MS-100 : Microsoft 365 Identity and Services : Part 02

  1. Your company’s Microsoft Azure Active Directory (Azure AD) tenant includes four users. Two of the users are configured with the Global administrator, Password administrator roles respectively. A third user has both the Security administrator and the Guest inviter roles configured. The fourth user has no roles configured.

    Which of the following is the user that has the necessary permissions to alter the password protection policy? (Choose all that apply.)

    • The user with the Global administrator role.
    • The user with the Password administrator role.
    • The user with the Security administrator and Guest inviter roles.
    • The user with no roles.
  2. Your company’s Microsoft Azure Active Directory (Azure AD) tenant includes four users. Two of the users are configured with the Global administrator, Password administrator roles respectively. A third user has both the Security administrator and the Guest inviter roles configured. The fourth user has no roles configured.

    Which of the following is the user that has the necessary permissions to create guest users? (Choose all that apply.)

    • The user with the Global administrator role.
    • The user with the Password administrator role.
    • The user with the Security administrator and Guest inviter roles.
    • The user with no roles.
  3. You have been tasked with enable Microsoft Azure Information Protection for your company’s Microsoft 365 subscription.

    You are informed that only the members of a group, named Group1, are able to protect content. To achieve your goal, you plan to run a PowerShell cmdlet.

    Which of the following is the cmdlet you should run?

    • The Add-AadrmRoleBaseAdministrator cmdlet.
    • The Set-AadrmDoNotTrackUserGroup cmdlet.
    • The Clear-AadrmSuperUserGroup cmdlet.
    • The Set-AadrmOnboardingControlPolicy cmdlet.
  4. Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.

    Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.

    Solution: You configure the use of password hash synchronization only.

    Does the solution meet the goal?

    • Yes
    • No
  5. Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.

    Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.

    Solution: You configure the use of pass-through authentication only.

    Does the solution meet the goal?

    • Yes
    • No
  6. Your company has acquired Microsoft 365 for their Active Directory domain, which includes five domain controllers.

    Prior to implementing a number of Microsoft 365 services, you are tasked with making use of an authentication solution that allows users to access Microsoft 365 by using their on-premises credentials. The solution should also only make use of the current server infrastructure. Furthermore, must allow for all user passwords to only be stored on-premises, and be highly available.

    Solution: You configure the use of pass-through authentication and seamless SSO.

    Does the solution meet the goal?

    • Yes
    • No
  7. Your company has a Microsoft Azure Active Directory (Azure AD) tenant with multi-factor authentication enabled.

    You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON.

    A tenant user has submitted a fraud alert for his account.

    Which of the following is the length of time that the user’s account will automatically be blocked for?

    • 24 hours
    • 90 days
    • 1 month
    • 1 week
  8. Your company has a Microsoft Azure Active Directory (Azure AD) tenant with multi-factor authentication enabled.

    You have also configured the Allow users to submit fraud alerts, and the Block user when fraud is reported settings to ON.

    A tenant user has submitted a fraud alert for his account. After receiving an alert call, the user needs to enter a special code followed by #.

    Which of the following is default special code?

    • 0
    • 9
    • 0000
    • 1234
  9. Your company has a Microsoft Office 365 subscription with a number of Microsoft SharePoint Online sites.

    Currently, users are able to invite external users to access files on the SharePoint sites. You are tasked with making sure that users are only able to authenticated guest users to the SharePoint sites.

    Which of the following actions should you take?

    • You should create a threat management policy via the Security & Compliance admin center.
    • You should run the Set-SPOSite cmdlet.
    • You should run the Add-SPOUser cmdlet.
    • You should modify the sharing settings via the SharePoint admin center.
  10. Your company has a Microsoft 365 subscription.

    You have been tasked with configuring external collaboration settings for your company’s Microsoft Azure Active Directory (Azure AD) tenant.

    You want to make sure that authorized users are able to create guest users in the tenant.

    Which of the following actions should you take?

    Which setting should you modify?

    • You should make sure that the Guests can invite setting is set to NO.
    • You should make sure that the Guest users permissions are limited setting is set to Yes.
    • You should make sure that the Members can invite setting is set to NO.
    • You should make sure that the Admins and users in the guest inviter role can invite setting is set to Yes.
  11. After acquiring a Microsoft 365 subscription, you configure the use of Microsoft Azure Multi-Factor Authentication (MFA) for all users in the Azure Active Directory (Azure AD) tenant.

    You want to produce a report that includes all the users who finished the Azure MFA registration process. You want to make use of an Azure Cloud Shell cmdlet.

    Which of the following is the cmdlet you should use?

    • Get-AzureADUser
    • Get-MsolUser
    • New-AzureADMSInvitation
    • Set-MsolUserPrincipalName
  12. You need to consider the underlined segment to establish whether it is accurate.

    You have recently configured a conditional access policy to force mobile device users to use multi-factor authentication when accessing Microsoft SharePoint.

    To check who used multi-factor authentication to authenticate, you view the Usage reports from Azure Active Directory admin center.

    Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

    • No adjustment required
    • user sign-ins
    • event logs
    • audit logs
  13. Your company has an Enterprise E5 subscription of Microsoft 365.

    You have been tasked with making sure that sales department users are compelled to make use of multi-factor authentication for all cloud-based applications.

    Which of the following actions should you take?

    • You should create an DLP.
    • You should create a new app registration.
    • You should create a session policy.
    • You should create a sign-in risk policy.
  14. Your company has a Microsoft 365 subscription.

    After implementing Active Directory Federation Services (AD FS), you are instructed to configure AD FS user authentication auditing.

    You are preparing to run the Register-AzureADConnectHealthSyncAgent cmdlet.

    Which of the following is the server that the cmdlet should be run from?

    NOTE: Each correct selection is worth one point.

    • A member server.
    • A domain controller.
    • An Azure AD Connect server.
    • An AD FS server.
  15. You need to consider the underlined segment to establish whether it is accurate.

    Your company has deployed a Microsoft 365 tenant and to implemented multi-factor authentication.

    They have four offices, of which one houses the R&D department. You have been asked to make sure that multi-factor authentication is compulsory only for users in the office houses the R&D department.

    You create a conditional access policy.

    Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

    • No adjustment required
    • password protection
    • DLP
    • label
  16. Your company has configured all user email to be stored in Microsoft Exchange Online.

    You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.

    Solution: You start by creating a spam filter policy via the Security & Compliance admin center.

    Does the solution meet the goal?

    • Yes
    • No
  17. Your company has configured all user email to be stored in Microsoft Exchange Online.

    You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.

    Solution: You start by initiating a message trace via the Security & Compliance admin center.

    Does the solution meet the goal?

    • Yes
    • No
  18. Your company has configured all user email to be stored in Microsoft Exchange Online.

    You have been tasked with keeping a duplicate of all the email messages from a specified user that includes a specific word.

    Solution: You start by creating a label and label policy via the Security & Compliance admin center.

    Does the solution meet the goal?

    • Yes
    • No
  19. Your company has a Microsoft 365 subscription.

    You have previously created a group that includes users who send email messages to external users on a regular basis. The group’s manager would like to group wants to examine messages that include attachments at random.

    You are required to make sure that the manager can achieve his goal, but only make ten out of a hundred messages accessible to him.

    You need to provide the manager with the ability to review messages that contain attachments sent from the Support group users to external users. The manager must have access to only 10 percent of the messages.

    Which of the following should you create?

    • A label policy.
    • A conditional access policy.
    • A DLP policy.
    • A supervisor policy.
  20. You need to consider the underlined segment to establish whether it is accurate.

    Your company has recently acquired a new sales application.

    You navigate to the Discovered apps page in Cloud Discovery via Microsoft Cloud App Security to check the application’s score. You then notice that a number of the applications have a low score as a result of omitted domain registration and consumer popularity data.

    You want to make sure that the score is not affected by the omitted data.

    You have to configure app tags via the Cloud Discover settings

    Select “No adjustment required” if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.

    What should you configure from the?

    • No adjustment required
    • a label
    • App Connector flow
    • a custom key
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments