MS-100 practice questions
You need to consider the underlined segment to establish whether it is accurate. Your company has deployed a Microsoft 365 tenant and to implemented multi-factor authentication. They have four offices, of which one houses the R&D department. You have been asked to make sure that multi-factor authentication is compulsory only for users in the office houses the R&D department. You create a conditional access policy. Select `No adjustment required` if the underlined segment is accurate. If the underlined segment is inaccurate, select the accurate option.
A. No adjustment required
B. password protection
C. DLP
D. label
Discussion forum
Question
You have a Microsoft 365 subscription that contains an Azure Active Directory (Azure AD) tenant named contoso.com. Corporate policy states that user passwords must not include the word Contoso. What should you do to implement the corporate policy?
A. From the Azure Active Directory admin center, configure the Password protection settings.
B. From the Microsoft 365 admin center, configure the Password policy settings.
C. From Azure AD Identity Protection, configure a sign-in risk policy.
D. From the Azure Active Directory admin center, create a conditional access policy.
Discussion forum
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains: ✑ Contoso.com ✑ East.contoso.com An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant. You deploy a new domain named west.contoso.com to the forest. You need to ensure that west.contoso.com syncs to the Azure AD tenant. Solution: You create an Azure DNS zone for west.contoso.com. On the on-premises DNS servers, you create a conditional forwarder for west.contoso.com. Does this meet the goal?
A. Yes
B. No
Discussion forum
Question
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1. You enable Azure AD Identity Protection. You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege. To which role should you add User1?
A. Compliance administrator
B. Global administrator
C. Owner
D. Security administrator
Discussion forum
Question
Your company has 10,000 users who access all applications from an on-premises data center. You plan to create a Microsoft 365 subscription and to migrate data to the cloud. You plan to implement directory synchronization. User accounts and group accounts must sync to Microsoft Azure Active Directory (Azure AD) successfully. You discover that several user accounts fail to sync to Azure AD. You need to resolve the issue as quickly as possible. What should you do?
A. From Active Directory Administrative Center, search for all the users, and then modify the properties of the user accounts
. B. Run idfix.exe, and then click Complete.
C. From Windows PowerShell, run the Start-AdSyncCycle ג€”PolicyType Delta command.
D. Run idfix.exe, and then click Edit.
Discussion forum
Question
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 100 user accounts. The city attribute for all the users is set to the city where the user resides. You need to modify the value of the city attribute to the three-letter airport code of each city. What should you do?
A. From Active Directory Administrative Center, select the Active Directory users, and then modify the Properties settings.
B. From the Microsoft 365 admin center, select the users, and then use the Bulk actions option.
C. From Azure Cloud Shell, run the Get-MsolUser and Set-MSOluser cmdlets.
D. From Windows PowerShell on a domain controller, run the Get-AzureADUser and Set-AzureADUser cmdlets.
Discussion forum
Question
Your network contains an on-premises Active Directory forest. You are evaluating the implementation of Microsoft 365 and the deployment of an authentication strategy. You need to recommend an authentication strategy that meets the following requirements: ✑ Allows users to sign in by using smart card-based certificates ✑ Allows users to connect to on-premises and Microsoft 365 services by using SSO Which authentication strategy should you recommend?
A. password hash synchronization and seamless SSO
B. federation with Active Directory Federation Services (AD FS)
C. pass-through authentication and seamless SSO
Discussion forum
Question
Your network contains an Active Directory domain and a Microsoft Azure Active Directory (Azure AD) tenant. The network uses a firewall that contains a list of allowed outbound domains. You begin to implement directory synchronization. You discover that the firewall configuration contains only the following domain names in the list of allowed domains: ✑ *.microsoft.com *.office.com Directory synchronization fails. You need to ensure that directory synchronization completes successfully. What is the best approach to achieve the goal? More than one answer choice may achieve the goal. Select the BEST answer.
A. From the firewall, allow the IP address range of the Azure data center for outbound communication.
B. From Azure AD Connect, modify the Customize synchronization options task.
C. Deploy an Azure AD Connect sync server in staging mode.
D. From the firewall, create a list of allowed inbound domains.
E. From the firewall, modify the list of allowed outbound domains.
Discussion forum
Question
Your network contains an Active Directory forest named contoso.local. You have a Microsoft 365 subscription. You plan to implement a directory synchronization solution that will use password hash synchronization. From the Microsoft 365 admin center, you successfully verify the contoso.com domain name. You need to prepare the environment for the planned directory synchronization solution. What should you do first?
A. From the public DNS zone of contoso.com, add a new mail exchanger (MX) record.
B. From Active Directory Domains and Trusts, add contoso.com as a UPN suffix.
C. From the Microsoft 365 admin center, verify the contoso.local domain name.
D. From Active Directory Users and Computers, modify the UPN suffix for all users.
Discussion forum
Question
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains a Microsoft Exchange Server 2019 organization. You plan to sync the domain to Azure Active Directory (Azure AD) and to enable device writeback and group writeback. You need to identify which group types will sync from Azure AD. Which two group types should you identify? Each correct answer presents part of the solution. NOTE: Each correct selection is worth one point.
A. an Office 365 group that uses the Assigned membership type
B. a security group that uses the Dynamic Device membership type
C. an Office 365 group that uses the Dynamic User membership type
D. a security group that uses the Assigned membership type
E. a security group that uses the Dynamic User membership type
Discussion forum
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your network contains an on-premises Active Directory forest named contoso.com. The forest contains the following domains: ✑ Contoso.com ✑ East.contoso.com An Azure AD Connect server is deployed to contoso.com. Azure AD Connect syncs to an Azure Active Directory (Azure AD) tenant. You deploy a new domain named west.contoso.com to the forest. You need to ensure that west.contoso.com syncs to the Azure AD tenant. Solution: From the Azure AD Connect server in contoso.com, you return the setup wizard and include the west.contoso.com domain. Does this meet the goal?
A. Yes
B. No
Discussion forum
Question
Your network contains an Active Directory domain named adatum.com that is synced to Microsoft Azure Active Directory (Azure AD). The domain contains 100 user accounts. The city attribute for all the users is set to the city where the user resides. You need to modify the value of the city attribute to the three-letter airport code of each city. What should you do?
A. From Azure Cloud Shell, run the Get-AzureADUser and Set-AzureADUser cmdlets.
B. From Azure Cloud Shell, run the Get-ADUser and Set-ADUser cmdlets.
C. From Windows PowerShell on a domain controller, run the Get-ADUser and Set-ADUser cmdlets.
D. From Azure Cloud Shell, run the Get-MsolUser and Set-MSOluser cmdlets.
Discussion forum
Question
Your network contains three Active Directory forests. You create a Microsoft Azure Active Directory (Azure AD) tenant. You plan to sync the on-premises Active Directory to Azure AD. You need to recommend a synchronization solution. The solution must ensure that the synchronization can complete successfully and as quickly as possible if a single server fails. What should you include in the recommendation?
A. three Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
B. one Azure AD Connect sync server and one Azure AD Connect sync server in staging mode
C. three Azure AD Connect sync servers and one Azure AD Connect sync server in staging mode
D. six Azure AD Connect sync servers and three Azure AD Connect sync servers in staging mode
Discussion forum
Question
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1. You enable Azure AD Identity Protection. You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege. To which role should you add User1?
A. Security reader
B. User administrator
C. Owner
D. Global administrator
Discussion forum
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has 3,000 users. All the users are assigned Microsoft 365 E3 licenses. Some users are assigned licenses for all Microsoft 365 services. Other users are assigned licenses for only certain Microsoft 365 services. You need to determine whether a user named User1 is licensed for Exchange Online only. Solution: You launch the Azure portal, and then review the Licenses blade. Does this meet the goal?
A. Yes
B. No
Discussion forum
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen. Your company has 3,000 users. All the users are assigned Microsoft 365 E3 licenses. Some users are assigned licenses for all Microsoft 365 services. Other users are assigned licenses for only certain Microsoft 365 services. You need to determine whether a user named User1 is licensed for Exchange Online only. Solution: You run the Get-MsolAccountSku cmdlet. Does this meet the goal?
A. Yes
B. No
Discussion forum
Question