Changing the Concept of MS-100 Exam Preparation 2024
Getting MS-100 Certification Made Easy! Get professional help from our MS-100 Dumps PDF
Microsoft MS-100 (Microsoft 365 Identity and Services) certification exam is designed for IT professionals who are responsible for managing Microsoft 365 services and identities. Microsoft 365 Identity and Services certification exam assesses the candidate's knowledge and skills in implementing Microsoft 365 services, managing user identity and roles, managing access and authentication, and implementing Microsoft 365 security and threat management.
NEW QUESTION # 235
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a live environment. While most functionality will be available to you as it would be in a live environment, some functionality (e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn't matter how you accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you are able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign in box and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password:oL9z0=?Nq@ox
If the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser tab.
The following information is for technical support purposes only:
Lab Instance:11098651
You need to ensure that all the users in your organization are prompted to change their password every 180 days.
To answer the question, sign in to the Microsoft 365 portal.
Answer:
Explanation:
See explanation below.
Explanation
You need to configure the Password Expiration Policy.
1. Sign in to the Microsoft 365 Admin Center.
2. In the left navigation pane, expand the Settings section then select the Settings option.
3. Click on Security and Privacy.
4. Select the Password Expiration Policy.
5. Ensure that the checkbox labelled "Set user passwords to expire after a number of days" is ticked.
6. Enter 180 in the "Days before passwords expire" field.
7. Click the 'Save changes' button.
NEW QUESTION # 236
You recently migrated your on-premises email solution to Microsoft Exchange Online and are evaluating which licenses to purchase.
You want the members of two groups named IT and Managers to be able to use the features shown in the following table.
The IT group contains 50 users. The Managers group contains 200 users.
You need to recommend which licenses must be purchased for the planned solution. The solution must minimize licensing costs.
Which licenses should you recommend?
- A. 200 Microsoft 365 E3 and 50 Microsoft 365 E5
- B. 250 Microsoft 365 E3 only
- C. 250 Microsoft 365 E5 only
- D. 50 Microsoft 365 E 3 and 200 Microsoft 365 E5
Answer: A
Explanation:
Explanation
Microsoft Azure Active Directory Privileged Identity Management requires an Azure AD Premium P2 license.
This license comes as part of the Microsoft 365 E5 license. Therefore, we need 50 Microsoft 365 E5 licenses for the IT group.
Conditional Access requires the Azure AD Premium P1 license. This comes as part of the Microsoft E3 license. Therefore, we need 200 Microsoft 365 E3 licenses for the Managers group.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requiremen
NEW QUESTION # 237
Your company has a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
You sign up for Microsoft Store for Business.
The tenant contains the users shown in the following table.
Microsoft Store for Business has the following Shopping behavior settings:
* Allow users to shop is set to On.
* Make everyone a Basic Purchaser is set to Off.
You need to identify which users can install apps from the Microsoft for Business private store.
Which users should you identify?
- A. User1 only
- B. user1, User2, User3, User4, and User5
- C. User1 and User2 only
- D. User1, User2, User3, and User4 only
- E. User3 and User4 only
Answer: C
Explanation:
Explanation
Allow users to shop controls the shopping experience in Microsoft Store for Education. When this setting is on, Purchasers and Basic Purchasers can purchase products and services from Microsoft Store for Education.
References:
https://docs.microsoft.com/en-us/microsoft-store/acquire-apps-microsoft-store-for-business
NEW QUESTION # 238
Your company uses Gmail as a corporate email solution.
You purchase a Microsoft 365 subscription and plan to move all email data to Microsoft Exchange Online.
You plan to perform the migration by using the Exchange admin center.
You need to recommend which type of migration to use and which type of data to migrate.
What should you recommend? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/exchange/mailbox-migration/migrating-imap-mailboxes/migrate-g-suite-mailboxes
NEW QUESTION # 239
You have a Microsoft SharePoint Online site and an on-premises file server.
The site contains the files shown in the following table.
The file server contains the files shown in the following table.
You migrate D:\Folder1 and D:\Folder2 to the Documents library by using the SharePoint Migration Tool as shown in the following exhibit.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 240
Your network contains an on-premises Active Directory domain named adatum.com that syncs to Azure Active Directory (Azure AD) by using the Azure AD Connect Express Settings. Password writeback is disabled.
You create a user named User1 and enter Pass in the Password field as shown in the following exhibit.
The Azure AD password policy is configured as shown in the following exhibit.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-express
NEW QUESTION # 241
You have a Microsoft Azure Active Directory (Azure AD) tenant.
Your company implements Windows Information Protection (WIP).
You need to modify which users and applications are affected by WIP.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Microsoft Intune has an easy way to create and deploy a Windows Information Protection (WIP) policy. You can choose which apps to protect, the level of protection, and how to find enterprise data on the network. The devices can be fully managed by Mobile Device Management (MDM), or managed by Mobile Application Management (MAM), where Intune manages only the apps on a user's personal device.
The MAM User scope determines which users are affected by WIP. App protection policies are used to configure which applications are affected by WIP.
Reference:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/crea
NEW QUESTION # 242
You have a new Microsoft 365 subscription.
A user named User1 has a mailbox in Microsoft Exchange Online.
You need to log any changes to the mailbox folder permissions of User1.
Which command should you run? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://support.microsoft.com/en-us/help/4026501/office-auditing-in-office-365-for-admins
https://docs.microsoft.com/en-us/powershell/module/exchange/mailboxes/set-mailbox?view=exchange-ps
NEW QUESTION # 243
You have a Microsoft 365 subscription you use Active Directory (Azure AD) tenant named contoso.com. The tenant contains the Windows 10 devices shown in the following table.
All the devices are managed by using Microsoft Endpoint Manager and are members of a group named Group1.
From the Microsoft Endpoint Manager admin center, you create an app suite named App1 for Microsoft Office
365 apps.
You configure the App1 settings as shown in the exhibit. (Click the Exhibit tab.)
You assign App1 to Group1.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
Note: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Box 1: No
Device1 is x86 (32-bit) so Office 365 will not be installed.
Box 2: Yes
Device2 is x64 (64-bit) so Office 365 will be installed. The German language pack will be installed and the OS language pack (English) will be installed.
Box 3: Yes
Device2 is x64 (64-bit) so Office 365 will be installed. The German language pack will be installed and the OS language pack (French) will be installed.
Reference:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-add-office365
NEW QUESTION # 244
You have a DNS zone named contoso.com that contains the following records.
You purchase a Microsoft 365 subscription.
You plan to migrate mailboxes to Microsoft Exchange Online.
You need to configure Sender Policy Framework (SPF) to support Exchange Online.
What should you do?
- A. Modify the expire interval of the SOA record.
- B. Modify the default TTL of the SOA record.
- C. Modify the TXT record.
- D. Add an additional TXT record.
Answer: C
Explanation:
Section: [none]
Explanation/Reference:
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-spf-in-office-365-to-help- prevent-spoofing?view=o365-worldwide#next-steps-after-you-set-up-spf-for-office-365
NEW QUESTION # 245
A user receives the following message when attempting to sign in to https://myapps.microsoft.com:
"Your sign-in was blocked. We've detected something unusual about this sign-in. For example, you might be signing in from a new location, device, or app. Before you can continue, we need to verify your identity.
Please contact your admin."
Which configuration prevents the users from signing in?
- A. Microsoft Azure Active Directory (Azure AD) conditional access policies
- B. Security & Compliance supervision policies
- C. Security & Compliance data loss prevention (DLP) policies
- D. Microsoft Azure Active Directory (Azure AD) Identity Protection policies
Answer: A
Explanation:
Explanation
The user is being blocked due to a 'risky sign-in'. This can be caused by the user logging in from a device that hasn't been used to sign in before or from an unknown location.
Integration with Azure AD Identity Protection allows Conditional Access policies to identify risky sign-in behavior. Policies can then force users to perform password changes or multi-factor authentication to reduce their risk level or be blocked from access until an administrator takes manual action.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview
NEW QUESTION # 246
Your company has a Microsoft 365 subscription.
You need to identify which users performed the following privileged administration tasks:
Deleted a folder from the second-stage Recycle Bin if Microsoft SharePoint Opened a mailbox of which the user was not the owner Reset a user password What should you use?
- A. Security & Compliance content search
- B. Microsoft Azure Active Directory (Azure AD) audit logs
- C. Microsoft Azure Active Directory (Azure AD) sign-ins
- D. Security & Compliance audit log search
Answer: B
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-logs-overview
NEW QUESTION # 247
Your network contains an on-premises Active Directory domain. The domain contains a server named Server1. Server1 has a share named Share1 that contains the files shown in the following table.
You have a hybrid deployment of Microsoft 365.
You create a Microsoft SharePoint site collection named Col lection1.
You plan to migrate Share1 to a document library in Collection1
You configure the SharePoint Migration Tool as shown in the exhibit. (Click the Exhibit tab.) For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
References:
https://docs.microsoft.com/en-us/sharepointmigration/spmt-settings
NEW QUESTION # 248
Your company has a Microsoft 365 subscription that contains the following domains:
Contoso.onmicrosoft.com
Contoso.com
You plan to add the following domains to Microsoft 365 and to use them with Exchange Online:
Sub1.contoso.onmicrosoft.com
Sub2.contoso.com
Fabrikam.com
You need to identify the minimum number of DNS records that must be added for Exchange Online to receive inbound email messages for the three domains.
How many DNS records should you add? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
NEW QUESTION # 249
You have retention policies in Microsoft 365 as shown in the following table.
Policy1 is configured as shown in the Policy1 exhibit. (Click the Policy1 tab.) Policy1
Policy1 is configured as shown in the Policy2 exhibit. (Click the Policy2 tab.) Policy2
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/retention-policies#the-principles-of-retention-or-what-takes-precedence
NEW QUESTION # 250
From the Microsoft Azure Active Directory (Azure AD) Identity Protection dashboard, you view the risk events shown in the exhibit. (Click the Exhibit tab.)
You need to reduce the likelihood that the sign-ins are identified as risky.
What should you do?
- A. From the Security & Compliance admin center, create a classification label.
- B. From the Security & Compliance admin center, add the users to the Security Readers role group.
- C. From the Azure Active Directory admin center, configure the trusted IPs for multi-factor authentication.
- D. From the Conditional access blade in the Azure Active Directory admin center, create named locations.
Answer: D
Explanation:
Explanation
A named location can be configured as a trusted location. Typically, trusted locations are network areas that are controlled by your IT department. In addition to Conditional Access, trusted named locations are also used by Azure Identity Protection and Azure AD security reports to reduce false positives for risky sign-ins.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
NEW QUESTION # 251
You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.
You enable self-service password reset for all users. You set Number of methods required to reset to 1, and you set Methods available to users to Security questions only.
What information must be configured for each user before the user can perform a self-service password reset? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy#administrator-password-policy-differences
NEW QUESTION # 252
You have a Microsoft 365 subscription.
You need to implement Windows Defender Advanced Threat Protection (ATP) for all the supported devices enrolled devices enrolled on mobile device management (MDM).
What should you include in the device configuration profile? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
You can integrate Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) with Microsoft Intune as a Mobile Threat Defense solution. Integration can help you prevent security breaches and limit the impact of breaches within an organization. Microsoft Defender ATP works with devices that run Windows 10 or later.
When you establish a connection from Intune to Microsoft Defender ATP, Intune receives a Microsoft Defender ATP onboarding configuration package from Microsoft Defender ATP. This package is deployed to devices by using a device configuration profile.
Reference:
https://docs.microsoft.com/en-us/intune/advanced-threat-protection
NEW QUESTION # 253
Your company has offices in several cities and 100.000 users.
The network contains an Active Directory domain contoso.com.
You purchase Microsoft 365 and plan to deploy several Microsoft 365 services.
You are evaluating the implementation of pass-through authentication and seamless SSO. Azure AD Connect will NOT be in staging mode.
You need to identify the redundancy limits for the planned implementation.
What should you identify? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
NEW QUESTION # 254
You have a Microsoft 365 subscription.
You need to provide an administrator named Admin1 with the ability to place holds on mailboxes, SharePoint Online sites, and OneDrive for Business locations. The solution must use the principle of least privilege.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
Reference:
https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-cent
NEW QUESTION # 255
You need to meet the technical requirements for the user licenses.
Which two properties should you configure for each user? To answer, select the appropriate properties in the answer area.
NOTE: Each correct selection is worth one point.
Answer:
Explanation:
Explanation
All new users must be assigned Office 365 licenses automatically.
To enable Microsoft 365 license assignment, the users must have a username. This is also the UPN. The users must also have a Usage Location.
NEW QUESTION # 256
Your network contains an Active Directory forest named local.
You have a Microsoft 365 subscription. You plan to implement a directory synchronization solution that will use password hash synchronization.
From the Microsoft 365 admin center, you verify the contoso.com domain name. You need to prepare the environment foe the planned directory synchronization solution.
What should you do first?
- A. From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.
- B. From the Microsoft 365 admin center, verify the contoso.com domain name.
- C. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix
- D. From Active Directory Users and Computers, modify the UPN suffix for all users.
Answer: C
Explanation:
The on-premise Active Directory domain is named contoso.local. Therefore, all the domain users accounts will have a UPN suffix of contoso.local by default.
To enable directory synchronization that will use password hash synchronization, you need to configure the domain user accounts to have the same UPN suffix as the verified domain (contoso.com in this case). Before you can change the UPN suffix of the domain user accounts to contoso.com, you need to add contoso.com as a UPN suffix in the domain.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-userprincipalname
NEW QUESTION # 257
......
Schedule exam
Languages: English, Japanese
Retirement date: none
This exam measures your ability to accomplish the following technical tasks: design and implement Microsoft 365 services; manage user identity and roles; manage access and authentication; and plan Office 365 workloads and applications.
MS-100 Exam Crack Test Engine Dumps Training With 431 Questions: https://www.testvalid.com/MS-100-exam-collection.html
Obtain the MS-100 PDF Dumps Get 100% Outcomes Exam Questions For You To Pass: https://drive.google.com/open?id=16vU68SitfFYsuYFb6v4UdlakpdsPWsaC