Get Ready to Boost your Prepare for your MS-100 Exam with 395 Questions
Use Free MS-100 Exam Questions that Stimulates Actual EXAM
Format of the Microsoft Certification exam:
The Microsoft Certification exams are delivered online through a web browser. Depending on the type of exam, you may be made to download a file or a specific application program to take your exams at a computer. You will be able to see the test screen and all instructions and questions during your testing time, while access to other programs will be disabled.
In addition, you can visit any website during your testing time, but viewing these sites will not be counted against your tested time frame. MS-100 Dumps questions and answers. Paths to the testing engine are provided at the start of your testing time. Modules that you will be tested on, and computer hardware and software requirements will be provided to you before starting your testing time.
##Microsoft MS-100 Professional Salary: Starting MS-100 Professional salary ranges from $70,000 to $150,000 depending upon the experience and skills required.
NEW QUESTION 96
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD) by using the Azure AD Connect Express Settings. Password writeback is disabled.
You create a user named User1 and enter Pass in the Password field as shown in the following exhibit.
The Azure AD password policy is configured as shown in the following exhibit.
Answer:
Explanation:
Explanation:
Box 1: Yes
The question states that User1 is synced to Azure AD. This tells us that the short password (Pass) meets the on-premise Active Directory password policy and you were able to create the on-premise account for User1. The on-premise Active Directory password policy applies over the Azure AD password policy for synced user accounts.
Box 2: No
Self-Service Password Reset would need to be configured.
Box 3: Yes
The password for the Azure AD User1 account will expire after 90 days according to the Azure AD password policy. If the on-premise password policy has a shorter password expiration period, User1 would have the change his/her on-premise AD password. The new password would then sync to Azure AD.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express
NEW QUESTION 97
You are confirming an enterprise application named Test App in Microsoft Azur as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 98
Your network contains three Active Directory forests.
You create a Microsoft Azure Active Directory (Azure AD) tenant.
You plan to sync the on premises Active Directory (Azure AD).
You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails.
What should you include in the recommendation?
- A. One Azure AD Connect sync servers one Azure AD Connect sync servers in staging mode
- B. Three Azure AD Connect sync servers and one Azure AD Connect sync servers in staging mode
- C. Three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
- D. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
Answer: A
Explanation:
Azure AD Connect can be active on only one server. You can install Azure AD Connect on another server for redundancy but the additional installation would need to be in Staging mode. An Azure AD connect installation in Staging mode is configured and ready to go but it needs to be manually switched to Active to perform directory synchronization.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-custom
NEW QUESTION 99
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to assign User2 the required roles to meet the security requirements.
Solution: From the Office 365 admin center, you assign User2 the Security Administrator role. From the Exchange admin center, you add User2 to the View-Only Organization Management role.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION 100
You have a Microsoft 365 subscription that contains a guest user named User1. User1 is assigned the User administrator role.
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com is configured as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Default permissions for guests are restrictive by default. Guests can be added to administrator roles, which grant them full read and write permissions contained in the role. There is one additional restriction available, the ability for guests to invite other guests. Setting Guests can invite to No prevents guests from inviting other guests.
User1 is assigned the User Administrator role. Therefore, User1 can open the Azure portal, view users, create new users, and create new guest users.
In the exhibit, the 'Guest user permissions are limited' is set to no. This means that guest users have the same permissions as members. However, the 'Guests can invite' setting is set to No. Therefore, other guest users (all guest users except User1) can open the Azure portal and view users in the same way as member users can.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions
NEW QUESTION 101
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your company has a Microsoft Office 365 tenant.
You suspect that several Office 365 features were recently updated.
You need to view a list of the features that were recently updated in the tenant.
Solution: You use Monitoring and reports from the Compliance admin center.
Does this meet the goal?
- A. No
- B. Yes
Answer: A
NEW QUESTION 102
You are confirming an enterprise application named Test App in Microsoft Azur as shown in the following exhibit.
Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION 103
Your company has a Microsoft 365 subscription.
You upload several archive PST files to Microsoft 365 by using the Security & Compliance admin center.
A month later, you attempt to run an import job for the PST files.
You discover that the PST files were deleted from Microsoft 365.
What is the most likely cause of the files being deleted? More than one answer choice may achieve the goal. Select the BEST answer.
- A. The size of the PST files exceeded a storage quota and caused the files to be deleted.
- B. PST files are deleted automatically from Microsoft 365 after 30 days.
- C. Another administrator deleted the PST files.
- D. The PST files were corrupted and deleted by Microsoft 365 security features.
Answer: B
Explanation:
Explanation/Reference:
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/faqimporting-pst-files-to-office-365
NEW QUESTION 104
Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in the following table.
A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1, App2, and App3 all open files that have the .abc file extension.
You implement Windows Information Protection (WIP) by using the following configurations:
Exempt apps: App2
Protected apps: App1
Windows Information Protection mode: Block
Network boundary: IPv4 range of 192.168.1.1-192.168.1.255
You need to identify the apps from which you can open File1.abc
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure
NEW QUESTION 105
Your company has a Microsoft 365 E5 subscription.
Users in the research department work with sensitive data.
You need to prevent the research department users from accessing potentially unsafe websites by using hyperlinks embedded in email messages and documents. Users in other departments must not be restricted.
What should you do from the Security & Compliance admin center?
- A. Create a data loss prevention (DLP) policy that has a Content is shared condition.
- B. Create a new safe links policy.
- C. Modify the default safe links policy.
- D. Create a data loss prevention (DLP) policy that has a Content contains condition.
Answer: B
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-atp-safe-links-policies#policies-thatapply-
NEW QUESTION 106
Your company has 10,000 users who access all applications from an on-premises data center.
You plan to create a Microsoft 365 subscription and to migrate data to the cloud.
You plan to implement directory synchronization.
User account and group accounts must sync to Microsoft Azure Directory (Azure AD) successfully.
You discover that several user accounts fail to sync to Azure AD.
You need to identify which user accounts failed to sync. You must resolve the issue as quickly as possible.
What should you do?
- A. Run idfix.exe, and then click
- B. Run idfix.exe, and then click
- C. From Windows PowerShell, run the Start-AdSyncSyncCycle -PolicyType Delta command.
- D. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts.
Answer: B
Explanation:
Explanation
IdFix is used to perform discovery and remediation of identity objects and their attributes in an on-premises Active Directory environment in preparation for migration to Azure Active Directory. IdFix is intended for the Active Directory administrators responsible for directory synchronization with Azure Active Directory.
Reference:
https://docs.microsoft.com/en-us/office365/enterprise/prepare-directory-attributes-for-synch-with-idfix
https://www.microsoft.com/en-gb/download/details.aspx?id=36832
NEW QUESTION 107
You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.onmicrosoft.com.
An external user has a Microsoft account that uses an email address of [email protected].
An administrator named Admin1 attempts to create a user account for the external user and receives the error message shown in the following exhibit.
You need to ensure that Admin1 can add the user.
What should you do from the Azure Active Directory admin center?
- A. Modify the External collaboration settings.
- B. Add a custom domain name named outlook.com.
- C. Modify the Authentication methods.
- D. Assign Admin1 the Security administrator role.
Answer: A
Explanation:
In the External Collaboration settings, you can set the following invitation policies:
* Turn off invitations
* Only admins and users in the Guest Inviter role can invite
* Admins, the Guest Inviter role, and members can invite
* All users, including guests, can invite
In this question, an Admin user is unable to invite the guest user. This suggests that invitations are turned off altogether.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations
NEW QUESTION 108
You have a Microsoft Azure Active Directory (Azure AD) tenant.
Your company implements Windows Information Protection (WIP).
You need to modify which users and applications are affected by WIP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device.
The MAM User scope determines which users are affected by WIP. App protection policies are used to configure which applications are affected by WIP.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/crea
NEW QUESTION 109
You have a Microsoft 365 tenant.
You have a line-of-business application named App1 that users access by using the My Apps portal.
After some recent security breaches, you implement a conditional access policy for App1 that uses Conditional Access App Control.
You need to be alerted by email if impossible travel is detected for a user of App1. The solution must ensure that alerts are generated for App1 only.
What should you do?
- A. From Microsoft Cloud App Security, create a Cloud Discovery anomaly detection policy.
- B. From Microsoft Cloud App Security, modify the impossible travel alert policy.
- C. From Microsoft Cloud App Security, create an app discovery policy.
- D. From the Azure Active Directory admin center, modify the conditional access policy.
Answer: A
Explanation:
References:
https://docs.microsoft.com/en-us/cloud-app-security/cloud-discovery-anomaly-detection-policy
NEW QUESTION 110
You have three devices enrolled in Microsoft Intune as shown in the following table.
The device compliance policies in Intune are configured as shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Device 1:
No because Device1 is in group3 which has Policy1 assigned which requires BitLocker.
Device 2:
No because Device2 is in group3 which has Policy1 assigned which requires BitLocker. Device2 is also in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Device3:
Yes because Device3 is in Group2 which has Policy2 assigned but the BitLocker requirement is not configured in Policy2.
Reference:
https://blogs.technet.microsoft.com/cbernier/2017/07/11/windows-10-intune-windows-bitlocker-management-ye
NEW QUESTION 111
You have several Microsoft SharePoint document libraries in your on-premises environment.
You have a Microsoft 365 tenant that has directory synchronization implemented.
You plan to move all the document libraries to SharePoint Online.
You need to recommend a migration strategy for the document libraries.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.
Answer:
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/sharepointmigration/how-to-use-the-sharepoint-migration-tool
NEW QUESTION 112
You need to meet the security requirement for Group1.
What should you do?
- A. Configure all users to sign in by using multi-factor authentication.
- B. Assign Group1 a management role.
- C. Modify the Password reset properties of the Azure AD tenant.
- D. Modify the properties of Group1.
Answer: C
Explanation:
Explanation
References:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks
NEW QUESTION 113
You have an on-premises call center and a Microsoft 365 E5 tenant.
You plan to implement Microsoft Phone System Direct Routing and Microsoft Teams.
What should you include m the solution?
- A. Azure AD Connect
- B. Skype for Business Cloud Connector Edition
- C. a Session Border Controller (SBC)
- D. a local number port order request
Answer: C
NEW QUESTION 114
You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
Your company uses Windows Defender Advanced Threat Protection (ATP). Windows Defender ATP contains the roles shown in the following table.
Windows Defender ATP contains the device groups shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation:
Box 1:
Yes. User1 is in Group1 which is assigned to Role1. Device1 is in the device group named ATP1 which Group1 has access to. Role1 gives Group1 (and User1) View Data Permission. This is enough to view Device1 in Windows Security Center.
Box 2:
Yes. User2 is in Group2 which is assigned to Role2. Role2 gives Group2 (and User2) View Data Permission. This is enough to sign in to Windows Security Center.
Box 3:
Yes. User3 is in Group3 which is assigned the Windows ATP Administrator role. Someone with a Microsoft Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments.
Reference:
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles
https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/rbac
NEW QUESTION 115
You are developing a Microsoft Teams app that will use an Azure function to send scheduled messages from a bot to users. What is required for the Teams app to send a proactive message to the users?
- A. The bot must be granted admin access to the users.
- B. The Teams app must be added for each user.
- C. The bot must be approved in Azure Active Directory (Azure AD).
- D. The users must send at least one message to the bot.
Answer: D
NEW QUESTION 116
You have a Microsoft 365 subscription that contains several Microsoft SharePoint Online sites.
You discover that users from your company can invite external users to access files on the SharePoint sites.
You need to ensure that the company users can invite only authenticated guest users to the sites.
What should you do?
- A. From the SharePoint admin center, configure the sharing settings.
- B. From the Microsoft 365 admin center, configure a partner relationship.
- C. From the Azure Active Directory admin center, configure a conditional access policy.
- D. From SharePoint Online Management Shell, run the Set-SPOSitecmdlet.
Answer: A
Explanation:
You need to set the Sharing settings to 'Existing Guests'. This setting allows sharing only with guests who are already in your directory. These guests may exist in your directory because they previously accepted sharing invitations or because they were manually added.
Reference:
https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off
NEW QUESTION 117
You have a Microsoft 365 subscription that contains a Microsoft Azure Directory (Azure AD) tenant Contoso.com. The tenant includes a user named user1.
You enable Azure AD Identity protection.
You need to ensure that User1 can review the list in Azure AD identity protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?
- A. Security administrator
- B. Global reader
- C. Owner
- D. Report
Answer: A
NEW QUESTION 118
......
BEST Verified Microsoft MS-100 Exam Questions (2023) : https://itexambus.passleadervce.com/Microsoft-365/reliable-MS-100-exam-learning-guide.html