Everything is to make you enjoy learning happily! The fun of practicing on your desktop computer or mobile device with our latest and complete Microsoft MS-100 exam dumps will help you easily earn a high score of 700+ and successfully pass the Microsoft 365 Identity and Services exam. Earnestly study our latest Microsoft MS-100 exam dumps of questions and answers, and believe Pass4itSure.com, you won’t regret it!
The latest and most accurate Microsoft MS-100 questions, MS-100 correct answers and resolutions reviewed by our experts >>> Complete Microsoft MS-100 exam dumps https://www.pass4itsure.com/ms-100.html
The official Microsoft 365 Identity and Services MS-100 exam passing score is 700. Test candidates’ ability to design and implement Microsoft 365 services; manage user identity and roles; manage access and authentication; and plan Office 365 workloads and applications.
Where can I find free Microsoft MS-100 exam questions? You are in the right place! Below is a collection of the latest MS-100 exercises (PDF and online test) to share with you:
Download the MS-100 exam dumps PDF exercise file for free
Latest MS-100 exam dumps PDF (new questions added) https://drive.google.com/file/d/1t0cJqRAocx5La9QCT_cyRBu5mQtXQ9kA/view?usp=sharing
[2021] https://drive.google.com/file/d/1Cylek7qazmaNFvx-serNjeg9-m_aRI2s/view?usp=sharing
[2020] https://drive.google.com/file/d/1dWpT2TlUYHqdrO5U9qzKtHYzMtEOqcQX/view?usp=sharing
Get started for free – 13 unique questions with explanations on the full MS-100 mock test are waiting for you, get it now!
Q1.
Your company has offices in several cities and 100,000 users.
The network contains an Active Directory domain named contoso.com.
You purchase Microsoft 365 and plan to deploy several Microsoft 365 services.
You are evaluating the implementation of pass-through authentication and seamless SSO. Azure AD Connect will NOT
be in staging mode.
You need to identify the redundancy limits for the planned implementation.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Azure AD Connect can be active on only one server. You can install Azure AD Connect on another server for
redundancy but the additional installation would need to be in Staging mode. An Azure AD connect installation in
Staging mode is configured and ready to go but it needs to be manually switched to Active to perform directory synchronization. Azure authentication agents can be installed on as many servers as you like.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
Q2.
You need to consider the underlined segment to establish whether it is accurate.
Your company user data is stored shares hosted by file servers located in their on-premises network.
You have been tasked with migrating the user data to a Microsoft 365 subscription. Yu want to make sure that the user
data is imported into Microsoft OneDrive.
To achieve your goal, you should make use of the SharePoint Migration Tool.
Select adjustment required if the underlined segment is accurate. If the underlined segment is inaccurate, select the
accurate option.
What should you include in the recommendation?
A. No adjustment required.
B. Office Deployment Tool (ODT).
C. Run the SharePoint Hybrid Configuration Wizard.
D. Windows Server Migration Tool.
Correct Answer: A
References: https://docs.microsoft.com/en-us/sharepointmigration/introducing-the-sharepoint-migration-tool
Q3.
You have a Microsoft 365 tenant.
You have a line-of-business application named App1 that users access by using the My Apps portal.
After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access
App Control.
You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts
are generated for App1 only. What should you do?
A. From Microsoft Cloud App Security, modify the impossible travel alert policy.
B. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.
C. From the Azure Active Directory admin center, modify the conditional access policy.
D. From Microsoft Cloud App Security, create an app discovery policy.
Correct Answer: A
Impossible travel detection identifies two user activities (is a single or multiple sessions) originating from geographically distant locations within a time period shorter than the time it would have taken the user to travel from the first location to the second. We need to modify the policy so that it applies to App1 only.
Reference:
https://docs.microsoft.com/en-us/cloud-app-security/anomaly-detection-policy
Q4.
Your company has an Enterprise E5 subscription of Microsoft 365.
You have been tasked with making sure that sales department users are compelled to make use of multi-factor
authentication for all cloud-based applications.
Which of the following actions should you take?
A. You should create an DLP.
B. You should create a new app registration.
C. You should create a session policy.
D. You should create a sign-in risk policy.
Correct Answer: D
References: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy
Q5.
HOTSPOT
You create a conditional access policy that has the following configurations:
1. Users and groups assignment: All users
2. Cloud apps assignment: App1
3. Conditions: Include all trusted locations
4. Grant access: require multi-factor authentication
For each of the following statements, select Yes if the statement is true. otherwise, select No.
NOTE: Each correct selection is worth one point.
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the
following table.
Box 1: Yes
131.107.50.10 is in a Trusted Location so the conditional access policy applies. The policy requires MFA. However,
User1\’s MFA status is disabled. The MFA requirement in the conditional access policy will override the user\’s MFA
status of disabled. Therefore, User1 must use MFA.
Box 2: Yes.
131.107.20.15 is in a Trusted Location so the conditional access policy applies. The policy requires MFA so User2 must
use MFA.
Box 3: Yes.
131.107.5.5 is an MFA Trusted IP so that counts as a Trusted Location in the conditional access policy. The “All
Trusted Locations” setting includes MFA Trusted IPs. Therefore, the conditional access policy applies so User2 must
use MFA.
Q6.
You have a Microsoft Power Platform production environment that contains a custom model-driven Microsoft Power
Apps app. How many days will system backups be retained for the environment?
A. 7
B. 14
C. 28
D. 90
Correct Answer: C
All your environments, except Trial environments (standard and subscription-based), are backed up. System backups
for production environments that have been created with a database and have one or more Dynamics 365 applications
installed are retained up to 28 days.
System backups for production environments which do not have Dynamics 365
applications deployed in them will be retained for 7 days. System backups for sandbox environments will be retained for 7 days.
Reference: https://docs.microsoft.com/en-us/power-platform/admin/backup-restore-environments
Q7.
HOTSPOT
You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
You enable self-service password reset for all users. You set Number of methods required to reset to 1, and you set
Methods available to users to Security questions only.
What information must be configured for each user before the user can perform a self-service password reset? To
answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Microsoft enforces a strong default two-gate password reset policy for any Azure administrator role. This policy may be
different from the one you have defined for your users and cannot be changed. You should always test password reset
functionality as a user without any Azure administrator roles assigned.
With a two-gate policy, administrators don\’t have the ability to use security questions.
The two-gate policy requires two pieces of authentication data, such as an email address, authenticator app, or a phone number. User3 is not assigned to an Administrative role so the configured method of Security questions only applies to User3.
Q8.
You have a Microsoft 365 subscription.
You plan to enable Microsoft Azure Information Protection.
You need to ensure that only the members of a group named PilotUsers can protect content.
What should you do?
A. Run the Add-AadrmRoleBaseAdministrator cmdlet.
B. Create an Azure Information Protection policy.
C. Configure the protection activation status for Azure Information Protection.
D. Run the Set-AadrmOnboardingControlPolicy cmdlet.
Correct Answer: D
If you don\’t want all users to be able to protect documents and emails immediately by using Azure Rights
Management, you can configure user onboarding controls by using the Set-AadrmOnboardingControlPolicy
Reference: https://docs.microsoft.com/en-us/azure/information-protection/activate-service
Q9.
Your network contains an Active Directory forest. The forest contains two domains named contoso.com and
adatum.com.
Your company recently purchased a Microsoft 365 subscription.
You deploy a federated identity solution to the environment.
You use the following command to configure contoso.com for federation. Convert-MsolDomaintoFederated ?omainName contoso.com
In the Microsoft 365 tenant, an administrator adds and verifies the adatum.com domain name.
You need to configure the adatum.com Active Directory domain for federated authentication.
Which two actions should you perform before you run the Azure AD Connect wizard? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From Windows PowerShell, run the Convert-MsolDomaintoFederated?omainName contoso.com
?upportMultipleDomain command.
B. From Windows PowerShell, run the New-MsolFederatedDomain?upportMultipleDomain -DomainName contoso.com
command.
C. From Windows PowerShell, run the New-MsolFederatedDomain -DomainName adatum.com command.
D. From Windows PowerShell, run the Update-MSOLFederatedDomain?omainName contoso.com
?upportMultipleDomain command.
E. From the federation server, remove the Microsoft Office 365 relying party trust.
Correct Answer: AE
When the Convert-MsolDomaintoFederated ?omainName contoso.com command was run, a relying party trust was
created. Adding a second domain (adatum.com in this case) will only work if the SupportMultipleDomain switch was used when the initial federation was configured by running the Convert-MsolDomaintoFederated ?omainName contoso.com command.
Therefore, we need to start again by removing the relying party trust then running the Convert-MsolDomaintoFederated command again with the SupportMultipleDomain switch.
Q10.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You review the Windows release health in the Microsoft 365 admin center.
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
Q11.
Your company has a Microsoft 365 tenant.
You plan to allow users from the engineering department to enroll their mobile device in mobile device management
(MDM). The device type restrictions are configured as shown in the following table.
What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
When multiple policies are applied to groups that users are a member of, only the highest priority (lowest number) policy applies.
In this case, the Engineering users are assigned two device type policies (the default policy and the priority 2 policy).
The priority 2 policy has a higher priority than the default policy so the Engineers’ allowed platform is Android only.
The engineers have two device limit restrictions policies applied them. The priority1 policy is a higher priority than the
priority2 policy so the priority1 policy device limit (15) applies.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set
Q12.
Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in
the following table.
A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1,
App2, and App3 all open files that have the .abc file extension. You implement Windows Information Protection (WIP) by using the following configurations:
1. Exempt apps: App2
2. Protected apps: App1
3. Windows Information Protection mode: Block
4. Network boundary: IPv4 range of 192.168.1.1-192.168.1.255
You need to identify the apps from which you can open File1.abc
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Box 1: Yes.
App1 is a protect app in the Windows Information Protection policy. File1 is stored on Server1 which is in the Network
Boundary defined in the policy. Therefore, you can open File1 in App1.
Box 2: Yes.
App2 is exempt in the Windows Information Protection policy. The protection mode in the policy is block so all apps that are not included in the policy cannot be used to open the file… except for exempt apps. Therefore, you can open File1 in App2.
Box 3: No.
The protection mode in the policy is block so all apps that are not included in the policy as protected apps or listed as
exempt from the policy cannot be used to open the file. Therefore, you cannot open File from in App3.
Q13.
Your network contains the servers shown in the following table.
You purchase Microsoft 365 Enterprise E5 and plan to move all workloads to Microsoft 365 by using a hybrid identity
solution and a hybrid deployment for all workloads.
You need to identify which server must be upgraded before you move to Microsoft 365.
What should you identify?
A. Server2
B. Server3
C. Server5
D. Server1
E. Server4
Correct Answer: B
Exchange Server 2007 is not supported for a hybrid deployment.
Reference: https://docs.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites
……
For more Microsoft certification exam practice questions, click here
This article attempts to summarize all the MS-100 exam dumps questions and practice tests to help you pass the exam. If you have any unclear questions about the MS-100 exam dumps, please feel free to ask questions and I will help you. I will update this article frequently to bring you the latest information about this exam.
Latest Microsoft Role-based MS-100 exam complete dumps 2022 Update: https://www.pass4itsure.com/ms-100.html PDF+VCE
