Down To Date MS-100 Item Pool 2021

NEW QUESTION 1

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals- Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As m result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirement.
Solution: From the Office 36S admin center, you assign User2 the Records Management role. From the Exchange 3dmm center, you assign User2 the Help Desk role.
Does that meet the goal?

• A. Yes
• B. NO

Answer: B

NEW QUESTION 2

Your company has three main offices and one branch office. The branch office is used for research. The company plans to implement a Microsoft 365 tenant and to deploy multi-factor authentication.
You need to recommend a Microsoft 365 solution to ensure that multi-factor authentication is enforced only for users in the branch office.
What should you include in the recommendation?

• A. Microsoft Azure Active Directory (Azure AD) conditional access.
• B. Microsoft Azure Active Directory (Azure AD) password protection.
• C. a device compliance policy
• D. a Microsoft Intune device configuration profile

Answer: A

NEW QUESTION 3

Your network contains an on-premises Active Directory domain that is synced to Microsoft Azure Active Directory (Azure AD) as shown in the following exhibit.

An on-premises Active Directory user account named Allan Yoo is synchronized to Azure AD. You view Allan’s account from Microsoft 365 and notice that his username is set to Allan@contoso.onmicrosoft.com.
For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 4

You need to meet the application requirement for App1.
Which three actions should you perform? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.

• A. From the Azure Active Directory admin center, configure the application URL settings.
• B. From the Azure Active Directory admin center, add an enterprise application.
• C. On an on-premises server, download and install the Microsoft AAD Application Proxy connector.
• D. On an on-premises server, install the Hybrid Configuration wizard.
• E. From the Microsoft 365 admin center, configure the Software download settings.

Answer: ABC

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy#how-application-proxy-

NEW QUESTION 5

Your network contains an on premises Active Directory domain named contoso.com. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
You plan to establish federation authentication between on premises Active Directory and the Azure AD tenant by using Active Directory Federation Services (AD FS).
You need to establish the federation.
What should you do? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 6

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com that contains a user named User1.
You suspect that an imposter is signing in to Azure AD by using the credentials of User1.
You need to ensure that an administrator named Admin1 can view all the sign in details of User 1 from the
past 24 hours.
To which three roles should you add Admin1? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point.

• A. Security administrator
• B. Password administrator
• C. User administrator
• D. Compliance administrator

Answer: ABC

NEW QUESTION 7

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest. You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
Users passwords must be 10 characters or more.
Solution: Implement pass-through authentication and configure password protection in the Azure AD tenant.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 8

Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Microsoft Azure Active Directory (Azure AD). Azure AD Connect is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 9

Your network contain*, an on-premises Active Directory forest.
You are evaluating the implementation of Microsoft 365 and the deployment of authentication strategy. You need to recommend an authentication strategy that meets the following requirements:
• Allows users to sign in by using smart card-based certificates
• Allows users to connect to on premises and Microsoft 365 services by using SSO Which authentication strategy should you recommend?

• A. password hash synchronization and seamless SSO
• B. federation with Active Directory Federation Services (AD FS)
• C. pass-through authentication and seamless SSO

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn

NEW QUESTION 10

Your Network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Anne Active Directory (Azure AD) tenant named .contoso.onmicrosoft.com.
You plan to implement pass- through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication. Which three actions should you perform? Each correct answer presents pan of the solution.
NOTE: Each correct selection is worth one point.

• A. Modify the email address attribute for each user account.
• B. From the Azure portal, add a custom domain name.
• C. From Active Directory Domains and Trusts, add a UPN suffix.
• D. Modify the User logon name for each user account.
• E. From the Azure portal, configure an authentication method.
• F. From a domain controller, install an authentication Agent.

Answer: BCD

NEW QUESTION 11

Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant.
The network uses a firewall that contains a list of allowed outbound domains. You began to implement directory synchronization.
You discover that the firewall configuration contains only the following domain names in the list of allowed domains:
• *.microsof.com
• *.office.com
Directory synchronization fails.
You need to ensure that directory synchronization completes successfully.
What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

• A. From the firewall, allow the IP address range of the Azure data center for outbound communication.
• B. From Azure AD Connect, modify the Customize synchronization options task
• C. Deploy an Azure AD Connect sync server in staging mode.
• D. From the firewall, create a list of allowed inbound domains.
• E. From the firewall, modify the list of allowed outbound domains.

Answer: E

NEW QUESTION 12

Your network contains an Active Directory forest named adatum.local. The forest contains 500 users and uses adatum.com as a UPN suffix.
You deploy a Microsoft 365 tenant.
You implement directory synchronization and sync only 50 support users.
You discover that five of the synchronized users have usernames that use a UPN suffix of onmicrosoft.com. You need to ensure that all synchronized identities retain the UPN set in their on-premises user account. What should you do?

• A. From the Microsoft 365 admin center, add adatum.com as a custom domain name.
• B. From Windows PowerShell, run the Set-ADDomain –AllowedDNSSuffixes adatum.com command.
• C. From Active Directory Users and Computers, modify the UPN suffix of the five user accounts.
• D. From the Microsoft 365 admin center, add adatum.local as a custom domain name.

Answer: C

NEW QUESTION 13

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result these questions will not appear in the review screen.
Your company has a main office and three branch offices. All the branch offices connect to the main office by using a WAN link. The main office has a high-speed Internet connection. All the branch offices connect to the Internet by using the main office connection.
Users use Microsoft Outlook 2021 to connect to 4 Microsoft Exchange Server mailbox hosted in the main office.
The users report that when the WAN link in their office becomes unavailable, they cannot access their mailbox.
You create a Microsoft 365 subscription, and then migrate all the user data to Microsoft 365.
You need to ensure that all the users can continue to use Outlook to receive email messages if a WAN link fails.
Solution: For each branch office, you add a direct connection to the Internet. Does this meet the goal?

• A. Yes
• B. NO

Answer: A

NEW QUESTION 14

You have a Microsoft 365 Enterprise E5 subscription.
You need to enforce multi-factor authentication on all cloud-based applications for the users in the finance department.
What should you do?

• A. Create on activity policy.
• B. Create a Sign- in risk policy.
• C. Create a session policy.
• D. Create an app permission policy.

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-sign-in-risk-policy

NEW QUESTION 15

You need to meet the security requirements for User3. The solution must meet the technical requirements. What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:
References:
https://docs.microsoft.com/en-us/office365/SecurityCompliance/eop/feature-permissions-in-eop

NEW QUESTION 16

Your organization has an on-premises Microsoft Exchange Server 2021 organization. The organization is in the company’s main office in Melbourne. The main office has a low-bandwidth connection to the Internet.
The organization contains 250 mailboxes.
You purchase a Microsoft 365 subscription and plan to migrate to Exchange Online next month. In 12 months, you plan to increase the bandwidth available for the Internet connection.
You need to recommend the best migration strategy for the organization. The solution must minimize administrative effort.
What is the best recommendation to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.

• A. network upload
• B. cutover migration
• C. hybrid migration
• D. staged migration

Answer: C

NEW QUESTION 17

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest. You deploy Microsoft 365.
You plan to implement directory synchronization.
You need to recommend a security solution for the synchronized identities. The solution must meet the following requirements:
Users must be able to authenticate successfully to Microsoft 365 services if Active Directory becomes unavailable.
Users passwords must be 10 characters or more.
Solution: Implement password hash synchronization and configure password protection in the Azure AD tenant.
Does this meet the goal?

• A. Yes
• B. No

Answer: B

NEW QUESTION 18

Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com that includes the users shown in the following table.

Group2 is a member of Group1.
You assign a Microsoft Office 365 Enterprise E3 license to Group1. You need to identity how many Office 365 E3 licenses are assigned. What should you identify?

• A. 1
• B. 2
• C. 3
• D. 4

Answer: C

NEW QUESTION 19

Your company has a Microsoft 365 subscription.
You upload several archive PST files to Microsoft 365 by using the Security & Compliance admin center. A month later, you attempt to run an import job for the PST files.
You discover that the PST files were deleted from Microsoft 365.
What is the most likely cause of the files being deleted? More than one answer choice may achieve the goal. Select the BEST answer.

• A. The PST files were corrupted and deleted by Microsoft 365 security features.
• B. PST files are deleted automatically from Microsoft 365 after 30 days.
• C. The size of the PST files exceeded a storage quota and caused the files to be deleted.
• D. Another administrator deleted the PST files.

Answer: B

Explanation:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/faqimporting-pst-files-to-office-365

NEW QUESTION 20

Your network contains two Active Directory forests. Each forest contains two domains. All client computers run Windows 10 and are domain-joined.
You plan to configure Hybrid Azure AD join for the computers. You create Microsoft Azure Active Directory (Azure AD) tenant.
You need to ensure that the computers can discover the Azure AD tenant. What should you create?

• A. a new computer account for each computer
• B. a new service connection point (SCP) for each domain
• C. a new trust relationship for each forest
• D. a new service connection point (SCP) for each forest

Answer: D

Explanation:
References:
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual

NEW QUESTION 21

Your network contains an Active Directory domain named contoso.com. You have a Microsoft 365 subscription.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com. You implement directory synchronization.
The developers at your company plan to build an app named App1. App1 will connect to the Microsoft Graph API to provide access to several Microsoft Office 365 services.
You need to provide the URI for the authorization endpoint that App1 must use. What should you provide?

• A. https://login.microsoftonline.com/
• B. https://contoso.com/contoso.onmicrosoft.com/app1
• C. https://login.microsoftonline.com/contoso.onmicrosoft.com/
• D. https://myapps.microsoft.com

Answer: C

NEW QUESTION 22

You need to meet the technical requirements for the user licenses.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area.
NOTE: Each correct selection is worth one point.

• A. Mastered
• B. Not Mastered

Answer: A

Explanation:

NEW QUESTION 23
......