The latest Microsoft 365 Identity and Services MS-100 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft 365 Identity and Services MS-100 exam and earn Microsoft 365 Identity and Services MS-100 certification.
Table of Contents
- Question 41
- Question
- Answer
- Question 42
- Question
- Answer
- Question 43
- Question
- Answer
- Design and Implement Microsoft 365 Services Testlet 2
- Overview
- Existing Environment
- Requirements
- Question 44
- Question
- Answer
- Design and Implement Microsoft 365 Services Testlet 3
- Overview
- Existing Environment
- Requirements
- Question 45
- Question
- Answer
- Question 46
- Question
- Answer
- Manage User Identity and Roles Question Set 1
- Question 47
- Question
- Answer
- Question 48
- Question
- Answer
- Question 49
- Question
- Answer
- Question 50
- Question
- Answer
Question 41
Question
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the on-premises Active Directory domain, you assign User2 the Allow logon locally user right. You instruct User2 to sign in as [email protected].
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Question 42
Question
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the on-premises Active Directory domain, you set the UPN suffix for User2 to @contoso.com. You instruct User2 to sign in as [email protected].
Does this meet the goal?
A. Yes
B. No
Answer
A. Yes
Question 43
Question
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users shown in the following table.
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the Azure Active Directory admin center, you assign User2 the Security reader role. You instruct User2 to sign in as [email protected].
Does this meet the goal?
A. Yes
B. No
Answer
B. No
Design and Implement Microsoft 365 Services Testlet 2
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The offices have the users and devices shown in the following table.
Contoso recently purchased a Microsoft 365 E5 subscription.
Existing Environment
The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You recently configured the forest to sync to the Azure AD tenant.
You add and then verify adatum.com as an additional domain name.
All servers run Windows Server 2016.
All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.
All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.
Contoso has the users shown in the following table.
Contoso has the groups shown in the following table.
Microsoft Office 365 licenses are assigned only to Group2.
The network also contains external users from a vendor company who have Microsoft accounts that use a suffix of @outlook.com.
Requirements
Planned Changes
Contoso plans to provide email addresses for all the users in the following domains:
- East.adatum.com
- Contoso.adatum.com
- Humongousinsurance.com
Technical Requirements
Contoso identifies the following technical requirements:
- All new users must be assigned Office 365 licenses automatically.
- The principle of least privilege must be used whenever possible.
Security Requirements
Contoso identifies the following security requirements:
- Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.
- User2 must be able to view reports and schedule the email delivery of security and compliance reports.
- The members of Group1 must be required to answer a security question before changing their password.
- User3 must be able to manage Office 365 connectors.
- User4 must be able to reset User3 password.
Question 44
Question
You need to add the custom domain names to Office 365 to support the planned changes as quickly as possible.
What should you create to verify the domain names successfully?
A. three alias (CNAME) records
B. one text (TXT) record
C. one alias (CNAME) record
D. three text (TXT) records
Answer
D. three text (TXT) records
Design and Implement Microsoft 365 Services Testlet 3
Overview
Fabrikam, Inc. is an electronics company that produces consumer products. Fabrikam has 10,000 employees worldwide.
Fabrikam has a main office in London and branch offices in major cities in Europe, Asia, and the United States.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named fabrikam.com. The forest contains all the identities used for user and computer authentication.
Each department is represented by a top-level organizational unit (OU) that contains several child OUs for user accounts and computer accounts.
All users authenticate to on-premises applications by signing in to their device by using a UPN format of [email protected].
Fabrikam does NOT plan to implement identity federation.
Network Infrastructure
Each office has a high-speed connection to the Internet.
Each office contains two domain controllers. All domain controllers are configured as a DNS server.
The public zone for fabrikam.com is managed by an external DNS server.
All users connect to an on-premises Microsoft Exchange Server 2016 organization. The users access their email by using Outlook Anywhere, Outlook on the web, or the Microsoft Outlook app for iOS. All the Exchange servers have the latest cumulative updates installed.
All shared company documents are stored on a Microsoft SharePoint Server farm.
Requirements
Planned Changes
Fabrikam plans to implement a Microsoft 365 Enterprise subscription and move all email and shared documents to the subscription.
Fabrikam plans to implement two pilot projects:
- Project1: During Project1, the mailboxes of 100 users in the sales department will be moved to Microsoft 365.
- Project2: After the successful completion of Project1, Microsoft Teams & Skype for Business will be enabled in Microsoft 365 for the sales department users.
Fabrikam plans to create a group named UserLicenses that will manage the allocation of all Microsoft 365 bulk licenses.
Technical Requirements
Fabrikam identifies the following technical requirements:
- All users must be able to exchange email messages successfully during Project1 by using their current email address.
- Users must be able to authenticate to cloud services if Active Directory becomes unavailable.
- A user named User1 must be able to view all DLP reports from the Microsoft 365 admin center.
- Microsoft Office 365 ProPlus applications must be installed from a network share only.
- Disruptions to email access must be minimized.
Application Requirements
Fabrikam identifies the following application requirements:
- An on-premises web application named App1 must allow users to complete their expense reports online. App1 must be available to users from the My Apps portal.
- The installation of feature updates for Office 365 ProPlus must be minimized.
Security Requirements
Fabrikam identifies the following security requirements:
- After the planned migration to Microsoft 365, all users must continue to authenticate to their mailbox and to SharePoint sites by using their UPN.
- The memberships of UserLicenses must be validated monthly. Unused user accounts must be removed from the group automatically.
- After the planned migration to Microsoft 365, all users must be signed in to on-premises and cloudbased applications automatically.
- The principle of least privilege must be used.
Question 45
Question
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created before adding a domain name for the project.
Which DNS record should you recommend?
A. alias (CNAME)
B. host information (HINFO)
C. host (A)
D. mail exchanger (MX)
Answer
D. mail exchanger (MX)
Question 46
Question
You are evaluating the required processes for Project1.
You need to recommend which DNS record must be created before adding a domain name for the project.
Which DNS record should you recommend?
A. alias (CNAME)
B. text (TXT)
C. host (AAAA)
D. pointer (PTR)
Answer
B. text (TXT)
Manage User Identity and Roles Question Set 1
Question 47
Question
Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants.
You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users.
You need to recommend a solution for the planned directory synchronization.
What should you include in the recommendation?
A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.
B. Deploy one server that runs Azure AD Connect, and then specify two sync groups.
C. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.
D. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using domain-based filtering.
Answer
A. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.
Question 48
Question
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1.
You suspect that an imposter is signing in to Azure AD by using the credentials of User1.
You need to ensure that an administrator named Admin1 can view all the sign in details of User1 from the past 24 hours.
To which three roles should you add Admin1? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Security administrator
B. Password administrator
C. User administrator
D. Compliance administrator
E. Reports reader
F. Security reader
Answer
A. Security administrator
E. Reports reader
F. Security reader
Question 49
Question
You have a Microsoft 365 subscription.
You plan to enable Microsoft Azure Information Protection.
You need to ensure that only the members of a group named PilotUsers can protect content.
What should you do?
A. Run the Add-AadrmRoleBaseAdministrator cmdlet.
B. Create an Azure Information Protection policy.
C. Configure the protection activation status for Azure Information Protection.
D. Run the Set-AadrmOnboardingControlPolicy cmdlet.
Answer
D. Run the Set-AadrmOnboardingControlPolicy cmdlet.
Question 50
Question
Your company has a Microsoft 365 subscription.
You need to identify which users performed the following privileged administration tasks:
- Deleted a folder from the second-stage Recycle Bin if Microsoft SharePoint
- Opened a mailbox of which the user was not the owner
- Reset a user password
What should you use?
A. Microsoft Azure Active Directory (Azure AD) audit logs
B. Microsoft Azure Active Directory (Azure AD) sign-ins
C. Security & Compliance content search
D. Security & Compliance audit log search
Answer
A. Microsoft Azure Active Directory (Azure AD) audit logs