Follow Fulldumps.com for future MS-100 updates.
2022 Lead4Pass MS-100 dumps update with PDF and VCE: https://www.leads4pass.com/ms-100.html (367 Q&A)
Newly shared Microsoft MS-100 exam learning preparation program! Get the latest MS-100 exam exercise questions and exam dumps pdf for free! 100% pass the exam to select
the full Microsoft MS-100 dumps: https://www.leads4pass.com/ms-100.html the link to get VCE or PDF. All exam questions are updated!
Exam MS-100: Microsoft 365 Identity and Services – website: https://docs.microsoft.com/en-us/learn/certifications/exams/ms-100
Lead4pass offers the latest Microsoft MS-100 PDF Google Drive
[Latest updates] Free Microsoft MS-100 dumps pdf download from Google Drive: https://docs.microsoft.com/en-us/learn/certifications/exams/ms-100
Allexamalert Exam Table of Contents:
- Microsoft MS-100 Practice testing questions from Youtube
- latest updated Microsoft MS-100 exam questions and answers
- Lead4Pass Microsoft Discount code 2021
- About lead4pass
Microsoft MS-100 Practice testing questions from Youtube
latest updated Microsoft MS-100 exam questions and answers
QUESTION 1
HOTSPOT
Your network contains an Active Directory domain named fabrikam.com. The domain contains the objects shown in the
following table.
You are configuring synchronization between fabrikam.com and a Microsoft Azure Active Directory (Azure AD) tenant.
You configure the Domain/OU Filtering settings in Azure AD Connect as shown in the Domain/OU Filtering exhibit.
(Click the Domain/OU Filtering tab.)
You configure the Filtering settings in Azure AD Connect as shown in the Filtering exhibit. (Click the Filtering tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
Box 1: No
The filtering is configured to synchronize Group2 and OU2 only. The effect of this is that only members of Group2 who
are in OU2 will be synchronized.
User2 is in Group2. However, the User2 account object is in OU1 so User2 will not synchronize to Azure AD.
Box 2: Yes
Group2 is in OU2 so Group2 will synchronize to Azure AD. However, only members of the group who are in OU2 will
synchronize. Members of Group2 who are in OU1 will not synchronize.
Box 3: Yes
User3 is in Group2 and in OU2. Therefore, User3 will synchronize to Azure AD.
References:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#group-basedfiltering
QUESTION 2
Your company has a Microsoft 365 tenant.
You plan to allow users from the engineering department to enroll their mobile device in mobile device management
(MDM).
The device type restrictions are configured as shown in the following table.
The device limit restrictions are configured as shown in the following table.
What is the effective configuration for the members of the Engineering group? To answer, select the appropriate options
in the answer area. NOTE: Each correct selection is worth one point.
Hot Area:
Correct Answer:
When multiple policies are applied to groups that users are a member of, only the highest priority (lowest number) policy
applies.
In this case, the Engineering users are assigned two device type policies (the default policy and the priority 2 policy).
The priority 2 policy has a higher priority than the default policy so the Engineers’ allowed platform is Android only.
The engineers have two device limit restrictions policies applied to them. The priority1 policy is a higher priority than the
priority2 policy so the priority1 policy device limit (15) applies.
Reference:
https://docs.microsoft.com/en-us/intune/enrollment/enrollment-restrictions-set
QUESTION 3
You have a Microsoft 365 subscription.
You add a domain named contoso.com.
When you attempt to verify the domain, you are prompted to send a verification email to [email protected].
You need to change the email address used to verify the domain.
What should you do?
A. From the domain registrar, modify the contact information of the domain
B. Add a TXT record to the DNS zone of the domain
C. Modify the NS records for the domain
D. From the Microsoft 365 admin center, change the global administrator of the Microsoft 365 subscription
Correct Answer: A
The email address that is used to verify that you own the domain is the email address listed with the domain registrar for
the registered contact for the domain.
Reference: https://docs.microsoft.com/en-us/microsoft-365/admin/setup/add-domain?view=o365-worldwide
QUESTION 4
Your company has a Microsoft Azure Active Directory (Azure AD) directory tenant named contoso.onmicrosoft.com.
All users have client computers that run Windows 10 Pro and are joined to Azure AD.
The company purchases a Microsoft 365 E3 subscription.
You need to upgrade all the computers to Windows 10 Enterprise. The solution must minimize administrative effort.
You assign licenses from the Microsoft 365 admin center.
What should you do next?
A. Add a custom domain name to the subscription.
B. Deploy Windows 10 Enterprise by using Windows Autopilot.
C. Create a provisioning package and then deploy the package to all the computers.
D. Instruct all the users to log off of their computer, and then to log in again.
Correct Answer: B
With Windows Autopilot the user can set up pre-configure devices without the need to consult their IT administrator.
Reference: https://docs.microsoft.com/en-us/windows/deployment/windows-10-deployment-scenarios
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot
QUESTION 5
Your network contains an Active Directory domain named contoso.com. The domain contains the file servers shown in
the following table.
A file named File1.abc is stored on Server1. A file named File2.abc is stored on Server2. Three apps named App1,
App2, and App3 all open files that have the .abc file extension. You implement Windows Information Protection (WIP) by
using the following configurations:
1.
Exempt apps: App2
2.
Protected apps: App1
3.
Windows Information Protection mode: Block
4.
Network boundary: IPv4 range of 192.168.1.1-192.168.1.255
You need to identify the apps from which you can open File1.abc
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: Yes.
App1 is a protected app in the Windows Information Protection policy. File1 is stored on Server1 which is in the Network
Boundary defined in the policy. Therefore, you can open File1 in App1.
Box 2: Yes.
App2 is exempt from the Windows Information Protection policy. The protection mode in the policy is blocked so all apps that
are not included in the policy cannot be used to open the file… except for exempt apps. Therefore, you can open File1 in
App2.
Box 3: No.
The protection mode in the policy is blocked so all apps that are not included in the policy as protected apps or listed as
exempt from the policy cannot be used to open the file. Therefore, you cannot open the File from in App3.
References:
https://docs.microsoft.com/en-us/windows/security/information-protection/windows-information-protection/create-wippolicy-using-intune-azure
QUESTION 6
You have a Microsoft 365 tenant that contains Microsoft Exchange Online.
You plan to enable calendar sharing with a partner organization named adatum.com. The partner organization also has
a Microsoft 365 tenant.
You need to ensure that the calendar of every user is available to the users in adatum.com immediately.
What should you do?
A. From the Exchange admin center, create a sharing policy.
B. From the Exchange admin center, create a new organization relationship.
C. From the Microsoft 365 admin center, modify the Organization profile settings.
D. From the Microsoft 365 admin center, configure external site sharing.
Correct Answer: B
You need to set up an organizational relationship to share calendar information with an external business partner. Office
365 admins can set up an organization relationship with another Office 365 organization or with an Exchange on-premises organization.
Reference: https://docs.microsoft.com/en-us/exchange/sharing/organization-relationships/create-an-organizationrelationship
QUESTION 7
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your company plans to deploy several Microsoft Office 365 services.
You need to design an authentication strategy for the planned deployment. The solution must meet the following
requirements:
1.
Users must be able to authenticate during business hours only.
2.
Authentication requests must be processed successfully if a single server fails.
3.
When the password for an on-premises user account expires, the new password must be enforced the next time the
user signs in.
4.
Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must
be signed in automatically.
Solution: You design an authentication strategy that uses federation authentication by using Active Directory Federation
Services (AD FS). The solution contains two AD FS servers and two Web Application Proxies.
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
This solution meets the following requirements:
1.
Users must be able to authenticate during business hours only.
2.
Authentication requests must be processed successfully if a single server fails.
3.
When the password for an on-premises user account expires, the new password must be enforced the next time the
user signs in.
The following requirement is not met:
Users who connect to Office 365 services from domain-joined devices that are connected to the internal network must
be signed in automatically.
To meet this requirement, you would need to configure a seamless Single Sign-on (SSO)
Reference:
https://docs.microsoft.com/en-us/azure/security/azure-ad-choose-authn
QUESTION 8
Your network contains an on-premises Active Directory domain named contoso.com that is synced to a Microsoft Azure
Active Directory (Azure AD) tenant.
The on-premises network contains a file server named Server1. Server1 has a share named Share1 that contains
company documents.
Your company purchases a Microsoft 365 subscription.
You plan to migrate data from Share1 to Microsoft 365. Only data that was created or modified during the last three
months will be migrated.
You need to identify all the files in Share1 that were modified or created during the last 90 days.
What should you use?
A. Server Manager
B. Microsoft SharePoint Migration Tool
C. Resource Monitor
D. Usage reports from the Microsoft 365 admin center
Correct Answer: B
You can use the Microsoft SharePoint Migration Tool to migrate files from a file server to SharePoint Online.
The Microsoft SharePoint Migration Tool has a number of filters you can use to define which files will be migrated. One
filter setting is “Migrate files modified after”. This setting will only migrate files modified after the selected date. The first
phase of migration is to perform a scan of the source files to create a manifest of the files that will be migrated. You
can use this manifest to identify all the files in Share1 that were modified or created during the last 90 days.
References:
https://docs.microsoft.com/en-us/sharepointmigration/spmt-settings
QUESTION 9
SIMULATION
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few
minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a
live environment. While most functionality will be available to you as it would be in a live environment, some
functionality
(e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn\\’t matters how you
accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as
much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you
are
able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to
the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign inbox and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: *yfLo7Ir2andyIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser
tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization recently implemented a new data retention policy. The policy requires that all files stored in an
employee\\’s Microsoft OneDrive folders be retained for 60 days after the employee is terminated from the organization.
The human resources (HR) department of the organization deletes the user accounts of all terminated employees.
You need to ensure that the organization meets the requirements of the data retention policy.
A. See below.
Correct Answer: A
You need to configure the OneDrive retention period for deleted users.
1.
Go to the OneDrive admin center.
2.
Select Storage.
3.
Set the “Days to retain files in OneDrive after a user account is marked for deletion” option to 60.
4.
Click Save to save the changes.
References: https://docs.microsoft.com/bs-latn-ba/onedrive/set-retention
QUESTION 10
SIMULATION
Please wait while the virtual machine loads. Once loaded, you may proceed to the lab section. This may take a few
minutes, and the wait time will not be deducted from your overall test time.
When the Next button is available, click it to access the lab section. In this section, you will perform a set of tasks in a
live environment. While most functionality will be available to you as it would be in a live environment, some
functionality
(e.g., copy and paste, ability to navigate to external websites) will not be possible by design.
Scoring is based on the outcome of performing the tasks stated in the lab. In other words, it doesn\\’t matters how you
accomplish the task, if you successfully perform it, you will earn credit for that task.
Labs are not timed separately, and this exam may have more than one lab that you must complete. You can use as
much time as you would like to complete each lab. But, you should manage your time appropriately to ensure that you
are
able to complete the lab(s) and all other sections of the exam in the time provided.
Please note that once you submit your work by clicking the Next button within a lab, you will NOT be able to return to
the lab.
You may now click next to proceed to the lab.
Lab information
Use the following login credentials as needed:
To enter your username, place your cursor in the Sign inbox and click on the username below.
To enter your password, place your cursor in the Enter password box and click on the password below.
Microsoft 365 Username:
[email protected]
Microsoft 365 Password: *yfLo7Ir2andyIf the Microsoft 365 portal does not load successfully in the browser, press CTRL-K to reload the portal in a new browser
tab.
The following information is for technical support purposes only:
Lab Instance: 10811525
Your organization plans to open an office in New York, and then to add 100 users to the office. The city attribute for all
new users will be New York.
You need to ensure that all the new users in the New York office are licensed for Microsoft Office 365 automatically.
A. See below.
Correct Answer: A
You need to create a dynamic group based on the city attribute. You then need to assign a license to the group. User
accounts with the city attribute set to ‘New York’ will automatically be added to the group. Anyone who is added to the
group will automatically be assigned the license that is assigned to the group.
1.
Go to the Azure Active Directory admin center.
2.
Select Azure Active Directory then select Groups.
3.
Click on the New Group link.
4.
Give the group a name such as New York Users.
5.
Select Users as the membership type.
6.
Select ‘Add dynamic query’.
7.
Select ‘City’ in the Property drop-down box.
8.
Select ‘Equals’ in the Operator drop-down box.
9.
Enter ‘New York’ as the Value. You should see the following text in the Expression box: user. city -eq “New York”
10.
Click Save to create the group.
11.
In the Groups list, select the new group to open the properties page for the group.
12.
Select ‘Licenses’.
13.
Select the ‘+ Assignments’ link.
14.
Tick the box to select the license.
15.
Click the Save button to save the changes.
References: https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/licensing-groups-assign
QUESTION 11
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users
shown in the following table.
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the on-premises Active Directory domain, you assign User2 the Allow log on locally user right. You
instruct User2 to sign in as [email protected].
Does this meet the goal?
A. Yes
B. No
Correct Answer: B
This is not a permissions issue.
The on-premises Active Directory domain is named contoso.com. To enable users to sign on using a different UPN
(different domain), you need to add the domain to Microsoft 365 as a custom domain.
QUESTION 12
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains
a unique solution that might meet the stated goals. Some question sets might have more than one correct solution,
while
others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not
appear in the review screen.
Your network contains an on-premises Active Directory domain named contoso.com. The domain contains the users
shown in the following table.
The domain syncs to an Azure Active Directory (Azure AD) tenant named contoso.com as shown in the exhibit.
User2 fails to authenticate to Azure AD when signing in as [email protected].
You need to ensure that User2 can access the resources in Azure AD.
Solution: From the on-premises Active Directory domain, you set the UPN suffix for User2 to @contoso.com. You
instruct User2 to sign in as [email protected].
Does this meet the goal?
A. Yes
B. No
Correct Answer: A
The on-premises Active Directory domain is named contoso.com. You can enable users to sign on using a different
UPN (different domain), by adding the domain to Microsoft 365 as a custom domain. Alternatively, you can configure the
user account to use the existing domain (contoso.com).
QUESTION 13
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that contains 10,000 users.
The company has a Microsoft 365 subscription.
You enable Azure Multi-Factor Authentication (MFA) for all the users in contoso.com.
You run the following query.
search “SigninLogs” | where ResultDescription == “User did not pass the MFA challenge.”
The query returns blank results.
You need to ensure that the query returns the expected results.
What should you do?
A. From the Azure Active Directory admin center, configure the diagnostics settings to archive logs to an Azure Storage
account.
B. From the Security and Compliance admin center, turn on auditing.
C. From the Security and Compliance admin center, enable Office 365 Analytics.
D. From the Azure Active Directory admin center, configure the diagnostics settings to send logs to an Azure Log
Analytics workplace.
Correct Answer: D
You can now send audit logs to Azure Log Analytics. This gives you much easier reporting on audit events and the
ability to perform queries such as the one in this question.
References: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-logs-withlog-analytics
Lead4Pass Microsoft Discount code 2021
Lead4pass shares the latest Microsoft exam Discount code “Microsoft“. Enter the Discount code to get a 15% Discount!
About lead4pass
Lead4Pass has 8 years of exam experience! A number of professional Microsoft exam experts! Update exam questions throughout the year! The most complete exam questions and answers! The safest buying experience! The greatest free sharing of exam practice questions and answers!
Our goal is to help more people pass the Microsoft exam! Exams are a part of life, but they are important!
In the study, you need to sum up the study! Trust Lead4Pass to help you pass the exam 100%!
Summarize:
Allexamalert free to share Microsoft MS-100 exam exercise questions, MS-100 pdf, MS-100 exam video! Lead4pass updated exam questions and answers throughout the year!
Make sure you pass the exam successfully. Select lead4Pass MS-100 to pass Microsoft MS-100 exam “Microsoft 365 Identity and Services certification dumps“.
ps.
Latest update Lead4pass MS-100 exam dumps: https://www.leads4pass.com/ms-100.html (277 Q&As)
[Latest updates] Free Microsoft MS-100 Dumps pdf download from Google Drive: https://docs.microsoft.com/en-us/learn/certifications/exams/ms-100