Exams > Microsoft > MS-100: Microsoft 365 Identity and Services
MS-100: Microsoft 365 Identity and Services
Page 15 out of 40 pages Questions 141-150 out of 397 questions
Question#141

HOTSPOT -
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Azure Directory (Azure AD) tenant named contoso.onmicrosoft,com.
You plan to establish federation authentication between on-premises Active Directory and the Azure AD tenant by using Active Directory Federation Services (AD
FS).
You need to establish the federation.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
The on-premises Active Directory domain is named contoso.com. Before you can configure federation authentication between on-premises Active Directory and the Azure AD tenant, you need to add the domain contoso.com to Microsoft 365. You do this by adding a custom domain name.
The next step is to establish the federation. You can configure AD FS by using Azure AD Connect.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom#configuring-federation-with-ad-fs

Question#142

HOTSPOT -
You have a hybrid deployment of Azure Active Directory (Azure AD) that contains the users shown in the following table.

You need to identify which users can perform the following tasks:
✑ View sync errors in Azure AD Connect Health.
✑ Configure Azure AD Connect Health settings.
Which user should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-diagnose-sync-errors https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-operations https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

Question#143

HOTSPOT -
Your network contains an on-premises Active Directory domain and a Microsoft 365 subscription.
The domain contains the users shown in the following table.

The domain contains the groups shown in the following table.

You are deploying Azure AD Connect.
You configure Domain and OU filtering as shown in the following exhibit.

You configure Filter users and devices as shown in the following exhibit.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Discover Answer Hide Answer

Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering

Question#144

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains a group named Group1. The subscription is linked to an Azure Active Directory (Azure AD) tenant named contoso.com.

The Identity Governance settings for contoso.com are configured as shown in the following table.



On March 1, 2022, you invite the guest users shown in the following table to contoso.com.



On March 2, 2022, you add Guest1 to Group1.

On March 5, 2022, you create an access package named Package1 that has the following settings:

• Resource roles
o Name: Group1
o Type: Group and Team
o Role: Member
• Lifecycle
o Access package assignments expire: On date
o Assignment expiration date: March 20, 2022

On March 5, 2022, you assign Package1 to the guest users shown in the following table.



On March 6, 2022, you assign the Reports reader role to Guest3.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#145

HOTSPOT
-

You have a Microsoft 365 E5 subscription that contains the following group:

• Name: Group1
• Members: User1, User2
• Owner: User3

You create an access review that has the following settings:

• Review name: Review1
• Group: Group1
• Scope: All users
• Select reviewers: Users review their own access
• Duration (in days): 14
• Review recurrence: Monthly
• Start date: 5/1/2022
• End: End after number of occurrences
• Occurrences: 6
• Auto apply results to resource: Enable

Initial user responses to Review1 are shown in the following table.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

Discover Answer Hide Answer

Answer:

Question#146

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.



You enable Microsoft 365 usage analytics for Microsoft Power BI.

Which users can use Power BI to connect to Microsoft 365 usage analytics and review usage analytics reports?

  • A. Admin3 only
  • B. Admin1 and Admin2 only
  • C. Admin3 and Admin4 only
  • D. Admin1, Admin2, and Admin3 only
  • E. Admin1, Admin2, Admin3, and Admin4
Discover Answer Hide Answer

Answer: B

Question#147

Your network contains an Active Directory domain.

You have an Azure Active Directory (Azure AD) tenant that has Security defaults enabled.

Azure AD Connect is configured for directory synchronization. Password hash synchronization and pass-through authentication are disabled.

You need to enable Azure AD Identity Protection to detect leaked credentials.

What should you do first?

  • A. From the Azure Active Directory admin center, disable Security defaults.
  • B. From Azure AD Connect, enable pass-through authentication.
  • C. From the Azure Active Directory admin center, configure verifiable credentials.
  • D. From Azure AD Connect, enable password hash synchronization.
Discover Answer Hide Answer

Answer: D

Question#148

HOTSPOT
-

You have a Microsoft 365 subscription that contains a Microsoft 365 group named Group1. Group1 is configured as shown in the following exhibit.



An external user named User1 has an email address of [email protected]

You need to add User1 to Group1.

What should you do first and which portal should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.


Discover Answer Hide Answer

Answer:

Question#149

You have a Microsoft 365 subscription that contains a user named User1.

User1 requires admin access to perform the following tasks:

• Manage Microsoft Exchange Online settings.
• Create Microsoft 365 groups.

You need to ensure that User1 only has admin access for eight hours and requires approval before the role assignment takes place.

What should you use?

  • A. Microsoft Entra Verified ID
  • B. Azure Active Directory (Azure AD) Identity Protection
  • C. Conditional Access
  • D. Azure Active Directory (Azure AD) Privileged Identity Management (PIM)
Discover Answer Hide Answer

Answer: D

Question#150

HOTSPOT
-

You have an Azure AD tenant that contains the groups shown in the following exhibit.



Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

chevron rightPrevious Nextchevron right