The latest Microsoft 365 Identity and Services MS-100 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft 365 Identity and Services MS-100 exam and earn Microsoft 365 Identity and Services MS-100 certification.
Table of Contents
Question 71
Question
Your network contains an on-premises Active Directory domain that syncs to Azure Active Directory (Azure AD).
The on-premises network contains a Microsoft SharePoint Server 2019 farm.
The company purchases a Microsoft 365 subscription.
You have the users shown in the following table
You plan to assign User1 and User2 the required roles to run the SharePoint Hybrid Configuration Wizard.
User1 will be used for on-premises credentials and User2 will be used for cloud credentials.
You need to assign the correct role to User2. The solution must use the principle of least privilege.
Which role should you assign to User2?
A. Application administrator
B. SharePoint farm administrator
C. Global administrator
D. SharePoint administrator
Answer
C. Global administrator
Question 72
Question
Your network contains an Active Directory forest named contoso.local.
You have a Microsoft 365 subscription.
You plan to implement a directory synchronization solution that will use password hash synchronization.
From the Microsoft 365 admin center, you verify the contoso.com domain name.
You need to prepare the environment for the planned directory synchronization solution.
What should you do first?
A. From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.
B. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.
C. From the Microsoft 365 admin center, verify the contoso.local domain name.
D. From Active Directory Users and Computers, modify the UPN suffix for all users.
Answer
B. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.
Question 73
Question
Your company has a Microsoft 365 subscription.
Your plan to add 100 newly hired temporary users to the subscription next week.
You create the user accounts for the new users.
You need to assign licenses to the new users.
Which command should you run?
A.
B.
C.
D.
Answer
B.
Question 74
Question
Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
The network uses a firewall that contains a list of allowed outbound domains.
You begin to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
- *.microsoft.com
- *.office.com
Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. From the firewall, allow the IP address range of the Azure data center for outbound communication.
B. From Azure AD Connect, modify the Customize synchronization options task.
C. Deploy an Azure AD Connect sync server in staging mode.
D. From the firewall, create a list of allowed inbound domains.
E. From the firewall, modify the list of allowed outbound domains.
Answer
E. From the firewall, modify the list of allowed outbound domains.
Question 75
Question
Your network contains an on-premises Active Directory forest.
You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy.
You need to recommend an authentication strategy that meets the following requirements:
- Allows users to sign in by using smart card-based certificates
- Allows users to connect to on-premises and Microsoft 365 services by using SSO
Which authentication strategy should you recommend?
A. password hash synchronization and seamless SSO
B. federation with Active Directory Federation Services (AD FS)
C. pass-through authentication and seamless SSO
Answer
B. federation with Active Directory Federation Services (AD FS)
Question 76
Question
Your network contains two on-premises Active Directory forests named contoso.com and fabrikam.com.
Fabrikam.com contains one domain and five domain controllers. Contoso.com contains the domains shown in the following table.
You need to sync all the users from both the forests to a single Azure Active Directory (Azure AD) tenant by using Azure AD Connect.
What is the minimum number of Azure AD Connect sync servers required?
A. 1
B. 2
C. 3
D. 4
Answer
A. 1
Question 77
Question
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD).
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?
A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.
B. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.
C. From Azure Cloud Shell, run the Get-MsolUser and Set-MSOluser cmdlets.
D. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.
Answer
A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.
Question 78
Question
Your company has 10,000 users who access all applications from an on-premises data center.
You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully.
You discover that several user accounts fail to sync to Azure AD.
You need to resolve the issue as quickly as possible.
What should you do?
A. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts.
B. Run idfix.exe, and then click Complete.
C. From Windows PowerShell, run the Start-AdSyncCycle –PolicyType Delta command.
D. Run idfix.exe, and then click Edit.
Answer
D. Run idfix.exe, and then click Edit.
Question 79
Question
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com.
Your company recently purchased a Microsoft 365 subscription.
You deploy a federated identity solution to the environment.
You use the following command to configure contoso.com for federation.
Convert-MsolDomaintoFederated –DomainName contoso.com
In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name.
You need to configure the adatum.com Active Directory domain for federated authentication.
Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From Windows PowerShell, run the Convert-MsolDomaintoFederated –DomainName contoso.com –SupportMultipleDomain command.
B. From Windows PowerShell, run the New-MsolFederatedDomain –SupportMultipleDomain -DomainName contoso.com command.
C. From Windows PowerShell, run the New-MsolFederatedDomain -DomainName adatum.com command.
D. From Windows PowerShell, run the Update-MSOLFederatedDomain –DomainName contoso.com –SupportMultipleDomain command.
E. From the federation server, remove the Microsoft Office 365 relying party trust.
Answer
A. From Windows PowerShell, run the Convert-MsolDomaintoFederated –DomainName contoso.com –SupportMultipleDomain command.
E. From the federation server, remove the Microsoft Office 365 relying party trust.
Question 80
Question
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk.
The solution must use the principle of least privilege.
To which role should you add User1?
A. Compliance administrator
B. Global administrator
C. Owner
D. Security administrator
Answer
D. Security administrator