Download Exam MS-100 Practice Test Questions with 100% Verified Answers [Q20-Q45]

Download Exam MS-100 Practice Test Questions with 100% Verified Answers

Share Latest MS-100Test Practice Test Questions, Exam Dumps

The MS-100 certification exam is an essential step for IT professionals who want to demonstrate their expertise in Microsoft 365 identity and services. Microsoft 365 Identity and Services certification exam focuses on various topics, including user and group management, device management, authentication and access management, and Office 365 services administration. MS-100 course materials are designed to provide candidates with an in-depth understanding of Microsoft 365 services, including Exchange Online, SharePoint Online, OneDrive for Business, and Microsoft Teams.

 

NEW QUESTION # 20
You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

You enable self-service password reset for all users. You set Number of methods required to reset to 1, and you set Methods available to users to Security questions only.
What information must be configured for each user before the user can perform a self-service password reset? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-password-policy-differences

NEW QUESTION # 21
You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table.

Your company uses Microsoft Intune.
Several devices are enrolled in Intune as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

You create a conditional access policy that has the following settings:
The Assignments settings are configured as follows:
- Users and groups: Group1
- Cloud apps: Exchange Online
- Conditions: Include All device state, exclude Device marked as compliant Access controls is set to Block access.
For each of the following statements, select yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions

NEW QUESTION # 22
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: oL9z0=?Nq@ox
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11098651

You recently discovered that several users in your organization have permissions on the mailbox of another user in the organization.
You need to ensure that Lee Gu receives a notification when a user is granted permissions on another user's mailbox.
To answer the question, sign in to the Microsoft 365 portal.

Answer:

Explanation:
See explanation below.
Explanation
Create an activity alert
1. Go to https://protection.office.com/managealerts.
2. Sign in to Office 365 using your work or school account.
3. On the Activity alerts page, click + New.The flyout page to create an activity alert is displayed.

4. Complete the following fields to create an activity alert:
* Name - Type a name for the alert. Alert names must be unique within your organization.
* Description (Optional) - Describe the alert, such as the activities and users being tracked, and the users that email notifications are sent to. Descriptions provide a quick and easy way to describe the purpose of the alert to other admins.
* Alert type - Make sure the Custom option is selected.
* Send this alert when - Click Send this alert when and then configure these two fields:
- Activities - Click the drop-down list to display the activities that you can create an alert for. This is the same activities list that's displayed when you search the Office 365 audit log. You can select one or more specific activities or you can click the activity group name to select all activities in the group. For a description of these activities, see the "Audited activities" section in Search the audit log. When a user performs any of the activities that you've added to the alert, an email notification is sent.
- Users - Click this box and then select one or more users. If the users in this box perform the activities that you added to the Activities box, an alert will be sent. Leave the box blank to send an alert when any user in your organization performs the activities specified by the alert.
* Send this alert to - Click Send this alert Recipients box and type a name to add a users who will receive an email notification when a user (specified in the Users box) performs an activity (specified in the Activities box). Note that you are added to the list of recipients by default. You can remove your name from this list.
5. Click Save to create the alert.The new alert is displayed in the list on the Activity alerts page.

The status of the alert is set to On. Note that the recipients who will received an email notification when an alert is sent are also listed.
References:
https://docs.microsoft.com/en-us/microsoft-365/compliance/create-activity-alerts?view=o365-worldwide

NEW QUESTION # 23
Your network contains an on-premises Active Directory domain named Contoso.com.
Your company purchases a Microsoft 365 subscription and establishes a hybrid deployment of Azure Directory (Azure AD) by using password hash synchronization.
You create a new user User10 on-premises and a new user named User20 in Azure AD.
You need to identify where an administrator can reset the password of each new user.
What should you identify? To answer select the appropriate option in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 24
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the

You need to reduce the likelihood that the sign-ins are identified as risky.
What should you do?

• A. From the Security & Compliance admin center, create a classification label.
• B. From the Security & Compliance admin center, add the users to the Security Readers role group.
• C. From the Conditional access blade in the Azure Active Directory admin center, create named locations.
• D. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.

Answer: C

Explanation:
Explanation
A named location can be configured as a trusted location. Typically, trusted locations are network areas that are controlled by your IT department. In addition to Conditional Access, trusted named locations are also used by Azure Identity Protection and Azure AD security reports to reduce false positives for risky sign-ins.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

NEW QUESTION # 25
Your company has 500 client computers that run Windows 10.
You plan to deploy Microsoft Office 365 ProPlus to all the computers.
You create the following XML file for the planned deployment.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 26
Your company has a Microsoft 365 tenant.
You plan to allow users from the engineering department to enroll their mobile device in mobile device management (MDM).
The device type restrictions are configured as shown in the following table.

The device limit restrictions are configured as shown in the following table.

What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

NEW QUESTION # 27
You have a Microsoft 365 subscription.
You need to implement Windows Defender Advanced Threat Protection (ATP) for all the supported devices enrolled devices enrolled on mobile device management (MDM).
What should you include in the device configuration profile? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
References:
https://docs.microsoft.com/en-us/intune/advanced-threat-protection

NEW QUESTION # 28
You have a Microsoft 365 tenant that contains Microsoft Exchange Online.
You plan to enable calendar sharing with a partner organization named adatum.com. The partner organization also has a Microsoft 365 tenant.
You need to ensure that the calendar of every user is available to the users in adatum.com immediately.
What should you do?

• A. From the Microsoft 365 admin center, configure external site sharing.
• B. From the Exchange admin center, create a new organization relationship
• C. From the Microsoft 365 admin center, modify the Organization profile settings.
• D. From the Exchange admin center, create a sharing policy.

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/exchange/sharing/organization-relationships/create-an-organization-relationship

NEW QUESTION # 29
You need to meet the technical requirements for the user licenses.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 30
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: *yfLo7Ir2&y-
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently implemented a new data retention policy. The policy requires that all files stored in an employee's Microsoft OneDrive folders be retained for 60 days after the employee is terminated from the organization.
The human resources (HR) department of the organization deletes the user accounts of all terminated employees.
You need to ensure that the organization meets the requirements of the data retention policy.

Answer:

Explanation:
See explanation below.
Explanation
You need to configure the OneDrive retention period for deleted users.
1. Go to the OneDrive admin center.
2. Select Storage.
3. Set the "Days to retain files in OneDrive after a user account is marked for deletion" option to 60.
4. Click Save to save the changes.
References:
https://docs.microsoft.com/bs-latn-ba/onedrive/set-retention

NEW QUESTION # 31
You create a Microsoft 365 subscription.
You plan to deploy Microsoft Office 365 ProPlus applications to all the client computers at your company.
You prepare the following XML file for the planned deployment.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/deployoffice/configuration-options-for-the-office-2016-deployment-tool#updat
https://docs.microsoft.com/en-us/deployoffice/overview-of-update-channels-for-office-365-proplus

NEW QUESTION # 32
You are evaluating the use of multi-factor authentication (MFA).
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-mfa-policy
https://blog.admindroid.com/configuring-and-managing-mfa-in-office-365/

NEW QUESTION # 33
You have a Microsoft 365 subscription and a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com contains the users shown in the following table.

Contoso.com is configured as shown in the following exhibit.

You need to ensure that guest users can be created in the tenant.
Which setting should you modify?

• A. Guest users permissions are limited.
• B. Members can invite.
• C. Admins and users in the guest inviter role can invite.
• D. Guests can invite.
• E. Deny invitations to the specified domains

Answer: C

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions

NEW QUESTION # 34
Your network contains an on-premises Active Directory domain named contoso.com that syncs to Azure Active Directory (Azure AD).
You have users in contoso.com as shown in the following table.

The users have the passwords shown in the following table.

You implement password protection as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE:Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: No
User1's password contains the banned password 'Contoso'. However, User1 will not be required to change his password at next sign in. When the password expires or when User1 (or an administrator) changes the password, the password will be evaluated and will have to meet the password requirements.
Box 2: Yes
Password evaluation goes through several steps including normalization and Substring matching which is used on the normalized password to check for the user's first and last name as well as the tenant name.
Normalization is the process of converting common letter substitutes into letters. For example, 0 converts to o.
$ converts to s. etc.
The next step is to identify all instances of banned passwords in the user's normalized new password. Then:
* Each banned password that is found in a user's password is given one point.
* Each remaining unique character is given one point.
* A password must be at least five (5) points for it to be accepted.
'C0nt0s0' becomes 'contoso' after normalization. Therefore, C0nt0s0_C0mplex123 contains one instance of the banned password (contoso) so that equals 1 point. After 'contoso', there are 11 unique characters.
Therefore, the score for 'C0nt0s0_C0mplex123' is 12. This is more than the required 5 points so the password is acceptable.
Box 3:
The 'Password protection for Windows Server Active Directory' is in 'Audit' mode. This means that the password protection rules are not applied. Audit mode is for logging policy violations before putting the password protection 'live' by changing the mode to 'enforced'.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-password-ban-bad

NEW QUESTION # 35
You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You enable Microsoft 365 usage analytics tor Microsoft Power Bl.
Which users can use Power Bl to connect to Microsoft 365 usage analytics and review usage analytics reports?

• A. Admin 1 and Admin2 only
• B. Admin1, Admm2, and Admm3 only
• C. Admm1, Admm2, Admin3, and Admin4
• D. Admin3 and Admin4 only
• E. Admin3 only

Answer: A

NEW QUESTION # 36
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain.
You deploy a Microsoft Azure Active Directory (Azure AD) tenant.
Another administrator configures the domain to synchronize to Azure AD.
You discover that 10 user accounts in an organizational unit (OU) are NOT synchronized to Azure AD. All the other user accounts synchronized successfully.
You review Azure AD Connect Health and discover that all the user account synchronizations completed successfully.
You need to ensure that the 10 user accounts are synchronized to Azure AD.
Solution: You run idfix.exe and report the 10 user accounts.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

Explanation:
The question states that "all the user account synchronizations completed successfully". If there were problems with the 10 accounts that needed fixing with idfix.exe, there would have been synchronization errors in Azure AD Connect Health.
It is likely that the 10 user accounts are being excluded from the synchronization cycle by a filtering rule.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering

NEW QUESTION # 37
Your company has a Microsoft 365 subscription that has multi-factor authentication configured for all users.
Users that connect to Microsoft 365 services report that they are prompted for multi-factor authentication multiple times a day.
You need to reduce the number of times the users are prompted for multi-factor authentication on their company-owned devices.
What should you do?

• A. Enable the multi-factor authentication trusted IPs setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).
• B. Enable the multi-factor authentication trusted IPs setting, and then verify each device as a trusted device.
• C. Enable the remember multi-factor authentication setting, and then verify each device as a trusted device.
• D. Enable the remember multi-factor authentication setting, and then join all client computers to Microsoft Azure Active Directory (Azure AD).

Answer: C

Explanation:
The remember Multi-Factor Authentication feature for devices and browsers that are trusted by the user is a free feature for all Multi-Factor Authentication users. Users can bypass subsequent verifications for a specified number of days, after they've successfully signed-in to a device by using Multi-Factor Authentication. The feature enhances usability by minimizing the number of times a user has to perform two-step verification on the same device.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings

NEW QUESTION # 38
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You have three applications App1, App2, App3. The Apps use files that have the same file extensions.
Your company uses Windows Information Protection (WIP). WIP has the following configurations:
Windows Information Protection mode: Silent
Protected apps: App1
Exempt apps: App2
From App1, you create a file named File1.
What is the effect of the configurations? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/intune/apps/windows-information-protection-policy-create
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure

NEW QUESTION # 39
You have a Microsoft 365 subscription that uses an Azure Active Directory (Azure AD) tenant named contoso.com. The tenant contains the Windows 10 devices shown in the following table.

All the devices are managed by using Microsoft Endpoint Manager and are members of a group named Group1.
From the Microsoft Endpoint Manager admin center, you create an app suite named App1 for Microsoft Office
365 apps.
You configure the App1 settings as shown in the exhibit. (Click the Exhibit tab.)

You assign App1 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Box 1: No
Device1 is x86 (32-bit) so Office 365 will not be installed.
Box 2: Yes
Device2 is x64 (64-bit) so Office 365 will be installed. The German language pack will be installed and the OS language pack (English) will be installed.
Box 3: Yes
Device2 is x64 (64-bit) so Office 365 will be installed. The German language pack will be installed and the OS language pack (French) will be installed.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-office365

NEW QUESTION # 40
Your company has a Microsoft 365 tenant.
You plan to allow users from the engineering department to enroll their mobile device in mobile device management (MDM).
The device type restrictions are configured as shown in the following table.

The device limit restrictions are configured as shown in the following table.

What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set

NEW QUESTION # 41
You receive the following JSON document when you use Microsoft Graph to query the current signed-in user.

Answer:

Explanation:

NEW QUESTION # 42
You have a Microsoft 365 E5 subscription that contains a group named Group1. The subscription is linked to an Azure AD tenant named contoso.com. The Identity Governance settings for contoso.com are configured as shown in the following table.

On March 1, 2022, you invite the guest users shown in the following table to contoso.com.

On March 2, 2022, you add Guest1 to Group 1.
On March 5, 2022, you create an access package named Package1 that has the following settings:
* Resource roles
o Name:Group1
o Type: Group and Team
o Role: Member
* Lifecycle
o Access package assignments expire: On date o Assignment expiration date: March 20, 2022 On March 5, 2022, you assign Package1 to the guest users shown in the following table.

On March 6, 2022, you assign the Reports reader role to Guest3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Answer:

Explanation:

Explanation

NEW QUESTION # 43
Your network contains an on-premises Active Directory domain.
You have a Microsoft 365 E5 subscription.
You plan to implement directory synchronization.
You need to identify potential synchronization issues for the domain. The solution must use the principle of least privilege What should you use? To answer, select the appropriate options in the answer area.

Answer:

Explanation:

NEW QUESTION # 44
You have a Microsoft 365 subscription.
You create an alert policy as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

NEW QUESTION # 45
......

Positive Aspects of Valid Dumps MS-100 Exam Dumps!: https://easypass.examsreviews.com/MS-100-pass4sure-exam-review.html