Exams > Microsoft > MS-100: Microsoft 365 Identity and Services
MS-100: Microsoft 365 Identity and Services
Page 16 out of 40 pages Questions 151-160 out of 397 questions
Question#151

HOTSPOT
-

Your network contains an on-premises Active Directory domain. The domain contains the users shown in the following table.



You have a Microsoft 365 subscription that is linked to an Azure AD tenant named contoso.com.

You configure Azure AD Connect to sync the on-premises domain to contoso.com as shown in the following exhibit.



You create a synchronization rule for the users. The scoping filters for the rule are configured as shown in the following exhibit.

Add scoping filters, or click next to skip this step.



For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#152

HOTSPOT
-

You have a Microsoft 365 E5 subscription and an Azure AD tenant named contoso.com.

All users have computers that run Windows 11, are joined to contoso.com, and are protected by using BitLocker Drive Encryption (BitLocker).

You plan to create a user named Admin1 that will perform following tasks:

• View BitLocker recovery keys.
• Configure the usage location for the users in contoso.com.

You need to assign roles to Admin1 to meet the requirements. The solution must use the principle of least privilege.

Which two roles should you assign? To answer, select the appropriate roles in the answer area.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#153

HOTSPOT
-

You have an Azure AD tenant named contoso.com that contains an enterprise app named App1 and two users named User1 and User2.

You need to ensure that each user can perform the following action:

• User1: Create entitlement management access packages to provide external users with access to App1.
• User2: Create an access review for Appl.

The solution must use the principle of least privilege.

Which role should you assign to each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#154

HOTSPOT
-

You have a Microsoft 365 E5 subscription.

You have an Azure AD tenant named contoso.com that contains the following users:

• Admin1
• Admin2
• User1

Contoso.com contains an administrative unit named AU1 that has no role assignments. User1 is a member of AU1.

You create an administrative unit named AU2 that does NOT have any members or role assignments.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Discover Answer Hide Answer

Answer:

Question#155

Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a Microsoft Exchange Server 2019 organization.

You plan to sync the domain to Azure Active Directory (Azure AD) and to enable device writeback and group writeback.

You need to identify which group types will sync from Azure AD.

Which two group types should you identify? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

  • A. a Microsoft 365 group that uses the Assigned membership type
  • B. a security group that uses the Dynamic Device membership type
  • C. a Microsoft 365 group that uses the Dynamic User membership type
  • D. a security group that uses the Assigned membership type
  • E. a security group that uses the Dynamic User membership type
Discover Answer Hide Answer

Answer: AC

Question#156

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

  • A. Security reader
  • B. Service administrator
  • C. Compliance administrator
  • D. Global administrator
Discover Answer Hide Answer

Answer: A

Question#157

Your network contains an Active Directory domain named adatum.com that is synced to Azure AD.

The domain contains 100 user accounts.

The city attribute for all the users is set to the city where the user resides.

You need to modify the value of the city attribute to the three-letter airport code of each city.

What should you do?

  • A. From Azure Cloud Shell, run the Get-AzureADUser and Set-AzureADUser cmdlets.
  • B. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
  • C. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.
  • D. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.
Discover Answer Hide Answer

Answer: B

Question#158

Your company has a Microsoft 365 subscription.

You need to identify all the users in the subscription who are licensed for Office 365 through a group membership. The solution must include the name of the group used to assign the license.

What should you use?

  • A. Reports in Microsoft Purview compliance portal
  • B. the Licenses blade in the Azure portal
  • C. Reports in the Microsoft 365 admin center
  • D. Active users in the Microsoft 365 admin center
Discover Answer Hide Answer

Answer: C

Question#159

Your company has an Azure Active Directory (Azure AD) tenant named contoso.com and a Microsoft 365 subscription.
All users use Windows 10 devices to access Microsoft Office 365 apps.
All the devices are in a workgroup.
You plan to implement passwordless sign-in to contoso.com.
You need to recommend changes to the infrastructure for the planned implementation.
What should you include in the recommendation?

  • A. Join all the devices to contoso.com.
  • B. Deploy Azure AD Application Proxy.
  • C. Deploy X.509.3 certificates to all the users.
  • D. Deploy the Microsoft Authenticator app.
Discover Answer Hide Answer

Answer: D
Reference:
https://www.microsoft.com/security/blog/2021/09/15/the-passwordless-future-is-here-for-your-microsoft-account/

Question#160

You have a Microsoft 365 subscription and a hybrid Microsoft Exchange Online deployment.
You plan to deploy iOS devices that will use Outlook for iOS and Hybrid Modern Authentication (HMA).
You need to ensure that HMA is configured correctly.
What should you use?

  • A. Apple Configurator
  • B. Microsoft Remote Connectivity Analyzer
  • C. Microsoft Diagnostics and Recovery Toolset (DaRT)
  • D. Microsoft Support and Recovery Assistant
Discover Answer Hide Answer

Answer: B
Reference:
https://testconnectivity.microsoft.com/tests/o365

chevron rightPrevious Nextchevron right