• Home
  • Articles
  • Free MS-100 Braindumps Download Updated on Nov 08, 2021 with 304 Questions [Q167-Q188]

Free MS-100 Braindumps Download Updated on Nov 08, 2021 with 304 Questions [Q167-Q188]

Share

Free MS-100 Braindumps Download Updated on Nov 08, 2021 with 304 Questions

Microsoft MS-100 Exam Practice Test Questions


Microsoft MS-100: Exam Details

The Microsoft MS-100 exam will measure the skills of the applicants in designing and implementing Microsoft 365 services; planning the Office 365 applications and workloads; managing authentication & access; managing the identity of users as well as their roles. After passing this test, the students have to pass Microsoft MS-101 to complete the requirements for obtaining the expert-level certification. The MS-100 exam can be taken in English and Japanese, and the fee for registering for this test is $165. To schedule the date and time for the exam, the individuals have to visit the official website. As for the structure of this test, the exam questions may come in different formats, including case studies, multiple choice, single answer, short answer, active screen, and build list. It may contain around 40-60 questions that should be answered within 120 minutes.

 

NEW QUESTION 167
Your Network contains an on-premises Active Directory domain named contoso.local. The domain contains five domain controllers.
Your company purchases Microsoft 365 and creates a Microsoft Anne Active Directory (Azure AD) tenant named .contoso.onmicrosoft.com.
You plan to implement pass- through authentication.
You need to prepare the environment for the planned implementation of pass-through authentication.
Which three actions should you perform? Each correct answer presents pan of the solution.
NOTE: Each correct selection is worth one point.

  • A. Modify the email address attribute for each user account.
  • B. From Active Directory Domains and Trusts, add a UPN suffix.
  • C. Modify the User logon name for each user account.
  • D. From the Azure portal, configure an authentication method.
  • E. From the Azure portal, add a custom domain name.
  • F. From a domain controller, install an authentication Agent.

Answer: B,C,E

 

NEW QUESTION 168
Your network contains an on-premises Active Directory domain named Contoso.com.
Your company purchase a Microsoft 365 subscription and establishes a hybrid deployment of Azure Active Directory (Azure AD) by using password hash synchronization.
You need to identify where an administrator can reset the password of each new user.
What should you identify? To answer, select the appropriate option in the area.
NOTE: Each correct selection is worth point.

Answer:

Explanation:

 

NEW QUESTION 169
Your on-permission network contains the web application shown in the following table.

You purchase Microsoft 365, and the implement directory synchronization.
You plan to publish the web applications.
You need to ensure that all the applications are accessible by using the My Apps portal. The solution must minimize administrative effort.
What should you do first?

  • A. Deploy one conditional access policy.
  • B. Create four application registrations.
  • C. Deploy one connector.
  • D. Create a site-to-site VPN from Microsoft Azure to the on-premises network.

Answer: C

 

NEW QUESTION 170
Your company has a hybrid deployment of Microsoft 365.
An on-premises user named User1 is synced to Microsoft Azure Active Directory (Azure AD).
Azure AD Connect is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom

 

NEW QUESTION 171
You have a Microsoft 365 subscription.
You need to provide an administrator named Admin1 with the ability to place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-cent

 

NEW QUESTION 172
Your company has a Microsoft 365 subscription that contains the users shown in the following table.

You need to identify which users can perform the following administrative tasks:
Modify the password protection policy.
Create guest user accounts.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation:
Only a Global Admin can modify the password protection policy.
A Global Admin or a user with the Guest Inviter role can create guest accounts.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations

 

NEW QUESTION 173
You have a Microsoft 365 subscription.
You have the devices shown in the following table.

You need to onboard the devices to Windows Defender Advanced Threat Protection (ATP). The solution must avoid installing software on the devices whenever possible.
Which onboarding method should you use for each operating system? To answer, drag the appropriate methods to the correct operating systems. Each method may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

References:
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/onboard-downlevel-
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-endpoints-
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/configure-server-end Box 1:
To onboard down-level Windows client endpoints to Microsoft Defender ATP, you'll need to:
Configure and update System Center Endpoint Protection clients.
Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP Box 2:
For Windows 10 clients, the following deployment tools and methods are supported:
Group Policy
System Center Configuration Manager
Mobile Device Management (including Microsoft Intune)
Local script
Box 3:
Windows Server 2016 can be onboarded by using Azure Security Centre. When you add servers in the Security Centre, the Microsoft Monitoring Agent is installed on the servers.

 

NEW QUESTION 174
You have a Microsoft 365 Enterprise E5 subscription.
You add a cloud-based app named App1 to the Microsoft Azure Active Directory (Azure AD) enterprise applications list.
You need to ensure that two-step verification is enforced for all user accounts the next time they connect to App1.
Which three settings should you configure from the policy? To answer, select the appropriate settings in the answer area.

Answer:

Explanation:

Explanation

In the Cloud Apps section, you need to select the name of the app (App1) that the policy will apply to.
In the Grant section under Access Controls, there is a checkbox named "Require Multi-factor Authentication".
That checkbox needs to be ticked.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/best-practices
https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Conditional-Access-now-in-the-new-Azur

 

NEW QUESTION 175
Your on-permission network contains the web application shown in the following table.

You purchase Microsoft 365, and the implement directory synchronization.
You plan to publish the web applications.
You need to ensure that all the applications are accessible by using the My Apps portal. The solution must minimize administrative effort.
What should you do first?

  • A. Deploy one conditional access policy.
  • B. Create four application registrations.
  • C. Deploy one Application Proxy connector.
  • D. Create a site-to-site VPN from Microsoft Azure to the on-premises network.

Answer: C

Explanation:
Explanation
The Application Proxy connector is what connects the on-premises environment to the Azure Application Proxy.
Application Proxy is a feature of Azure AD that enables users to access on-premises web applications from a remote client. Application Proxy includes both the Application Proxy service which runs in the cloud, and the Application Proxy connector which runs on an on-premises server. Azure AD, the Application Proxy service, and the Application Proxy connector work together to securely pass the user sign-on token from Azure AD to the web application.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-connectors

 

NEW QUESTION 176
Your company has a Microsoft 365 subscription that contains the users shown in the following table.

You need to identify which users can perform the following administrative tasks:
* Modify the password protection policy.
* Create guest user accounts.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Only a Global Admin can modify the password protection policy.
A Global Admin or a user with the Guest Inviter role can create guest accounts.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-op

 

NEW QUESTION 177
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username: [email protected]
Microsoft 365 Password: m3t^We$Z7&xy
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance: 11440873

You need to prevent all the users in your organization from sending an out of office reply to external users.
To answer, sign in to the Microsoft 365 portal.

Answer:

Explanation:
See explanation below.
Explanation
You need to modify the default remote domain. When you add a remote domain, you specify the domain name and the settings apply to that domain. The default remote domain applies to all other domains. Therefore, we need to disable Out of Office replies for external users in the settings of the default remote domain.
1. Go to the Exchange Admin Center.
2. Click Mail Flow in the left navigation pane.
3. Click on Remote Domains.
4. Select the default remote domain and click the Edit icon (pencil icon).
5. In the 'Out of Office automatic reply types' section, select 'None'.
6. Click Save to save to changes to the default remote domain.

 

NEW QUESTION 178
You have retention policies in Microsoft 365 as shown in the following table.

Policy1 is configured as shown in the Policy1 exhibit. (Click the Policy1 tab.) Policy1

Policy1 is configured as shown in the Policy2 exhibit. (Click the
Policy2

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

* Retention wins over deletion. Suppose that one retention policy says to delete Exchange email after three years, but another retention policy says to retain Exchange email for five years and then delete it.
Any content that reaches three years old will be deleted and hidden from the users' view, but still retained in the Recoverable Items folder until the content reaches five years old, when it is permanently deleted.
* The longest retention period wins. If content is subject to multiple policies that retain content, it will be retained until the end of the longest retention period.
Box 1: No.
The file will be deleted and hidden from the users' view, but still retained in the Recoverable Items folder. An administrator would need to recover the file.
Box 2: Yes.
The file will be deleted and hidden from the users' view, but still retained in the Recoverable Items folder. An administrator will be able to recover the file.
Box 3: Yes.
2018 to 2023 is five years. Policy2 has a retention period of four years. However, Policy2 is configured to not delete the files after the four-year retention period.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies#the-principles-of-retention-or-

 

NEW QUESTION 179
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
In the tenant, you create a user named User1.
You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege.
To which role group should you add User1?

  • A. Compliance Administrator
  • B. Security Administrator
  • C. Records Management
  • D. eDiscovery Manager

Answer: C

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/file-plan-manager

 

NEW QUESTION 180
You have three devices enrolled in Microsoft Intune as shown in the following table.

The device compliance policies in Intune are configured as shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

Answer:

Explanation:

Explanation

Device 1:
No because Device1 is in group3 which has Policy1 assigned which requires BitLocker.
Device 2:
No because Device2 is in group3 which has Policy1 assigned which requires BitLocker. Device2 is also in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Device3:
Yes because Device3 is in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Reference:
https://blogs.technet.microsoft.com/cbernier/2017/07/11/windows-10-intune-windows-bitlocker-management-ye

 

NEW QUESTION 181
Your network contains an on-premises Active Directory domain named Contoso.com.
Your company purchase a Microsoft 365 subscription and establishes a hybrid deployment of Azure Active Directory (Azure AD) by using password hash synchronization.
You need to identify where an administrator can reset the password of each new user.
What should you identify? To answer, select the appropriate option in the area.
NOTE: Each correct selection is worth point.

Answer:

Explanation:

 

NEW QUESTION 182
Your network contains two Active Directory forests. Each forest contains two domains. All client computers run Windows 10 and are domain-joined.
You plan to configure Hybrid Azure AD join for the computers.
You create Microsoft Azure Active Directory (Azure AD) tenant.
You need to ensure that the computers can discover the Azure AD tenant.
What should you create?

  • A. a new service connection point (SCP) for each forest
  • B. a new trust relationship for each forest
  • C. a new computer account for each computer
  • D. a new service connection point (SCP) for each domain

Answer: A

Explanation:
Your devices use a service connection point (SCP) object during the registration to discover Azure AD tenant information. In your on-premises Active Directory instance, the SCP object for the hybrid Azure AD joined devices must exist in the configuration naming context partition of the computer's forest. There is only one configuration naming context per forest. In a multi-forest Active Directory configuration, the service connection point must exist in all forests that contain domain-joined computers.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-manual

 

NEW QUESTION 183
You need to meet the security requirement for the vendors.
What should you do?

  • A. From the Azure portal, add an identity provider.
  • B. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserPrincipalName parameter.
  • C. From the Azure portal, create guest accounts.
  • D. From Azure Cloud Shell, run the New-AzureADUser cmdlet and specify the -UserType parameter.

Answer: C

Explanation:
You can invite guest users to the directory, to a group, or to an application. After you invite a user through any of these methods, the invited user's account is added to Azure Active Directory (Azure AD), with a user type of Guest. The guest user must then redeem their invitation to access resources. An invitation of a user does not expire.
The invitation will include a link to create a Microsoft account. The user can then authenticate using their Microsoft account. In this question, the vendors already have Microsoft accounts so they can authenticate using them.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/add-users-administrator

 

NEW QUESTION 184
You have a Microsoft 365 Enterprise subscription.
You have a conditional access policy to force multi-factor authentication when accessing Microsoft SharePoint from a mobile device.
You need to view which users authenticated by using multi-factor authentication.
What should you do?

  • A. From the Azure Active Directory admin center, view the user sign-ins.
  • B. From the Microsoft 365 admin center, view the Usage reports.
  • C. From the Microsoft 365 admin center, view the Security & Compliance reports.
  • D. From the Azure Active Directory admin center, view the audit logs.

Answer: A

Explanation:
Section: [none]
Explanation:
With the sign-ins activity report in the Azure portal, you can get the information you need to determine how your environment is doing.
The sign-ins report can provide you with information about the usage of managed applications and user sign-in activities, which includes information about multi-factor authentication (MFA) usage. The MFA data gives you insights into how MFA is working in your organization. It enables you to answer questions like:
* Was the sign-in challenged with MFA?
* How did the user complete MFA?
* Why was the user unable to complete MFA?
* How many users are challenged for MFA?
* How many users are unable to complete the MFA challenge?
* What are the common MFA issues end users are running into?
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-reporting

 

NEW QUESTION 185
Your company has a Microsoft 365 subscription.
You plan to move several archived PST files to Microsoft Exchange Online mailboxes.
You need to create an import job for the PST files.
Which three actions should you perform before you create the import job? Each correct answer presents part of the solution.
NOTE: Each correct selection is worth one point.

  • A. From Exchange admin center, run a new migration batch.
  • B. Create a PST import mapping file.
  • C. Run azcopy.exeto copy the PST files to Microsoft Azure Storage
  • D. From Security & Compliance, retrieve the SAS key.
  • E. Create a Microsoft Azure Storage account.

Answer: B,C,D

Explanation:
The first step is to download and install the Azure AzCopy tool, which is the tool that you run in Step 2 to upload PST files to Office 365. You also copy the SAS URL for your organization. This URL is a combination of the network URL for the Azure Storage location in the Microsoft cloud for your organization and a Shared Access Signature (SAS) key. This key provides you with the necessary permissions to upload PST files to your Azure Storage location.
Now you're ready to use the AzCopy.exe tool to upload PST files to Office 365. This tool uploads and stores them in an Azure Storage location in the Microsoft cloud.
After the PST files have been uploaded to the Azure Storage location for your Office 365 organization, the next step is to create a comma-separated value (CSV) file that specifies which user mailboxes the PST files will be imported to. You'll submit this CSV file when you create a PST Import job.
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/use-network-upload-to-import-pst-files

 

NEW QUESTION 186
You implement Microsoft Azure Advanced Threat Protection (Azure ATP).
You have an Azure ATP sensor configured as shown in the following exhibit.
Updates

How long after the Azure ATP cloud service is updated will the sensor update?

  • A. 48 hours
  • B. 1 hour
  • C. 12 hours
  • D. 7 days
  • E. 24 hours

Answer: E

Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-whats-new

 

NEW QUESTION 187
Your network contains two Active Directory forests. Each forest contains two domains. All client computers run Windows 10 and are domain-joined.
You plan to configure Hybrid Azure AD join for the computers.
You create Microsoft Azure Active Directory (Azure AD) tenant.
You need to ensure that the computers can discover the Azure AD tenant.
What should you create?

  • A. a new service connection point (SCP) for each forest
  • B. a new trust relationship for each forest
  • C. a new computer account for each computer
  • D. a new service connection point (SCP) for each domain

Answer: A

 

NEW QUESTION 188
......

Updated Verified MS-100 dumps Q&As - Pass Guarantee or Full Refund: https://www.actualcollection.com/MS-100-exam-questions.html

Related Articles

more
Microsoft MS-100 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy