The latest Microsoft 365 Identity and Services MS-100 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft 365 Identity and Services MS-100 exam and earn Microsoft 365 Identity and Services MS-100 certification.
Table of Contents
Question 21
Question
Your network contains an Active Directory domain named contoso.com that is synced to Microsoft Azure Active Directory (Azure AD).
You manage Windows 10 devices by using Microsoft System Center Configuration Manager (Current Branch).
You configure a pilot for co-management.
You add a new device named Device1 to the domain. You install the Configuration Manager client on Device1.
You need to ensure that you can manage Device1 by using Microsoft Intune and Configuration Manager.
Solution: You create a device configuration profile from the Intune admin center.
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Question 22
Question
You have a Microsoft 365 subscription.
You configure a data loss prevention (DLP) policy.
You discover that users are incorrectly marking content as false positive and bypassing the DLP policy.
You need to prevent the users from bypassing the DLP policy.
What should you configure?
A. actions
B. exceptions
C. incident reports
D. user overrides
Answer
D. user overrides
Question 23
Question
In Microsoft 365, you configure a data loss prevention (DLP) policy named Policy1. Policy1 detects the sharing of United States (US) bank account numbers in email messages and attachments.
Policy1 is configured as shown in the exhibit. (Click the Exhibit tab.)
You need to ensure that internal users can email documents that contain US bank account numbers to external users who have an email suffix of contoso.com.
What should you configure?
A. an action
B. a group
C. a condition
D. an exception
Answer
D. an exception
Question 24
Question
Your company uses on-premises Windows Server File Classification Infrastructure 9FCI). Some documents on the on-premises file servers are classifies as Confidential.
You migrate the files from the on-premises file servers to Microsoft SharePoint Online.
You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification.
What should you do first?
A. From the SharePoint admin center, create a managed property.
B. From the SharePoint admin center, configure hybrid search.
C. From the Security & Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet.
D. From the Security & Compliance Center PowerShell, run the New-DataClassification cmdlet.
Answer
A. From the SharePoint admin center, create a managed property.
Question 25
Question
Your company has 10 offices.
The network contains an Active Directory domain named contoso.com. The domain contains 500 client computers. Each office is configured as a separate subnet.
You discover that one of the offices has the following:
- Computers that have several preinstalled applications
- Computers that use nonstandard computer names
- Computers that have Windows 10 preinstalled
- Computers that are in a workgroup
You must configure the computers to meet the following corporate requirements:
- All the computers must be joined to the domain.
- All the computers must have computer names that use a prefix of CONTOSO.
- All the computers must only have approved corporate applications installed.
You need to recommend a solution to redeploy the computers. The solution must minimize the deployment time.
A. a provisioning package
B. wipe and load refresh
C. Windows Autopilot
D. an in-place upgrade
Answer
A. a provisioning package
Question 26
Question
You have a Microsoft 365 subscription.
You recently configured a Microsoft SharePoint Online tenant in the subscription.
You plan to create an alert policy.
You need to ensure that an alert is generated only when malware is detected in more than five documents stored in SharePoint Online during a period of 10 minutes.
What should you do first?
A. Enable Microsoft Office 365 Cloud App Security.
B. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).
C. Enable Microsoft Office 365 Analytics.
Answer
B. Deploy Windows Defender Advanced Threat Protection (Windows Defender ATP).
Question 27
Question
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.)
You need to reduce the likelihood that the sign-ins are identified as risky.
What should you do?
A. From the Security & Compliance admin center, add the users to the Security Readers role group.
B. From the Conditional access blade in the Azure Active Directory admin center, create named locations.
C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.
D. From the Security & Compliance admin center, create a classification label.
Answer
B. From the Conditional access blade in the Azure Active Directory admin center, create named locations.
Question 28
Question
You have a Microsoft 365 tenant.
You have a line-of-business application named App1 that users access by using the My Apps portal.
After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.
You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.
What should you do?
A. From Microsoft Cloud App Security, modify the impossible travel alert policy.
B. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.
C. From the Azure Active Directory admin center, modify the conditional access policy.
D. From Microsoft Cloud App Security, create an app discovery policy.
Answer
A. From Microsoft Cloud App Security, modify the impossible travel alert policy.
Question 29
Question
Your network contains an on-premises Active Directory domain.
Your company has a security policy that prevents additional software from being installed on domain controllers.
You need to monitor a domain controller by using Microsoft Azure Advanced Threat Protection (ATP).
What should you do? More than once choice may achieve the goal. Select the BEST answer.
A. Deploy an Azure ATP standalone sensor, and then configure port mirroring.
B. Deploy an Azure ATP standalone sensor, and then configure detections.
C. Deploy an Azure ATP sensor, and then configure detections.
D. Deploy an Azure ATP sensor, and then configure port mirroring.
Answer
C. Deploy an Azure ATP sensor, and then configure detections.
Question 30
Question
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains 1,000 Windows 10 devices.
You perform a proof of concept (PoC) deployment of Windows Defender Advanced Threat Protection (ATP) for 10 test devices. During the onboarding process, you configure Windows Defender ATP-related data to be stored in the United States.
You plan to onboard all the devices to Windows Defender ATP data in Europe.
What should you do first?
A. Create a workspace
B. Offboard the test devices
C. Delete the workspace
D. Onboard a new device
Answer
B. Offboard the test devices