• Home
  • Articles
  • Microsoft MS-100 Exam Questions (Updated 2022) 100% Real Question Answers [Q72-Q95]

Microsoft MS-100 Exam Questions (Updated 2022) 100% Real Question Answers [Q72-Q95]

Share

Microsoft MS-100 Exam Questions (Updated 2022) 100% Real Question Answers

Pass Microsoft MS-100 Exam Quickly With Pass4sures


Who Can Opt for This Assessment?

This exam is designed for the Microsoft 365 Enterprise administrators who participate in planning, deploying, migrating, managing, and evaluating Microsoft 365 services. They also carry out Microsoft 365 tenant management tasks for the enterprise, such as their identities, compliance, security, and supporting technologies.

 

NEW QUESTION 72
You have a Microsoft 365 Enterprise subscription.
You create a password policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

By default, smart lockout locks the account from sign-in attempts for one minute after 10 failed attempts. In this question, the lockout threshold if 5 failed attempts. The account locks again after each subsequent failed sign-in attempt, for one minute at first and longer in subsequent attempts.
Password evaluation goes through several steps including normalization and Substring matching which is used on the normalized password to check for the user's first and last name as well as the tenant name.
The next step is to identify all instances of banned passwords in the user's normalized new password. Then:
* Each banned password that is found in a user's password is given one point.
* Each remaining unique character is given one point.
* A password must be at least five (5) points for it to be accepted.
Conto$01Pa$$word contains two banned passwords and no remaining unique characters so is given a score of
2 points. This is less than the required 5 points so will be rejected.
Pa$$w0rd contains a banned password and no remaining unique characters so is given a score of 1 point. This is less than the required 5 points so will be rejected.
AzureAD!!111 contains a banned password (AzureAD!!) and has three remaining characters. However, the remaining characters are all the same (they're all 1s) so that is only one unique character. So that password will be given a score of 2. One for the banned password and 1 for the unique character. This is less than the required 5 points so will be rejected.
Password11 does not contain a banned password. Password11 contains 10 characters. However, there are two
's' and two '1' so there are 8 unique characters. Therefore, the password will be given a score of 8 points. This is more than the required 5 points so the password will be accepted.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-smart-lockout

 

NEW QUESTION 73
You have a Microsoft 365 subscription.
Your company deploys an Active Directory Federation Services (AD FS) solution.
You need to configure the environment to audit AD FS user authentication.
Which two actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. On an server, install Azure AD Connect Health for AD FS.
  • B. On a domain controller install Azure AD Connect Health for AD DS.
  • C. From all the AD FS servers, run audltpol.exe.
  • D. From the Azure AO Connect server, run the Register-AzureADCConnectHealthSyncAgent cmdlet.
  • E. From all the domain controllers, run the set-AdminAuditLogConfig cmdlet and specify the -LogiLevel parameter.

Answer: A,D

Explanation:
To audit AD FS user authentication, you need to install Azure AD Connect Health for AD FS. The agent should be installed on an AD FS server. After the installation, you need to register the agent by running the Register-AzureADConnectHealthSyncAgent cmdlet.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-adfs

 

NEW QUESTION 74
Your company uses on-premises Windows Server File Classification Infrastructure 9FCI). Some documents on the on-premises file servers are classifies as Confidential.
You migrate the files from the on-premises file servers to Microsoft SharePoint Online.
You need to ensure that you can implement data loss prevention (DLP) policies for the uploaded files based on the Confidential classification.
What should you do first?

  • A. From the SharePoint admin center, create a managed property.
  • B. From the SharePoint admin center, configure hybrid search.
  • C. From the Security & Compliance Center PowerShell, run the New-DlpComplianceRule cmdlet.
  • D. From the Security & Compliance Center PowerShell, run the New-DataClassification cmdlet.

Answer: A

Explanation:
Your organization might use Windows Server FCI to identify documents with personally identifiable information (PII) such as social security numbers, and then classify the document by setting the Personally Identifiable Information property to High, Moderate, Low, Public, or Not PII based on the type and number of occurrences of PII found in the document. In Office 365, you can create a DLP policy that identifies documents that have that property set to specific values, such as High and Medium, and then takes an action such as blocking access to those files.
Before you can use a Windows Server FCI property or other property in a DLP policy, you need to create a managed property in the SharePoint admin center.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/protect-documents-that-have-fci-or-other-properties

 

NEW QUESTION 75
Note: This question it part of a series of questions that present the same scenario. Cacti question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 36S tenant.
You suspect that several Office 365 features were recently updated.
You need to view a last of the features that were recently updated in the tenant.
Solution: You use the View service requests option in the Microsoft 365 admin center.
Does this meet the goal?

  • A. Yes
  • B. NO

Answer: B

Explanation:
Explanation
A service request is a support ticket. Therefore, the View service requests option in the Microsoft 365 admin center displays a list of support tickets. It does not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide

 

NEW QUESTION 76
You have an on premises web application that is published by using a URL of https://app.contoso.local.
You purchase a Microsoft 36S subscription.
Several external users must be able to connect to the web application
You need to recommend a solution for external access to the application. The solution must support multi-factor authentication.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From the Azure Active Directory admin center, treate a conditional access policy.
  • B. Republish the web-application by using http//app.contoso.com
  • C. From an on premises server, install an Authentication Agent.
  • D. From the Azure Active Directory admin center, enable an Application Proxy.
  • E. From an on-premises server, install a connector, and then publish the app.

Answer: C,D

 

NEW QUESTION 77
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the Windows 10 devices shown in the following table.

All the devices are managed by using Microsoft Endpoint Manager and are members of a group named Group1.
From the Microsoft Endpoint Manager admin center, you create an app suite named App1 for Microsoft Office 365 apps.
You configure the App1 settings as shown in the exhibit. (Click the Exhibit tab.)

You assign App1 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Box 1: No
Device1 is x86 (32-bit) so Office 365 will not be installed.
Box 2: Yes
Device2 is x64 (64-bit) so Office 365 will be installed. The German language pack will be installed and the OS language pack (English) will be installed.
Box 3: Yes
Device2 is x64 (64-bit) so Office 365 will be installed. The German language pack will be installed and the OS language pack (French) will be installed.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-office365

 

NEW QUESTION 78
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and adatum.com.
Your company recently purchased a Microsoft 365 subscription.
You deploy a federated identity solution to the environment.
You use the following command to configure contoso.com for federation.
Convert-MsolDomaintoFederated -DomainName contoso.com
In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name.
You need to configure the adatum.com Active Directory domain for federated authentication.
Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From Windows PowerShell, run the New-MsolFederatedDomain
    -DomainName adatum.com command.
  • B. From Windows PowerShell, run the New-MsolFederatedDomain
    -SupportMultipleDomain -DomainName contoso.com command.
  • C. From Windows PowerShell, run the Update-MSOLFederatedDomain
    -DomainName contoso.com -SupportMultipleDomain command.
  • D. From Windows PowerShell, run the Convert-MsolDomaintoFederated
    -DomainName contoso.com -SupportMultipleDomain command.
  • E. From the federation server, remove the Microsoft Office 365 relying party trust.

Answer: D,E

Explanation:
When the Convert-MsolDomaintoFederated -DomainName contoso.com command was run, a relying party trust was created.
Adding a second domain (adatum.com in this case) will only work if the SupportMultipleDomain switch was used when the initial federation was configured by running the Convert-MsolDomaintoFederated -DomainName contoso.com command.
Therefore, we need to start again by removing the relying party trust then running the Convert-MsolDomaintoFederated command again with the SupportMultipleDomain switch.

 

NEW QUESTION 79
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: 3&YWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You need to create a group named Group2. Users who are added to Group2 must be licensed automatically for Microsoft Offline 365.

Answer:

Explanation:
You need to create the group and assign a license to the group. Anyone who is added to the group will automatically be assigned the license that is assigned to the group.
1. Go to the Azure Active Directory admin center.
2. Select the Azure Active Directory link then select Groups.
3. Click the New Group link.
4. Select 'Security' as the group type and enter 'Group2' for the group name.
5. Click the Create button to create the group.
6. Back in the Groups list, select Group2 to open the properties page for the group.
7. Select 'Licenses'.
8. Select the '+ Assignments' link.
9. Tick the box to select the license.
10. Click the Save button to save the changes.
References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign

 

NEW QUESTION 80
You need to meet the application requirement for the Office 365 ProPlus applications.
You create a XML file that contains the following settings.

Use the drop-down menus to select the choice that complete each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

 

NEW QUESTION 81
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speed Internet connection. All the branch offices connect to the Internet by using the main office connections.
Users use Microsoft Outlook 2016 to connect to a Microsoft Exchange Server mailbox hosted in the main office.
The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.
You create a Microsoft 365 subscription, and then migrate all the user data to Microsoft 365.
You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.
Solution: You enable Cached Exchange Mode for all the Outlook profiles.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

 

NEW QUESTION 82
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You review the Security & Compliance report in the Microsoft 365 admin center.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
The Security & Compliance reports in the Microsoft 365 admin center are reports regarding security and compliance for your Office 365 Services. For example, email usage reports, Data Loss Prevention reports etc. They do not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use Message center in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/download-existing-reports

 

NEW QUESTION 83
Your company has an on-premises Microsoft Exchange Server 2013 organization.
The company has 100 users.
The company purchases Microsoft 365 and plans to move its entire.- infrastructure to the cloud.
The company does NOT plan to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD).
You need to recommend which type of migration to use to move all email messages, contacts, and calendar items to Exchange Online.
What should you recommend?

  • A. IMAP migration
  • B. remote move migration
  • C. staged migration
  • D. cutover migration

Answer: D

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/cutover-migration-to-office-365 A cutover migration and an IMAP migration do not require the company to sync the on-premises Active Directory domain to Microsoft Azure Active Directory (Azure AD). Only a cutover migration meets the requirements in this question.
With a cutover migration, user accounts will need to be created in Azure Active Directory for each user. The mailboxes are all migrated in one go and MX records configured to redirect email to Microsoft 365.

 

NEW QUESTION 84
You have a Microsoft 365 subscription and a DNS domain. The domain is hosted by a third-party DNS service.
You plan to add the domain to the subscription.
You need to use Microsoft Exchange Online to send and receive emails for the domain.
Which type of DNS record should you add to the DNS zone of the domain for each task? To answer, drag the appropriate records to the correct tasks. Each record may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/microsoft-365/admin/get-help-with-domains/create-dns-records-at-any-dns-hosting-provider?view=o365-worldwide

 

NEW QUESTION 85
Your network contains an on-premises Active Directory forest.
You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy.
You need to recommend an authentication strategy that meets the following requirements:
Allows users to sign in by using smart card-based certificates

Allows users to connect to on-premises and Microsoft 365 services by using SSO

Which authentication strategy should you recommend?

  • A. pass-through authentication and seamless SSO
  • B. federation with Active Directory Federation Services (AD FS)
  • C. password hash synchronization and seamless SSO

Answer: B

Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn

 

NEW QUESTION 86
Your company has a main office and 20 branch offices in North America and Europe. Each branch office connects to the main office by using a WAN link. All the offices connect to the Internet and resolve external host names by using the main office connections.
You plan to deploy Microsoft 365 and to implement a direct Internet connection in each office.
You need to recommend a change to the infrastructure to provide the quickest possible access to Microsoft 365 services.
What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

  • A. In each branch office, configure name resolution so that all external hosts are redirected to public DNS servers directly.
  • B. In each branch office, deploy a firewall that has packet inspection enabled.
  • C. In each branch office, deploy a proxy server that has user authentication enabled.
  • D. For all the client computers in the branch offices, modify the MTU setting by using a Group Policy object (GPO).

Answer: A

Explanation:
Being a cloud service, Office 365 would be classed as an external host to the office computers.
All the offices connect to the Internet and resolve external host names by using the main office connections. This means that all branch office computers perform DNS lookups and connect to the Internet over the WAN link.
Each branch office will have a direct connection to the Internet so the quickest possible access to Microsoft 365 services would be by using the direct Internet connections. However, the DNS lookups would still go over the WAN links to main office. The solution to provide the quickest possible access to Microsoft 365 services is to configure DNS name resolution so that the computers use public DNS servers for external hosts. That way DNS lookups for Office 365 and the connections to Office 365 will use the direct Internet connections.

 

NEW QUESTION 87
A user receives the following message when attempting to sign in to https://myapps.microsoft.com:
"Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity. Please contact your admin." Which configuration prevents the users from signing in?

  • A. Microsoft Azure Active Directory (Azure AD) conditional access policies
  • B. Security & Compliance supervision policies
  • C. Microsoft Azure Active Directory (Azure AD) Identity Protection policies
  • D. Security & Compliance data loss prevention (DLP) policies

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview

 

NEW QUESTION 88
You implement Microsoft Azure Advanced Threat Protection (Azure ATP).
You have an Azure ATP sensor configured as shown in the following exhibit.
Updates

How long after the Azure ATP cloud service is updated will the sensor update?

  • A. 7 days
  • B. 12 hours
  • C. 1 hour
  • D. 48 hours
  • E. 72 hours

Answer: E

Explanation:
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-whats-new Explanation:
The exhibit shows that the sensor is configure for Delayed update.
Given the rapid speed of ongoing Azure ATP development and release updates, you may decide to define a subset group of your sensors as a delayed update ring, allowing for a gradual sensor update process. Azure ATP enables you to choose how your sensors are updated and set each sensor as a Delayed update candidate.
Sensors not selected for delayed update are updated automatically, each time the Azure ATP service is updated. Sensors set to Delayed update are updated on a delay of 72 hours, following the official release of each service update.
Reference:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/sensor-update

 

NEW QUESTION 89
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest.
You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
* User passwords must be 10 characters or more.
Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.
Does this meet the goal?

  • A. Yes
  • B. No

Answer: B

Explanation:
This solution meets the following requirement:
* Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable. (this is because the authentication is performed by Azure Active Directory).
This solution does not meet the following requirement:
* Users passwords must be 10 characters or more.
To meet this requirement, you would need to configure the Default Domain Policy in the on-premise Active Directory.
Azure Password Protection can prevent users from using passwords from a 'banned password' list but it cannot be configured to require that passwords must be 10 characters or more.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization

 

NEW QUESTION 90
Your network contains a single Active Directory domain and two Microsoft Azure Active Directory (Azure AD) tenants.
You plan to implement directory synchronization for both Azure AD tenants. Each tenant will contain some of the Active Directory users.
You need to recommend a solution for the planned directory synchronization.
What should you include in the recommendation?

  • A. Deploy one server that runs Azure AD Connect, and then specify two sync groups.
  • B. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using domain- based filtering.
  • C. Deploy two servers that run Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.
  • D. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using organizational unit (OU)-based filtering.

Answer: C

Explanation:
There's a 1:1 relationship between an Azure AD Connect sync server and an Azure AD tenant. For each Azure AD tenant, you need one Azure AD Connect sync server installation.
Therefore, we need to deploy two servers that run Azure AD Connect for the two Azure AD tenants.
Each user account can only be synchronized to one Azure AD tenant. Therefore, we need a way of splitting the users between the two Azure AD tenants. Azure AD Connect offers three ways to filter which users get synchronized to an Azure AD tenant. You can use domain-based filtering if you have multiple domains in a forest, attribute-based filtering or OU-based filtering.
Note:
Other incorrect answers for this question include:
1. Deploy one server that runs Azure AD Connect, and then filter the users for each tenant by using attribute- based filtering.
2. Deploy one server that runs Azure AD Connect, and then specify two sync groups.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-topologies#multiple-azure-ad- tenants
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering Manage User Identity and Roles Testlet 2 Case study This is a case study. Case studies are not timed separately. You can use as much exam time as you would like to complete each case. However, there may be additional case studies and sections on this exam. You must manage your time to ensure that you are able to complete all questions included on this exam in the time provided.
To answer the questions included in a case study, you will need to reference information that is provided in the case study. Case studies might contain exhibits and other resources that provide more information about the scenario that is described in the case study. Each question is independent of the other questions in this case study.
At the end of this case study, a review screen will appear. This screen allows you to review your answers and to make changes before you move to the next section of the exam. After you begin a new section, you cannot return to this section.
To start the case study
To display the first question in this case study, click the Next button. Use the buttons in the left pane to explore the content of the case study before you answer the questions. Clicking these buttons displays information such as business requirements, existing environment, and problem statements. When you are ready to answer a question, click the Question button to return to the question.
Overview
Contoso, Ltd. is a consulting company that has a main office in Montreal and two branch offices in Seattle and New York.
The offices have the users and devices shown in the following table.

Contoso recently purchased a Microsoft 365 E5 subscription.
Existing Environment
The network contains an Active directory forest named contoso.com and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You recently configured the forest to sync to the Azure AD tenant.
You add and then verify adatum.com as an additional domain name.
All servers run Windows Server 2016.
All desktop computers and laptops run Windows 10 Enterprise and are joined to contoso.com.
All the mobile devices in the Montreal and Seattle offices run Android. All the mobile devices in the New York office run iOS.
Contoso has the users shown in the following table.

Contoso has the groups shown in the following table.

Microsoft Office 365 licenses are assigned only to Group2.
The network also contains external users from a vendor company who have Microsoft accounts that use a suffix of @outlook.com.
Requirements
Planned Changes
Contoso plans to provide email addresses for all the users in the following domains:
* East.adatum.com
* Contoso.adatum.com
* Humongousinsurance.com
Technical Requirements
Contoso identifies the following technical requirements:
* All new users must be assigned Office 365 licenses automatically.
* The principle of least privilege must be used whenever possible.
Security Requirements
Contoso identifies the following security requirements:
* Vendors must be able to authenticate by using their Microsoft account when accessing Contoso resources.
* User2 must be able to view reports and schedule the email delivery of security and compliance reports.
* The members of Group1 must be required to answer a security question before changing their password.
* User3 must be able to manage Office 365 connectors.
* User4 must be able to reset User3 password.

 

NEW QUESTION 91
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD).
The domain contains 100 user accounts.
The city attribute for all the users is set to the city where the user resides.
You need to modify the value of the city attribute to the three-letter airport code of each city.
What should you do?

  • A. From Azure portal, select all the Azure AD users, and then use the User settings blade.
  • B. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.
  • C. From Azure Cloud Shell, run the Get-AzureADUserand Set-AzureADUsercmdlets.
  • D. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.

Answer: B

Explanation:
The user accounts are synced from the on-premise Active Directory to the Microsoft Azure Active Directory (Azure AD). Therefore, the city attribute must be changed in the on-premise Active Directory.
You can modify certain attributes of multiple user accounts simultaneously by selecting them in Active Directory Administrative Center or Active Directory Users and Computers, right clicking then selecting Properties.
The other three options all suggest modifying the city attribute of the users in the Azure Active Directory which is incorrect.
Reference:
https://blogs.technet.microsoft.com/canitpro/2015/11/25/step-by-step-managing-multiple-user-accounts-via- active-directory-admin-center/

 

NEW QUESTION 92
Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following exhibit.

An on-premises Active Directory user account named Allan Yoo is synchronized to Azure AD. You view Allan's account from Microsoft 365 and notice that his username is set to [email protected].
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Allan Yoo's user account is synchronized from the on-premise Active Directory. This means that most user account settings have to be configured in the on-premise Active Directory.
In the exhibit, Password Writeback is disabled. Therefore, you cannot reset the password of Allan Yoo from the Azure portal.
You also cannot change Allan Yoo's job title in the Azure portal because his account is synchronized from the on-premise Active Directory.
One setting that you can configure for synchronized user accounts I the usage location. The usage location must be configured on a user account before you can assign licenses to the user.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback

 

NEW QUESTION 93
You have a Microsoft 365 subscription that contains several Microsoft SharePoint Online sites.
You discover that users from your company can invite external users to access files on the SharePoint sites.
You need to ensure that the company users can invite only authenticated guest users to the sites.
What should you do?

  • A. From the SharePoint admin center, configure the sharing settings.
  • B. From SharePoint Online Management Shell, run the Set-SPOSitecmdlet.
  • C. From the Microsoft 365 admin center, configure a partner relationship.
  • D. From the Azure Active Directory admin center, configure a conditional access policy.

Answer: A

Explanation:
You need to set the Sharing settings to 'Existing Guests'. This setting allows sharing only with guests who are already in your directory. These guests may exist in your directory because they previously accepted sharing invitations or because they were manually added.
Reference:
https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off

 

NEW QUESTION 94
You have a Microsoft 365 subscription that uses a default named contoso.com.
Three files were created on February 1, 2019, as shown in the following table.

On March 1, 2019, you create two retention labels named Label1 and label2.
The settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.) Label 1

The settings for Label2 are configured as shown in the Label1 exhibit. (Click the Label2 tab.) Label 2

You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: No
Retention overrides deletion.
Box 2: No
Content in a document library will be moved to the first-stage Recycle Bin within 7 days of disposition, and then permanently deleted another 93 days after that. Thus 100 days in total.
Box 3: No
Items in an Exchange mailbox will be permanently deleted within 14 days of disposition.
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews

 

NEW QUESTION 95
......


How You Can Level-up Your Career Further?

Passing the Microsoft MS-100 exam helps one become an Enterprise expert. Hierarchy-wise, this is the highest certification that one can earn related to Microsoft 365. However, you can explore other areas of expertise like Azure and Windows to level-up the career.

Microsoft has a lot to offer. Just pass this exam and have endless opportunities afterward.

 

Real Microsoft MS-100 Exam Questions [Updated 2022]: https://www.pass4sures.top/Microsoft-365/MS-100-testking-braindumps.html

Prepare MS-100 Question Answers - MS-100 Exam Dumps: https://drive.google.com/open?id=1eMx8abSNoaARf-nzxvQdUC6mz2YYXQ-0

Related Articles

more
Microsoft MS-100 Certification Practice Exam