Pass Microsoft MS-100 exam with latest practice questions, Update today
Want to know if the Microsoft MS-100 certification is worth getting, and want to know the experience of getting this certification? Don’t worry, I’ll tell you here. Obtaining certification has many benefits, and salary increases and promotions are possible. The point is how to get it successfully? It is strongly recommended to practice MS-100 practice test questions! When you reach more than 90% on the MS-100 practice test, you can definitely pass the exam with confidence.
Get the newest MS-100 practice test questions for Microsoft MS-100 dumps https://www.pass4itsure.com/ms-100.html (Q&As: 352).
Try Microsoft certification MS-100 free practice test now:
QUESTION 1
You have the Microsoft Azure Active Directory (Azure AD) users shown in the following table.
You create a conditional access policy that has the following settings: The Assignments settings are configured as follows:
-Users and groups: Group1
-Cloud apps: Exchange Online
-Conditions: Include All device states, exclude Device marked as compliant Access controls is set to Block access.
For each of the following statements, select yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1:
Yes. User1 is in Group1. The Conditional Access Policy applies to Group1. The Conditional Access Policy blocks access unless the device is marked as compliant.
BitLocker is disabled for Device1. Device1 is in Group3 which is assigned device Policy1. The BitLocker policy in Policy1 is ‘not configured’ so BitLocker is not required.
Therefore, Device1 is compliant so User1 can access Exchange online from Device1.
Box 2:
No. User1 is in Group1. The Conditional Access Policy applies to Group1. The Conditional Access Policy blocks access unless the device is marked as compliant.
BitLocker is disabled for Device2. Device2 is in Group4 which is assigned device Policy2. The BitLocker policy in Policy2 is ‘Required so BitLocker is required.
Therefore, Device2 is not compliant so User1 cannot access Exchange online from Device2.
Box3:
Yes. User2 is in Group2. The Conditional Access Policy applies to Group1. The Conditional Access Policy does not apply to Group2. So even though Device2 is non-compliant, User2 can access Exchange Online using Device2 because there is no Conditional Access Policy preventing him/her from doing so.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions
QUESTION 2
Your company has a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
The tenant includes a security group named Admin1. Admin1 will be used to manage administrative accounts. You need to identify which users can perform the following administrative tasks:
1. Create a guest user account
2. Add User3 to Admin1
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
A User Administrator is the only role listed that can create user accounts included Guest user accounts. A Global Administrator can also create user accounts. A User Administrator is also the only role listed that can modify the group membership of users.
QUESTION 3
Your network contains an on-premises Active Directory domain. The domain contains 2,000 computers that run Windows 10.
You purchase a Microsoft 365 subscription.
You implement password hash synchronization and Azure Active Directory (Azure AD) Seamless Single Sign-On (Seamless SSO).
You need to ensure that users can use Seamless SSO from Windows 10 computers.
What should you do?
A. Create a conditional access policy in Azure AD.
B. Deploy an Azure AD Connect staging server.
C. Join the computers to Azure AD.
D. Modify the Intranet zone settings by using Group Policy
Correct Answer: D
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
QUESTION 4
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Monitoring and reports from the Compliance admin center.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
Depending on what your organization\’s Office 365 subscription includes, the Dashboard in Security and Compliance includes several widgets, such as Threat Management Summary, Threat Protection Status, Global Weekly Threat Detections, Malware, etc.
The Compliance admin center in Microsoft 365 contains much of the same information but also includes additional entries focusing on alerts, data insights.
The Monitoring and reports section from the Compliance admin center does not display a list of the features that were recently updated in the tenant so this solution does not meet the goal.
To meet the goal, you need to use the Message center in the Microsoft 365 admin center.
Reference:
https://docs.microsoft.com/en-us/office365/admin/manage/message-center?view=o365-worldwide
QUESTION 5
Your network contains an on-premises Active Directory domain named Contoso. local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You plan to implement pass-through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication.
Which three actions should you perform? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. Modify the email address attribute for each user account.
B. From the Azure portal, add a custom domain name.
C. From Active Directory Domains and Trusts, add a UPN suffix.
D. Modify the User logon name for each user account.
E. From the Azure portal, configure an authentication method.
F. From a domain controller, install an Authentication Agent.
Correct Answer: BCF
To implement pass-through authentication, you need to install and configure Azure AD Connect.
The on-premise Active Directory domain is named Contoso. local. Before you can configure Azure AD Connect, you need to purchase a routable domain, for example, contoso.com. You then need to add the domain contoso.com to Microsoft as a custom domain name.
The user accounts in the Active Directory domain need to be configured to use the domain name contoso.com as a UPN suffix. You need to add contoso.com to the Active Directory first by using Active Directory Domains and Trusts to add contoso.com add a UPN suffix. You can then configure each account to use the new UPN suffix.
An Authentication Agent is required on a domain controller to perform the authentication when pass-through authentication is used.
When the custom domain and user accounts are configured, you can install and configure Azure AD Connect. An Authentication Agent is installed when you select the pass-through authentication option in the Azure AD Connect configuration or you can install the Authentication Agent manually.
Reference: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
QUESTION 6
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Directory (Azure AD) tenant named Contoso. Microsoft, com.
You plan to establish federation authentication between on-premises Active Directory and the Azure AD tenant by using Active Directory Federation Services (AD FS).
You need to establish a federation.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
The on-premises Active Directory domain is named contoso.com. Before you can configure federation authentication between on-premises Active Directory and the Azure AD tenant, you need to add the domain contoso.com to Microsoft 365.
You do this by adding a custom domain name.
The next step is to establish the federation. You can configure AD FS by using Azure AD Connect.
QUESTION 7
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes the users
shown in the following table.
Group2 is a member of Group1.
You assign a Microsoft Office 365 Enterprise E3 license to Group1.
How many Office 365 E3 licenses are assigned?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
Group-based licensing currently does not support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied.
Therefore, User2 will not be assigned a license.
When Azure AD assigns group licenses, any users without a specified usage location inherit the location of the directory. Therefore, User3 will be assigned a license and his usage location will be set to the location of the directory.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-group-advanced
QUESTION 8
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. A user named User1 has files on a Windows 10 device is shown in the following table.
In Azure Information Protection, you create a label named Label1 that is configured to apply automatically. Label1 is configured as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct
selection is worth one point.
Hot Area:
The phrase to match is “im” and it is case sensitive. The phrase must also appear at least twice.
Box 1: No
File1.docx contain the word “import” once only
Box 2: Yes
File2.docx contains two occurrences of the word “import” as well as the word “imported”
Box 3: No
File3.docx contains “IM” but he is not the correct letter case.
References:
https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-classification
QUESTION 9
SIMULATION
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn\’t matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information Use the following login credentials as needed:
To enter your username, place your cursor in the Sign inbox and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: 3andYWyjse-6-d
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 10887751
You hire a new Microsoft 365 administrator named Nestor Wilke. Nestor Wilke will begin working for your organization in several days.
You need to ensure that Nestor Wilke is prevented from using his account until he begins working.
A. See below.
Correct Answer: A
You need to sign in status for the account to ‘Blocked’. Blocking doesn\’t stop the account from receiving email and it doesn\’t deletes any data.
1. On the home page of the Microsoft 365 admin center, type the user\’s name into the Search box.
2. Select the Nestor Wilke account in the search results.
3. In the ‘Sign-in status’ section of the account properties, click the Edit link.
4. Select ‘Block the user from signing in and click the Save button.
QUESTION 10
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speed Internet connection. All the branch offices connect to the Internet by using the
main office connection.
Users use Microsoft Outlook 2016 to connect to a Microsoft Exchange Server mailbox hosted in the main office.
The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.
You create a Microsoft 365 subscription and then migrate all the user data to Microsoft 365.
You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.
Solution: You deploy a site-to-site VPN from each branch office to Microsoft Azure.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
The question states that the branch offices connect to the Internet by using the main office connections. Therefore, all Internet traffic goes over the WAN link between the branch office and the main office. After the migration, the users connect to their mailboxes hosted in Exchange Online over the Internet and therefore over the WAN link.
If the WAN link goes down, the branch office users will not be able to connect to the Internet and therefore will not be able to access their email using Outlook.
A site-to-site VPN from each branch office to Microsoft Azure would still use the WAN link so this answer does achieve the goal.
The solution is to add a direct connection to the Internet from the branch offices, so their Internet traffic does not go over the WAN link.
QUESTION 11
HOTSPOT
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD) by using the Azure AD Connect Express Settings. Password writeback is disabled.
You create a user named User1 and enter Pass in the Password field as shown in the following exhibit.
The Azure AD password policy is configured as shown in the following exhibit.
Hot Area:
Box 1: Yes
The question states that User1 is synced to Azure AD. This tells us that the short password (Pass) meets the on-premise Active Directory password policy and you were able to create the on-premise account for User1. The on-premise Active Directory password policy applies over the Azure AD password policy for synced user accounts.
Box 2: No
Self-Service Password Reset would need to be configured.
Box 3: Yes
The password for the Azure AD User1 account will expire after 90 days according to the Azure AD password policy. If the on-premise password policy has a shorter password expiration period, User1 would have the change his/her on-premise AD password. The new password would then sync to Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express
QUESTION 12
Your company recently purchased a Microsoft 365 subscription.
You enable Microsoft Azure Multi-Factor Authentication (MFA) for all 500 users in the Azure Active Directory (Azure AD) tenant.
You need to generate a report that lists all the users who completed the Azure MFA registration process.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. From Azure Cloud Shell, run the Get-AzureADUser cmdlet.
B. From Azure Cloud Shell, run the Get-MsolUser cmdlet.
C. From the Azure Active Directory admin center, use the Usage and insights blade.
D. From the Azure Active Directory admin center, use the Risky sign-ins blade.
Correct Answer: B
You can use the Get-MsolUser cmdlet to generate a report that lists all the users who completed the Azure MFA registration process.
The full command would look like this:
Get-MsolUser -All | Where-Object {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting
QUESTION 13
You have a Microsoft 365 subscription that uses a default named contoso.com. Three files were created on February 1, 2019, as shown in the following table.
On March 1, 2019, you create two retention labels named Label1 and label2.
The settings for Label1 are configured as shown in the Label1 exhibit. (Click the Label1 tab.) Label 1
The settings for Label2 are configured as shown in the Label1 exhibit. (Click the Label2 tab.) Label 2
You apply the retention labels to Exchange email, SharePoint sites, and OneDrive accounts. For each of the following
statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No Retention overrides deletion.
Box 2: No
Content in a document library will be moved to the first-stage Recycle Bin within 7 days of disposition, and then permanently deleted another 93 days after that. Thus 100 days in total.
Box 3: No
Items in an Exchange mailbox will be permanently deleted within 14 days of disposition.
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/labels
https://docs.microsoft.com/en-us/office365/securitycompliance/disposition-reviews
QUESTION 14
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear on the review screen.
You have a Microsoft 365 subscription.
You need to prevent users from accessing your Microsoft SharePoint Online sites unless the users are connected to your on-premises network.
Solution: From the Microsoft 365 admin center, you configure the Organization profile settings.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
You need to configure a trusted location and a conditional access policy.
Conditional Access in SharePoint Online can be configured to use an IP Address white list to allow access.
QUESTION 15
You have an on-premises web application that is published by using a URL of https://app.contoso.local.
You purchase a Microsoft 365 subscription.
Several external users must be able to connect to the web application.
You need to recommend a solution for external access to the application. The solution must support multi-factor authentication.
Which two actions should you recommend? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.
A. From an on-premises server, install a connector and then publish the app.
B. From the Azure Active Directory admin center, enable an Application Proxy.
C. From the Azure Active Directory admin center, create a conditional access policy.
D. From an on-premises server, install an Authentication Agent.
E. Republish the web application by using https://app.contoso.com.
Correct Answer: AB
Azure Active Directory (Azure AD) has an Application Proxy service that enables users to access on-premises applications by signing in with their Azure AD account. The application proxy enables you to take advantage of Azure AD security features like Conditional Access and Multi-Factor Authentication.
To use Application Proxy, install a connector on each Windows server you\\’re using with the Application Proxy service.
The connector is an agent that manages the outbound connection from the on-premises application servers to the Application Proxy in Azure AD.
MS-100 exam questions PDF download free
MS-100 exam PDF: https://drive.google.com/file/d/1Cylek7qazmaNFvx-serNjeg9-m_aRI2s/view?usp=sharing Pass4itSure MS-100 dumps pdf practice questions share!
Pass Microsoft MS-100 exam with latest practice questions and Pass4itSure expert guidance. The latest MS-100 exam dumps contain the required practice tests here:https://www.pass4itsure.com/ms-100.html (PDF + VCE).
Hope everyone who tries the exam can succeed.