characters or more.

Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.
Does this meet the goal?

A. Yes
B. No

Answer

B. No

Question 112

Question

Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
User passwords must be 10 characters or more.

Solution: Implement pass-through authentication and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?

A. Yes
B. No

Answer

B. No

Question 113

Question

You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com.
A temporary employee at your company uses an email address of [email protected].
You need to ensure that the temporary employee can sign in to contoso.com by using the [email protected] account.
What should you do?

A. From the Azure Active Directory admin center, create a new user.
B. From the Microsoft 365 admin center, create a new contact.
C. From the Azure Active Directory admin center, create a new guest user.
D. From the Microsoft 365 admin center, create a new user.

Answer

C. From the Azure Active Directory admin center, create a new guest user.

Question 114

Question

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains 10,000 users.
The company has a Microsoft 365 subscription.
You enable Azure Multi-Factor Authentication (MFA) for all the users in contoso.com.
You run the following query.
search "SigninLogs" | where ResultDescription == "User did not pass the MFA challenge."
The query returns blank results.
You need to ensure that the query returns the expected results.
What should you do?

A. From the Azure Active Directory admin center, configure the diagnostics settings to archive logs to an Azure Storage account.
B. From the Security & Compliance admin center, turn on auditing.
C. From the Security & Compliance admin center, enable Office 365 Analytics.
D. From the Azure Active Directory admin center, configure the diagnostics settings to send logs to an Azure Log Analytics workplace.

Answer

D. From the Azure Active Directory admin center, configure the diagnostics settings to send logs to an Azure Log Analytics workplace.

Question 115

Question

Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users.
Users that connect to Microsoft 365 services report that they are prompted for multi-factor authentication multiple times a day.
You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices. Your solution must ensure that users are still prompted for MFA.
What should you do?

A. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device.
B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.
C. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).
D. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

Answer

B. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.

Question 116

Question

Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
User passwords must be 10 characters or more.

Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.
Does this meet the goal?

A. Yes
B. No

Answer

B. No

Question 117

Question

Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
User passwords must be 10 characters or more.

Solution: Implement password hash synchronization and modify the password settings from the Default Domain Policy in Active Directory.
Does this meet the goal?

A. Yes
B. No

Answer

A. Yes

Question 118

Question

Your company has three main offices and one branch office. The branch office is used for research.
The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication.
You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office.
What should you include in the recommendation?

A. Microsoft Azure Active Directory (Azure AD) conditional access.
B. Microsoft Azure Active Directory (Azure AD) password protection.
C. A Microsoft Endpoint Management device compliance policy.
D. A Microsoft Endpoint Management device configuration profile.

Answer

A. Microsoft Azure Active Directory (Azure AD) conditional access.

Question 119

Question

Your network contains an Active Directory domain named contoso.com.
All users authenticate by using a third-party authentication solution.
You purchase Microsoft 365 and plan to implement several Microsoft 365 services.
You need to recommend an identity strategy that meets the following requirements:

Provides seamless SSO
Minimizes the number of additional servers required to support the solution
Stores the passwords of all the users in Microsoft Azure Active Directory (Azure AD)
Ensures that all the users authenticate to Microsoft 365 by using their on-premises user account

You are evaluating the implementation of federation.
Which two requirements are met by using federation? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.

A. minimizes the number of additional servers required to support the solution
B. provides seamless SSO
C. stores the passwords of all the users in Azure AD
D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account

Answer

B. provides seamless SSO
D. ensures that all the users authenticate to Microsoft 365 by using their on-premises user account

Question 120

Question

Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following requirements:

Users must be able to authenticate during business hours only.
Authentication requests must be processed successfully if a single server fails.
When the password for an on-premises user account expires, the new password must be enforced the next time the user signs in.
Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must be signed in automatically.

Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies.
Does this meet the goal?

A. Yes
B. No

Answer

B. No